Full List

Search

Recent Breaches

• Asefa Seguros June 9, 2025 • [ ransomware, data leak ] The Spanish subsidiary of a French insurance group (Asefa Seguros) confirmed a cyberattack after the Qilin ransomware gang claimed to have stolen about 210 GB of internal corporate and client data, including passports and an insurance plan for FC Barcelonas Camp Nou stadium.
• Multiple Thai government and news websites June 9, 2025 • [ DDoS, hacktivism, service disruption ] Cambodian hacktivist collective AnonSecKh launched DDoS attacks on June 9 2025 against Thai government and media websites hosted on common public-sector servers; traffic floods disrupted access to more than 20 sites for about two days before mitigation by ThaiCERT; no data theft or defacement reported.
• Zoomcar Holdings, Inc. June 9, 2025 • [ data leak ] Unauthorized third-party access discovered on June 9 2025 exposed personal data of approximately 8.4 million Zoomcar users. The company confirmed no financial or password data was affected and reported no service disruption. No actor has claimed responsibility, and investigation is ongoing.
• Omnicuris June 8, 2025 • [ leak, healthcare ] In June 2025, the Indian CME platform Omnicuris suffered a data breach that exposed approximately 200k records of healthcare professionals. The data included names, email addresses, phone numbers, geographic locations and other data attributes relating to professional expertise and training progress. Omnicuris is aware of the incident.
• Bharatpedia (English Version) June 8, 2025 • [ denial of service, hacktivism ] Bharatpedias official X account confirmed a cyberattack on June 8, 2025, that took its English site offline for several days; incident attributed to an external denial-of-service campaign consistent with hacktivist protest activity; no data compromise reported.
• Oxford City Council June 7, 2025 • [ data leak ] On June 7 2025, Oxford City Council discovered unauthorized access to legacy IT systems containing historic data from election administration records (20012022). The council confirmed that core services were unaffected and found no evidence of large-scale data extraction or leaks. The attackers have not been identified.
• Government of Paraguay (employee workstation compromise) June 7, 2025 • [ data leak, infostealer, credential theft ] Infostealer malware installed on a Paraguayan government employees computer harvested credentials and tokens, enabling attackers to exfiltrate databases containing personal information on effectively the entire national population. Security researchers confirmed millions of identity recordsincluding names, national IDs, and contact detailswere leaked online in early June 2025. The Record verified the exposure and found no evidence of ransomware or system disruption.
• Erie Insurance June 7, 2025 • [ data leak, ransomware ] Erie Insurance detected unauthorized network activity on June 7 2025, prompting containment measures and temporary isolation of systems. The insurer reported the incident to regulators and stated there was no evidence of ransomware or confirmed data theft, though review of potential personal-information exposure remained ongoing.
• DealMed Medical Supplies LLC June 7, 2025 • [ ransomware, data leak ] DealMed Medical Supplies LLC reported that an unauthorized party accessed its network on or around June 7, 2025, viewing or obtaining files containing protected health information, including names and Social Security numbers. DealMed confirmed the exposure on October 31, 2025. The DragonForce ransomware group listed DealMed on its leak site and claimed to have exfiltrated nearly 106 GB of data. Notification letters have been issued to affected individuals.
• Russian Railways (RZD) June 6, 2025 • [ denial of service ] On June 6 2025, Russian Railways reported that its website and mobile app were targeted by a distributed denial-of-service attack, temporarily disrupting online ticketing. Physical ticket counters operated normally, and no data theft or encryption occurred.
• Belize High Court Registry June 6, 2025 • [ ransomware ] In early June 2025, Belizes High Court Registry suffered a suspected ransomware incident that fully disabled its digital filing and record-keeping systems for approximately 34 days. Several servers were taken offline, forcing manual operations and halting court filings nationwide. Officials reported no evidence of data theft and have not identified the attacker.
• Multiple Ukrainian Government Ministries June 6, 2025 • [ wiper malware, data destruction, government ] Pro-Russian wiper campaign deployed PathWiper malware across multiple Ukrainian government networks around June 6, 2025; Cisco Talos and CERT-UA confirmed data destruction without exfiltration; activity attributed to a Russia-linked APT.
• Undisclosed Ukrainian Energy Organization June 6, 2025 • [ malware, apt, data destruction ] PathWiper malware associated with a pro-Russian APT destroyed data at an undisclosed Ukrainian energy organization on June 6, 2025; Cisco Talos and CERT-UA confirmed data destruction; no data theft reported.
• Lexington-Richland School District 5 June 5, 2025 • [ ransomware, phishing, education ] On June 3, 2025, Lexington-Richland School District 5 detected a network intrusion following a phishing email that disrupted systems, delayed summer school and staff bonuses. Over 1.03 TB of data has been confirmed under review. Though Interlock claimed responsibility, this is unverified. The district refused ransom demands and is offering credit monitoring to affected individuals.
• Chess.com June 5, 2025 • [ hack ] Chess.com says 4,500 people had data stolen during June breach.
• United Natural Foods, Inc. (UNFI) June 5, 2025 • [ ransomware ] UNFI detected unauthorized activity in its IT systems on June 5 2025, believed to involve a financially motivated criminal intrusion that disrupted electronic ordering and product distribution to thousands of retail clients. The outage caused an estimated $350$400 million in lost sales before core systems were restored on June 26 2025; no data theft has been confirmed.
• HM Revenue and Customs (HMRC) June 5, 2025 • [ data leak, compromised credentials, fraud ] Compromised credentials and personal data from 100,000 taxpayer accounts used in fraudulent refund claims totaling 47 million.
• Surmodics, Inc. June 5, 2025 • [ data leak ] Surmodics shut down parts of its IT systems after detecting unauthorized access on June 5; SEC filing notes restoration ongoing and potential data theft being analyzed.
• Rajkot Municipal Corporation (GIS Website) June 3, 2025 • [ data leak ] Cyberattack on the Rajkot Municipal Corporations GIS website in India resulted in exfiltration of roughly 400 GB of civic and citizen data; systems taken offline for investigation; no ransomware or encryption reported; attacker identity unconfirmed.
• Tupolev June 3, 2025 • [ data leak, website defacement, state-sponsored ] Ukrainian intelligence (GUR) compromised Tupolevs internal servers and exfiltrated 4.4 GB of files including personnel records, procurement documents, internal memos, and meeting minutes. The companys website was briefly defaced following the breach.