Portend Breaches

Comercializadora S&E PerÃƒÂº December 29, 2024 • [ data leak, ransomware, cyber attack ] On December 29 2024, the criminal group Anubis listed the Peruvian engineering and construction company Comercializadora S&E Per on its leak site. KELA verified the listing and SecurityWeek later cited it as part of Anubiss first campaign. The group stole internal and client information; no encryption or operational outage was reported.

DEphoto December 28, 2024 The threat actor known as 0mid16B breaches DEphoto, a U.K. photo business, twice in few days, acquiring the personal information of 555,952 customers.

Multiple Italian sites, including Malpensa and Linate airports December 28, 2024 Pro-Russia group Noname057(16) targets Italian sites, including Malpensa and Linate airports, in a new DDoS campaign amid rising geopolitical tensions.

Atos December 28, 2024 French tech giant Atos, which secures communications for the country's military and secret services, denies claims made by the Space Bears ransomware gang that they compromised one of its databases. Instead the threat actors breached unconnected "external third-party infrastructure," which, although stored data mentioning the company's name, was not managed or secured by Atos.

The Children’s Center of Hamden December 28, 2024 • [ hack, healthcare ] The Childrens Center of Hamden reported a December 2024 data-security incident in which an unauthorized actor acquired files from its systems, exposing PII/PHI for ~5.2k clients and staff; investigation ended June 29, 2025; notifications began Aug 12, 2025; credit monitoring offered.

The ChildrenÃ¢â‚¬â„¢s Center of Hamden December 28, 2024 • [ data breach, data theft, unauthorized network activity ] In late December 2024, The Childrens Center of Hamden detected unauthorized network activity later linked to the criminal group INC. The attack resulted in theft of sensitive patient and staff information including SSNs and medical records. No encryption reported. Public notice issued August 28 2025.

Undisclosed U.S. telecommunications company December 27, 2024 • [ hack, technology ] A White House official adds a ninth U.S. telecommunications company to the list of telecoms breached in a Chinese hacking campaign that impacted dozens of countries.

Infocert December 27, 2024 Infocert, one of the leading Spid digital identity providers in Italy, confirms a serious breach of its users personal data. The attackers claim to have stolen a huge volume of data from Infocerts databases, including 5.5 million registrations, 1.1 million telephone numbers, and 2.5 million email addresses.

Turin Public Transport December 27, 2024 • [ hack, ddos, government ] Pro-Russia threat actors from Noname057(16) target Italian ministries, institutions, critical infrastructure websites and private organizations in coincidence with the visit of Ukrainian President Volodymyr Zelensky to Italy.

Fraunhofer Institute for Industrial Engineering IAO December 27, 2024 • [ ransomware, malware, technology ] On December 27, 2024, Fraunhofer IAO in Stuttgart suffered a ransomware attack that encrypted and disrupted internal systems. The institute reported the incident to the Bavarian Data Protection Authority and law enforcement within statutory deadlines. While research data is typically anonymized, unauthorized disclosure cannot be ruled out, though no confirmed exfiltration has been identified.

X account of Animoca Brands co-founder Yat Siu December 26, 2024 A threat actor compromises the X account of Animoca Brands co-founder Yat Siu, using it to promote a fraudulent token.

Japan Airlines December 26, 2024 • [ hack ] Japans flag carrier announces that it has restored its systems following a cyber incident that delayed some domestic and international flights.

Trusteed Plans Service Corporation December 26, 2024 • [ leak, finance ] TPSC detected a breach on 12/26/2024; investigation found unauthorized access and data acquisition. A data review completed 08/07/2025 identified 19,775 impacted individuals. Notices sent 09/1509/16/2025 detail exposure of PII/PHI (DOB, SSN, health info; sometimes insurance IDs). No outage or misuse evidence reported.

Mi Argentina December 25, 2024 • [ hack, government ] The Mi Argentina site and the SUBE card app, two of the governments most important digital platforms, suffer a cyber attack.

City of West Haven December 25, 2024 • [ ransomware, government ] The government of West Haven, Connecticut, says it is investigating a cyberattack that recently forced it to temporarily shut down all of its IT systems. The Qilin ransomware group claims responsibilty for the attack.

LexisNexis Risk Solutions December 25, 2024 • [ data leak ] LexisNexis disclosed that data stored on GitHub was acquired by an unauthorized party; breach notifications began May 24, 2025.

ArdyssLife December 24, 2024 • [ hack, manufacturing ] The threat actor known as 0mid16B claims to have successfully attacked Ardyss[.]com and ArdyssLife[.]com, stealin 596 GB of data from United States ArdyssLife[.]com and Ardyss[.]com server network.

Undisclosed Organization(s) December 24, 2024 Researchers at Northwave reveal that UNC5325, a suspected Chinese threat actor, is exploiting CVE-2024-9474, a vulnerability in Palo Alto firewalls, to install custom malware backdoor for espionage.

CyberHaven December 24, 2024 • [ hack, malware, technology ] Data-loss prevention startup Cyberhaven says threat actors published a malicious update to its Chrome extension that was capable of stealing customer passwords and session tokens.

Speedio December 24, 2024 • [ leak, misconfiguration, technology ] In December 2024, data alleged to have been taken from the Brazilian lead generation platform Speedio was posted for sale to a popular hacking forum. The data was allegedly obtained from an unsecured Elasticsearch instance and contained over 62M records of largely public business information including company names, phone numbers and physical addresses, along with 27M unique email addresses, predominantly from public services such as Gmail and Outlook. Speedio did not respond to multiple attempts to disclose the incident, and the origin of the data could not be independently verified. The data was provided to HIBP by a source who requested it be attributed to "ayame@xmpp.jp".

Recent Breaches