Full List

Search

Search Results (Data leak)

• Blazer Real Estate Services LLC October 30, 2025 • [ data leak ] Blazer Real Estate Services LLC reported that an unauthorized party accessed company systems on October 30 and exfiltrated customer identity and financial information, including drivers license and Social Security numbers; no operational disruption was reported.
• Associated Radiologists of the Finger Lakes P.C. October 30, 2025 • [ data leak ] A subset of ARFLs network was accessed by an unauthorized party between October 28 and October 30 2025 during which files containing personal and health information were viewed or copied without permission Notifications were issued on December 29
• Paterson & Dowding Family Lawyers October 28, 2025 • [ ransomware, data leak ] Threat actors from the Anubis ransomware gang listed Perth based Paterson & Dowding Family Lawyers on their dark web site in late October 2025, claiming to have compromised the Western Australian family law firm and stolen large volumes of sensitive client, business and staff data, which they showcased in detailed samples. The posted material includes financial documents such as superannuation statements, tax information, pay slips and a crypto wallet screenshot, along with correspondence relating to client businesses and deeply personal family messages, emails and social media content connected to ongoing disputes. The firm subsequently confirmed it had suffered a cyber incident and determined that a subset of personal information had indeed been accessed and taken, engaged external experts to contain and investigate the breach, began notifying affected clients and staff, and reported the matter to relevant privacy and cybersecurity authoriti
• Cohen's Fashion Optical LLC October 28, 2025 • [ data leak ] Cohen's Fashion Optical LLC reported that an unauthorized third party accessed company systems on October 28 and acquired files containing customer personal, financial, insurance, and medical information; no operational disruption or actor attribution was identified.
• Poltronesofà October 27, 2025 • [ ransomware, data leak, phishing ] Italian furniture retailer Poltronesof disclosed that its IT environment suffered a ransomware attack on October 27, 2025, in which intruders compromised group servers and encrypted virtual machines, making several internal systems temporarily unavailable. The companys incident-response team isolated affected infrastructure and launched a forensic investigation, but it warned that attackers may have exfiltrated customer data including identification and contact details. While payment information was reportedly not impacted, customers were advised to be vigilant for phishing attempts and to change passwords used with company services.
• CareOregon / Health Share of Oregon October 27, 2025 • [ data leak ] Unauthorized viewing of member information occurred within CareOregon-managed systems supporting Health Share of Oregon, leading to notifications to affected members.
• Svenska Kraftnät October 25, 2025 • [ ransomware, data leak ] Swedens national power grid operator Svenska Kraftnt experienced a data breach on October 25, 2025, when ransomware group Everest accessed an external file-transfer system and claimed to have stolen roughly 280 GB of data. Electricity transmission operations were not affected.
• DoorDash October 25, 2025 • [ data leak ] DoorDash reported that an unauthorized party accessed a company system on October 25 and obtained personal contact and order information; the company stated that sensitive personal or financial data was not accessed and no operational disruption occurred.
• 700Credit October 25, 2025 • [ data leak ] 700Credit, an automotive credit reporting and identity verification provider, was reported to have experienced a data breach on or around Oct. 25, 2025. The report stated the company was alerted to suspicious activity within its proprietary web-based application (700Dealer.com), after which it engaged third-party forensic specialists. According to the reporting, the investigation found consumer data had been copied from the application without authorization, while 700Credits internal network was said to be unaffected. Compromised data was described as including consumer names, addresses, and Social Security numbers from auto financing applications submitted between May and October 2025.
• 700Credit October 25, 2025 • [ data leak ] The Record reported that auto-dealership service provider 700Credit said 5,836,521 people were affected by a data breach discovered on October 25, 2025. The company stated its IT team found that attackers made copies of information they accessed in 700Credit systems and that the copied data included names, Social Security numbers, dates of birth, and addresses. The report noted the company notified federal law enforcement and the FTC and began offering identity protection services, indicating confirmed unauthorized access and copying of sensitive consumer identifiers.
• AT&T Careers HR portal October 24, 2025 • [ ransomware, data leak, fraud ] Ransomware actors posted a dataset labeled AT&T Careers on their leak site, indicating records tied to recruiting/applicant systems; listing framed for monetization with no operational outage described. Organization review pending; risk centers on identity/targeted fraud against job-seekers and staff.
• Unigym Gatineau October 24, 2025 • [ phishing, data leak ] Members personal and financial details potentially accessed; centre warned about phishing/fraud and began coordination with card processors and police after local media alerted them to leaked samples.
• ModMed (Modernizing Medicine) October 24, 2025 • [ data leak, healthcare, third-party breach ] Modernizing Medicine (ModMed) said it discovered unauthorized activity on July 29, 2025, and confirmed that attackers had accessed and exfiltrated data from servers hosting podiatry-client EHR information between July 910. Exposed fields include full names, addresses, DOB, SSNs, contact details, health insurance info, medical record and patient account numbers, dates of service, providers/practices, billing/diagnostic codes, prescription/medication data, and diagnosis/treatment information; providers were notified on September 19 and patients on October 17. Days later, a seller advertised a partial EHR database (1,0001,500 podiatry patient records) on a breach forum/Telegram, indicating financially motivated data trafficking, though ModMed has not confirmed a second intrusion. Overall impact: large-scale PHI exposure from vendor-hosted servers, with evidence of downstream data sale attempts.
• ZZ Dats October 24, 2025 • [ data leak, government, regulatory action ] Latvias DVI fined vendor ZZ Dats 300,000 for a 2024 municipal data breach affecting 42 municipalities; enforcement materials cite failures in safeguarding personal data rather than evidence of a targeted intrusion. This row logs the regulatory outcome tied to last years exposure.
• Legacy Health, LLC October 24, 2025 • [ data leak, healthcare ] Legacy Health LLC, a Dallas-based healthcare revenue cycle management company, disclosed that it experienced a data breach affecting 4,031 Texas residents. According to breach notices and law firm investigations, an Undetermined actor accessed data used in medical billing and revenue cycle services, exposing sensitive personal and protected health information. Compromised data includes individuals' names, medical information and health insurance details, increasing the risk of medical identity theft and insurance fraud for affected patients. Legacy Health mailed notification letters on October 24, 2025 and reports that it has taken steps to secure its systems and strengthen cybersecurity controls.
• AllerVie Health October 24, 2025 • [ ransomware, data leak ] AllerVie Health experienced unauthorized network access between October 24 and November 3 2025 during which sensitive data was accessed and exposed in a ransomware attack attributed to ANUBIS The incident was detected on November 2 and public notification to individuals occurred in late December 2025
• M-TIBA (CarePay Kenya) October 23, 2025 • [ data leak ] Threat actor Kazu claimed on Oct 23 2025 to have exfiltrated 2.15 TB of data (~4.8 M users) from M-TIBA, a Safaricom-backed health-finance platform; sample of 114 k records posted; Kenyas ODPC launched investigation Oct 29 2025; no encryption or operational outage confirmed.
• Freedom Mobile October 23, 2025 • [ data leak ] Freedom Mobile disclosed a breach of its customer account management platform that it detected on Oct. 23, 2025. The company stated that an unknown third party used a subcontractors account to access personal information for a limited number of customers, and that suspicious accounts and related IP addresses were blocked as part of corrective measures. Reported exposed data elements include first and last names, home addresses, dates of birth, phone numbers (home and/or mobile), and customer account numbers; Freedom stated the incident was not ransomware and that its network and operations were not affected.
• Substack October 23, 2025 • [ data breach, data leak, PII ] In October 2025, the publishing platform Substack suffered a data breach that was subsequently circulated more widely in February 2026. The breach exposed 663k account holder records containing email addresses along with publicly visible profile information from Substack accounts, such as publication names and bios. A subset of records also included phone numbers.
• Two undisclosed government departments in a South American country October 22, 2025 • [ vulnerability exploitation, espionage, data leak ] Actors exploited a patched SharePoint ToolShell flaw to gain initial access at a telecom, harvest credentials, and pivot across AD-joined systems. Activity included beaconing and data staging consistent with telecom espionage. No operational shutdown reported; primary effect is unauthorized access and data collection.