Undisclosed Financial Institution
September 15, 2025
•[ data leak, nation-state, vulnerability exploitation ]
Anthropic reported that GTG-1002, a China-linked nation-state threat actor, conducted an AI-automated intrusion campaign detected in mid-September 2025; one successful breach involved an undisclosed financial institution where sensitive information was stolen via exploitation of application server infrastructure.
Undisclosed Major Technology Firm
September 15, 2025
•[ data leak, nation-state, AI-automated attack ]
Anthropic reported that GTG-1002, a China-linked nation-state threat actor, conducted an AI-automated intrusion campaign detected in mid-September 2025; one successful breach involved an undisclosed major technology firm where sensitive information was stolen via exploitation of application server infrastructure.
Undisclosed Government Agency
September 15, 2025
•[ nation-state, data leak, vulnerability exploit ]
Anthropic reported that GTG-1002, a China-linked nation-state threat actor, conducted an AI-automated intrusion campaign detected in mid-September 2025; one successful breach involved an undisclosed government agency where sensitive information was stolen via exploitation of application server infrastructure.
Wood Personnel Services
September 12, 2025
•[ data leak ]
Wood Personnel Services reported unauthorized access to certain files on its network discovered in September 2025. The company stated that files containing personal information may have been accessed without authorization and notified affected individuals in December 2025. No operational disruption or data volume was disclosed.
Virginia Urology
September 11, 2025
•[ data leak, ransomware ]
DataBreaches reported that threat actors calling themselves MS13-089 claimed they hacked Virginia Urology on November 9, 2025 and exfiltrated about 927 GB of data, while stating they did not encrypt systems so as not to harm the patients. The outlet reviewed sample files and described faxed referrals and medical reports whose filenames appeared to include patients names and dates of birth, with additional pages containing extensive protected health information such as insurance and contact details and clinical histories. Virginia Urology had not publicly confirmed the incident or responded to inquiries in the reporting, but the presence of leaked sample data indicates unauthorized access and exfiltration consistent with an exploitive breach.
National Credit Information Center (CIC)
September 11, 2025
•[ data leak ]
Personal/credit records for citizens and companies held by the State Banks CIC; Vietnams CERT confirmed data theft with scope still being assessed; operations continued without disruption.
WIRED
September 8, 2025
•[ data leak ]
In December 2025, 2.3M records of WIRED magazine users allegedly obtained from parent company Cond Nast were published online. The most recent data dated back to the previous September and exposed email addresses and display names, as well as, for a small number of users, their name, phone number, date of birth, gender, and geographic location or full physical address. The WIRED data allegedly represents a subset of Cond Nast brands the hacker also claims to have obtained.
MetroWest Community Federal Credit Union
September 3, 2025
•[ ransomware, data leak ]
MetroWest Community Federal Credit Union disclosed that unauthorized access to its systems in early September 2025 resulted in the compromise of sensitive member information, with the incident attributed to the Akira cybercriminal group.
Sun Valley Surgery Center
September 3, 2025
•[ data leak ]
During a September 3, 2025 incident, an unauthorized third party accessed Sun Valley Surgery Centers information systems; more than 27,000 individuals sensitive personal and protected health information may have been exposed, though the facility reports no confirmed misuse or operational disruption.
Farmácia Moniz Silva
September 2, 2025
•[ ransomware, data leak, healthcare ]
Ransomware group Qilin claimed responsibility for a September 2025 attack on Farmcia Moniz Silva, a pharmacy located in Luanda, Angola. The group listed the victim on its data-leak site, consistent with broader Qilin activity against healthcare organizations. No confirmation from the victim or Angolan CERT was available.
California Casualty Companies
September 2, 2025
•[ data leak ]
California Casualty Companies reported that an unauthorized third party accessed company systems on September 2 and acquired files containing customer personal, financial, insurance, and identification information; no operational disruption or actor attribution was reported.
Prosper
September 2, 2025
•[ data leak ]
Prosper disclosed September breach; HIBP reports 17.6M affected with sensitive data
Wynn Resorts
September 1, 2025
•[ data leak, employee personnel records, Social Security numbers ]
Attackers associated with the ShinyHunters cybercriminal group gained unauthorized access to Wynn Resorts systems in September 2025. The intrusion exposed approximately 800,000 employee personnel records containing Social Security numbers and other personal identifying information.
DocketWise
September 1, 2025
•[ unauthorized access, third-party breach, credential theft ]
DocketWise discovered unauthorized access to a third-party partner repository used in a data migration pipeline; an unauthorized actor used valid credentials to clone repositories containing law-firm customer records and personal information of their clients.
Vibra Hospital of Sacramento
August 30, 2025
•[ data leak, PHI ]
Attack on Vibra Hospital of Sacramentos network occurred between August 30 and September 5, 2025. The breach exposed protected health information, including medical and insurance details but no financial or Social Security data. No ransomware or encryption occurred, and no threat group has publicly claimed responsibility.
Personic Management Company LLC d/b/a Personic Health
August 29, 2025
•[ data leak, healthcare, third-party breach ]
Healthcare management firm Personic Management Company (Personic Health) reported that an unauthorized actor accessed a third-party software platform used to process patient information on August 29, 2025. The intrusion, discovered on September 1, enabled the attacker to obtain data containing patients names and associated protected health information from Personic-affiliated providers. After engaging external cybersecurity experts and notifying law enforcement, Personic filed breach notices with state regulators and began sending letters to impacted individuals, warning them about identity-theft risks and the potential misuse of their medical data.
Personic Management Company LLC
August 29, 2025
•[ data leak, unauthorized access, third-party breach ]
Personic reported unauthorized activity affecting a third-party software platform it used to process patient information. The company stated it became aware of the issue on September 1, 2025, and an investigation concluded an unauthorized actor accessed the platform on August 29, 2025 and obtained certain data. The public notice stated the impacted data may include names and protected health information. Personic reported filing a notice with the Maine Attorney Generals office and beginning notification of impacted individuals on November 18, 2025.
Conifer Value-Based Care, LLC
August 28, 2025
•[ business email compromise, data leak ]
Conifer Value-Based Care, LLC disclosed unauthorized access to a Microsoft 365 business email account on August 2829, 2025. The incident may have exposed personal and health-related information contained in emails. Core systems were not compromised and the account was secured after discovery.
Saint Mary’s Home of Erie
August 26, 2025
•[ unauthorized access, PII, PHI ]
A forensic investigation found that an unauthorized party accessed the Saint Marys Home of Erie network between August 26 and 28, 2025. Files and folders containing resident PII and PHI may have been exposed. The incident was reported to HHS OCR for at least 501 individuals while review continues.
Marshfield Clinic Health System
August 26, 2025
•[ data leak ]
Marshfield Clinic Health System reported that an unauthorized party accessed certain systems on August 26 and may have viewed personal and clinical information; the organization noted no operational disruption, no misuse evidence, and no confirmed actor attribution.
