BK Technologies
September 20, 2025
•[ data leak ]
BK Technologies reported an intrusion on Sept 20; attackers accessed and stole non-public data from compromised systems; company says impact is not material and mostly covered by insurance.
Thayer Hotel at West Point
September 19, 2025
•[ data leak ]
On 19 September 2025 the Thayer Hotel at West Point experienced unauthorized access to its computer systems, prompting a forensic investigation and containment measures. The hotel later confirmed that an Undetermined actor accessed systems holding data on roughly 33,053 individuals and that exposed information could include names, dates of birth, postal addresses, Social Security numbers, drivers license and passport numbers, state IDs, email addresses and some medical or financial data for guests and employees. A formal Notice of Data Security Incident dated 31 October 2025 describes the breach, and law firms have begun investigating potential claims while the hotel offers credit monitoring through Kroll.
Thayer Hotel at West Point
September 19, 2025
•[ unauthorized access, data breach, personally identifiable information ]
On 19 September 2025 the Thayer Hotel at West Point experienced unauthorized access to its computer systems, prompting a forensic investigation and containment measures. The hotel later confirmed that an Undetermined actor accessed systems holding data on roughly 33,053 individuals and that exposed information could include names, dates of birth, postal addresses, Social Security numbers, drivers license and passport numbers, state IDs, email addresses and some medical or financial data for guests and employees. A formal Notice of Data Security Incident dated 31 October 2025 describes the breach, and law firms have begun investigating potential claims while the hotel offers credit monitoring through Kroll.
Other Ukraine
September 17, 2025
•[ ddos ]
TASS says Medvedchuks Other Ukraine website suffered a fresh DDoS on 09/17/2025 (second that week), following a run of attacks on 09/0909/11; technicians worked to restore access; no attribution or data theft.
Veradigm Inc.
September 17, 2025
•[ financial, healthcare ]
Veradigm reported on September 26 2025 that it detected unauthorized access to portions of its network on September 17 2025. Investigators determined that data on roughly 1.1 million individuals was accessed, but no encryption, ransom demand, or operational disruption occurred. The actor has not been identified and the intrusion appears financially motivated.
The Property Business Australia
September 16, 2025
•[ leak ]
Kairos listed The Property Business Australia on its leak site around 09/16/2025, claiming exfiltration of sensitive agent/tenant/landlord data; CyberDaily published on 09/17; trackers cite 164 GB leaked. Samples include ID and payment images. No victim confirmation or outage reported yet.
SSC-ICT (serving several Dutch government agencies)
September 15, 2025
•[ hack, ddos, government ]
A sustained DDoS campaign targeted SSC-ICT systems, degrading VPN and internal site access for ~57k Dutch civil servants; ministries advised staff to work in office; Interior Ministry confirmed attacks, impact assessed as limited; no attribution.
Gloucester-Mathews Gazette-Journal
September 15, 2025
•[ ransomware, malware, technology ]
Ransomware hit the Gazette-Journals production file server over the weekend; discovered 09/15/2025; no customer financial data compromised; recovery allowed in-house printing to resume after network restoration; attacker unknown.
Friendlies Society Dispensary
September 15, 2025
•[ ransomware, malware, healthcare ]
A ransomware attack occurred in September 2025 against the Friendlies Society Dispensary in Toowoomba, Queensland. The pharmacys systems were encrypted, disrupting services for several days. Management reported uncertainty about what data was accessed. The incident was publicly reported on October 1, 2025, by ABC News.
Maida.health (Brazil)
September 15, 2025
•[ leak, healthcare ]
Threat actors reportedly exfiltrated approximately 2 TB of sensitive data from Maida.health, a Brazilian health-technology firm providing services for the Military Police and their families. Stolen data allegedly include medical records, ID documents, and administrative files. No encryption or ransomware activity was reported, and the responsible actor has not been identified.
Undisclosed Major Technology Firm
September 15, 2025
•[ data leak, nation-state, AI-automated attack ]
Anthropic reported that GTG-1002, a China-linked nation-state threat actor, conducted an AI-automated intrusion campaign detected in mid-September 2025; one successful breach involved an undisclosed major technology firm where sensitive information was stolen via exploitation of application server infrastructure.
Undisclosed Financial Institution
September 15, 2025
•[ data leak, nation-state, vulnerability exploitation ]
Anthropic reported that GTG-1002, a China-linked nation-state threat actor, conducted an AI-automated intrusion campaign detected in mid-September 2025; one successful breach involved an undisclosed financial institution where sensitive information was stolen via exploitation of application server infrastructure.
Undisclosed Chemical Manufacturer
September 15, 2025
•[ data leak, nation-state, AI-automated attack ]
Anthropic reported that GTG-1002, a China-linked nation-state threat actor, conducted an AI-automated intrusion campaign detected in mid-September 2025; one successful breach involved an undisclosed chemical manufacturer where sensitive information was stolen via exploitation of application server infrastructure.
Undisclosed Government Agency
September 15, 2025
•[ nation-state, data leak, vulnerability exploit ]
Anthropic reported that GTG-1002, a China-linked nation-state threat actor, conducted an AI-automated intrusion campaign detected in mid-September 2025; one successful breach involved an undisclosed government agency where sensitive information was stolen via exploitation of application server infrastructure.
Central Election Commission (CEC) of Russia
September 14, 2025
•[ hack, ddos, government ]
Regulator reported 99 DDoS attacks on CEC/Moscow IT/online voting portal on Sept. 14 (3h40m total), but CEC said voting and systems operated normally.
Central Election Commission of the Russian Federation
September 14, 2025
•[ hack, ddos, government ]
HUR/GUR executed DDoS against Russias election infrastructure to hinder online voting; Russia confirmed sustained attacks causing intermittent outages/slowdowns, router reboots, and later restoration; CEC tallied 500k+ attack events.
VAS AG
September 14, 2025
•[ ransomware, malware, manufacturing ]
{"richText":[{"font":{"size":11,"color":{"theme":1},"name":"Aptos Narrow"},"text":"VAS AG reported a "},{"font":{"bold":true,"size":11,"color":{"theme":1},"name":"Aptos Narrow"},"text":"ransomware"},{"font":{"size":11,"color":{"theme":1},"name":"Aptos Narrow"},"text":" incident on 09/14/2025 disrupting daily operations; systems were disconnected from the internet, authorities notified, and recovery underway; no attribution or data-theft confirmation yet."}]}
Miljodata
September 14, 2025
•[ hack, leak, technology ]
Cyberattack on Miljdata led to theft and dark-web leak of data on >1.5M people; Datacarry claimed responsibility; prosecutor rules out state involvement at this time. Data includes PII/personal numbers; hundreds of municipalities and some companies (e.g., Volvo, SAS) impacted.
Uvalde Consolidated Independent School District
September 13, 2025
•[ ransomware, malware, education ]
Ransomware detected on UCISD servers led to cancellation of most/all classes the week of Sept. 15; investigation and recovery continued, with essential safety/operations systems disrupted; classes to resume Sept. 22; district reports no data breach
Wood Personnel Services
September 12, 2025
•[ data leak ]
Wood Personnel Services reported unauthorized access to certain files on its network discovered in September 2025. The company stated that files containing personal information may have been accessed without authorization and notified affected individuals in December 2025. No operational disruption or data volume was disclosed.
