Recent Breaches
-
January 1, 2025 • Global phishing and investment scam campaign impersonating CNN, BBC, and CNBC; CTM360 identified over 17,000 fake sites used to steal identity and financial data through bogus crypto platforms like Eclipse Earn, Solara, and Vynex
-
January 1, 2025 • Kaspersky-reported campaign uses phishing and a new spyware ('Batavia') to exfiltrate sensitive documents and system info from Russian industrial firms.
-
January 1, 2025 • SecurityWeek: HHS tracker shows >232k impacted at Cierant (Cleo file transfer/Cl0p) and ~280k at law firm Zumpano Patricios after May 6 intrusion with possible exfiltration.
-
January 1, 2025 • Data exfiltration from OneDayOnlys cloud storage claimed by KillSec; company confirmed incident but denied exposure of customer financial data
-
January 1, 2025 • Data exfiltration and exposure of Pick n Pay customer information (~105 k records) from Claim Experts system by Bashe group; no encryption or operational disruption reported
-
January 1, 2025 • Two men arrested by Jamnagar cybercrime police for siphoning 6.4 lakh INR through a fraudulent mobile app scam targeting farmers phones in Gujarat
-
January 1, 2025 • U.S. telecom backbone provider Ribbon Communications reported that a nation-state actor infiltrated its environment around Jan 2025, maintaining persistence until discovery in Sept 2025; investigation confirmed unauthorized access to two employee laptops containing limited customer files; no material network breach or data destruction confirmed.
-
January 1, 2025 • Italian political consultant Francesco Nicodemo, who has worked with centre-left politicians, revealed in November 2025 that he was notified by WhatsApp in January that his phone had been targeted with Paragon spyware. His case broadens an existing spyware scandal in Italy that has already affected journalists, activists and business leaders. Parliamentary committee COPASIR has acknowledged that Italian intelligence agencies used Paragon in some cases, but it is unclear who ordered surveillance on Nicodemo or whether his device was successfully infected, prompting calls from experts for greater transparency from both the government and the spyware vendor.
-
January 1, 2025 • Japanese reporting stated authorities issued an arrest warrant for a 17-year-old high school student suspected of conducting a cyberattack against Kaikatsu Frontier Inc. linked to an incident in January 2025. The suspect allegedly used an AI-generated program to send unauthorized commands to the companys server millions of times in an attempt to extract personal data. The company reported that personal data for roughly 7.3 million customers may have been leaked as a result of the breach. The reporting did not specify the exact data elements exposed or confirm misuse beyond the potential leak.
-
January 1, 2025 • The Middlesex Sheriffs Office reported that a security breach occurred in January 2025 and that a comprehensive investigation (with state/federal law enforcement and private cybersecurity vendors) determined on November 19, 2025 that the incident involved unauthorized access to protected health information. The exposed PHI may have included names, home addresses, dates of birth, diagnoses, and other general health information related to individuals who may have received medical care through the Sheriffs Office. Public reporting indicated the breach represented a HIPAA-related incident; the organization did not specify the number of affected individuals in the public notice and did not disclose the initial access vector or whether any data was exfiltrated beyond unauthorized viewing/access.
-
January 1, 2025 • Jupiter Medical Center issued a warning/notice describing a data breach tied to a data security incident dating back to January 2025. The report indicates the healthcare organization investigated the incident and proceeded with notification and remediation steps in 2026. Because the accessible source context here does not provide a clear affected-individual count or a detailed breakdown of data elements, the customer-data fields are coded as undetermined.
-
January 1, 2025 • EyeCare Partners disclosed that an unauthorized third party accessed certain ECP-managed email accounts between December 3, 2024 and January 28, 2025. The accessed files may have contained personal identifiers and limited health-related information, including addresses, dates of birth, Social Security numbers, drivers license numbers, health plan information, and limited clinical information; the notice emphasized that full medical records and detailed clinical information were not impacted. The organization reported the incident to Massachusetts regulators on February 4, 2026 and began outreach and remediation steps consistent with an email-system compromise.
-
December 31, 2024 • The ransomware group RansomHub claims responsibility for a breach of MetLife's operations in Latin America. MetLife denies the allegations, acknowledging a separate cyber incident involving Fondo Genesis, a subsidiary operating solely in Ecuador. Claims to have exfiltrated 1TB of data.
-
December 31, 2024 • Ford confirms that its X account was briefly compromised, after posts referencing the Israel-Palestine war are published.
-
December 31, 2024 • Global travel agency Thomas Cook's Indian arm closes its affected systems after a cyber attack takes down its IT infrastructure.
-
December 30, 2024 Chinese state-backed threat actors breach the Office of Foreign Assets Control (OFAC), a Treasury Department office that administers and enforces trade and economic sanctions programs, exploiting a vulnerability in a BeyondTrust Remote Support SaaS instance.
-
December 30, 2024 • Laboratory Services Cooperative, a U.S. medical testing provider based in Texas, disclosed that unauthorized actors accessed and exfiltrated PHI and PII data of approximately 16 million individuals. No encryption or operational disruption occurred, and no threat actor has been publicly identified.
-
December 29, 2024 • On December 29 2024, Anubis listed an unnamed U.S. firm from the engineering and construction sector on its leak site. KELA reported the inclusion, and SecurityWeek referenced the finding. Stolen material reportedly included project and client documentation. No encryption or service interruption confirmed.
-
December 29, 2024 • On December 29 2024, the criminal group Anubis listed Summit Home Health Inc. on its ransomware leak site, claiming theft of over 7 thousand patient records. KELA verified sample files, and SecurityWeek later reported the case as an example of Anubiss early campaigns. No encryption or service disruption was described, indicating a pure data-exfiltration exploit.
-
December 29, 2024 • On December 29 2024, the criminal group Anubis listed the Peruvian engineering and construction company Comercializadora S&E Per on its leak site. KELA verified the listing and SecurityWeek later cited it as part of Anubiss first campaign. The group stole internal and client information; no encryption or operational outage was reported.