Asiana Airlines
December 24, 2025
•[ data leak ]
Asiana Airlines experienced unauthorized access to its internal intranet via an overseas server on December 24 2025 resulting in the exposure of personal information for approximately 10000 employees and partner staff No customer data was affected The company blocked access reset credentials and notified authorities
QualDerm
December 23, 2025
•[ data breach, data leak, unauthorized access ]
SecurityWeek reported that QualDerm Partners is notifying more than 3.1 million people of a December 2025 breach discovered on Dec. 24, 2025. QualDerm said attackers had unauthorized access to its network for two days and exfiltrated data from a limited number of compromised systems. Stolen data included personal identifiers and health/insurance information such as names, addresses, dates of birth, email addresses, medical record numbers, doctor names, treatment/diagnosis information, health insurance information, dates of death, and in some cases government-issued ID information. QualDerm said its investigation is ongoing and it notified law enforcement and regulators.
Siam Okamura International Co., Ltd.
December 23, 2025
•[ unauthorized access, data leak, server breach ]
Siam Okamura International identified suspected unauthorized access to certain servers on December 23, 2025, and later found information suspected to have been leaked online; the details and extent remained under investigation.
Condé Nast / WIRED.com
December 20, 2025
•[ data leak ]
Hacker Lovely leaked 2.4M WIRED.com subscriber records (emails, names, IDs, contact info). Dataset verified by breach researchers and indexed by Have I Been Pwned. No official confirmation from Cond Nast; actor claims 40M more records may follow.
Oklahoma Tax Commission
December 20, 2025
•[ unauthorized access, tax data, W-2 ]
Oklahoma Tax Commission disclosed unauthorized access to W-2 and 1099 files in the OkTAP tax portal.
Undisclosed Ghana financial institution
December 19, 2025
•[ ransomware, data leak ]
A ransomware attack targeted a Ghanaian financial institution, encrypting large volumes of data and resulting in a financial loss of approximately USD 120,000, with authorities later assisting in partial data recovery.
Club Atletico River Plate
December 19, 2025
•[ ransomware, data leak ]
On December 19, 2025, Argentine media reported that Club Atltico River Plate was listed on ransomware group Qilins dark web leak site, suggesting the group had gained unauthorized access to the clubs IT environment. The report described a significant compromise of sensitive information and access to the institutions digital infrastructure, with screenshots posted as evidence and indications the club used Microsoft 365 services. The attackers posted metrics referenced data for 4,042 users, one directly compromised employee, and 13 credentials belonging to employees of third parties
Nexar
December 19, 2025
•[ data leak ]
Nexar disclosed a cyber incident in which attackers gained unauthorized access to internal systems, prompting an investigation into potential data exposure.
Hello Cake, Inc.
December 19, 2025
•[ data leak ]
Hello Cake, Inc. reported a cybersecurity incident involving unauthorized access to company systems that resulted in exposure of sensitive business information.
Goldman Sachs (via Fried Frank Harris Shriver & Jacobson LLP)
December 19, 2025
•[ data leak, third-party breach ]
Goldman Sachs notified clients that some client data may have been exposed following a cybersecurity incident at its external law firm, Fried Frank; Goldman stated its own systems were not compromised.
Lexipol
December 19, 2025
•[ data leak ]
Lexipol experienced a cyberattack that led to unauthorized access to its systems, affecting data associated with public safety and law enforcement clients.
At least one organization in Japan
December 18, 2025
•[ data leak ]
A cyberattack targeted at least one organization in Japan, resulting in unauthorized access to internal systems and raising concerns about potential data exposure.
Naftali Bennett's phone
December 17, 2025
•[ data leak, hacking ]
Israel National News reported that the Iranian-affiliated hacker group Handala claimed it infiltrated Naftali Bennetts personal iPhone 13 as part of Operation Octopus and published files it said were extracted from the device, including a contact list with names of senior Israeli officials, internal communications, sensitive documents, and personal photos. The outlet also reported Bennett responded that the matter was being handled by security authorities. Subsequent coverage elsewhere reported Bennetts office said tests indicated the phone was not hacked, though content tied to his accounts/contacts circulated online; the exact extent of compromise is therefore not fully verified beyond an unauthorized leak claim.
Pass'Sport
December 17, 2025
•[ data leak ]
In December 2025, data from France's Pass'Sport program was posted to a popular hacking forum. Initially misattributed to CAF (the French family allowance fund), the data contained 6.5M unique email addresses affecting 3.5M households. The data also included names, phone numbers, genders and physical addresses. The Ministry of Sports subsequently released a statement acknowledging the incident.
ASC Ortho Management Company, LLC d/b/a Aligned Orthopedic Partners
December 16, 2025
•[ email environment breach, unauthorized access, personal information ]
ASC Ortho Management Company, LLC d/b/a Aligned Orthopedic Partners identified unusual activity in its email environment on December 8, 2025 and later determined that an unknown actor had unauthorized access to the email environment between November 16 and December 16, 2025, potentially accessing certain emails and files containing personal and protected health information. Aligned Orthopedic mailed notices to affected individuals on April 17, 2026.
APOIA.se
December 16, 2025
•[ data breach, data leak, PII exposure ]
In December 2025, a database of the Brazilian crowdfunding platform APOIA.se was posted to an online forum. In January 2026, the company confirmed it had suffered a data breach. The incident exposed 451k unique email addresses along with names and physical addresses.
Stockton Cardiology Medical Group
December 15, 2025
•[ unauthorized access, data leak, extortion ]
Stockton Cardiology Medical Group disclosed that an unauthorized individual accessed and removed files from its systems in December 2025, and some of the files were later publicly disclosed; outside reporting tied the incident to a Genesis extortion claim.
SoundCloud
December 15, 2025
•[ data leak, extortion ]
In December 2025, SoundCloud announced it had discovered unauthorised activity on its platform. The incident allowed an attacker to map publicly available SoundCloud profile data to email addresses for approximately 20% of its users. The impacted data included 30M unique email addresses, names, usernames, avatars, follower and following counts and, in some cases, the users country. The attackers later attempted to extort SoundCloud before publicly releasing the data the following month.
Raaga
December 15, 2025
•[ data leak ]
In December 2025, data allegedly breached from the Indian streaming music service "Raaga" was posted for sale to a popular hacking forum. The data contained 10M unique email addresses along with names, genders, ages (in some cases, full date of birth), postcodes and passwords stored as unsalted MD5 hashes.
