Full List

Search

Search Results (Data leak)

• Chronopost January 28, 2025 • [ data leak ] Chronopost confirmed a cyberattack discovered on January 28, 2025, that exposed personal data of about 210,000 clients, including names, addresses, and signatures. The company reported to CNIL and claimed no banking or payment data was compromised.:contentReference[oaicite:0]{index=0}
• State Bar of Texas January 28, 2025 • [ ransomware, data leak ] The State Bar of Texas reported a ransomware-linked intrusion attributed to INC. Unauthorized access occurred between January 28 and February 9 2025 (intrusion start used as event_date = 2025-01-28), leading to exfiltration of personal data including names, SSNs, drivers license numbers, and limited financial or medical information. Approximately 2 700 individuals were notified. The Bar reported no evidence of encryption or operational disruption.
• The Siegel Group, Inc. January 28, 2025 • [ data leak ] The Siegel Group reported that an unauthorized party accessed its network between Jan 28 and Feb 2, 2025; notices were filed with state AGs (e.g., Vermont) and mailed to impacted individuals.
• Episource January 27, 2025 • [ data leak ] Episource detected unauthorized access between January 27 and February 6 2025 affecting approximately 5.4 million individuals; attackers exfiltrated protected health information including SSNs, medical data, and insurance identifiers; no actor identified or ransom claim confirmed.
• The House of Dior January 26, 2025 • [ data leak, personally identifiable information, supply chain attack ] Dior disclosed that a database was accessed on Jan 26, 2025 exposing data that includes names, contact details, address, DOB, and in some cases passport/ID or SSN. Believed to be related to broader LVMH/ShinyHunters vendor breach cluster.
• Grubhub January 25, 2025 • [ data leak, third-party breach ] Grubhub disclosed that a third-party vendor account was compromised, allowing limited access to contact and partial payment information for customers, drivers, and merchants. Full card, bank, and SSN data were not accessed. No attribution to a specific threat group. Incident contained.
• Marlboro-Chesterfield Pathology January 25, 2025 • [ ransomware, data leak ] SafePay ransomware actors stole personal and health information from MCP systems; entity reported to HHS that 235,911 individuals were affected.
• Oracle Corporation (legacy cloud environment) January 22, 2025 • [ data leak, extortion ] Threat actor rose87168 exploited Oracles legacy Gen 1 Cloud infrastructure, stealing credentials and configuration data from ~140,000 tenants (6 million+ records) and attempting extortion; Oracle privately confirmed breach to customers.
• Blessing Corporate Services Inc. (Blessing Health System) January 22, 2025 • [ ransomware, data leak ] Blessing Corporate Services reported a ransomware attack on January 22 2025 that stole and encrypted patient information for approximately 15,000 individuals. The breach disrupted some clinical operations before containment and was publicly disclosed in April 2025. No actor attribution has been made.
• Munson Healthcare (via Cerner legacy systems) January 22, 2025 • [ data leak, third party breach, healthcare data ] Munson Healthcare confirmed that an unauthorized third party gained access to and obtained data maintained by its electronic health record vendor, Cerner, on legacy Cerner systems used by Munson. The investigation indicated access occurred at least as early as January 22, 2025, and could have exposed patient identifiers and clinical information, including Social Security numbers and medical record data. Munson and Cerner reported taking steps to secure the affected systems and notified impacted individuals with options for identity-protection services.
• Alabama Ophthalmology Associates January 22, 2025 • [ ransomware, data leak ] Unauthorized access occurred Jan 2230, 2025; AOA later confirmed patient data was acquired. BianLian claimed responsibility; notifications began in April 2025.
• Union Health System January 22, 2025 • [ data leak, supply chain attack ] Union Health reported that an unknown party accessed Oracle Health/Cerners data migration environment sometime after January 22, 2025; Union Health systems werent breached but patient data held by the vendor was exposed; notifications issued in May 2025.
• Ascension January 21, 2025 • [ data leak, vulnerability ] Ascension disclosed a data breach linked to a former business partners software vulnerability; filings indicate 437,329 impacted individuals.
• United Domestic Workers Of America January 17, 2025 • [ data leak ] Union reported unauthorized access; breach letters mailed March 27 to affected members.
• Loretto Hospital January 17, 2025 • [ ransomware, data leak ] On January 17 2025, RansomHouse gained unauthorized access to Loretto Hospitals network in Chicago and exfiltrated approximately 1.5 TB of sensitive data. The group listed the hospital on its leak site and released sample medical and billing files. No encryption occurred. The hospital later confirmed about 500 affected individuals in its HHS filing.
• Insight Partners January 16, 2025 • [ ransomware, social engineering, data leak ] On January 16, 2025, Insight Partners detected a cyberattack following a social engineering intrusion first traced to October 2024. Attackers exfiltrated sensitive files related to funds, management companies, portfolio companies, banking and tax records, and personally identifiable data of employees, partners, and investors. More than 12,000 individuals were affected. The incident escalated into a ransomware attack, with systems partially encrypted before containment. No named threat group has been identified, but the actor is criminal and financially motivated.
• Millennium Home Health Care, Inc. January 16, 2025 • [ data leak ] Millennium Home Health Care, Inc., a home-healthcare provider based in Tulsa, Oklahoma, reported unauthorized access to two servers between January 16 and 20, 2025.
• Bell & Graham January 16, 2025 • [ ransomware, data leak ] On 2025-01-16, Bell & Graham confirmed that the SafePay ransomware group stole approximately 15 GB of client data from its on-premises servers. The firm stated that files were taken but not encrypted, and live cloud systems were unaffected.
• DecisionFi January 15, 2025 • [ data leak ] Unauthorized party accessed files via a web application; NH AG filing and notification letters dated 21-02-2025.
• Select Medical Holdings Corporation January 15, 2025 • [ data leak ] Select Medical, a healthcare management company headquartered in Pennsylvania, disclosed unauthorized access to its internal network first detected in January 2025. Approximately 40,000 individuals PHI was exfiltrated, including names, Social Security numbers, and medical information. No ransomware or operational disruption was reported.