Toys “R” Us Canada
July 30, 2025
•[ data leak, phishing ]
Company confirmed a threat actor copied records from its customer database and later leaked them on the dark web; investigation verified the datas authenticity and regulators were notified. No payment credentials were exposed; customers warned about phishing.
Undisclosed financial institutions (ATM network)
July 30, 2025
•[ backdoor, financial theft, atm hacking ]
Infosecurity reports cybercriminals used Raspberry Pi devices to install a backdoor in ATM networks to steal funds.
99 Cents Only Stores (data linked to Dollar Tree acquisition context)
July 30, 2025
•[ ransomware, data leak ]
HackRead reports INC claimed 1.2TB of Dollar Tree data; company statements elsewhere indicate samples match data tied to defunct 99 Cents Only Stores.
Origin Energy
July 30, 2025
•[ insider threat, data leak ]
Encrypted credit/debit card details for 732 customers (plus associated account data) exfiltrated to a personal email account on the employees last day; company disclosed the insider-led breach and began notifications.
JFS Wealth Advisors LLC
July 30, 2025
•[ email compromise, data leak ]
An unauthorized third party accessed a JFS Wealth Advisors corporate email account between July 30 and August 19, 2025, viewing messages containing names and Social Security numbers. JFS secured the account, investigated with third-party experts, and filed notice with state authorities.
Toys “R†Us Canada
July 30, 2025
•[ data leak, phishing, dark web ]
Company confirmed a threat actor copied records from its customer database and later leaked them on the dark web; investigation verified the datas authenticity and regulators were notified. No payment credentials were exposed; customers warned about phishing.
City of Erfurt
July 29, 2025
•[ ddos ]
Welt reports the city of Erfurts website was temporarily paralyzed by a cyber incident, likely DDoS-related.
Sesame Workshop (Elmo account)
July 29, 2025
•[ account takeover ]
Sesame Workshop said it regained control of the Elmo X account after it was hijacked and used to post racist content; company apologized and removed the posts.
Undisclosed Canadian electric utility
July 29, 2025
•[ cyberattack, service disruption, critical infrastructure ]
Canadian utility reported a cyberattack that disrupted smart/power meters and required onsite remediation to restore accurate billing and service.
Undisclosed gaming mouse manufacturer (download site)
July 29, 2025
•[ malware, supply chain attack ]
PCWorld reports a gaming mouse vendors download page hosted malware for weeks, infecting users who downloaded driver/software packages.
Belk, Inc.
July 29, 2025
•[ ransomware ]
Ransomware group INC claimed an attack on Belk; the retailer's confirmation and scope had not been disclosed at report time.
Air France/ KLM
July 28, 2025
•[ leak ]
In August 2025, KLM confirmed that a third-party customer service system it used had been breached, exposing passenger data. The stolen information included names, contact details, and travel information of customers, though no internal KLM operational or financial data was reported compromised. The airline did not disclose how many individuals were affected, but emphasized that flight operations were not disrupted.
Pi-hole (donations site)
July 28, 2025
•[ phishing, misconfiguration, technology ]
Donor names/emails shown in page source due to GiveWP plugin flaw; donors began reporting phishing on July 28; Pi-hole post-mortem confirms exposure and no payment data affected.
TransUnion
July 28, 2025
•[ hack, misconfiguration, finance ]
Unauthorized access via third-party contractor application used in U.S. consumer support operations enabled viewing and copying of files.
Albavision (Albavisión)
July 28, 2025
•[ ransomware, data leak, business disruption ]
GlobalGroup ransomware group alleged breach and data theft at media giant Albavision affecting broadcast operations, with data samples posted.
Aeroflot
July 28, 2025
•[ hacktivism, data leak, data destruction ]
Two hacktivist groups claim to have gained access to 122 hypervisors, 43 ZVIRT virtualization installations, approximately 100 iLO interfaces used for server management, and four Proxmox clusters. They say they exfiltrated all databases from flight history and employee workstations (including of top executives), wiretapping servers containing phone call recordings, and personnel monitoring systems. Claim to have wiped 7,000 physical and virtual servers hosting 12TB of databases, 8TB of Windows Share files, and 2TB of corporate email. Resulted in the cancellation of more than 60 flights and severe delays on additional flights.
Gloucester County, Virginia
July 27, 2025
•[ ransomware ]
Gloucester County reported responding to a ransomware attack that impacted county systems and public access to some services.
City of Nitro, West Virginia
July 26, 2025
•[ data leak ]
Following a data breach, Nitro city employees faced uncertainty over tax withholdings and filings; investigation ongoing and guidance pending.
Everglades Correctional Institution (Florida Department of Corrections)
July 26, 2025
•[ data leak, exposed PII ]
Personal contact information from visitor applications at Everglades Correctional Institution was exposed to all inmates at the facility after a breach reported the prior weekend.
Chanel
July 25, 2025
•[ social, retail ]
Threat actors accessed Chanels Salesforce-hosted database at a third-party provider via social-engineering/OAuth tactics; data theft detected July 25, 2025; U.S. customer contact details exposed; no operational disruption reported.
