Canopy Healthcare
July 18, 2025
•[ unauthorized access, data breach, data leak ]
DataBreaches summarized RNZ reporting that Canopy Health said it identified on July 18, 2025 that an unknown person temporarily obtained unauthorized access to part of its systems used by its administration team. Canopy said forensic review indicated unauthorized access to one of its servers likely occurred and that some data may have been copied. The provider stated the incident was contained, that an investigation was ongoing, and that it sought and obtained an urgent High Court injunction to prevent use or publication of any information that may have been accessed. The report did not enumerate specific data elements or counts of affected individuals.
U.S. National Nuclear Security Administration (NNSA)
July 18, 2025
•[ data breach, vulnerability, zero-day ]
Breach of NNSA systems through a Microsoft SharePoint zero-day vulnerability. DOE stated a small number of systems were impacted and are being restored. Attack was later linked to Chinese state hacking groups Linen Typhoon and Violet Typhoon.
Netherlands Public Prosecution Service (Openbaar Ministerie)
July 17, 2025
•[ cyberattack, vulnerability exploit, state-sponsored attack ]
Strong indications that Russia was behind a cyberattack exploiting a Citrix vulnerability; the OM took systems offline on July 17 as a response; extent of data access not yet disclosed.
Atlas Transfer and Storage
July 15, 2025
•[ unauthorized access, data breach, PII ]
Atlas Transfer & Storages notice states it identified suspicious activity on July 15, 2025 and launched an investigation. The investigation concluded that an unauthorized party copied certain files on the same date. Atlas reviewed the impacted files and stated the affected information varied by individual but could include identifiers and financial/health insurance information such as SSNs, tax IDs, drivers license/state IDs or other government IDs, payment card numbers, health insurance and medical information, and financial account information. Atlas stated it notified individuals and offered complimentary credit monitoring services.
woom GmbH
July 11, 2025
•[ cyberattack, data breach, incident response ]
woom stated that on Friday November 7, 2025 it was affected by a cyberattack in which an internationally operating hacker group gained access to parts of the companys systems despite security measures. woom said it immediately initiated incident response with external experts, contained and processed the incident, and restored systems as quickly as possible. The company said there were indications that some customer information may have been affected, but it reported no sensitive customer data exposure and emphasized ongoing investments in security improvements.
Cetera Financial
July 7, 2025
•[ unauthorized access, email compromise, PII ]
Cetera Financial disclosed that an unauthorized person accessed a single employee email account between July 7 and August 21, 2025. A review completed around January 30, 2026 found that client information, including names, Social Security numbers, drivers license numbers, and financial account details, may have been compromised; affected individuals were notified beginning March 25, 2026.
Snake River Correctional Institution
July 7, 2025
•[ insider threat, unauthorized access, data breach ]
A former Snake River Correctional Institution Library Coordinator, Demetre Gennette, improperly acquired Oregon Department of Corrections records between July 7, 2025 and early January 2026. The extraction involved more than 7.5GB of data across more than 33,000 files and resulted in unauthorized access to personal information belonging to staff, vendors, adults in custody, and visitors. Gennette was later indicted on charges including computer crime, aggravated theft, official misconduct, supplying contraband, and custodial sexual misconduct.
Sentinel Security Life and Atlantic Coast Life
July 4, 2025
•[ unauthorized access, personally identifiable information, social security numbers ]
Sentinel Security Life Insurance Co. and Atlantic Coast Life Insurance Co. disclosed a cyber incident involving unauthorized access that occurred between April 7 and April 15, 2025. The companies reported that personally identifiable information associated with policyholders, beneficiaries, and other individuals connected to the firms may have been exposed. Potential data elements cited in reporting include names, Social Security numbers, taxpayer identification numbers, financial account information, dates of birth, medical records, and health insurance details; the companies stated they were unaware of misuse at the time of reporting.
Williams Hart & Boundas
June 30, 2025
•[ phishing, unauthorized access, personal information ]
Williams Hart & Boundas discovered that a firm email account had sent and received phishing emails and determined the account had been accessed by an unauthorized individual; review found personal information in the account, and a Texas filing reported 7,844 affected Texas residents.
Hawaiian Airlines
June 23, 2025
•[ unauthorized access, data breach, threat actor attribution ]
On June 23 2025, Hawaiian Airlines detected unauthorized access affecting certain IT systems; flights and safety operations were unaffected. The company reported the breach in an SEC 8-K filing and began investigation with external experts and the FBI. No confirmed data-theft volume or ransom demand disclosed; security researchers suspect the Scattered Spider threat group, but attribution remains unconfirmed.
Philadelphia Insurance
June 9, 2025
•[ unauthorized access, data leak, customer data ]
Philadelphia Insurance Companies detected unauthorized access to its systems late on June 9, 2025; it proactively disconnected affected systems, stated the incident was not ransomware and involved no encryption, and later disclosed that customer data had been accessed.
KT Corporation
June 1, 2025
•[ financial fraud, data breach ]
KT told lawmakers its CEO would step down once the unauthorized micropayment breach is resolved. The case involves widespread illicit small-value charges through subscriber accounts, prompting government probes, customer redress, and leadership accountability. Technical details point to abuse of payment flows rather than core network outage; impact is financial and reputational, not operational.
Ordine degli Psicologi della Lombardia
May 30, 2025
•[ ransomware, data breach ]
Italys data protection authority fined the Lombardy Psychologists Order 30,000 following a data breach; the Order states the incident traces to a serious ransomware attack in 2023, with no operational details disclosed in the article.
Murex Petroleum Corporation
May 27, 2025
•[ unauthorized access, data breach, personal information ]
Unauthorized access to Murex Petroleum Corporation systems resulted in the access and acquisition of certain individuals personal information, as disclosed in a regulatory filing with the New Hampshire Department of Justice.
Arthur Ashe Institute for Urban Health Inc.
May 18, 2025
•[ unauthorized access, personally identifiable information, health information ]
Unauthorized access to systems at Arthur Ashe Institute for Urban Health Inc. between April 4 and May 18, 2025 may have exposed personally identifiable and health information according to breach notifications.
Chief Electoral Officer – West Bengal
May 17, 2025
•[ data breach, insider threat, unauthorized access ]
A security breach led to deletion of at least 1,000 voters from the electoral roll in a West Bengal assembly constituency; subsequent reports cited misuse of AERO credentials.
Central Point School District 6
May 14, 2025
•[ data breach, unauthorized access ]
The Oregon district reported unauthorized access to its digital systems on May 14 and isolated affected systems while law enforcement and external experts investigated. No confirmed data types or quantities were disclosed at the time of reporting.
US Mortgage
May 13, 2025
•[ ransomware, unauthorized access, data breach ]
US Mortgage disclosed that an unauthorized third party gained access to a portion of its computer network in May 2025 in a ransomware event, and outside reporting tied the incident to SAFEPAY.
