Kamunikat.org
December 25, 2025
•[ unauthorized access, data destruction ]
An attacker obtained administrator-level access to Kamunikat.org and deleted several thousand publications and news items from the online library before access was blocked and restoration began.
QualDerm
December 23, 2025
•[ data breach, data leak, unauthorized access ]
SecurityWeek reported that QualDerm Partners is notifying more than 3.1 million people of a December 2025 breach discovered on Dec. 24, 2025. QualDerm said attackers had unauthorized access to its network for two days and exfiltrated data from a limited number of compromised systems. Stolen data included personal identifiers and health/insurance information such as names, addresses, dates of birth, email addresses, medical record numbers, doctor names, treatment/diagnosis information, health insurance information, dates of death, and in some cases government-issued ID information. QualDerm said its investigation is ongoing and it notified law enforcement and regulators.
Siam Okamura International Co., Ltd.
December 23, 2025
•[ unauthorized access, data leak, server breach ]
Siam Okamura International identified suspected unauthorized access to certain servers on December 23, 2025, and later found information suspected to have been leaked online; the details and extent remained under investigation.
At least one Russian Manufacturing Company
December 22, 2025
•[ unauthorized access, industrial operations ]
A manufacturing company based in Russia was affected by a cyber incident involving unauthorized access to corporate systems and potential disruption to industrial operations.
Navia Benefit Solutions, Inc.
December 22, 2025
•[ data breach, unauthorized access, personally identifiable information ]
BleepingComputer reported that Navia notified nearly 2.7 million people of a data breach after an investigation determined an unauthorized actor accessed and acquired certain information between December 22, 2025 and January 15, 2026; suspicious activity was discovered on January 23. Navia stated the exposed data can include full name, date of birth, Social Security number, phone number, email address, and benefits-administration details such as HRA participation, FSA information, and COBRA enrollment, while stating that claims and financial details were not exposed. The company reported notifying law enforcement and offering identity protection services.
Singing River Health System
December 21, 2025
•[ unauthorized access, data breach, patient information ]
Singing River Health System discovered that an unauthorized party gained access to its computer network between December 19 and December 21, 2025. On February 10, 2026, SRHS learned that the unauthorized party had accessed files containing patient information, and on May 19, 2026 it began mailing notices to affected patients. SRHS also temporarily shut down select systems, including internet access and MyChart, as a defensive containment measure; public reporting did not confirm attacker-caused encryption or destructive disruption.
Oklahoma Tax Commission
December 20, 2025
•[ unauthorized access, tax data, W-2 ]
Oklahoma Tax Commission disclosed unauthorized access to W-2 and 1099 files in the OkTAP tax portal.
ASC Ortho Management Company, LLC d/b/a Aligned Orthopedic Partners
December 16, 2025
•[ email environment breach, unauthorized access, personal information ]
ASC Ortho Management Company, LLC d/b/a Aligned Orthopedic Partners identified unusual activity in its email environment on December 8, 2025 and later determined that an unknown actor had unauthorized access to the email environment between November 16 and December 16, 2025, potentially accessing certain emails and files containing personal and protected health information. Aligned Orthopedic mailed notices to affected individuals on April 17, 2026.
At least one organization in the energy sector
December 16, 2025
•[ energy sector, unauthorized access, operational disruption ]
An organization operating in the energy sector was targeted by cyber activity that sought to access or interfere with systems supporting energy operations.
Stockton Cardiology Medical Group
December 15, 2025
•[ unauthorized access, data leak, extortion ]
Stockton Cardiology Medical Group disclosed that an unauthorized individual accessed and removed files from its systems in December 2025, and some of the files were later publicly disclosed; outside reporting tied the incident to a Genesis extortion claim.
Raaga
December 15, 2025
•[ data leak, unauthorized access, credential stuffing ]
Raaga confirmed that an unauthorized party accessed a legacy database and that the extracted user data was later advertised for sale on an underground hacking forum during December 2025. Reporting described the exposed dataset as affecting more than 10.2 million user accounts and including personal and account-related fields such as names, email addresses, usernames, hashed passwords, and account creation dates, with partial location data in some cases. The company stated it secured the relevant access points tied to the exposed system, reset passwords for impacted accounts, and implemented additional monitoring while working with cybersecurity specialists and notifying law enforcement. Even without payment data, the combination of emails and password hashes creates elevated risk of credential stuffing, targeted phishing, and account takeover.
Dainichiseika Color & Chemicals Mfg. (Vietnam subsidiary)
December 15, 2025
•[ ransomware, unauthorized access, data leak ]
Dainichiseika Color & Chemicals Manufacturing reported that its consolidated subsidiary in Vietnam (DAINICHI COLOR VIETNAM CO., LTD.) suffered unauthorized access that resulted in ransomware infection of internal servers and related systems. On December 15, 2025, the company confirmed that files on servers and PCs had been encrypted and rendered unreadable, consistent with a ransomware data attack. Affected devices were disconnected from internal networks and the internet to prevent spread, and IT specialists were dispatched to support recovery and forensic analysis. The company stated that key subsidiary operations such as manufacturing and shipping continued as usual and that the extent of information leakage, if any, was still being assessed.
Mazda Motor Corporation
December 15, 2025
•[ cyberattack, unauthorized access, data leak ]
SecurityWeek reported Mazda disclosed a mid-December cyberattack involving unauthorized access to a management system used for warehouse operations involving parts procured from Thailand. Mazda said 692 records tied to employees of Mazda and its group companies and business partners were compromised. Exposed data included company-issued user IDs, names, email addresses, company names, and business partner IDs. Mazda stated no customer data was affected because it is not stored in the compromised system and said attackers exploited security defects in the application, without naming the software or vulnerabilities.
Alpine Lumber
December 14, 2025
•[ ransomware, data leak, personally identifiable information ]
Alpine Lumbers posted notice states that on December 22, 2025 it determined certain network devices were encrypted with ransomware. The companys investigation found that between December 14 and December 22, 2025 an unauthorized actor viewed and obtained files stored on a file server. Alpine completed its file review and determined on February 5, 2026 that the affected files included employment-purpose information such as names, addresses, Social Security numbers, dates of birth, and health insurance plan enrollment information, and may also have included policy numbers, medical information, government IDs, financial account data, and payment card data. Alpine stated it notified law enforcement and began mailing letters and offering credit monitoring.
SecretarÃÂa de Hacienda del Estado de Sonora
December 12, 2025
•[ data leak, unauthorized access, exfiltration ]
Mexican media reported unauthorized access to servers of the Secretara de Hacienda del Estado de Sonora in December 2025, during which the criminal group Chronus exfiltrated and leaked approximately 40GB of documents and databases. State authorities suspended online services as a preventive security measure while investigating the intrusion.
Erie Family Health Centers
December 10, 2025
•[ unauthorized access, data leak, medical records ]
Erie Family Health Centers detected unauthorized access in January 2026 and later determined that an unauthorized third party accessed its network between December 10, 2025 and January 27, 2026, exposing personal, financial, credential, medical, and health insurance information for approximately 570,000 individuals.
Apex Spine and Neurosurgery
December 9, 2025
•[ unauthorized access, malware, ransomware ]
An unauthorized actor accessed part of Apex Spine and Neurosurgerys computer network, copied files, and deployed malware that locked files on computer systems. The practice said the incident affected 2,500 individuals.
Goodwin University
December 4, 2025
•[ network disruption, unauthorized access, data breach ]
Goodwin University experienced a network disruption on December 4, 2025 and secured its network environment. Qilin claimed responsibility on December 28, 2025, and the investigation later determined that certain files may have been acquired without authorization. DataBreach indexed 209,218 rows tied to the breach, while outside reporting says Goodwin later confirmed 56,156 impacted individuals. Public sources did not confirm encryption or the precise disruption mechanism.
New York Life Insurance Company
December 2, 2025
•[ unauthorized access, email compromise, personally identifiable information ]
New York Life Insurance Company discovered unauthorized access to one of its agents' email accounts on December 2, 2025. After securing the account and completing its investigation, the company confirmed on April 8, 2026 that the compromised account contained some clients' personal information, including identifiers, financial information, medical information, and health insurance information. Public reporting did not identify a responsible actor, data volume, ransomware, or operational disruption.
