Esse Health
April 21, 2025
•[ data leak ]
Cyberattack disrupted patientfacing network systems and phones and led to copying of files of 263,601 patients. Information includes personal and health data
SK Telecom
April 19, 2025
•[ malware, data leak ]
Malware on internal servers enabled theft of USIM identifiers and related network data over an extended period.
Marks & Spencer
April 19, 2025
•[ data leak ]
A cyberattack discovered over Easter weekend (April 19 2025) caused Marks & Spencer to take systems offline as a precaution, disrupting online orders and click-and-collect services. The company confirmed that attackers accessed customer personal data through a third-party contractors environment but found no evidence of ransomware or data encryption. Personal information accessed included names, contact information, and limited transaction data, but not passwords or full card details.
City of Abilene
April 18, 2025
•[ ransomware, data leak ]
On April 18 2025, the City of Abilene, Texas, detected unresponsive servers and shut down affected systems. Reports state certain systems were taken offline and none of the card systems at government offices were working; emergency services remained up and running. The Qilin ransomware group later claimed responsibility; roughly 477 GB of data were reported stolen and some data encrypted/deleted.
Eckert Seamans Cherin & Mellott LLC
April 17, 2025
•[ data leak, legal, insufficient security ]
Eckert Seamans detected unauthorized activity on an attorneys device on April 17, 2025, and confirmed that a document listing alumni was copied. The firm began notifying affected individuals on June 23, 2025, offering identity protection services and notifying regulators and law enforcement. Class action filed Aug 4, 2025, alleging failure to safeguard PII.
TickChak (external ticketing platform used by IDF units)
April 16, 2025
•[ data leak, hacktivism ]
A hacktivist using the alias Persian Prince accessed and leaked data from TickChak, an Israeli ticketing platform reportedly used by IDF units. The leak, publicized on April 16 2025, exposed personal details of tens of thousands of soldiers, including names, national ID numbers, and phone numbers. No ransom or sale was reported; the data was posted publicly to protest Israeli military actions.
McKenzie Health System (McKenzie Memorial Hospital)
April 15, 2025
•[ data leak, healthcare data breach, repeat incident ]
Notification to Maine AG reported an incident discovered on or about April 15 affecting 54,016 people; prior 2022 incident had 51,040 impacted, indicating recurring exposure issues.
Pierce County Library System
April 15, 2025
•[ ransomware, data leak, service disruption ]
The Record reported that the Pierce County Library System discovered a cybersecurity incident on April 21, 2025 that forced it to shut down all systems, with an investigation later finding attackers had access between April 15 and April 21. By May 12, the library confirmed hackers breached systems and stole information on both patrons and current/former employees, and later breach notifications indicated more than 340,000 people were impacted. The report stated the INC ransomware gang claimed the attack in May, and the combination of service shutdown and confirmed data theft supports a mixed event involving disruption and data compromise.
Hamilton County Sheriff’s Office
April 14, 2025
•[ ransomware, data leak ]
Ransomware attack by the Qilin group encrypted internal systems and took the Hamilton County (Tennessee) Sheriffs Office website offline; attackers demanded $300,000 and claimed data theft, but no exfiltration has been verified; systems fully restored by early May 2025.
CMC Corporation
April 12, 2025
•[ ransomware, data leak ]
Ransomware group Crypto24 carried out a double-extortion attack against Vietnam-based CMC Corporation on April 12, 2025, exfiltrating roughly 2 TB of internal data and encrypting subsidiary servers for less than one day.
DaVita Inc.
April 12, 2025
•[ ransomware, data leak ]
On April 12, 2025, DaVita reported a ransomware incident that encrypted elements of its network and disrupted some operations. Subsequent disclosures confirmed theft of personal and medical information impacting over one million individuals.
Wolters Kluwer N.V.
April 12, 2025
•[ data leak ]
On April 12 2025, a BreachForums user known as IntelBroker offered for sale a 36 GB dataset allegedly stolen from Wolters Kluwer. The company confirmed an incident affecting its health-journals business but reported no compromise of tax or financial data. The exposed information consisted of professional contact details and profile metadata.
Multiple Magento e-commerce stores
April 10, 2025
•[ supply-chain attack, e-commerce, data leak ]
Between 500 and 1,000 online stores using third-party Magento extensions were compromised in a supply-chain attack that inserted backdoors allowing remote code execution and possible payment-data theft; incident discovered in April 2025.
SK Group (SK Inc.)
April 10, 2025
•[ ransomware, data leak ]
Qilin listed sk.com on its leak site on April 10 2025, claiming it stole approximately 1 TB of SK Group corporate data. SK has not publicly confirmed the breach or the claimed data volume, and no encryption or operational disruption has been reported.
At least one government agency or state-owned enterprise in Southeast Asia
April 10, 2025
•[ data leak, espionage, government ]
The Record, citing Symantecs Threat Hunter Team, reported that the China-linked APT group Billbug (also known as Thrip and Lotus Blossom) compromised multiple government and critical infrastructure organizations in a Southeast Asian country in April 2025. The campaign involved exploitation of legitimate digital certificates and living-off-the-land tools to exfiltrate sensitive documents from government and military networks. No encryption or disruption was reported, and the activity is assessed as political espionage conducted under Chinas Ministry of State Security.
3P Corporation Pty Ltd
April 10, 2025
•[ ransomware, data leak ]
Melbourne-based financial and tax advisory firm 3P Corporation was listed by the Space Bears ransomware group on Apr 10 2025, which claimed to have stolen ~213 GB of corporate and client data; no encryption or service disruption confirmed; breach publicly reported Jun 2 2025.
Caisse Nationale de Sécurité Sociale (CNSS)
April 8, 2025
•[ data leak, hacktivism ]
Moroccos CNSS confirmed a major data breach claimed by the hacktivist group Jabaroot. The attackers accessed and leaked millions of social-security records belonging to private-sector employees and companies. CNSS stated no operational disruption or encryption occurred.
Fall River Public Schools
April 7, 2025
•[ ransomware, data leak ]
Fall River Public Schools, Massachusetts, suffered a ransomware attack by the Medusa group that encrypted internal systems and disrupted district operations for several weeks. Attackers demanded $400,000 and claimed to have exfiltrated sensitive data, though the district has not verified theft. Recovery costs exceeded $130,000.
Toppan Next Tech
April 7, 2025
•[ ransomware, data leak, third-party breach ]
A ransomware attack on DBS Bank's third-party printing vendor Toppan Next Tech in Singapore led to the potential exposure of around 8,200 DBS customer statements and related letters, mostly for DBS Vickers trading and Cashline loan accounts. The attacker compromised Toppan's systems, leaving encrypted statement files potentially accessible, but DBS' own banking infrastructure and customer funds remained unaffected. Exposed data in the printed correspondence includes customers' names, mailing addresses and details of equity holdings or loan accounts, while passwords, government ID numbers and balances were not part of the leak. Authorities and cybersecurity agencies are assisting the investigation as DBS halts work with the vendor and notifies affected customers.
