Full List

Search

Recent Breaches

• DigiD January 14, 2025 • [ hack, ddos, government ] The DigiD outage, which prevented people from logging in for most of yesterday afternoon , was caused by a large-scale DDoS attack. The DigiD server was experiencing so much traffic that the website couldn't handle it, according to Logius, the government agency that manages DigiD.
• Forum Communications Company January 14, 2025 • [ data leak ] Forum Communications reported January access to files; 28,830 notified March 19.
• Stealer Logs, Jan 2025 January 13, 2025 • [ leak, malware ] In January 2025, stealer logs with 71M email addresses were added to HIBP. Consisting of email address, password and the website the credentials were entered against, this breach marks the launch of a new HIBP feature enabling the retrieval of the specific websites the logs were collected against. The incident also resulted in 106M more passwords being added to the Pwned Passwords service.
• Infobis January 13, 2025 • [ hack, technology ] Ukrainian threat group Cyber Anarchy Squad takes responsibility for an attack against Russian agricultural tech firm Infobis, which purportedly leads to the theft of 3 TB of data in addition to infrastructure damage.
• Grinding Gear Games (developer of Path 2 Exile 2) January 13, 2025 • [ hack, technology ] Path of Exile 2 developers confirm that a hacked admin account allowed a threat actor to change the password and access at least 66 accounts, finally explaining how PoE 2 accounts have been breached since November.
• Government bodies in Kazakhstan January 13, 2025 • [ espionage, government ] Researchers at Sekoia attribute the Russia-linked threat actors from APT28 to an ongoing cyber espionage campaign targeting Kazakhstan as part of the Kremlin's efforts to gather economic and political intelligence in Central Asia.
• Roseltorg January 13, 2025 • [ hack, government ] Roseltorg, Russia's main electronic trading platform for government and corporate procurement confirms that it had been targeted by a cyberattack. Pro-Ukraine hacker group Yellow Drift claims responsibility.
• Multiple Organizations January 13, 2025 • [ ransomware, misconfiguration, technology ] Researchers at Halcyon identify a new ransomware campaign targeting Amazon S3 buckets, and leveraging AWS' Server-Side Encryption with Customer Provided Keys (SSE-C) to encrypt data, demanding ransom payments for the symmetric AES-256 keys required to decrypt it.
• Avery Products Corporation January 13, 2025 • [ financial, hack, retail ] Avery Products Corporation warns it suffered a data breach after its website was hacked to steal customers' credit cards and personal information.
• Individual in Buchloe, Germany January 13, 2025 • [ phishing ] Im Bereich der Polizeiinspektion Buchloe kam es am vergangenen Montag zu zwei Fllen von sogenanntem Phishing, einer Betrugsmasche im Internet.
• LandAirSea January 12, 2025 • [ hack, technology ] In January 2025, the GPS tracking service LandAirSea suffered a data breach that exposed 337k unique customer email addresses alongside names, usernames and password hashes. The breach also exposed partial credit card data (card type, last 4 digits and expiration), and GPS device identifiers and locations. LandAirSea is aware of the breach and has remediated the underlying vulnerability. The data was provided to HIBP by a source who requested it be attributed to "zathienaephi@proton.me".
• Teton Orthopaedics January 12, 2025 • [ ransomware, malware, healthcare ] Teton Orthopaedics discloses a DragonForce ransomware attack. A total of 13,409 people are affected by the incident.
• Brsk January 12, 2025 • [ data leak ] TelecomTV reported that UK fibre broadband operator Brsk suffered a major data breach and that information related to more than 235,000 customers was put up for sale by cybercriminals. The report indicates unauthorized access and data exposure, but does not specify the exact data fields, intrusion method, or whether the breach impacted service availability.
• Bpost January 12, 2025 • [ ransomware, data leak, third-party ] Reporting indicated that data attributed to Belgian postal operator bpost appeared on the TridentLocker ransomware leak site (about 30GB across thousands of files). Subsequent reporting cited a bpost spokesperson confirming a cyber incident and describing a limited data leak tied to a third-party exchange/platform used by a specific department (not linked to letters or parcels). The company stated it took immediate measures to contain the incident and said affected customers would be informed, while postal delivery operations were not expected to be endangered.
• Italy's Ministry of Infrastructure and Transport January 11, 2025 • [ ddos, government, hack ] Tra ieri e oggi, il gruppo NoName057(16) ha effettuato diversi attacchi DDoS contro siti istituzionali italiani e aziende, tra cui Intesa Sanpaolo.
• Town of Bourne January 11, 2025 • [ ransomware, data leak ] Unauthorized access to Bournes IT network was disclosed after a Jan 11, 2025 cyberattack. MA AG filings list 625 affected MA residents with SSN/financial/drivers-license data. RansomHub later claimed the attack and 100 GB theft; encryption not confirmed.
• LG Energy Solution January 11, 2025 • [ ransomware, data leak, supply chain attack ] LG Energy Solution confirmed that an overseas facility was hit by a ransomware incident in November 2025, which briefly affected operations before systems were restored. The Akira ransomware group listed LG on its leak site, claiming to have stolen around 1.7 TB of data, including corporate documents and an employee database with personal information. LG stated that the incident was contained to the single facility and that production had resumed, while it continued to investigate the scope of the data theft. The case underscores the risk to global manufacturing supply chains from targeted ransomware operations.
• Bangalore Airport January 11, 2025 • [ GPS spoofing ] Reports described GPS spoofing signals detected near major Indian airports, including Delhi, with contingency procedures used during GPS-based landing approaches. Government statements said conventional navigation systems remained active and flight operations were not affected; the separate incident involving delays for 400+ flights at Delhi airport was attributed to an Air Traffic Control technical system snag rather than the GPS spoofing. Based on the reporting, this does not provide clear evidence of a successful cyberattack causing operational disruption or confirmed data compromise.
• SmartTube January 11, 2025 • [ malware, supply chain attack, data leak ] Reporting indicates SmartTubes build/signing environment was compromised, allowing attackers to distribute officially signed builds containing malware (notably in versions identified in coverage). The malware was described as collecting device and app telemetry including IP addresses, and the project took affected builds offline while issuing a newly signed clean version. The incident reflects a supply-chain style compromise with malicious code distributed to users, with no confirmed account credential capture in the cited reporting.
• At least one telecom operator in Russia January 11, 2025 • [ DDoS, telecom ] A Russian tech-news report citing Roskomnadzor/GRFC monitoring stated that in November 2025 the regulator recorded and mitigated a record-long DDoS attack targeting telecommunications operators systems, with a maximum duration reported as 3 days 22 hours 20 minutes. The same regulatory summary reported peak attack power around 1.93 Tbps and very high packet rates during the period, with the telecom sector described as a primary focus of attack vectors. The report did not identify a specific threat group or provide victim-by-victim service impact details, but characterized the episode as an unusually prolonged and powerful DDoS campaign against telecom infrastructure.