Szpital MSWiA (Ministry of Interior Hospital) Kraków
March 8, 2025
•[ ransomware, cyberattack, healthcare ]
Cyberattack on the Ministry of Interior hospital in Krakw encrypted administrative and medical IT systems, fully paralyzing patient care and access to records. Hospital departments began restoring systems by March 11, indicating ~3 days of disruption. No data exfiltration or perpetrator identified.
U.S.–China Business Council
March 7, 2025
•[ espionage, phishing, government ]
China-linked APT41/TA415 impersonated Rep. Moolenaar and USCBC in July 2025 spear-phishing to deliver malware and create remote tunnels to spy on U.S. trade-policy stakeholders; investigations ongoing; success not verified.
Chicago Public Schools
March 7, 2025
•[ data leak, third-party breach ]
Vendor Software Exploited Led To Exposure Of Chicago Public Schools Student Information.
Tata Technologies
March 6, 2025
•[ ransomware, data leak ]
Tata Technologies, a subsidiary of the Indian conglomerate Tata Motors, was struck by the ransomware gang Hunters International, which claims to have exfiltrated around 1.4 terabytes (730,000 + files) of data and is threatening public release unless a ransom is paid. Hackread The company had earlier disclosed a ransomware incident disrupting some IT assets and services, though client-deliveries were reportedly unaffected.
The Longleaf Network
March 6, 2025
•[ data leak ]
Provider network disclosed data breach tied to a May 2024 cyberattack
A.D. Edri Brothers Ltd.
March 6, 2025
•[ data leak ]
Report claimed compromise of Israeli firm with emails and database leaked.
Stubhub
March 6, 2025
•[ vulnerability exploitation, data leak, third-party breach ]
A cybercrime group exploited a URL redirection vulnerability in a third-party contractor system for StubHub to steal around 1,000 digital tickets for major events, including Taylor Swifts Eras Tour. The stolen tickets, valued at approximately $635,000, were resold online for profit. The scheme operated between June 2022 and July 2023 before being uncovered through a coordinated investigation by cybersecurity and law enforcement agencies. Two individuals, Tyrone Rose and Shamara P. Simmons, were arrested and charged with grand larceny, identity theft, and computer tampering in connection with the operation.
FlexCare Medical Staffing
March 6, 2025
•[ phishing, data leak ]
FlexCare sent breach letters after employee email compromises with sensitive data
Farmer Bros Co.
March 6, 2025
•[ ransomware, data leak ]
Farmer Bros Co., a Texas-based coffee and foodservice manufacturer, experienced a ransomware attack beginning March 6 2025 that encrypted portions of its administrative network and exposed personal data of 14,460 individuals. FalconFeeds.io reported on June 23 2025 that the Chaos ransomware group claimed responsibility via its leak site; the company has not independently confirmed this attribution.
Goosehead Insurance Agency, LLC
March 6, 2025
•[ data leak ]
Between March 613 2025 an unauthorized third party accessed and copied files from Gooseheads network environment; Goosehead began investigation and later mailed breach notices in October 2025. Some open-source posts attributed the incident to a group calling itself CHAOS and claimed ~300 GB exfiltrated, but that actor attribution and total volume remain unconfirmed by Goosehead.
Toronto Zoo
March 5, 2025
•[ data leak, cyberattack ]
Zoo reported cyberattack with decades of visitor data stolen and leaked.
Czech Building Authority It System
March 5, 2025
•[ cyberattack, government ]
Authorities reported likely cyberattack impacting online system for building offices.
Civil Service Employees Association (CSEA)
March 5, 2025
•[ data breach, identity theft, Social Security numbers ]
The Civil Service Employees Association (CSEA), a New York labor union, reported a 2025 data breach in which attackers were present in its systems for nearly a month. The breach notification said malicious actors roamed CSEA systems between May 3 and May 31, 2025. A submission to the Maine Attorney Generals Office indicated over 47,000 individuals were affected. The investigation stated attackers may have accessed members names and Social Security numbers, creating risk of identity theft and fraud. The report did not identify the threat actor or the initial access method.
United Arab Emirates Government Entities
March 4, 2025
•[ malware, backdoor ]
Researchers reported Sosano backdoor used against UAE aviation and transport organizations.
MainStreet Bank (via third-party vendor)
March 4, 2025
•[ data leak, third-party breach ]
MainStreet Bancshares (Nasdaq: MNSB & MNSBP), the financial holding company behind MainStreet Bank, has disclosed a data breach impacting some of its customers.
Beeline
March 3, 2025
•[ ddos, service disruption ]
Targeted DDoS disrupted Beeline internet services across parts of Russia.
Penn-Harris-Madison School Corporation
March 3, 2025
•[ ransomware ]
Indiana school district reported ransomware network breach and service interruptions.
Rackray
March 3, 2025
•[ ransomware ]
Lithuanian data center provider suffered ransomware disrupting public cloud services
Amherst College
March 3, 2025
•[ data leak ]
Amherst College disclosed unauthorized access to its email and payroll system. The college initiated an investigation with third-party cybersecurity experts, confirming on March 3 2025 that an unauthorized party had viewed and possibly copied sensitive personal information. Compromised data included employee names and Social Security numbers. The college notified the Massachusetts Attorney General and affected individuals on March 28 2025.
Polish Space Agency (Polsa)
March 2, 2025
•[ cyberattack, network intrusion, service disruption ]
The Polish Space Agency (POLSA) went offline after detecting a cyberattack that forced it to disconnect its internal network from the internet to contain the incident. National cybersecurity teams, including CSIRT NASK and CSIRT MON, were engaged to assist in investigating and restoring operations. While POLSA did not disclose specific details, internal sources suggested that email systems were compromised. As a member of the European Space Agency, POLSA temporarily suspended several digital services while ensuring containment, system recovery, and investigation into potential espionage or disruption motives behind the attack.
