Outwood Academy Acklam
May 8, 2025
•[ data leak ]
Local reporting says the Middlesbrough school notified families on May 8 of a breach affecting parent information; letters indicated personal details were accessed and the school engaged with authorities.
LockBit ransomware operation
May 7, 2025
•[ ransomware, data leak, deface ]
LockBits dark-web panels were defaced and a MySQL database dump with internal operational data was posted by an unknown actor.
GlobalX
May 6, 2025
•[ hacktivism, defacement, data leak ]
Hacktivists defaced GlobalXs website and claimed theft of flight records and deportation passenger manifests; reporting cites defacement message referencing deportations. https://databreaches.net/2025/05/06/globalx-airline-for-trumps-deportations-hacked/
WDEF-TV
May 6, 2025
•[ ransomware, data leak ]
WDEF Chattanooga TV station was listed by the Lynx ransomware group; actors posted sample HR/contract files while the station assessed impact.
Alvin Independent School District
May 6, 2025
•[ data leak ]
Alvin ISD in Texas notified over 47,000 people of a data breach exposing personal information; investigation and notifications underway.
Zumpano Patricios (law firm)
May 6, 2025
•[ ransomware, data leak ]
SecurityWeek: HHS tracker shows >232k impacted at Cierant (Cleo file transfer/Cl0p) and ~280k at law firm Zumpano Patricios after May 6 intrusion with possible exfiltration.
Peruvian Government portal
May 5, 2025
•[ ransomware, data leak ]
Rhysida posted claims and alleged documents and demanded 5 BTC, but Perus government denied compromise of the federal platform; officials say only Piuras tax website had a separate March 29 cyber incident restored within 48 hours.
TeleMessage
May 5, 2025
•[ data leak ]
TeleMessage (an unofficial Signal archiving tool owned by Smarsh) suspended services while investigating a breach that exposed backend credentials and some archived data.
Liberty Township (Butler County)
May 5, 2025
•[ ransomware, data leak ]
The Liberty Township government in Butler County, Ohio, experienced a ransomware incident beginning May 5 2025 that encrypted internal systems and disrupted email and phone services. The SafePay ransomware group later claimed responsibility and said it had stolen and leaked about 48 GB of administrative and personnel information. Approximately 600 individuals were notified, and an FBI investigation remains ongoing.
Infinite Services (New York)
May 5, 2025
•[ ransomware, data leak ]
Employees could not log in on May 5; ransomware encryption interrupted by disconnecting power; investigation found one server accessed containing patient and employee PII/PHI; broad notifications sent out of caution.
Albamon
May 2, 2025
•[ data leak ]
Albamon disclosed unauthorized access affecting 22,473 resume entries; the company reported the breach to KISA and notified impacted users.
Centers for Medicare & Medicaid Services (Medicare.gov)
May 2, 2025
•[ data leak ]
CMS found malicious actors fraudulently created accounts between 2023 and 2025 using valid PII to access beneficiary info; ~103,000 affected; accounts deactivated and MBIs being replaced.
R.C. Manubhai
May 1, 2025
•[ ransomware, data leak ]
Qilin ransomware listed Fijian hardware chain R.C. Manubhai on its leak site, sharing samples (passport scans, salary/loan data) and claiming broader exfiltration; victim confirmation not published at time of report.
Defense and critical-infrastructure entities in Kazakhstan
May 1, 2025
•[ phishing, data leak, espionage ]
Rare Werewolf APT, a Russia-aligned espionage group, conducted spear-phishing and remote-administration toolbased intrusions in MayJune 2025 targeting defense and critical-infrastructure entities in Kazakhstan, resulting in unauthorized access and data exfiltration.
Defense and critical-infrastructure entities in Ukraine
May 1, 2025
•[ phishing, unauthorized access, data leak ]
Rare Werewolf APT, a Russia-aligned espionage group, conducted spear-phishing and remote-administration toolbased intrusions in MayJune 2025 targeting defense and critical-infrastructure entities in Ukraine, resulting in unauthorized access and data exfiltration.
Defense and critical-infrastructure entities in Armenia
May 1, 2025
•[ phishing, data leak, espionage ]
Rare Werewolf APT, a Russia-aligned espionage group, conducted spear-phishing and remote-administration toolbased intrusions in MayJune 2025 targeting defense and critical-infrastructure entities in Armenia, resulting in unauthorized access and data exfiltration.
Multiple French government and critical infrastructure organizations
April 30, 2025
•[ espionage, data leak, vulnerability exploitation ]
On April 30 2025, Frances national cybersecurity agency (ANSSI) attributed a campaign of at least twelve cyberattacks on French entities to Russias GRU 85th Main Special Service Center (Unit 26165), known as FANCYBEAR. The espionage activity targeted government, media, energy, and critical-infrastructure organizations via exploitation of vulnerable Cisco routers to gain persistence and exfiltrate sensitive data. No operational disruption was reported.
ClickFunnels
April 29, 2025
•[ data leak ]
Hackers (Satanic) claimed a breach via a third party and leaked business data.
Healthcare Therapy Services, Inc.
April 29, 2025
•[ data leak ]
Healthcare Therapy Services, Inc. reported that on April 29 it discovered unusual activity involving its email systems; investigation concluded on September 9 that patient personal and protected health information may have been affected, including SSNs, drivers license numbers, financial account information, and medical information; no misuse or operational disruption was reported.
Biopharma Company, Hinjewadi (Pune)
April 27, 2025
•[ ransomware, data leak ]
A ransomware attack discovered on April 27 2025 disrupted a biopharmaceutical company in Hinjewadi (Pune) after an unknown actor accessed internal servers, exfiltrated and encrypted data, and demanded USD 80,000 for decryption; the incident affected 15 on-premises research systems and is under investigation by Pune Cyber Cell.
