C&M Software (service provider to Banco Central ecosystem)
July 2, 2025
•[ insider threat, compromised credentials, financial theft ]
Attackers allegedly bought an employee's credentials for ~$2,700 to access C&M systems and steal BRL 800M from connected institutions; part converted to crypto and laundered.
With Intelligence Ltd. (via third-party PeopleCheck)
June 28, 2025
•[ data leak, third-party breach, compromised credentials ]
On June 28, 2025, threat actors using compromised login credentials accessed PeopleCheck systems, a third-party provider for With Intelligence Ltd., resulting in exposure of sensitive personal information of job candidates and employeesincluding SSNs and birth dates. No evidence of data encryption or disruption. With Intelligence notified the affected parties by July 11, 2025 and provided 24 months of credit monitoring.
HM Revenue and Customs (HMRC)
June 5, 2025
•[ data leak, compromised credentials, fraud ]
Compromised credentials and personal data from 100,000 taxpayer accounts used in fraudulent refund claims totaling 47 million.
LeoVegas Group
April 5, 2025
•[ data leak, infostealer, compromised credentials ]
On April 5 2025, Hellcat listed LeoVegas Group on its leak site, claiming exfiltration of internal data through compromised Jira credentials obtained from an infostealer. Hudson Rock verified the inclusion of LeoVegas in the same credential set. No encryption confirmed.
Samsung Germany
March 31, 2025
•[ data leak, compromised credentials ]
Threat Actor Published Samsung Germany Customer Ticket Records Using Long-Compromised Credentials.
Oracle Health
February 20, 2025
•[ data leak, compromised credentials, healthcare ]
A breach at Oracle Health (formerly Cerner) exposed patient data from legacy EHR migration servers after attackers used compromised customer credentials to access and copy records. The incident, which began after January 22, 2025, was discovered on February 20, 2025. Impacted hospitals have been notified and face potential HIPAA obligations; Oracle has offered support but has not publicly acknowledged the full scope of the breach.
Finastra
October 31, 2024
•[ compromised credentials, data leak ]
Intruder used compromised credentials to access Finastras SFTP/Aspera platform, copied files on Oct 31, 2024, and maintained access until Nov 8. A forum post later advertised ~400 GB of alleged Finastra data. Finastra isolated the platform, said there was no malware/ransomware and no impact to core operations, and began notifications in Feb 2025.
