The House of Dior
January 26, 2025
•[ data leak, personally identifiable information, supply chain attack ]
Dior disclosed that a database was accessed on Jan 26, 2025 exposing data that includes names, contact details, address, DOB, and in some cases passport/ID or SSN. Believed to be related to broader LVMH/ShinyHunters vendor breach cluster.
Grubhub
January 25, 2025
•[ data leak, third-party breach ]
Grubhub disclosed that a third-party vendor account was compromised, allowing limited access to contact and partial payment information for customers, drivers, and merchants. Full card, bank, and SSN data were not accessed. No attribution to a specific threat group. Incident contained.
Marlboro-Chesterfield Pathology
January 25, 2025
•[ ransomware, data leak ]
SafePay ransomware actors stole personal and health information from MCP systems; entity reported to HHS that 235,911 individuals were affected.
Blessing Corporate Services Inc. (Blessing Health System)
January 22, 2025
•[ ransomware, data leak ]
Blessing Corporate Services reported a ransomware attack on January 22 2025 that stole and encrypted patient information for approximately 15,000 individuals. The breach disrupted some clinical operations before containment and was publicly disclosed in April 2025. No actor attribution has been made.
Alabama Ophthalmology Associates
January 22, 2025
•[ ransomware, data leak ]
Unauthorized access occurred Jan 2230, 2025; AOA later confirmed patient data was acquired. BianLian claimed responsibility; notifications began in April 2025.
Union Health System
January 22, 2025
•[ data leak, supply chain attack ]
Union Health reported that an unknown party accessed Oracle Health/Cerners data migration environment sometime after January 22, 2025; Union Health systems werent breached but patient data held by the vendor was exposed; notifications issued in May 2025.
Oracle Corporation (legacy cloud environment)
January 22, 2025
•[ data leak, extortion ]
Threat actor rose87168 exploited Oracles legacy Gen 1 Cloud infrastructure, stealing credentials and configuration data from ~140,000 tenants (6 million+ records) and attempting extortion; Oracle privately confirmed breach to customers.
Ascension
January 21, 2025
•[ data leak, vulnerability ]
Ascension disclosed a data breach linked to a former business partners software vulnerability; filings indicate 437,329 impacted individuals.
United Domestic Workers Of America
January 17, 2025
•[ data leak ]
Union reported unauthorized access; breach letters mailed March 27 to affected members.
Loretto Hospital
January 17, 2025
•[ ransomware, data leak ]
On January 17 2025, RansomHouse gained unauthorized access to Loretto Hospitals network in Chicago and exfiltrated approximately 1.5 TB of sensitive data. The group listed the hospital on its leak site and released sample medical and billing files. No encryption occurred. The hospital later confirmed about 500 affected individuals in its HHS filing.
Bell & Graham
January 16, 2025
•[ ransomware, data leak ]
On 2025-01-16, Bell & Graham confirmed that the SafePay ransomware group stole approximately 15 GB of client data from its on-premises servers. The firm stated that files were taken but not encrypted, and live cloud systems were unaffected.
Insight Partners
January 16, 2025
•[ ransomware, social engineering, data leak ]
On January 16, 2025, Insight Partners detected a cyberattack following a social engineering intrusion first traced to October 2024. Attackers exfiltrated sensitive files related to funds, management companies, portfolio companies, banking and tax records, and personally identifiable data of employees, partners, and investors. More than 12,000 individuals were affected. The incident escalated into a ransomware attack, with systems partially encrypted before containment. No named threat group has been identified, but the actor is criminal and financially motivated.
Millennium Home Health Care, Inc.
January 16, 2025
•[ data leak ]
Millennium Home Health Care, Inc., a home-healthcare provider based in Tulsa, Oklahoma, reported unauthorized access to two servers between January 16 and 20, 2025.
DecisionFi
January 15, 2025
•[ data leak ]
Unauthorized party accessed files via a web application; NH AG filing and notification letters dated 21-02-2025.
Select Medical Holdings Corporation
January 15, 2025
•[ data leak ]
Select Medical, a healthcare management company headquartered in Pennsylvania, disclosed unauthorized access to its internal network first detected in January 2025. Approximately 40,000 individuals PHI was exfiltrated, including names, Social Security numbers, and medical information. No ransomware or operational disruption was reported.
Forum Communications Company
January 14, 2025
•[ data leak ]
Forum Communications reported January access to files; 28,830 notified March 19.
Brsk
January 12, 2025
•[ data leak ]
TelecomTV reported that UK fibre broadband operator Brsk suffered a major data breach and that information related to more than 235,000 customers was put up for sale by cybercriminals. The report indicates unauthorized access and data exposure, but does not specify the exact data fields, intrusion method, or whether the breach impacted service availability.
Bpost
January 12, 2025
•[ ransomware, data leak, third-party ]
Reporting indicated that data attributed to Belgian postal operator bpost appeared on the TridentLocker ransomware leak site (about 30GB across thousands of files). Subsequent reporting cited a bpost spokesperson confirming a cyber incident and describing a limited data leak tied to a third-party exchange/platform used by a specific department (not linked to letters or parcels). The company stated it took immediate measures to contain the incident and said affected customers would be informed, while postal delivery operations were not expected to be endangered.
Town of Bourne
January 11, 2025
•[ ransomware, data leak ]
Unauthorized access to Bournes IT network was disclosed after a Jan 11, 2025 cyberattack. MA AG filings list 625 affected MA residents with SSN/financial/drivers-license data. RansomHub later claimed the attack and 100 GB theft; encryption not confirmed.
LG Energy Solution
January 11, 2025
•[ ransomware, data leak, supply chain attack ]
LG Energy Solution confirmed that an overseas facility was hit by a ransomware incident in November 2025, which briefly affected operations before systems were restored. The Akira ransomware group listed LG on its leak site, claiming to have stolen around 1.7 TB of data, including corporate documents and an employee database with personal information. LG stated that the incident was contained to the single facility and that production had resumed, while it continued to investigate the scope of the data theft. The case underscores the risk to global manufacturing supply chains from targeted ransomware operations.
