Full List

Search

Search Results (Data Leak)

• Mid South Pulmonary & Sleep Specialists (MSPS) November 17, 2025 • [ ransomware, data leak, data breach ] Reporting on Anubis RaaS described a severe ransomware incident affecting Mid South Pulmonary & Sleep Specialists (MSPS) in Tennessee. The threat actor claimed initial access on Nov. 10, 2025, spent about a week conducting internal reconnaissance and data theft, then paralyzed the organizations network in a single night. The group claimed to have encrypted MSPSs Nutanix systems and used a wiper to delete backups, leaving MSPS unable to restore systems; the actor also claimed exfiltration of roughly 860 GB and leakage of hundreds of gigabytes containing administrative records, insurance billing files, and extensive PII/PHI. MSPS had not publicly confirmed details in the reporting, but the described impacts suggest prolonged disruption and exposure of sensitive medical data.
• Under Armour November 17, 2025 • [ ransomware, data leak ] In November 2025, the Everest ransomware group claimed Under Armour as a victim and attempted to extort a ransom, alleging they had obtained access to 343GB of data. In January 2026, customer data from the incident was published publicly on a popular hacking forum, including 72M email addresses. Many records also contained additional personal information such as names, dates of birth, genders, geographic locations and purchase information.
• Detmold Public Utilities November 16, 2025 • [ ransomware, data leak ] A ransomware attack against Stadtwerke Detmold forced the municipal utility to shut down its IT infrastructure, leaving the company largely unreachable by phone or email and knocking out online customer portals and related services. Multiple affiliated business units, including energy and public transport operations, were impacted in their back-office systems, though the delivery of electricity, gas, water, and district heating reportedly continued. Police cybercrime teams and external specialists were engaged to stabilize systems, analyze the intrusion, and determine whether customer data was accessed.
• Grenoble École de Management November 15, 2025 • [ data leak ] Threat actors claimed access to and sale of a large CRM dataset associated with the institution, which the school acknowledged and began investigating.
• CodeStepByStep November 15, 2025 • [ data leak ] In November 2025, the online coding practice tool CodeStepByStep suffered a data breach that exposed 17k records. The impacted data included names, usernames and email addresses.
• CodeStepByStep November 15, 2025 • [ data leak ] In November 2025, the online coding practice tool CodeStepByStep suffered a data breach that exposed 17k records which were subsequently published online. The following month, a further corpus of data was released bringing the total to 103k. The impacted data included names, usernames and email addresses.
• Petrobras November 14, 2025 • [ ransomware, data leak ] Everest ransomware group listed Petrobras and exploration partner SAExploration on its leak site and claims it stole a large seismic survey database with detailed technical information from Petrobras surveys and Campos Basin projects while threatening further action if the company does not contact the group
• Trumbull County Recorder’s Office November 14, 2025 • [ ransomware, data leak, supply chain attack ] Trumbull County, Ohio reported that a ransomware attack on its third-party vendor C Systems Software led to a security breach affecting systems used for real-estate recordings and property records. County officials said they were alerted around November 14, 2025, and, with help from Ohio Homeland Security and external cybersecurity firm GuidePoint, determined that the same cybercriminals behind the vendor breach had attempted to exploit the county network. While they reported no evidence of successful intrusion into county systems, offices had to fall back on manual processing and suspend some online services for about ten days. The incident is believed to have exposed resident data held by the vendor and has prompted additional security and monitoring measures.
• Attorney General’s Office of the State of Guanajuato (FGEG) November 13, 2025 • [ ransomware, data leak, double-extortion ] Mexico Business News reports Guanajuatos Attorney Generals Office confirmed a cybersecurity incident after a ransomware attack attributed to Tekir APT. Attackers claim they stole 250GB+ of confidential data, including judicial files and internal databases. Officials are reviewing controls, without confirming attribution or ransom payment. Hackmanac alleges subdomain encryption and double-extortion.
• Eurofiber November 13, 2025 • [ data leak ] In November 2025, Eurofiber France disclosed a data breach of its ticket management platform. Data containing 10k unique email addresses and a smaller number of names and phone numbers was subsequently leaked. A threat actor claiming responsibility for the breach alleges to have additional, more sensitive data including screenshots, VPN configuration files, credentials, source code, certificates, archives, and SQL backup files.
• Operation Endgame 3.0 November 13, 2025 • [ infostealer, remote access trojan, botnet ] Between 10 and 13 November 2025, the latest phase of Operation Endgame was coordinated from Europol's headquarters in The Hague. The actions targeted one of the biggest infostealer Rhadamanthys, the Remote Access Trojan VenomRAT, and the botnet Elysium, all of which played a key role in international cybercrime. Authorities took down these three large cybercrime enablers and provided 2 million impacted email addresses and 7.4 million passwords to HIBP.
• Attorney General’s Office of the State of Guanajuato (FGEG) November 13, 2025 • [ ransomware, data leak, double-extortion ] Mexico Business News reports Guanajuatos Attorney Generals Office confirmed a cybersecurity incident after a ransomware attack attributed to Tekir APT. Attackers claim they stole 250GB+ of confidential data, including judicial files and internal databases. Officials are reviewing controls, without confirming attribution or ransom payment. Hackmanac alleges subdomain encryption and double-extortion.
• SitusAMC November 12, 2025 • [ data leak ] Real-estate finance services provider SitusAMC, headquartered in New York, disclosed that on November 12, 2025 it detected a breach affecting internal systems used to support back-office services for major lenders; investigations indicate that corporate data on some clients and unspecified data about their customers were accessed, though SitusAMC reports no impact on business operations and says no encrypting malware was deployed.
• Mikord November 12, 2025 • [ data leak, sabotage, hacktivism ] The Record reported that an anonymous hacker group allegedly breached Mikords servers and provided a trove of internal documents to an anti-war human rights group, including source code, technical and financial records, and internal correspondence. The report stated the hackers claimed months-long access and said they destroyed parts of Mikords infrastructure; Mikords website was reportedly offline for days and had been defaced earlier in December. While the company did not publicly acknowledge involvement in Russias military registry, investigative verification cited in the article indicated the leaked materials supported its participation, suggesting the breach had both data-theft and disruptive/destructive elements.
• French Ministry of the Interior November 12, 2025 • [ government, data leak, email compromise ] Frances Interior Minister confirmed that the Ministry of the Interior experienced a cyberattack affecting its email servers. The intrusion was detected overnight between 12/11/2025 and 12/12/2025 and enabled the threat actors to access the ministrys email infrastructure and some document files. At the time of public confirmation, officials had not confirmed whether data was exfiltrated. In response, the ministry reported implementing standard containment procedures, tightening security protocols, and strengthening access controls. French authorities opened an investigation to determine the origin, intent, and full scope of the breach; possible explanations cited publicly included foreign interference, activists, or cybercriminals. The ministry is a high-value target given its responsibility for police forces, internal security, and immigration services.
• International Kiteboarding Organization November 11, 2025 • [ data leak ] In November 2025, the International Kiteboarding Organization suffered a data breach that exposed 340k user records. The data was subsequently listed for sale on a hacking forum and included email addresses, names, usernames and in many cases, the user's city and country.
• Princeton University November 10, 2025 • [ phishing, data leak ] A phone phishing scam enabled unauthorized access to Princeton Universitys Advancement database containing alumni, donor, student, parent, and some faculty information; the breach lasted under 24 hours and the university has not determined what data was viewed or extracted.
• Knownsec November 9, 2025 • [ data leak, cyber espionage, malware ] According to coverage in The Register of research by Chinese blog MXRN, attackers breached the systems of Beijing linked security company Knownsec and leaked more than twelve thousand classified documents describing Chinese state cyber weapons, internal tools and global targeting lists, along with code for remote access trojans that can compromise major desktop and mobile operating systems; the cache also reportedly includes a spreadsheet of 80 successfully attacked overseas targets and massive datasets such as Indian immigration records, South Korean telecom call logs and Taiwanese road planning information that Knownsec had previously obtained in offensive operations, some of which were briefly published to GitHub before being removed.
• OpenAI (Mixpanel Incident) November 9, 2025 • [ data leak ] OpenAI reported that on November 9 an attacker accessed Mixpanels analytics application server and exported limited customer-identifiable metadata including names, emails, coarse location, browser and operating system information, referring websites, and account identifiers; no credentials, API keys, chat content, or service disruption occurred.
• Beckett Collectibles November 9, 2025 • [ data leak ] In November 2025, Beckett Collectibles experienced a data breach accompanied by website content defacement. The stolen data was later advertised for sale on a prominent hacking forum, with portions subsequently released publicly. The publicly circulating data included more than 500k email addresses reportedly belonging to North American customers, along with a smaller subset containing names, usernames, phone numbers and physical addresses.