Full List

Search

Recent Breaches

• Pump.fun X account February 26, 2025 • [ account takeover, social engineering, cryptocurrency scam ] The official X account of Pump.fun was hijacked on February 26, 2025, and used to promote a fake governance token named PUMP and other scam cryptocurrencies, misleading users and causing financial harm before the fraudulent posts were removed and access was restored.
• Charles County Public Schools February 26, 2025 • [ social engineering, account compromise, payroll fraud ] Caller convinced staff to reset MFA, accessed employee email and Oracle accounts, and attempted payroll change (stopped).
• Rockhill Women's Care February 26, 2025 • [ data leak ] Rockhill Womens Care reported that it became aware of a security incident on or about 02/26/2025 and that an unauthorized third party gained access to its systems. Reporting indicates that sensitive personal and protected health information was involved, and that the organization publicly disclosed the incident and began notifying impacted individuals on or around 09/30/2025. The available descriptions do not specify the initial intrusion vector, but do indicate unauthorized access and potential exposure of patient data.
• City Of Fort St. John February 25, 2025 • [ ransomware ] Ransomware confirmed; data restored and most services back online.
• Orange Group February 25, 2025 • [ data leak ] Orange confirmed breach of a non-critical back-office app; hacker leaked internal docs and data from Orange Romania.
• Hometeamns February 25, 2025 • [ ransomware ] Ransomware hit Singapores HomeTeamNS; no evidence of data extraction.
• Brydens Lawyers February 25, 2025 • [ ransomware, data leak ] Sydney law firm reported ransomware with alleged 600GB data leak under investigation.
• WindTre S.p.A. February 25, 2025 • [ data leak ] WindTre confirmed unauthorized access was detected on 25 Feb 2025 affecting a resellers system; limited customer personal data (names/IDs/contacts) may have been exposed; incident reported to Italys DPA and described as contained.
• Orange Romania February 24, 2025 • [ financial, hack, leak ] In February 2025, the Romanian arm of telecommunications company Orange suffered a data breach which was subsequently published to a popular hacking forum. The data included 556k email addresses (of which hundreds of thousands were in the form of [phone number]@as1.romtelecom.net), phone numbers, subscription details, partial credit card data (type, last 4 digits, expiration date and issuing bank). The breach also exposed an extensive number of internal documents.
• Northern Caribbean University February 24, 2025 • [ data leak ] Cyberattack crippled key systems; NCU warned students of possible data release.
• Infini (Infini Earn) February 24, 2025 • [ insider threat, financial theft, cryptocurrency ] A former developer or compromised admin key was used to withdraw $49.5 million from Infinis smart-contract vault on February 24 2025. The attacker converted USDC to ETH and moved the funds off-chain. Infini, a Hong Kong-based stablecoin bank, offered a 20% bounty for fund return and filed legal action against a former developer in Hong Kong.
• Fort Bend County Libraries February 24, 2025 • [ service disruption ] Fort Bend County is recovering from a Feb. 24 cyber incident that disrupted library catalogue and e-library services for weeks and led to significant cybersecurity contracting; officials reported no leakage of personal information.
• Cleveland Municipal Court February 23, 2025 • [ ransomware, data leak ] Cleveland Municipal Court experienced a full shutdown beginning 2025-02-23 due to a Qilin ransomware attack that encrypted court systems and exfiltrated roughly 44 GB of data. Operations were halted for about 17 days. The attacker demanded $4 million and threatened to leak stolen court documents.
• Invest Hong Kong February 22, 2025 • [ ransomware, data leak ] Follow-up coverage of InvestHK ransomware; checking possible client/staff info exposure; later update: no evidence of leakage.
• Philippine Army & Navy February 22, 2025 • [ data leak ] Local group claimed breach of PH Army/Navy mail; claim public, no confirmation of access or data exposure.
• Anne Arundel County February 22, 2025 • [ data leak ] Between Jan 28 and Feb 22 2025, attackers accessed and downloaded files from a limited portion of Anne Arundel Countys network, including health-related systems. County officials confirm data was not encrypted, but certain files were exfiltrated. A subsequent HHS/OCR filing in May 2025 listed roughly 500 affected individuals.
• Hyundai AutoEver America February 22, 2025 • [ data leak, employee data, PII exposure ] Hyundai AutoEver America, an IT services affiliate of Hyundai Motor Group based in Orange County, California, reported that Undetermined attackers gained unauthorized access to its IT environment between February 22 and March 2, 2025, with the incident discovered on March 1. Forensic investigation and U.S. state regulator filings indicate that personal information stored in employment related systems was exposed, including names, Social Security numbers, and drivers license details. Subsequent updates clarified that approximately 2,000 primarily current and former employees of Hyundai AutoEver America and Hyundai Motor America were notified. The company engaged external cybersecurity experts, cooperated with law enforcement, and is offering two years of credit monitoring while stressing that no connected vehicle data or broader customer information appears to have been affected.
• Paysera February 21, 2025 • [ denial of service ] No customer data or funds affected; the DDoS attack slowed access to Paysera systems starting ~13:30, with most issues resolved by ~15:30 and full restoration by midnight. ([turn0search0]:contentReference[oaicite:0]{index=0})
• Niva Bupa Health Insurance Company Ltd February 21, 2025 • [ data leak ] Niva Bupa received a threat email from an unidentified actor claiming possession of customer data and referencing a leak site; the company reported the incident and obtained a Delhi High Court order to block the site while investigating. No data theft has been confirmed as of Oct 2025.
• LANIT Group February 21, 2025 • [ ransomware ] On 2025-02-21, LANIT Group, a major Russian IT service provider, suffered a cyber incident that encrypted portions of its internal infrastructure and prompted a national warning to financial institutions using its subsidiaries. Authorities confirmed encryption and service isolation but no verified data exfiltration.