Comercializadora S&E Perú
December 29, 2024
•[ data leak, ransomware ]
On December 29 2024, the criminal group Anubis listed the Peruvian engineering and construction company Comercializadora S&E Per on its leak site. KELA verified the listing and SecurityWeek later cited it as part of Anubiss first campaign. The group stole internal and client information; no encryption or operational outage was reported.
Comercializadora S&E Perú
December 29, 2024
•[ data leak, ransomware, cyber attack ]
On December 29 2024, the criminal group Anubis listed the Peruvian engineering and construction company Comercializadora S&E Per on its leak site. KELA verified the listing and SecurityWeek later cited it as part of Anubiss first campaign. The group stole internal and client information; no encryption or operational outage was reported.
Undisclosed U.S. Engineering and Construction Firm
December 29, 2024
•[ ransomware, data leak ]
On December 29 2024, Anubis listed an unnamed U.S. firm from the engineering and construction sector on its leak site. KELA reported the inclusion, and SecurityWeek referenced the finding. Stolen material reportedly included project and client documentation. No encryption or service interruption confirmed.
LexisNexis Risk Solutions
December 25, 2024
•[ data leak ]
LexisNexis disclosed that data stored on GitHub was acquired by an unauthorized party; breach notifications began May 24, 2025.
iHeartMedia
December 24, 2024
•[ data leak ]
PII of an undisclosed number of employees/individuals from a small number of local stations viewed and obtained between Dec 2427, 2024; breach notices filed in multiple U.S. states.
Denton County MHMR Center (My Health, My Resources)
December 24, 2024
•[ data leak, healthcare ]
Denton County MHMR Center disclosed unauthorized access to its network occurring between December 24 and December 25, 2024. A forensic investigation determined that patient protected health information was accessed. The organization notified affected individuals and regulators in 2025; no attacker-caused operational disruption was publicly reported.
Merck Sharp & Dohme LLC
December 19, 2024
•[ data leak, supply chain attack ]
Merck stated it was informed that its data was found within files impacted by a security incident at vendor Graebel Companies, Inc. After internal review, Merck determined certain current and former employees personal information was included in the impacted data and began notifying affected individuals. Reported potentially impacted elements included names and financial account information. The underlying vendor incident involved unauthorized access to or taking of certain files from the vendors network during a defined window in December 2024, with subsequent file review and customer notifications occurring later.
Baker School District
December 19, 2024
•[ data leak, supply chain ]
PowerSchool national breach (Dec 1924, 2024) impacted districts incl. Baker; district announced vendor notifications and monitoring steps.
Parascript
December 19, 2024
•[ data leak ]
Software firm disclosed breach following unauthorized access to networked systems and data.
Carruth Compliance Consulting
December 19, 2024
•[ data leak, third-party breach ]
Third-Party Retirement Plan Administrator Reported December Intrusion Exfiltrating School Employee Data.
Sunflower Medical Group
December 15, 2024
•[ ransomware, data leak ]
The Rhysida ransomware group attacked Sunflower Medical Group around 2024-12-15, exfiltrating approximately 3 TB of patient and administrative data and disrupting clinical systems. Suspicious activity was detected 2025-01-07 and public disclosure followed.
Oral Roberts University
December 15, 2024
•[ data leak ]
Between December 15 and December 17, 2024, an unauthorized actor accessed ORU systems and took certain files. Investigation determined some files contained names and Social Security numbers. Notifications were mailed by February 19, 2025.
VectraRx Mail Pharmacy Services
December 13, 2024
•[ data leak ]
Unusual activity discovered Dec 13, 2024; review confirmed potential access/acquisition; notifications in Feb 2025.
Integrated Oncology Network (multiple practices)
December 13, 2024
•[ phishing, data leak ]
Phishing incident Dec 1316, 2024 led to unauthorized access to a small number of email and SharePoint accounts; by late June 2025, notices mailed; HHS lists grew to 22 locations affecting 116,557 patients.
Kelly & Associates Insurance Group, Inc.
December 12, 2024
•[ data leak ]
Kelly Benefits (Kelly & Associates Insurance Group, Inc.) disclosed that an unauthorized actor accessed its network between Dec 1217, 2024 and stole data affecting ~553,660 people. No encryption or operational disruption was reported; notifications began April 9, 2025.
Orthominds
December 11, 2024
•[ data leak ]
Dental software vendor began sending data breach notifications to affected clients and individuals.
Ottawa Family Physicians
December 10, 2024
•[ data leak, unencrypted data, healthcare ]
Between December 1015, 2024, an unauthorized actor accessed Ottawa Family Physicians systems and exfiltrated patient data from an internal server. The EMR database was not affected. Data types included personal identifiers, financial, and health information. No encryption was used, and no operational disruption occurred. The incident was reported to HHS on February 13, 2025.
WK Kellogg Company
December 7, 2024
•[ ransomware, data leak ]
WK Kellogg Company filed a data breach notification with the Maine Attorney General on April 7 2025 after discovering unauthorized access to its systems on December 7 2024. According to the company and BleepingComputer, threat actors affiliated with the Cl0p ransomware group exploited a MOVEit Transfer vulnerability to exfiltrate employee data containing names and Social Security numbers. No evidence of encryption or operational disruption was reported.
Texas Health and Human Services Commission
December 5, 2024
•[ insider threat, data leak ]
HHSC update: following insider wrongdoing identified in 2024, the agency added 33,529 more affected, bringing the total to ~94,000 individuals; misconduct spanned 2021Jan 2025 and led to terminations and OIG referral.
Muswellbrook Shire Council
December 4, 2024
•[ ransomware, data leak ]
On December 4 2024, Muswellbrook Shire Council (NSW, Australia) detected a ransomware attack by the SafePay group. The attack encrypted portions of internal servers and resulted in theft and dark-web publication of sensitive employee and resident information. Council systems were progressively restored; investigation ongoing as of February 2025.
