Full List

Search

Recent Breaches

• Kering June 12, 2025 • [ hack, leak, retail ] Kering confirms June 2025 intrusion affecting multiple brands; ShinyHunters claims Salesforce-based exfiltration (43M+ Gucci, ~13M others); media verified samples and 7.4M unique emails; Kering says no financial/ID data; denies negotiations, which DataBreaches disputes with chat logs and a BTC micro-payment.
• Sturgis Hospital June 12, 2025 • [ hack, healthcare ] Sturgis Hospital confirmed a second unauthorized network access event discovered in June 2025 while investigating an earlier breach. The incident involved potential access to protected health information. No ransomware or disruption to hospital operations was reported.
• Chain IQ Group AG June 12, 2025 • [ data leak ] Chain IQ reported data contained employee business contact details but no client customer data.
• Disneyland Paris (via third-party contractor) June 12, 2025 • [ ransomware, data leak ] Anubis ransomware group claimed to have stolen 64 GB (approximately 39,000 files) of engineering and renovation data from a Disneyland Paris third-party contractor and listed the victim on its leak site; no confirmation of intrusion method or verification from Disneyland Paris.
• Aflac June 12, 2025 • [ social engineering, data leak ] Threat actor Scattered Spider (UNC3944/0ktapus) used social-engineering to gain access to Aflacs U.S. network, accessing internal application servers that stored personal and claims data; no ransomware deployed and scope of exfiltration undetermined.
• Cardiovascular Medicine Associates, PA (MyCardiologist) June 12, 2025 • [ data leak, healthcare, email compromise ] Hackers accessed MyCardiologists email environment between May 30 and June 12 2025, exfiltrating patient information including medical and insurance details; no encryption or quantitative data reported.
• Ogeechee Judicial Circuit District Attorney’s Office June 11, 2025 • [ ransomware ] Ransomware attack on the Ogeechee Judicial Circuit District Attorneys Office in Georgia on June 11, 2025 encrypted internal systems and forced closure of offices for several days; no data theft or leak reported; attacker identity unconfirmed.
• City of Thomasville (Municipal Government) June 11, 2025 • [ ransomware, data leak ] Cyberattack on the City of Thomasville, North Carolina discovered June 11 2025; INC ransomware group claimed responsibility and alleged theft of 260 GB of city data; municipal systems taken offline for containment; no encryption or customer data exposure reported.
• British Horseracing Authority (BHA) June 11, 2025 • [ ransomware ] On June 11 2025, the British Horseracing Authority suffered a cyberattack that forced closure of its London headquarters and disrupted internal IT and administrative systems for several days. Multiple outlets reported ransomware-style activity consistent with financially motivated criminal actors. No data theft has been confirmed.
• Phil Smith Automotive Group June 10, 2025 • [ hack, retail ] Unauthorized access to Phil Smith Automotive Group systems resulted in exfiltration of personal data. Approximately 12,274 individuals were affected. No encryption occurred; breach notices were mailed July 31, 2025.
• Operation PAR, Inc. June 10, 2025 • [ ransomware, leak, healthcare ] On June 10, 2025, Operation PAR, Inc., a Florida nonprofit providing addiction and mental health services, was hit by the Worldleaks ransomware group. The attacker exfiltrated around 485 GB of datanearly 900,000 files containing sensitive PII and PHIand later posted it on a dark-web leak site. No encryption or service disruption was confirmed.
• Precision Endodontics of Raleigh June 10, 2025 • [ hack, healthcare ] Precision Endodontics discovered unauthorized access to an email account on June 10, 2025. The breach exposed patient names and email addresses, and for some individuals, patient portal usernames and passwords. No misuse has been identified. The incident was reported to HHS-OTCR on August 5 and security improvements have been implemented.
• Sveriges Television (SVT) June 10, 2025 • [ denial of service ] On June 10 2025, Swedens public broadcaster Sveriges Television (SVT) was hit by a massive distributed-denial-of-service campaign that began in the evening and continued into the next morning, flooding servers with traffic from numerous countries. The attackdescribed by SVTs CTO as the largest and longest-lasting ever recordedtemporarily degraded online services and coincided with similar attempts against the Employment Service and banks. Officials said the incident formed part of wider cyber activity targeting Swedish institutions, but attribution and motive remain unconfirmed.
• NKS Super Speciality Hospital June 10, 2025 • [ data leak ] Hackers gained unauthorized access to servers of NKS Super Speciality Hospital in North Delhi around June 1011 2025, compromising patient and administrative records; hospital filed FIR; no encryption or ransom confirmed.
• Sant Parmanand Hospital June 10, 2025 • [ data leak, hacked ] Hackers accessed servers of Sant Parmanand Hospital in North Delhi around June 1011 2025, compromising patient, financial, and administrative files; police registered FIR under Indias IT Act; no encryption or ransom confirmed.
• Roularta Media Group June 10, 2025 • [ ddos ] Roularta Media Group suffered a DDoS attack disrupting its websites, apps, and print distribution on June 10, 2025; operations restored within 24 hours; no data exfiltration reported.
• Radford City Public Schools June 10, 2025 • [ cyberattack ] Cyberattack on Radford City Public Schools in Virginia disrupted portions of the districts internal network on June 10, 2025; systems taken offline for investigation; no ransomware encryption or data theft reported.
• Federal Customs Service; Federal Tax Service; Russian Railways (RZD) June 10, 2025 • [ denial of service, state-sponsored ] Ukraines Defense Intelligence Directorate (GUR) conducted coordinated DDoS operations from June 1012 2025 that temporarily paralyzed Russias Federal Customs and Tax Service networks and disrupted Russian Railways ticketing portals. Russias Federal Customs Service acknowledged complications in information exchange consistent with DDoS activity.
• Dairy Farmers of America June 10, 2025 • [ ransomware, data leak ] Ransomware hit multiple plants; data exfiltrated and 4,546 notified per filings
• Catwatchful June 9, 2025 • [ espionage, sqlinjection, technology ] In June 2025, spyware maker Catwatchful suffered a data breach that exposed over 60k customer records. The breach was due to a SQL injection vulnerability that enabled email addresses and plain text passwords to be extracted from the system.