Full List

Search

Search Results (Data Leak)

• Center For Digestive Health April 11, 2024 • [ data leak ] Center for Digestive Health disclosed network access and data exfiltration; notices mailed February 2025.
• Radiology Associates of Richmond (RAR) April 10, 2024 • [ data leak ] RAR disclosed more than 1.4M affected after determining files with PHI/PII were present on systems accessed for several days in April 2024; HHS tracker shows 1,419,091.
• The Watergate Hotel April 6, 2024 • [ data leak ] An unauthorized actor accessed and exfiltrated data from The Watergate Hotels network beginning April 6, 2024. The compromised information includes names, SSNs, drivers license numbers, and medical and financial data of approximately 2,220 people. No encryption or service disruption reported.
• Lee University March 22, 2024 • [ data leak, third-party breach ] University filed notices after third-party software exploit enabled data access.
• ALN Medical Management, LLC March 18, 2024 • [ data leak, supply chain, healthcare ] ALN Medical Management, LLC, a revenue-cycle management provider for healthcare practices, reported unauthorized access to third-party hosted systems between March 18 and 24, 2024, exposing sensitive patient and financial data.
• Medical Express Ambulance Service March 18, 2024 • [ ransomware, data leak, healthcare ] Ransomware-linked intrusion in Mar 2024 gave unauthorized access to ambulance-service billing servers; data theft confirmed via Maine AG filing and HIPAA Journal report.
• Lyon Management Group, Inc. (Lyon Living) March 15, 2024 • [ data leak ] Lyon Management Group, Inc. (doing business as Lyon Living) reported that an unauthorized third party gained access to its network between March 14 and March 15, 2024, and acquired files containing personal information. The company stated that the breach involved names and other PII belonging to tenants and employees. There was no evidence of encryption or disruption, and the number of affected individuals was not disclosed.
• Stock Development LLC March 2, 2024 • [ ransomware, data leak ] Stock Development confirmed network intrusion spanning April 2023 to March 2024. LockBit claimed the breach, posting 1 TB of stolen data. Victims notified beginning January 2025; about 13,147 individuals confirmed. No public confirmation of encryption or forensic attribution beyond the claim.
• VeriSource Services, Inc. February 27, 2024 • [ data leak ] VeriSource Services, Inc., a Texas-based HR and benefits administration firm, suffered a data breach in February 2024 after an unauthorized party accessed and downloaded approximately 4 million employee and dependent records from its systems. No encryption or operational disruption occurred. Disclosure was made in April 2025 following forensic review.
• The Pension Specialists Ltd. (TPS) February 24, 2024 • [ data leak ] Between February 18 and 20, 2024, unauthorized access occurred in the systems of The Pension Specialists Ltd., an Illinois-based retirement plan administrator. A cybercriminal gained access to the companys plan administration application server and exfiltrated files containing personally identifiable information. The company confirmed that 71,443 plan participants data, including names and Social Security numbers, was stolen. Notification was filed with the Maine Attorney General on February 18, 2025. No encryption of systems or files was reported.
• Innovative Renal Care February 21, 2024 • [ data leak ] Between February 21 and March 1, 2024, an unauthorized party accessed Innovative Renal Cares computer network and copied sensitive files. The breach exposed personal and health-related data including names, Social Security numbers, financial details, medical information, and prescriptions. The company filed a notice with the Massachusetts Attorney General on February 14, 2025, and began sending notification letters to impacted individuals. No encryption of systems or files was reported.
• American Renal Management February 21, 2024 • [ data leak ] IRC detected suspicious activity (2/29/2024); investigation found unauthorized access to certain systems (2/213/1/2024) with copying of internal files containing PII/PHI; IRC notified regulators and began mailing letters on 2/14/2025; credit monitoring offered and security measures enhanced.
• Medical Billing Specialists, Inc. February 17, 2024 • [ data leak ] Network disruption Feb 17, 2024; investigation confirmed unauthorized access to systems with sensitive data; notices filed 07-01-2025.
• Alltrust / Aspire Usa February 12, 2024 • [ data leak ] Law firm notice details AllTrust/Aspire breach exposing sensitive personal information.
• Baker University February 12, 2024 • [ data leak ] Baker University disclosed that it detected suspicious activity in December 2024 that resulted in a network outage and led to an investigation of its systems. The university determined there was unauthorized access and/or acquisition of certain files and folders within its network between December 2, 2024 and December 19, 2024. After reviewing affected files, Baker concluded that a range of sensitive personal information may have been involved depending on the individual, including identifiers and financial and health-related data.
• DISA Global Solutions February 9, 2024 • [ data leak ] Breach window Feb 9Apr 22, 2024; ~3.3M impacted; disclosures via state AG filings and reports in FebMar 2025.
• Rödl Management, Inc. February 9, 2024 • [ data leak ] Rdl Management, Inc., an Atlanta-based professional services firm, reported unauthorized access to its network systems between January 30 and February 9 2024, resulting in exposure of personal data; no encryption or operational disruption reported.
• St. Andrew’s Resources for Seniors System February 8, 2024 • [ data leak ] An unauthorized actor accessed certain employee email accounts; suspicious activity was detected on 2024-02-08. Review concluded 2025-01-06, and notifications began 2025-02-07.
• John P. Meehan Agency February 7, 2024 • [ email compromise, data leak ] John P. Meehan Agency disclosed that it discovered unusual network activity on July 8, 2024 and later confirmed unauthorized access to a single employee email account between July 2 and July 8, 2024, during which data on the account was acquired. The agency reported that impacted information varied by individual and could include highly sensitive identifiers (SSNs and government IDs), financial account/payment card data, dates of birth, and medical information. Affected individuals began receiving notice in November 2025, more than a year after the email account compromise was discovered.
• Arab Civil Aviation Organization (ACAO) February 4, 2024 • [ sql injection, data leak, cyber-espionage ] Threat actors exploited a vulnerable web application belonging to the Arab Civil Aviation Organization via SQL injection, exfiltrating staff and member credentials and communications. The stolen data, published on dark-web forums on February 4 2024, was identified by Resecurity, which assessed the activity as part of a cyber-espionage campaign targeting aviation-safety specialists across multiple Arab states.