Navia Benefit Solutions, Inc.
December 22, 2025
•[ data breach, unauthorized access, personally identifiable information ]
BleepingComputer reported that Navia notified nearly 2.7 million people of a data breach after an investigation determined an unauthorized actor accessed and acquired certain information between December 22, 2025 and January 15, 2026; suspicious activity was discovered on January 23. Navia stated the exposed data can include full name, date of birth, Social Security number, phone number, email address, and benefits-administration details such as HRA participation, FSA information, and COBRA enrollment, while stating that claims and financial details were not exposed. The company reported notifying law enforcement and offering identity protection services.
Singing River Health System
December 21, 2025
•[ unauthorized access, data breach, patient information ]
Singing River Health System discovered that an unauthorized party gained access to its computer network between December 19 and December 21, 2025. On February 10, 2026, SRHS learned that the unauthorized party had accessed files containing patient information, and on May 19, 2026 it began mailing notices to affected patients. SRHS also temporarily shut down select systems, including internet access and MyChart, as a defensive containment measure; public reporting did not confirm attacker-caused encryption or destructive disruption.
Romanian Waters (Administrația Națională Apele Române)
December 20, 2025
•[ ransomware, IT disruption, critical infrastructure ]
Romanias national water authority, Romanian Waters, suffered a ransomware incident that began on December 20, 2025 and disrupted IT services across the organization. Romanias National Cyber Security Directorate (DNSC) reported the event affected approximately 1,000 computer systems, including workstations, email services, and web servers, and spread from the main office to 10 of 11 regional river management branches. The disruption took down key digital tools such as domain services and GIS mapping, and the agencys public website remained offline while updates were shared through other channels. Authorities stated that operational technology supporting dams and flood defenses remained safe and that field staff continued critical functions manually.
APOIA.se
December 16, 2025
•[ data breach, data leak, PII exposure ]
In December 2025, a database of the Brazilian crowdfunding platform APOIA.se was posted to an online forum. In January 2026, the company confirmed it had suffered a data breach. The incident exposed 451k unique email addresses along with names and physical addresses.
Stockton Cardiology Medical Group
December 15, 2025
•[ unauthorized access, data leak, extortion ]
Stockton Cardiology Medical Group disclosed that an unauthorized individual accessed and removed files from its systems in December 2025, and some of the files were later publicly disclosed; outside reporting tied the incident to a Genesis extortion claim.
Apex Spine and Neurosurgery
December 9, 2025
•[ unauthorized access, malware, ransomware ]
An unauthorized actor accessed part of Apex Spine and Neurosurgerys computer network, copied files, and deployed malware that locked files on computer systems. The practice said the incident affected 2,500 individuals.
Dragonica Lunaris
December 6, 2025
•[ data breach, gaming, email addresses ]
In December 2025, the European Dragonica private server Dragonica Lunaris suffered a data breach. The incident exposed 126k email addresses, usernames, dates of birth and bcrypt password hashes. The service operator confirmed the breach and advised it has since been fixed.
Goodwin University
December 4, 2025
•[ network disruption, unauthorized access, data breach ]
Goodwin University experienced a network disruption on December 4, 2025 and secured its network environment. Qilin claimed responsibility on December 28, 2025, and the investigation later determined that certain files may have been acquired without authorization. DataBreach indexed 209,218 rows tied to the breach, while outside reporting says Goodwin later confirmed 56,156 impacted individuals. Public sources did not confirm encryption or the precise disruption mechanism.
New York Life Insurance Company
December 2, 2025
•[ unauthorized access, email compromise, personally identifiable information ]
New York Life Insurance Company discovered unauthorized access to one of its agents' email accounts on December 2, 2025. After securing the account and completing its investigation, the company confirmed on April 8, 2026 that the compromised account contained some clients' personal information, including identifiers, financial information, medical information, and health insurance information. Public reporting did not identify a responsible actor, data volume, ransomware, or operational disruption.
Southern Illinois Dermatology
November 28, 2025
•[ unauthorized access, protected health information, PHI ]
Southern Illinois Dermatology discovered unauthorized access to its network on November 28, 2025, resulting in the exposure of personal and protected health information of approximately 160,312 individuals.
Florida Physician Specialists
November 27, 2025
•[ unauthorized access, data breach, personal information ]
Florida Physician Specialists said unauthorized access to its network occurred between approximately November 27 and November 29, 2025. A review completed on April 6, 2026 determined that personal, financial, medical, and health insurance information may have been removed from the network, affecting 276,498 individuals.
Undisclosed Canon U.S.A. subsidiary
November 25, 2025
•[ vulnerability exploit, data breach ]
A Canon U.S.A. subsidiary was compromised in the Oracle EBS hacking campaign, where attackers exploited an application server vulnerability. Canon reported that the incident was limited to a single web server and that no Canon data had been leaked as of the latest update.
Mid South Pulmonary & Sleep Specialists (MSPS)
November 17, 2025
•[ ransomware, data leak, data breach ]
Reporting on Anubis RaaS described a severe ransomware incident affecting Mid South Pulmonary & Sleep Specialists (MSPS) in Tennessee. The threat actor claimed initial access on Nov. 10, 2025, spent about a week conducting internal reconnaissance and data theft, then paralyzed the organizations network in a single night. The group claimed to have encrypted MSPSs Nutanix systems and used a wiper to delete backups, leaving MSPS unable to restore systems; the actor also claimed exfiltration of roughly 860 GB and leakage of hundreds of gigabytes containing administrative records, insurance billing files, and extensive PII/PHI. MSPS had not publicly confirmed details in the reporting, but the described impacts suggest prolonged disruption and exposure of sensitive medical data.
Center for Life Resources
November 14, 2025
•[ unauthorized access, network intrusion, data breach ]
Center for Life Resources identified unauthorized access to its network in mid-November 2025 and determined that files containing sensitive personal and protected health information may have been accessed or copied, which was later disclosed in regulatory notifications.
Central Ozarks Medical Center
November 10, 2025
•[ cyberattack, unauthorized access, data breach ]
Patients and individuals had their sensitive personal and health information exposed in a criminal cyberattack on Central Ozarks Medical Center. The breach involved unauthorized access to systems and resulted in the compromise of names, dates of birth, Social Security numbers, financial account details, medical treatment records, and health insurance information, according to investigation notices.
Georgia Superior Court Clerks’ Cooperative Authority
November 8, 2025
•[ ransomware, data exfiltration, cyber threat ]
The Devman ransomware group attacked the Georgia Superior Court Clerks Cooperative Authority beginning November 8, 2025. GSCCCA voluntarily restricted access to its systems while investigating a credible cyber threat. Devman claimed to have exfiltrated 500 GB of organizational data from GSCCCAs application servers and demanded a $400,000 ransom by November 27.
Yau Yat Chuen Garden City Club
October 31, 2025
•[ ransomware, data breach, personal data ]
A ransomware attack encrypted files stored on the server supporting Yau Yat Chuen Garden City Club's club management system, rendering the system inoperable and affecting personal data of current and former members and supplementary card holders.
University of Pennsylvania
October 30, 2025
•[ data breach, ransomware, donor records ]
In October 2025, the University of Pennsylvania was the victim of a data breach followed by a ransom demand, largely affecting its donor database. After the incident, the attackers sent inflammatory emails to some victims. The data was later published online in February 2026 and included 624k unique email addresses alongside names and physical addresses. For some donor records, additional personal information was exposed, including gender and date of birth. A small subset of records also contained religion, spouse name, estimated income and donation history.
