Full List

Search

Recent Breaches

• Jamnagar cyber-fraud case (farmers targeted) January 1, 2025 • [ fraud, malware ] Two men arrested by Jamnagar cybercrime police for siphoning 6.4 lakh INR through a fraudulent mobile app scam targeting farmers phones in Gujarat
• Ribbon Communications Inc. January 1, 2025 • [ data leak, unauthorized access ] U.S. telecom backbone provider Ribbon Communications reported that a nation-state actor infiltrated its environment around Jan 2025, maintaining persistence until discovery in Sept 2025; investigation confirmed unauthorized access to two employee laptops containing limited customer files; no material network breach or data destruction confirmed.
• Italian Political Consultant, Francesco Nicodemo January 1, 2025 • [ spyware, government surveillance, targeted attack ] Italian political consultant Francesco Nicodemo, who has worked with centre-left politicians, revealed in November 2025 that he was notified by WhatsApp in January that his phone had been targeted with Paragon spyware. His case broadens an existing spyware scandal in Italy that has already affected journalists, activists and business leaders. Parliamentary committee COPASIR has acknowledged that Italian intelligence agencies used Paragon in some cases, but it is unclear who ordered surveillance on Nicodemo or whether his device was successfully infected, prompting calls from experts for greater transparency from both the government and the spyware vendor.
• Kaikatsu Frontier Inc., January 1, 2025 • [ data leak, hacked ] Japanese reporting stated authorities issued an arrest warrant for a 17-year-old high school student suspected of conducting a cyberattack against Kaikatsu Frontier Inc. linked to an incident in January 2025. The suspect allegedly used an AI-generated program to send unauthorized commands to the companys server millions of times in an attempt to extract personal data. The company reported that personal data for roughly 7.3 million customers may have been leaked as a result of the breach. The reporting did not specify the exact data elements exposed or confirm misuse beyond the potential leak.
• Middlesex Sheriff's Office January 1, 2025 • [ data breach, protected health information, HIPAA ] The Middlesex Sheriffs Office reported that a security breach occurred in January 2025 and that a comprehensive investigation (with state/federal law enforcement and private cybersecurity vendors) determined on November 19, 2025 that the incident involved unauthorized access to protected health information. The exposed PHI may have included names, home addresses, dates of birth, diagnoses, and other general health information related to individuals who may have received medical care through the Sheriffs Office. Public reporting indicated the breach represented a HIPAA-related incident; the organization did not specify the number of affected individuals in the public notice and did not disclose the initial access vector or whether any data was exfiltrated beyond unauthorized viewing/access.
• Jupiter Medical Center (via third party health records vendor) January 1, 2025 • [ data breach, healthcare, third party risk ] Jupiter Medical Center issued a warning/notice describing a data breach tied to a data security incident dating back to January 2025. The report indicates the healthcare organization investigated the incident and proceeded with notification and remediation steps in 2026. Because the accessible source context here does not provide a clear affected-individual count or a detailed breakdown of data elements, the customer-data fields are coded as undetermined.
• EyeCare Partners January 1, 2025 • [ email compromise, unauthorized access, data breach ] EyeCare Partners disclosed that an unauthorized third party accessed certain ECP-managed email accounts between December 3, 2024 and January 28, 2025. The accessed files may have contained personal identifiers and limited health-related information, including addresses, dates of birth, Social Security numbers, drivers license numbers, health plan information, and limited clinical information; the notice emphasized that full medical records and detailed clinical information were not impacted. The organization reported the incident to Massachusetts regulators on February 4, 2026 and began outreach and remediation steps consistent with an email-system compromise.
• At least one undisclosed organization in Bangladesh January 1, 2025 • [ cyber-espionage, typosquatting, Havoc C2 ] Industrial Cyber summarized Arctic Wolf Labs findings that SloppyLemming conducted an extensive cyber-espionage campaign from January 2025 through January 2026 targeting government entities and critical infrastructure operators in Pakistan and Bangladesh. The report notes recurring tradecraft such as typosquatted government-themed infrastructure, Cloudflare Workers use, Havoc C2, and DLL sideloading, and names several targeted entities across defense, telecom, energy, and nuclear regulation. This is campaign-level reporting with multiple targets rather than a single incident record.
• Duo Info January 1, 2025 • [ hacking, matchmaking service, personal information ] A Duo employee's work computer was hacked in January 2025, compromising personal information of 427,464 matchmaking service clients, including identifiers, contact details, and detailed personal profile information.
• Undisclosed Mongolian government entity January 1, 2025 • [ cyber espionage, backdoor, data exfiltration ] In January 2025, China-aligned GopherWhisper deployed Go-based backdoors and an exfiltration tool on roughly a dozen systems at an undisclosed Mongolian government institution, using Discord, Slack, Microsoft 365 Outlook, and File.io for command-and-control and data exfiltration.
• Fondo Genesis (MetLife) December 31, 2024 • [ ransomware, malware, finance ] The ransomware group RansomHub claims responsibility for a breach of MetLife's operations in Latin America. MetLife denies the allegations, acknowledging a separate cyber incident involving Fondo Genesis, a subsidiary operating solely in Ecuador. Claims to have exfiltrated 1TB of data.
• Ford X Account December 31, 2024 • [ hack, manufacturing ] Ford confirms that its X account was briefly compromised, after posts referencing the Israel-Palestine war are published.
• Thomas Cook (India) Ltd. December 31, 2024 • [ hack, retail ] Global travel agency Thomas Cook's Indian arm closes its affected systems after a cyber attack takes down its IT infrastructure.
• Office of Foreign Assets Control December 30, 2024 Chinese state-backed threat actors breach the Office of Foreign Assets Control (OFAC), a Treasury Department office that administers and enforces trade and economic sanctions programs, exploiting a vulnerability in a BeyondTrust Remote Support SaaS instance.
• Laboratory Services Cooperative (LSC) December 30, 2024 • [ data leak ] Laboratory Services Cooperative, a U.S. medical testing provider based in Texas, disclosed that unauthorized actors accessed and exfiltrated PHI and PII data of approximately 16 million individuals. No encryption or operational disruption occurred, and no threat actor has been publicly identified.
• Undisclosed U.S. Engineering and Construction Firm December 29, 2024 • [ ransomware, data leak ] On December 29 2024, Anubis listed an unnamed U.S. firm from the engineering and construction sector on its leak site. KELA reported the inclusion, and SecurityWeek referenced the finding. Stolen material reportedly included project and client documentation. No encryption or service interruption confirmed.
• Summit Home Health, Inc. December 29, 2024 • [ ransomware, data leak ] On December 29 2024, the criminal group Anubis listed Summit Home Health Inc. on its ransomware leak site, claiming theft of over 7 thousand patient records. KELA verified sample files, and SecurityWeek later reported the case as an example of Anubiss early campaigns. No encryption or service disruption was described, indicating a pure data-exfiltration exploit.
• Comercializadora S&E Perú December 29, 2024 • [ data leak, ransomware ] On December 29 2024, the criminal group Anubis listed the Peruvian engineering and construction company Comercializadora S&E Per on its leak site. KELA verified the listing and SecurityWeek later cited it as part of Anubiss first campaign. The group stole internal and client information; no encryption or operational outage was reported.
• Comercializadora S&E Perú December 29, 2024 • [ data leak, ransomware, cyber attack ] On December 29 2024, the criminal group Anubis listed the Peruvian engineering and construction company Comercializadora S&E Per on its leak site. KELA verified the listing and SecurityWeek later cited it as part of Anubiss first campaign. The group stole internal and client information; no encryption or operational outage was reported.
• DEphoto December 28, 2024 The threat actor known as 0mid16B breaches DEphoto, a U.K. photo business, twice in few days, acquiring the personal information of 555,952 customers.