Prospect
October 9, 2025
•[ data leak ]
Security incident at Prospect exposed Bectu members personal and bank details.
Multiple compromised email accounts at third undisclosed US university
October 9, 2025
•[ phishing, data leak ]
Credential-phishing on university payroll platforms diverted salary payments.
Chipotle Mexican Grill, Inc.
October 9, 2025
•[ phishing, social engineering, data leak ]
Chipotle Mexican Grill disclosed unauthorized access to employee Workday payroll accounts between October 9 and October 26, 2025. Attackers used phishing and social engineering to access accounts and alter payroll information. State breach notices identified 31 affected employees in Maine and 2 in New Hampshire; the company has not disclosed a nationwide total, and state figures represent only partial reporting.
Williams & Connolly
October 8, 2025
•[ espionage, state-sponsored attack, data leak ]
Breach of U.S. law firm with major political clients linked to Chinese espionage campaign.
CPAP Medical Supplies and Services, Inc.
October 8, 2025
•[ data leak, healthcare, government ]
Data breach affecting ~90,000 military members, veterans and families exposed SSNs and medical details.
London North Eastern Railway
October 8, 2025
•[ data leak, supply chain attack ]
Media report warns LNER customers after supplier breach exposed contact and journey data
Policing Board laptop
October 8, 2025
•[ data leak, stolen hardware ]
A laptop belonging to a staff member of the Northern Ireland Policing Board was stolen from a Belfast city centre pub on October 8, 2025, prompting a data-breach report and a Police Service of Northern Ireland investigation. The rucksack containing the laptop was taken between 5 p.m. and 6 p.m.; a suspect was arrested and charged shortly afterwards. The board says the laptop was immediately decommissioned remotely by IT Assist, other items from the bag were recovered, and there is no identified or residual risk arising from data on the device, but the incident has drawn scrutiny because of previous PSNI data breaches.
Sunweb Group
October 7, 2025
•[ data leak, phishing ]
Data breach exposed customer contact and booking details; agency warned customers to stay vigilant.
Appalachian Community Federal Credit Union
October 7, 2025
•[ data leak ]
Appalachian Community Federal Credit Union detected unauthorized access to its systems in early October 2025 The institution confirmed a cyber incident involving unauthorized access and data theft and issued breach notifications to affected members including residents of Massachusetts following forensic investigation
Unnamed Minnesota hospital
October 6, 2025
•[ ransomware, extortion, data leak ]
Ransomware group Radiant listed an unnamed Minnesota hospital on its leak site and issued a 7-day extortion deadline; hospital not yet identified and operational impact undisclosed.
Indonesian National Police
October 4, 2025
•[ data leak, government, hacker ]
Hacker Bjorka released a dataset of ~341k police personnel (names, ranks, units, contacts) from 2016 on a public site; authorities acknowledge leak discussions while probing identity of actor.
Renault UK
October 3, 2025
•[ data leak, third-party breach ]
Third-party service provider breach affecting Renault UK customer records; exposed contact and vehicle identifiers; Renault says own systems not compromised.
General Directorate of Taxes and Domains
October 3, 2025
•[ data leak ]
Criminal group 'Black Shrantac' claims breach of Senegals DGID with large-scale data exfiltration; impact on DGID operations not detailed.
Discord
October 3, 2025
•[ data leak, third-party breach ]
Third-party customer support vendor was breached, exposing support tickets, personal data, limited billing details, and a small number of government-ID images; Discord core systems unaffected.
Clarins Group
October 3, 2025
•[ ransomware, data leak ]
Press release states Clarins international e-commerce platforms were hit by ransomware; Everest allegedly leaked samples and claims access to ~600k customer records with personal/transactional info.
My ServiceOttawa
October 3, 2025
•[ data leak, phishing ]
On 3 October 2025 a My ServiceOttawa account using an automated bot exploited a bug in the service request lookup tool, allowing it to pull details of other residents service requests when a valid request number was supplied. The City of Ottawa says the breach was limited to email and postal addresses tied to about 2,454 service requests and did not include financial information, passwords or other sensitive data. The city immediately blocked the bot, patched the application, identified all potentially affected records and began notifying impacted residents with advice on spotting phishing or misuse of their contact details.
Legal Practice Board of Western Australia
October 2, 2025
•[ ransomware, data leak, health data ]
Ransomware attack in May led to compromise of additional data beyond initial disclosure; impacted info includes health, financial, and personal data.
Canadian Tire Corporation
October 2, 2025
•[ data leak ]
Retailer reported Oct 2 breach of e-commerce database impacting customer information across multiple banners.
Red Hat
October 2, 2025
•[ extortion, data leak ]
Red Hat confirmed incident affecting a consulting GitLab instance; extortion group claims access to repos and CERs with potentially sensitive client details.
United States Air Force
October 2, 2025
•[ data leak ]
USAF investigating a SharePoint permissions issue leading to exposure of PII/PHI; SharePoint access was blocked Air Force-wide while Microsoft and authorities investigate; no attribution yet.
