Full List

Search

Recent Breaches

• iHeartMedia December 24, 2024 • [ data leak ] PII of an undisclosed number of employees/individuals from a small number of local stations viewed and obtained between Dec 2427, 2024; breach notices filed in multiple U.S. states.
• Denton County MHMR Center (My Health, My Resources) December 24, 2024 • [ data leak, healthcare ] Denton County MHMR Center disclosed unauthorized access to its network occurring between December 24 and December 25, 2024. A forensic investigation determined that patient protected health information was accessed. The organization notified affected individuals and regulators in 2025; no attacker-caused operational disruption was publicly reported.
• European Space Agency December 23, 2024 • [ hack, xss, government ] The European Space Agency's official web shop is hacked as it started to load a piece of JavaScript code that generates a fake Stripe payment page at checkout.
• Kenton County School District December 20, 2024 • [ social, phishing, education ] Personal data from current and former students in Kenton County School District are compromised in a phishing scheme.
• Crown Mortgage Company December 20, 2024 • [ ransomware, finance ] Unauthorized access was discovered on Dec 20, 2024, at Crown Mortgage Company, exposing customer names and Social Security numbers. Breach notifications were sent on Jan 2, 2025, and the company offered 24 months of identity monitoring. A ransomware group has claimed responsibility, but this remains unconfirmed.
• Cornwell Quality Tools December 20, 2024 • [ leak, manufacturing ] Cornwell Quality Tools discovered a data breach (Dec 20, 2024), later completed an investigation (Aug 4, 2025) and mailed notices (Sept 4, 2025) offering credit monitoring; exposed data may include names, SSNs, DL numbers, financial accounts, and medical information
• Multiple Organizations December 19, 2024 • [ hack, malware, technology ] The developers of Rspack reveal that two of their npm packages, @rspack/core and @rspack/cli, were compromised in a software supply chain attack that allowed a malicious actor to publish malicious versions to the official package registry with cryptocurrency mining malware.
• Pittsburgh Regional Transit December 19, 2024 • [ ransomware, malware ] Pittsburgh Regional Transit (PRT) is hit with a ransomware attack.
• Ukrainian State Registers December 19, 2024 • [ hack, government ] Suspected Russian threat actors from the XakNet collective launch one of the largest cyberattacks on Ukraines state services in recent months.
• Boone County School District December 19, 2024 • [ social, phishing, education ] Personal data from current and former students in Boone County School District are compromised in a phishing scheme.
• Undisclosed Malaysian educational institution December 19, 2024 • [ financial, malware, education ] Researchers from Trend Micro discover a Python-Based NodeStealer version targeting Facebook Ads Manager.
• PowerSchool December 19, 2024 • [ hack, education ] Education software firm PowerSchool confirms it suffered a cybersecurity incident that allowed a threat actor to steal the personal information of students and teachers from school districts using its PowerSchool SIS platform.
• Carruth Compliance Consulting December 19, 2024 • [ data leak, third-party breach ] Third-Party Retirement Plan Administrator Reported December Intrusion Exfiltrating School Employee Data.
• Baker School District December 19, 2024 • [ data leak, supply chain ] PowerSchool national breach (Dec 1924, 2024) impacted districts incl. Baker; district announced vendor notifications and monitoring steps.
• Parascript December 19, 2024 • [ data leak ] Software firm disclosed breach following unauthorized access to networked systems and data.
• Merck Sharp & Dohme LLC December 19, 2024 • [ data leak, supply chain attack ] Merck stated it was informed that its data was found within files impacted by a security incident at vendor Graebel Companies, Inc. After internal review, Merck determined certain current and former employees personal information was included in the impacted data and began notifying affected individuals. Reported potentially impacted elements included names and financial account information. The underlying vendor incident involved unauthorized access to or taking of certain files from the vendors network during a defined window in December 2024, with subsequent file review and customer notifications occurring later.
• Military personnel in Ukraine December 18, 2024 • [ social, malware, government ] The Computer Emergency Response Team of Ukraine (CERT-UA) discloses that a threat actor tracked as UAC-0125 is leveraging Cloudflare Workers to trick military personnel in the country into downloading malware disguised as Army+, a mobile app that was introduced by the Ministry of Defence back in August 2024 in an effort to make the armed forces go paperless.
• "Tony" (undisclosed crypto investor) December 18, 2024 • [ social, phishing, finance ] A scammer impersonating Google manages to phish 45 bitcoins approximately $4,725,000 at todays value from Tony, a 42-year-old professional from northern California.
• Sturgis Hospital December 18, 2024 • [ hack, healthcare ] Sturgis Hospital reported that unauthorized access was detected in part of its network in December 2024. The hospital determined that files containing personal and medical data may have been viewed or copied. No encryption or operational disruption was reported.
• GemPad December 17, 2024 The Gem Pad token launchpad is exploited for an estimated loss of $2.2M in crypto assets.