Full List

Search

Recent Breaches

• MPOWERHealth June 29, 2025 • [ ransomware, leak, hack ] WorldLeaks, a criminal ransomware group, claimed responsibility for a June 29, 2025 cyberattack on MPOWERHealth in Addison, Texas. The attackers exfiltrated roughly 1.5 TB of data (over 1.6 million files), including PHI, insurance claims, internal documents, login credentials, and cyber-insurance records. While negotiations began, the company ceased responding, after which WorldLeaks leaked the stolen files. Reports indicate data theft and exposure but no confirmed operational outage.
• TheSqua.re June 27, 2025 In June 2025, 107k unique customer email addresses were allegedly obtained from TheSqua.re, the "easiest way to find your next serviced apartment". The data also included names, phone numbers and cities which were subsequently posted to a popular hacking forum. TheSqua.re did not respond to repeated attempts to disclose the incident, however multiple impacted HIBP subscribers confirmed the legitimacy and accuracy of the data.
• Somerset County Children & Youth Services June 26, 2025 • [ hack, healthcare ] Email accounts of Somerset County CYS were breached during a fourday period; exposed data includes Social Security and insurance IDs, medical dates, condition/treatment info, sometimes paternity testing info; no confirmed misuse yet; County working with forensics, notifying affected, improving email security and staff training.
• Carter Credit Union June 25, 2025 • [ hack, finance ] A cybercriminal infiltrated Carter Credit Unions network between June 25 and July 2, 2025, accessing files containing personal and medical information of approximately 68,934 individuals. Investigations are ongoing, notifications have been sent, and affected members were offered credit monitoring services. Law firms are reviewing legal claims.
• Union Home Mortgage Corp. June 25, 2025 • [ hack, finance ] Union Home Mortgage Corp. experienced unauthorized access to internal servers, exposing personal and identification data of roughly 24,000 customers. No encryption or ransomware activity was reported.
• Operation Endgame 2.0 June 23, 2025 • [ ransomware, malware, government ] In May 2025, a coalition of law enforcement agencies took down the criminal infrastructure behind the malware used to launch ransomware attacks in a new phase of "Operation Endgame". This followed the first Operation Endgame exercise a year earlier, with the latest action resulting in 15.3M victim email addresses being provided to HIBP by law enforcement. A further 43.8M victim passwords were also provided for HIBP's Pwned Passwords service.
• Netstar June 23, 2025 • [ leak, ransomware ] Data details undisclosed publicly; breach confirmed as involving data leak following refusal to pay ransom.
• MaReads June 22, 2025 In June 2025, MaReads, the website for readers and writers of Thai-language fiction and comics suffered a data breach that exposed 74k records. The breach included usernames, email addresses, phone numbers and dates of birth. MaReads is aware of the breach.
• Data Troll Stealer Logs June 20, 2025 In June 2025, headlines erupted over a "16 billion password" breach. In reality, the dataset was a compilation of publicly accessible stealer logs, mostly repurposed from older leaks, with only a small portion of genuinely new material. HIBP received 2.7B rows containing 109M unique email addresses, which was subsequently added to the service under the name "Data Troll". The websites the stealer logs were captured against are searchable via the HIBP dashboard.
• Vietnam Airlines June 20, 2025 • [ hack, leak, technology ] In October 2025, data stolen from the Salesforce instances of multiple companies by a hacking group calling itself "Scattered LAPSUS$ Hunters" was publicly released. Among the affected organisations was Vietnam Airlines, which had 7.5M unique customer email addresses exposed following a breach of its Salesforce environment in June of that year. The compromised data also included names, phone numbers, dates of birth, and loyalty program membership numbers.
• Viva Health Insurance June 14, 2025 • [ leak, misconfiguration, healthcare ] Viva Health, an Alabama-based health insurance company headquartered in Birmingham, experienced exposure of a web-accessible file from June 14 to August 27, 2025. The file contained limited PHI for about 4,945 members and was removed upon discovery. No misuse or encryption was reported.
• Sree Padmanabhaswamy Temple June 13, 2025 • [ hack, insider, financial ] On June 13, 2025, the Sree Padmanabhaswamy Temples computer system in Kerala, India, was hacked, suspected to involve a former IT staff member retaining access after transfer. Critical operational and financial records were accessed and tampered with, though no encryption or ransomware-style disruption was reported. The breach was discovered by temple officials and reported to police, with a forensic probe launched.
• Unnamed hotels in Brazil June 13, 2025 • [ phishing, financial, malware ] TA558 used LLM-generated JS/PowerShell loaders in phishing emails (Portuguese/Spanish) to deploy Venom RAT against hotels (Brazil/Spanish-speaking markets), aiming to siphon guest credit-card data from hotel systems/OTAs; observed in summer 2025, with no named victims or outages.
• Manassas Park City Schools June 12, 2025 • [ ransomware, malware, education ] The MPCS network was infiltrated and encrypted via ransomware around June 12, 2025; data may have been accessed including full names paired with SSNs, passport numbers, or financial account details. No group has claimed responsibility. Investigation ongoing and FBI notified.
• Kering June 12, 2025 • [ hack, leak, retail ] Kering confirms June 2025 intrusion affecting multiple brands; ShinyHunters claims Salesforce-based exfiltration (43M+ Gucci, ~13M others); media verified samples and 7.4M unique emails; Kering says no financial/ID data; denies negotiations, which DataBreaches disputes with chat logs and a BTC micro-payment.
• Sturgis Hospital June 12, 2025 • [ hack, healthcare ] Sturgis Hospital confirmed a second unauthorized network access event discovered in June 2025 while investigating an earlier breach. The incident involved potential access to protected health information. No ransomware or disruption to hospital operations was reported.
• Phil Smith Automotive Group June 10, 2025 • [ hack, retail ] Unauthorized access to Phil Smith Automotive Group systems resulted in exfiltration of personal data. Approximately 12,274 individuals were affected. No encryption occurred; breach notices were mailed July 31, 2025.
• Operation PAR, Inc. June 10, 2025 • [ ransomware, leak, healthcare ] On June 10, 2025, Operation PAR, Inc., a Florida nonprofit providing addiction and mental health services, was hit by the Worldleaks ransomware group. The attacker exfiltrated around 485 GB of datanearly 900,000 files containing sensitive PII and PHIand later posted it on a dark-web leak site. No encryption or service disruption was confirmed.
• Precision Endodontics of Raleigh June 10, 2025 • [ hack, healthcare ] Precision Endodontics discovered unauthorized access to an email account on June 10, 2025. The breach exposed patient names and email addresses, and for some individuals, patient portal usernames and passwords. No misuse has been identified. The incident was reported to HHS-OTCR on August 5 and security improvements have been implemented.
• Catwatchful June 9, 2025 • [ espionage, sqlinjection, technology ] In June 2025, spyware maker Catwatchful suffered a data breach that exposed over 60k customer records. The breach was due to a SQL injection vulnerability that enabled email addresses and plain text passwords to be extracted from the system.