Search Results for "data breach"

Catwig LLC d/b/a Victory Disability October 27, 2025 • [ unauthorized access, data breach, Personally Identifiable Information (PII) ] Catwig LLC (doing business as Victory Disability) stated it became aware in November 2025 of claims that an unknown party obtained information belonging to the firm. The company initiated an investigation with third-party cybersecurity specialists and notified federal law enforcement. The investigation concluded that an unknown party accessed a portion of Victory Disabilitys environment between October 27 and November 12, 2025 and may have viewed or copied certain information stored there. Potentially impacted data included names, contact information, Social Security numbers, and in some cases dates of birth and medical information (diagnosis, treatment, medications, lab results) if provided to Victory in connection with a case. The company reported filing notice with the California Attorney General and beginning written notifications on December 12, 2025.

PoltronesofÃƒ October 27, 2025 • [ ransomware, phishing, data breach ] Italian furniture retailer Poltronesof disclosed that its IT environment suffered a ransomware attack on October 27, 2025, in which intruders compromised group servers and encrypted virtual machines, making several internal systems temporarily unavailable. The companys incident-response team isolated affected infrastructure and launched a forensic investigation, but it warned that attackers may have exfiltrated customer data including identification and contact details. While payment information was reportedly not impacted, customers were advised to be vigilant for phishing attempts and to change passwords used with company services.

Svenska KraftnÃƒÂ¤t October 25, 2025 • [ ransomware, data breach, critical infrastructure ] Swedens national power grid operator Svenska Kraftnt experienced a data breach on October 25, 2025, when ransomware group Everest accessed an external file-transfer system and claimed to have stolen roughly 280 GB of data. Electricity transmission operations were not affected.

Substack October 23, 2025 • [ data breach, data leak, PII ] In October 2025, the publishing platform Substack suffered a data breach that was subsequently circulated more widely in February 2026. The breach exposed 663k account holder records containing email addresses along with publicly visible profile information from Substack accounts, such as publication names and bios. A subset of records also included phone numbers.

BWH Hotels October 14, 2025 • [ unauthorized access, guest reservation data, web application vulnerability ] BWH Hotels disclosed that an unauthorized third party gained access to a web application containing some guest reservation data. The intrusion was discovered on April 22, 2026, and investigation found access dating back to October 14, 2025. BWH Hotels took the compromised application offline after discovery and worked with external security experts. Public reporting did not identify a named cybercrime group, quantify affected individuals or records, or confirm payment-data exposure, encryption, data destruction, or attacker-caused operational disruption.

Canadian Tire October 2, 2025 • [ data breach, retail, PII ] In October 2025, retailer Canadian Tire was the victim of a data breach that exposed almost 42M records. The data contained 38M unique email addresses along with names, phone numbers and physical addresses. Passwords were stored as PBKDF2 hashes and for a subset of records, dates of birth and partial credit card data were also included (card type, expiry and masked card number). In its disclosure notice, Canadian Tire advised that the incident did not impact bank account information or loyalty program data.

Gulshan Management Services September 25, 2025 • [ ransomware, phishing, data breach ] SecurityWeek reported that Gulshan Management Services, associated with Gulshan Enterprises (operator of Handi Plus and Handi Stop locations in Texas), disclosed a ransomware-related data breach affecting more than 377,000 individuals via a filing with the Maine Attorney General. Gulshan detected unauthorized access in late September 2025 after an attacker gained entry through a successful phishing attack and maintained access for about 10 days. During that period, the threat actor stole personal data and then deployed ransomware that encrypted files on Gulshan systems. The compromised personal information was described as including names, contact details, Social Security numbers, and drivers license numbers.

Thayer Hotel at West Point September 19, 2025 • [ unauthorized access, data breach, personally identifiable information ] On 19 September 2025 the Thayer Hotel at West Point experienced unauthorized access to its computer systems, prompting a forensic investigation and containment measures. The hotel later confirmed that an Undetermined actor accessed systems holding data on roughly 33,053 individuals and that exposed information could include names, dates of birth, postal addresses, Social Security numbers, drivers license and passport numbers, state IDs, email addresses and some medical or financial data for guests and employees. A formal Notice of Data Security Incident dated 31 October 2025 describes the breach, and law firms have begun investigating potential claims while the hotel offers credit monitoring through Kroll.

Charlottesville Settlement Company September 1, 2025 • [ data breach, network intrusion, data theft ] WVIR (29News) reported that Charlottesville Settlement Company disclosed a September 2025 data breach that was discovered on March 10, 2026 and communicated to affected individuals in a letter dated March 18. The company said an unknown actor broke into its network and stole customers personal information, impacting 22,041 customers. The firm provides title insurance and settlement services for real estate transactions. The report did not enumerate specific data elements stolen, but stated affected individuals were offered credit monitoring and reimbursement coverage.

University of Hawaii Cancer Center August 31, 2025 • [ ransomware, data breach, Social Security numbers ] The University of Hawaii Cancer Center disclosed an August 2025 ransomware incident in which attackers gained unauthorized access to its network, encrypted files, and stole research files containing patient-related information. Reporting indicates the intrusion was discovered on or around August 31, 2025, after which affected servers were isolated and an investigation began. The Cancer Center stated its electronic medical record system was not impacted, but research datasets were affected and a subset of older records included Social Security numbers because they were historically used as identifiers in the 1990s. Due to the sensitivity of the data and the extent of encryption, the organization engaged external experts, obtained a decryption tool, and reported paying a ransom in exchange for a claimed promise by the attackers to delete stolen data, while continuing longer-term recovery and security hardening.

Extant Aerospace August 23, 2025 • [ ransomware, data breach, PII ] Extant Aerospace detected ransomware activity on its network in August 2025, later confirming that personal data of over 3,000 U.S. individuals was exposed, including names, addresses, dates of birth and Social Security Numbers.

Shwapno August 19, 2025 • [ ransomware, data breach, customer database ] Shwapno said attackers accessed its customer database in August 2025, and outside reporting said Qilin claimed a $1.5 million ransom demand.

Expert MRI August 14, 2025 • [ data breach, healthcare, data leak ] Expert MRI determined that an unauthorized actor accessed and copied files between August 14 and August 24, 2025. PEAR later claimed responsibility and reportedly posted samples of stolen data, claiming 617GB of data. The official healthcare breach count was 209,560 affected individuals, while DataBreach indexed 442,753 rows. Public reporting did not confirm encryption, data destruction, or attacker-caused operational disruption.

South Alabama Regional Planning Commission August 6, 2025 • [ hacking, unauthorized access, protected health information ] South Alabama Regional Planning Commission reported a hacking/IT incident involving unauthorized access to protected health information. Public reporting states that the substitute breach notice did not identify when access was detected or when unauthorized access occurred, but the investigation determined on August 6, 2025 that certain files had been copied from its systems. The incident affected 3,043 individuals.

Colombian Justice Minister Andres Idarraga August 1, 2025 • [ spyware, Pegasus, surveillance ] Colombias justice minister stated that forensic evidence indicates his phone was hacked using Israeli Pegasus spyware during the second half of 2025 while he was investigating alleged corruption in the military. He alleged the operation was ordered through the Defense Ministry using state counterintelligence structures and confidential funds. According to his statement, investigators found his phone was taken over more than 8,700 times and that 2.3 GB of data were downloaded, including sensitive corruption complaints, and that the camera/microphone were illicitly activated on numerous occasions. The incident is characterized as a targeted spyware intrusion against a senior government official with alleged state involvement.

National prison management platform of the National Penitentiary Administration (ANP) August 1, 2025 • [ insider threat, financial fraud, unauthorized access ] A prisoner in the Dej hospital prison hacked tablet/kiosk systems used to access the national inmate-services portal, manipulating requests and financial accounts tied to commissary and sentence-credit workflows. Activity persisted for weeks across multiple institutions before detection; the union and national media detail platform misuse and credential abuse rather than broad IT outages.

Panera Bread August 1, 2025 • [ data breach, unauthorized access, data leak ] Panera Bread reportedly suffered a data breach that exposed approximately 14 million customer records after unauthorized access to an application database, with no evidence of operational disruption disclosed at the time of reporting.

Radiology Associates of Richmond July 25, 2025 • [ data breach, unauthorized access, protected health information (PHI) ] An unauthorized actor accessed Radiology Associates of Richmond's network environment on or about July 25, 2025, and files containing protected health information were acquired. RAR began notifying affected individuals on May 21, 2026; filings reported 266,183 affected individuals.

Orange July 25, 2025 • [ data breach, service disruption ] Orange detected a breach of one information system on July 25; isolating affected services caused disruptions for some business and consumer services in France. Company reports no evidence of data exfiltration as of reporting.

American Lending Center July 24, 2025 • [ ransomware, internal network compromise, data breach ] American Lending Center experienced a ransomware attack between July 24 and July 30, 2025, in which a threat actor compromised its internal network, executed ransomware, and accessed files that may have contained personal and sensitive information. No named ransomware group, confirmed encryption details, outage duration, or specific disrupted systems were publicly reported.

Search Results (data breach)