Full List

Search

Recent Breaches

• Gregory & Appel Insurance February 5, 2025 • [ phishing ] Insurance firm reported unauthorized access linked to suspicious email purporting to be the Cfo.
• Hewlett Packard Enterprise February 5, 2025 • [ data leak ] HPE filed notice with MA AG after a cybersecurity incident allowed access to consumer data; notification letters sent Feb 5, 2025.
• Ntt Communications Corporation February 5, 2025 • [ data leak ] Data exfiltration impacted thousands of corporate customers at ntt communications.
• Professional Finance Company February 5, 2025 • [ ransomware, data leak ] A ransomware attack detected February 5 2025 disrupted Professional Finance Companys billing and collection systems and resulted in confirmed theft of patient financial and medical data for roughly 125,000 individuals. The firm disclosed the incident publicly in April 2025 and reported it to HHS as both a ransomware and data-exfiltration event.
• SimonMed Imaging February 5, 2025 • [ ransomware, data leak, healthcare ] Medusa claimed theft of 212GB of data impacting 1.2M patients after JanuaryFebruary attack window.
• Jefferson School District 251 February 4, 2025 • [ ransomware, data leak ] Ransomware was discovered on Jefferson School Districts computer systems in early February 2025, leading to the cancellation of classes across all 11 schools in the district while networks were rebuilt. About 5,000 student devices were affected, and the FBI and third-party forensic teams were engaged. No evidence of student data theft or exfiltration has been reported.
• 163.com Users February 4, 2025 • [ phishing, espionage ] The Taiwanese-linked espionage group GreenSpot APT (aka PoisonVine / APT-Q-20) created spoofed 163.com domains and fake download pages to harvest email credentials from users in mainland China, Hong Kong, and Taiwan. Hunt.io attributed the campaigns infrastructure to Taiwan but no government department link has been identified.
• Water Treatment Plant at Tolmicko February 4, 2025 • [ unauthorized access, industrial control systems, critical infrastructure ] CyberDefence24 reported that a pro-Russian Telegram group posted videos between Jan 2830, 2025 showing unauthorized access to interfaces for three Polish water treatment plants (SUW) in Tolkmicko, Madyty, and Sierakowo. The recordings showed attackers setting multiple parameters to maximum values, disabling selected device functions, and changing device PINs (including 1488). The article stated none of the plants reported problems at the time and noted the activity appeared propaganda-oriented, with no confirmed impact on critical infrastructure operations.
• Ionic Money February 3, 2025 • [ DeFi exploit, impersonation, protocol manipulation ] On February 3 2025, attackers exploited Ionic Money on the Mode Network by impersonating members of Lombard Finance and convincing the project to list a fake token (LBTC). They minted counterfeit collateral, borrowed legitimate assets, and drained about $8.6 million in funds, later laundering part of it through Tornado Cash. The incident was a decentralized finance exploit involving protocol manipulation, with no system encryption or service disruption.
• Lee Enterprises February 3, 2025 • [ ransomware, data leak ] On February 3, 2025, Lee Enterprises suffered a ransomware attack that encrypted multiple critical applications and exfiltrated files. The Qilin group claimed responsibility, asserting theft of about 350 GB of data. The incident caused partial but significant disruption of operations for roughly one week, affecting printing, billing, and vendor systems. Approximately 39,779 individuals had personal information compromised.
• News.bg and other Bulgarian media outlets February 2, 2025 • [ denial of service, hacktivism ] Massive SSL-based distributed denial-of-service (DDoS) attacks targeted News.bg and several other Bulgarian media websites beginning on February 2, 2025. The attacks, described as large-scale and difficult to trace, disrupted access for several days until at least February 6, 2025. Mitigation involved blocking international traffic. Attribution remains undetermined; motive appears protest-related.
• University of The Bahamas February 2, 2025 • [ ransomware ] The University of The Bahamas suffered a ransomware attack starting on 2025-02-02 that disrupted online systems including email, telephone, and academic platforms while in-person classes persisted. The school serves ~5,000 students across three campuses.
• Rubrik February 2, 2025 • [ data leak ] Rubrik disclosed on February 2, 2025, that an unauthorized actor accessed a log server containing telemetry data. The company rotated all authentication keys, confirmed no customer data or source code was affected, and reported the incident to authorities.
• Baltimore Archdiocese (via Stinson LLP & BRG) February 1, 2025 • [ leak, finance ] Protected survivor data exposed from law firm (Stinson LLP) and financial advisor (BRG) systems supporting Archdiocese bankruptcy cases
• Rainbow District School Board February 1, 2025 • [ data leak ] School Board Reported Data Access During Incident; Services Restored And Data Allegedly Deleted.
• Valsoft Corporation February 1, 2025 • [ data leak ] Valsoft disclosed a February 2025 breach where attackers accessed company files for several days; personal information for over 160,000 people was compromised.
• Pacific Rehabilitation Centers February 1, 2025 • [ ransomware ] Organization reported ransomware on an employee computer; restoration and notifications followed.
• Opexus February 1, 2025 • [ insider threat, data leak, sabotage ] Insider compromise at Opexus by two employees previously convicted of hacking led to improper access, and the compromise/deletion of dozens of databases (including IRS and GSA data sets), triggering outages in two key software systems used by federal agencies; terminations followed and investigations cite a major lapse in security controls.
• Undisclosed Canadian Telecommunications Company February 1, 2025 • [ data leak, vulnerability ] Three network devices at a Canadian telecom were compromised in mid-Feb 2025 via Cisco IOS XE CVE-2023-20198; attackers retrieved configs and set up a GRE tunnel to collect network traffic; disclosed by Canadas Cyber Centre in June 2025.
• Oil and gas facility control panels in the U.S. January 31, 2025 • [ hack, energy ] Researchers at Cyble identify Sector 16, a new pro-Russian hacktivist group targeting into oil and gas facility control panels in the U.S.