Looking for the latest lists of security incidents? Take a look at our complete breakdown of data breaches and cyber attacks on our new page.

Welcome to our April 2023 list of data breaches and cyber attacks. Our research identified 120 publicly disclosed incidents during the month, accounting for 4,353,257 breached records.

You can find the full list of data breaches and cyber attacks below, along with our rundown of the biggest incidents of the month.

Meanwhile, if you enjoy this sort of cyber security news, be sure to subscribe to our Weekly Round-up to receive the latest stories straight to your inbox.

Cyber attacks

• Shields Health Care Group announces security breach amid cyber attack (2,380,483)
• NCB Management breach affected former Bank of America credit card holders (494,969)
• Kodi confirms security breach as user records and private messages are stolen (400,635)
• Santa Clara Family Health Plan notifies individuals affected by data breach (276,993)
• 90 Degree Benefits announces security breach (181,543)
• Queensway Carleton Hospital suffers third-party software breach (100,000)
• Florida Medical Clinic notifies patients of recent security breach (94,132)
• Huntington Ingalls Industries files official notice of security breach (43,643)
• United Steelworkers Local 286 Notifies members of recent security breach (37,000)
• Unlimited Care files notice of security breach affecting employees (29,000)
• Brightline, Inc. announces third-party breach (27,742)
• HawaiiUSA Federal Credit Union confirms recent security breach (20,000)
• Tasmanian education department documents leaked online (16,000)
• La Clinica de La Raza says email accounts were breached in cyber attack (15,316)
• Robeson Health Care Corporation reports security breach (15,000)
• Woodward Communications files notice of security breach (12,467)
• Harrington Raceway announces security breach leaking personal information (12,000)
• Investigation underway into cyber attack affecting four charities for sexual assault survivors (1,000)
• TIC Hosting Solutions customer data leaked (300)
• Western Digital says hackers stole data in ‘network security’ breach (unknown)
• Cyber attack downs major Israeli university websites (unknown)
• Crossbow firm Killer Instinct discloses credit card breach (unknown)
• UK’s Criminal Records Office confirms that ongoing delays caused by criminal hackers (unknown)
• Winnipeg’s Thermea spa discloses security breach (unknown)
• Lending protocol Sentiment recovers funds after cyber attack (unknown)
• Aspire Public Schools reveals 2022 security breach (unknown)
• Rochester Public Schools in Minnesota says classes cancelled amid cyber attack (unknown)
• Proskauer Rose cyber attack left sensitive client data unguarded (unknown)
• Sarah D. Culbertson Memorial Hospital working to recover from cyber security incident (unknown)
• Rogers Communications data allegedly sold on a hacker forum (unknown)
• NZZ has to shut down the newspaper production system after a cyber attack (unknown)
• Southern California’s San Bernardino County Sheriff’s Department said it experienced a “network disruption” (unknown)
• Elmbrook School District breach exposed personal information about former and current employees (unknown)
• Big Pharma-partnered Evotec on high alert after cyber attack takes systems offline (unknown)
• The Palmeiras Club of Brazil was the target of a cyber attack (unknown)
• Stroud Area Regional Police Department notification of data security incident (unknown)
• SD Worx forced to pause operations following cyber attack (unknown)
• The law firm Uber gave sensitive driver data to for legal representation got hacked (unknown)
• Ongoing issues at Cornwall Community Hospital from “cyber incident” (unknown)
• Webster Bank reports third-party security breach at Guardian Analytics (unknown)
• University of Hawaii Maui College announces recent security breach (unknown)
• Accounting firm Rubino & Company files official notice of security breach (unknown)
• University of the People notifies students of security breach following unauthorised SharePoint access (unknown)
• Oklahoma City University notifies students and employees of cyber attack (unknown)
• Kimco Realty Corporation notifies current and former employees of recent cyber attack (unknown)
• Prescott College files notice of recent security breach leaking student information (unknown)
• Bryant Bank files notice of security breach that leaked an unknown number of SSNs (unknown)
• NationsBenefits Holding announces third-party security breach following Fortra cyber attack (unknown)
• Cornerstone Home Lending files notice of security breach after cyber security incident at third-party vendor (unknown)
• Accounting firm Harding, Shymanski & Company announces security breach following wave of fraudulent tax returns (unknown)
• Elk Grove Unified School District investigating after employees report issues filing taxes in suspected phishing scam (unknown)
• SD Worx halts UK payroll, HR services after cyber attack (unknown)
• Cyber attack at Plymouth school tells students they are expelled (unknown)
• Albertsons Companies says data was stolen in malware attack (unknown)
• IMA Financial Group notifies those affected by 2022 security incident (unknown)
• Sun Pharmaceutical Industries suffers a “data security incident” (unknown)
• One Brooklyn Health reports leaked patient and employee information following security breach (unknown)
• Amnesty International Australia suffered a security breach last year, but says everything is now fine (unknown)
• United HealthCare reports a data breach that may have revealed the customer’s personal information (unknown)
• Nashua School District dealing with ‘sophisticated’ cyber attack (unknown)

If you’re facing a cyber security disaster, IT Governance is here to help. Our Cyber Incident Response service provides the help you need to deal with the threat, as our experts guide you through the recovery process.

They’ll review the breach, mitigate the damage and ensure that you are up and running again as soon as possible.

Ransomware

• 7×7 Dental Implant & Oral Surgery alleged victim of Abyss ransomware group (63,557)
• Retina & Vitreous of Texas notifies patients of ransomware attack but doesn’t call it one (35,766)
• Ransomware gang pledges to undo damage after attacking Cameron Memorial Community Hospital in Indiana (unknown)
• Alabama’s Jefferson County School system victim of ransomware (unknown)
• Employee and patient files from Montgomery General Hospital leaked by ransomware group (unknown)
• UnitedLex hit by d0nut ransomware team, 200 GB of corporate files leaked (unknown)
• Illinois’s Olympia CUSD 16 hit by ransomware gang (unknown)
• Taiwanese PC parts maker MSI falls victim to ransomware (unknown)
• Ransomware attack at NJ County Police Department locks up criminal investigative files (unknown)
• PharMerica and BrightSpring Health Services hit by ransomware (unknown)
• Chilean IT multinational SONDA reportedly struck with ransomware (unknown)
• Capita admits that its ‘cyber incident’ was ransomware and that customer data was breached (unknown)
• Point32Health suffers ransomware attack (unknown)
• Rochester Public Schools reintroduce technology following cyber attack (unknown)
• Cementos Bío-Bío attacked by ransomware gang (unknown)
• Mexico’s National Water Commission hit by ransomware (unknown)
• Yum! Brands notifies consumers of data breach following ransomware attack (unknown)
• CommScope Holding Company experiences ransomware attack (unknown)
• Associates in Dermatology announces data breach stemming from ransomware attack at VPN Solutions (unknown)
• Nine US healthcare firms embroiled in GoAnywhere breach (unknown)
• Kenya’s Naivas supermarket’s system hacked, data stolen (unknown)
• Yellow Pages Canada confirms cyber attack as Black Basta leaks data (unknown)
• Cyber attack disrupts Lowell city government in suspected ransomware attack (unknown)
• Ransomware attack reported in Spartanburg County, South Carolina (unknown)
• Hardenhuish School in Chippenham hit by ransomware attack (unknown)
• Data from charities stolen in ransomware attack (unknown)
• Albany ENT & Allergy Services hit by ransomware (unknown)
• Emmanuel College, Boston, working to recover from ransomware attack (unknown)
• Banco de Venezuela hit by ransomware (unknown)
• Ransomware gang targets Valid Certificadora Digital (unknown)

Data breaches

• Service NSW breach exposes personal data affecting thousands of customers (3,700)
• TAFE South Australia has revealed a data breach (2,224)
• Tesla workers shared sensitive images recorded by customer cars (unknown)
• Alcohol recovery startups Monument and Tempest shared patients’ private data with advertisers (unknown)
• Mastodon vulnerability exposes sensitive information (unknown)
• Throne fixes security bug that exposed creators’ private home addresses (unknown)
• John Muir Health – Walnut Creek Medical Center experiences data breach following unauthorised disclosure of patient information (unknown)
• Sensitive medical notes found dumped in Telford by jogger (unknown)
• McLaren Greater Lansing Hospital accused of leaving patient medical records in decommissioned hospital (unknown)
• Vulnerability in Salesforce Community causing widespread data leaks (unknown)
• Diocese of Las Vegas reports cyber security breach (unknown)
• Missouri government learns that website leaking residents’ personal data (unknown)

Malicious insiders and miscellaneous incidents

• Campbellford Memorial Hospital employee makes ‘unauthorized’ access to patient records (3,500)
• School principal resigns after writing $100,000 check to Elon Musk impersonator (unknown)