Full List

Search

Recent Breaches

• Spyic February 14, 2025 In February 2025, the spyware service Spyic suffered a data breach along with sibling spyware service, Cocospy. The Spyic breach alone exposed almost 876k customer email addresses which were provided to HIBP, and reportedly also enabled unauthorised access to captured messages, photos, call logs, and more. The data was provided to HIBP by a source who requested it be attributed to "zathienaephi@proton.me".
• Adpost February 14, 2025 • [ leak ] In February 2025, data allegedly obtained from an earlier Adpost breach surfaced. The dataset contained 3.3M records including email addresses, usernames, and display names. Multiple attempts to contact Adpost regarding the incident received no response.
• Vital Imaging Medical Diagnostic Centers February 13, 2025 • [ hack, healthcare ] A hacking incident on 13 Feb 2025 led to unauthorized access to Vital Imagings network, exposing sensitive personal and medical information of approximately 260,000 individuals. Notifications were sent in August 2025, and legal investigations are active.
• The Lovesac Company February 12, 2025 • [ ransomware, leak, retail ] Lovesac confirmed a data breach after a ransomware site listing; letters say attackers accessed internal systems between Feb 12Mar 3, stole PII, and the firm offered 24 months of credit monitoring; RansomHub claimed the attack and threatened leaks; no encryption/service disruption reported.
• Lexipol February 11, 2025 In February 2025, the public safety policy management systems company Lexipol suffered a data breach. Attributed to the self-proclaimed "Puppygirl Hacker Polycule", the breach exposed an extensive number of documents and user records which were subsequently published publicly. The breach included over 670k unique email addresses in the user records, along with names, phone numbers, system-generated usernames and passwords stored as either MD5 or SHA-256 hashes.
• Baltimore Archdiocese (via Stinson LLP & BRG) February 1, 2025 • [ leak, finance ] Protected survivor data exposed from law firm (Stinson LLP) and financial advisor (BRG) systems supporting Archdiocese bankruptcy cases
• Oil and gas facility control panels in the U.S. January 31, 2025 • [ hack, energy ] Researchers at Cyble identify Sector 16, a new pro-Russian hacktivist group targeting into oil and gas facility control panels in the U.S.
• Tata Technologies January 31, 2025 • [ ransomware, malware, technology ] Tata Technologies Ltd. suspends some of its IT services following a ransomware attack that impacted the company network.
• Asheville Eye Associates January 31, 2025 • [ hack, healthcare ] Asheville Eye Associates says the personal and medical information of a subset of its patients was compromised as a result of a cybersecurity incident. The DragonForce claims responsibility for the attack, claiming to have stolen hundreds of gigabytes of data.
• Delta County Memorial Hospital January 31, 2025 • [ hack, healthcare ] Non-profit hospital district Delta County Memorial Hospital informs that threat actors had compromised the personal information of 148,363 people in a May 2024 cyberattack.
• Thermomix Recipe World Forum January 30, 2025 In January 2025, the Rezeptwelt (German for "recipe world") forum for Thermomix owners suffered a data breach. The incident exposed 3.1M registered users' details including names, email and physical addresses, phone numbers, dates of birth and bios (usually cooking related). The data was provided to HIBP by a source who requested it be attributed to "ayame@xmpp.jp".
• Mizuno USA January 30, 2025 • [ ransomware, manufacturing ] Mizuno USA, a subsidiary of Mizuno Corporation, one of the world's largest sporting goods manufacturers, confirms in data breach notification letters that unknown attackers stole files from its network between August and October 2024. The BianLian claims responsibility for the attack.
• Yazoo Valley Electric Power Association January 30, 2025 • [ ransomware, malware, energy ] Yazoo Valley Electric Power Association, an electric utility serving multiple counties in Mississippi discloses to suffer an attack by cybercriminals last summer in an incident that exposed the information of more than 20,000 residents. The Akira ransomware gang claims responsibility for the attack.
• Smiths Group January 28, 2025 • [ hack, technology ] London-based engineering giant Smiths Group discloses a security breach after unknown attackers gained access to the company's systems.
• CenterPoint Energy January 28, 2025 • [ leak, energy ] CenterPoint Energy, a large Texas energy company confirms it is investigating reports of stolen customer data that has been published on a cybercriminal forum after it was allegedly taken during the 2023 MOVEit breach.
• Gazprom January 28, 2025 • [ hack, ddos, energy ] Ukrainian cyber experts have carried out a DDOS attack on the digital infrastructure of some of the largest Russian energy companies, Gazprom and Gazpromneft. Babel and a number of other media outlets report this , citing a source.
• Miracle Ear (Health Services LLC) January 28, 2025 • [ hack, healthcare ] Unauthorized access from Jan 228, 2025 allowed cybercriminals to view and potentially exfiltrate sensitive personal and health data of at least 13,088 individuals. No service disruption reported and no encryption involved. Regulatory notifications occurred August 12, 2025.
• DeepSeek January 27, 2025 • [ hack, ddos, technology ] Chinese AI platform DeepSeek disables registrations on its DeepSeek-V3 chat platform due to an ongoing "large-scale" cyberattack targeting its services.
• More than 570 computers linked to Mexico's government January 27, 2025 • [ hack, malware, government ] Threat actors infect more than 570 computers linked to Mexico's government domain gob.mx with infostealer malware, exposing sensitive data and login credentials.
• Frederick Health Medical Group January 27, 2025 • [ ransomware, malware, healthcare ] Frederick Health Medical Group warns that there will be delays in service as it is hit by a ransomware attack.