Full List

Search

Recent Breaches

• Joannenova.com.au (Jo Nova Blog) April 19, 2025 • [ ddos, hacktivism ] Joannenova.com.au, an independent Australian blog run by science commentator Jo Nova, reported a distributed denial-of-service (DDoS) attack beginning around Easter Saturday (April 19 2025). The site, known for climate-skeptic and political commentary, was flooded by traffic from hundreds of thousands of IPs mainly in China, the USA, Brazil, and Europe, causing intermittent outages for about two weeks. The politically charged nature of the site suggests a hacktivist protest motive.
• Marks & Spencer April 19, 2025 • [ data leak ] A cyberattack discovered over Easter weekend (April 19 2025) caused Marks & Spencer to take systems offline as a precaution, disrupting online orders and click-and-collect services. The company confirmed that attackers accessed customer personal data through a third-party contractors environment but found no evidence of ransomware or data encryption. Personal information accessed included names, contact information, and limited transaction data, but not passwords or full card details.
• Russian Railways (RZhD) April 19, 2025 • [ denial of service, hacktivism ] The IT Army of Ukraine conducted a distributed denial-of-service attack on Russian Railways national ticketing and logistics platforms on April 19 2025, temporarily paralyzing access across multiple regions; service was restored the same day.
• City of Abilene April 18, 2025 • [ ransomware, data leak ] On April 18 2025, the City of Abilene, Texas, detected unresponsive servers and shut down affected systems. Reports state certain systems were taken offline and none of the card systems at government offices were working; emergency services remained up and running. The Qilin ransomware group later claimed responsibility; roughly 477 GB of data were reported stolen and some data encrypted/deleted.
• Chile national football team (official YouTube channel) April 18, 2025 • [ malware, account takeover ] Hackers hijacked the Chile national football teams verified YouTube channel (~43,000 subscribers) for about 48 hours (April 1820 2025), replacing legitimate videos with gaming content embedding malware links and maintaining full administrative control until recovery.
• The Fondation Cancer April 18, 2025 • [ unauthorized access, email security, incident response ] Fondation Cancer stated it detected a suspicious incident involving one of its email accounts. After analysis, its specialized IT provider concluded there had been malicious access into part of the organizations email mailboxes and implemented containment measures to stop the intrusion. The foundation indicated it informed partners and Luxembourgs national data protection commission promptly. In its communication, the organization said it had no indication that its internal data were disclosed, stolen, or copied, and that patient-service data were not affected. It also emphasized that the event did not impact the foundations financial operations because financial transactions are processed through separate secure connections.
• Eckert Seamans Cherin & Mellott LLC April 17, 2025 • [ data leak, legal, insufficient security ] Eckert Seamans detected unauthorized activity on an attorneys device on April 17, 2025, and confirmed that a document listing alumni was copied. The firm began notifying affected individuals on June 23, 2025, offering identity protection services and notifying regulators and law enforcement. Class action filed Aug 4, 2025, alleging failure to safeguard PII.
• Ericsson April 17, 2025 • [ unauthorized access, data security incident, PII ] Ericsson disclosed a data security incident at a service provider. The provider detected unauthorized access on 04/28/2025 and later determined files may have been accessed between 04/17/2025 and 04/22/2025. Exposed data varied by person and included names and Social Security numbers, with additional filings indicating dates of birth, drivers license/government ID numbers, financial information, and medical information. The review was completed on 02/23/2026, and a Maine filing referenced 15,661 impacted employees and customers; no group publicly claimed responsibility at the time of reporting.
• TickChak (external ticketing platform used by IDF units) April 16, 2025 • [ data leak, hacktivism ] A hacktivist using the alias Persian Prince accessed and leaked data from TickChak, an Israeli ticketing platform reportedly used by IDF units. The leak, publicized on April 16 2025, exposed personal details of tens of thousands of soldiers, including names, national ID numbers, and phone numbers. No ransom or sale was reported; the data was posted publicly to protest Israeli military actions.
• McKenzie Health System (McKenzie Memorial Hospital) April 15, 2025 • [ data leak, healthcare data breach, repeat incident ] Notification to Maine AG reported an incident discovered on or about April 15 affecting 54,016 people; prior 2022 incident had 51,040 impacted, indicating recurring exposure issues.
• Pierce County Library System April 15, 2025 • [ ransomware, data leak, service disruption ] The Record reported that the Pierce County Library System discovered a cybersecurity incident on April 21, 2025 that forced it to shut down all systems, with an investigation later finding attackers had access between April 15 and April 21. By May 12, the library confirmed hackers breached systems and stole information on both patrons and current/former employees, and later breach notifications indicated more than 340,000 people were impacted. The report stated the INC ransomware gang claimed the attack in May, and the combination of service shutdown and confirmed data theft supports a mixed event involving disruption and data compromise.
• Hamilton County Sheriff’s Office April 14, 2025 • [ ransomware, data leak ] Ransomware attack by the Qilin group encrypted internal systems and took the Hamilton County (Tennessee) Sheriffs Office website offline; attackers demanded $300,000 and claimed data theft, but no exfiltration has been verified; systems fully restored by early May 2025.
• Hamilton County Sheriff’s Office April 14, 2025 • [ ransomware, data theft, extortion ] Ransomware attack by the Qilin group encrypted internal systems and took the Hamilton County (Tennessee) Sheriffs Office website offline; attackers demanded $300,000 and claimed data theft, but no exfiltration has been verified; systems fully restored by early May 2025.
• OnTrac April 13, 2025 • [ leak ] Delivery company OnTrac has suffered a data breach that exposed the personal information of over 40,000 people.
• Democratic Party of Korea April 13, 2025 • [ ddos ] The Democratic Party of Korea reported three distributed denial-of-service (DDoS) attacks on April 13, 2025, disrupting access to its official website during an internal vote on presidential primary rules; no data loss or operational damage occurred.
• Western New Mexico University April 13, 2025 • [ cyberattack, service disruption ] Cyberattack beginning April 13 disrupted WNMUs website and other systems; campus Wi-Fi remained down and desktops required IT clearance; temporary website and workarounds used during finals period.
• Ontario Health atHome April 13, 2025 • [ ransomware, data exfiltration, healthcare ] Ontario Medical Supply (OMS), a vendor supporting Ontario Health atHomes home care supply operations, experienced a ransomware incident in 2025. Reporting described earliest observed access on March 17, 2025, followed by ransomware payload execution on April 13, 2025, after which OMS systems failed and the organization was locked out of a significant portion of servers. Internal reporting referenced impacts to roughly 200,000 patients and indicated breached data included names, contact information, and medical supplies/equipment ordered. OMS later stated only a limited amount of incomplete data was exfiltrated and said it found no evidence of misuse at the time of its statement.
• CMC Corporation April 12, 2025 • [ ransomware, data leak ] Ransomware group Crypto24 carried out a double-extortion attack against Vietnam-based CMC Corporation on April 12, 2025, exfiltrating roughly 2 TB of internal data and encrypting subsidiary servers for less than one day.
• DaVita Inc. April 12, 2025 • [ ransomware, data leak ] On April 12, 2025, DaVita reported a ransomware incident that encrypted elements of its network and disrupted some operations. Subsequent disclosures confirmed theft of personal and medical information impacting over one million individuals.
• Wolters Kluwer N.V. April 12, 2025 • [ data leak ] On April 12 2025, a BreachForums user known as IntelBroker offered for sale a 36 GB dataset allegedly stolen from Wolters Kluwer. The company confirmed an incident affecting its health-journals business but reported no compromise of tax or financial data. The exposed information consisted of professional contact details and profile metadata.