OCAT, LLC dba Evoke Wellness at Hilliard
July 7, 2024
•[ insider threat, data breach, healthcare ]
DataBreaches reported that Evoke Wellness at Hilliard updated its breach reporting about an insider-related patient-data incident. The post notes law enforcement investigated a former employee accused of misusing access to obtain patient information and sell or misuse it, with the employee working there from 2021 to July 2024 and the case surfacing after police found suspicious documents in 2024. Evokes amended patient notice listed many possible exposed data elements (including SSNs and detailed treatment/insurance information) and the post highlights inconsistencies in public filings about discovery dates and affected counts.
Ladies.com
July 3, 2024
•[ data breach, exposed database, cloud misconfiguration ]
In 2024, the lesbian dating website ladies.com suffered a data breach. Attributed to an exposed Firebase database, the breach included extensive personal information on 119k users of the service including email addresses, photos, sexual orientation, genders, dates of birth and precise latitude and longitude, among other personal attributes. The website was shut down in mid-2024 and the breach later acknowledged by the site operator in December, along with a breach of the "Senior Dating" website run by the same organisation.
Chapman & Roberts PA
July 1, 2024
•[ data leak, law firm, pii ]
Greensboro immigration law firm disclosed a breach dating back to July 2024 that exposed client/individual PII; notifications issued in May 2025.
Maryhaven, Inc.
May 30, 2024
•[ data leak, healthcare, unauthorized access ]
Maryhaven, a behavioral health and addiction treatment provider in Ohio, detected unauthorized access to its systems on June 1 2024. An unknown actor accessed and exfiltrated patient and employee PHI/PII data (~7,000 records). No encryption or operational disruption occurred. Disclosure issued April 11 2025 through Cyberscout/TransUnion.
iMenu360
August 11, 2022
•[ data leak, customer records, PII ]
In approximately late 2022, 3.4M customer records from iMenu360 ("The world's #1 most trusted online ordering platform") were exposed. The data appeared to be from ordering systems using the platform and contained email and physical addresses, latitudes and longitudes, names and phone numbers. Numerous attempts were made to contact iMenu360 about the incident between April and August 2023, but no response was received.
