Marks & Spencer
April 19, 2025
•[ data leak ]
A cyberattack discovered over Easter weekend (April 19 2025) caused Marks & Spencer to take systems offline as a precaution, disrupting online orders and click-and-collect services. The company confirmed that attackers accessed customer personal data through a third-party contractors environment but found no evidence of ransomware or data encryption. Personal information accessed included names, contact information, and limited transaction data, but not passwords or full card details.
Russian Railways (RZhD)
April 19, 2025
•[ denial of service, hacktivism ]
The IT Army of Ukraine conducted a distributed denial-of-service attack on Russian Railways national ticketing and logistics platforms on April 19 2025, temporarily paralyzing access across multiple regions; service was restored the same day.
City of Abilene
April 18, 2025
•[ ransomware, data leak ]
On April 18 2025, the City of Abilene, Texas, detected unresponsive servers and shut down affected systems. Reports state certain systems were taken offline and none of the card systems at government offices were working; emergency services remained up and running. The Qilin ransomware group later claimed responsibility; roughly 477 GB of data were reported stolen and some data encrypted/deleted.
Chile national football team (official YouTube channel)
April 18, 2025
•[ malware, account takeover ]
Hackers hijacked the Chile national football teams verified YouTube channel (~43,000 subscribers) for about 48 hours (April 1820 2025), replacing legitimate videos with gaming content embedding malware links and maintaining full administrative control until recovery.
Eckert Seamans Cherin & Mellott LLC
April 17, 2025
•[ data leak, legal, insufficient security ]
Eckert Seamans detected unauthorized activity on an attorneys device on April 17, 2025, and confirmed that a document listing alumni was copied. The firm began notifying affected individuals on June 23, 2025, offering identity protection services and notifying regulators and law enforcement. Class action filed Aug 4, 2025, alleging failure to safeguard PII.
TickChak (external ticketing platform used by IDF units)
April 16, 2025
•[ data leak, hacktivism ]
A hacktivist using the alias Persian Prince accessed and leaked data from TickChak, an Israeli ticketing platform reportedly used by IDF units. The leak, publicized on April 16 2025, exposed personal details of tens of thousands of soldiers, including names, national ID numbers, and phone numbers. No ransom or sale was reported; the data was posted publicly to protest Israeli military actions.
McKenzie Health System (McKenzie Memorial Hospital)
April 15, 2025
•[ data leak, healthcare data breach, repeat incident ]
Notification to Maine AG reported an incident discovered on or about April 15 affecting 54,016 people; prior 2022 incident had 51,040 impacted, indicating recurring exposure issues.
Pierce County Library System
April 15, 2025
•[ ransomware, data leak, service disruption ]
The Record reported that the Pierce County Library System discovered a cybersecurity incident on April 21, 2025 that forced it to shut down all systems, with an investigation later finding attackers had access between April 15 and April 21. By May 12, the library confirmed hackers breached systems and stole information on both patrons and current/former employees, and later breach notifications indicated more than 340,000 people were impacted. The report stated the INC ransomware gang claimed the attack in May, and the combination of service shutdown and confirmed data theft supports a mixed event involving disruption and data compromise.
Hamilton County Sheriff’s Office
April 14, 2025
•[ ransomware, data leak ]
Ransomware attack by the Qilin group encrypted internal systems and took the Hamilton County (Tennessee) Sheriffs Office website offline; attackers demanded $300,000 and claimed data theft, but no exfiltration has been verified; systems fully restored by early May 2025.
OnTrac
April 13, 2025
•[ leak ]
Delivery company OnTrac has suffered a data breach that exposed the personal information of over 40,000 people.
Democratic Party of Korea
April 13, 2025
•[ ddos ]
The Democratic Party of Korea reported three distributed denial-of-service (DDoS) attacks on April 13, 2025, disrupting access to its official website during an internal vote on presidential primary rules; no data loss or operational damage occurred.
Western New Mexico University
April 13, 2025
•[ cyberattack, service disruption ]
Cyberattack beginning April 13 disrupted WNMUs website and other systems; campus Wi-Fi remained down and desktops required IT clearance; temporary website and workarounds used during finals period.
CMC Corporation
April 12, 2025
•[ ransomware, data leak ]
Ransomware group Crypto24 carried out a double-extortion attack against Vietnam-based CMC Corporation on April 12, 2025, exfiltrating roughly 2 TB of internal data and encrypting subsidiary servers for less than one day.
DaVita Inc.
April 12, 2025
•[ ransomware, data leak ]
On April 12, 2025, DaVita reported a ransomware incident that encrypted elements of its network and disrupted some operations. Subsequent disclosures confirmed theft of personal and medical information impacting over one million individuals.
Wolters Kluwer N.V.
April 12, 2025
•[ data leak ]
On April 12 2025, a BreachForums user known as IntelBroker offered for sale a 36 GB dataset allegedly stolen from Wolters Kluwer. The company confirmed an incident affecting its health-journals business but reported no compromise of tax or financial data. The exposed information consisted of professional contact details and profile metadata.
Pepe memecoin website
April 12, 2025
•[ website compromise, phishing, malware ]
The official website for the Pepe (PEPE) memecoin was compromised in a front-end attack that redirected visitors to a malicious site. According to Blockaid and Cointelegraph reporting, the compromised front-end contained code associated with the Inferno Drainer family and redirected users to a fake site that injects malicious code intended to drain crypto wallets. Users were advised to avoid interacting with the site while the issue was being addressed; the reporting did not quantify how many users were affected or whether wallet losses occurred.
At least one individual in southeast Asia
April 12, 2025
•[ malware, fraud, financially motivated attack ]
A criminal threat group tracked as GoldFactory distributed malware targeting users in Southeast Asia, compromising endpoint devices to enable fraud and other financially motivated activity.
Synthient Stealer Log Threat Data
April 11, 2025
•[ hack, malware, technology ]
During 2025, Synthient aggregated billions of records of "threat data" from various internet sources. The data contained 183M unique email addresses alongside the websites they were entered into and the passwords used. After normalising and deduplicating the data, 183 million unique email addresses remained, each linked to the website where the credentials were captured, and the password used. This dataset is now searchable in HIBP by email address, password, domain, and the site on which the credentials were entered.
Synthient Credential Stuffing Threat Data
April 11, 2025
•[ hack, brute-force, technology ]
During 2025, the threat-intelligence firm Synthient aggregated 2 billion unique email addresses disclosed in credential-stuffing lists found across multiple malicious internet sources. Comprised of email addresses and passwords from previous data breaches, these lists are used by attackers to compromise other, unrelated accounts of victims who have reused their passwords. The data also included 1.3 billion unique passwords, which are now searchable in Pwned Passwords.
Multiple Magento e-commerce stores
April 10, 2025
•[ supply-chain attack, e-commerce, data leak ]
Between 500 and 1,000 online stores using third-party Magento extensions were compromised in a supply-chain attack that inserted backdoors allowing remote code execution and possible payment-data theft; incident discovered in April 2025.
