Office of the State’s Attorney for Baltimore City
March 19, 2025
•[ ransomware, data leak, unauthorized access ]
Following a March 2025 intrusion, the Kairos ransomware group stole internal legal and police records from the Baltimore City States Attorneys Office and later published portions online; the office reported no service disruption but confirmed investigation of unauthorized access.
John Dramani Mahama
March 18, 2025
•[ account takeover ]
Mahamas official X account was compromised and used to post unauthorized content.
California Cryobank
March 18, 2025
•[ data leak ]
California Cryobank, a leading sperm donation organization, reported a data breach after detecting unauthorized access to its network between April 20 and 22, 2024. The incident exposed sensitive personal and financial information, including names, bank details, Social Security numbers, drivers license numbers, payment card data, and health insurance information. The company assured that its core operations remained unaffected and began notifying affected individuals, offering complimentary credit monitoring and identity protection services. Authorities and cybersecurity experts are investigating the scope of the breach to determine how the attackers gained access and whether donor-related data was compromised.
Western Alliance Bank
March 18, 2025
•[ data leak, third-party breach ]
Western Alliance Bank notified 21,899 customers that their personal information was stolen after a breach of a third-party secure file transfer system. The breach occurred between October 12 and October 24, 2024, and exposed names, Social Security numbers, dates of birth, financial account numbers, drivers licence numbers, tax IDs and/or passport information. The company found no evidence of fraudulent use yet and is providing one year of complimentary credit monitoring to those impacted.
Atchison County Government
March 18, 2025
•[ ransomware ]
Multiple us municipalities reported outages; Atchison County closed offices due to cyber incident.
Harcourts Prime Properties
March 18, 2025
•[ ransomware, data leak ]
Unauthorized access to Harcourts Prime Properties internal systems followed by ransom demand; investigation ongoing; no confirmed data volume or encryption reported.
Precision Orthopaedics and Sports Medicine
March 17, 2025
•[ phishing, data leak ]
Hospital reported mailbox compromise exposing patient demographic and clinical information.
Atlas Healthcare Group Facilities
March 17, 2025
•[ data leak ]
Multiple facilities reported data security incident; breach letters sent March third.
Les Automotive
March 17, 2025
•[ supply chain attack, malware ]
Supply-chain compromise at vendor led dealership sites to serve malicious clickfix.
Virgin Islands Lottery
March 17, 2025
•[ ransomware ]
Ransomware attack discovered March 17 2025 encrypted the Virgin Islands Lotterys servers, phones, and software, halting operations across both districts. Attackers demanded a $1 million ransom, which was not paid. Systems were rebuilt from backups and restored by May 31 2025. No confirmed data theft or group attribution publicly reported.
Mountain West Insurance & Financial Services LLC
March 17, 2025
•[ phishing, data leak ]
On March 17, 2025, Mountain West Insurance & Financial Services detected unauthorized access to several corporate email accounts. An investigation determined that emails containing extensive personal, financial, and health-related information may have been accessed or acquired without authorization. Mountain West issued breach notices on September 22, 2025.
Ascom
March 16, 2025
•[ ransomware, data leak ]
Hellcat claims theft from ascom; company confirms ticketing system incident.
Astral Foods
March 16, 2025
•[ cyberattack ]
Cyberattack caused week-long operational delays and financial losses at South African producer.
AUTOSUR
March 16, 2025
•[ data leak, phishing ]
In March 2025, the French vehicle inspection company AUTOSUR suffered a data breach exposing over 10M customer records, though only 487k unique email addresses were present. The compromised data included names, phone numbers, physical addresses, and vehicle details such as make and model, VIN, and registration plate. AUTOSUR later issued a disclosure notice with further details.
Cherokee County School District
March 15, 2025
•[ network security incident ]
District reported network security incident and system outages under investigation.
Water & Sewerage Corporation
March 15, 2025
•[ ransomware, data leak ]
In mid-March 2025, the Water & Sewerage Corporation of the Bahamas experienced a ransomware attack targeting internal data systems. The utility confirmed unauthorized access but stated there was no evidence of customer data access or theft. While no encryption or operational outage has been verified, remediation efforts were ongoing as of April 2025.
NASCAR
March 15, 2025
•[ ransomware, data leak ]
NASCAR confirmed a ransomware breach of internal systems in March 2025 attributed to Medusa; ~1 TB of sensitive data stolen with $4M ransom demand; notifications and protections offered.
CFD Investments, Inc.
March 15, 2025
•[ unauthorized access, email account compromise, data leak ]
Unauthorized access to an employee email account at CFD Investments, Inc. resulted in exposure of client personal and financial information between March 15 and May 9, 2025; affected individuals were notified beginning January 28, 2026.
Harvest
March 14, 2025
•[ cyberattack ]
French outlet reported cyberattack and service reassurance communications to clients.
Tj-Actions
March 14, 2025
•[ data leak, supply chain attack, credential exposure ]
A popular GitHub Action called tj-actions/changed-files was compromised: an attacker modified its code and version tags so that when used in CI/CD workflows it executed a script that dumped runner memory and exposed secrets (AWS keys, GitHub PATs, npm tokens, private RSA keys) in publicly accessible logs. The incident, tracked as CVE-2025-30066 (and linked to CVE-2025-30154 for a related Action), affected thousands of repositories across many organizations. Users are advised to stop using the impacted versions, rotate all credentials, and review any workflows that ran between March 1415, 2025.
