Full List

Search

Recent Breaches

• Bucharest City Hall October 31, 2024 • [ ransomware, malware, government ] The data of approximately 200,000 citizens of the administrative unit Sector 5 of the city of Bucharest are put up for sale after the City Hall suffers a RansomHub ransomware attack at the end of October.
• Individuals October 31, 2024 • [ financial, phishing, retail ] Researchers at Human reveal that more than 1,000 legitimate shopping sites have been compromised to promote fake product listings in a credit card phishing scheme dubbed Phish n Ships,
• Walt Disney World October 31, 2024 A former worker hacked servers at Walt Disney World after being fired in order to manipulate computer menus by changing prices, adding profanities and altering notifications to wrongly declare some items as safe for people with allergies, according to a federal criminal complaint.
• City of Sheboygan October 31, 2024 • [ ransomware, government ] Threat actors demand a ransom from officials in the city of Sheboygan, after launching an attack that caused network issues.
• Crypto users October 31, 2024 • [ financial, malware, finance ] The popular LottieFiles Lotti-Player project is compromised in a supply chain attack to inject a crypto drainer into websites that steals visitors' cryptocurrency.
• Organizations in Israel October 31, 2024 • [ espionage, malware, technology ] Researchers at Check Point reveal that the threat actor dubber WIRTE, affiliated with Hamas has expanded its malicious cyber operations beyond espionage to carry out disruptive attacks with the SameCoin malware that exclusively target Israeli entities.
• City of McKinney, Texas October 31, 2024 • [ ransomware, data leak ] Ransomware group INC claimed responsibility for breaching the City of McKinney, Texas, beginning October 31, 2024. Officials confirmed that personal and health data of approximately 17,751 individuals were exfiltrated. The city discovered the breach on November 14, 2024, and publicly reported it in February 2025. No encryption was reported.
• Finastra October 31, 2024 • [ compromised credentials, data leak ] Intruder used compromised credentials to access Finastras SFTP/Aspera platform, copied files on Oct 31, 2024, and maintained access until Nov 8. A forum post later advertised ~400 GB of alleged Finastra data. Finastra isolated the platform, said there was no malware/ransomware and no impact to core operations, and began notifications in Feb 2025.
• City of Sheboygan October 31, 2024 • [ ransomware, data leak ] 67,000+ residents PII including SSNs, state IDs, license plate numbers were accessed during an Oct 31, 2024 ransomware incident; breach letters filed May 2025.
• Saint Xavier University October 30, 2024 • [ leak, education ] Saint Xavier University starts notifying over 210,000 individuals that their personal information was compromised in a data breach in July 2023.
• Interbank October 30, 2024 Interbank, one of Peru's leading financial institutions, confirms a data breach after a threat actor who hacked into its systems leaked stolen data online.
• CR&R Environmental Services (CR&R Incorporated) October 30, 2024 • [ hack, financial ] CR&R discovered unauthorized access on October 30, 2024, affecting ~9,895 individuals. Notifications were issued December 26, 2024. Data included sensitive PII such as SSNs, drivers license and financial account data.
• Andy Ayrey's social media account October 29, 2024 Threat actors hack Truth Terminal founder Andy Ayrey's social media account to promote a fraudulent token "IB."
• Tver Administration's Network October 29, 2024 • [ hack, malware, government ] A group with the moniker of Ukrainian Cyber Alliance claims to have taken down the Tver administration's network and to have wiped out dozens of virtual machines, backup storage, websites, email, and hundreds of workstations.
• Newpark Resources October 29, 2024 • [ ransomware, malware, energy ] Newpark Resources, a key supplier for oilfields says a ransomware attack caused disruptions and limited access to certain systems.
• Energy Capital Credit Union October 29, 2024 • [ data leak ] Energy Capital Credit Union disclosed unauthorized access to certain systems occurring between October 29 and November 19, 2024, which was discovered in 2025. State breach filings reported 49,664 affected Texas residents; the credit union has not released a nationwide total. The incident involved exposure of member personal, financial, and limited medical information, and no operational disruption was publicly reported.
• H&R Block Canada October 28, 2024 The Canada Revenue Agency discovers that threat actors had obtained confidential data used by one of the country's largest tax preparation firms, H&R Block Canada.
• AEP October 28, 2024 • [ ransomware, malware, retail ] German pharmaceutical distributor AEP is hit with a ransomware attack.
• San Joaquin County Superior Court October 28, 2024 • [ hack, government ] The San Joaquin County Superior Court says that nearly all of its digital services are knocked offline due to a cyberattack.
• UK councils of Hemel Hempstead, St Albans, Salford, Bury, Trafford, Tameside, Dudley, Portsmouth and Middlesborough October 28, 2024 The Russian group NoName057(16) claims responsibility for a DDoS campaign in retaliation for British military support for Ukraine.