Scania AB
May 28, 2025
•[ data leak, extortion ]
Scania confirms insurance claim data breach in extortion attempt
McElroy & Associates, Inc.
May 28, 2025
•[ data leak, unauthorized access, HIPAA ]
McElroy & Associates, Inc., a professional services firm operating as a HIPAA-covered healthcare business associate, disclosed unauthorized access to an employee email account occurring between May 28 and May 30, 2025. A forensic investigation determined that personal and protected health information may have been exposed. The company notified affected individuals and regulators; no operational disruption was publicly reported.
Adidas
May 27, 2025
•[ data leak ]
Adidas disclosed that an unauthorized party accessed consumer data via a third-party customer service provider; impacted data is contact information of people who interacted with customer support.
York County
May 27, 2025
•[ data leak, third-party ]
County alerted residents to a possible data privacy event involving a vendor.
Tiffany & Co.
May 26, 2025
•[ data leak, third-party breach ]
Selected Tiffany Korea customers notified of unauthorized access to a vendor system used for customer data; reporting to date only confirms impact on Korean/Chinese customers and does not indicate EU/US exposure or operational disruption.
Income Insurance
May 25, 2025
•[ ransomware, data leak, third-party ]
Bonus statements of at least 146 policyholders compromised after ransomware at printing/mailing vendor DataPost; exposed data includes names, postal address, policy number/plan, and 2024 annual bonus; Income says its own systems remain secure and investigation continues.
Choksi Laboratories Limited
May 22, 2025
•[ ransomware, data leak ]
Indore pharma laboratory reported ransomware: servers breached, all data encrypted, ransom demanded; police case opened and investigation ongoing.
Undisclosed United States local governments
May 22, 2025
•[ data leak, zero-day exploit ]
Exfiltration via now-patched Trimble Cityworks zero-day; multiple U.S. local governments breached.
The Coca-Cola Company
May 22, 2025
•[ ransomware, data leak ]
Everest ransomware actors claimed theft of data on ~959 Coca-Cola employees in the Middle East (UAE, Oman, Bahrain); separate group also claimed a breach at Coca-Cola Europacific Partners. Coded as exploitive data theft based on reporting.
Keir Giles (UK academic)
May 22, 2025
•[ social engineering, phishing, data leak ]
Targeted social-engineering campaign impersonating U.S. State Department tricked Keir Giles into generating app-specific passwords, allowing a nation-state actor to access his Gmail account data stored on Google servers; no evidence of intrusion into affiliated institutional networks.
Kettering Health
May 21, 2025
•[ ransomware, data leak ]
Kettering Health suffered a ransomware attack causing a system-wide outage on May 21, 2025; Interlock later claimed responsibility and leaked stolen data.
Bradford Health Services
May 20, 2025
•[ data leak ]
Provider disclosed a data security incident; investigation concluded May 15, 2025 that multiple categories of PHI/PII may have been affected; notices and credit monitoring offered.
Effortel
May 16, 2025
•[ data leak ]
Test files with names, DOB, emails, phones, addresses, passport and SIM data for ~70,000 MVNO customers were accessed via a support portal during a database integration test.
Coinbase
May 15, 2025
•[ insider threat, data leak, supply chain ]
Coinbase disclosed a data breach involving bribed third-party support agents; customer data was accessed and losses estimated at $180$400M for remediation and reimbursements.
Cartier
May 15, 2025
•[ data leak ]
Cartier disclosed that an unauthorized party gained temporary access to its systems in mid-May 2025 and obtained limited client information (names, email addresses, countries). No financial data, passwords, or banking information were compromised.
Kurdish Government and Media Institutions
May 15, 2025
•[ cyber-espionage, phishing, data leak ]
Iran-linked threat actor MuddyWater (MOIS) conducted cyber-espionage operations against Kurdish government and media infrastructure in Iraq during MayJune 2025 using phishing and web-shells to steal credentials and internal documents; reported Jun 25 2025.
Doctors Hospital at Renaissance, Ltd. (DHR Health)
May 15, 2025
•[ data leak, healthcare ]
Doctors Hospital at Renaissance (DHR Health) notified the U.S. Department of Health & Human Services that it had experienced a data breach impacting sensitive personal and protected health information. An unauthorized party accessed systems storing patient records, potentially exposing names, Social Security numbers, clinical details, and insurance data for an undisclosed number of individuals. The hospital has since notified the Texas Attorney General and begun mailing breach letters, while law firm investigators explore potential compensation claims for patients whose information may be at heightened risk of identity theft and medical fraud.
Weis Markets
May 14, 2025
•[ payment card theft, data leak ]
Weis Markets completed its investigation and reported skimmers at multiple locations capable of capturing payment card track and PIN data; notices published to customers.
House of Dior
May 14, 2025
•[ data leak ]
Dior disclosed that an external party accessed a customer database in May; later breach notices warned affected customers about exposed personal data.
Kerala State Film Development Corporation (KSFDC)
May 12, 2025
•[ data leak, insider threat, surveillance ]
Reporting described a major cybersecurity breach in which CCTV footage recorded inside government-owned theatres in Thiruvananthapuram (Kairali, Sree, and Nila) appeared on pornographic websites and then spread via Telegram/X and other channels. The leaked clips visibly displayed the KSFDC logo on seats, strongly indicating the source. Authorities opened a high-level inquiry and a cyber-cell investigation, with officials considering possibilities including insider misuse by staff with access to surveillance systems or an external intrusion into the CCTV network. No specific perpetrator, intrusion method, or exact timeframe for initial compromise was provided, but the incident resulted in non-consensual exposure of surveillance video of patrons.
