Top data breaches of 2025 (Complete List)

16 Aug 2025

Top data breaches of 2025

Data breaches have catastrophic consequences for individuals and businesses alike. 2024 saw some of the biggest data breaches that have severely impacted organizations.

 

Over a billion people had their data compromised, with businesses losing millions of dollars, weeks, and months of time in resuming their daily operations.

 

A few days into 2025, we have already seen some severely damaging data breaches. Let us have a look at them.

 

The following are some of the top data breaches of 2025:

Data Breaches in December 2025

Victim: Sevier County

About

The Sevier County Emergency Management Agency offers protection against all kinds of natural and manmade hazards to the county residents. It offers multiple services for preparedness, response, mitigation, and recovery for all kinds of hazards.

 

Industry

Public sector

 

What happened?

Sevier County Emergency Management Agency announced that it is moving to the new CodeRED Emergency Alert System after its legacy system suffered a data breach.

 

Impact

The data breach compromised the data of its users enrolled in the system, including email addresses, passwords, and phone numbers.

Source

Victim: Buncombe County

About

Buncombe County offers multiple services to inform citizens on multiple aspects, from investment options to recent news.

 

Industry

Public sector

 

What happened?

A cyberattack on the county’s third-party vendor compromised citizens’ information and disrupted its emergency alerting system.

 

Impact

The cyber attack compromised the personal information of users, including names, email addresses, passwords, and phone numbers.

Source

Victim: French Football Federation

About

The French Football Federation is a regulatory authority of football in France. It is a member of FIFA and UEFA and is responsible for regulating and overseeing football for professionals and amateurs.

 

Industry

Sports

 

What happened?

The FFF got targeted by a cyber attack that involved the exploitation of weaknesses in the software used for the administrative management of data for registered members.

 

Impact

The cyber attack compromised data belonging to all the registered members. The nature of the data exposed is still under investigation.

Source

Victim: London Council

About

Kensington and Chelsea London Borough Council is a local authority in Greater London, England. It has several functions defined under the London Government Act 1963, like offering social services, libraries, and ensuring environmental health.

 

Industry

Public sector

 

What happened?

The Kensington and Chelsea and Westminster Council discovered that they were hit by a cyber attack that might have affected their systems and data.

 

Impact

The nature and quantity of data stolen are still under investigation.

Source

Victim: Barts Health NHS Trust

About

Barts Health is one of the top healthcare providers in England. It is also one of the largest NHS-based trusts that runs five hospitals in London.

 

Industry

Healthcare

 

What happened?

Barts Health NHS Trust announced that it became a victim of a cyber attack carried out by the Cl0p ransomware group.

 

Impact

The attack has compromised several years of invoice data including names and addresses of people who paid for Barts Health’s services.

Source


Victim: SoundCloud

About

SoundCloud is a Germany-based audio streaming service provider that enables its users to share audio and listen to shared audio. It is one of the largest global music streaming services.

 

Industry

Audio streaming service

 

What happened?

SoundCloud detected an unauthorized activity in its service dashboard that allowed threat actors to access its users’ data.

 

Impact

The data breach compromised its users’ data, including their email addresses and their profile-related information.

Source

Victim: Zilvia.net

About

Zilvia.net is one of the oldest online forums for Nissan S-Chassis 240SX, 180SX, Silvia owners and enthusiasts who seek tips for their personal projects, buying parts, and other interests.

 

Industry

Media

 

What happened?

Zilvia.net reported that in December 2025, an unauthorized actor gained access to their forum’s data and published it online.

 

Impact

The forum has been permanently shut down, and the account-related information of its members has been compromised, including their usernames, IP addresses, MD5 password hashes, and email addresses.

Source


Victim: Petroleos de Venezuela (PDVSA)

About

Petroleos de Venezuela is an oil and natural gas company that is owned by the state. It is the fifth-largest oil exporter in Venezuela, specializing in exploration, refining, and production of natural gas.

 

Industry

Oil and gas

 

What happened?

Petroleos de Venezuela was targeted by a cyber attack that caused disruption in its operations. The company has reported that the attack has impacted its administrative systems.

 

Impact

The attack caused disruption in its operation nationwide, with a majority of the company’s systems going offline.

Source


Victim: University of Sydney

About

The University of Sydney is one of the oldest universities in Australia spanning eight faculties and schools and known for educating eight of Australia’s prime ministers.

 

Industry

Public sector

 

What happened?

The university discovered that hackers gained access to the university’s online coding repository and stole staff and student-related information.

 

Impact

The data has compromised the personal data of 27000 staff and students, including their names, addresses, job details,and phone numbers.

Source


Victim: City of Westminster

About

The City of Westminster is a London councils that offers multiple services to its citizens inlcuding payment of utility bills, traffic citations, information on street sweeping schedules, and construction updates.

 

Industry

Public sector

 

What happened?

London Councils that shared IT services operations got data breached . An unauthorized actor infiltrated IT systems and stole data belonging to the City of Westminster.

 

Impact

The cyber attack has compromised sensitive personal information and caused disruption in IT systems and phone lines.

Source


Victim: French Interior Ministry

About

The French Intererior Ministry is responsible for internal security and territorial administration.

 

Industry

Public sector

 

What happened?

The Ministry of Interior discovered unauthorized access to its sensitive files after which it tightened access controls and security protocols.

 

Impact

An investigation is underway to determine whether the attacker stole any sensitive and personal files.

Source

Victim: Goldman Sachs Group

About

Goldman Sachs Group is a New York-based firm that specializes in securities, investment banking, and asset & wealth management.

 

Industry

Financial services

 

What happened?

On Dec 19th, Goldman Sachs reported that it became a victim of a cybersecurity incident via a breach at one of its law firms.

 

Impact

The data compromised in the breach includes sensitive personal information of clients related to their alternative investment funds. It could include their names, financial information, and other personal information.

Source

Victim: NHS England

About

The NHS is a publicly funded healthcare system based in England. It is the second-largest healthcare system in the world that is primarily government-funded. It offers healthcare services to all the legal UK residents.

 

Industry

Public sector

 

What happened?

On December 14th, 2025, NHS discovered that a security incident had affected its office servers. A ransomware group called DevMan claimed responsibility for the breach.

 

Impact

The data compromised in the data breach includes 300 GB of data. The nature of the data compromised is under investigation.

Source


Victim: Asiana airlines

About

Asiana Airlines Inc. is a South Korea-based airline that operates in more than 90 international routes across Asia, Europe, and North America.

 

Industry

Airlines

 

What happened?

Asiana Airlines discovered unauthorized access from overseas servers to its internal servers.

 

Impact

The cyber attack compromised the data of the company’s 10,000 employees, including email addresses, phone numbers, employee identification numbers, job titles, and names.

Source


Victim: Bernalillo County

About

The Bernalillo County offers multiple services to its residents, including property tax information, clerk information, assessor information, and planning, zoning & building related information.

 

Industry

Public sector

 

What happened?

The Bernalillo County warned its residents in December that its data had been compromised in a data breach.

 

Impact

The data that was compromised in the cyber attack is currently under investigation and has not been disclosed publicly yet.

Source


Victim: Wired

About

Wired is a popular magazine that is focused on emerging technologies, politics, and the economy. It is one of the most popular technology magazines.

 

Industry

Publishing

 

What happened?

Conde Nast, a publisher for the Wired magazine became a victim of a cyber attack that compromised the data of Wired magazine’s users.

 

Impact

The data breach has compromised the data of 2.3 million subscribers, including email address, birth date, addresses, first name, last name, and unique internal ID

Source

Data Breaches in November 2025

Victim: Nobu restaurant

About

Nobu is a Japanese restaurant that was founded in 1994 by chef Nobu Matsuhina, actor Robert De Niro, restaurateur Drew Nieporent, and investor Meir Taper. It is known for its Japanese-Peruvian cuisine with more than fifty outlets worldwide.

 

Industry

Hospitality

 

What happened?

The restaurant was targeted by the Akira ransomware gang. Through the attack, the gang has stolen and threatened to publish sensitive and personal information of employees and owners, including information belonging to Robert De Niro.

 

Impact

The attack compromised 71 GB of sensitive and confidential information, including personal information such as corporate documents, passports, driver’s licenses, and Social Security Numbers (SSN).

Source

Victim: Habib Bank

About

Habib is a Switzerland-based bank that operates in multiple countries, including Kenya, South Africa, the UK, and the UAE, with over seven thousand employees and five hundred offices across the globe.

 

Industry

Banking

 

What happened?

On November 5th, the Qilin ransomware gang listed Habib Bank on its website, claiming to steal its data belonging to the bank’s customers.

 

Impact

The ransomware attack has compromised 2.5 terrabytes of data (approximately two million files) belonging to the bank’s customers, including their passport numbers, bank account balances, transaction-related information, and the source code of internal tools used by the bank.

Source

Victim: Kiss FM

About

KISS FM is one of the biggest radio stations in Spain, with over a million listeners across the country. It is owned by Mediaset España, a media group that is a subsidiary of MediaForEurope, which is a company owned by the Berlusconi family.

 

Industry

Broadcasting

 

What happened?

Rhysida ransomware gang attacked KISS FM, threatening to publish its data unless the ransom of three bitcoins was paid.

 

Impact

The data breach has compromised data (approximately 2 million files), including KISS FM’s internal documents, including correspondence between KISS FM and Spain’s Ministry for Digital Transformation, and information related to contracts and technical infrastructure details, audience rating, and programme performance data.

Source

Victim: US Congressional Budget Office

About

The US Congressional Budget Office serves as a critical federal agency that offers analysis and budget & economic information for Congress. It has over 200 employees with headquarters in Washington, DC.

 

Industry

Public sector/Government

 

What happened?

According to security experts, a hacker gained unauthorized access to the US Congressional Budget Office’s network and accessed its sensitive data.

 

Impact

The nature of the data compromised is under investigation by security experts who speculate that the attack could expose confidential internal communications, draft reports, and economic forecasts.

Source

Victim: Washington Post

About

The Washington Post is one of the oldest newspaper publishers in America, known among readers who are looking for political reporting. It operates globally through 21 foreign bureaus across Hong Kong, Rome, Tokyo, and Baghdad, and has over 2.5 million subscribers digitally.

 

Industry

Media

 

What happened?

TWP revealed that it experienced a data breach where a threat actor gained access to its Oracle environment.

 

Impact

The data breach has exposed personal and financial data of 10000 of its employees and contractors.

Source


Victim: Globallogic

About

Global Logic is a digital engineering services provider that is a part of the Hitachi Group Company. It offers a range of services, including software product engineering, technology modernization, and intelligence engineering services.

 

Industry

Software and product development

 

What happened?

GlobalLogic notified its employees that attackers exploited a zero-day vulnerability in Oracle EBS to steal information.

 

Impact

The data breach has compromised the personal information of 10,471 employees, including their names, addresses, phone numbers, and emergency contact details.

Source

Victim: Beverly Hills Oncology Medical Group

About

Beverly Hills Oncology Medical Group is a healthcare services group that specializes in Hematology Oncology, Radiation Oncology, and Nursing services.

 

Industry

Healthcare

 

What happened?

The group discovered unauthorized access to its network and launched an investigation in collaboration with external experts.

 

Impact

The data breach has compromised personal and financial information of its patients, including their Social Security Numbers, Financial account numbers, debit card information, health insurance policy information, diagnosis, prescription, and other information.

Source


Victim: Knownsec – a Chinese infosec company

About

Knownsec Information Technology Co., Ltd. is a China-based information security company that offers a range of cybersecurity services. It is known for its reputation and ties with the Chinese government.

 

Industry

Cybersecurity

 

What happened?

On November 2, Knownsec was breached, exposing confidential information belonging to the Chinese government.

 

Impact

The data breach compromised 12,000 classified files, including information regarding Knownsec’s advanced malware infrastructure, advanced hardware-based attack tools, sophisticated Android attack code, and other state-sponsored cyber programs.

Source


Victim: Danish Government

About

The Danish Government’s website offers multiple digital services to its citizens, including information on multiple government initiatives and press releases, whereas the Danish Defense website showcases information about its army and special forces.

 

Industry

Public sector

 

What happened?

On November 13th, the Danish government and Danish Armed Forces websites became targeted by a cyber attack by state-sponsored attackers.

 

Impact

The DDoS attack disrupted access to several websites belonging to the Danish government, including the Ministry of Transport, the Defense group Terma, and the public sector portal Borger.dk.

Source


Victim: DoorDash

About

DoorDash is a food delivery company that is based in the United States. It is one 0opf teh largewst food delivery and grocery platforms in the country.

 

Industry

Food delivery

 

What happened?

DoorDash discovered that attackers had infiltrated their defenses and stolen information belonging to its customers in late October.

 

Impact

The information compromised in the data breach includes names, addresses, email addresses, and phone numbers.

Source


Victim: Telangana High Court Website

About

The Telangana High Court website offers a range of services to the citizens, from accessing case-related information, judgment status, to sitting arrangements, to recent news.

 

Industry

Public sector

 

What happened?

On November 10, the Telangana High Court identified that it had been targeted by a cyber attack that could expose sensitive information.

 

Impact

The data breach has compromised over 570 GB of Nintendo’s company data, including its sensitive production-related assets, backup data, and its developer files.

Source

Victim: Logitech

About

Logitech is a Switzerland-based electronics company known for the manufacturing and selling of hardware and software solutions for gaming, collaboration, and work across Europe, Asia, and the rest of the world.

 

Industry

Electronics

 

What happened?

Logitech reported that attackers from the Cl0P ransomware group got access to its system through the exploitation of vulnerabilities in their Oracle environment and stole data belonging to its employees and consumers.

 

Impact

The data breach compromised 1.8 TB of data. Experts are currently investigating what data has been stolen.

Source


Victim: US Embassy in Somalia e-visa system

About

Somalia’s e-visa system is a system introduced by the Federal Government of Somalia that offers travelers a convenient online service to submit and check the status of their visa application.

 

Industry

Public sector

 

What happened?

On November 11, cybercriminals gained unauthorized access to Somaila’s e-visa system, stealing personal information belonging to travelers.

 

Impact

The data breach compromised the personal information of 35000 people, including their photos, names, email addresses, home addresses, and DOB.

Source


Victim: Checkout.com

About

Checkout Ltd. is a UK-based company that offers payment processing services for industries including e-commerce, media, and technology.

 

Industry

Public sector

 

What happened?

Checkout.com was targeted by the ransomware group ShinyHunters. The attackers gained access to documents stored in their third-party cloud system.

 

Impact

The data breach compromised sensitive information, including internal records and merchant records belonging to 25% of its merchants.

Source


Victim: Princeton University

About

Princeton University is one of the world’s oldest Ivy League universities, based in New Jersey, United States. It has more than 45 doctoral departments and programs, 71 certificate programs, and over 500 student organizations.

 

Industry

Education

 

What happened?

On November 10, cybercriminals breached Princeton’s digital defenses, gaining access to sensitive information regarding its fundraising and alumni engagement activities.

 

Impact

The data breach has compromised information belonging to the university alumni, their spouses, partners, widows, & widowers, parents, faculty/staff, and its current students.

Source


Victim: Eurofiber

About

Eurofiber is a French telecom company that offers high-quality fiber optic connections to over 12000 locations across Europe, including the Netherlands, Belgium, France, and Germany.

 

Industry

Telecommunications

 

What happened?

On November 13th, Eurofiber became a victim of a cyber attack where cybercriminals exploited a vulnerability in its ticket management platform and stole the data.

 

Impact

The attack affected its cloud division and brands Netiwan, FullSave, and Avelia. It has compromised data of 10000 B2B clients, comprising internal communications, administrative access details, sensitive operational elements, SSH private keys, cloud setup files, source codes, and VPN configurations. It has also compromised sensitive information belonging to government ministries, financial institutions, and major telecom companies.

Source


Victim: Jennings O’Donovan

About

Jennings O’Donovan is an engineering consulting firm based in Ireland that specializes in renewable energy, water treatment, and environmental planning.

 

Industry

Engineering

 

What happened?

The company became a victim of a cyber attack in which the attackers gained unauthorized access to its IT systems.

 

Impact

The data compromised is under investigation. The agency notified that the cybercriminals may have accessed personal data of owners, including their contact details, photos of their homes, and addresses.

Source


Victim: Gainsight

About

Gainsight is a California-based solutions provider that is known for its customer success platform that helps businesses unify their post-sales customer journey with AI insights.

 

Industry

Software

 

What happened?

Salesforce identified unauthorized access to customers’ data through the Gainsight application that is installed and managed directly by the customer. ShinyHunterz ransomware group has claimed responsibility for the breach.

 

Impact

Data from over 200 companies has been compromised by the data breach. The nature of the data compromised is under investigation.

Source

Victim: Iberia

About

Iberia is a Madrid-based airline company that was founded in 1927. Apart from passenger and freight transport, it also offers flight maintenance, airport handling, and catering services. It operates in more than 39 countries and 90 destinations.

 

Industry

Airlines

 

What happened?

Iberia discovered that its supplier’s systems were compromised, leading to unauthorized access to its customer information.

 

Impact

Around 77GB of the company’s data was compromised, including customers’ first names, surnames, email addresses, and loyalty card-specific details.

Source


Victim: Department of the Interior and Local Government

About

The Department of the Interior and Local Government is a Philippine government executive department that promotes peace & order and ensures public safety.

 

Industry

Public sector

 

What happened?

DILG discovered that their internal systems were breached by cybercriminals. It immediately activated its security protocols and commenced an investigation of the data breach. A hacktivist collective called HappyGoLuckyPH infiltrated their intranet and exfiltrated data.

 

Impact

The data breach compromised 400 GB of confidential government data.

Source


Victim: IKAD engineering

About

IKAD Engineering is an Australia-based engineering company that offers machining, fabrication, and surface treatment services to industries like mining, water technology, defense, and other industries.

 

Industry

Engineerings

 

What happened?

A ransomware group claimed that it stole 800 GB of confidential information from IKAD Engineering’s systems.

 

Impact

The compromised data includes sensitive information, including manufacturing designs, financial information, employee records, and private defense contracts related information.

Source


Victim: Situs AMC

About

SitusAMC is a backend service provider that focuses on real estate lenders and investors. It has over 25 offices, more than 4000 employees, and over 1500 clients worldwide.

 

Industry

Backend services

 

What happened?

On November 12th, SitusAMC discovered that it had become a victim of a cyber attack where cybercriminals stole its customer data.

 

Impact

The corporate data compromised in the incident includes accounting records and legal agreements belonging to some of its clients, including JPMorgan Chase, Citi, and Morgan Stanley.

Source


Victim: Adda.io

About

Adda.io is an Indian software company known for its platform for housing society and community management, widely used by independent gated houses, apartments, and villas.

 

Industry

Software

 

What happened?

Cybersecurity experts discovered that data belonging to Adda.io users was circulated in a data breach forum on November 23rd.

 

Impact

The data compromised contains personal information of over 1.86 million people, including their government-issued IDs, first and last names, phone numbers, passwords, and email addresses.

Source


Victim: WEL Companies

About

WEL Companies Ltd. is a Wisconsin-based family-owned logistics and warehousing company that was founded in 1975. It operates throughout the United States via 500 trucks and 800 trailers.

 

Industry

Logistics

 

What happened?

WEL Companies found on November 12 that personal information stored in its systems was stolen in an unauthorized activity detected in its network on 31st January 2025.

 

Impact

The data compromised includes Social Security numbers, state IDs, and driver’s licenses belonging to Maine’s residents.

Source

Victim: Netmarble

About

Netmarble is a South Korean game development and publishing company. It is known for its mobile game titles, like Seven Knights and Lineage 2.

 

Industry

Video game

 

What happened?

The company reported that on 22nd November, it discovered a hacking incident involving unauthorized access to its customers’ personal data.

 

Impact

Data belonging to 6,110,000 people has been compromised, including their names, birthdates, and encrypted passwords. 31 million IDs, 66000 PC café franchise owner names, IDs, email addresses, and company addresses, and 17000 employee records have also been compromised.

Source


Victim: OpenAI

About

OpenAI is an artificial intelligence company that was founded in 2015 in California, known globally for its GenAI-based chatbot ChatGPT.

 

Industry

Artificial Intelligence

 

What happened?

On November 9, Mixpanel, which offers data analytics services to OpenAI, had its data breached, exposing sensitive information belonging to OpenAI’s customers.

 

Impact

The data breach compromised information, including names provided for API accounts, email addresses associated with API, location-related details of users, operating system & browser-related information, referred websites, and user IDs associated with API accounts.

Source


Victim: Truenorth Corporation

About

Truenorth Corporation is a key IT services provider for Puerto Rico government agencies. It specializes in technology and software solutions, offering process automation and cloud solutions.

 

Industry

IT services

 

What happened?

On November 25th, Truenorth Corporation detected a ransomware attack that compromised systems used by ASES, Education, and CFSE. The compromised credentials for a privileged vendor account were used to carry out the attack.

 

Impact

The cyber attack caused disruption in three major agencies – the Department of Education, the State Insurance Fund Corporation, and the Puerto Rico Health Insurance Administration.

Source


Victim: Coupang

About

Coupang is a South Korean online retail company. It is the largest online retailer offering delivery services for e-commerce, grocery, and other digital services, including streaming and digital payments.

 

Industry

E-commerce

 

What happened?

Coupang reported that it became a victim of a data breach, which compromised the data of its users. It is one of the largest data breaches in the history of Korea.

 

Impact

The data breach compromised personal information of 33.7 million users, including their names, information in delivery address books, email addresses, street addresses, and phone numbers.

Source

Victim: Fieldtex

About

Fieldtex Products is a provider of first-aid supply fulfillment and contract sewing services. It is a private company that is based in Rochester, New York.

 

Industry

Medical supply

 

What happened?

The Akira ransomware group targeted Fieldtex and stole its data by gaining access to its systems.

 

Impact

The data breach has compromised 14 GB of the company’s data, including their employee, customer, and financial information related files.

Source

Victim: Vitas Healthcare

About

Vitas Healthcare is a healthcare provider specializing in end-of-life care in the United States. It operates 58 programs across 15 states with more than 12000 employees.

 

Industry

Healthcare

 

What happened?

Vitas Healthcare reported on November 21 that they discovered unauthorized access to their systems, causing compromise of the vendor account and theft of patient information.

 

Impact

The data breach compromised personal information of 319177 former and current patients, including their names, phone numbers, datesofbirth, SSNs, insurance information, and contact information.

Source

Victim: International Kiteboarding Organization

About

The International Kiteboarding Organization is a provider of a platform for kiters to get kiteboarding lessons, get instructor certification, and track skills. It is the largest governing body for kiteboarding with over 600000 active kiters.

 

Industry

Sports

 

What happened?

IKO discovered that a hacker had posted a sensitive database of its users for sale on a data breach forum.

 

Impact

The data breach has compromised 340000 records containing personal infroamtion of users including names, user IDs, physical location, insurance deta, email addresses, timestamps, and GPS position.

Source

Data Breaches in October 2025

Victim: Renault and Dacia

About

Renault is one of the largest global automobile manufacturers from France, known for its cars and vans. Dacia was acquired by Renault in 1999 after over 33 years of operation.

 

Industry

Automobile

 

What happened?

Renault and Dacia discovered that their third-party service provider had been data breached, affecting the data of their customers.

 

Impact

The breach has compromised data, including personal data of both companies’ customers, including their first name, email address, postal address, phone numbers, genders, and vehicle identification and registration numbers.

Source

Victim: Shamir Medical Center

About

Shamir Medical Center is an Israeli government hospital that serves more than 1 million people. It is the fourth largest hospital in the country with more than 900 beds.

 

Industry

Healthcare

 

What happened?

Shamir Medical Center was targeted by the Qilin ransomware group, which accessed the entire IT system and stole sensitive patient data.

 

Impact

The ransomware attack compromised 8 TB of sensitive confidential data, including patient records, sensitive operational information, and internal communication.

Source

Victim: Discord

About

Discord is a California-based company known for its social platform that offers voice calling, video calling, text messaging, and media sharing features. 

 

Industry

Software

 

What happened?

On 3rd October, Discord reported that it discovered a cybersecurity incident involving unauthorized access to the systems of its third-party customer service provider.

 

Impact

The data breach has compromised the data of users, including their names, usernames, contact details, billing information (last four digits of credit card), IP addresses, and corporate data.

Source

Victim: Red Hat

About

Red Hat is a North Carolina-based software company known for its open source software solutions for enterprises, specifically enterprise operating systems. It was acquired by IBM in 2018.

 

Industry

Software

 

What happened?

Red Hat detected unauthorized access to its GitLab instance that is used for internal collaboration. Through an investigation, the company discovered that the attackers had gained access to some of its data from the instance.

 

Impact

That data breach has compromised the data of its customers, including code snippets, internal communications, and business contact information.

Source

Victim: Avnet

About

Avenet is a Phoenix-based electronics company founded in 1921, known for its production of electronic components, from amplifiers, analog switches, ICs, to filters. It also offers turnkey design and manufacturing services to companies.

 

Industry

Electronics

 

What happened?

Avenet discovered in early October that its externally hosted cloud storage, which supports its internal sales tool used in the EMEA, was compromised, exposing employee and sales-specific data.

 

Impact

The data compromised in the data breach includes point of sale records, prospect details, and customer contact information like email addresses.

Source


Victim: FinalSite

About

FinalSite is a United States-based software company that offers a platform to develop and manage websites, apps, and enrolment systems for K-12 schools to help them connect and engage students and families. It caters to more than 5000 public school districts across the U.S.

 

Industry

Software

 

What happened?

FinalSite got targeted by a ransomware attack, preventing thousands of schools’ from accessing their websites for three days.

 

Impact

The ransomware attack had caused a disruption in the operations of around 8000 schools globally, temporarily or fully shutting down their websites that were hosted on FinalSite.

Source

Victim: SimonMed Imaging

About

SimonMed Imaging is one of the United States’ largest outpatient medical imaging providers. It operates in 10 states with over 170 facilities.

 

Industry

Healthcare

 

What happened?

SimonMed Imaging reported that its network was hacked, and attackers had access to its systems and data. The Medusa ransomware group has claimed that they carried out the attack, demanding $1 million.

 

Impact

The ransomware attack compromised the personal information of over 1.2 million individuals. The personal names, addresses, dates of birth, government-issued IDs, Social Security Numbers, authentication credentials, account numbers, and other medical information.

Source


Victim: Draft Kings

About

DraftKings is a Boston, Massachusetts-based gambling company that was founded in 2012 as a Daily Fantasy Sports service provider. It is an official partner of the NHL, UFC, NASCAR, and PGA TOUR.

 

Industry

Gaming

 

What happened?

DraftKings reported on October 2 that it experienced a data breach where the hackers used a credential stuffing attack to steal sensitive personal data.

 

Impact

The data breach compromised user accounts containing sensitive data, including names and email addresses.

Source


Victim: Harvard University

About

Harvard is one of the oldest and most prestigious universities globally, based in Cambridge, Massachusetts. It has one of the world’s largest academic libraries with more than 20.4 million holdings and more than 800 librarians.

 

Industry

Education

 

What happened?

Harvard University reported that it had been breached, where attackers exploited a zero-day vulnerability in the Oracle E-Business Suite system. Cl0p ransomware group has claimed the responsibility for the attack and threatened to publish the data if their demands weren’t met.

 

Impact

The number of individuals and the nature of the data compromised is still under investigation.

Source


Victim: Vietnam Airlines

About

Vietnam Airlines is one of the oldest airline carriers of Vietnam. It offers a wide network of connectivity to domestic as well as international destinations.

 

Industry

Aviation

 

What happened?

On 14th October, Vietnam Airlines reported that hackers uploaded a huge database on a data breach forum comprising 23 million customer records from over 40 companies, including Vietnam Airlines.

 

Impact

The data breach has compromised customers’ personal information, including their full names, phone numbers, dates of birth, and email addresses. It also compromised Lotus miles membership details.

Source


Victim: Nintendo

About

Nintendo is a multinational video game company that is based in Japan. It is known for publishing and releasing video games and gaming consoles.

 

Industry

Gaming

 

What happened?

A Twitter user who goes by the name Hackerman reported that hackers from the Crimson Collective ransomware group reported that they have stolen their company’s data.

 

Impact

The data breach has compromised over 570 GB of Nintendo’s company data, including its sensitive production-related assets, backup data, and its developer files.

Source

Data Breaches in September 2025

Victim: Zscaler

About

Zscaler is a California-based cloud security services provider offering services to help organizations protect their network and data.

 

Industry

Cybersecurity

 

What happened?

As per Zscaler’s investigation, there was unauthorized access to its business information. The incident is among the wave of data breaches specific to Salesforce environments, where attackers have carried out attacks based on stolen OAuth tokens.

 

Impact

The data breach has compromised data, including customer names, location details, and licensing information related to Zscaler’s products.

Source

Victim: Palo Alto Networks

About

Palo Alto Networks is a California-based multinational cybersecurity company known for its platform that includes firewall and cloud-based solutions that extend beyond the firewall. It serves over 75000 companies across 150 countries worldwide.

 

Industry

Cybersecurity

 

What happened?

Palo Alto Networks discovered that there was unauthorized access to customer and business information in September. Upon investigation, it was found that cybercriminals had used compromised tokens from Salesloft Drift to access Salesforce instances.

 

Impact

The data breach has compromised customer data and business information, including sensitive information such as passwords and other IT information that were shared within Salesforce CRM.

Source

Victim: Cloudflare

About

Cloudflare is a California-based company that is known worldwide for its services, including cybersecurity, content delivery network services, and  DDoS mitigation services. It provides services to customers and businesses in more than 125 countries worldwide.  

 

Industry

 Information and communications technology

 

What happened?

On September 3rd, Cloudflare disclosed that its customers’ data was compromised due to the Salesloft Drift data breach that impacted Salesforce CRM instances.

 

Impact

The company has revealed that attackers have stolen customer support and case-related data, which may include information pertaining to customers’ configurations and access tokens.

Source

Victim: PagerDuty

About

PagerDuty is a California-based company that offers cloud computing services and an incident management platform that is designed to alert its customers when there are disruptions and outages. Apart from the US, it also operates in Canada, Japan, and Australia.  

 

Industry

Information technology

 

What happened?

PagerDuty has become part of the wave of data breaches due to the Salesloft Drift data breach that impacts compromised Salesforce instances. The company has disabled Salesloft Drift’s access to the Salesforce data.

 

Impact

The breach has compromised data, including names, phone numbers, and email addresses, and case-related data of customers.

Source

Victim: Wealthsimple

About

Wealthsimple is a Canada-based online financial management service provider offering platforms for peer-to-peer cash transfer, automated investment, and cryptocurrency and stock trading.

 

Industry

 Financial services, online investment management

 

What happened?

Wealthsimple reported on 5th September that it detected a data security incident around 30th August and immediately commenced its investigation. The attacker exploited a flaw in a third-party software package.

 

Impact

The data breach compromised personal data belonging to less than 1% of Wealthsimple’s clients, including personal and financial information like contact details. Personal identification documents (government IDs), IP addresses, date of birth, account numbers, and Social Insurance Number.

Source

Victim: Tenable

About

Tenable is a Maryland-based cybersecurity company known for its vulnerability assessment solutions. It has more than 44000 customers worldwide, covering over 60% of Fortune 500 companies.  

 

Industry

Cybersecurity

 

What happened?

Tenable reported to its customers that it found evidence that an unauthorized user gained access to its customers’ personal and case-related information in Salesforce instances.

 

Impact

The compromised information includes names, addresses, phone numbers, location details, email addresses, and other case-related information stored in Salesforce instances.

Source

Victim: Credit Institute of Vietnam

About

The Credit Institute of Vietnam manages the country’s state-run credit information center, which is a public organization under the Credit Institute of Vietnam. It offers services and products in line with the law.

 

Industry

Public sector

 

What happened?

ShinyHunters ransomware group targeted the Credit Institute of Vietnam, exfiltrating their data and putting it up for sale on a dark web forum with a showcase of a large sample of data.

 

Impact

Over 160 million records have been compromised, containing sensitive PII information, and financial information, including credit card, risk analysis, military IDs, tax IDs, bank statements, government IDs, and debts.

Source

Victim: Plex

About

Plex is a California-based media platform that enables users to access movies and TV shows from multiple providers, including MGM and Warner Bros. It also offers a live TV subscription service.

 

Industry

Media

 

What happened?

Plex recently discovered unauthorized access to one of its customer databases. It has already begun its investigation and has notified its customers about the breach, advising them to immediately reset their passwords.

 

Impact

The compromised data includes customers’ information, including their email addresses, hashed passwords, and other authentication data.

Source

Victim: Jaguar Land Rover

About

Jaguar Land Rover is a UK-based automobile manufacturer known for its luxury vehicles, specifically its sport utility vehicles. It is a subsidiary of Tata Motors and one of the largest automotive employers in the UK, with more than 33000 employees.

 

Industry

Automobile

 

What happened?

On September 2nd, Jaguar Land Rover was hit by a ransomware attack that disrupted its production and retail operations.

 

Impact

The ransomware attack has highly impacted the company’s manufacturing operations, with the systems going offline for most of September and workers being asked to be off work till 10th September.

Source

Victim: Qualys

About

Qualys is a California-based technology company that offers cloud security and compliance services operating in more than 130 countries worldwide, with more than 10000 customers.

 

Industry

Cybersecurity

 

What happened?

Qualys became a target of a wave of data breaches that affected compromised instances of Salesloft’s Drift and Salesforce. The company immediately started its investigation with Mandiant and has reported to its customers that information within the Salesforce environment has been compromised.

 

Impact

The data breach has compromised all the information that was shared within the Salesforce environment, including all leads and contact-related information.

Source

Victim: MedicSolution

About

MedicSolution is a renowned software provider in Brazil that offers the healthcare sector with software for scheduling, service reminders, and support.

 

Industry

Cybersecurity

 

What happened?

MedicSolution has been targeted by the ransomware group KillSec, which exfiltrated its data and threatened to leak the data if the ransom wasn’t paid.

 

Impact

Since MedicSolution is a software vendor, it could widely impact the healthcare supply chain. The ransomware group had stolen 34GB of data with 94818 files containing medical evaluations, X-rays, uncensored patient photos and body images, and minor-related records.

Source

Victim: London North Eastern Railway (LNER)

About

London North Eastern Railway is one of the biggest train operating companies in the UK, offering services that connect London to North East England and Scotland. It is known for offering the most sustainable and fastest trains in the country.

 

Industry

Public sector

 

What happened?

LNER reported that it discovered unauthorized access to customer information through the breach of its third-party supplier. The firm is collaborating with a cybersecurity firm to investigate the breach.

 

Impact

The compromised information includes email addresses, travel details (records of previous journeys), and names of customers.

Source

Victim: Nueces County

About

The public sector organization offers residents of Nueces County, the US State of Texas, several digital services, from calculating and paying property taxes to offering electronic access to court records.

 

Industry

Public sector

 

What happened?

The county became a victim of business email compromise (BEC) attacks, involving five incidents, out of which three resulted in financial losses.

 

Impact

The data breach has cost the county a whopping $2 million in financial loss, taking over 120 days to recover funds from several transactions.

Source

Victim: OPSO (Orleans Parish Sheriff’s Office)

About

The Orleans Parish Sheriff’s Office offers community safety services and facilities for the care, correction, and control of inmates. It is one of the largest correctional facilities in the United States.

 

Industry

Public

 

What happened?

On September 5th, the Orleans Parish Sheriff’s Office was targeted by a ransomware attack. The organization detected the attack when employees reported that their systems had been compromised.

 

Impact

The attack compromised several systems, including systems for bond transactions and the delayed release of inmates.

Source

Victim: The Great Firewall of China

About

The Great Firewall of China is China’s technological system that was created and used by the Chinese government to monitor, block, and filter internet content for users in the country.

 

Industry

Public Sector

 

What happened?

On September 11, the Great Firewall of China discovered that a huge quantity of its data had been compromised in a data breach.

 

Impact

The data compromised in the data breach includes sensitive internal documents, including work logs, packaging repos, operational rulebooks, source code, and operational runbooks used to maintain the national traffic filtering system. It also contained files relating to Geedge Networks and MESAlab.

Source

Victim: Cook County Minnesota

About

Cook County, Minnesota, is a public sector organization that offers multiple health and nursing services. It also spreads awareness for environmental health, emergency preparedness, and communicable diseases.

 

Industry

Healthcare

 

What happened?

On September 12th, Cook County, Minnesota, announced that it had become a victim of a cyberattack that may have compromised the personal information of all individuals who have used its services.

 

Impact

The data that has been exposed in the data breach is under investigation. However, the notification states that it may have compromised the personal information.

Source

Victim: Anchorage Neighborhood Health Center

About

Anchorage Neighborhood Health Center is a healthcare center in Alaska that offers affordable healthcare services to its residents, including dental, pharmacy, medical, and other services.

 

Industry

Healthcare

 

What happened?

On September 4th, the Anchorage Neighborhood Health clinic reported that a hacker group had stolen 10,000 patient records. The company also experienced limited access to its systems due to the breach.

 

Impact

The data breach has compromised personal information, including social security numbers, driver’s licenses, and insurance information.

Source

Victim: Sonic Wall

About

SonicWall is a California-based cybersecurity company known for its range of internet applications and services, including network firewalls, virtual private networks, anti-spam, and cloud security.

 

Industry

Network security

 

What happened?

The company has reported to its customers that it detected suspicious activity on its cloud backup service for firewalls and that unknown threat actors might have accessed backup files in the cloud.

 

Impact

As per the company, the data breach has impacted around 5% of its customers, and the attackers could exploit the information to attack the related firewalls.

Source

Victim: Lotte Card

About

Lotte Card is a credit card company that is based in Korea. It was founded in 2002 and is one of the biggest credit card companies in South Korea.

 

Industry

Financial services

 

What happened?

Lotte Card reported that it became a victim of a data breach that impacted its customers’ personal data.

 

Impact

Over 200 gigabytes of data were stolen in the breach, affecting around 2,97,000 customers. The data compromised includes credit card numbers, security codes, payment codes, connection information, and virtual payment codes.

Source

Victim: KrasAvia

About

KrasAvia is Russia’s largest airline, known for its scheduled and charter passenger airlines with more than 44 aircrafts and helicopters.

 

Industry

Aviation

 

What happened?

On September 18th, KrasAvia became targeted by a cyber attack that affected its online services. Upon investigation the company found that attackers had exploited a zero day vulnerability to bypass firewall and deploy malware in their network.

 

Impact

The cyberattack caused a massive disruption in its online services, including its website, its Passenger Service System, its flight schedule monitoring, and other services. The airline also had to shift flight management to manual mode due to the attack.

Source

Victim: Collins Aerospace

About

Collins is an Iowa-based aviation and defense technology company that was formed in 2018. It offers designing, manufacturing, servicing systems for aviation including commercial avation, military, and defense.

 

Industry

Aerospace

 

What happened?

On 18th September, Collins Aerospace detected a suspicious activity in its systems that impacted operations in several airports in Europe, including Berlin, Brussels, and Heathrow airports.

 

Impact

The cyber attack caused delays in flights and longer waiting times for passengers, with the aviation staff having to shift manual boarding operations. As per the RTX that owns Collins software, the attack has impacted its customer check-in and baggage drop operations severely.

Source

Victim: Clarins

About

Clarins is a Paris-based manufacturer of luxury skincare products like cleansers, serums, and moisturizers with global customers and more than 8000 employees worldwide.

 

Industry

Cosmetics

 

What happened?

In September, Clarins reported being targeted by a ransomware gang called Everest that obtained the company’s customers’ data.

 

Impact

The cyber attack compromised the data of 6,00,000 people, including their names, numbers, email addresses, dates of birth, and addresses.

Source

Victim: Stellantis

About

Stellantis is a Netherlands-based automotive manufacturing company that manufactures, designs, and markets vehicles across 14 brands, including Ram Trucks, Opel, Peugeot, Dodge, and Chrysler. It is one of the largest automakers in the world, operating in more than 30 countries.

 

Industry

Automotive manufacturing

 

What happened?

On 21st September, Stellantis reported that it detected an unauthorized activity in a third-party provider’s platform that supports customer service operations across North America.

 

Impact

The data breach has compromised customers’ contact information. The number of people impacted, and the data compromised is under investigation.

Source

Victim: Brightstar Lottery Group

About

Brightstar Lottery (formerly IGT Lottery) is a global lottery company based in the United States. It caters to customers across six continents with a workforce of 6000 employees worldwide.

 

Industry

Lottery 

 

What happened?

On 23 September, Brightstar Lottery Group reported that it had become a victim of a data breach that impacted its corporate systems.

 

Impact

The data breach has compromised the personal information of lottery prize winners. The company has notified around 550 residents of Connecticut regarding the compromise of their information. 

Source

Victim: Boyd Gaming

About

Boyd Gaming is a US-based gaming and casino operator that provides hospitality services in more than 20 locations in the US.

 

Industry

Gaming 

 

What happened?

Boyd Gaming reported that it got data breached after it discovered that cybercriminals had stolen data by gaining access to its systems. 

 

Impact

The data breach compromised the company’s employee data and other data belonging to individuals.

Source

Victim: Volvo Group North America LLC

About

Volvo is a Swedish-based automotive company known for the production, sales, and distribution of trucks and buses. It is also used in the supply of marine and industrial systems.

 

Industry

Automotive

 

What happened?

On September 2, Volvo discovered that its employee data may have been compromised due to a cybersecurity incident on its third-party human resources software provider.

 

Impact

The data breach compromised personal information of Volvo’s current and former employees. The total number of personnel affected and the type of data compromised are still under investigation.

Source

Victim: Press Ganey Associates

About

Press Ganey Associates is a patient experience measurement service provider that was founded in 1985 at University of Notre Dame. It offers its services to healthcare providers and health plans in the United States.

 

Industry

Healthcare

 

What happened?

Press Ganey Associates reported that it got data breached on 10th September 2025 to the HHS through the official reproting portal.

 

Impact

The data breach compromised personally identifiable information and protected health information of 23,899 people including their names, DOBs, health insurance information, Social Security numbers and other medical records.

Source

Victim: Red coats

About

Red Coats is one of the largest cleaning services provider in the United States, offering multiple commercial cleaning services.

 

Industry

Cleaning services

 

What happened?

On September 19th, Redcoats reported to its customers that it has been data breached. It emailed its customers the steps they can take to secure themselves.  

 

Impact

The data breach compromised personal information, including names, Social Security numbers, license numbers and addresses.

Source

Victim: Beaumont Bone & Joint Institute

About

Beaumont Bone & Joint Institute is a Texas-based orthopaedic clinic offering a range of healthcare services from treatment of muscle and skeletal-related injuries to physical therapy. 

 

Industry

Healthcare 

 

What happened?

On September 4th, 2025, Beaumont Bone & Joint Institute was targeted by a ransomware attack that was carried out by the PEAR ransomware group. The group hacked the company’s internal systems and stole its data. 

 

Impact

The data compromised in the ransomware attack includes personally identifiable information and protected health information, including names, DOBs, health insurance information, addresses, medical details, and payment information. 

Source

Victim: ClaimPix 

About

ClaimPix is a solution provider that offers a platform that helps businesses collect and organize insurance-related information on-site. 

 

Industry

Auto insurance 

 

What happened?

In September 2025, a security researcher discovered that a database connected to ClaimPIx was exposed to the public without encryption or password protection. 

 

Impact

The compromised data includes over 5.1 million files, including sensitive information like vehicle registration details, license plate images, powers of attorney, software license agreements, names, addresses, and other contact information. 

Source

Victim: Harrods 

About

Harrods is a London-based luxury department store offering clothing, accessories, and jewellery across more than 3000 brands. It also offers other services in real estate and hospitality, and other sectors. 

 

Industry

Retail 

 

What happened?

On September 26th, Harrods informed its customers that it had become a victim of a data breach after one of its third-party providers’ systems was breached. 

 

Impact

The data breach compromised the personally identifiable data of its customers, including their names, addresses, and contract details. 

Source

Victim: Maryland Department of Transportation

About

The Maryland Department of Transportation is a state-run organization that heads two transportation authorities and five modal administrations in Maryland. 

 

Industry

Automotive manufacturing

 

What happened?

Rhysida ransomware group targeted the Maryland Department of Transportation, demanding over $3.3 million in exchange for stolen data that comprised personal data of residents. 

 

Impact

The data breach compromised the personal data of Maryland’s residents, including their Social Security numbers, passport data, residential addresses, and other documents. 

Source

Victim: Asahi

About

Asahi is one of the largest beer breweries in Japan that owns multiple global beer companies like Grolsch, Fullers, Pilsner Urquell and Peroni.

 

Industry

Brewing

 

What happened?

Asahi Group Holdings has reported that it experienced a cyber attack that disrupted its operations. The company has confirmed that only its Japan-based manufacturing processes were affected by the attack.

 

Impact

The cyber attack has caused a massive disruption in order, shipment, and customer service operations. The leakage of data is under investigation.

Source

Victim: Kido International

About

Kido International is a UK-based pre-school chain that operates in more than four countries, focusing on combining multiple teaching philosophies and creating a gamified teaching environment for kids up to six years.

 

Industry

Child education

 

What happened?

Kido International had experienced a ransomware attack carried out by a group called Radiant, where the attacker threatened to publish data unless the ransom was paid. 

 

Impact

The data compromised in the incident involves sensitive information belonging to around 8000 children, including their names, medical details, and photos.

Source

Victim: Kido International

About

Kido International is a UK-based pre-school chain that operates in more than four countries, focusing on combining multiple teaching philosophies and creating a gamified teaching environment for kids up to six years.

 

Industry

Child education

 

What happened?

Kido International had experienced a ransomware attack carried out by a group called Radiant, where the attacker threatened to publish data unless the ransom was paid. 

 

Impact

The data compromised in the incident involves sensitive information belonging to around 8000 children, including their names, medical details, and photos.

Source

Victim: MedStar Health

About

MedStar is a Washington-based healthcare services provider that operates ten hospitals across 500 cities, offering services like clinical services, medical education, and research.

 

Industry

Healthcare

 

What happened?

MedStar discovered unauthorized access to its sensitive files after which it immediately enabled its response protocols and launched its investigation with third-pary specialists.

 

Impact

The data compromised in the cyber attack includes personal information like names, Social Security numbers, dates of birth, clinical information, including diagnoses, test results, insurance details, medication, and treatment data.

Source

Victim: Richmond Behavioral Health Authority

About

The Richmond Behavioral Health Authority was established by the government to offer services for mental health, substance abuse and prevention, and intellectual disabities to the citizens of Richmond, Virginia.

 

Industry

Healthcare

 

What happened?

On September 29th, RBHA was hit by a cyber attack that impacted part of its network and systems.

 

Impact

The cyber attack has compromised personal information of over 113000 people, including their personal names, Social Security numbers, financial account-related information, and passport numbers.

Source

Data Breaches in August 2025

Victim: Canada House of Commons

About

The House of Commons is the lower house of Canada’s Parliament. It offers digital services to its citizens, from offering them information like news on the key happenings (like passing of a new bill) to detailed information on agendas/publications and committee meetings.  

 

Industry

Public sector

 

What happened?

Cybercriminals exploited a vulnerability in Microsoft to access the database of the House of Commons’ systems and mobile devices, stealing confidential data of their employees.

 

Impact

Sensitive personal data of employees, including confidential data like names, locations, email addresses, and job titles, has been compromised.

Source

Victim: Google

About

Google is an American technology company that is known worldwide for its services and solutions in search engine technology and other areas including e-commerce, quantum computing, software Cloud computing, artificial intelligence.

 

Industry

Hardware, cloud computing, software, AI

 

What happened?

Google’s Salesforce based database systems were compromised by Shiny Hunters ransomware group. The attackers used multiple sophisticated vishing and social engineering techniques to manipulate Google employees into granting access to their systems.

 

Impact

The data breach has compromised business information, contact details and other personal information stored in its Salesforce Customer Relationship Management system.

Source

Victim: Royal Enfield

About

Royal Enfield is one of India’s most renowned automotive companies, known for its motorcycles. It is a unit of Eicher Motors operating in multiple countries across the world.

 

Industry

Automotive

 

What happened?

Royal Enfield was hit by a ransomware attack on August 13. Upon investigation by cybersecurity experts, it was found that a hacker posted a notice claiming to have encrypted Royal Enfield’s servers and backups, threatening to auction the information to the highest bidder on the dark web forum.

 

Impact

The ransomware attack has compromised the company’s information, its backups, and data stored in servers.

Source

Victim: Manpower

About

Manpower is a workforce solutions provider that serves organizations from industries across the globe. It is known for its permanent, temporary, and contract-based workforce-related services, including skills and training solutions.

 

Industry

Staffing and recruitment

 

What happened?

In its recent breach notification, Manpower stated that unknown actors gained unauthorized access to their network between December 29, 2024, and January 2025, stealing personal and sensitive information of individuals. The RansomHub gang has claimed responsibility for the breach.

 

Impact

The breach has compromised personal information of over 1,44,189 individuals, including their contact details, passports, SSNs, IDs, and test results.

Source

Victim: Bouygues Telecom S.A

About

Bouygues is France’s third-oldest network services provider and mobile operator offering mobile and internet services. It has over 23.4 million customers worldwide using its fixed and mobile network services.

 

Industry

Telecom

 

What happened?

On August 6th, Bouygues disclosed an incident involving unauthorized access to personal and financial information associated with its customers. The company has warned its customers to be aware of fraudulent emails and calls.

 

Impact

The data compromised includes data of over 6.4 million customers, including company data, civil status details, international bank account numbers (IBAN),  and contact details.

Source

Victim: Workday

About

Workday is a California-based software vendor company that was founded in 2003, known for its on-demand cloud-based software for financial management, human capital, and student information management. 

 

Industry

Software

 

What happened?

Workday is one among many companies that were affected by Salesforce-specific data breaches orchestrated by the ShinyHunters ransomware group, where attackers use social engineering attacks to attack targets (comprising English speakers working in MNCs) over Salesforce environments.  

 

Impact

The data breach compromised personal information of the company’s customers, including business contact information, names, phone numbers, and email addresses.

Source

Victim: iiNet

About

iiNet is an Australian-based telecommunications and internet services provider that was acquired by TPG Telecom in 2020. It is a known brand in Australia for its NBN, Internet (cable and wireless), and Mobile network services.

 

Industry

Telecommunication, Internet services

 

What happened?

The company confirmed the attack on 16th August, stating that a cybercriminal gained access to the company’s systems after stealing credentials from an employee using social engineering.

 

Impact

The data breach exposed information of 280000 customers, including their phone numbers, street addresses,  passwords of modems, and email addresses.

Source

Victim: Bragg Gaming Group

About

Bragg Gaming Group is a technology solutions provider for the gaming industry, offering varied solutions to gaming operators, mainly content delivery and technology solutions like a flexible Player Account management platform and user enhancement solution. It is known among casinos for its software solutions.

 

Industry

Online gaming

 

What happened?

On August 16th, Bragg Gaming experienced a cyber attack that compromised its internal systems. Based on the investigation by cybersecurity experts, the company has confirmed that no personal information has been compromised.

 

Impact

The breach hasn’t affected the company’s operations or compromised its data yet. However, it has raised concerns about data security and operations among over 200 customers across North America & Latin America, and Europe.   

Source

Victim: Orange Belgium SA

About

Orange Belgium SA

 

Industry

Telecom

 

What happened?

The company reported that hackers gained access to the data of their 850000 customers. It is the third attack Orange has disclosed this year that has caused the compromise of its customers’ data.

 

Impact

The attack has exposed the personal data of 850000 customers, including their names, SIM card details, and tariff details.  

Source

Victim: Inotiv

About

Inotiv is an American pharmaceutical company that offers multiple research-related services, helping organizations with drug development, safety assessment, and consultation. It also offers research models and other bedding and support services for lab animals.

 

Industry

Pharmaceuticals

 

What happened?

On August 8, Inotiv discovered that cybercriminals had gained unauthorized access to their systems and data, taking immediate action to contain and respond to the cyber attack with the help of external security experts and law enforcement. The attack was claimed by the Qilin ransomware gang.

 

Impact

The cyberattack compromised 162,000 files (around 176 GB) comprising the company’s confidential ten years of research data.

Source

Victim: MPOWERHealth

About

MPOWERHealth is a healthcare services company that is based in Texas, United States. It offers clinical services, virtual care, and health plan solutions to healthcare providers, hospitals, employers, and patients across the country.   

 

Industry

Healthcare

 

What happened?

On 19th August, the Wordleaks ransomware group claimed responsibility for targeting MPOWERHealth, stating that over 1.5TB of data had been exfiltrated by the group. The company has begun its investigation of the incident.

 

Impact

The attack has compromised 1.5 TB of data, containing 1622547 files involving protected healthcare information.

Source

Victim: DaVita

About

DaVita is a United States-based kidney dialysis services provider that operates in 11 countries through a network of over 2000 outpatient centers in the US alone.

 

Industry

Healthcare

 

What happened?

The company became a target of a ransomware attack in which the threat actor gained unauthorized access to its labs database that contained sensitive personal information of its patients.  On 5th August, DaVita reported having experienced a temporary disruption of operations costing $13.5 million in the second quarter.

 

Impact

The attack caused a temporary disruption of its operations and compromised the sensitive personal information of over 2.7 million people.

Source

Victim: Intel

About

Intel is one of the world’s biggest technology companies based in California that designs, manufactures, and sells central processing units, processing chips and other computer components for businesses and consumers.

 

Industry

Technology

 

What happened?

Attackers exploited multiple critical security vulnerabilities to breach Intel India’s websites including their corporate portal, product management website, exposing the personal information of employees and sensitive corporate and supplier information.

 

Impact

The breach exposed the personal information of more than 270000 Intel employees and sensitive corporate and supplier information.

Source

Victim: Farmers Insurance

About

Farmers Insurance is a California-based insurance company that offers a wide range of vehicle, home, small business insurance, and financial service products. It is one of the largest insurance companies in the U.S, operating in more than 50 states.

 

Industry

Insurance

 

What happened?

On 22nd August 2025, Farmers Insurance notified in its data breach notification letters that sensitive personal information belonging to its customers in its third-party vendor systems is compromised and may be accessed by an unauthorized third party.

 

Impact

The data breach has compromised the sensitive personal information of over 1 million people (1071172), including their names, addresses, driver’s license numbers, and Social Security Numbers.

Source

Victim: Air France and KLM

About

Air France-KLM is a France-based airline company that operates in more than 320 destinations worldwide with around 78000 employees worldwide. It is a parent company to Transavia, Air France, and KLM, transporting over 98 million passengers worldwide as recorded in 2024.

 

Industry

Aviation

 

What happened?

Air France-KLM has become a victim of a series of Salesforce-specific data breaches carried out by the ShinyHunters ransomware group. The company has reported the incident to the relevant law enforcement authorities and has begun its investigation.

 

Impact

The data breach has compromised the company’s customer data, including their personal information such as their names, email addresses, phone numbers, transaction details, and reward program details.

Source

Victim: Auchan Retailer

About

Auchan is a France-based retail group that was founded in 1961. It is one of the largest employers in the world with over 153965 employees, operating in around 12 countries around the world, focused on offering healthy and local products.

 

Industry

Retail

 

What happened?

In its recent notification to its customers, the company stated that there was unauthorized access to the personal data of around a hundred thousand customers. The company has begun its investigation of the incident, having informed the affected parties about the breach.  

 

Impact

The data breach has compromised personal information and loyalty program-specific sensitive information of around 100000 of its customers.

Source

Victim: The State of Nevada

About

The State of Nevada offers its citizens a range of online services from payment of bills related to public utilities to providing job-related information.

 

Industry

Public sector

 

What happened?

On 24th August, the State of Nevada identified a data breach activity and immediately engaged its response and recovery procedures.

 

Impact

The attack caused disruption of technological systems, online platforms, phone systems, and the state network overall.

Source

Victim: Miljödata

About

Miljödata is a 35-year-old software development company based in Sweden that is known for its personnel and occupational wellbeing-related products and systems, especially among public sector organizations (around 80% of Sweden’s municipal systems).

 

Industry

Software

 

What happened?

Miljödata got targeted by a ransomware attack, which caused a massive service disruption and exposure of sensitive data.  

 

Impact

The attack compromised the data of residents of 200 Swedish municipalities across 21 regions, containing employee data, including medical certificates, rehabilitation plans, work-related injuries, and other information.

Source

Victim: West Chester Township, Ohio

About

The West Chester Township provides its citizens with a range of online public services and information related to its key services and recent news.

 

Industry

Public sector

 

What happened?

On 26th August, West Chester Township detected a data breach activity after which they initiated their forensic investigation. Employees have reported that attackers have sent a note stating that they have stolen two terabytes of personal information.

 

Impact

The attack has compromised two terabytes of information, including personal information of residents and employees.

Source

Victim: Middletown, Ohio

About

Middletown offers multiple public services online to its citizens, providing detailed information about its services and recent governmental decisions.

 

Industry

Public sector

 

What happened?

Middletown, Ohio, was targeted by a cyber attack in August, disrupting several key services in the city. Experts are investigating the complete impact of the attack and are determining whether any personal information has been compromised by the attack.

 

Impact

The attack caused a disruption in several public services in Middletown, Ohio, with citizens facing delays/unavailability in services.

Source

Victim: Internet Rimon

About

Internet Rimon is an Israeli internet services provider that offers internet filtering services catering to the religious sector. It is known for its content-filtering services for orthodox Jewish communities.  

 

Industry

Internet services

 

What happened?

On 24 August, Internet Rimon reported that it had discovered unauthorized activity and immediately began its investigation. After investigation, it was found that they were targeted by an Iranian-linked hacking group called “Promised Revenge”.

 

Impact

The data breach has compromised the sensitive personal information of over 1 million people (1071172), including their names, addresses, driver’s license numbers, and Social Security Numbers.

Source

Victim: TransUnion

About

TransUnion is a United States-based credit reporting agency with over a billion individual customers and over sixty-five thousand business customers across thirty countries.

 

Industry

Credit reporting

 

What happened?

TransUnion reported in its filing with the attorney general’s office that it suffered a data breach in late July, where there was unauthorized access to its third-party application that stored its customers’ personal data.

 

Impact

The breach has compromised the personal data of over 4.4 million customers

Source

Victim: Salesloft

About

Salesloft is a Georgia-based company that is known for its sales engagement platform. It has over 5000 customers worldwide, including some of the leading companies like Shopify, Citrix, Stripe, and IBM.  

 

Industry

Software

 

What happened?

Cybercriminals targeted Salesloft Drift to steal OAuth (authorization) tokens to gain access to sensitive data from several instances of Salesforce.

 

Impact

The Salesloft Drift data breach has affected over 700 organizations, including the cybersecurity firm Zscaler, causing a compromise of customer and business information.

Source

Victim: Dartmouth College

About

Dartmouth is one of the oldest private research universities in the United States. It offers undergraduate courses for more than 40 academic departments and programs.

 

Industry

Education

 

What happened?

Dartmouth reported that an unauthorized actor accessed files and stole their data by exploiting a vulnerability in the Oracle eBusiness Suite in August.

 

Impact

The data breach exposed personal information of 40000 people, including their Social Security Numbers, names, and financial account information.

Source


Victim: Marquis

About

Marquis is a Texas-based software solutions provider that offers CRM, digital marketing, data analytics, and compliance reporting services to over 700 banks and credit unions.

 

Industry

Software

 

What happened?

Marquis reported that in August, it became a victim of a ransomware attack on August 14 that caused unauthorized access to files containing personal information.

 

Impact

The ransomware attack compromised the data of 400000 customers from 74 banks, including their names, phone numbers, Taxpayer Identification Numbers, financial information, dates of birth, and addresses.

Source


Victim: Spartanburg County

About

Spartanburg County offers multiple citizen-specfic services and information, from payment of utility bills to tracking the status of legal proceedings.

 

Industry

Pubic sector

 

What happened?

Spartanburg County discovered an unauthorized activity involving access to the personal information of residents.

 

Impact

The data breach compromised personal, identifiable information of employees.

Source

Data Breaches in July 2025

Victim: Quantas Airlines

About

Quantas is Australia’s largest domestic and international airline company found in 1920 that offers regional, domestic and international airline services across Australia and the globe. It is made up of two airline brands Quantas and Jetstar.

 

Industry

Airline

 

What happened?

On 30th June, Quantas detected an unusual activity on its platform that is used by the contact centre. The complete investigation of the data breach is under progress and the full impact of the breach is under investigation.

 

Impact

The breached platform comprised personal information of over six million customers including their names, addresses, birthdates, and frequent flyer numbers.

Source

Victim: Albemarle County

About

Albemarle County provides public services to the residents of the county in Virginia, United States. The services include tax payment, real estate, career guidance, education, community development, business, and other services.

 

Industry

Public Sector

 

What happened?

On June 11th Albemarie County discovered suspicious activity on its IT systems. On further investigation by cybersecurity experts, it was determined that there has been a ransomware activity. Upon discovery, the organization immediately executed its incident response measures. It has notified the law enforcement and other relevant authorities.

 

Impact

The attack has impacted the operation of public services and has compromised the personal data of the residents of the county. The compromised personal data includes that of local government and public school employees, including names, passport numbers, social security numbers, driver’s license numbers, state ID card numbers, and addresses.  

Source

Victim: Eerie Insurance

About

Eerie Insurance is a Pennsylvania-based insurance company that was founded in 1924. It offers varied insurance services, including real estate, life insurance, motor vehicle insurance, and business insurance. It became part of the Fortune 500 companies in 2021 and became the 12th largest auto and real estate insurance company in 2023.

 

Industry

Insurance

 

What happened?

On June 7th, the company discovered unauthorized activity on its IT systems taking immediate incident respons4e action to secure systems and data. Upon investigation it was found that the company became victim of a ransomware attack that could compromise their information and operations.

 

Impact

The attack caused disruption to the company’s operations and outage for over a month. It has resulted in two class action law suites for failing to secure customers’ personally identifiable information.

Source

Victim: Ace wire spring & form company

About

Ace Wire Spring & Form Co. Inc. is a manufacturer of custom precision extension, torsion, and custom wire forms. Since 1939, it has built a reputation for its custom springs and wire forms in industries like automobile, defense, firearms, mining, and gardening.

 

Industry

Manufacturing

 

What happened?

The company discovered a data leak on July 9th. Upon a detailed investigation carried out by cybersecurity experts, it was discovered that the company became targeted by Akira ransomware.

 

Impact

The ransomware attack compromised financial and sensitive information, including employee personal details, customer contracts, social security numbers, medical forms, and other confidential files.

Source

Victim: McDonalds

About

McDonald’s is a United States-based MNC that was founded in 1940, known for its chain of fast food restaurants, operating in over 40,000 locations worldwide. It has become one of the largest restaurant chains by revenue.

 

Industry

Fast food restaurants & real estate

 

What happened?

McDonald’s deployed an AI-based platform by Paradox.ai with a chatbot called Olivia for carrying out preliminary job interviews. Upon receiving multiple complaints about the platform, security experts Ian Caroll and Sam Curry examined it. They discovered that they could easily access the back end of the AI chatbot using basic techniques and inputting the credentials 123456. Upon further investigation, they found that data of over 64 million records were accessible, containing personal data of job applicants.

 

Impact

It compromised the personal information of 64 million applicants, including their names, phone numbers, and email addresses.

Source

Victim: France Travail National Employment Agency

About

France Travail is a governmental agency that helps unemployed people find job, offering them financial assistance. It was formed in 2008 through the merger of ANPE and Assedic. Their main focus are people who struggling from long-term unemployment.

 

Industry

Public sector

 

What happened?

France Travail got targeted by a cyber attack where the attackers gain unauthorized access ot personal data of job seekers. It is the second time the organization has suffered a data breach after the first large data breach in March 2024 that impacted 43 million people.

 

Impact

The data breach compromised the names, postal, email addresses, and phone numbers of over 340,000 users.

Source

Victim: Indaco Paints

About

Indaco is one of the leading paint manufacturers that was founded in Jakarta, Indonesia, in 2005. Its headquarters are in Karanganyar with over 5000 employees. It is known for manufacturing anti-corrosive paints across industries, like heavy equipment and automotive.

 

Industry

Paint and coating manufacturing

 

What happened?

The company came to know about the breach when security experts found a threat actor on a dark web forum claiming to have leaked sensitive documents.

 

Impact

The breach has exposed over 3.5 GB of data, containing customer bank transaction documents, agreement documents, and other confidential documents, including customer financial information and internal corporate agreements.

Source

Victim: Microsoft

About

Microsoft is one of the world’s biggest technology company that was founded in 1975. It is known for its software solutions and cloud computing services. It is considered as one of the big five American IT companies alongside Amazon, Meta, and Apple.

 

Industry

Information Technology

 

What happened?

Ransomware gangs worldwide have exploited a vulnerability in Microsoft’s Sharepoint. It gave them access to data and systems of over 148 organizations worldwide that have deployed Sharepoint solutions. Cybercriminals are using zero-day vulnerability to achieve range of malicious objectives from delivering ransomware to stealing data.

 

Impact

Over 148 organizations have been data breached worldwide, including the US’s National Nuclear Security Administration.

Source

Victim: Ingram Micro

About

Ingram Micro is a California-based IT solutions and services provider that was founded in 1979. It has a massive global network of customers and vendors, serving in more than 200 countries worldwide, and is known for its services, solutions, and resources.

 

Industry

Information Technology

 

What happened?

A ransomware group called Safepay, which shares similarities with LockBit, targeted Ingram Micro. In July, the company confirmed that the attackers stole and encrypted over 3.5 TB of their data, threatening to publish their data by August 1st.

 

Impact

The attack compromised 3.5 TB of data, impacted its internal systems, and disrupted its ordering systems.

Source

Victim: Citi Group

About

Citi is a global bank based in New York City that was founded in 1988. It is known for its wealth management, investment, and banking services. It serves approximately 85% of the Fortune 500 companies in 180 countries.

 

Industry

Banking

 

What happened?

On July 24, 2025, Citibank reported to the Attorney General of the Commonwealth of Massachusetts that it experienced a data breach where sensitive PII of its customers was compromised.

 

Impact

The compromised data includes name, financial account information, debit/credit card details, address, dates of birth, and social security number. A federal class suit was filed in Manhattan against the group for failing to implement data security measures.

Source

Victim: Allianz Life insurance

About

Allianze Life is a global insurance company that was founded in 1890 in Munich, Germany known for its life insurance, ETFs, fixed & variable annuities, and retirement solutions. It has more than 125 million customers worldwide

 

Industry

Life Insurance

 

What happened?

Allianz Life became a victim of a data breach, where hackers accessed personal data of 1.4 million customers by exploiting the weaknesses in its third-party cloud-based system.

 

Impact

The data breach compromised data of over 1 million customers, including names, social security numbers, phone numbers, dates of birth, policy and contract numbers, and email addresses. A class action lawsuit was filed against the company for failing to ensure data security measures.

Source

Victim: Dell

About

Dell is a United States based company that was founded in 1984. It sells products including personal computers, switches, data storage devices, and servers. It also offers development, selling, repair and support services.

 

Industry

Personal computers and Software

 

What happened?

Dell Technologies confirmed that the Hunters International ransomware gang, also known as Worldleaks, breached the company and leaked 1.3 TB of its data on July 21, 2025.

 

Impact

The breach has affected the company’s customer solutions center and compromised over 400,000 files. The data compromised includes automation scripts, log files, system data, and software packages.

Source

Data Breaches in June 2025

Victim: Zoomcar

About

Zoomcar Holdings Inc. is a Bengaluru-based online car-sharing marketplace that was founded in 2013 operating in multiple countries, including Indonesia, Egypt, and Vietnam. In addition to car-sharing services, it also offers software-enabled keyless entry applications to its customers.

 

Industry

Car renting services

 

What happened?

On June 9 Zoomcar Holdings Inc. identified identified that they had suffered a cybersecurity incident when an employee received an external communication from a threat actor that claimed to gain unauthorized access to their sensitive data.

 

Impact

The data breached caused compromise of sensitive data of 8.4 million of its users in India, including names, phone numbers, personal addresses, car registration numbers, and email addresses.

Source

Victim: Nobitex exchange

About

Nobitex is Iran’s largest cryptocurrency exchange with more than 10 million customers that facilitates digital asset trading for the country’s cryptocurrency

 

Industry

Cryptocurrency

 

What happened?

In the early morning of June 18th, Nobitex’s team observed suspicious activity on its systems and hot wallets. Upon further investigation, it was found that the attackers had targeted the company’s cryptocurrency wallets, stealing funds from its users. Pro-Israel group Predatory Sparrow (or Gonjeshke Darande) claimed responsibility for the attack, threatening to publish internal data and source code in 24 hours. The next day, the hacker group confirmed being behind the recent attack on Bank Sepah connected to the Islamic Revolutionary Guard Corps (IRGC).

 

Impact

The attackers stole sensitive information of and over $48 million which they immediately sent to vanity ‘burn’ addresses’.  The organization suffered losses of over $90 million from digital assets lost.

Source

Victim: Aflac

About

Aflac is an insurance services giant based in Columbus, Georgia. It has become the largest supplemental insurance provider in the United States with over 50 million customers worldwide.

 

Industry

Insurance

 

What happened?

On June 12th, 2025, Aflac revealed that it suffered a cyber attack in its SEC (U.S. Securities and Exchange Commission) filing explaining that it has initiated its incident response procedures and the attack hasn’t affected its operations.

 

Impact

The attack exposed sensitive personal data including names, Social Security numbers, health information, and information related to customers, agents, beneficiaries, employees, and other individuals.

Source

Victim: CetDigit

About

CetDigit (Cetrix Cloud Services) is a cloud services provider based in Dover, United States, known for its CRM solutions, Salesforce & HubSpot, and other advanced cloud technology planning and implementation services.  

 

Industry

Digital transformation services

 

What happened?

In June, a threat actor posted a large database containing personally identifiable information and other company-related information of Cetdigit.com for sale on a data breach forum.  

 

Impact

The compromised database contains 19.2 million records containing personally identifiable information, including full name, business email, company name, job title, full address, phone number, and company information that can be used by cybercriminals to carry out social engineering attacks like phishing, identity theft or espionage.

Source

Victim: Disneyland Paris

About

Disneyland Paris is the second entertainment resort in France outside the United States apart from Tokyo. It is Europe’s most visited theme park, having welcomed more than 250 million visitors since it was founded.

 

Industry

Hospitality

 

What happened?

Anubis ransomware group targeted Disneyland Paris and stole its engineering and attraction plans, threatening to put it up for sale on the dark web in case the ransom demand is not met. The attacker carried out the breach by targeting Disneyland’s partner company. The ransomware group posted about the theft on June 12 on its official account on X.

 

Impact

The attack compromised 39000 files with detailed information on recent construction projects and plans of renovation.

Source

Victim: Agarwal Packers and Movers

About

Agarwal Packers and Movers is a Noida-based logistics company. It is known for its relocation services, serving over 70 cities across India. It was founded in 1987 and has built a reputation among its customers including high-ranking government officials and corporate clients.

 

Industry

Logistics

 

What happened?

On June 1st, the company received complaints from its clients regarding receiving calls specifying query-related information. Upon investigation and internal technical audit, it was found that there was unauthorized access to their sensitive information and collaboration between internal and external actors.

 

Impact

The breach has led to the compromise of sensitive customer information including contact details, personal addresses, and movement schedules of high-ranking government officials, foreign dignitaries, and judiciary members.

Source

Data Breaches in May 2025

Victim: LVMH

About

Moёt Louis Vuitton SE is a family-run group that was founded in 1987 as a result of a merger between Moёt Hennessy and Lous Vuitton. It deals with luxury goods, with over 6300 stores and 60 subsidiaries that manage 75 prestigious brands.

 

Industry

Luxury goods

 

What happened?

LVMH detected unauthorized access to data (on 8th and 9th May) that compromised the personal data of customers of its brands Dior (China) and Tiffany(South Korea).

 

Impact

Personal information of Tiffany (South Korea) and Dior (China)customers got compromised, including names, addresses, numbers, and email IDs.

Source

Victim: Adidas

About

Adidas is a German footwear and apparel manufacturer established in 1924 in Bavaria, Germany. It is the largest manufacturer in Europe and the second-largest footwear manufacturer in the world, only next to Nike.

 

Industry

Apparel and footwear

 

What happened?

Adidas detected unauthorized access to data through its third-party customer service provider and took immediate steps for response, collaborating with cybersecurity experts to contain the incident.

 

Impact

The data compromised includes personal data of customers including their names, phone numbers, birth dates, and email addresses.

Source

Victim: Novia Scotia

About

It is the biggest provider of utility services, specifically the generation, transmission, and distribution of electricity. Its parent company Emera, is an international energy company headquartered in Halifax Canada.

 

Industry

Utility services

 

What happened?

On 25 April, Emera and Nova Scotia Power disclosed unauthorized access to Canadian networks and servers that exposed customers’ personal information. In just a month, Nova Scotia Power became a target of a ransomware attack (25 May).

 

Impact

The attack compromised the personal information of its 280000 customers including their names, date of birth, customer account history, driving license, number, and social insurance number.

Source

Victim: MATLAB/MathWorks

About

MathWorks is a USA-based company known for data analysis and simulation solutions (like MATLAB and Simulink). It specializes primarily in mathematical computing software.

 

Industry

Mathematical Computing software

 

What happened?

MathWorks confirmed a ransomware attack on 26 May. The attack impacted its IT infrastructure on May 18, causing multiple disruptions across online applications and internal systems. It has critically affected MATLAB, The License Center, File Exchange, Cloud Center, and the MathWorks store.

 

Impact

It caused widespread disruption, especially with over 5 million users worldwide, with over 6500 universities and colleges affected by the attack.

Source

Victim: Arla Foods

About

Arla Foods is a Danish producer of dairy producers selling to brands across 140 countries with products and brands named Starbucks(partner) and Castello Cheese (owned by Arla). It is one of the largest dairy producers in Europe operating across 39 countries.

 

Industry

Dairy

 

What happened?

Arla Foods confirmed that in the third week of May, the local IT network of its Upahl facility witnessed suspicious activity that could cause operational problems for the company.

 

Impact

The attack disrupted its entire production operation in Upahl, Germany, resulting in delivery delays and product cancelations. The disruption will most likely create shortages in dairy products availability.

Source

Victim: The Coca Cola Company

About

The Coca-Cola Company is a US-based cola soft drink manufacturer known for its product Coca-Cola in more than 200 countries. It has around 200 brands under its name, with more than 700,000 employees globally.

 

Industry

Auto racing

 

What happened?

Security experts found Coco-Cola’s name on a data leak site on the dark web on 22nd May that was posted by Everest Ransomware group which gave the company five days to contact them and make the deal. The ransomware group has published the data stolen online since their demands were not fulfilled by Coca-Cola.

 

Impact

The data on the leak site includes 1104 files, including passport scans, personal numbers, full names, visa copies, and employee IDs of employees who work in Bahrain and UAE.

Source

Victim: ConnectWise

 

About

ConnectWise is a software company based in Florida, that offers cybersecurity and remote monitoring and management software. It is known for its remote access and support tool for technicians called ScreenConnect.

 

Industry

Cybersecurity

 

What happened?

ConnectWise detected suspicious activity that impacted instances of its ScreenConnect solution. The company has launched an investigation with leading forensic experts, informed the affected customers and law enforcement.

 

Impact

The breach impacts some users of ScreenConnect allowing the attackers to remotely drop malicious payloads to the targeted users.

Source

Data Breaches in April 2025

Victim: DBS and Bank of China Singapore

About

DBS Bank is a global banking and financial services company in Singapore. It offers banking, wealth management, and insurance services. Bank of China Singapore has been providing banking services in Singapore since 1936. It offers services including treasure, investment, corporate and personal banking.

 

Industry

Banking

 

What happened?

A ransomware attack on their mutual printing vendor Toppan Next Tech (TNT) resulted in the compromise of DBS Bank and Bank of China Singapore’s customer data.

 

Impact

The ransomware attack impacted over 11,000 DBS and Bank of China customers, compromising their personal information, including names and addresses, and banking information, including investment and loan-related details.  

Source

Victim: SK Telecom

About

SK Telecom or South Korean Wireless Telecommunications Operator is one of South Korea’s largest telecommunication companies, representing almost 50% of its market share. It is part of the SK Group which is a multinational manufacturing and services conglomerate.

 

Industry

Telecom

 

What happened?

SK Telcom detected malware on their systems on April 19th, 2025, that allowed cybercriminals to access the company’s sensitive USIM-related customer information. The company has isolated the incident and has issued new SIM cards to all its affected customers.

 

Impact

The malware attack compromised the sensitive information of its 25 million customers, including mobile phone numbers, device identification numbers (IMEI), and contacts stored in USIM. Since the cyberattack, the company’s shares have fallen by 8.5%, the lowest since August 2024.

Source

Victim: Morocco’s National Social Security Fund (CNSS)

About

The National Social Security Fund (CNSS) was created by the Dahir to manage social security schemes for all employees in the private sector and self-employed individuals. It covers areas like healthcare, disability, and retirement benefits.

 

Industry

Public Sector

 

What happened?

A cybercriminal that went by the name Jabaroot announced publishing sensitive data on a data breach forum on the dark web exposing the personal data of thousands of companies and millions of employees. According to the cybercriminal, the attack is a politically motivated retaliation against Morocco for compromising the social media account of the Algerian Press Service on X (formerly Twitter).   

 

Impact

The data breach has exposed over 53000 PDF files and 2 CSV files with personal information, including personal identification numbers and salary details of around 5,00,000 companies and 2 million employees.

Source

Victim: MTN Group

About

MTN Group is one of South Africa’s largest MNC and mobile network operators, operating in more than 20 countries. About a third of its revenue is generated in Nigeria. It provides voice, data, digital, fintech, enterprise, and wholesale services to over 291 million customers across 16 markets.

 

Industry

Telecom

 

What happened?

In a media release dated 28th April 2025, MTN revealed that it experienced a cybersecurity incident. Through an initial investigation, the company has found that a cybercriminal gained unauthorized access to the sensitive personal data of its customers.

 

Impact

The full extent of the cybersecurity incident is under investigation. An initial investigation found that the cybercriminal stole the personal information of around 5700 MTN Ghana customers.

Source

Victim: NASCAR

About

NASCAR or National Association for Stock Car Auto Racing is the United States’ largest motorsports organization known for stock racing. It is based in Daytona, Florida sanctioning over 1500 races across 48 states of the US and countries including Canada, Brazil, Mexico, and Netherlands.

 

Industry

Auto racing

 

What happened?

On April 8th, 2025, the Medusa ransomware gang claimed responsibility of stealing and listing 1TB of NASCAR’s data on its data leak site. The gang has demanded a ransom of $4 million for not publishing the sensitive information.

 

Impact

The 1TB of data stolen includes names, email addresses, sponsorship agreements, invoices, legal documents, detailed racetrack maps and phone numbers.

Source

Data Breaches in March 2025

Victim: The College Hospital Costa Mesa

About

It is a California-based facility that specializes in psychiatric and medical/surgical services. It also offers outpatient telehealth and partial hospitalization

 

Industry

Healthcare

 

What happened?

The College Hospital Costa Mesa published a data breach notification on March 10 2025 saying that the sensitive customer data was accessed by a hacker by bypassing the cyber defenses on CHCM’s network between August and September 2024.

 

Impact

The data breach has compromised the sensitive information of its consumers, including Social Security Numbers.

Source

Victim: Reading Cooperative Bank

About

Reading Cooperative Bank is an 1886-based old banking cooperative. It offers financial services and products to some of the biggest businesses in Massachusetts and has 11 branching locations.

 

Industry

Banking

 

What happened?

Reading Cooperative Bank, based on a detailed investigation found that a hacker had gained access to its systems through phishing.

 

Impact

The data breach has compromised the sensitive personal information of the bank’s customers, including their names, driver’s licenses, financial account information, and medical records.

Source

Victim: Oracle Cloud

About

Oracle Corporation is one of the largest software companies in the world, reputed for its cloud computing software and ERP solutions.

 

Industry

Cloud Computing

 

What happened?

A hacker named rose87168 has claimed to have stolen around 6 million records from Oracle Cloud’s SSO login servers.

The hacker posted a sample database on 20th March on a data breach forum containing LDAP information along with a list of companies whose data was compromised. The company has denied the occurrence of any data breach.

 

Impact

As per many cyber experts, the threat actor’s post on the dark web includes encrypted SSO passwords, JKS files, and JPS keys.

Source

Victim: Substitute Teacher Service

About

The company provides substitute teachers to more than 80 school districts across Pennsylvania.

 

Industry

Staffing services

 

What happened?

STS filed a data breach notice on 14 March. A hacker had unauthorized access to sensitive consumer personal information.

 

Impact

The data breach exposed the sensitive personal information of 5,00,000 teachers and other employees.

Source

Victim: Heart to Heart Hospice

About

Heart to Heart Hospice is a hospice care provider that offers services to patients in Oklahoma, Michigan, Texas, and Indiana. The agency offers personalized care plans and services that cater to emotional & spiritual support and pain symptom management.

 

Industry

Healthcare

 

What happened?

On March 18, 2025, Heart to Heart Hospice Holdings LLC was notified about a data breach that impacted its IT systems. Upon discovering the cybersecurity incident, the organization quickly launched an investigation in collaboration with third-party cybersecurity experts.

 

Impact

The data breach compromised the personal data of Heart-to-Heart Hospice’s patients, including their name, address, Social Security Number, health insurance information, and medical treatment information.

Source

Victim: Samsung Germany

About

Samsung is a South Korea based multinational corporation that manufactures smartphones, tablets, and other electronic devices. Apart from electronics, it also operates in other sectors, including engineering, insurance, and shipbuilding.

 

Industry

Electronics

 

What happened?

GHNA, a threat actor, stole and published personal information of Samsung Germany’s customers by gaining unauthorized access to Samsung Germany’s ticketing systems by stealing access credentials of a third-party service provider Spectos GmbH.

 

Impact

The data breach has compromised the personal information of 2,70,000 customers including names, email addresses, tracking URLs, transaction information, order numbers, support interactions, and addresses.

 

Source

Victim: Yale New Heaven

About

Yale New Haven Health is a network of hospitals affiliated with Yale University. It provides integrated patient-centered care in 100+ specialties across 5 hospitals in the United States.

 

Industry

Healthcare

 

What happened?

Yale New Haven Health detected unusual activity on its IT systems. Upon a thorough investigation, it was found that a cybercriminal had gained unauthorized access to its network.

 

Impact

Cybercriminals stole sensitive personal data of over 5.6 million people including name, address, email address, Social Security Number, patient type, and medical record number.

Source

Data Breaches in February 2025

Victim: Raymond

About

Raymond is a Mumbai-based textile company that manufactures fabric and sells branded apparel. It has over 1300+ retail outlets and textile mills with over 8k crore market presence.

 

Industry

Textile

 

What happened?

Raymond confirmed that a data breach affected some of its IT infrastructure on 19th February 2025. The company activated its incident response protocols as soon as it was alerted of the attack, taking swift actions for containment of the attack and remediation of affected systems. 

 

Impact

  • There is an ongoing investigation by cybersecurity experts, including the Computer Emergency Response Team, to assess the attack’s impact.  
  • There is a growing concern about whether the attack will impact its operations, with stakeholders raising their doubts on how the company will process operational delays since it is the wake of summer when there is peak demand for their summer collection.
Source

Victim: Cocospy and Spyic

About

Cocospy and Spyic are leading mobile tracking application companies that let their users monitor the location, calls, texts, and other activity on the mobile phones of the people they intend to monitor. They are advertised as parental monitoring software for Android and Apple users, but their applications are used mainly for spying purposes.

 

Industry

Monitoring and surveillance

 

What happened?

A data breach on 14th February 2025 exposed the personal data of Cocospy and Spyic customers. The cybercriminals exploited unpatched security vulnerabilities in their server to gain unauthorized access to access to all the stored information of users.

 

Impact

  • The data breach has exposed the personal data of all the customers of both Cocospy and Spyic.
  • Almost 50% of all the data exposed was from previous data breaches.
  • The data exposed includes 1.8 million email addresses of Cocospy customers, 876,000 email addresses from Spyic customers, and other personal data, including stored messages, photos, and call logs.
  • Due to the covert nature of the applications, the victims are unaware of the exposure of their data.
  •  The data breach has made it challenging for both companies to secure their reputation since they are already facing ethical and legal allegations for their applications’ nature.
Source

Victim: Anne Arundel County

About

Anne Arundel County, Annapolis, Maryland, offers public services to the residents of the county, from payment of utility bills and curbside waste collection to health and wellness services.

 

Industry

Public sector

 

What happened?

A ransomware group named INC attacked Anne Arundel County, causing a major disruption in public services. The organization detected the attack on 22nd February. Since the attack, the county residents have faced challenges in their day-to-day lives.

 

Impact

  • The attack primarily affected the organization’s computer-aided dispatch systems, leading to the closure of country buildings for service.
  • It caused massive disruption in its services, exposing several terabytes of data with the attackers leaking the data on a dark web blog.
  • The full impact of the attack is under investigation by the CISA and FBI.
Source

Victim: Genea

About

Genea is an Australian IVF services provider. For the last 39 years, the company has been providing a range of health services, including fertility treatments, fertility tests, genetic tests, preserving facilities, and donations. It has multiple clinics across Australia, from South Sydney to Manly.

 

Industry

Healthcare/IVF

 

What happened?

Termite ransomware group breached Genea’s defenses to gain access to their data, including sensitive personal and health information.

 

Impact

  • The hackers breached their primary file server, their backup program, and their patient management system called BabySentry, exfiltrating over 940 GB of data sent back to a Digital Ocean server.
  • The data exfiltrated includes personal data containing names, addresses, and patient health information.
  • The attackers published 700 GB of sensitive patient data on a forum on the dark web.
Source

Victim: Grubhub

About

Grubhub is one of the biggest platforms known for food ordering and delivery services with more than 3,75,000 merchants across 4000+ cities across the United States.

 

Industry

Food ordering and delivery services

 

What happened?

On 3rd February, a hacker gained access to the contact information of customers. The attacker gained initial access by targeting an account of Grubhub’s third-party support services provider.

 

Impact

The data breach has compromised the sensitive information of its users, including drivers, diners at campuses, and merchants. The data compromised includes names, addresses, phone numbers, and email addresses.

Source

Victim: Semyonishna

About

Semyonishna is the largest dairy plant in the Russian republic of Khakassia. It is known for its dairy products, including milk, yogurt, cheese, butter, and sour cream.

 

Industry

Dairy

 

What happened?

The Siberia’s largest dairy processing plant was targeted by a ransomware group that used LockBit to cause massive disruption to its operations. The attackers targeted the company for providing humanitarian aid to Russian soldiers in Ukraine.

 

Impact

The attack caused a massive disruption in the plant’s operation. It affected the labeling mechanism to ensure product safety.

Source

Victim: Angel One

About

Angel One, one of India’s biggest stockbroker firms, was established in 1996. It is one of the leading broking houses in the country, known for its financial services platform, which offers a range of services, including online trading, investing advisory margin trading, and algorithm trading.

 

Industry

Financial services

 

What happened?

On 27th February Angel One discovered a data breach when its cybersecurity partner alerted about leakage of its data on multiple data breach forums on the dark web. Later it found out that its AWS resources were breached.

 

Impact

The data breach compromised the personal information of around 8 million of its users, causing a 10% drop in its share price in February, a 52-week low.

Source

Data Breaches in January 2025

Victim: PowerSchool

About

PowerSchool is a popular cloud-based software provider in North America that serves educators in more than 90 countries. Their software tool is used by thousands of schools in the US for managing student information, attendance, and correspondence with parents.

 

Industry

Technology

 

Financial Loss

Unkown

 

What happened?

A group of cybercriminals hacked into their customer support portal using compromised credentials that gave them access to all the information.

 

Impact

  • Data of over 45 million students and parents compromised, affecting more than a thousand schools across the United States.
  • The affected include Dothan City School and several Connecticut school districts.
  • Hackers stole information, including social security numbers and student health-specific information. The complete impact of the data breach is yet to be assessed.
Source

Victim: Cariad

About

Cariad is a technology company that builds leading technology and software stack for Volkswagen Group, including cloud platforms and vehicle OS. They are a subsidiary of Volkswagen Group and is one of the largest groups in the world. Apart from Volkswagen, it also makes unified software platforms for brands like Audi, Porche, Lamborghini, and Bentley.

 

Industry

Technology (automotive software)

 

Financial Loss

Unkown

 

What happened?

Chaos Computer Club (CCC), Europe’s largest ethical hackers’ group, made Cariad aware of the incident where a developer had accidentally left terabytes of customer details on the Amazon cloud storage that could allow its access to anyone with little technical knowledge. CCC discovered the insecure access through the information given by a whistleblower from the company.

 

Impact

  • The data breach incident exposed data of 8,00,000 internet-facing cars, out of which, over 30 cars were part of the Hamburg police.
  • The exposed data comprises customer details of Seat, Skoda, and Volkswagen from the UK, Sweden, France, Denmark, France, and Belgium.
Source

Victim: New York Blood Center

About

NYBC (New York Blood Center), is an independent blood collection and distribution organization. It collects over 4000 blood products daily, serving over 75,00,000 people across 500 hospitals in the United States.

 

Industry

Healthcare services (blood collection and distribution services)

 

What happened?

On 26th January, NYBC detected suspicious activity on their IT systems. After some investigation by cybersecurity experts, it was found that they had suffered a ransomware attack. The attacker and the data stolen are unknown.

 

Impact

  • The ransomware attack disrupted the organization’s operations, with many blood donations rescheduled.  
  • It had a significant impact on the number of donations since it happened just a few days after the NYBC announced a blood emergency with a 30% drop in donations.
  • The attack is under investigation, and the data stolen is unknown.
  • The attackers would likely have stolen patient personal and healthcare information.
Source

Victim: Frederick Health

About

Frederick Health is a healthcare system that provides services like cancer care, home care, woman care, and critical care. It operates across 25 locations in the United States with a massive network of patients and healthcare experts.

 

Industry

Healthcare

 

What happened?

The hospital system announced that it suffered a ransomware attack on 27th January 2025 that caused massive disruption in its services.

 

Impact

  • Frederick Health was targeted by a ransomware attack that caused many of its systems to go offline, resulting in massive disruption of its services.
  • The hospital had to divert its ambulances to other emergency departments.
  • There was a significant delay in services.
  • As per the hospital’s alert tracking stem, the attack created a mini disaster-like situation like a power outage, bomb threat, or gas leak.
Source

Victim: ICICI bank

About

The ICICI Bank is one of India’s most trusted banks with over 6613 branches offering banking and financial services in over 11 countries. It is among the oldest banks in the country known for its online banking services like instant loans, insurance, and investments.

 

Industry

Banking services

 

What happened?

The bank was targeted by the BASHE group, also known as APT73 and Eraleig. The group has claimed to have stolen massive amounts of data and had given the bank the deadline of 24th January to come up with ransom. The bank has neither acknowledged nor officially made a statement regarding the cyber attack.

 

Impact

The stolen data includes personally identifiable information and banking information including bank account details, dates of birth, full names, credit card numbers, phone numbers, emails, full names, and home addresses. The ransomware group hasn’t specified the exact volume of data stolen.

Source

Victim: Community Health Center

About

Community Health Center is a Connecticut based nonprofit primary and preventive healthcare services provider to all the residents of the state. It provides a rage of medical, dental, and behavioral healthcare services.

 

Industry

Healthcare

 

What happened?

The healthcare services provider detected unauthorized activity in computer systems in January 2025. After a thorough investigation, it was found that a cybercriminal had unauthorized access to its systems and had exfiltrated data of over 1 million people. The organization, with the help of cybersecurity experts, has stopped the hacker’s access and has notified all the law enforcement and affected parties.

 

Impact

  • The cyber attack caused a compromise of its computer systems, with cybercriminals having exfiltrated the data of 1,060,936 patients, including their guardians and parents.
  • It is the largest healthcare breach recorded in 2025 so far.
  • The data breach exposed sensitive information including names, addresses, phone numbers, dates of birth, and social security numbers.
Source

Victim: Tata Technologies

About

Tata Technologies is a 36-year-old engineering and digital solutions provider to manufacturing and other industries based in India. It operates in 27 countries worldwide.

 

Industry

IT services

 

What happened?

The Hunters International ransomware group targeted Tata Technologies in January, stealing over 730000 files from their server. The group has demanded, threatening to publish all their sensitive data.  

 

Impact

The attack caused the exposure of over 1.4 TB of data causing a temporary disruption in their IT services and some parts of their IT systems.

Source

Get in Touch With us

Complete Visibility, Continuous Monitoring & Advanced Threat Protection with AI-backed Incident Remediation.

LEARN MORE