TISZA Világ
October 6, 2025
•[ leak, hack, government ]
In late October 2025, data breached from the Hungarian political party TISZA was published online before being extensively redistributed. Stemming from a compromise of the TISZA Vilg service earlier in the month, the breach exposed 200k records of personal data including email addresses along with names, phone numbers and physical addresses.
Unnamed Minnesota hospital
October 6, 2025
•[ ransomware, extortion, data leak ]
Ransomware group Radiant listed an unnamed Minnesota hospital on its leak site and issued a 7-day extortion deadline; hospital not yet identified and operational impact undisclosed.
Western Sydney University
October 6, 2025
•[ phishing ]
Mass fraudulent emails to students/alumni claiming degree revocation; university says messages were not legitimate.
Indonesian National Police
October 4, 2025
•[ data leak, government, hacker ]
Hacker Bjorka released a dataset of ~341k police personnel (names, ranks, units, contacts) from 2016 on a public site; authorities acknowledge leak discussions while probing identity of actor.
Renault UK
October 3, 2025
•[ data leak, third-party breach ]
Third-party service provider breach affecting Renault UK customer records; exposed contact and vehicle identifiers; Renault says own systems not compromised.
General Directorate of Taxes and Domains
October 3, 2025
•[ data leak ]
Criminal group 'Black Shrantac' claims breach of Senegals DGID with large-scale data exfiltration; impact on DGID operations not detailed.
Discord
October 3, 2025
•[ data leak, third-party breach ]
Third-party customer support vendor was breached, exposing support tickets, personal data, limited billing details, and a small number of government-ID images; Discord core systems unaffected.
Clarins Group
October 3, 2025
•[ ransomware, data leak ]
Press release states Clarins international e-commerce platforms were hit by ransomware; Everest allegedly leaked samples and claims access to ~600k customer records with personal/transactional info.
Colorado State Public Defender’s Office
October 3, 2025
•[ ransomware ]
Ransomware beginning Oct 3 2025 encrypted servers and shared drives at Colorados State Public Defender Office, rendering thousands of case files inaccessible and delaying operations for weeks. No evidence of data theft or leak has been reported.
My ServiceOttawa
October 3, 2025
•[ data leak, phishing ]
On 3 October 2025 a My ServiceOttawa account using an automated bot exploited a bug in the service request lookup tool, allowing it to pull details of other residents service requests when a valid request number was supplied. The City of Ottawa says the breach was limited to email and postal addresses tied to about 2,454 service requests and did not include financial information, passwords or other sensitive data. The city immediately blocked the bot, patched the application, identified all potentially affected records and began notifying impacted residents with advice on spotting phishing or misuse of their contact details.
Apple Federal Credit Union
October 3, 2025
•[ atm jackpotting ]
ATM jackpotting attack at an Apple Federal Credit Union drive-thru ATM in Fair Oaks, Virginia, where attackers manipulated ATM systems to force unauthorized cash dispensing, resulting in approximately $175,000 stolen.
Colorado State Public Defender’s Office
October 3, 2025
•[ ransomware, encryption, operational disruption ]
Ransomware beginning Oct 3 2025 encrypted servers and shared drives at Colorados State Public Defender Office, rendering thousands of case files inaccessible and delaying operations for weeks. No evidence of data theft or leak has been reported.
DraftKings
October 2, 2025
•[ credential stuffing ]
Credential stuffing allowed unauthorized access to a small number of customer accounts and limited data; company says internal systems not breached and no financial loss.
Latvian government portals
October 2, 2025
•[ ddos ]
Large DDoS disrupted access to many Latvian state and municipal websites; services restored after roughly an hour; investigation ongoing.
Legal Practice Board of Western Australia
October 2, 2025
•[ ransomware, data leak, health data ]
Ransomware attack in May led to compromise of additional data beyond initial disclosure; impacted info includes health, financial, and personal data.
Canadian Tire Corporation
October 2, 2025
•[ data leak ]
Retailer reported Oct 2 breach of e-commerce database impacting customer information across multiple banners.
Red Hat
October 2, 2025
•[ extortion, data leak ]
Red Hat confirmed incident affecting a consulting GitLab instance; extortion group claims access to repos and CERs with potentially sensitive client details.
United States Air Force
October 2, 2025
•[ data leak ]
USAF investigating a SharePoint permissions issue leading to exposure of PII/PHI; SharePoint access was blocked Air Force-wide while Microsoft and authorities investigate; no attribution yet.
Canadian Tire
October 2, 2025
•[ data breach, retail, PII ]
In October 2025, retailer Canadian Tire was the victim of a data breach that exposed almost 42M records. The data contained 38M unique email addresses along with names, phone numbers and physical addresses. Passwords were stored as PBKDF2 hashes and for a subset of records, dates of birth and partial credit card data were also included (card type, expiry and masked card number). In its disclosure notice, Canadian Tire advised that the incident did not impact bank account information or loyalty program data.
BNB Chain
October 1, 2025
•[ phishing ]
BNB Chains X account was hijacked and used to post phishing links; control was restored and malicious posts removed; no data theft reported.
