F.C. Copenhagen live stream (Champions League vs Malmö FF)
August 12, 2025
•[ hack, ddos ]
F.C. Copenhagens Champions League stream was disrupted on August 12, 2025, by a large-scale DDoS attack that flooded its login system with traffic equal to six months usage in one hour. Fans were unable to access the match for 28 minutes until an alternate stream was activated. No data was stolen or encrypted.
University of St. Thomas (Houston, TX)
August 12, 2025
•[ ransomware, malware, education ]
On August 12, 2025, the University of St. Thomas in Houston, Texas, detected unauthorized access and voluntarily shut down key systems for nine days. External sources confirmed the INC ransomware gang claimed responsibility, stating they stole 1.8 TB of sensitive university data. University operations including student portals, financial aid, and course scheduling were fully disrupted, though no encryption was reported. Public disclosure followed on August 25, 2025.
Lycoming County Department of Public Safety
August 12, 2025
•[ ransomware, government ]
Drivers license numbers and other PII were exfiltrated from the Lycoming County Department of Public Safety during a ransomware attack detected on August 12, 2025. Officials confirmed cyber criminals stole data but have not reported any encryption. The number of affected individuals remains undisclosed.
Elmcrest Children’s Center, Inc.
August 12, 2025
•[ data leak ]
Elmcrest Childrens Center, Inc. detected unauthorized access to its computer network on August 12, 2025. The investigation determined that files containing information for approximately 23,500 individuals were accessed, including names, addresses, dates of birth, treatment details, and insurance information.
Church of Scientology
August 12, 2025
•[ ransomware, data leak ]
heise reported that the ransomware-as-a-service group Qilin listed Scientology as a new victim on its darknet leak site and claimed to have stolen data from Scientologys UK IT systems. The article notes that screenshots suggest exposure of documents tied to UK visa cost approvals as well as lists of members including account balances and level within the organization, with entries not limited to the UK. No ransom demand amount or operational impacts were confirmed in the reporting, and the consequences for the organization were described as unclear.
Quasar Inc
August 12, 2025
•[ extortion, data leak ]
Hackread reported that the Space Bears extortion group claimed it obtained Comcast-related technical documentation via a breach at Quasar Inc. and threatened to publish it after a countdown timer. The article states the group did not provide file samples for the Comcast-related claim, making independent verification impossible at the time of publication; the leak site also listed Quasar as a separate victim. Because the only available evidence in the source is a threat-actor claim without proof or victim confirmation, this should be treated as an unverified claim rather than a confirmed cyber event record.
Madison County Health Department (Kentucky)
August 12, 2025
•[ data leak ]
This item concerns a reported data breach affecting the Madison County Health Department in Kentucky, with public reporting indicating that the personal information of 71 individuals was exposed. Due to access restrictions/timeouts when retrieving the primary notice and the original local-news article, the available sources do not provide reliable, verifiable detail on the exact intrusion method, the precise dates of unauthorized access, or the specific categories of personal information involved. The event is coded as an exploitive incident (data breach) because a breach with exposed personal information is reported, but the record-level details remain undetermined based on the accessible evidence.
F.C. Copenhagen live stream (Champions League vs Malmö FF)
August 12, 2025
•[ DDoS attack, service disruption, cyber attack ]
F.C. Copenhagens Champions League stream was disrupted on August 12, 2025, by a large-scale DDoS attack that flooded its login system with traffic equal to six months usage in one hour. Fans were unable to access the match for 28 minutes until an alternate stream was activated. No data was stolen or encrypted.
Elmcrest Children’s Center, Inc.
August 12, 2025
•[ unauthorized access, data leak, health information ]
Elmcrest Childrens Center, Inc. detected unauthorized access to its computer network on August 12, 2025. The investigation determined that files containing information for approximately 23,500 individuals were accessed, including names, addresses, dates of birth, treatment details, and insurance information.
Szczytno water treatment plant
August 12, 2025
•[ hacktivism, industrial control systems, critical infrastructure ]
CyberDefence24 reported pro-Russian hacktivists published another recording on Aug. 12, 2025 from the same Polish hydroelectric plant previously referenced in early July 2025 reporting. The outlet said the new video suggested the attackers accessed the control panel while the plant was operating (generator/rotor turning and current visible) and that this represented a more serious incident than the earlier case where the plant appeared off. The report stated attackers did not appear to have full control of the infrastructure, but the incident indicates unauthorized access to industrial control interfaces and potential cyber-physical risk.
Sterling Seacrest Pritchard, Inc.
August 12, 2025
•[ unauthorized access, email breach, data leak ]
Sterling Seacrest Pritchard disclosed unauthorized access to its email environment that may have exposed personal information.
YES24
August 11, 2025
•[ ransomware, malware, retail ]
On August 11, 2025, YES24 suffered its second ransomware attack in two months, leading to encrypted systems and major disruption of Koreas largest internet bookstore. The incident disrupted online sales and order processing; the company did not disclose the exact ransomware group or number of customers impacted, but stated operations were severely affected.
House of Commons of Canada
August 11, 2025
•[ hack, government ]
The House of Commons of Canada was breached via a Microsoft SharePoint zero-day exploit, exposing staff records and device management data. No group has claimed responsibility and investigations are ongoing.
Canadian Investment Regulatory Organization (CIRO)
August 11, 2025
•[ hack, finance ]
Cybersecurity breach at CIRO confirmed Aug 11, 2025. Some personal data of member firms and their registered employees were compromised. CIRO continues core surveillance operations, is investigating impact, will notify affected individuals, and provide mitigation.
Pennsylvania Office of Attorney General
August 11, 2025
•[ ransomware, malware, government ]
Ransomware attack encrypted and paralysed core systems at the Pennsylvania Office of Attorney Generalincluding archived emails, files, internal case systems, phone lines, and websitecausing full disruption for approximately three weeks. No data exfiltration reported. No identified perpetrator. Attack began August 11, 2025; reported August 29, 2025.
Pornhub
August 11, 2025
•[ extortion, phishing, data leak ]
Cybercriminal group ShinyHunters claimed theft of a 94GB dataset containing about 201 million records tied to Pornhub Premium user activity and launched an extortion campaign demanding payment in Bitcoin. Reporting linked the compromise to third-party analytics provider Mixpanel, where access allegedly began on November 8, 2025 after a smishing attack harvested employee login credentials. Samples reviewed by journalists reportedly included email addresses, approximate location (city/country), video titles and URLs, search keywords, and timestamps for watches/downloads. Pornhub stated its internal systems were not directly hacked and that sensitive items such as passwords and credit card details remained secure, while Mixpanel later suggested some access may have involved a legitimate employee account associated with Pornhubs parent company, Aylo.
BreachForums (2025)
August 11, 2025
•[ data leak, hacking, law enforcement takedown ]
In October 2025, a reincarnation of the hacking forum BreachForums, which had previously been shut down multiple times, was taken offline by a coalition of law enforcement agencies. In the months leading up to the takedown, the site itself suffered a data breach that exposed 324k unique email addresses, usernames, and Argon2 password hashes.
BreachForums (2025)
August 11, 2025
•[ data leak, hacking forum, law enforcement action ]
In October 2025, a reincarnation of the hacking forum BreachForums, which had previously been shut down multiple times, was taken offline by a coalition of law enforcement agencies. In the months leading up to the takedown, the site itself suffered a data breach that exposed a total of 672k unique email addresses across all tables, including within forum posts and private messages. The users table alone contained 324k unique email addresses, usernames, and Argon2 password hashes.
74 yr old Bank of America customer
August 10, 2025
•[ financial, hack, malware ]
$70,000 drained from a 74-year-old customer's bank account after hackers infected his computer and added themselves as co-owner, temporarily locking him out; media pressure prompted reimbursement
Kurgan-Telecom
August 10, 2025
•[ hack, ddos, technology ]
On August 10, 2025, Kurgan-Telecom customers in Russia experienced major internet outages due to a distributed denial-of-service (DDoS) attack. The provider limited foreign traffic as a mitigation step; no data was reported stolen or systems encrypted. No group has claimed responsibility.
