Full List

Search

Recent Breaches

• Government servers of Russian-occupied Crimea July 25, 2025 • [ hack, government ] Ukraines military intelligence agency said it hacked into government servers in Russian-occupied Crimea that allegedly contained evidence of Russias forced deportation of Ukrainian children from occupied territories.
• Parliament of Aruba July 25, 2025 • [ hack, government ] Parliamentary email systems in Aruba were hacked in late July 2025, compromising official accounts. The attack affected email communications but did not disrupt broader parliamentary operations. No attribution or data theft has been confirmed.
• Harbor Behavioral Health July 25, 2025 • [ leak, healthcare ] Harbor reported that suspicious activity was identified on Aug 1, 2025; investigation determined an unauthorized party accessed and took files from the network between late July and Aug 1. Notifications were issued Sept 30; no encryption or operational disruption reported.
• Harbor (Ohio mental health and substance use provider) July 25, 2025 • [ leak, healthcare ] An unauthorized actor accessed Harbors network between July 25 and August 1, 2025, and exfiltrated files containing patient, employee, and board member information. The organization disclosed the breach on September 30, 2025.
• Hello Cake July 25, 2025 • [ leak, healthcare ] In July 2025, the sexual healthcare product maker Hello Cake suffered a data breach. The data was subsequently posted on a public hacking forum and included 23k unique email addresses along with names, phone numbers, physical addresses, dates of birth and purchases.
• Tea App July 25, 2025 • [ data leak, misconfiguration ] Tea, a women-focused dating and safety app, suffered a breach via a misconfigured Firebase storage bucket, exposing ~72,000 images and up to 1.1M private DMs, later leaked on 4chan; users who signed up before Feb 2024 were affected.
• City of Saint Paul, Minnesota July 25, 2025 • [ cyberattack, government, service disruption ] A cyberattack on Saint Paul led to widespread service disruptions; Minnesota activated the National Guard to support response and recovery.
• Polish Air Navigation Services Agency (PANSA) July 25, 2025 • [ cyberattack, sabotage, service disruption ] Polish authorities opened an investigation into potential sabotage affecting air traffic control systems; disruptions triggered review of cyber causes.
• Orange July 25, 2025 • [ data breach, service disruption ] Orange detected a breach of one information system on July 25; isolating affected services caused disruptions for some business and consumer services in France. Company reports no evidence of data exfiltration as of reporting.
• Radiology Associates of Richmond July 25, 2025 • [ data breach, unauthorized access, protected health information (PHI) ] An unauthorized actor accessed Radiology Associates of Richmond's network environment on or about July 25, 2025, and files containing protected health information were acquired. RAR began notifying affected individuals on May 21, 2026; filings reported 266,183 affected individuals.
• Cisco.com Registered Users July 24, 2025 • [ social, phishing, technology ] A voice phishing (vishing) call tricked a Cisco representative into granting access to a third-party CRM system on July 24, 2025. Attackers exfiltrated basic profile information of Cisco.com users (names, emails, phones, addresses, account metadata). No passwords or sensitive data affected; actor remains unknown. Breach discovered by August 5, 2025.
• Curaçao Tax & Customs Administration July 24, 2025 • [ ransomware, malware, government ] Ransomware attack on July 24, 2025 encrypted and paralyzed systems of Curaaos Tax & Customs Administration, disabling counters, phone lines, and internal operations. Online tax filing remained active. Services restored by August 4. No perpetrator identified; no data exfiltration reported.
• Brightstar Lottery Group July 24, 2025 • [ hack ] Unauthorized access to Brightstar Lottery Groups corporate network occurred July 24 2025 and was discovered July 25 2025. The Rhode Island-based vendor notified affected individuals in September after confirming that roughly 550 Connecticut residents personal information was compromised. No operational disruption or encryption reported.
• Sotheby’s July 24, 2025 • [ data leak ] Breach detected July 24; investigation found SSNs and financial details impacted employees
• Curaçao Tax & Customs Administration July 24, 2025 • [ ransomware, operational disruption, government ] Ransomware attack on July 24, 2025 encrypted and paralyzed systems of Curaaos Tax & Customs Administration, disabling counters, phone lines, and internal operations. Online tax filing remained active. Services restored by August 4. No perpetrator identified; no data exfiltration reported.
• American Lending Center July 24, 2025 • [ ransomware, internal network compromise, data breach ] American Lending Center experienced a ransomware attack between July 24 and July 30, 2025, in which a threat actor compromised its internal network, executed ransomware, and accessed files that may have contained personal and sensitive information. No named ransomware group, confirmed encryption details, outage duration, or specific disrupted systems were publicly reported.
• North St. Paul Police Department July 23, 2025 • [ phishing, government, hack ] A phishing email compromised a single business email account in the North St. Paul Police Department around July 23 2025. The incident was swiftly contained with no service disruption and no confirmed data exfiltration, though data compromise is being investigated. Disclosed August 5 2025.
• Joint Court of Justice (Dutch Caribbean) July 23, 2025 • [ hack, malware, government ] A malware infection on July 23, 2025 forced the shutdown of the Joint Court of Justices entire IT network across six islands. Judicial case management, filings, and email were fully disrupted until restoration began around July 28. No group has claimed responsibility; no data exfiltration confirmed.
• POST Luxembourg (national telecommunications infrastructure) July 23, 2025 • [ cyberattack, outage, critical infrastructure ] Cyberattack targeting Huawei telecommunications equipment caused a nationwide outage of 4G and 5G mobile networks in Luxembourg, disrupting emergency services, internet access, and electronic transactions for several hours.
• Naval Group July 23, 2025 • [ data leak, extortion ] Threat actor leaked 1TB of alleged Naval Group data after an extortion attempt. Naval Group says no intrusion confirmed and operations unaffected.