Saint Mary’s Home of Erie
August 26, 2025
•[ data leak, unauthorized access ]
A forensic investigation found that an unauthorized party accessed the Saint Marys Home of Erie network between August 26 and 28, 2025. Files and folders containing resident PII and PHI may have been exposed. The incident was reported to HHS OCR for at least 501 individuals while review continues.
Saint Mary’s Home of Erie
August 26, 2025
•[ unauthorized access, PII, PHI ]
A forensic investigation found that an unauthorized party accessed the Saint Marys Home of Erie network between August 26 and 28, 2025. Files and folders containing resident PII and PHI may have been exposed. The incident was reported to HHS OCR for at least 501 individuals while review continues.
Xserver (エックスサーバー) sv13279 server
August 25, 2025
•[ ddos, technology ]
On August 25, 2025, Xserver reported that its sv13279 server was targeted by a DDoS attack beginning around 6:20 a.m. Access filtering was applied at 6:33 a.m. to mitigate the attack and restore normal service. No data was accessed or exfiltrated; the incident was limited to temporary service disruption. Actor and motive remain undetermined.
Centre de services scolaire des Appalaches (CSSA)
August 25, 2025
•[ ransomware, education ]
INC carried out a ransomware attack on CSSA on August 25, 2025, encrypting about 70% of archives and exfiltrating ~180 GB of data. Stolen data included personal records of students and staff, plus organizational financial, legal, and administrative documents. The incident lasted days to weeks before being publicly disclosed on September 3.
Miljödata
August 25, 2025
•[ ransomware, leak, malware ]
In August 2025, the Swedish system supplier Miljdata was the victim of a ransomware attack. Following the attack, data was subsequently published on the dark web and included 870k unique email addresses across various compromised files. Data also included names, phone numbers, physical addresses, dates of birth and government-issued personal identity numbers.
City of Stockholm
August 25, 2025
•[ leak, government ]
Vendor Miljdata was breached, exposing PII (names, personal ID numbers, phone, email, employment IDs) for >40,000 City of Stockholm employees; detected late August; disclosed Sept 9; authorities and Truesec investigating; protected-identity individuals not included
Elche City Council
August 25, 2025
•[ ransomware, malware, government ]
Ransomware attack crippled the Elche City Councils operations, affecting Finance, Social Services, and the Mayor's Office; ~1,500 devices were shut down. Emergency manual protocols were activated. A full recovery plan is underway with 4.5 million allocated.
Wytec
August 25, 2025
•[ hack, financial, technology ]
On August 25, 2025, Wytec International's website was defaced twice; site remains offline. Operations impacted included cancellation of a September 2 seminar. Company notified authorities and engaged forensic experts, citing financial losses as a result.
Boyd Gaming Corporation
August 25, 2025
•[ hack ]
Boyd Gaming reported that it detected unauthorized access to internal application servers in late August 2025. No ransomware group or actor has claimed responsibility. The company disclosed the breach publicly on September 24 2025, noting no encryption or operational disruption and no figure released for records affected.
Nevada State Government (multiple agencies)
August 24, 2025
•[ ransomware, malware, government ]
State described a ransomware-based attack discovered Aug 24 that forced two-day office closures and knocked multiple agency websites/phones offline; CIO confirmed some state data was exfiltrated, but nature/volume unknown; no actor has claimed responsibility.
Maryland Transit Administration (MTA)
August 24, 2025
•[ hack, government ]
Cybersecurity incident led MTA to take Mobility paratransit scheduling, real-time tracking, and call center systems offline as a precaution. Core transit services continued to run. Specific cause and i
Reno Department of Motor Vehicles
August 24, 2025
•[ ransomware, data leak ]
A ransomware attack against Nevada state government systems disrupted public services, and the Reno-area DMV continued to experience connectivity issues nearly two weeks later. DMV officials stated that drivers license transactions were impacted and first-time Real ID issuance was unavailable at the time of reporting, while some renewals and other transactions could proceed. State officials also publicly acknowledged evidence of some data being exfiltrated from the state network during the broader incident, though details were not tied to DMV systems in the sourced updates.
Miljödata (IT supplier for municipalities)
August 23, 2025
•[ ransomware, leak, malware ]
Suspected ransomware attack against Swedish IT supplier Miljdata disrupted critical services for ~200 municipalities starting August 23, 2025. Systems were encrypted, and attackers threatened to leak stolen personal and medical data unless paid 1.5 BTC.
Internet Rimon (Kosher Internet provider)
August 23, 2025
•[ hack, technology ]
Iran-linked hacktivist group Promised Revenge attacked Israeli kosher internet provider Internet Rimon on August 23, 2025. Attackers disabled servers and deleted internal infrastructure, disrupting filtering and connectivity services for many customers. Hackers claimed access to internal data, but no evidence confirmed any customer data theft.
Miljödata (IT supplier for municipalities)
August 23, 2025
•[ ransomware, data leak, personal data ]
Suspected ransomware attack against Swedish IT supplier Miljdata disrupted critical services for ~200 municipalities starting August 23, 2025. Systems were encrypted, and attackers threatened to leak stolen personal and medical data unless paid 1.5 BTC.
Several Iranian Ships (Fanava-linked network)
August 22, 2025
•[ hack, technology ]
Lab-Dookhtegan claimed root-level access to Fanavas satellite comms infrastructure, disabled the Falcon system, wiped critical shipboard storage, and severed communication between dozens of vessels and shore.
Government, tech, academic & telecom entities; global
August 22, 2025
•[ espionage, malware, government ]
CrowdStrike reports that multiple Chinese-linked groupsMurky Panda, Genesis Panda, and Glacial Pandahave exploited vulnerabilities (e.g., Citrix CVE-2023-3519, Commvault CVE-2025-3928) to deploy the CloudedHope malware for covert espionage against cloud, telecom, government, tech, academic, legal, and professional services organizations worldwide.
Anchorage Neighborhood Health Cente
August 22, 2025
•[ ransomware, data leak ]
Anchorage Neighborhood Health Center disclosed that an unauthorized third party gained access to certain systems and that sensitive personal information and protected health information may have been exposed, including identifiers (such as Social Security numbers and state ID numbers) and medical/insurance information. Reporting around the incident also described operational impacts at the clinic, including phone lines being down and appointment scheduling disruptions for more than a week in late August 2025. The organization filed a public notice and began sending notification letters to impacted individuals on November 19, 2025.
Welcome Financial Group
August 21, 2025
•[ ransomware, finance ]
ALPHV/BlackCat claimed responsibility for stealing 1.024 TB of files from Welcome Financial Group, alleging it contained customer data such as names, addresses, and account numbers. The firm countered that only internal documents like meeting records were taken, and that its savings bank unit and customer accounts were not compromised.
Delta Telekom
August 21, 2025
•[ hack, ddos, technology ]
Azerbaijans primary internet backbone operator, Delta Telekom, was targeted with a massive DDoS attack that caused temporary internet delays, which were mitigated by rerouting traffic through alternative backbone providers and fully restored within hours
