Pell City School System
December 15, 2025
•[ ransomware, security incident, data leak ]
Pell City School System reported that some of its technology systems were affected by a security incident. The superintendent told families that the student information system was not affected, but that a third party copied some files. The district said it was working to resolve the incident and restore services and stated it would not pay. A separate report stated that the SafePay ransomware group claimed responsibility in December 2025, but the school district had not publicly verified the claim or provided details about exactly what data was taken or how systems were accessed at the time of reporting.
Raaga
December 15, 2025
•[ data leak, unauthorized access, credential stuffing ]
Raaga confirmed that an unauthorized party accessed a legacy database and that the extracted user data was later advertised for sale on an underground hacking forum during December 2025. Reporting described the exposed dataset as affecting more than 10.2 million user accounts and including personal and account-related fields such as names, email addresses, usernames, hashed passwords, and account creation dates, with partial location data in some cases. The company stated it secured the relevant access points tied to the exposed system, reset passwords for impacted accounts, and implemented additional monitoring while working with cybersecurity specialists and notifying law enforcement. Even without payment data, the combination of emails and password hashes creates elevated risk of credential stuffing, targeted phishing, and account takeover.
Danish Booksellers' Commission Foundation
December 15, 2025
•[ ransomware, data leak, IT disruption ]
A Danish business foundation that distributes books to many bookstores reported being hit by ransomware during the busy Christmas period. The incident disrupted IT operations and prompted an investigation. The organization warned that attackers may have accessed internal files, including employee salary information and other personal data related to staff and potentially customers and former employees. Details on the initial access vector, the ransomware strain, and the total number of impacted individuals were not publicly provided.
DXS International
December 14, 2025
•[ ransomware, data leak ]
DXS International disclosed a cyberattack affecting its office servers that it said was discovered on December 14, 2025 and immediately contained in cooperation with NHS England. The company reported minimal impact on services and said front-line clinical services were unaffected. The specific nature of the breach and whether patient medical information was stolen was not confirmed in the report; however, a ransomware group calling itself DevMan claimed credit and alleged theft of 300 GB of data. Regulators and law enforcement were notified and an external cybersecurity firm was engaged to investigate the scope and extent of unauthorized access.
Alpine Lumber
December 14, 2025
•[ ransomware, data leak, personally identifiable information ]
Alpine Lumbers posted notice states that on December 22, 2025 it determined certain network devices were encrypted with ransomware. The companys investigation found that between December 14 and December 22, 2025 an unauthorized actor viewed and obtained files stored on a file server. Alpine completed its file review and determined on February 5, 2026 that the affected files included employment-purpose information such as names, addresses, Social Security numbers, dates of birth, and health insurance plan enrollment information, and may also have included policy numbers, medical information, government IDs, financial account data, and payment card data. Alpine stated it notified law enforcement and began mailing letters and offering credit monitoring.
BarNet
December 12, 2025
•[ ransomware, data leak ]
Insurance Business reported that BarNet, a communications and infrastructure provider serving barristers and legal practices (including hosting, connectivity, file-sharing and a case-tracking platform), appeared on the SafePay ransomware groups leak site. The article states SafePay released material it claims was taken from BarNets systems, and that the leaked files reportedly include financial statements and legal/contract documents as well as sensitive personal records such as passport copies and CVs. The reporting focuses on the alleged data exposure and extortion context rather than confirmed encryption-related downtime, and it does not provide a confirmed initial access vector or a verified count of affected individuals.
Ahome City Hall
December 12, 2025
•[ data leak, ransomware, extortion ]
Article warns that Mexicos government cybersecurity is structurally weak. Experts cite basic misconfigurations, poor maintenance, limited staff training, and lack of an overarching cybersecurity law. Recent incidents, including municipal data leaks and ransomware affecting Guanajuatos attorney general, show risks of extortion, fraud, and weakened public trust.
Secretaría de Hacienda del Estado de Sonora
December 12, 2025
•[ data leak ]
Mexican media reported unauthorized access to servers of the Secretara de Hacienda del Estado de Sonora in December 2025, during which the criminal group Chronus exfiltrated and leaked approximately 40GB of documents and databases. State authorities suspended online services as a preventive security measure while investigating the intrusion.
National Credit Regulator (NCR)
December 12, 2025
•[ cyberattack, ransomware, data exfiltration ]
The South African National Credit Regulator confirmed it was the victim of a cyberattack in December 2025 that disrupted some of its systems. A ransomware group known as DragonForce claimed responsibility and alleged the exfiltration and publication of alleged 42 GB of data, but the regulator stated investigations were ongoing and has not confirmed data exfiltration, encryption, or the attackers identity.
Ahome City Hall
December 12, 2025
•[ ransomware, data leak, extortion ]
Article warns that Mexicos government cybersecurity is structurally weak. Experts cite basic misconfigurations, poor maintenance, limited staff training, and lack of an overarching cybersecurity law. Recent incidents, including municipal data leaks and ransomware affecting Guanajuatos attorney general, show risks of extortion, fraud, and weakened public trust.
SecretarÃÂa de Hacienda del Estado de Sonora
December 12, 2025
•[ data leak, unauthorized access, exfiltration ]
Mexican media reported unauthorized access to servers of the Secretara de Hacienda del Estado de Sonora in December 2025, during which the criminal group Chronus exfiltrated and leaked approximately 40GB of documents and databases. State authorities suspended online services as a preventive security measure while investigating the intrusion.
Greater St. Louis Oral & Maxillofacial Surgery PC
December 4, 2025
•[ phishing, data leak ]
Unauthorized access to a server-hosted employee email account resulted in exposure of patient personal and protected health information and use of the account to send phishing emails.
Yokosuka Gakuin School Corporation
December 1, 2025
•[ ransomware, data leak ]
Yokosuka Gakuin School Corporation disclosed a ransomware-related cyberattack discovered in early December 2025 involving unauthorized access to a server and external leakage of photos and videos. The school disconnected systems as a precaution and stated that investigations were ongoing; no quantitative details about data volume or affected individuals were publicly released.
Undisclosed Apple-assembler in China
December 1, 2025
•[ data leak ]
Hackers breached an Apple assembler in China and accessed internal systems, with reporting indicating that production and manufacturing-related data was targeted during the intrusion.
Call-On-Doc, Inc., dba Call-On-Doc.com
December 1, 2025
•[ data leak, telehealth breach, patient record exfiltration ]
A threat actor posted a sales listing on a hacking forum claiming that telehealth provider Call-On-Doc was breached in early December 2025 and that 1,144,223 patient records were exfiltrated. The listing reportedly included patient identifiers and contact details, transaction metadata, medical category and condition fields, prescribed services, and payment amounts. The reporting outlet reviewed screenshots and a sample file and assessed the data appeared plausible, but Call-On-Doc had not publicly confirmed the incident at the time of reporting.
MédecinDirect
November 28, 2025
•[ data leak ]
MdecinDirect, a French teleconsultation platform, reported a large-scale cyber incident in late November 2025. The provider stated it was the victim of an intrusion that was stopped upon detection on 11/28/2025. Approximately 285,000 patients were warned that their account information could have been compromised, and affected people were informed once the incident perimeter was clarified on 12/03/2025. MdecinDirect indicated that personal and health data potentially consulted included the reason for teleconsultation, information provided in pre-teleconsultation questionnaires, written exchanges between patients and physicians, and some Social Security numbers. The platform stated teleconsultation videos were not recorded and were therefore not impacted. It reported filing a complaint and notifying the CNIL (Frances data protection authority), and stated that services were functioning normally about ten days after the intrusion while additional technical investigation continued.
The Araneta Group of Companies
November 28, 2025
•[ data leak ]
The Araneta Group of Companies disclosed a cybersecurity breach affecting systems of multiple subsidiaries, including Araneta Center Inc., TicketNet Inc., and PPI Holdings Inc., and reported the incident to regulators while investigating the scope of impact.
Visage Imaging
November 26, 2025
•[ data leak ]
Visage Imaging reported a security incident involving unauthorized access to certain personal information within its systems. The organization indicated that an unauthorized party accessed personal information classified as personally identifiable information (PII), and that impacted elements may include individuals names and Social Security numbers. Visage Imaging filed a public notice with the Massachusetts Attorney General and began sending notification letters to impacted individuals on November 26, 2025.
Advanced Family Surgery Center (AFSC)
November 26, 2025
•[ data leak, healthcare, protected health information ]
Threat actors identifying as Genesis claimed they compromised Advanced Family Surgery Center (AFSC) in Oak Ridge, Tennessee, and later added the organization to their leak site, asserting that about 100 GB of data had been exfiltrated from company file servers. The reported dataset included healthcare data, personal data, financial data, user folders, and operational files. The reporting outlet reviewed sample files and indicated they contained protected health information such as patient names, dates of birth, full Social Security numbers, dates of service, physician details, and insurance information. At the time of reporting, no official public notification by the provider had been located.
