Full List

Search

Search Results (Data Leak)

• Consero Global Solutions LLC April 27, 2025 • [ data leak ] A data breach at Consero Global Solutions LLC: unauthorized third-party access to internal systems between April 27 and July 4, 2025 resulted in possible acquisition of personal information (full name, SSN, other PII). Company has notified affected individuals and offered identity-protection services.
• Hitachi Vantara April 26, 2025 • [ ransomware, data leak ] Akira ransomware infiltrated Hitachi Vantaras internal network, stealing corporate data and encrypting parts of its IT environment, prompting incident response and system restoration efforts.
• Nova Scotia Power April 25, 2025 • [ data leak ] Sensitive customer data stolen in a cybersecurity incident disclosed on May 15, 2025; investigation ongoing and scope not fully detailed.
• MTN Group April 24, 2025 • [ data leak ] On April 24 2025, Johannesburg-based telecommunications giant MTN Group disclosed a cybersecurity incident in which an unauthorized third party accessed personal information of some customers in unspecified African markets. The company confirmed that its core network, billing, and financial systems were not affected. Regulators and law enforcement were notified. The breachs timing and number of affected customers have not been disclosed.
• Legal Aid Agency April 23, 2025 • [ data leak, government ] Breach of LAA digital services first detected April 23; by May 16 the scope was deemed far wider. Government confirms theft of sensitive data on applicants dating back to 2010; online services were shut down as a precaution while NCSC/NCA investigated.
• Co-op (The Co-operative Group) April 22, 2025 • [ data leak, social engineering ] 6.5M member records stolen following a social-engineering-enabled breach; AD password-hash database also taken; Co-op temporarily shut down some IT systems.
• Groupe 3R (Réseau Radiologique Romand) April 22, 2025 • [ data leak ] Groupe 3R (Rseau Radiologique Romand), a network of medical imaging centers in western Switzerland, disclosed a cyberattack detected in early April 2025. According to the organization, no images or examination results were lost or encrypted, but attackers copied medical and administrative patient data. Operations continued normally, and a report was filed with Swiss authorities.
• Barnstable County Sheriff’s Office April 22, 2025 • [ insider threat, data leak ] BCSO reported an intentional insider breach learned April 22, involving leaking of personal information of 100+ former employees and one current employee; the employee was placed on leave.
• Esse Health April 21, 2025 • [ data leak ] Cyberattack disrupted patientfacing network systems and phones and led to copying of files of 263,601 patients. Information includes personal and health data
• SK Telecom April 19, 2025 • [ malware, data leak ] Malware on internal servers enabled theft of USIM identifiers and related network data over an extended period.
• Marks & Spencer April 19, 2025 • [ data leak ] A cyberattack discovered over Easter weekend (April 19 2025) caused Marks & Spencer to take systems offline as a precaution, disrupting online orders and click-and-collect services. The company confirmed that attackers accessed customer personal data through a third-party contractors environment but found no evidence of ransomware or data encryption. Personal information accessed included names, contact information, and limited transaction data, but not passwords or full card details.
• City of Abilene April 18, 2025 • [ ransomware, data leak ] On April 18 2025, the City of Abilene, Texas, detected unresponsive servers and shut down affected systems. Reports state certain systems were taken offline and none of the card systems at government offices were working; emergency services remained up and running. The Qilin ransomware group later claimed responsibility; roughly 477 GB of data were reported stolen and some data encrypted/deleted.
• Eckert Seamans Cherin & Mellott LLC April 17, 2025 • [ data leak, legal, insufficient security ] Eckert Seamans detected unauthorized activity on an attorneys device on April 17, 2025, and confirmed that a document listing alumni was copied. The firm began notifying affected individuals on June 23, 2025, offering identity protection services and notifying regulators and law enforcement. Class action filed Aug 4, 2025, alleging failure to safeguard PII.
• TickChak (external ticketing platform used by IDF units) April 16, 2025 • [ data leak, hacktivism ] A hacktivist using the alias Persian Prince accessed and leaked data from TickChak, an Israeli ticketing platform reportedly used by IDF units. The leak, publicized on April 16 2025, exposed personal details of tens of thousands of soldiers, including names, national ID numbers, and phone numbers. No ransom or sale was reported; the data was posted publicly to protest Israeli military actions.
• McKenzie Health System (McKenzie Memorial Hospital) April 15, 2025 • [ data leak, healthcare data breach, repeat incident ] Notification to Maine AG reported an incident discovered on or about April 15 affecting 54,016 people; prior 2022 incident had 51,040 impacted, indicating recurring exposure issues.
• Pierce County Library System April 15, 2025 • [ ransomware, data leak, service disruption ] The Record reported that the Pierce County Library System discovered a cybersecurity incident on April 21, 2025 that forced it to shut down all systems, with an investigation later finding attackers had access between April 15 and April 21. By May 12, the library confirmed hackers breached systems and stole information on both patrons and current/former employees, and later breach notifications indicated more than 340,000 people were impacted. The report stated the INC ransomware gang claimed the attack in May, and the combination of service shutdown and confirmed data theft supports a mixed event involving disruption and data compromise.
• Hamilton County Sheriff’s Office April 14, 2025 • [ ransomware, data leak ] Ransomware attack by the Qilin group encrypted internal systems and took the Hamilton County (Tennessee) Sheriffs Office website offline; attackers demanded $300,000 and claimed data theft, but no exfiltration has been verified; systems fully restored by early May 2025.
• CMC Corporation April 12, 2025 • [ ransomware, data leak ] Ransomware group Crypto24 carried out a double-extortion attack against Vietnam-based CMC Corporation on April 12, 2025, exfiltrating roughly 2 TB of internal data and encrypting subsidiary servers for less than one day.
• DaVita Inc. April 12, 2025 • [ ransomware, data leak ] On April 12, 2025, DaVita reported a ransomware incident that encrypted elements of its network and disrupted some operations. Subsequent disclosures confirmed theft of personal and medical information impacting over one million individuals.
• Wolters Kluwer N.V. April 12, 2025 • [ data leak ] On April 12 2025, a BreachForums user known as IntelBroker offered for sale a 36 GB dataset allegedly stolen from Wolters Kluwer. The company confirmed an incident affecting its health-journals business but reported no compromise of tax or financial data. The exposed information consisted of professional contact details and profile metadata.