At least one undisclosed retail/consumer-services organisation
October 23, 2025
•[ financial fraud, account compromise, cloud security ]
Threat cluster Jingle Thief compromises cloud accounts at retailers/consumer services to issue high-value gift cards at scale, maintaining persistence (rogue MFA apps, Entra enrollments) and living-off-the-land in M365; activity spiked AprilMay 2025 and is financially motivated fraud rather than service disruption. Campaign-level intel, not a single-victim event.
Zerodha
October 15, 2025
•[ phishing, account compromise ]
Economic Times details Kamaths brief X account compromise after clicking phishing email
Charles County Public Schools
February 26, 2025
•[ social engineering, account compromise, payroll fraud ]
Caller convinced staff to reset MFA, accessed employee email and Oracle accounts, and attempted payroll change (stopped).
First Contact Health
May 1, 2024
•[ phishing, unauthorized access, health data ]
Guernseys Office of the Data Protection Authority (ODPA) sanctioned First Contact Health after cyber criminals successfully targeted an employee email account in a phishing attack, gaining unauthorized access to confidential health data. The practice reported the breach to the ODPA in May 2024, and the unauthorized access was believed to have occurred at least five months earlier. The enforcement action cited failures in key security controls intended to prevent phishing-based account compromise.
