Full List

Search

Recent Breaches

• Blessing Corporate Services Inc. (Blessing Health System) January 22, 2025 • [ ransomware, data leak ] Blessing Corporate Services reported a ransomware attack on January 22 2025 that stole and encrypted patient information for approximately 15,000 individuals. The breach disrupted some clinical operations before containment and was publicly disclosed in April 2025. No actor attribution has been made.
• Alabama Ophthalmology Associates January 22, 2025 • [ ransomware, data leak ] Unauthorized access occurred Jan 2230, 2025; AOA later confirmed patient data was acquired. BianLian claimed responsibility; notifications began in April 2025.
• Union Health System January 22, 2025 • [ data leak, supply chain attack ] Union Health reported that an unknown party accessed Oracle Health/Cerners data migration environment sometime after January 22, 2025; Union Health systems werent breached but patient data held by the vendor was exposed; notifications issued in May 2025.
• Oracle Corporation (legacy cloud environment) January 22, 2025 • [ data leak, extortion ] Threat actor rose87168 exploited Oracles legacy Gen 1 Cloud infrastructure, stealing credentials and configuration data from ~140,000 tenants (6 million+ records) and attempting extortion; Oracle privately confirmed breach to customers.
• Unnamed internet service provider (ISP) from Eastern Asia January 21, 2025 • [ hack, ddos, technology ] Cloudflare says it detected and blocked a 5.6 Terabit per second (Tbps) distributed denial-of-service (DDoS) attack, the largest ever attack to be reported to date.
• Rostelecom January 21, 2025 • [ leak, technology ] A major Russian telecommunications provider, Rostelecom, says that it is investigating a suspected cyberattack on one of its contractors after threat actors from Silent Crow claim to have leaked the company's data.
• Embassies, lawyers, government-backed banks, and think tanks in Kyrgyzstan January 21, 2025 • [ espionage, government ] Researchers at Seqrite discover a previously undocumented threat actor dubbed Silent Lynx, linked to cyber attacks targeting various entities in Kyrgyzstan and Turkmenistan.
• Zürcher Kantonalbank (ZKB) January 21, 2025 • [ hack, ddos, finance ] Erneut hat die Hackergruppe NoName aus Russland eine Reihe von Schweizer Websites mit DDoS-Attacken lahmgelegt. Der Zeitpunkt der Angriffe hat wohl vor allem mit der Durchfhrung des WEF zu tun.
• Stadt Schaffhausen January 21, 2025 • [ hack, ddos, government ] Two cantonal banks and various public websites were unavailable on Tuesday morning. A hacker group with ties to Russia is "testing" the resilience of Switzerland's internet infrastructure, as they call it. Today, Ukrainian President Volodomir Zelensky will speak at the WEF in Davos.
• Ville de Sierre / Stadt Siders January 21, 2025 • [ hack, ddos, government ] In the morning, Schaffhausen energy supplier SH Power also displayed an error message. However, its site was back online before midday. Meanwhile, the websites for the cities of Sierre and Geneva remained inaccessible.
• Cycle & Carriage Singapore January 21, 2025 • [ hack, leak, retail ] Cycle & Carriage Singapore disclosed a data breach in which attackers accessed an application server and exfiltrated ~147,000 customer records. No encryption or disruption of operations was reported.
• Ascension January 21, 2025 • [ data leak, vulnerability ] Ascension disclosed a data breach linked to a former business partners software vulnerability; filings indicate 437,329 impacted individuals.
• Individual in Galicia January 20, 2025 La entidad alegaba que su clienta haba sido imprudente
• Northwest Radiologists / Mount Baker Imaging January 20, 2025 • [ hack, leak, healthcare ] Northwest Radiologists (Mount Baker Imaging) discovered a network intrusion on January 25, 2025, with malicious activity beginning around January 20 that exposed patient data from its systems. The breach compromised PII/PHIincluding names, contact details, dates of birth, SSNs, drivers license/ID numbers, treatment/diagnosis information, medical record and insurance detailsimpacting about 348,118 Washington residents; no ransomware claim or operational disruption was confirmed.
• Manpower January 20, 2025 • [ ransomware, leak, malware ] Manpower disclosed that a ransomware attack by RansomHub led to the theft of 500GB of files and the exposure of personal data from roughly 140000 individuals. The attackers listed Manpower on their leak site but later removed it, suggesting a ransom settlement.
• Telecom / ISP / cloud providers in Switzerland January 20, 2025 • [ DDoS ] Over 1,400 distributed denial-of-service attacks observed during WEF in Davos, targeting telcos and cloud providers using amplification and TCP floods, peaking at ~426 Gbps in reconnaissance, then ~24 Gbps during sessions.
• Medical Associates of Brevard January 18, 2025 • [ ransomware, malware, healthcare ] {"richText":[{"font":{"size":11,"color":{"theme":1},"name":"Aptos Narrow"},"text":"BianLian claimed MAB in Jan 2025; MABs review (by 07/07/2025) identified affected individuals and data types; HHS breach portal lists "},{"font":{"bold":true,"size":11,"color":{"theme":1},"name":"Aptos Narrow"},"text":"246,711"},{"font":{"size":11,"color":{"theme":1},"name":"Aptos Narrow"},"text":" affected in a "},{"font":{"bold":true,"size":11,"color":{"theme":1},"name":"Aptos Narrow"},"text":"Hacking/IT Network Server"},{"font":{"size":11,"color":{"theme":1},"name":"Aptos Narrow"},"text":" incident reported "},{"font":{"bold":true,"size":11,"color":{"theme":1},"name":"Aptos Narrow"},"text":"09/05/2025"},{"font":{"size":11,"color":{"theme":1},"name":"Aptos Narrow"},"text":"; no outage confirmed."}]}
• Allegheny Health Network (AHN) January 17, 2025 • [ hack, healthcare ] Allegheny Health Network discloses that an "unauthorized user" hacked its IT vendor IntraSystems.
• Blacon High School January 17, 2025 • [ ransomware, education ] Blacon High School announces a temporary closure after falling victim to a "ransomware attack".
• Otelier January 17, 2025 • [ leak, misconfiguration, technology ] Hotel management platform Otelier suffers a data breach after threat actors breached its Amazon S3 cloud storage to stole millions of guests' personal information and reservations for well-known hotel brands like Marriott, Hilton, and Hyatt.