Full List

Search

Recent Breaches

• Oral Roberts University December 15, 2024 • [ data leak ] Between December 15 and December 17, 2024, an unauthorized actor accessed ORU systems and took certain files. Investigation determined some files contained names and Social Security numbers. Notifications were mailed by February 19, 2025.
• BitView December 14, 2024 • [ insider, misconfiguration, technology ] In December 2024, the video sharing Community BitView suffered a data breach that exposed 63k customer records. Attributed to a backup taken by a previous administrator earlier in the year, the breach exposed email and IP addresses, bcrypt password hashes, usernames, bios, private messages, video comments and for some records, gender, date of birth and country of location.
• Undisclosed Organization December 13, 2024 Researchers at Trend Micro discover an incident where an attacker used social engineering via a Microsoft Teams call to impersonate a users client and gain remote access to their system via the DarkGate malware.
• RIBridges (Rhode Island's Integrated Eligibility System) December 13, 2024 • [ ransomware, malware, government ] Rhode Island is warning that its RIBridges system, managed by Deloitte, suffered a data breach exposing residents' personal information after the Brain Cipher ransomware gang hacked its systems.
• Thai Government Officials December 13, 2024 • [ espionage, malware, government ] Researchers at Netskope discover a campaign targeting Thai government officials through DLL side-loading to deliver a previously undocumented backdoor dubbed Yokai.
• VectraRx Mail Pharmacy Services December 13, 2024 • [ data leak ] Unusual activity discovered Dec 13, 2024; review confirmed potential access/acquisition; notifications in Feb 2025.
• Integrated Oncology Network (multiple practices) December 13, 2024 • [ phishing, data leak ] Phishing incident Dec 1316, 2024 led to unauthorized access to a small number of email and SharePoint accounts; by late June 2025, notices mailed; HHS lists grew to 22 locations affecting 116,557 patients.
• Kelly & Associates Insurance Group, Inc. December 12, 2024 • [ data leak ] Kelly Benefits (Kelly & Associates Insurance Group, Inc.) disclosed that an unauthorized actor accessed its network between Dec 1217, 2024 and stole data affecting ~553,660 people. No encryption or operational disruption was reported; notifications began April 9, 2025.
• Telecom Namibia December 11, 2024 • [ ransomware, malware, technology ] Namibia Telecom is hit with a ransomware attack by the Hunters International gang.
• Individuals in South Korea December 11, 2024 • [ financial, phishing, finance ] A South Korean law enforcement operation, dubbed Operation Midas, and carried out by the Korean Financial Security Institute (K-FSI), takes down a large-scale fraud network that extorted $6.3m from victims with fake online trading platforms.
• Young Living Essential Oils December 11, 2024 In December 2024, data claimed to be breached from the multi-level marketing company Young Living Essential Oils was posted to a popular hacking forum. The data contained 1.1M unique email addresses alongside names, the country of the account and in many cases, their date of birth. The data was provided to HIBP by a source who requested it be attributed to "Threat Actor 888". Young Living Essential Oils did not respond to multiple attempts to contact them about the data.
• Mortgage Investors Group December 11, 2024 • [ ransomware, malware, finance ] Mortgage Investors Group (MIG), one of the largest mortgage lenders in the Southeast U.S. says it suffered a cybersecurity incident last month that exposed troves of customer information. The Black Basta ransomware group claims responsibility for the attack.
• Kokomo Solutions Inc. (telehealth & reporting vendor for LAUSD) December 11, 2024 • [ hack, education ] An unauthorized third party accessed files on Kokomo Solutions' network on December 11, 2024. The breach potentially compromised a range of sensitive student data (PII, health info, IDs), though exact scope wasn't disclosed; notification occurred on August 5, 2025.
• Orthominds December 11, 2024 • [ data leak ] Dental software vendor began sending data breach notifications to affected clients and individuals.
• Comisión Nacional de los Mercados y la Competencia (CNMC) December 10, 2024 The Spanish authorities investigate the theft of two billion mobile phone account holder records in 240 gigabytes of data from the national market competition authority.
• Robeson County Government December 10, 2024 • [ ransomware, malware, government ] Robeson County, North Carolina confirmed that a December 2024 LockBit ransomware incident encrypted county servers and exfiltrated HR and payroll data. County operations were disrupted for about three weeks before full restoration in January 2025.
• Ottawa Family Physicians December 10, 2024 • [ data leak, unencrypted data, healthcare ] Between December 1015, 2024, an unauthorized actor accessed Ottawa Family Physicians systems and exfiltrated patient data from an internal server. The EMR database was not affected. Data types included personal identifiers, financial, and health information. No encryption was used, and no operational disruption occurred. The incident was reported to HHS on February 13, 2025.
• Peruvian University of Applied Sciences December 9, 2024 • [ hack, education ] The Peruvian University of Applied Sciences investigates a data breach, stating that hackers stole student data including names, emails and copies of university IDs.
• ​Electrica Group December 9, 2024 • [ ransomware, malware, energy ] Electrica Group, a key player in the Romanian electricity distribution and supply market, is investigating a ransomware attack.
• BeyondTrust December 8, 2024 • [ hack, technology ] Privileged access management company BeyondTrust suffers a cyberattack after threat actors breached some of its Remote Support SaaS instances.