Full List

Search

Recent Breaches

• Square Enix / Final Fantasy XIV December 19, 2025 • [ ddos, service disruption ] Final Fantasy XIV experienced service disruption from recurring distributed denial-of-service (DDoS) activity reported around mid-to-late December 2025, impacting players ability to log in and remain connected to the game. Public reporting described repeated disconnects and instability affecting the titles North American data centers during peak play periods around the Patch 7.4 release window.
• Club Atletico River Plate December 19, 2025 • [ ransomware, data leak ] On December 19, 2025, Argentine media reported that Club Atltico River Plate was listed on ransomware group Qilins dark web leak site, suggesting the group had gained unauthorized access to the clubs IT environment. The report described a significant compromise of sensitive information and access to the institutions digital infrastructure, with screenshots posted as evidence and indications the club used Microsoft 365 services. The attackers posted metrics referenced data for 4,042 users, one directly compromised employee, and 13 credentials belonging to employees of third parties
• Hello Cake, Inc. December 19, 2025 • [ data leak ] Hello Cake, Inc. reported a cybersecurity incident involving unauthorized access to company systems that resulted in exposure of sensitive business information.
• Nexar December 19, 2025 • [ data leak ] Nexar disclosed a cyber incident in which attackers gained unauthorized access to internal systems, prompting an investigation into potential data exposure.
• Lexipol December 19, 2025 • [ data leak ] Lexipol experienced a cyberattack that led to unauthorized access to its systems, affecting data associated with public safety and law enforcement clients.
• Goldman Sachs (via Fried Frank Harris Shriver & Jacobson LLP) December 19, 2025 • [ data leak, third-party breach ] Goldman Sachs notified clients that some client data may have been exposed following a cybersecurity incident at its external law firm, Fried Frank; Goldman stated its own systems were not compromised.
• Undisclosed Ghana financial institution December 19, 2025 • [ ransomware, data leak ] A ransomware attack targeted a Ghanaian financial institution, encrypting large volumes of data and resulting in a financial loss of approximately USD 120,000, with authorities later assisting in partial data recovery.
• At least one organization in Japan December 18, 2025 • [ data leak ] A cyberattack targeted at least one organization in Japan, resulting in unauthorized access to internal systems and raising concerns about potential data exposure.
• Passenger ferry owned by GNV December 17, 2025 • [ malware, foreign interference, sabotage ] French authorities reported that the passenger ferry 'Fantastic' (operated by Italian shipping company Grandi Navi Veloci, GNV) was infected with malware while docked in the port of Ste, France. Officials stated the malware could have enabled the ship to be remotely controlled, prompting an investigation into possible foreign interference. Prosecutors said a Latvian national was arrested and charged after the malware was discovered.
• Naftali Bennett's phone December 17, 2025 • [ data leak, hacking ] Israel National News reported that the Iranian-affiliated hacker group Handala claimed it infiltrated Naftali Bennetts personal iPhone 13 as part of Operation Octopus and published files it said were extracted from the device, including a contact list with names of senior Israeli officials, internal communications, sensitive documents, and personal photos. The outlet also reported Bennett responded that the matter was being handled by security authorities. Subsequent coverage elsewhere reported Bennetts office said tests indicated the phone was not hacked, though content tied to his accounts/contacts circulated online; the exact extent of compromise is therefore not fully verified beyond an unauthorized leak claim.
• Pass'Sport December 17, 2025 • [ data leak ] In December 2025, data from France's Pass'Sport program was posted to a popular hacking forum. Initially misattributed to CAF (the French family allowance fund), the data contained 6.5M unique email addresses affecting 3.5M households. The data also included names, phone numbers, genders and physical addresses. The Ministry of Sports subsequently released a statement acknowledging the incident.
• At least one organization in the energy sector December 16, 2025 • [ energy sector, unauthorized access, operational disruption ] An organization operating in the energy sector was targeted by cyber activity that sought to access or interfere with systems supporting energy operations.
• SoundCloud December 15, 2025 • [ data leak, ddos ] SoundCloud disclosed that it detected unauthorized activity involving an ancillary service dashboard and investigated the incident with external experts. SoundCloud said an attacker accessed information for roughly 20% of user accounts, limited to email addresses and information visible on public SoundCloud profiles, and stated that passwords and payment information were not exposed. The company implemented additional security controls, forced logouts and token rotations, and temporarily restricted some access while mitigating follow-on activity; it also reported experiencing a DDoS attack that contributed to short-lived service availability issues on the web version.
• The Minersville School District December 15, 2025 • [ malware ] Minersville Area School District reported a cybersecurity incident after security tools detected attempts to install malware on certain district systems on Monday, December 15, 2025. As a precaution, the district took its computer network offline to contain any potential infection and engaged cybersecurity specialists to investigate the activity, validate system integrity, and plan a safe restoration. The network shutdown disrupted district operations and led to the closure of schools on Tuesday, December 16, 2025. Public reporting did not confirm whether data was accessed or exfiltrated, and the incident was described primarily as a malware-install attempt and precautionary outage.
• Dainichiseika Color & Chemicals Mfg. (Vietnam subsidiary) December 15, 2025 • [ ransomware, unauthorized access, data leak ] Dainichiseika Color & Chemicals Manufacturing reported that its consolidated subsidiary in Vietnam (DAINICHI COLOR VIETNAM CO., LTD.) suffered unauthorized access that resulted in ransomware infection of internal servers and related systems. On December 15, 2025, the company confirmed that files on servers and PCs had been encrypted and rendered unreadable, consistent with a ransomware data attack. Affected devices were disconnected from internal networks and the internet to prevent spread, and IT specialists were dispatched to support recovery and forensic analysis. The company stated that key subsidiary operations such as manufacturing and shipping continued as usual and that the extent of information leakage, if any, was still being assessed.
• Petroleos de Venezuela (PDVSA) December 15, 2025 • [ ransomware, state-sponsored, service disruption ] PDVSA confirmed a cyberattack impacted its administrative system and publicly blamed the United States, though outside experts had not substantiated that attribution. Reporting cited by the outlet said the incident was more damaging than PDVSA described, with the company website down and oil cargo deliveries suspended; company sources characterized it as a ransomware attack and described systems being down and deliveries halted for days.
• Raaga December 15, 2025 • [ data leak ] In December 2025, data allegedly breached from the Indian streaming music service "Raaga" was posted for sale to a popular hacking forum. The data contained 10M unique email addresses along with names, genders, ages (in some cases, full date of birth), postcodes and passwords stored as unsalted MD5 hashes.
• SoundCloud December 15, 2025 • [ data leak, extortion ] In December 2025, SoundCloud announced it had discovered unauthorised activity on its platform. The incident allowed an attacker to map publicly available SoundCloud profile data to email addresses for approximately 20% of its users. The impacted data included 30M unique email addresses, names, usernames, avatars, follower and following counts and, in some cases, the users country. The attackers later attempted to extort SoundCloud before publicly releasing the data the following month.
• DXS International December 14, 2025 • [ ransomware, data leak ] DXS International disclosed a cyberattack affecting its office servers that it said was discovered on December 14, 2025 and immediately contained in cooperation with NHS England. The company reported minimal impact on services and said front-line clinical services were unaffected. The specific nature of the breach and whether patient medical information was stolen was not confirmed in the report; however, a ransomware group calling itself DevMan claimed credit and alleged theft of 300 GB of data. Regulators and law enforcement were notified and an external cybersecurity firm was engaged to investigate the scope and extent of unauthorized access.
• Undetermined government and diplomatic entities (Oman, Morocco, Palestinian Authority) December 12, 2025 • [ malware, information theft, espionage ] The Record summarized threat-intelligence reporting alleging a Hamas-affiliated group (called Ashen Lepus) used malware-laden documents to compromise multiple government and diplomatic entities tied to Oman, Morocco, and the Palestinian Authority, including a malware strain referred to as AshTag used for information theft.