CareOregon / Health Share of Oregon
October 27, 2025
•[ data leak ]
Unauthorized viewing of member information occurred within CareOregon-managed systems supporting Health Share of Oregon, leading to notifications to affected members.
Catwig LLC d/b/a Victory Disability
October 27, 2025
•[ unauthorized access, data breach, Personally Identifiable Information (PII) ]
Catwig LLC (doing business as Victory Disability) stated it became aware in November 2025 of claims that an unknown party obtained information belonging to the firm. The company initiated an investigation with third-party cybersecurity specialists and notified federal law enforcement. The investigation concluded that an unknown party accessed a portion of Victory Disabilitys environment between October 27 and November 12, 2025 and may have viewed or copied certain information stored there. Potentially impacted data included names, contact information, Social Security numbers, and in some cases dates of birth and medical information (diagnosis, treatment, medications, lab results) if provided to Victory in connection with a case. The company reported filing notice with the California Attorney General and beginning written notifications on December 12, 2025.
PoltronesofÃ
October 27, 2025
•[ ransomware, phishing, data breach ]
Italian furniture retailer Poltronesof disclosed that its IT environment suffered a ransomware attack on October 27, 2025, in which intruders compromised group servers and encrypted virtual machines, making several internal systems temporarily unavailable. The companys incident-response team isolated affected infrastructure and launched a forensic investigation, but it warned that attackers may have exfiltrated customer data including identification and contact details. While payment information was reportedly not impacted, customers were advised to be vigilant for phishing attempts and to change passwords used with company services.
Svenska Kraftnät
October 25, 2025
•[ ransomware, data leak ]
Swedens national power grid operator Svenska Kraftnt experienced a data breach on October 25, 2025, when ransomware group Everest accessed an external file-transfer system and claimed to have stolen roughly 280 GB of data. Electricity transmission operations were not affected.
DoorDash
October 25, 2025
•[ data leak ]
DoorDash reported that an unauthorized party accessed a company system on October 25 and obtained personal contact and order information; the company stated that sensitive personal or financial data was not accessed and no operational disruption occurred.
700Credit
October 25, 2025
•[ data leak ]
700Credit, an automotive credit reporting and identity verification provider, was reported to have experienced a data breach on or around Oct. 25, 2025. The report stated the company was alerted to suspicious activity within its proprietary web-based application (700Dealer.com), after which it engaged third-party forensic specialists. According to the reporting, the investigation found consumer data had been copied from the application without authorization, while 700Credits internal network was said to be unaffected. Compromised data was described as including consumer names, addresses, and Social Security numbers from auto financing applications submitted between May and October 2025.
700Credit
October 25, 2025
•[ data leak ]
The Record reported that auto-dealership service provider 700Credit said 5,836,521 people were affected by a data breach discovered on October 25, 2025. The company stated its IT team found that attackers made copies of information they accessed in 700Credit systems and that the copied data included names, Social Security numbers, dates of birth, and addresses. The report noted the company notified federal law enforcement and the FTC and began offering identity protection services, indicating confirmed unauthorized access and copying of sensitive consumer identifiers.
Svenska Kraftnät
October 25, 2025
•[ ransomware, data breach, critical infrastructure ]
Swedens national power grid operator Svenska Kraftnt experienced a data breach on October 25, 2025, when ransomware group Everest accessed an external file-transfer system and claimed to have stolen roughly 280 GB of data. Electricity transmission operations were not affected.
MyVidster (2025)
October 24, 2025
•[ leak, phishing, technology ]
In October 2025, the data of almost 4M MyVidster users was posted to a public hacking forum. Separate to the 2015 breach, this incident exposed usernames, email addresses and in a small number of cases, profile photos.
AT&T Careers HR portal
October 24, 2025
•[ ransomware, data leak, fraud ]
Ransomware actors posted a dataset labeled AT&T Careers on their leak site, indicating records tied to recruiting/applicant systems; listing framed for monetization with no operational outage described. Organization review pending; risk centers on identity/targeted fraud against job-seekers and staff.
Unigym Gatineau
October 24, 2025
•[ phishing, data leak ]
Members personal and financial details potentially accessed; centre warned about phishing/fraud and began coordination with card processors and police after local media alerted them to leaked samples.
ModMed (Modernizing Medicine)
October 24, 2025
•[ data leak, healthcare, third-party breach ]
Modernizing Medicine (ModMed) said it discovered unauthorized activity on July 29, 2025, and confirmed that attackers had accessed and exfiltrated data from servers hosting podiatry-client EHR information between July 910. Exposed fields include full names, addresses, DOB, SSNs, contact details, health insurance info, medical record and patient account numbers, dates of service, providers/practices, billing/diagnostic codes, prescription/medication data, and diagnosis/treatment information; providers were notified on September 19 and patients on October 17. Days later, a seller advertised a partial EHR database (1,0001,500 podiatry patient records) on a breach forum/Telegram, indicating financially motivated data trafficking, though ModMed has not confirmed a second intrusion. Overall impact: large-scale PHI exposure from vendor-hosted servers, with evidence of downstream data sale attempts.
ZZ Dats
October 24, 2025
•[ data leak, government, regulatory action ]
Latvias DVI fined vendor ZZ Dats 300,000 for a 2024 municipal data breach affecting 42 municipalities; enforcement materials cite failures in safeguarding personal data rather than evidence of a targeted intrusion. This row logs the regulatory outcome tied to last years exposure.
At least one LastPass user
October 24, 2025
•[ phishing, credential theft, account takeover ]
Phishing emails impersonated password-vault Emergency Access notices using false death claims to coerce replies (e.g., STOP), pivoting victims to a look-alike portal tied to CryptoChameleon infrastructure; harvested credentials enabled vault takeover attempts and secondary account compromise. Campaign reflects profit-seeking credential theft across many individuals rather than a single named organization.
Legacy Health, LLC
October 24, 2025
•[ data leak, healthcare ]
Legacy Health LLC, a Dallas-based healthcare revenue cycle management company, disclosed that it experienced a data breach affecting 4,031 Texas residents. According to breach notices and law firm investigations, an Undetermined actor accessed data used in medical billing and revenue cycle services, exposing sensitive personal and protected health information. Compromised data includes individuals' names, medical information and health insurance details, increasing the risk of medical identity theft and insurance fraud for affected patients. Legacy Health mailed notification letters on October 24, 2025 and reports that it has taken steps to secure its systems and strengthen cybersecurity controls.
AllerVie Health
October 24, 2025
•[ ransomware, data leak ]
AllerVie Health experienced unauthorized network access between October 24 and November 3 2025 during which sensitive data was accessed and exposed in a ransomware attack attributed to ANUBIS The incident was detected on November 2 and public notification to individuals occurred in late December 2025
At least one undisclosed retail/consumer-services organisation
October 23, 2025
•[ financial fraud, account compromise, cloud security ]
Threat cluster Jingle Thief compromises cloud accounts at retailers/consumer services to issue high-value gift cards at scale, maintaining persistence (rogue MFA apps, Entra enrollments) and living-off-the-land in M365; activity spiked AprilMay 2025 and is financially motivated fraud rather than service disruption. Campaign-level intel, not a single-victim event.
M-TIBA (CarePay Kenya)
October 23, 2025
•[ data leak ]
Threat actor Kazu claimed on Oct 23 2025 to have exfiltrated 2.15 TB of data (~4.8 M users) from M-TIBA, a Safaricom-backed health-finance platform; sample of 114 k records posted; Kenyas ODPC launched investigation Oct 29 2025; no encryption or operational outage confirmed.
Freedom Mobile
October 23, 2025
•[ data leak ]
Freedom Mobile disclosed a breach of its customer account management platform that it detected on Oct. 23, 2025. The company stated that an unknown third party used a subcontractors account to access personal information for a limited number of customers, and that suspicious accounts and related IP addresses were blocked as part of corrective measures. Reported exposed data elements include first and last names, home addresses, dates of birth, phone numbers (home and/or mobile), and customer account numbers; Freedom stated the incident was not ransomware and that its network and operations were not affected.
Substack
October 23, 2025
•[ data breach, data leak, PII ]
In October 2025, the publishing platform Substack suffered a data breach that was subsequently circulated more widely in February 2026. The breach exposed 663k account holder records containing email addresses along with publicly visible profile information from Substack accounts, such as publication names and bios. A subset of records also included phone numbers.
