Call-On-Doc, Inc., dba Call-On-Doc.com
December 1, 2025
•[ data leak, telehealth breach, patient record exfiltration ]
A threat actor posted a sales listing on a hacking forum claiming that telehealth provider Call-On-Doc was breached in early December 2025 and that 1,144,223 patient records were exfiltrated. The listing reportedly included patient identifiers and contact details, transaction metadata, medical category and condition fields, prescribed services, and payment amounts. The reporting outlet reviewed screenshots and a sample file and assessed the data appeared plausible, but Call-On-Doc had not publicly confirmed the incident at the time of reporting.
Undisclosed Apple-assembler in China
December 1, 2025
•[ data leak ]
Hackers breached an Apple assembler in China and accessed internal systems, with reporting indicating that production and manufacturing-related data was targeted during the intrusion.
MédecinDirect
November 28, 2025
•[ data leak ]
MdecinDirect, a French teleconsultation platform, reported a large-scale cyber incident in late November 2025. The provider stated it was the victim of an intrusion that was stopped upon detection on 11/28/2025. Approximately 285,000 patients were warned that their account information could have been compromised, and affected people were informed once the incident perimeter was clarified on 12/03/2025. MdecinDirect indicated that personal and health data potentially consulted included the reason for teleconsultation, information provided in pre-teleconsultation questionnaires, written exchanges between patients and physicians, and some Social Security numbers. The platform stated teleconsultation videos were not recorded and were therefore not impacted. It reported filing a complaint and notifying the CNIL (Frances data protection authority), and stated that services were functioning normally about ten days after the intrusion while additional technical investigation continued.
The Araneta Group of Companies
November 28, 2025
•[ data leak ]
The Araneta Group of Companies disclosed a cybersecurity breach affecting systems of multiple subsidiaries, including Araneta Center Inc., TicketNet Inc., and PPI Holdings Inc., and reported the incident to regulators while investigating the scope of impact.
Clarksville ISD
November 26, 2025
•[ ransomware, data leak, Social Security numbers ]
Clarksville ISD reported on November 26, 2025 that all district computers and the district network were experiencing significant difficulties and told staff and students not to use district-connected devices while recovery work continued; later, Interlock claimed it stole student and employee information including Social Security numbers and financial records.
Visage Imaging
November 26, 2025
•[ data leak ]
Visage Imaging reported a security incident involving unauthorized access to certain personal information within its systems. The organization indicated that an unauthorized party accessed personal information classified as personally identifiable information (PII), and that impacted elements may include individuals names and Social Security numbers. Visage Imaging filed a public notice with the Massachusetts Attorney General and began sending notification letters to impacted individuals on November 26, 2025.
Advanced Family Surgery Center (AFSC)
November 26, 2025
•[ data leak, healthcare, protected health information ]
Threat actors identifying as Genesis claimed they compromised Advanced Family Surgery Center (AFSC) in Oak Ridge, Tennessee, and later added the organization to their leak site, asserting that about 100 GB of data had been exfiltrated from company file servers. The reported dataset included healthcare data, personal data, financial data, user folders, and operational files. The reporting outlet reviewed sample files and indicated they contained protected health information such as patient names, dates of birth, full Social Security numbers, dates of service, physician details, and insurance information. At the time of reporting, no official public notification by the provider had been located.
Dolar Financial Group
November 25, 2025
•[ ransomware, data leak, extortion ]
Money Mart (National Money Mart Company Database) was posted to the Everest ransomware groups leak site around Nov 25, 2025, with the attackers claiming they exfiltrated 80,000+ internal files and threatening to publish them by Nov 30. Reporting states Cybernews reviewed the leaked samples and observed multiple categories of data, including customer identification/contact details and identity documents, financial data (including partial credit card details and transaction-related records), and extensive employee information. The report describes the incident primarily as data theft/extortion, with no confirmed public statement from Money Mart included in the article and no operational outage details provided in the cited reporting.
Undisclosed Korean financial institutions
November 25, 2025
•[ ransomware, supply-chain attack, data leak ]
Bitdefender reported a targeted supply-chain attack in which the Qilin ransomware group compromised managed service providers to access numerous South Korean financial institutions. The attackers exfiltrated data and listed victims on their leak site, with at least 25 firms affected in a single month.
NYC Health + Hospitals
November 25, 2025
•[ third-party breach, healthcare data, biometric data ]
Unauthorized actors accessed NYC Health + Hospitals systems through a third-party vendor between approximately November 25, 2025 and February 2026, exposing personal, medical, health insurance, biometric, and financial information of approximately 1.8 million individuals.
Royal Borough of Kensington and Chelsea
November 24, 2025
•[ data leak ]
RBKC confirmed that attackers accessed council systems and copied data during a cyber incident identified on November 24. The council reports that only historical data was affected, though exfiltrated information may enter the public domain. Emergency plans were activated and some online services and phone lines were disrupted.
The Miller Financial Group
November 24, 2025
•[ data leak ]
Unauthorized access to internal systems at The Miller Financial Group exposed sensitive personal data for at least seven Massachusetts residents, including names, Social Security numbers, state-issued IDs, and financial institution information. TMFG notified the Massachusetts Attorney General on November 7, 2025 and issued consumer notification letters.
Adda.io
November 23, 2025
•[ data leak ]
Data breach at Adda.io: a hacker using the alias Blinkers posted a dataset claiming to contain personal information for approximately 1.86 million users, including names, phone numbers, email addresses, owner IDs, and MD5-hashed passwords.
Department of the Interior and Local Government (DILG)
November 23, 2025
•[ data leak, hacktivism ]
Hacktivist group HappyGoLuckyPH claims to have infiltrated the Philippine Department of the Interior and Local Governments intranet and exfiltrated about 400GB of internal government data, including personal and financial details of roughly 10,000 employees and contractors, while DILG publicly states it is still verifying the alleged breach and says core systems remain stable; despite the ongoing verification, the combination of leaked samples and size claims is treated here as a successful cyberattack involving significant data theft.
Iberia Líneas Aéreas de España S.A.
November 23, 2025
•[ data leak ]
Spanish flag carrier Iberia began notifying customers after discovering that unauthorized access to a suppliers systems had exposed limited loyalty-program data, including names, email addresses and Iberia Club card IDs, while emphasizing that passwords and payment information remained safe; the airline activated its security protocols, added additional protections around account email changes, notified regulators, and continues to investigate the vendor breach and a purported 77 GB data listing on hacker forums.
Precipio Inc.
November 23, 2025
•[ unauthorized access, data leak, protected health information ]
Precipio posted a Notice of Data Event stating it learned on or about November 25, 2025 that an unauthorized user accessed an employees cloud-based storage account. The companys investigation (with third-party cybersecurity specialists) determined the unauthorized access occurred on or around November 23, 2025 and that certain files in the account were copied without authorization. Precipio stated the impacted information varies by person but may include identifiers and protected health information such as names, addresses, MRNs, DOB, clinical/treatment and procedure information, provider name, prescription information, and health insurance information. The notice said law enforcement was notified and that additional notifications would follow after file review completion.
French Football Federation (FFF)
November 22, 2025
•[ data leak, unauthorized access ]
The French Football Federation disclosed that an unauthorized party accessed administrative software on November 22 and exfiltrated personal and membership information for registered members; no operational disruption or actor attribution was identified.
Resecurity honeypot
November 21, 2025
•[ honeypot, data leak, threat intelligence ]
Threat actors identifying as 'Scattered Lapsus$ Hunters' claimed they had gained full access to Resecurity systems and stolen employee data, internal chats/logs, threat intelligence reports, and client lists, posting screenshots on Telegram. Resecurity denied that its production environment was breached and said the actor interacted with an isolated honeypot account and systems populated with synthetic (fabricated) customer, employee, and payment data. Resecurity reported it first detected suspicious probing activity on November 21, 2025 and monitored subsequent automated extraction attempts against the decoy environment, treating the incident as an intrusion attempt rather than a confirmed compromise of real systems/data.
Almaviva S.p.A.
November 20, 2025
•[ data leak ]
Threat actor breached Almaviva (IT services provider for FS Italiane Group), exfiltrated about 2.3TB of internal data including technical documentation, contracts, accounting records, HR archives and multicompany repositories across several FS Group companies; data appears recently generated (Q3 2025); Almaviva confirmed a breach, isolated systems, and launched response procedures.
