Full List

Search

Recent Breaches

• The Fondation Cancer April 18, 2025 • [ unauthorized access, email security, incident response ] Fondation Cancer stated it detected a suspicious incident involving one of its email accounts. After analysis, its specialized IT provider concluded there had been malicious access into part of the organizations email mailboxes and implemented containment measures to stop the intrusion. The foundation indicated it informed partners and Luxembourgs national data protection commission promptly. In its communication, the organization said it had no indication that its internal data were disclosed, stolen, or copied, and that patient-service data were not affected. It also emphasized that the event did not impact the foundations financial operations because financial transactions are processed through separate secure connections.
• Eckert Seamans Cherin & Mellott LLC April 17, 2025 • [ data leak, legal, insufficient security ] Eckert Seamans detected unauthorized activity on an attorneys device on April 17, 2025, and confirmed that a document listing alumni was copied. The firm began notifying affected individuals on June 23, 2025, offering identity protection services and notifying regulators and law enforcement. Class action filed Aug 4, 2025, alleging failure to safeguard PII.
• TickChak (external ticketing platform used by IDF units) April 16, 2025 • [ data leak, hacktivism ] A hacktivist using the alias Persian Prince accessed and leaked data from TickChak, an Israeli ticketing platform reportedly used by IDF units. The leak, publicized on April 16 2025, exposed personal details of tens of thousands of soldiers, including names, national ID numbers, and phone numbers. No ransom or sale was reported; the data was posted publicly to protest Israeli military actions.
• McKenzie Health System (McKenzie Memorial Hospital) April 15, 2025 • [ data leak, healthcare data breach, repeat incident ] Notification to Maine AG reported an incident discovered on or about April 15 affecting 54,016 people; prior 2022 incident had 51,040 impacted, indicating recurring exposure issues.
• Pierce County Library System April 15, 2025 • [ ransomware, data leak, service disruption ] The Record reported that the Pierce County Library System discovered a cybersecurity incident on April 21, 2025 that forced it to shut down all systems, with an investigation later finding attackers had access between April 15 and April 21. By May 12, the library confirmed hackers breached systems and stole information on both patrons and current/former employees, and later breach notifications indicated more than 340,000 people were impacted. The report stated the INC ransomware gang claimed the attack in May, and the combination of service shutdown and confirmed data theft supports a mixed event involving disruption and data compromise.
• Hamilton County Sheriff’s Office April 14, 2025 • [ ransomware, data leak ] Ransomware attack by the Qilin group encrypted internal systems and took the Hamilton County (Tennessee) Sheriffs Office website offline; attackers demanded $300,000 and claimed data theft, but no exfiltration has been verified; systems fully restored by early May 2025.
• Hamilton County Sheriff’s Office April 14, 2025 • [ ransomware, data theft, extortion ] Ransomware attack by the Qilin group encrypted internal systems and took the Hamilton County (Tennessee) Sheriffs Office website offline; attackers demanded $300,000 and claimed data theft, but no exfiltration has been verified; systems fully restored by early May 2025.
• OnTrac April 13, 2025 • [ leak ] Delivery company OnTrac has suffered a data breach that exposed the personal information of over 40,000 people.
• Democratic Party of Korea April 13, 2025 • [ ddos ] The Democratic Party of Korea reported three distributed denial-of-service (DDoS) attacks on April 13, 2025, disrupting access to its official website during an internal vote on presidential primary rules; no data loss or operational damage occurred.
• Western New Mexico University April 13, 2025 • [ cyberattack, service disruption ] Cyberattack beginning April 13 disrupted WNMUs website and other systems; campus Wi-Fi remained down and desktops required IT clearance; temporary website and workarounds used during finals period.
• CMC Corporation April 12, 2025 • [ ransomware, data leak ] Ransomware group Crypto24 carried out a double-extortion attack against Vietnam-based CMC Corporation on April 12, 2025, exfiltrating roughly 2 TB of internal data and encrypting subsidiary servers for less than one day.
• DaVita Inc. April 12, 2025 • [ ransomware, data leak ] On April 12, 2025, DaVita reported a ransomware incident that encrypted elements of its network and disrupted some operations. Subsequent disclosures confirmed theft of personal and medical information impacting over one million individuals.
• Wolters Kluwer N.V. April 12, 2025 • [ data leak ] On April 12 2025, a BreachForums user known as IntelBroker offered for sale a 36 GB dataset allegedly stolen from Wolters Kluwer. The company confirmed an incident affecting its health-journals business but reported no compromise of tax or financial data. The exposed information consisted of professional contact details and profile metadata.
• Pepe memecoin website April 12, 2025 • [ website compromise, phishing, malware ] The official website for the Pepe (PEPE) memecoin was compromised in a front-end attack that redirected visitors to a malicious site. According to Blockaid and Cointelegraph reporting, the compromised front-end contained code associated with the Inferno Drainer family and redirected users to a fake site that injects malicious code intended to drain crypto wallets. Users were advised to avoid interacting with the site while the issue was being addressed; the reporting did not quantify how many users were affected or whether wallet losses occurred.
• At least one individual in southeast Asia April 12, 2025 • [ malware, fraud, financially motivated attack ] A criminal threat group tracked as GoldFactory distributed malware targeting users in Southeast Asia, compromising endpoint devices to enable fraud and other financially motivated activity.
• Synthient Stealer Log Threat Data April 11, 2025 • [ hack, malware, technology ] During 2025, Synthient aggregated billions of records of "threat data" from various internet sources. The data contained 183M unique email addresses alongside the websites they were entered into and the passwords used. After normalising and deduplicating the data, 183 million unique email addresses remained, each linked to the website where the credentials were captured, and the password used. This dataset is now searchable in HIBP by email address, password, domain, and the site on which the credentials were entered.
• Synthient Credential Stuffing Threat Data April 11, 2025 • [ hack, brute-force, technology ] During 2025, the threat-intelligence firm Synthient aggregated 2 billion unique email addresses disclosed in credential-stuffing lists found across multiple malicious internet sources. Comprised of email addresses and passwords from previous data breaches, these lists are used by attackers to compromise other, unrelated accounts of victims who have reused their passwords. The data also included 1.3 billion unique passwords, which are now searchable in Pwned Passwords.
• Multiple Magento e-commerce stores April 10, 2025 • [ supply-chain attack, e-commerce, data leak ] Between 500 and 1,000 online stores using third-party Magento extensions were compromised in a supply-chain attack that inserted backdoors allowing remote code execution and possible payment-data theft; incident discovered in April 2025.
• SK Group (SK Inc.) April 10, 2025 • [ ransomware, data leak ] Qilin listed sk.com on its leak site on April 10 2025, claiming it stole approximately 1 TB of SK Group corporate data. SK has not publicly confirmed the breach or the claimed data volume, and no encryption or operational disruption has been reported.
• At least one government agency or state-owned enterprise in Southeast Asia April 10, 2025 • [ data leak, espionage, government ] The Record, citing Symantecs Threat Hunter Team, reported that the China-linked APT group Billbug (also known as Thrip and Lotus Blossom) compromised multiple government and critical infrastructure organizations in a Southeast Asian country in April 2025. The campaign involved exploitation of legitimate digital certificates and living-off-the-land tools to exfiltrate sensitive documents from government and military networks. No encryption or disruption was reported, and the activity is assessed as political espionage conducted under Chinas Ministry of State Security.