Full List

Search

Recent Breaches

• GroupGreeting[.]com January 9, 2025 • [ hack, technology ] Researchers at Malwarebytes discover zqxq, a widespread cyberattack that compromised GroupGreeting[.]com, a popular platform used by major enterprises to send digital greeting cards.
• Individual in Linz, Austria January 9, 2025 • [ financial, phishing ] Vor neuerlichen Phishing-Attacken ber sogenannte Wiederverkaufsplattformen im Internet warnt die Arbeiterkammer Obersterreich (AK O). Einer Linzerin waren ber einen Trick ihre Kontodaten herausgelockt und rund 8.000 Euro abgebucht worden, ehe sie den Betrug bemerkte.
• Columbia Eye Clinic January 9, 2025 • [ data leak ] Clinic confirmed January 913 network access to files with patient information.
• Byzfunder NY LLC January 9, 2025 • [ data leak, unauthorized access ] Byzfunder reported a security incident involving a cloud software solution. An unauthorized third party may have accessed or acquired certain files during the period 09/01/202509/20/2025, with the incident becoming known to the company on 09/19/2025. The company later reported the incident to the Maine Attorney General and began notifying affected individuals.
• Fyzical Acquisition Holdings LLC January 9, 2025 • [ unauthorized access, email compromise ] Unauthorized access to FYZICALs email environment was detected on December 9 2024 triggering an investigation that concluded in November 2025 Breach notifications were issued to affected individuals and state authorities in December 2025
• Scholastic January 8, 2025 • [ hack, education ] In January 2025, a data breach of the publishing company Scholastic surfaced. The breach contained 4.2M unique email addresses with many of the records also including name, phone number and physical address.
• City of Corvallis (Councilor Paul Schaffer) January 8, 2025 • [ hack, phishing, government ] A Corvallis city councilor's email is hacked by a scammer and used to reach nearly 3,500 email addresses in an attempt to steal the recipients' personal information.
• Organizations, businesses, and individuals in Japan January 8, 2025 • [ espionage, government ] Japan's National Police Agency (NPA) and National Center of Incident Readiness and Strategy for Cybersecurity (NCSC) accuse a China-linked threat actor named MirrorFace of orchestrating a persistent attack campaign targeting organizations, businesses, and individuals in the country since 2019.
• Orange Finances January 8, 2025 • [ financial, hack, finance ] Orange Finances announces that a threat actor compromised the admin address, upgraded contracts, and transferred funds to their wallet for an estimated loss of more than $840K.
• Moby Trade January 8, 2025 • [ financial, hack, finance ] Moby Trade is the victim of a $2.5 million hack exploiting a compromised private key. However, a mistake by the attacker allows a whitehat to steal $1.5 million back and return it to the protocol.
• Gateshead Council January 8, 2025 • [ hack, government ] Gateshead Council suffers a cyber attack.
• OYO Hotel & Casino Las Vegas January 8, 2025 • [ data leak ] Documents show unusual activity between Jan 811 in a shared network environment used by the property; subsequent review determined thousands of individuals were affected. The case centers on data theft rather than operational shutdown, with regulatory filings and notices issued in October.
• Barts Health NHS January 8, 2025 • [ ransomware, data leak, vulnerability exploit ] Barts Health NHS Trust confirmed that the Cl0p ransomware group exploited a vulnerability in Oracle E-Business Suite to access and steal files from one of its invoice databases. The stolen material was described as including patient names and addresses associated with billed care, records related to former staff with unresolved salary issues, and supplier payment details (much of which is already public). The breach was reported as occurring in August 2025 and was not detected until later when data appeared on the threat actors leak site. Barts stated that core clinical systems and electronic patient records were not affected, and it reported the incident to relevant UK authorities and regulators while taking steps to limit further dissemination.
• University of Phoenix January 8, 2025 • [ data leak ] Phoenix Education Partners reported that the University of Phoenix experienced a cybersecurity incident involving Oracle E-Business Suite (Oracle EBS). The company detected the incident on November 21, 2025 and believes a previously unknown Oracle EBS vulnerability was exploited in August 2025 to copy certain data maintained in its Oracle EBS environment. The company stated that personal information for numerous individuals was accessed without authorization, including names and contact information, dates of birth, Social Security numbers, and bank account/routing numbers, and that it would provide required notifications while the investigation continued.
• Fieldtex Products, Inc. January 8, 2025 • [ ransomware, data leak ] Fieldtex Products Inc., including its e-First Aid Supplies division, reported a data security incident after identifying unauthorized access to certain systems during August 2025. Public reporting associated the incident with the Akira ransomware group, which claimed responsibility on a leak site and alleged it stole corporate documents, though those claims were not independently verified in the available notice. According to reporting on the incident and breach tracking, the event potentially exposed limited protected health information related to individuals, with data elements including name, address, date of birth, member identification number, health plan name, coverage effective and termination dates, and gender. External reporting cited approximately 238,615 affected individuals. Fieldtex indicated it took steps to investigate, mitigate, and notify impacted people; the initial compromise method and the full extent of any data exfiltration beyond the limited PHI described were not publicly detailed in the accessible notice.
• Excelsior Orthopaedics January 7, 2025 • [ ransomware, malware, healthcare ] Excelsior Orthopaedics notifies approximately 357,000 people that their personal and health information was compromised in a data breach resulting from a ransomware attack that came to light in June 2024.
• Addison Northwest School District January 7, 2025 • [ ransomware, education ] The Addison Northwest School District (ANWSD) suffers a ransomware attack.
• United Nations' International Civil Aviation Organization (ICAO) January 7, 2025 • [ leak, government ] The United Nations' International Civil Aviation Organization (ICAO) announces it is investigating what it describes as a "reported security incident." 42,000 recruitment application data records are affected.
• Laramie County Library System January 7, 2025 • [ ransomware, malware, education ] CHEYENNE Early Tuesday morning, the Laramie County Library System was the victim of a ransomware attack that shut down library servers and immobilized most digital services.
• Ministry of Defence of Ukraine – Anti-Corruption Council election system January 7, 2025 • [ hack, ddos, government ] DDoS attack on Ukraines MoD online election for its Anti-Corruption Council. Over 1.1 million malicious requests blocked, including 300k from Belarus IPs. Attack attempted to disrupt voting but was contained the same day, and election integrity was maintained with ~101k Ukrainians successfully voting.