Blazer Real Estate Services LLC
October 30, 2025
•[ data leak ]
Blazer Real Estate Services LLC reported that an unauthorized party accessed company systems on October 30 and exfiltrated customer identity and financial information, including drivers license and Social Security numbers; no operational disruption was reported.
Associated Radiologists of the Finger Lakes P.C.
October 30, 2025
•[ data leak ]
A subset of ARFLs network was accessed by an unauthorized party between October 28 and October 30 2025 during which files containing personal and health information were viewed or copied without permission Notifications were issued on December 29
University of Pennsylvania
October 30, 2025
•[ data breach, ransomware, donor records ]
In October 2025, the University of Pennsylvania was the victim of a data breach followed by a ransom demand, largely affecting its donor database. After the incident, the attackers sent inflammatory emails to some victims. The data was later published online in February 2026 and included 624k unique email addresses alongside names and physical addresses. For some donor records, additional personal information was exposed, including gender and date of birth. A small subset of records also contained religion, spouse name, estimated income and donation history.
Kaplan
October 30, 2025
•[ data leak, unauthorized access, personally identifiable information ]
The Record reported Kaplan notified regulators and individuals about a fall 2025 cybersecurity incident in which an unauthorized actor accessed Kaplans servers for 19 days (Oct. 30 to Nov. 18, 2025) and leaked/removed personal data. Kaplans notifications across several states totaled at least 230,941 people in states that publish counts, and an update said Kaplan later informed Oregon that 1.4 million people were affected. The exposed data included Social Security numbers and drivers license numbers (and related identifiers). The report did not name the attacker or provide a detailed intrusion method, but confirmed the access window and sensitive identifiers involved.
TEIN
October 30, 2025
•[ ransomware, encryption, ransom note ]
TEIN found encrypted server files and a ransom note after a U.S. subsidiary reported it could not access an internal server.
Paterson & Dowding Family Lawyers
October 28, 2025
•[ ransomware, data leak ]
Threat actors from the Anubis ransomware gang listed Perth based Paterson & Dowding Family Lawyers on their dark web site in late October 2025, claiming to have compromised the Western Australian family law firm and stolen large volumes of sensitive client, business and staff data, which they showcased in detailed samples. The posted material includes financial documents such as superannuation statements, tax information, pay slips and a crypto wallet screenshot, along with correspondence relating to client businesses and deeply personal family messages, emails and social media content connected to ongoing disputes. The firm subsequently confirmed it had suffered a cyber incident and determined that a subset of personal information had indeed been accessed and taken, engaged external experts to contain and investigate the breach, began notifying affected clients and staff, and reported the matter to relevant privacy and cybersecurity authoriti
Cohen's Fashion Optical LLC
October 28, 2025
•[ data leak ]
Cohen's Fashion Optical LLC reported that an unauthorized third party accessed company systems on October 28 and acquired files containing customer personal, financial, insurance, and medical information; no operational disruption or actor attribution was identified.
Poltronesofà
October 27, 2025
•[ ransomware, data leak, phishing ]
Italian furniture retailer Poltronesof disclosed that its IT environment suffered a ransomware attack on October 27, 2025, in which intruders compromised group servers and encrypted virtual machines, making several internal systems temporarily unavailable. The companys incident-response team isolated affected infrastructure and launched a forensic investigation, but it warned that attackers may have exfiltrated customer data including identification and contact details. While payment information was reportedly not impacted, customers were advised to be vigilant for phishing attempts and to change passwords used with company services.
CareOregon / Health Share of Oregon
October 27, 2025
•[ data leak ]
Unauthorized viewing of member information occurred within CareOregon-managed systems supporting Health Share of Oregon, leading to notifications to affected members.
Catwig LLC d/b/a Victory Disability
October 27, 2025
•[ unauthorized access, data breach, Personally Identifiable Information (PII) ]
Catwig LLC (doing business as Victory Disability) stated it became aware in November 2025 of claims that an unknown party obtained information belonging to the firm. The company initiated an investigation with third-party cybersecurity specialists and notified federal law enforcement. The investigation concluded that an unknown party accessed a portion of Victory Disabilitys environment between October 27 and November 12, 2025 and may have viewed or copied certain information stored there. Potentially impacted data included names, contact information, Social Security numbers, and in some cases dates of birth and medical information (diagnosis, treatment, medications, lab results) if provided to Victory in connection with a case. The company reported filing notice with the California Attorney General and beginning written notifications on December 12, 2025.
PoltronesofÃ
October 27, 2025
•[ ransomware, phishing, data breach ]
Italian furniture retailer Poltronesof disclosed that its IT environment suffered a ransomware attack on October 27, 2025, in which intruders compromised group servers and encrypted virtual machines, making several internal systems temporarily unavailable. The companys incident-response team isolated affected infrastructure and launched a forensic investigation, but it warned that attackers may have exfiltrated customer data including identification and contact details. While payment information was reportedly not impacted, customers were advised to be vigilant for phishing attempts and to change passwords used with company services.
Svenska Kraftnät
October 25, 2025
•[ ransomware, data leak ]
Swedens national power grid operator Svenska Kraftnt experienced a data breach on October 25, 2025, when ransomware group Everest accessed an external file-transfer system and claimed to have stolen roughly 280 GB of data. Electricity transmission operations were not affected.
DoorDash
October 25, 2025
•[ data leak ]
DoorDash reported that an unauthorized party accessed a company system on October 25 and obtained personal contact and order information; the company stated that sensitive personal or financial data was not accessed and no operational disruption occurred.
700Credit
October 25, 2025
•[ data leak ]
700Credit, an automotive credit reporting and identity verification provider, was reported to have experienced a data breach on or around Oct. 25, 2025. The report stated the company was alerted to suspicious activity within its proprietary web-based application (700Dealer.com), after which it engaged third-party forensic specialists. According to the reporting, the investigation found consumer data had been copied from the application without authorization, while 700Credits internal network was said to be unaffected. Compromised data was described as including consumer names, addresses, and Social Security numbers from auto financing applications submitted between May and October 2025.
700Credit
October 25, 2025
•[ data leak ]
The Record reported that auto-dealership service provider 700Credit said 5,836,521 people were affected by a data breach discovered on October 25, 2025. The company stated its IT team found that attackers made copies of information they accessed in 700Credit systems and that the copied data included names, Social Security numbers, dates of birth, and addresses. The report noted the company notified federal law enforcement and the FTC and began offering identity protection services, indicating confirmed unauthorized access and copying of sensitive consumer identifiers.
Svenska Kraftnät
October 25, 2025
•[ ransomware, data breach, critical infrastructure ]
Swedens national power grid operator Svenska Kraftnt experienced a data breach on October 25, 2025, when ransomware group Everest accessed an external file-transfer system and claimed to have stolen roughly 280 GB of data. Electricity transmission operations were not affected.
MyVidster (2025)
October 24, 2025
•[ leak, phishing, technology ]
In October 2025, the data of almost 4M MyVidster users was posted to a public hacking forum. Separate to the 2015 breach, this incident exposed usernames, email addresses and in a small number of cases, profile photos.
AT&T Careers HR portal
October 24, 2025
•[ ransomware, data leak, fraud ]
Ransomware actors posted a dataset labeled AT&T Careers on their leak site, indicating records tied to recruiting/applicant systems; listing framed for monetization with no operational outage described. Organization review pending; risk centers on identity/targeted fraud against job-seekers and staff.
Unigym Gatineau
October 24, 2025
•[ phishing, data leak ]
Members personal and financial details potentially accessed; centre warned about phishing/fraud and began coordination with card processors and police after local media alerted them to leaked samples.
ModMed (Modernizing Medicine)
October 24, 2025
•[ data leak, healthcare, third-party breach ]
Modernizing Medicine (ModMed) said it discovered unauthorized activity on July 29, 2025, and confirmed that attackers had accessed and exfiltrated data from servers hosting podiatry-client EHR information between July 910. Exposed fields include full names, addresses, DOB, SSNs, contact details, health insurance info, medical record and patient account numbers, dates of service, providers/practices, billing/diagnostic codes, prescription/medication data, and diagnosis/treatment information; providers were notified on September 19 and patients on October 17. Days later, a seller advertised a partial EHR database (1,0001,500 podiatry patient records) on a breach forum/Telegram, indicating financially motivated data trafficking, though ModMed has not confirmed a second intrusion. Overall impact: large-scale PHI exposure from vendor-hosted servers, with evidence of downstream data sale attempts.
