Oregon Department of Environmental Quality (DEQ)
April 1, 2025
•[ ransomware, data leak ]
On April 1 2025, the Oregon Department of Environmental Quality experienced a ransomware attack attributed to the Rhysida group. The incident encrypted internal servers and disabled key systems, including statewide vehicle inspection services, email, web portals, and internal databases. Rhysida claimed to have exfiltrated over 1 million files and demanded a $2.5 million ransom, though DEQ has not confirmed data theft.
Australian Retirement Trust
April 1, 2025
•[ data leak ]
Cyber criminals used stolen credentials to access ART member accounts during coordinated attacks on Australias pension funds; no confirmed financial loss.
Hostplus
April 1, 2025
•[ credential stuffing ]
Hostplus reported limited unauthorized logins to member accounts linked to credential-stuffing attacks on multiple Australian superannuation funds in April 2025.
DuPage County Government (Justice Systems)
April 1, 2025
•[ ransomware, data leak ]
Cyberattack on DuPage County, Illinois in early April 2025 encrypted servers supporting court, probation, and clerk operations, forcing justice-system portals offline for several days. Officials confirmed encryption but found no evidence of data theft or leak as of April 10 2025.
Bulgaria’s Permanent Representation to NATO
April 1, 2025
•[ ransomware ]
Novinite/BNR reported MP claims of an April ransomware incident at Bulgarias NATO mission.
Pillsbury Winthrop Shaw Pittman LLP
April 1, 2025
•[ social engineering, data leak, personally identifiable information ]
Global law firm Pillsbury Winthrop Shaw Pittman reported that in April 2025 a sophisticated social-engineering attack allowed an intruder to gain limited access to its internal systems. The attacker convinced a single user to grant access and then rapidly downloaded a set of documents containing sensitive personal information, including names, Social Security numbers, addresses, birthdates, and some financial account details for thousands of people. Pillsbury stated that the activity was quickly detected and blocked, and it subsequently bolstered its security controls and notified affected individuals, with public disclosure occurring on November 6, 2025. The breach has since led to class-action litigation alleging inadequate safeguards and delayed notification.
Cincinnati Pain Physicians
March 31, 2025
•[ ransomware ]
Ransomware hit Blue Ash clinic; systems locked and records rebuilt manually.
Atlas CPAs & Advisors
March 31, 2025
•[ data leak ]
Accounting firm mailed breach letters beginning March twentieth to impacted individuals.
ImagineX Management Company Limited
March 31, 2025
•[ data leak, misconfiguration, outdated systems ]
A breach at the Hong Kong brand-management firm ImagineX Management Company Limited led to the exposure of nearly 128,000 individuals personal data after attackers exploited an unused temporary user account and gained access to the company intranet, with the root cause attributed to outdated operating systems and delayed deletion of temporary accounts
Assa Abloy
March 31, 2025
•[ ransomware ]
Swedish lock manufacturer reported ransomware affecting operations; investigation and recovery ongoing.
Moscow Metro
March 31, 2025
•[ hacktivism, disruption of service ]
Moscow subway website and app disrupted; site displayed Ukraine railway message before removal.
Samsung Germany
March 31, 2025
•[ data leak, compromised credentials ]
Threat Actor Published Samsung Germany Customer Ticket Records Using Long-Compromised Credentials.
Rostelecom Belgorod Region
March 31, 2025
•[ ddos ]
Belgorod governor reported Ddos on Rostelecom disrupting an official livestream.
Samsung Germany Customer Tickets
March 30, 2025
•[ leak, malware, technology ]
In March 2025, data from Samsung Germany was compromised in a data breach of their logistics provider, Spectos. Allegedly due to credentials being obtained by malware running on a Spectos employee's machine, the breach included 216k unique email addresses along with names, physical addresses, items purchased from Samsung Germany and related support tickets and shipping tracking numbers.
Undisclosed Australian School
March 30, 2025
•[ phishing ]
Hoax school shooting emails were sent after school email accounts were hacked.
Europcar Mobility Group
March 30, 2025
•[ data leak ]
Europcar Mobility Group confirmed that an unauthorized actor accessed its GitLab server, exposing internal repositories, configuration files, and database backups containing up to 200 000 customer records. The leaked material included mobile-app source code, environment (.env) files, and SQL backups totaling about 37 GB. No evidence of encryption or operational disruption was reported. Europcar disabled the compromised instance and began an internal investigation.
Deutsche Gesellschaft für Osteuropakunde (DGO)
March 30, 2025
•[ espionage, data leak, state-sponsored attack ]
In late March 2025, German officials reported a cyber-espionage incident targeting the Deutsche Gesellschaft fr Osteuropakunde (DGO), a nonprofit academic association focused on Eastern Europe. Investigators attributed the intrusion to Russias Foreign Intelligence Service (SVR), also known as Midnight Blizzard, APT29, or NOBELIUM. Attackers accessed email servers and internal communications for intelligence-gathering purposes. No data encryption or operational disruption was reported, indicating a stealthy exploitation of application servers.
Rbk Money
March 30, 2025
•[ cyber incident, service disruption ]
Russian source reported cyber incident impacting payments firm operations and services.
Royal Mail Group
March 29, 2025
•[ data leak ]
British postal operator Royal Mail suffered a data leak via its supplier Spectos GmbH. A threat actor claimed to have stolen ~144 GB of data, including personal customer information and internal business documents. Royal Mail confirmed the supplier breach but stated operations were unaffected.
myCicero
March 29, 2025
•[ data leak ]
Italian reporting stated that unknown cybercriminals attacked myCiceros systems between March 2930, 2025 and exfiltrated data from servers used to support transport-ticketing apps, including the UnicoCampania service. According to the article, stolen information included users personal/contact details, usernames and passwords, and information about purchased mobility tickets (type, validity, fare zone, and amounts paid). The report stated that payment card data were not stolen because those data were not hosted on myCicero systems, and it warned that even if passwords were stored encrypted, attackers might attempt to crack them depending on password strength.
