Search Results for "Data leak"

University of Phoenix January 8, 2025 • [ data leak ] Phoenix Education Partners reported that the University of Phoenix experienced a cybersecurity incident involving Oracle E-Business Suite (Oracle EBS). The company detected the incident on November 21, 2025 and believes a previously unknown Oracle EBS vulnerability was exploited in August 2025 to copy certain data maintained in its Oracle EBS environment. The company stated that personal information for numerous individuals was accessed without authorization, including names and contact information, dates of birth, Social Security numbers, and bank account/routing numbers, and that it would provide required notifications while the investigation continued.

Fieldtex Products, Inc. January 8, 2025 • [ ransomware, data leak ] Fieldtex Products Inc., including its e-First Aid Supplies division, reported a data security incident after identifying unauthorized access to certain systems during August 2025. Public reporting associated the incident with the Akira ransomware group, which claimed responsibility on a leak site and alleged it stole corporate documents, though those claims were not independently verified in the available notice. According to reporting on the incident and breach tracking, the event potentially exposed limited protected health information related to individuals, with data elements including name, address, date of birth, member identification number, health plan name, coverage effective and termination dates, and gender. External reporting cited approximately 238,615 affected individuals. Fieldtex indicated it took steps to investigate, mitigate, and notify impacted people; the initial compromise method and the full extent of any data exfiltration beyond the limited PHI described were not publicly detailed in the accessible notice.

Pro Medicus January 7, 2025 • [ data leak, email compromise, employee data ] Pro Medicus disclosed that it investigated unauthorized access by an unknown third party to a single email inbox in July 2025. The company said it engaged external cybersecurity experts, secured the inbox, and contained the incident. Its analysis concluded the access was isolated to one mailbox and did not provide access to any client systems or patient data; it also stated there was no operational impact or financial loss. Pro Medicus reported that PII for approximately 100 current and former employees could potentially have been accessed and that the affected individuals were notified.

Towne Mortgage January 6, 2025 • [ ransomware, data leak ] Towne Mortgage disclosed that a June 2025 incident may have involved a hacker copying data from its network. Reporting on subsequent litigation stated that the lender did not publicly specify how many customers were impacted, but a disclosure referenced at least 474 Massachusetts residents and indicated that Social Security numbers and financial account information were compromised. The same report noted that some cybersecurity blogs attributed the attack to the BlackByte ransomware-as-a-service group, though the company itself did not confirm attribution. Multiple class action lawsuits were filed after the lenders breach announcement, alleging failure to protect sensitive borrower information.

Prosper Marketplace January 6, 2025 • [ data leak, PII ] The Record reported that fintech lender Prosper Marketplace disclosed a cyberattack that was initially discovered on September 1, 2025, with an investigation concluding that attackers accessed data between June and August 2025. The company stated there was no evidence of unauthorized access to customer accounts or funds, but reported that sensitive personal information and application-related data were accessed, ultimately affecting about 13.1 million people. The reported exposed elements included high-risk identifiers (SSNs and national IDs), banking details, and extensive identity and application documentation, creating significant fraud and identity-theft risk even without confirmed account takeover.

City of Lubbock Utilities January 6, 2025 • [ data leak, skimming ] The City of Lubbock Utilities, Texas, reported that malicious code was injected into its third-party online utility payment portal between December 18, 2024 and January 6, 2025. The injected script presented a fake payment window that captured customers cardholder information. According to the Texas state breach portal and public notices, 12,503 Texans were affected. Compromised data included names, billing addresses, payment card numbers, expiration dates, and CVV codes. Officials confirmed no impact to internal systems or encryption of city data.

Black Hills Regional Eye Institute January 4, 2025 • [ data leak ] In early January 2025, the Black Hills Regional Eye Institute detected unauthorized access lasting five days (Jan 48). A forensic review confirmed exfiltration of patient and employee data including PII and PHI. The breach affected about 106 k individuals and was disclosed August 29 2025. No encryption reported; data stolen for likely financial gain.

Kaikatsu Frontier Inc., January 1, 2025 • [ data leak, hacked ] Japanese reporting stated authorities issued an arrest warrant for a 17-year-old high school student suspected of conducting a cyberattack against Kaikatsu Frontier Inc. linked to an incident in January 2025. The suspect allegedly used an AI-generated program to send unauthorized commands to the companys server millions of times in an attempt to extract personal data. The company reported that personal data for roughly 7.3 million customers may have been leaked as a result of the breach. The reporting did not specify the exact data elements exposed or confirm misuse beyond the potential leak.

British Broadcasting Corporation Pension Scheme January 1, 2025 • [ data leak ] Bbc reported breach exposing pension members personal details on May twenty-nine.

At least one individual tricked by scam network impersonating CNN, BBC, CNBC January 1, 2025 • [ phishing, scam, impersonation ] Global phishing and investment scam campaign impersonating CNN, BBC, and CNBC; CTM360 identified over 17,000 fake sites used to steal identity and financial data through bogus crypto platforms like Eclipse Earn, Solara, and Vynex

At least one Russian industrial company January 1, 2025 • [ phishing, spyware, data leak ] Kaspersky-reported campaign uses phishing and a new spyware ('Batavia') to exfiltrate sensitive documents and system info from Russian industrial firms.

Duo Info January 1, 2025 • [ hacking, matchmaking service, personal information ] A Duo employee's work computer was hacked in January 2025, compromising personal information of 427,464 matchmaking service clients, including identifiers, contact details, and detailed personal profile information.

Cierant Corporation January 1, 2025 • [ ransomware, data leak ] SecurityWeek: HHS tracker shows >232k impacted at Cierant (Cleo file transfer/Cl0p) and ~280k at law firm Zumpano Patricios after May 6 intrusion with possible exfiltration.

OneDayOnly January 1, 2025 • [ data leak ] Data exfiltration from OneDayOnlys cloud storage claimed by KillSec; company confirmed incident but denied exposure of customer financial data

Claim Expert January 1, 2025 • [ data leak, data exfiltration ] Data exfiltration and exposure of Pick n Pay customer information (~105 k records) from Claim Experts system by Bashe group; no encryption or operational disruption reported

Pearson plc January 1, 2025 • [ data leak, source code leak, credential leak ] Threat actors used an exposed GitLab PAT to access source code and cloud credentials, stealing terabytes of corporate and customer data over months.

Santa Barbara County Department of Social Services January 1, 2025 • [ skimming, theft, data leak ] County reported widespread EBT skimming causing mass card cancellations and benefit delays for students and residents.

Ribbon Communications Inc. January 1, 2025 • [ data leak, unauthorized access ] U.S. telecom backbone provider Ribbon Communications reported that a nation-state actor infiltrated its environment around Jan 2025, maintaining persistence until discovery in Sept 2025; investigation confirmed unauthorized access to two employee laptops containing limited customer files; no material network breach or data destruction confirmed.

Laboratory Services Cooperative (LSC) December 30, 2024 • [ data leak ] Laboratory Services Cooperative, a U.S. medical testing provider based in Texas, disclosed that unauthorized actors accessed and exfiltrated PHI and PII data of approximately 16 million individuals. No encryption or operational disruption occurred, and no threat actor has been publicly identified.

Summit Home Health, Inc. December 29, 2024 • [ ransomware, data leak ] On December 29 2024, the criminal group Anubis listed Summit Home Health Inc. on its ransomware leak site, claiming theft of over 7 thousand patient records. KELA verified sample files, and SecurityWeek later reported the case as an example of Anubiss early campaigns. No encryption or service disruption was described, indicating a pure data-exfiltration exploit.

Search Results (Data leak)