Clarins Group
October 3, 2025
•[ ransomware, data leak ]
Press release states Clarins international e-commerce platforms were hit by ransomware; Everest allegedly leaked samples and claims access to ~600k customer records with personal/transactional info.
My ServiceOttawa
October 3, 2025
•[ data leak, phishing ]
On 3 October 2025 a My ServiceOttawa account using an automated bot exploited a bug in the service request lookup tool, allowing it to pull details of other residents service requests when a valid request number was supplied. The City of Ottawa says the breach was limited to email and postal addresses tied to about 2,454 service requests and did not include financial information, passwords or other sensitive data. The city immediately blocked the bot, patched the application, identified all potentially affected records and began notifying impacted residents with advice on spotting phishing or misuse of their contact details.
Legal Practice Board of Western Australia
October 2, 2025
•[ ransomware, data leak, health data ]
Ransomware attack in May led to compromise of additional data beyond initial disclosure; impacted info includes health, financial, and personal data.
Canadian Tire Corporation
October 2, 2025
•[ data leak ]
Retailer reported Oct 2 breach of e-commerce database impacting customer information across multiple banners.
Red Hat
October 2, 2025
•[ extortion, data leak ]
Red Hat confirmed incident affecting a consulting GitLab instance; extortion group claims access to repos and CERs with potentially sensitive client details.
United States Air Force
October 2, 2025
•[ data leak ]
USAF investigating a SharePoint permissions issue leading to exposure of PII/PHI; SharePoint access was blocked Air Force-wide while Microsoft and authorities investigate; no attribution yet.
Assaf Harofeh Medical Center
October 1, 2025
•[ extortion, data leak, healthcare ]
Hospital hit during Yom Kippur; extortion demand ~$700,000; brief outage of shared records system reported; authorities probing possible data leak.
Kaufman County
October 1, 2025
•[ data leak, identity theft, government ]
A letter dated Oct 1 states personal data in Kaufman County systems may have been accessed; residents received 24 months of credit monitoring. This disclosure came three weeks before a second October incident, indicating repeated compromise pressure against the countys environment and elevating identity-theft risk even where misuse is not yet observed.
Georgetown Brewing Co.
October 1, 2025
•[ data leak ]
Class-action notice cites brewerys disclosure of a cybersecurity incident impacting nearly twenty thousand people with PII; vector not detailed.
Jennings O'Donovan
October 1, 2025
•[ data leak ]
Engineering firm Jennings O'Donovan in County Sligo, Ireland experienced unauthorized access to part of its IT system used for the governments defective block grant scheme. The intrusion occurred in early October 2025 and potentially exposed personal data of roughly 861 applicants, while financial systems remained secure. Authorities consider it consistent with financially motivated criminal activity.
Merkle, Inc. (Dentsu Group)
October 1, 2025
•[ data leak, ransomware ]
Dentsus US-based subsidiary Merkle disclosed a cyber incident discovered in October 2025 involving unauthorized access and data theft from HR and client systems; stolen information included employee, supplier, and client financial and personal records; certain systems were taken offline during response; no ransomware group claimed responsibility.
WhatsApp users in Bijnor, Uttar Pradesh
October 1, 2025
•[ malware, phishing, data leak ]
Several WhatsApp users in Bijnor, Uttar Pradesh had their Android phones compromised after downloading a fake wedding invitation via WhatsApp. The malware granted remote access, exposing personal messages, photos, and financial app data. Victims filed complaints with the Bijnor Cyber Crime Police Station; authorities believe multiple individuals across the district were affected.
GlobalLogic
October 1, 2025
•[ ransomware, data leak, extortion ]
cl0p exploited an Oracle-hosted cloud application used by GlobalLogic for HR data management, exposing approximately 10,000 employee records including names, email addresses, phone numbers, and employee identifiers, as part of a broader extortion campaign targeting Oracle cloud tenants.
Substack
October 1, 2025
•[ phishing, data leak, unauthorized access ]
Substack notified users of a data breach after it identified evidence on February 3, 2026 that an unauthorized third party accessed limited user data in October 2025. Substack stated that credit card numbers, passwords, and financial information were not accessed. The company did not disclose how access was obtained, but said it fixed the system issue that enabled it and warned users to be cautious of phishing. Reporting cited a database allegedly containing 697,313 records posted to a hacking forum, consistent with exposure of emails, phone numbers, and internal account metadata.
National Health Service (NHS UK)
September 29, 2025
•[ ransomware, data leak ]
Cl0p ransomware actors exploited an Oracle E-Business Suite zero-day vulnerability (CVE-2025-61882) as part of a broader campaign and contacted The Washington Post on 29 September 2025 claiming access to its Oracle EBS applications. A Maine Attorney General breach filing and subsequent reporting confirmed that Cl0p exfiltrated Washington Post data and that 9,720 individuals had their personal and financial information exposed, including names, bank account and routing numbers, Social Security numbers and tax IDs. The incident appears to be data-theft-focused with no confirmed operational disruption at the newspaper.
Richmond Behavioral Health Authority (RBHA)
September 29, 2025
•[ ransomware, data leak ]
Richmond Behavioral Health Authority (RBHA), a public mental health services provider for the City of Richmond, reported a ransomware attack that began on September 29, 2025 and was identified on September 30, after which RBHA said it removed the attacker from its network. Despite rapid eviction, RBHA disclosed that an unknown actor may have accessed sensitive information including names, Social Security numbers, passport numbers, and financial account and health information. Reporting stated RBHA told U.S. HHS that 113,232 individuals were affected. The Qilin ransomware group later claimed responsibility and published a large dataset allegedly stolen from RBHA, consistent with a double-extortion incident involving both encryption and data exfiltration.
Avnet
September 26, 2025
•[ data leak ]
Avnet confirmed unauthorized access to externally hosted database supporting EMEA sales tool; company says most stolen data unreadable without proprietary tool; samples include non-sensitive PII.
Kido Schools (nursery chain)
September 25, 2025
•[ ransomware, data leak ]
Hackers calling themselves Radiant stole sensitive child and parent data from Kido Schools, posting victims profiles online to extort a 600,000 ransom; after public backlash they blurred then deleted the leaked material.
Arizona Federal Public Defender’s Office
September 24, 2025
•[ ransomware, data leak ]
Ransomware detected Sept 24 2025 crippled Arizonas Federal Public Defender Office, encrypting decades of case files and deleting backups. Investigators suspectbut have not confirmeddata exfiltration. No threat group has claimed responsibility.
Margaritaville at Sea
September 23, 2025
•[ ransomware, data leak ]
Margaritaville at Sea reported that on September 23 a ransomware group identified as Lynx infiltrated company systems and exfiltrated sensitive passenger personal data and protected health information; no operational disruption or internal data loss was confirmed.
