Full List

Search

Search Results (Data Leak)

• Kansas City Police Department November 5, 2025 • [ data leak, hack, law enforcement ] Reporting by KCUR, WIRED, and DataBreaches.net describes a major hack of the Kansas City, Kansas Police Department whose internal records were exfiltrated in 2024 and later published by transparency collective Distributed Denial of Secrets. The leaked cache, reportedly more than one terabyte in size, includes a secret Veracity Disclosure or Giglio List that identifies officers whose documented misconduct could undermine their testimony, along with supporting case files and internal correspondence. Police officials confirmed that the department experienced a cyber incident reported to federal agencies but criticized publication of the names as relying on stolen, unverified data and potentially harming officers reputations.
• Oscars Group November 5, 2025 • [ ransomware, data leak ] Insurance Business reports that Australian hospitality conglomerate Oscars Group was listed on the Medusa ransomware gang's leak site on November 5, 2025, with the criminals claiming to have exfiltrated more than one hundred and thirty thousand internal files and threatening to publish them unless a ransom of one hundred thousand US dollars is paid or daily fees are provided to delay release; samples posted as proof reportedly include invoices, staff rosters, event schedules, daily financial records and identity documents such as passports and driver licences, much of it tied to the recently acquired Lakes Resort Hotel in South Australia, indicating a significant data breach even though no operational outages have been publicly disclosed.
• Microbix Biosystems Inc. November 5, 2025 • [ ransomware, data leak ] Microbix Biosystems disclosed that an international ransomware group infiltrated and corrupted one of its corporate servers, deploying ransomware that temporarily took file storage systems offline but did not disrupt manufacturing, safety or communications. The company successfully recovered the server and data from backups yet later learned that at least some data had been copied externally, including commercially sensitive information and employee data
• Habib Bank AG Zurich November 5, 2025 • [ ransomware, data leak ] Qilin ransomware group listed Habib Bank AG Zurich on its leak site on November 5, 2025, claiming theft of more than 2.5 TB of data and nearly 2 million files. Cybernews verified screenshots showing stolen passport numbers, account balances, transaction notifications, and internal tool source code.
• Nikkei November 4, 2025 • [ malware, data leak ] Japanese media conglomerate Nikkei disclosed on 4 November 2025 that attackers had compromised its Slack messaging environment after malware on an employee's computer stole authentication credentials, which were then used to access multiple Slack accounts. The breach, discovered in September, exposed data for 17,368 employees and business partners, including their names, email addresses and chat histories. Nikkei forced password resets, reported the incident to Japan's Personal Information Protection Commission despite believing the stolen data falls outside formal reporting rules, and said no information related to confidential journalistic sources or reporting activities has been confirmed leaked.
• Tisza Party App November 4, 2025 • [ data leak, malware ] Ahead of Hungarys 2026 parliamentary elections, opposition leader Pter Magyar said a malware-based cyberattack against his TISZA partys mobile application led to the illegal leak of his supporters personal data. Pro-government media reported that a database of roughly 200,000 names from the app, containing users names, email and postal addresses and phone numbers, was briefly published online before being taken down. Magyar alleges that international cyber pirates backed by Russian services have been attacking his systems for months to intimidate supporters and hinder planned primary elections on the app, prompting the party to move the vote to a different website.
• RUAG LLC November 4, 2025 • [ ransomware, data leak ] Ransomware group Akira launched a double-extortion style attack against RUAG LLC, the Virginia-based liaison office of Swiss defence contractor RUAG MRO Holding, encrypting local systems while threatening to publish roughly 24 GB of company data including employee details and confidential military information. RUAG reports the incident is isolated to RUAG LLC thanks to autonomous IT systems and says other RUAG networks in Switzerland remain unaffected. Authorities had previously warned Swiss organizations about Akiras surge in ransomware activity, and RUAG is considering filing a criminal complaint as forensic investigat
• Doctor Alliance LLC November 4, 2025 • [ ransomware, data leak, phi ] Threat actor Kazu claimed theft of 353GB (?1.24M files) from Doctor Alliance LLC and demanded a $200,000 ransom; sample includes scanned patient PHI.
• Millicom (TIGO) November 3, 2025 • [ data leak ] Millicom was contacted by ShinyHunters on November 3 following an intrusion in which threat actors exfiltrated hundreds of millions of customer-related records; negotiations failed after Millicom attempted to make installment payments, leading the group to list the stolen data for sale on November 13.
• University of Pennsylvania October 31, 2025 • [ data leak ] Hacker alias WeGotHacked infiltrated University of Pennsylvania systems around Oct 31 2025, stealing an estimated 1.2 million donor records and compromising multiple @upenn.edu email accounts. On Nov 1 the actor used those accounts to send vulgar emails to the campus community. BleepingComputer later verified portions of the dataset. UPenn initially denied a breach but launched an investigation after the claims were substantiated.
• Blazer Real Estate Services LLC October 30, 2025 • [ data leak ] Blazer Real Estate Services LLC reported that an unauthorized party accessed company systems on October 30 and exfiltrated customer identity and financial information, including drivers license and Social Security numbers; no operational disruption was reported.
• Associated Radiologists of the Finger Lakes P.C. October 30, 2025 • [ data leak ] A subset of ARFLs network was accessed by an unauthorized party between October 28 and October 30 2025 during which files containing personal and health information were viewed or copied without permission Notifications were issued on December 29
• Paterson & Dowding Family Lawyers October 28, 2025 • [ ransomware, data leak ] Threat actors from the Anubis ransomware gang listed Perth based Paterson & Dowding Family Lawyers on their dark web site in late October 2025, claiming to have compromised the Western Australian family law firm and stolen large volumes of sensitive client, business and staff data, which they showcased in detailed samples. The posted material includes financial documents such as superannuation statements, tax information, pay slips and a crypto wallet screenshot, along with correspondence relating to client businesses and deeply personal family messages, emails and social media content connected to ongoing disputes. The firm subsequently confirmed it had suffered a cyber incident and determined that a subset of personal information had indeed been accessed and taken, engaged external experts to contain and investigate the breach, began notifying affected clients and staff, and reported the matter to relevant privacy and cybersecurity authoriti
• Cohen's Fashion Optical LLC October 28, 2025 • [ data leak ] Cohen's Fashion Optical LLC reported that an unauthorized third party accessed company systems on October 28 and acquired files containing customer personal, financial, insurance, and medical information; no operational disruption or actor attribution was identified.
• Poltronesofà October 27, 2025 • [ ransomware, data leak, phishing ] Italian furniture retailer Poltronesof disclosed that its IT environment suffered a ransomware attack on October 27, 2025, in which intruders compromised group servers and encrypted virtual machines, making several internal systems temporarily unavailable. The companys incident-response team isolated affected infrastructure and launched a forensic investigation, but it warned that attackers may have exfiltrated customer data including identification and contact details. While payment information was reportedly not impacted, customers were advised to be vigilant for phishing attempts and to change passwords used with company services.
• CareOregon / Health Share of Oregon October 27, 2025 • [ data leak ] Unauthorized viewing of member information occurred within CareOregon-managed systems supporting Health Share of Oregon, leading to notifications to affected members.
• Svenska Kraftnät October 25, 2025 • [ ransomware, data leak ] Swedens national power grid operator Svenska Kraftnt experienced a data breach on October 25, 2025, when ransomware group Everest accessed an external file-transfer system and claimed to have stolen roughly 280 GB of data. Electricity transmission operations were not affected.
• DoorDash October 25, 2025 • [ data leak ] DoorDash reported that an unauthorized party accessed a company system on October 25 and obtained personal contact and order information; the company stated that sensitive personal or financial data was not accessed and no operational disruption occurred.
• 700Credit October 25, 2025 • [ data leak ] 700Credit, an automotive credit reporting and identity verification provider, was reported to have experienced a data breach on or around Oct. 25, 2025. The report stated the company was alerted to suspicious activity within its proprietary web-based application (700Dealer.com), after which it engaged third-party forensic specialists. According to the reporting, the investigation found consumer data had been copied from the application without authorization, while 700Credits internal network was said to be unaffected. Compromised data was described as including consumer names, addresses, and Social Security numbers from auto financing applications submitted between May and October 2025.
• 700Credit October 25, 2025 • [ data leak ] The Record reported that auto-dealership service provider 700Credit said 5,836,521 people were affected by a data breach discovered on October 25, 2025. The company stated its IT team found that attackers made copies of information they accessed in 700Credit systems and that the copied data included names, Social Security numbers, dates of birth, and addresses. The report noted the company notified federal law enforcement and the FTC and began offering identity protection services, indicating confirmed unauthorized access and copying of sensitive consumer identifiers.