Virginia Attorney General’s Office
February 11, 2025
•[ cyber intrusion, data leak, data exfiltration ]
In February 2025, the Virginia Attorney Generals Office voluntarily shut down nearly all internal systems after detecting a sophisticated cyber intrusion. The criminal group Cloak later claimed responsibility, asserting it had stolen 134 GB of internal documents and posted samples to its leak site. Officials confirmed system shutdowns for containment but did not verify any file encryption or ransom demand, indicating an exfiltration-only intrusion rather than an active ransomware lockout.
Black Basta
February 11, 2025
•[ ransomware, data leak ]
ExploitWhispers leaked internal data from the Black Basta ransomware groups server, exposing details of its operations and communications.
Office of the Comptroller of the Currency (OCC)
February 11, 2025
•[ data leak, email compromise, espionage ]
In February 2025, the U.S. Department of the Treasurys Office of the Comptroller of the Currency detected unauthorized access to its Microsoft 365 email environment. The compromise, which persisted for months before discovery, exposed roughly 103 mailboxes and more than 150,000 emails containing sensitive financial supervisory information. No attribution has been made public, but the incident exhibited characteristics of an espionage-focused breach. No encryption, ransom demand, or operational disruption was reported.
Users of Indian banking mobile apps
February 11, 2025
•[ malware, phishing, data leak ]
Android malware campaign disguised as Indian bank apps, distributed via phishing links and fake APKs to install FinStealer; exfiltration of banking credentials and personal information confirmed by CYFIRMA and other researchers.
Illinois Department of Healthcare and Family Services
February 11, 2025
•[ phishing, data leak ]
Illinois Department of Healthcare and Family Services reported that an employees email account was compromised by a phishing attack discovered on February 11 2025.
Virginia Attorney General’s Office
February 11, 2025
•[ data leak, ransomware, cyber intrusion ]
In February 2025, the Virginia Attorney Generals Office voluntarily shut down nearly all internal systems after detecting a sophisticated cyber intrusion. The criminal group Cloak later claimed responsibility, asserting it had stolen 134 GB of internal documents and posted samples to its leak site. Officials confirmed system shutdowns for containment but did not verify any file encryption or ransom demand, indicating an exfiltration-only intrusion rather than an active ransomware lockout.
Main Line Health
February 10, 2025
•[ data leak ]
Main Line Health, a Pennsylvania-based healthcare provider headquartered in Montgomery County, disclosed that attackers accessed Microsoft 365 employee email mailboxes in February 2025, exposing about 60,000 patient and employee records containing personal and medical information. No system disruption or encryption was reported.
Pacific Residential Mortgage
February 10, 2025
•[ ransomware, data leak ]
Pacres reported ransomware that locked systems and exposed consumer information.
Utsunomiya Central Clinic
February 10, 2025
•[ ransomware, data leak ]
Japanese Cancer Clinic Confirmed Breach As Qilin Claimed Responsibility And Patient Data Theft.
City of Tarrant
February 10, 2025
•[ ransomware, data leak, government ]
Ransomware group RansomHub attacked the City of Tarrants computer systems on February 10, 2025, initially disrupting the police department and prompting the city to shut down its networks. Officials restored servers within days, but RansomHub later posted proof-of-theft police files, confirming data exfiltration. Magnitude, duration, and scope remain undetermined.
Israel Police
February 9, 2025
•[ data leak, hacktivism, third-party compromise ]
Hacktivist group Handala claimed to have breached Israel Police systems and exfiltrated 2.1 TB of data containing 350,000 documents with officer information, weapon licenses, and case files. Authorities denied direct network infiltration and suggested a third-party vendor compromise.
Sault Ste. Marie Tribe of Chippewa Indians
February 9, 2025
•[ ransomware, data leak ]
RansomHub executed a ransomware attack on February 9, 2025, affecting six tribal facilities including five Kewadin casinos, the health center complex, and tribal administration systems. The attack encrypted and exfiltrated 119 GB of data, disrupting operations for approximately five days.
Beverly Hills Oncology Medical Group
February 7, 2025
•[ data leak, unauthorized access ]
Beverly Hills Oncology Medical Group in California identified and blocked unauthorized access to parts of its network between February 7 and February 11, 2025, then engaged third-party cybersecurity experts to investigate. The review confirmed that an external actor had accessed and potentially removed files containing patient information. On October 13 the practice confirmed that exposed data included names, Social Security numbers, government ID numbers, financial account and credit/debit card details, health insurance information, and diagnostic, treatment, prescription and other clinical data, and on October 31 it filed breach notices and began notifying affected individuals while offering 12 months of complimentary credit monitoring.
American Israel Public Affairs Committee (AIPAC)
February 6, 2025
•[ data leak, third-party breach ]
AIPAC reported that a criminal cyberattack on a third party led to unauthorized access to files on its own information systems from October 2024 through February 2025 and a review later determined that personal identifiers for 810 individuals had been taken prompting notification letters and additional security controls
St. Anthony Hospital (Chicago)
February 6, 2025
•[ data leak, healthcare, unauthorized access ]
St. Anthony Hospital in Chicago reported that on February 6, 2025 it discovered a data breach involving a small number of employee email accounts that had been accessed by an unauthorized actor. The compromised mailboxes contained personal and medical information such as names, addresses, dates of birth, Social Security numbers, medical record and account numbers, prescription details, and medical histories for roughly 6,679 individuals. The hospital engaged outside cybersecurity experts, reset credentials, and began notifying potentially affected patients and staff while offering guidance on credit monitoring. Officials said there was no evidence of misuse yet but warned people to remain vigilant for fraud or identity theft.
Users of fake DeepSeek sites
February 6, 2025
•[ phishing, data leak ]
Phishing campaign using dozens of fake DeepSeek-branded websites to steal user credentials and cryptocurrency through fraudulent login and wallet interfaces.
Users of Steam game PirateFi
February 6, 2025
•[ malware, data leak ]
Free-to-play game PirateFi on Steam removed after being discovered to install Vidar infostealer; victims urged by Valve to scan or reformat their systems.
MacKay Memorial Hospital
February 6, 2025
•[ ransomware, data leak ]
Ransomware attack by Chinese actor CrazyHunter encrypted hospital systems and exfiltrated 32.5 GB of patient data; over 500 computers crashed, disrupting clinical services for several days; attacker linked to other Taiwanese targets.
Islamic Emirate of Afghanistan – Ministries and Agencies
February 6, 2025
•[ data leak ]
Hackers breached Taliban-run Afghan government systems (TalibLeaks) and published tens of gigabytes of confidential records from 21 ministries online.
IMI plc
February 6, 2025
•[ data leak ]
IMI plc disclosed unauthorised access to its systems, engaged external cybersecurity experts, and stated it will provide further updates; no details on data stolen, systems impacted or threat actor identified were included.
