Wolf Haldenstein Adler Freeman & Herz
January 10, 2025
•[ leak ]
Wolf Haldenstein Adler Freeman & Herz LLP ("Wolf Haldenstein") a U.S. Law Firm, reports it has suffered a data breach that exposed the personal information of nearly 3.5 million individuals to threat actors.
Slovakian Geodesy, Cartography and Cadastre Office (UGKK)
January 10, 2025
•[ ransomware, malware, government ]
A cyber attack targets the Slovakian Geodesy, Cartography and Cadastre Office (UGKK), which manages land and property data. The agencys systems are shut down, and its physical offices closed following an alleged ransomware attack. According to local media reports, the attackers are demanding millions of euros in ransom.
Swiss Federal Administration
January 10, 2025
•[ hack, government ]
Beeintrchtigt gewesen sind unter anderem die Telefonie, Outlook sowie verschiedene Webseiten und Fachanwendungen des Bundes. Daten seien keine abgeflossen, hiess es vom Bund.
Centre des technologies de l’information de l’État' (CTIE)
January 10, 2025
•[ hack, ddos, government ]
Mehrere von der Regierung betriebene und vom Centre des technologies de linformation de ltat (CTIE) gehostete Internetseiten waren am Freitag zwischen 13:05 und 14:55 Uhr nicht erreichbar. Ursache dafr war eine DDOS-Attacke, die zahlreiche Webseiten lahmlegte, darunter men.public.lu und 112.public.lu. Das besttigte eine Sprecherin des CTIE gegenber dem Tageblatt. Der Angriff habe kurz nach 13 Uhr...
Lifebridge Health
January 10, 2025
•[ hack, phishing, healthcare ]
LifeBridge Health sent letters to patients and families about an email phishing incident that was discovered on Nov. 12.
Crimean Telecom Operators
January 10, 2025
•[ hack, ddos, technology ]
A massive DDoS attack is targeting major fixed-line and mobile network operators in Crimea, according to the Ministry of Internal Policy, Information and Communications... RIA Novosti, January 11, 2025
UFCW Local 7 (United Food & Commercial Workers)
January 10, 2025
•[ data leak ]
On December 10, 2024, an unauthorized actor accessed and copied data from UFCW Local 7s network, compromising the personal information of approximately 55,747 union members. Data was later reported on dark web leak sites. No encryption was used, and no perpetrator has been identified.
Baylor Scott & White Texas Spine & Joint Hospital
January 10, 2025
•[ Email Compromise, Data Leak, Unauthorized Access ]
Unauthorized access to O365 mailbox exposed patient demographic and treatment information.
UK Foreign, Commonwealth and Development Office (FCDO)
January 10, 2025
•[ data leak, unauthorized access, government ]
UK authorities investigated a cyber intrusion into the Foreign, Commonwealth and Development Office (FCDO) that was reportedly discovered during routine monitoring in October 2025. According to officials briefed on the matter, attackers accessed a segment of the foreign offices IT environment used for policy coordination and diplomatic communications and obtained sensitive but non-classified material. The reported accessed information included internal correspondence, briefing papers, and contact details related to overseas missions, while systems handling classified intelligence were described as segregated and unaffected. The incident prompted containment actions, server isolation, and a wider government security review led with support from the National Cyber Security Centre.
Bangladesh e-Apostille service (MyGov) - impersonated portal
January 10, 2025
•[ phishing, data leak, identity theft ]
A fraudulent website mimicking Bangladeshs official e-apostille platform exposed sensitive personal documents belonging to more than 1,100 citizens. The fake portal generated fabricated apostille certificates with QR codes that redirected users to a sequentially ordered database where changing digits in the URL revealed other applicants scanned records, a weakness consistent with insecure direct object reference (IDOR). Leaked materials reportedly included national ID cards, passports, academic and marriage certificates, trade licences, business agreements, and other private records that could enable identity theft and targeted fraud. Officials indicated the fraud operation appeared to have been active since October 2025.
Louisiana Office of Student Financial Assistance (LOFSA)
January 10, 2025
•[ data leak ]
The Louisiana Office of Student Financial Assistance (LOSFA) sent letters to students warning of a data security incident involving their information, according to reporting summarized by DataBreaches.net. The letter dated December 5, 2025 stated the agency was investigating an incident affecting LOSFA systems and that an unauthorized party accessed or removed certain files. The letter indicated the affected files contained student names and Social Security numbers, while stating the START Saving Program and 529 savings accounts were not involved.
Centre des technologies de l’information de l’État' (CTIE)
January 10, 2025
•[ DDoS attack, service outage, government websites ]
Mehrere von der Regierung betriebene und vom Centre des technologies de linformation de ltat (CTIE) gehostete Internetseiten waren am Freitag zwischen 13:05 und 14:55 Uhr nicht erreichbar. Ursache dafr war eine DDOS-Attacke, die zahlreiche Webseiten lahmlegte, darunter men.public.lu und 112.public.lu. Das besttigte eine Sprecherin des CTIE gegenber dem Tageblatt. Der Angriff habe kurz nach 13 Uhr...
Telefónica
January 10, 2025
•[ ticketing system breach, data leak, hacking forum ]
Spanish telecommunications company Telefonica confirms an internal ticketing system was breached after stolen data is leaked on a hacking forum.
Syracuse Police Department, N.Y.
January 10, 2025
•[ unauthorized access, social security numbers, personal information ]
Syracuse Police Department detected a security incident on Jan. 11, 2025, shut down its computer system to prevent spread, and later determined that certain digital files were accessed or acquired without authorization between Jan. 10 and Jan. 12; notifications were sent in 2026 to people whose personal information, including Social Security numbers, may have been compromised.
GroupGreeting[.]com
January 9, 2025
•[ hack, technology ]
Researchers at Malwarebytes discover zqxq, a widespread cyberattack that compromised GroupGreeting[.]com, a popular platform used by major enterprises to send digital greeting cards.
Individual in Linz, Austria
January 9, 2025
•[ financial, phishing ]
Vor neuerlichen Phishing-Attacken ber sogenannte Wiederverkaufsplattformen im Internet warnt die Arbeiterkammer Obersterreich (AK O). Einer Linzerin waren ber einen Trick ihre Kontodaten herausgelockt und rund 8.000 Euro abgebucht worden, ehe sie den Betrug bemerkte.
Columbia Eye Clinic
January 9, 2025
•[ data leak ]
Clinic confirmed January 913 network access to files with patient information.
Byzfunder NY LLC
January 9, 2025
•[ data leak, unauthorized access ]
Byzfunder reported a security incident involving a cloud software solution. An unauthorized third party may have accessed or acquired certain files during the period 09/01/202509/20/2025, with the incident becoming known to the company on 09/19/2025. The company later reported the incident to the Maine Attorney General and began notifying affected individuals.
Fyzical Acquisition Holdings LLC
January 9, 2025
•[ unauthorized access, email compromise ]
Unauthorized access to FYZICALs email environment was detected on December 9 2024 triggering an investigation that concluded in November 2025 Breach notifications were issued to affected individuals and state authorities in December 2025
Scholastic
January 8, 2025
•[ hack, education ]
In January 2025, a data breach of the publishing company Scholastic surfaced. The breach contained 4.2M unique email addresses with many of the records also including name, phone number and physical address.
