Choice Hotels International
January 14, 2026
•[ social engineering, unauthorized access, PII leak ]
An unauthorized person used social engineering to gain access to a Choice Hotels application containing records on franchisees and franchise applicants, exposing names and Social Security numbers.
Advanced Family Surgery Center (AFSC)
November 26, 2025
•[ data leak, healthcare, protected health information ]
Threat actors identifying as Genesis claimed they compromised Advanced Family Surgery Center (AFSC) in Oak Ridge, Tennessee, and later added the organization to their leak site, asserting that about 100 GB of data had been exfiltrated from company file servers. The reported dataset included healthcare data, personal data, financial data, user folders, and operational files. The reporting outlet reviewed sample files and indicated they contained protected health information such as patient names, dates of birth, full Social Security numbers, dates of service, physician details, and insurance information. At the time of reporting, no official public notification by the provider had been located.
Catwig LLC d/b/a Victory Disability
October 27, 2025
•[ unauthorized access, data breach, Personally Identifiable Information (PII) ]
Catwig LLC (doing business as Victory Disability) stated it became aware in November 2025 of claims that an unknown party obtained information belonging to the firm. The company initiated an investigation with third-party cybersecurity specialists and notified federal law enforcement. The investigation concluded that an unknown party accessed a portion of Victory Disabilitys environment between October 27 and November 12, 2025 and may have viewed or copied certain information stored there. Potentially impacted data included names, contact information, Social Security numbers, and in some cases dates of birth and medical information (diagnosis, treatment, medications, lab results) if provided to Victory in connection with a case. The company reported filing notice with the California Attorney General and beginning written notifications on December 12, 2025.
Gulshan Management Services
September 25, 2025
•[ ransomware, phishing, data breach ]
SecurityWeek reported that Gulshan Management Services, associated with Gulshan Enterprises (operator of Handi Plus and Handi Stop locations in Texas), disclosed a ransomware-related data breach affecting more than 377,000 individuals via a filing with the Maine Attorney General. Gulshan detected unauthorized access in late September 2025 after an attacker gained entry through a successful phishing attack and maintained access for about 10 days. During that period, the threat actor stole personal data and then deployed ransomware that encrypted files on Gulshan systems. The compromised personal information was described as including names, contact details, Social Security numbers, and drivers license numbers.
Thayer Hotel at West Point
September 19, 2025
•[ unauthorized access, data breach, personally identifiable information ]
On 19 September 2025 the Thayer Hotel at West Point experienced unauthorized access to its computer systems, prompting a forensic investigation and containment measures. The hotel later confirmed that an Undetermined actor accessed systems holding data on roughly 33,053 individuals and that exposed information could include names, dates of birth, postal addresses, Social Security numbers, drivers license and passport numbers, state IDs, email addresses and some medical or financial data for guests and employees. A formal Notice of Data Security Incident dated 31 October 2025 describes the breach, and law firms have begun investigating potential claims while the hotel offers credit monitoring through Kroll.
Wynn Resorts
September 1, 2025
•[ data leak, employee personnel records, Social Security numbers ]
Attackers associated with the ShinyHunters cybercriminal group gained unauthorized access to Wynn Resorts systems in September 2025. The intrusion exposed approximately 800,000 employee personnel records containing Social Security numbers and other personal identifying information.
University of Hawaii Cancer Center
August 31, 2025
•[ ransomware, data breach, Social Security numbers ]
The University of Hawaii Cancer Center disclosed an August 2025 ransomware incident in which attackers gained unauthorized access to its network, encrypted files, and stole research files containing patient-related information. Reporting indicates the intrusion was discovered on or around August 31, 2025, after which affected servers were isolated and an investigation began. The Cancer Center stated its electronic medical record system was not impacted, but research datasets were affected and a subset of older records included Social Security numbers because they were historically used as identifiers in the 1990s. Due to the sensitivity of the data and the extent of encryption, the organization engaged external experts, obtained a decryption tool, and reported paying a ransom in exchange for a claimed promise by the attackers to delete stolen data, while continuing longer-term recovery and security hardening.
Atlas Transfer and Storage
July 15, 2025
•[ unauthorized access, data breach, PII ]
Atlas Transfer & Storages notice states it identified suspicious activity on July 15, 2025 and launched an investigation. The investigation concluded that an unauthorized party copied certain files on the same date. Atlas reviewed the impacted files and stated the affected information varied by individual but could include identifiers and financial/health insurance information such as SSNs, tax IDs, drivers license/state IDs or other government IDs, payment card numbers, health insurance and medical information, and financial account information. Atlas stated it notified individuals and offered complimentary credit monitoring services.
Sentinel Security Life and Atlantic Coast Life
July 4, 2025
•[ unauthorized access, personally identifiable information, social security numbers ]
Sentinel Security Life Insurance Co. and Atlantic Coast Life Insurance Co. disclosed a cyber incident involving unauthorized access that occurred between April 7 and April 15, 2025. The companies reported that personally identifiable information associated with policyholders, beneficiaries, and other individuals connected to the firms may have been exposed. Potential data elements cited in reporting include names, Social Security numbers, taxpayer identification numbers, financial account information, dates of birth, medical records, and health insurance details; the companies stated they were unaware of misuse at the time of reporting.
Civil Service Employees Association (CSEA)
March 5, 2025
•[ data breach, identity theft, Social Security numbers ]
The Civil Service Employees Association (CSEA), a New York labor union, reported a 2025 data breach in which attackers were present in its systems for nearly a month. The breach notification said malicious actors roamed CSEA systems between May 3 and May 31, 2025. A submission to the Maine Attorney Generals Office indicated over 47,000 individuals were affected. The investigation stated attackers may have accessed members names and Social Security numbers, creating risk of identity theft and fraud. The report did not identify the threat actor or the initial access method.
