DaVita Inc.
April 12, 2025
•[ ransomware, data leak ]
On April 12, 2025, DaVita reported a ransomware incident that encrypted elements of its network and disrupted some operations. Subsequent disclosures confirmed theft of personal and medical information impacting over one million individuals.
SK Group (SK Inc.)
April 10, 2025
•[ ransomware, data leak ]
Qilin listed sk.com on its leak site on April 10 2025, claiming it stole approximately 1 TB of SK Group corporate data. SK has not publicly confirmed the breach or the claimed data volume, and no encryption or operational disruption has been reported.
3P Corporation Pty Ltd
April 10, 2025
•[ ransomware, data leak ]
Melbourne-based financial and tax advisory firm 3P Corporation was listed by the Space Bears ransomware group on Apr 10 2025, which claimed to have stolen ~213 GB of corporate and client data; no encryption or service disruption confirmed; breach publicly reported Jun 2 2025.
Fall River Public Schools
April 7, 2025
•[ ransomware, data leak ]
Fall River Public Schools, Massachusetts, suffered a ransomware attack by the Medusa group that encrypted internal systems and disrupted district operations for several weeks. Attackers demanded $400,000 and claimed to have exfiltrated sensitive data, though the district has not verified theft. Recovery costs exceeded $130,000.
Toppan Next Tech
April 7, 2025
•[ ransomware, data leak, third-party breach ]
A ransomware attack on DBS Bank's third-party printing vendor Toppan Next Tech in Singapore led to the potential exposure of around 8,200 DBS customer statements and related letters, mostly for DBS Vickers trading and Cashline loan accounts. The attacker compromised Toppan's systems, leaving encrypted statement files potentially accessible, but DBS' own banking infrastructure and customer funds remained unaffected. Exposed data in the printed correspondence includes customers' names, mailing addresses and details of equity holdings or loan accounts, while passwords, government ID numbers and balances were not part of the leak. Authorities and cybersecurity agencies are assisting the investigation as DBS halts work with the vendor and notifies affected customers.
Everest Ransomware Leak Site
April 6, 2025
•[ ransomware, website defacement, hacktivism ]
The Everest ransomware groups dark web leak site was defaced on April 6 2025 by an unidentified anti-ransomware actor who replaced its content with the message Dont do crime. CRIME IS BAD. xoxo from Prague. Following the defacement, the Everest operators took the site offline. No data theft or encryption occurred.
Department of Pensions
April 2, 2025
•[ ransomware, data theft ]
Department reported a ransomware attack first notified to CERT on April 2; officials overhauling systems and advising pensioners, with no detailed disruption reported; treated as data-theft incident pending further specifics.
Oregon Department of Environmental Quality (DEQ)
April 1, 2025
•[ ransomware, data leak ]
On April 1 2025, the Oregon Department of Environmental Quality experienced a ransomware attack attributed to the Rhysida group. The incident encrypted internal servers and disabled key systems, including statewide vehicle inspection services, email, web portals, and internal databases. Rhysida claimed to have exfiltrated over 1 million files and demanded a $2.5 million ransom, though DEQ has not confirmed data theft.
DuPage County Government (Justice Systems)
April 1, 2025
•[ ransomware, data leak ]
Cyberattack on DuPage County, Illinois in early April 2025 encrypted servers supporting court, probation, and clerk operations, forcing justice-system portals offline for several days. Officials confirmed encryption but found no evidence of data theft or leak as of April 10 2025.
Bulgaria’s Permanent Representation to NATO
April 1, 2025
•[ ransomware ]
Novinite/BNR reported MP claims of an April ransomware incident at Bulgarias NATO mission.
Bulgaria’s Permanent Representation to NATO
April 1, 2025
•[ ransomware, cyberattack, government ]
Novinite/BNR reported MP claims of an April ransomware incident at Bulgarias NATO mission.
Cincinnati Pain Physicians
March 31, 2025
•[ ransomware ]
Ransomware hit Blue Ash clinic; systems locked and records rebuilt manually.
Assa Abloy
March 31, 2025
•[ ransomware ]
Swedish lock manufacturer reported ransomware affecting operations; investigation and recovery ongoing.
Sam’s Club
March 28, 2025
•[ ransomware, data leak ]
Sams Club, a U.S. warehouse retail chain owned by Walmart Inc., is investigating claims by the ransomware group Clop that it breached the companys systems. Clop added Sams Club to its dark-web leak site but so far has not provided any proof of data exfiltration. Sams Club acknowledged awareness of the potential incident and emphasized protecting member information is a priority while its internal investigation continues.
Sensata Technologies
March 28, 2025
•[ ransomware, data leak ]
A ransomware attack between March 28 and April 6 2025 disrupted Sensata Technologies manufacturing, shipping, and support operations worldwide. The company confirmed that threat actors viewed and obtained internal files containing employee and personal data, including names, addresses, Social Security numbers, and financial and health information. Regulatory filings indicate at least 362 affected individuals (Maine AG notice). No ransomware group has claimed responsibility.
Sam’s Club
March 28, 2025
•[ ransomware, data leak, cybersecurity investigation ]
Sams Club, a U.S. warehouse retail chain owned by Walmart Inc., is investigating claims by the ransomware group Clop that it breached the companys systems. Clop added Sams Club to its dark-web leak site but so far has not provided any proof of data exfiltration. Sams Club acknowledged awareness of the potential incident and emphasized protecting member information is a priority while its internal investigation continues.
Lower Sioux Indian Community (Jackpot Junction Casino Hotel)
March 27, 2025
•[ ransomware ]
RansomHub ransomware encrypted internal systems belonging to the autonomous Lower Sioux Indian Community in the State of Minnesota, disrupting operations at the Jackpot Junction Casino Hotel, tribal health center, and government offices. Systems were taken offline for containment, affecting slot machines, kiosks, phones, and reservation functions. No confirmed data exfiltration was reported; encryption was the cause of the outage.
Holt Group
March 27, 2025
•[ ransomware, data leak, legal action ]
Holt Group breach tied to Cactus with large data leak; suit filed.
WideOpenWest (Wow!)
March 26, 2025
•[ ransomware, data leak ]
Arkana security claims ransomware attack on wow with data theft.
National Faster Payments System (Sbp)
March 26, 2025
•[ ransomware, denial of service ]
A large-scale hacker attack has hit Lukoil and its Faster Payment System. Users are complaining that they can't transfer money, and Lukoil employees have been unable to access their work computers since early morning.
