AT&T Careers HR portal
October 24, 2025
•[ ransomware, data leak, fraud ]
Ransomware actors posted a dataset labeled AT&T Careers on their leak site, indicating records tied to recruiting/applicant systems; listing framed for monetization with no operational outage described. Organization review pending; risk centers on identity/targeted fraud against job-seekers and staff.
AllerVie Health
October 24, 2025
•[ ransomware, data leak ]
AllerVie Health experienced unauthorized network access between October 24 and November 3 2025 during which sensitive data was accessed and exposed in a ransomware attack attributed to ANUBIS The incident was detected on November 2 and public notification to individuals occurred in late December 2025
Muji
October 20, 2025
•[ ransomware ]
Muji halted online sales after Askul ransomware outage disrupted logistics operations
Kaufman County
October 20, 2025
•[ ransomware ]
County officials reported a cyberattack discovered Oct 20 that knocked out multiple IT systems, disrupting courthouse operations and online services while essential public safety remained online. Response included coordination with state/federal partners and public guidance about service interruptions.
Askul
October 19, 2025
•[ ransomware ]
Askul halted orders and shipments across sites after ransomware crippled systems
London Womens Clinic
October 19, 2025
•[ ransomware, data leak, dark web ]
Russian ransomware group Qilin reportedly broke into systems used by the London Womens Clinic which runs seventeen IVF and fertility centres across the United Kingdom and is believed to have exfiltrated large volumes of sensitive patient data after posting about the breach on dark web channels on October 19 2025 raising concerns for both private and NHS patients
FullBeauty Brands, Inc.
October 18, 2025
•[ ransomware, data leak, unauthorized access ]
Unauthorized actors accessed FullBeauty Brands systems over several weeks in late 2025 and exfiltrated internal company data, later claimed by the Everest ransomware group, with no confirmed operational disruption publicly disclosed.
Envoy Air (American Airlines)
October 17, 2025
•[ ransomware, data leak, vulnerability ]
Envoy Air confirmed it was hit in a broader Clop campaign abusing an Oracle EBS zero-day. Reuters notes a small amount of Envoy business information may have been accessed; Clop listed American Airlines, but the target was Envoy, AAs regional carrier. Primary impact: unauthorized access/data theft for extortion, not operational outage.
City of Elne (France)
October 15, 2025
•[ ransomware, data leak, nation-state ]
French press reports Russian-linked Qilin targeted Elne shortly after school attacks
Volkswagen Group France
October 14, 2025
•[ ransomware, data leak ]
Qilin gang claimed a ransomware attack on Volkswagen France with ~150GB of data allegedly stolen; investigation ongoing.
Methodist Church of Southern Africa
October 13, 2025
•[ ransomware, data leak ]
Ransomware actors claimed an attack on the Methodist Church of Southern Africa; verification and technical details remain limited.
Banco Hipotecario del Uruguay
October 13, 2025
•[ ransomware, data leak ]
Uruguayan bank BHU said attackers leaked user data and demanded payments; reports attribute incident to Crypto24 group.
Omrin
October 13, 2025
•[ ransomware ]
Ransomware hit Friesland waste processor Omrin, forcing closures of associated thrift shops and disrupting services.
Undisclosed Croatian Company
October 8, 2025
•[ ransomware ]
Croatian DPA (AZOP) fined a company after a ransomware attack compromised parts of its IT systems.
Unnamed Minnesota hospital
October 6, 2025
•[ ransomware, extortion, data leak ]
Ransomware group Radiant listed an unnamed Minnesota hospital on its leak site and issued a 7-day extortion deadline; hospital not yet identified and operational impact undisclosed.
Clarins Group
October 3, 2025
•[ ransomware, data leak ]
Press release states Clarins international e-commerce platforms were hit by ransomware; Everest allegedly leaked samples and claims access to ~600k customer records with personal/transactional info.
Colorado State Public Defender’s Office
October 3, 2025
•[ ransomware ]
Ransomware beginning Oct 3 2025 encrypted servers and shared drives at Colorados State Public Defender Office, rendering thousands of case files inaccessible and delaying operations for weeks. No evidence of data theft or leak has been reported.
Colorado State Public Defender’s Office
October 3, 2025
•[ ransomware, encryption, operational disruption ]
Ransomware beginning Oct 3 2025 encrypted servers and shared drives at Colorados State Public Defender Office, rendering thousands of case files inaccessible and delaying operations for weeks. No evidence of data theft or leak has been reported.
Legal Practice Board of Western Australia
October 2, 2025
•[ ransomware, data leak, health data ]
Ransomware attack in May led to compromise of additional data beyond initial disclosure; impacted info includes health, financial, and personal data.
Merkle, Inc. (Dentsu Group)
October 1, 2025
•[ data leak, ransomware ]
Dentsus US-based subsidiary Merkle disclosed a cyber incident discovered in October 2025 involving unauthorized access and data theft from HR and client systems; stolen information included employee, supplier, and client financial and personal records; certain systems were taken offline during response; no ransomware group claimed responsibility.
