Pennsylvania State Education Association
July 6, 2024
•[ ransomware, data leak ]
Teachers union reports july 2024 breach with rhysida claim and mass notifications.
Chapman & Roberts PA
July 1, 2024
•[ data leak, law firm, pii ]
Greensboro immigration law firm disclosed a breach dating back to July 2024 that exposed client/individual PII; notifications issued in May 2025.
Harbin Clinic
July 1, 2024
•[ data leak, third-party breach ]
Third-party breach at Nationwide Recovery Services (July 2024) led to theft of Harbin Clinic patient data; disclosures and notifications in May 2025.
University of Medicine and Pharmacy HCMC Hospital
July 1, 2024
•[ data leak ]
Hackers leaked personnel data and configuration lists from over 50 servers belonging to the University of Medicine and Pharmacy HCMC Hospital; the method of compromise was not disclosed and no encryption or ransom activity was reported.
Patelco Credit Union
June 29, 2024
•[ ransomware, data leak, regulatory action ]
Ransomware encrypted Patelco systems on June 29, 2024, causing a near-total outage of digital banking through mid-July and exposing substantial member PII; DFPI later issued a consent order and $100,000 fine with mandated cybersecurity improvements.
Humboldt Independent Practice Association (IPA)
June 26, 2024
•[ data leak, healthcare, unauthorized access ]
Between June 26 and July 1 2024, an unauthorized actor accessed a Humboldt Independent Practice Association email account containing protected health information. Exposed data may include patient names, contact details, birth dates, diagnoses, insurance, and identification numbers. No evidence of encryption or confirmed data exfiltration has been reported. The breach was disclosed to HHS in November 2024 and publicly announced on February 15 2025.
Ezynetic (IT vendor to Moneylenders Credit Bureau/ Credit Bureau Singapore)
June 24, 2024
•[ data leak ]
PDPC fined Ezynetic after breach impacting ~190,000 whose data, including credit reports, was put for sale; uncovered June 24, 2024.
Bitcoin Depot
June 23, 2024
•[ data leak ]
Bitcoin Depot reported a data breach that occured in June 2024 after completing an investigation on July 18, 2024. Customer data stolen affecting 27,000 individuals including personal information.
Catholic Charities of Southern Nevada
June 22, 2024
•[ data leak, PII/PHI exposure ]
Suspicious activity detected June 22, 2024; later notice confirms sensitive PII/PHI impacted.
NewsBank
June 20, 2024
•[ data leak, employee data, class action ]
Employee data breach at NewsBank discovered around July 1, 2024; investigation found unauthorized access June 20July 1, 2024 to systems holding employee PII (names, SSNs, DL, financial/credit-debit data; possible medical info). Class action reported Feb 20, 2025; no actor publicly identified.
Hong Ngoc General Hospital
June 15, 2024
•[ data leak ]
In June 2024 hackers advertised on cybercrime forums the sale of 112,000 patient and staff records stolen from Hong Ngoc General Hospital, including names, contact information, medical and financial data. The method of compromise was not disclosed, and no encryption was reported.
Community Dental Care, Inc.
June 12, 2024
•[ data leak, hacked ]
Community Dental Care (CDC), a Minnesota nonprofit dental healthcare provider, reported that an unauthorized third party may have viewed and obtained sensitive personal information and protected health information from its systems. CDC detected unauthorized activity on 12/20/2024 and investigated, later concluding that on or around 12/06/2024 an intruder may have accessed and acquired certain data. CDC performed a data review to determine what information was involved and identify affected individuals, completing that review on 03/24/2025, and posted a public notice on 03/28/2025. Potentially exposed information varied by person and could include names, Social Security numbers, addresses, dates of birth, drivers license or other government IDs, passport numbers, medical information, and health insurance information. CDC indicated it would update notices if additional information types were identified and offered guidance and services to affected individuals.
Ya-moon
June 1, 2024
•[ data leak ]
A hacker alias Valerie claims a breach of the Ya-moon forum in June 2024, publishing user data and chat logs.
Alternate Solutions Health Network, LLC
May 30, 2024
•[ phishing, data leak ]
On or around May 30 2024, an unauthorized actor accessed an employee email account at Alternate Solutions Health Network. The account was secured after discovery; investigation concluded February 14 2025 and confirmed exposure of PHI. Notifications were issued beginning April 14 2025.
Maryhaven, Inc.
May 30, 2024
•[ data leak, healthcare, unauthorized access ]
Maryhaven, a behavioral health and addiction treatment provider in Ohio, detected unauthorized access to its systems on June 1 2024. An unknown actor accessed and exfiltrated patient and employee PHI/PII data (~7,000 records). No encryption or operational disruption occurred. Disclosure issued April 11 2025 through Cyberscout/TransUnion.
RestorixHealth
May 29, 2024
•[ phishing, data leak ]
Investigation confirmed unauthorized access to one mailbox (May 729, 2024); notification letters commenced Feb 14, 2025.
The Cooper Health System
May 14, 2024
•[ data leak ]
Unauthorized access discovered May 14 2024 to Cooper Health file servers resulted in data exfiltration of 57,412 patient records; no service disruption reported; investigation closed Mar 26 2025.
Doctors Imaging Group
May 11, 2024
•[ ransomware, data leak ]
Radiology practice disclosed that attackers had network access Nov 511, 2024 and copied files with PHI/PII; 171k people impacted; ransomware attribution Undetermined.
San Francisco-Marin Food Bank
May 10, 2024
•[ data leak ]
Between May 10 and May 30 2024, unauthorized actors accessed the network of the San Francisco-Marin Food Bank, exposing personal data including Social Security numbers, IDs, and financial or medical details for approximately 60,180 individuals. The breach was discovered May 31 2024 and disclosed publicly in February 2025. The organization engaged cybersecurity experts and notified affected individuals; no misuse has been confirmed.
Abri Credit Union
May 3, 2024
•[ data leak ]
Abri Credit Union disclosed unauthorized access to its systems occurring in May 2024 that was discovered in December 2025. The incident may have exposed personal, financial, and limited medical information of members. The credit union notified affected individuals and offered credit monitoring services; no operational disruption was publicly reported.
