Full List

Search

Recent Breaches

• DoorDash October 25, 2025 • [ data leak ] DoorDash reported that an unauthorized party accessed a company system on October 25 and obtained personal contact and order information; the company stated that sensitive personal or financial data was not accessed and no operational disruption occurred.
• 700Credit October 25, 2025 • [ data leak ] 700Credit, an automotive credit reporting and identity verification provider, was reported to have experienced a data breach on or around Oct. 25, 2025. The report stated the company was alerted to suspicious activity within its proprietary web-based application (700Dealer.com), after which it engaged third-party forensic specialists. According to the reporting, the investigation found consumer data had been copied from the application without authorization, while 700Credits internal network was said to be unaffected. Compromised data was described as including consumer names, addresses, and Social Security numbers from auto financing applications submitted between May and October 2025.
• 700Credit October 25, 2025 • [ data leak ] The Record reported that auto-dealership service provider 700Credit said 5,836,521 people were affected by a data breach discovered on October 25, 2025. The company stated its IT team found that attackers made copies of information they accessed in 700Credit systems and that the copied data included names, Social Security numbers, dates of birth, and addresses. The report noted the company notified federal law enforcement and the FTC and began offering identity protection services, indicating confirmed unauthorized access and copying of sensitive consumer identifiers.
• Svenska Kraftnät October 25, 2025 • [ ransomware, data breach, critical infrastructure ] Swedens national power grid operator Svenska Kraftnt experienced a data breach on October 25, 2025, when ransomware group Everest accessed an external file-transfer system and claimed to have stolen roughly 280 GB of data. Electricity transmission operations were not affected.
• MyVidster (2025) October 24, 2025 • [ leak, phishing, technology ] In October 2025, the data of almost 4M MyVidster users was posted to a public hacking forum. Separate to the 2015 breach, this incident exposed usernames, email addresses and in a small number of cases, profile photos.
• AT&T Careers HR portal October 24, 2025 • [ ransomware, data leak, fraud ] Ransomware actors posted a dataset labeled AT&T Careers on their leak site, indicating records tied to recruiting/applicant systems; listing framed for monetization with no operational outage described. Organization review pending; risk centers on identity/targeted fraud against job-seekers and staff.
• Unigym Gatineau October 24, 2025 • [ phishing, data leak ] Members personal and financial details potentially accessed; centre warned about phishing/fraud and began coordination with card processors and police after local media alerted them to leaked samples.
• ModMed (Modernizing Medicine) October 24, 2025 • [ data leak, healthcare, third-party breach ] Modernizing Medicine (ModMed) said it discovered unauthorized activity on July 29, 2025, and confirmed that attackers had accessed and exfiltrated data from servers hosting podiatry-client EHR information between July 910. Exposed fields include full names, addresses, DOB, SSNs, contact details, health insurance info, medical record and patient account numbers, dates of service, providers/practices, billing/diagnostic codes, prescription/medication data, and diagnosis/treatment information; providers were notified on September 19 and patients on October 17. Days later, a seller advertised a partial EHR database (1,0001,500 podiatry patient records) on a breach forum/Telegram, indicating financially motivated data trafficking, though ModMed has not confirmed a second intrusion. Overall impact: large-scale PHI exposure from vendor-hosted servers, with evidence of downstream data sale attempts.
• ZZ Dats October 24, 2025 • [ data leak, government, regulatory action ] Latvias DVI fined vendor ZZ Dats 300,000 for a 2024 municipal data breach affecting 42 municipalities; enforcement materials cite failures in safeguarding personal data rather than evidence of a targeted intrusion. This row logs the regulatory outcome tied to last years exposure.
• At least one LastPass user October 24, 2025 • [ phishing, credential theft, account takeover ] Phishing emails impersonated password-vault Emergency Access notices using false death claims to coerce replies (e.g., STOP), pivoting victims to a look-alike portal tied to CryptoChameleon infrastructure; harvested credentials enabled vault takeover attempts and secondary account compromise. Campaign reflects profit-seeking credential theft across many individuals rather than a single named organization.
• Legacy Health, LLC October 24, 2025 • [ data leak, healthcare ] Legacy Health LLC, a Dallas-based healthcare revenue cycle management company, disclosed that it experienced a data breach affecting 4,031 Texas residents. According to breach notices and law firm investigations, an Undetermined actor accessed data used in medical billing and revenue cycle services, exposing sensitive personal and protected health information. Compromised data includes individuals' names, medical information and health insurance details, increasing the risk of medical identity theft and insurance fraud for affected patients. Legacy Health mailed notification letters on October 24, 2025 and reports that it has taken steps to secure its systems and strengthen cybersecurity controls.
• AllerVie Health October 24, 2025 • [ ransomware, data leak ] AllerVie Health experienced unauthorized network access between October 24 and November 3 2025 during which sensitive data was accessed and exposed in a ransomware attack attributed to ANUBIS The incident was detected on November 2 and public notification to individuals occurred in late December 2025
• At least one undisclosed retail/consumer-services organisation October 23, 2025 • [ financial fraud, account compromise, cloud security ] Threat cluster Jingle Thief compromises cloud accounts at retailers/consumer services to issue high-value gift cards at scale, maintaining persistence (rogue MFA apps, Entra enrollments) and living-off-the-land in M365; activity spiked AprilMay 2025 and is financially motivated fraud rather than service disruption. Campaign-level intel, not a single-victim event.
• M-TIBA (CarePay Kenya) October 23, 2025 • [ data leak ] Threat actor Kazu claimed on Oct 23 2025 to have exfiltrated 2.15 TB of data (~4.8 M users) from M-TIBA, a Safaricom-backed health-finance platform; sample of 114 k records posted; Kenyas ODPC launched investigation Oct 29 2025; no encryption or operational outage confirmed.
• Freedom Mobile October 23, 2025 • [ data leak ] Freedom Mobile disclosed a breach of its customer account management platform that it detected on Oct. 23, 2025. The company stated that an unknown third party used a subcontractors account to access personal information for a limited number of customers, and that suspicious accounts and related IP addresses were blocked as part of corrective measures. Reported exposed data elements include first and last names, home addresses, dates of birth, phone numbers (home and/or mobile), and customer account numbers; Freedom stated the incident was not ransomware and that its network and operations were not affected.
• Substack October 23, 2025 • [ data breach, data leak, PII ] In October 2025, the publishing platform Substack suffered a data breach that was subsequently circulated more widely in February 2026. The breach exposed 663k account holder records containing email addresses along with publicly visible profile information from Substack accounts, such as publication names and bios. A subset of records also included phone numbers.
• Two undisclosed government departments in a South American country October 22, 2025 • [ vulnerability exploitation, espionage, data leak ] Actors exploited a patched SharePoint ToolShell flaw to gain initial access at a telecom, harvest credentials, and pivot across AD-joined systems. Activity included beaconing and data staging consistent with telecom espionage. No operational shutdown reported; primary effect is unauthorized access and data collection.
• Rosselkhoznadzor October 22, 2025 • [ ddos, hacktivism ] Large DDoS hit Russias food-safety agency, degrading VetIS/Mercury and Saturn services used to certify shipments; suppliers couldnt confirm deliveries and some retailers paused intake until access returned. Officials reported no data compromise, indicating a protest-driven disruption rather than theft.
• At least one undisclosed e-commerce site (running Adobe Commerce / Magento 2) October 22, 2025 • [ vulnerability, account takeover, skimming ] Observed active attempts to hijack Magento/Adobe Commerce sessions via the SessionReaper flaw weeks after patches, enabling account takeover, checkout abuse, and skimmer deployment on e-commerce sites. This is broad criminal monetization activity against many sites; no single named victim with a confirmed primary effect, so not recorded as a discrete event.
• At least one undisclosed Ukraine war-relief organization October 22, 2025 • [ phishing, credential theft, malware ] Targeted credential-theft/implant delivery against humanitarian and logistics organizations aiding Ukraine using well-crafted lures, HTML smuggling, and compartmentalized infrastructure. Intent is intelligence collection; campaign report covers multiple organizations without a single verified primary effect to code as an event.