Visiting Nurse Association of Texas
July 17, 2025
•[ unauthorized access, email compromise, PII ]
Visiting Nurse Association of Texas identified suspicious network activity on July 17, 2025; an unauthorized actor accessed employee email accounts and potentially compromised personal and health-related data belonging to thousands of individuals, per notice and investigation.
Atlas Transfer and Storage
July 15, 2025
•[ unauthorized access, data breach, PII ]
Atlas Transfer & Storages notice states it identified suspicious activity on July 15, 2025 and launched an investigation. The investigation concluded that an unauthorized party copied certain files on the same date. Atlas reviewed the impacted files and stated the affected information varied by individual but could include identifiers and financial/health insurance information such as SSNs, tax IDs, drivers license/state IDs or other government IDs, payment card numbers, health insurance and medical information, and financial account information. Atlas stated it notified individuals and offered complimentary credit monitoring services.
Healthcare Interactive
July 8, 2025
•[ data leak, hacked, phi ]
Healthcare Interactive reported that hackers accessed its network between July 812, 2025 and exfiltrated files containing extensive PHI/PIIincluding names, DOBs, SSNs, contact details, insurance enrollment IDs, diagnoses, provider names, lab results, medical images, treatment plans, and possibly claims datawith the breach detected around July 22; the attack vector wasnt disclosed but regulators were notified.
Canada Goose
July 4, 2025
•[ data leak, third-party breach, customer records ]
In February 2026, a data breach allegedly containing data relating to Canada Goose customers was published publicly. The data contained 920k records with 582k unique email addresses and included names, phone numbers, IP addresses, physical addresses and partial credit card data, specifically card type and last 4 digits. Canada Goose advised that the data "appears to relate to past customer transactions" and stated that it originated from a breach at a third party in August 2025. The most recent transaction date in the data is July 2025.
McDonald’s recruitment chatbot platform
June 1, 2025
•[ data leak, recruitment, chatbot ]
SecurityWeek reported that a recruitment chatbot platform used by McDonalds leaked data on approximately 64 million job applicants worldwide.
Prosper Marketplace
January 6, 2025
•[ data leak, PII ]
The Record reported that fintech lender Prosper Marketplace disclosed a cyberattack that was initially discovered on September 1, 2025, with an investigation concluding that attackers accessed data between June and August 2025. The company stated there was no evidence of unauthorized access to customer accounts or funds, but reported that sensitive personal information and application-related data were accessed, ultimately affecting about 13.1 million people. The reported exposed elements included high-risk identifiers (SSNs and national IDs), banking details, and extensive identity and application documentation, creating significant fraud and identity-theft risk even without confirmed account takeover.
Hamilton County Healthcare System
December 4, 2024
•[ data leak, healthcare, PII ]
Unauthorized actor breached Hamilton County Healthcare System servers in Dec 2024, stealing tens of thousands of patient records; breach verified through Maine AG notification and HIPAA disclosure.
Central Kentucky Radiology
October 16, 2024
•[ data leak, healthcare, PII ]
Unauthorized actor accessed CKRs network Oct 1618 2024 and copied files; ~167k people impacted; notifications issued mid-June 2025; data stolen from Lexington-based servers; no encryption or operational shutdown confirmed.
Chapman & Roberts PA
July 1, 2024
•[ data leak, law firm, pii ]
Greensboro immigration law firm disclosed a breach dating back to July 2024 that exposed client/individual PII; notifications issued in May 2025.
Maryhaven, Inc.
May 30, 2024
•[ data leak, healthcare, unauthorized access ]
Maryhaven, a behavioral health and addiction treatment provider in Ohio, detected unauthorized access to its systems on June 1 2024. An unknown actor accessed and exfiltrated patient and employee PHI/PII data (~7,000 records). No encryption or operational disruption occurred. Disclosure issued April 11 2025 through Cyberscout/TransUnion.
