Portend Breaches

Gravity Forms (Rocketgenius) July 14, 2025 • [ vulnerability, malware ] Patchstack reported malicious code in official Gravity Forms installers affecting versions 2.9.11.1 and 2.9.12, enabling command execution on sites using the installers.

France Travail (French public employment service) July 12, 2025 • [ data leak ] France Travail reported unauthorized access to personal data, discovered July 12; employment portal was closed for analysis; at least 340,000 job seekers impacted, third such incident in <2 years.

Wiley Rein LLP July 12, 2025 • [ espionage, unauthorized access, state-sponsored attack ] Firm notified clients that Microsoft 365 accounts of certain personnel were accessed in an apparent intelligence-gathering operation; suspected China-affiliated group.

Healthcare Interactive Inc. (HCIactive) July 12, 2025 • [ data leak, unauthorized access ] Healthcare Interactive Inc. (HCIactive), a benefits and insurance administration technology provider, disclosed that an unauthorized actor accessed its network and copied certain files between July 8 and July 12, 2025. Suspicious activity was detected on July 22, triggering a forensic investigation that confirmed a data breach affecting at least 501 individuals, with exposed information including names, addresses, dates of birth, Social Security numbers, contact details, and health insurance enrollment data. The company notified regulators and consumers beginning in September 2025, offered credit monitoring, and stated that it had implemented additional technical safeguards. There is no indication of significant operational disruption, but the confidentiality impact for affected individuals is substantial.

Laurel Health Centers July 11, 2025 • [ unauthorized access, email compromise, data leak ] Laurel Health Centers identified unauthorized access to portions of its email system during July 2025, which resulted in the potential exposure of personal and protected health information belonging to patients, as later disclosed in a public notice.

woom GmbH July 11, 2025 • [ cyberattack, data breach, incident response ] woom stated that on Friday November 7, 2025 it was affected by a cyberattack in which an internationally operating hacker group gained access to parts of the companys systems despite security measures. woom said it immediately initiated incident response with external experts, contained and processed the incident, and restored systems as quickly as possible. The company said there were indications that some customer information may have been affected, but it reported no sensitive customer data exposure and emphasized ongoing investments in security improvements.

Workday Inc. (via undisclosed third-party CRM) July 10, 2025 • [ hack, technology ] Workday disclosed in Aug 2025 that hackers accessed a third-party CRM system, stealing personal data of ~1.6M people linked to enterprise customers; core HR/payroll systems were unaffected.

Philadelphia Corporation for Aging July 10, 2025 • [ data leak, healthcare ] A data breach at the Philadelphia Corporation for Aging allowed unauthorized access to systems between July 10 and July 25, 2025, during which personal and protected health information for 19,820 individuals was copied. PCA filed notice on November 4, 2025.

Multiple Russian Entitites July 9, 2025 • [ financial, ddos, technology ] A DDoS attack by Ukrainian military intelligence disabling fuel payment services (fuel cards), taking down infrastructure of Rostelecom, Lukoil, KCorp, etc., causing disruption in fuel card functionality; over 700 switches and 13 servers in two data centers disabled; financial damage estimated at US$13 million.

Coos County Family Health Services July 9, 2025 • [ data leak ] Provider reported unauthorized server access on July 9; investigation indicates possible viewing or copying of patient data.

Flutter Entertainment (Paddy Power and Betfair) July 9, 2025 • [ data leak ] Unauthorized third-party access to Flutter Entertainments Paddy Power and Betfair systems exposed personal account data of about 800,000 users; the company contained the breach and reported no financial data compromise.

Khan & Associates CPA, Inc. July 9, 2025 • [ unauthorized access, data leak ] An unauthorized user accessed Khan & Associates CPAs Intuit tax filing software between July 916 2025, filing false federal and state tax returns and exposing clients PII including SSNs and bank data.

Undisclosed Florida orthopedic practice July 8, 2025 • [ data leak, healthcare ] Beckers reports a data breach affecting a Florida orthopedic practice; details on scope and vector limited.

Nymburk Hospital July 8, 2025 • [ ransomware, extortion ] Czech police investigating a cyberattack on Nymburk Hospital including extortion elements; disruption reported.

Healthcare Interactive July 8, 2025 • [ data leak, hacked, phi ] Healthcare Interactive reported that hackers accessed its network between July 812, 2025 and exfiltrated files containing extensive PHI/PIIincluding names, DOBs, SSNs, contact details, insurance enrollment IDs, diagnoses, provider names, lab results, medical images, treatment plans, and possibly claims datawith the breach detected around July 22; the attack vector wasnt disclosed but regulators were notified.

Venice Film Festival July 7, 2025 • [ hack, leak ] On July 7, 2025, unauthorized actors accessed and copied documents from the Venice Film Festivals servers, extracting personal data of attendees, including journalists and industry professionals. Systems were proactively isolated by the festivals IT team, and authorities were notified. There is no indication of data encryption, nor disruption of payment, booking, or ticketing systems. Notifications to affected individuals began around early August 2025.

City of Nuremberg July 7, 2025 • [ cyberattack ] Local reporting indicates the City of Nuremberg website suffered a cyberattack causing outages; noted as not the first time.

Cetera Financial July 7, 2025 • [ unauthorized access, email compromise, PII ] Cetera Financial disclosed that an unauthorized person accessed a single employee email account between July 7 and August 21, 2025. A review completed around January 30, 2026 found that client information, including names, Social Security numbers, drivers license numbers, and financial account details, may have been compromised; affected individuals were notified beginning March 25, 2026.

Snake River Correctional Institution July 7, 2025 • [ insider threat, unauthorized access, data breach ] A former Snake River Correctional Institution Library Coordinator, Demetre Gennette, improperly acquired Oregon Department of Corrections records between July 7, 2025 and early January 2026. The extraction involved more than 7.5GB of data across more than 33,000 files and resulted in unauthorized access to personal information belonging to staff, vendors, adults in custody, and visitors. Gennette was later indicted on charges including computer crime, aggravated theft, official misconduct, supplying contraband, and custodial sexual misconduct.

Woodlawn Health July 5, 2025 • [ ransomware, malware, healthcare ] Woodlawn Health in Rochester, Indiana suffered a ransomware attack starting July 5, 2025, which encrypted systems and disrupted clinical and administrative operations. Systems were gradually restored, and officials confirmed that some patient care was impacted. Investigations continue into whether personal or medical data was exfiltrated.

Recent Breaches