Methodist Homes of Alabama and Northwest Florida
May 8, 2025
•[ data breach, investigation, legal investigation ]
Law firm Lynch Carpenter announced an investigation tied to a Methodist Homes data breach affecting notified individuals.
Santeda International B.V.
May 1, 2025
•[ data breach, credential leak, unencrypted data ]
Investigators reported a data breach affecting MyStake, a Curaao-licensed online casino operated by Santeda International B.V., tracing the exposure back to approximately May 2025. A PDF containing login credentials for 540 MyStake accounts was shared online, and specialists reportedly confirmed they could log into most accounts listed, indicating passwords were still valid long after the leak became known. Once logged in, auditors said they could view sensitive player details stored without encryption, including names, home addresses, phone numbers, dates of birth, and detailed transaction histories. Reporting alleged that users were not notified for more than eight months and that MyStake did not enforce password resets or suspend compromised accounts during that period, increasing risk of account takeover, fraud, and identity misuse.
Coastal Carolina Health Care
March 21, 2025
•[ unauthorized access, data breach, Social Security numbers ]
Coastal Carolina Health Care identified suspicious activity that disrupted access to some systems and later determined that an unauthorized actor accessed and acquired information from its network between March 21 and March 27, 2025. The exposed information included names and Social Security numbers for approximately 110,000 individuals.
Cuties AI
March 21, 2025
•[ data breach, data leak, PII ]
In March 2026, the NSFW AI companion platform Cuties AI suffered a data breach that was subsequently published to a public hacking forum. The incident exposed 144k unique email addresses along with display names, avatars, prompts and descriptions used to generate AI adult images, as well as URLs to the generated content. The data also included the account that created the content and a stated "preference" of either female or trans.
Trocaire College
March 13, 2025
•[ unauthorized access, data leak, data breach ]
Trocaire College identified unauthorized access to its systems. A forensic investigation determined that sensitive personal information may have been acquired by an unauthorized actor. The college notified affected individuals in January 2026 and reported the incident to regulators.
Uncle Henry’s
March 11, 2025
•[ ransomware, data breach ]
On March 11 2025, Maine-based classified ads publisher Uncle Henrys suffered a ransomware-style attack that deleted its primary website database and took the site offline until April 15. Attackers demanded Bitcoin. Management stated only a few advertisement entries were copied and no personal data compromise was confirmed.
OmniGPT Chatbot Platform
March 10, 2025
•[ data leak, data breach, hacking ]
A hacker known as Gloomer claimed to have breached the OmniGPT AI chatbot platform, stealing and leaking millions of user messages and account details. Data samples were posted on BreachForums and reported by multiple cybersecurity outlets, though OmniGPT has not confirmed the incident.
Civil Service Employees Association (CSEA)
March 5, 2025
•[ data breach, identity theft, Social Security numbers ]
The Civil Service Employees Association (CSEA), a New York labor union, reported a 2025 data breach in which attackers were present in its systems for nearly a month. The breach notification said malicious actors roamed CSEA systems between May 3 and May 31, 2025. A submission to the Maine Attorney Generals Office indicated over 47,000 individuals were affected. The investigation stated attackers may have accessed members names and Social Security numbers, creating risk of identity theft and fraud. The report did not identify the threat actor or the initial access method.
Wemix (Wemade)
February 28, 2025
•[ data breach, cryptocurrency theft, leaked secrets ]
The blockchain gaming platform WEMIX was hacked, resulting in the theft of about 8.65 million WEMIX tokens (worth roughly $6.1 million). The breach stemmed from attackers obtaining authentication keys for the NFT monitoring service NILE, likely via a shared repository. After gaining the keys, the threat actors spent about two months preparing before executing 15 withdrawal attempts of which 13 succeeded. The stolen tokens were swiftly laundered through multiple crypto exchanges. WEMIX shut down the affected server on February 28 and later disclosed the incident, migrating their infrastructure to a more secure environment.
Resort Data Processing
February 19, 2025
•[ data breach, hospitality ]
Hospitality PMS vendor mailed breach letters on March 20, 2025 after cyber incident.
Syracuse Police Department, N.Y.
January 10, 2025
•[ unauthorized access, social security numbers, personal information ]
Syracuse Police Department detected a security incident on Jan. 11, 2025, shut down its computer system to prevent spread, and later determined that certain digital files were accessed or acquired without authorization between Jan. 10 and Jan. 12; notifications were sent in 2026 to people whose personal information, including Social Security numbers, may have been compromised.
Health Service Executive (HSE) – primary care services, Midlands (third-party processor)
January 2, 2025
•[ ransomware, data breach, third-party breach ]
DataBreaches summarized reporting that the Irish Health Service Executive confirmed a second ransomware attack occurred in February 2025, targeting a third-party processor and resulting in a data protection breach reported by HSE primary care services in the Midlands. The HSE stated there was no evidence that patients data was stolen in the incident, and the brief report did not describe prolonged operational disruption or specify what systems were encrypted. Based on the confirmation of a ransomware incident affecting a processor, this is coded as a disruptive event with limited publicly available detail on scope and duration.
Middlesex Sheriff's Office
January 1, 2025
•[ data breach, protected health information, HIPAA ]
The Middlesex Sheriffs Office reported that a security breach occurred in January 2025 and that a comprehensive investigation (with state/federal law enforcement and private cybersecurity vendors) determined on November 19, 2025 that the incident involved unauthorized access to protected health information. The exposed PHI may have included names, home addresses, dates of birth, diagnoses, and other general health information related to individuals who may have received medical care through the Sheriffs Office. Public reporting indicated the breach represented a HIPAA-related incident; the organization did not specify the number of affected individuals in the public notice and did not disclose the initial access vector or whether any data was exfiltrated beyond unauthorized viewing/access.
EyeCare Partners
January 1, 2025
•[ email compromise, unauthorized access, data breach ]
EyeCare Partners disclosed that an unauthorized third party accessed certain ECP-managed email accounts between December 3, 2024 and January 28, 2025. The accessed files may have contained personal identifiers and limited health-related information, including addresses, dates of birth, Social Security numbers, drivers license numbers, health plan information, and limited clinical information; the notice emphasized that full medical records and detailed clinical information were not impacted. The organization reported the incident to Massachusetts regulators on February 4, 2026 and began outreach and remediation steps consistent with an email-system compromise.
Jupiter Medical Center (via third party health records vendor)
January 1, 2025
•[ data breach, healthcare, third party risk ]
Jupiter Medical Center issued a warning/notice describing a data breach tied to a data security incident dating back to January 2025. The report indicates the healthcare organization investigated the incident and proceeded with notification and remediation steps in 2026. Because the accessible source context here does not provide a clear affected-individual count or a detailed breakdown of data elements, the customer-data fields are coded as undetermined.
The Children’s Center of Hamden
December 28, 2024
•[ data breach, data theft, unauthorized network activity ]
In late December 2024, The Childrens Center of Hamden detected unauthorized network activity later linked to the criminal group INC. The attack resulted in theft of sensitive patient and staff information including SSNs and medical records. No encryption reported. Public notice issued August 28 2025.
Monroe University
December 9, 2024
•[ data breach, network access, personally identifiable information (PII) ]
BleepingComputer reported that Monroe University disclosed that threat actors accessed its network for roughly two weeks (December 9 to December 23, 2024) and stole documents later determined to contain personal, financial, and health information. The university stated it determined on September 30, 2025 that certain individuals data was contained in the stolen files, and filings indicated 320,973 individuals were affected. Exposed data elements were described as varying by person and potentially including name, date of birth, Social Security number, drivers license or passport numbers, government ID numbers, medical and health insurance information, email or electronic account usernames and passwords, financial account information, and student-related data. Notifications were mailed beginning January 2, 2026.
Senior Dating
November 23, 2024
•[ data breach, exposed database, Firebase ]
In 2024, the 40+ dating website Senior Dating suffered a data breach. Attributed to an exposed Firebase database, the breach included extensive personal information on 766k users of the service including email addresses, photos, genders, links to Facebook accounts, dates of birth and precise latitude and longitude, among other personal attributes. The website was shut down after the breach was acknowledged by the site operator in December, along with a breach of the "ladies.com" website run by the same organisation.
Behavioral Health Resources
November 20, 2024
•[ data breach, data leak ]
Unauthorized actor accessed Behavioral Health Resources network in Nov 2024, exfiltrating client PII and medical records; organization confirmed breach via Maine AG filing and began notifications in Apr 2025.
