Murex Petroleum Corporation
May 27, 2025
•[ unauthorized access, data breach, personal information ]
Unauthorized access to Murex Petroleum Corporation systems resulted in the access and acquisition of certain individuals personal information, as disclosed in a regulatory filing with the New Hampshire Department of Justice.
Arthur Ashe Institute for Urban Health Inc.
May 18, 2025
•[ unauthorized access, personally identifiable information, health information ]
Unauthorized access to systems at Arthur Ashe Institute for Urban Health Inc. between April 4 and May 18, 2025 may have exposed personally identifiable and health information according to breach notifications.
Chief Electoral Officer – West Bengal
May 17, 2025
•[ data breach, insider threat, unauthorized access ]
A security breach led to deletion of at least 1,000 voters from the electoral roll in a West Bengal assembly constituency; subsequent reports cited misuse of AERO credentials.
Central Point School District 6
May 14, 2025
•[ data breach, unauthorized access ]
The Oregon district reported unauthorized access to its digital systems on May 14 and isolated affected systems while law enforcement and external experts investigated. No confirmed data types or quantities were disclosed at the time of reporting.
US Mortgage
May 13, 2025
•[ ransomware, unauthorized access, data breach ]
US Mortgage disclosed that an unauthorized third party gained access to a portion of its computer network in May 2025 in a ransomware event, and outside reporting tied the incident to SAFEPAY.
Methodist Homes of Alabama and Northwest Florida
May 8, 2025
•[ data breach, investigation, legal investigation ]
Law firm Lynch Carpenter announced an investigation tied to a Methodist Homes data breach affecting notified individuals.
Santeda International B.V.
May 1, 2025
•[ data breach, credential leak, unencrypted data ]
Investigators reported a data breach affecting MyStake, a Curaao-licensed online casino operated by Santeda International B.V., tracing the exposure back to approximately May 2025. A PDF containing login credentials for 540 MyStake accounts was shared online, and specialists reportedly confirmed they could log into most accounts listed, indicating passwords were still valid long after the leak became known. Once logged in, auditors said they could view sensitive player details stored without encryption, including names, home addresses, phone numbers, dates of birth, and detailed transaction histories. Reporting alleged that users were not notified for more than eight months and that MyStake did not enforce password resets or suspend compromised accounts during that period, increasing risk of account takeover, fraud, and identity misuse.
Cuties AI
March 21, 2025
•[ data breach, data leak, PII ]
In March 2026, the NSFW AI companion platform Cuties AI suffered a data breach that was subsequently published to a public hacking forum. The incident exposed 144k unique email addresses along with display names, avatars, prompts and descriptions used to generate AI adult images, as well as URLs to the generated content. The data also included the account that created the content and a stated "preference" of either female or trans.
Trocaire College
March 13, 2025
•[ unauthorized access, data leak, data breach ]
Trocaire College identified unauthorized access to its systems. A forensic investigation determined that sensitive personal information may have been acquired by an unauthorized actor. The college notified affected individuals in January 2026 and reported the incident to regulators.
Uncle Henry’s
March 11, 2025
•[ ransomware, data breach ]
On March 11 2025, Maine-based classified ads publisher Uncle Henrys suffered a ransomware-style attack that deleted its primary website database and took the site offline until April 15. Attackers demanded Bitcoin. Management stated only a few advertisement entries were copied and no personal data compromise was confirmed.
OmniGPT Chatbot Platform
March 10, 2025
•[ data leak, data breach, hacking ]
A hacker known as Gloomer claimed to have breached the OmniGPT AI chatbot platform, stealing and leaking millions of user messages and account details. Data samples were posted on BreachForums and reported by multiple cybersecurity outlets, though OmniGPT has not confirmed the incident.
Civil Service Employees Association (CSEA)
March 5, 2025
•[ data breach, identity theft, Social Security numbers ]
The Civil Service Employees Association (CSEA), a New York labor union, reported a 2025 data breach in which attackers were present in its systems for nearly a month. The breach notification said malicious actors roamed CSEA systems between May 3 and May 31, 2025. A submission to the Maine Attorney Generals Office indicated over 47,000 individuals were affected. The investigation stated attackers may have accessed members names and Social Security numbers, creating risk of identity theft and fraud. The report did not identify the threat actor or the initial access method.
Wemix (Wemade)
February 28, 2025
•[ data breach, cryptocurrency theft, leaked secrets ]
The blockchain gaming platform WEMIX was hacked, resulting in the theft of about 8.65 million WEMIX tokens (worth roughly $6.1 million). The breach stemmed from attackers obtaining authentication keys for the NFT monitoring service NILE, likely via a shared repository. After gaining the keys, the threat actors spent about two months preparing before executing 15 withdrawal attempts of which 13 succeeded. The stolen tokens were swiftly laundered through multiple crypto exchanges. WEMIX shut down the affected server on February 28 and later disclosed the incident, migrating their infrastructure to a more secure environment.
Resort Data Processing
February 19, 2025
•[ data breach, hospitality ]
Hospitality PMS vendor mailed breach letters on March 20, 2025 after cyber incident.
Health Service Executive (HSE) – primary care services, Midlands (third-party processor)
January 2, 2025
•[ ransomware, data breach, third-party breach ]
DataBreaches summarized reporting that the Irish Health Service Executive confirmed a second ransomware attack occurred in February 2025, targeting a third-party processor and resulting in a data protection breach reported by HSE primary care services in the Midlands. The HSE stated there was no evidence that patients data was stolen in the incident, and the brief report did not describe prolonged operational disruption or specify what systems were encrypted. Based on the confirmation of a ransomware incident affecting a processor, this is coded as a disruptive event with limited publicly available detail on scope and duration.
Middlesex Sheriff's Office
January 1, 2025
•[ data breach, protected health information, HIPAA ]
The Middlesex Sheriffs Office reported that a security breach occurred in January 2025 and that a comprehensive investigation (with state/federal law enforcement and private cybersecurity vendors) determined on November 19, 2025 that the incident involved unauthorized access to protected health information. The exposed PHI may have included names, home addresses, dates of birth, diagnoses, and other general health information related to individuals who may have received medical care through the Sheriffs Office. Public reporting indicated the breach represented a HIPAA-related incident; the organization did not specify the number of affected individuals in the public notice and did not disclose the initial access vector or whether any data was exfiltrated beyond unauthorized viewing/access.
Jupiter Medical Center (via third party health records vendor)
January 1, 2025
•[ data breach, healthcare, third party risk ]
Jupiter Medical Center issued a warning/notice describing a data breach tied to a data security incident dating back to January 2025. The report indicates the healthcare organization investigated the incident and proceeded with notification and remediation steps in 2026. Because the accessible source context here does not provide a clear affected-individual count or a detailed breakdown of data elements, the customer-data fields are coded as undetermined.
EyeCare Partners
January 1, 2025
•[ email compromise, unauthorized access, data breach ]
EyeCare Partners disclosed that an unauthorized third party accessed certain ECP-managed email accounts between December 3, 2024 and January 28, 2025. The accessed files may have contained personal identifiers and limited health-related information, including addresses, dates of birth, Social Security numbers, drivers license numbers, health plan information, and limited clinical information; the notice emphasized that full medical records and detailed clinical information were not impacted. The organization reported the incident to Massachusetts regulators on February 4, 2026 and began outreach and remediation steps consistent with an email-system compromise.
The Children’s Center of Hamden
December 28, 2024
•[ data breach, data theft, unauthorized network activity ]
In late December 2024, The Childrens Center of Hamden detected unauthorized network activity later linked to the criminal group INC. The attack resulted in theft of sensitive patient and staff information including SSNs and medical records. No encryption reported. Public notice issued August 28 2025.
