Full List

Search

Recent Breaches

• Cierant Corporation January 1, 2025 • [ ransomware, data leak ] SecurityWeek: HHS tracker shows >232k impacted at Cierant (Cleo file transfer/Cl0p) and ~280k at law firm Zumpano Patricios after May 6 intrusion with possible exfiltration.
• OneDayOnly January 1, 2025 • [ data leak ] Data exfiltration from OneDayOnlys cloud storage claimed by KillSec; company confirmed incident but denied exposure of customer financial data
• Claim Expert January 1, 2025 • [ data leak, data exfiltration ] Data exfiltration and exposure of Pick n Pay customer information (~105 k records) from Claim Experts system by Bashe group; no encryption or operational disruption reported
• Jamnagar cyber-fraud case (farmers targeted) January 1, 2025 • [ fraud, malware ] Two men arrested by Jamnagar cybercrime police for siphoning 6.4 lakh INR through a fraudulent mobile app scam targeting farmers phones in Gujarat
• Ribbon Communications Inc. January 1, 2025 • [ data leak, unauthorized access ] U.S. telecom backbone provider Ribbon Communications reported that a nation-state actor infiltrated its environment around Jan 2025, maintaining persistence until discovery in Sept 2025; investigation confirmed unauthorized access to two employee laptops containing limited customer files; no material network breach or data destruction confirmed.
• Italian Political Consultant, Francesco Nicodemo January 1, 2025 • [ spyware, government surveillance, targeted attack ] Italian political consultant Francesco Nicodemo, who has worked with centre-left politicians, revealed in November 2025 that he was notified by WhatsApp in January that his phone had been targeted with Paragon spyware. His case broadens an existing spyware scandal in Italy that has already affected journalists, activists and business leaders. Parliamentary committee COPASIR has acknowledged that Italian intelligence agencies used Paragon in some cases, but it is unclear who ordered surveillance on Nicodemo or whether his device was successfully infected, prompting calls from experts for greater transparency from both the government and the spyware vendor.
• Kaikatsu Frontier Inc., January 1, 2025 • [ data leak, hacked ] Japanese reporting stated authorities issued an arrest warrant for a 17-year-old high school student suspected of conducting a cyberattack against Kaikatsu Frontier Inc. linked to an incident in January 2025. The suspect allegedly used an AI-generated program to send unauthorized commands to the companys server millions of times in an attempt to extract personal data. The company reported that personal data for roughly 7.3 million customers may have been leaked as a result of the breach. The reporting did not specify the exact data elements exposed or confirm misuse beyond the potential leak.
• Fondo Genesis (MetLife) December 31, 2024 • [ ransomware, malware, finance ] The ransomware group RansomHub claims responsibility for a breach of MetLife's operations in Latin America. MetLife denies the allegations, acknowledging a separate cyber incident involving Fondo Genesis, a subsidiary operating solely in Ecuador. Claims to have exfiltrated 1TB of data.
• Ford X Account December 31, 2024 • [ hack, manufacturing ] Ford confirms that its X account was briefly compromised, after posts referencing the Israel-Palestine war are published.
• Thomas Cook (India) Ltd. December 31, 2024 • [ hack, retail ] Global travel agency Thomas Cook's Indian arm closes its affected systems after a cyber attack takes down its IT infrastructure.
• Office of Foreign Assets Control December 30, 2024 Chinese state-backed threat actors breach the Office of Foreign Assets Control (OFAC), a Treasury Department office that administers and enforces trade and economic sanctions programs, exploiting a vulnerability in a BeyondTrust Remote Support SaaS instance.
• Laboratory Services Cooperative (LSC) December 30, 2024 • [ data leak ] Laboratory Services Cooperative, a U.S. medical testing provider based in Texas, disclosed that unauthorized actors accessed and exfiltrated PHI and PII data of approximately 16 million individuals. No encryption or operational disruption occurred, and no threat actor has been publicly identified.
• Undisclosed U.S. Engineering and Construction Firm December 29, 2024 • [ ransomware, data leak ] On December 29 2024, Anubis listed an unnamed U.S. firm from the engineering and construction sector on its leak site. KELA reported the inclusion, and SecurityWeek referenced the finding. Stolen material reportedly included project and client documentation. No encryption or service interruption confirmed.
• Summit Home Health, Inc. December 29, 2024 • [ ransomware, data leak ] On December 29 2024, the criminal group Anubis listed Summit Home Health Inc. on its ransomware leak site, claiming theft of over 7 thousand patient records. KELA verified sample files, and SecurityWeek later reported the case as an example of Anubiss early campaigns. No encryption or service disruption was described, indicating a pure data-exfiltration exploit.
• Comercializadora S&E Perú December 29, 2024 • [ data leak, ransomware ] On December 29 2024, the criminal group Anubis listed the Peruvian engineering and construction company Comercializadora S&E Per on its leak site. KELA verified the listing and SecurityWeek later cited it as part of Anubiss first campaign. The group stole internal and client information; no encryption or operational outage was reported.
• DEphoto December 28, 2024 The threat actor known as 0mid16B breaches DEphoto, a U.K. photo business, twice in few days, acquiring the personal information of 555,952 customers.
• Multiple Italian sites, including Malpensa and Linate airports December 28, 2024 Pro-Russia group Noname057(16) targets Italian sites, including Malpensa and Linate airports, in a new DDoS campaign amid rising geopolitical tensions.
• Atos December 28, 2024 French tech giant Atos, which secures communications for the country's military and secret services, denies claims made by the Space Bears ransomware gang that they compromised one of its databases. Instead the threat actors breached unconnected "external third-party infrastructure," which, although stored data mentioning the company's name, was not managed or secured by Atos.
• The Children’s Center of Hamden December 28, 2024 • [ hack, healthcare ] The Childrens Center of Hamden reported a December 2024 data-security incident in which an unauthorized actor acquired files from its systems, exposing PII/PHI for ~5.2k clients and staff; investigation ended June 29, 2025; notifications began Aug 12, 2025; credit monitoring offered.
• Undisclosed U.S. telecommunications company December 27, 2024 • [ hack, technology ] A White House official adds a ninth U.S. telecommunications company to the list of telecoms breached in a Chinese hacking campaign that impacted dozens of countries.