Undisclosed Financial Institution
September 15, 2025
•[ data leak, nation-state, vulnerability exploitation ]
Anthropic reported that GTG-1002, a China-linked nation-state threat actor, conducted an AI-automated intrusion campaign detected in mid-September 2025; one successful breach involved an undisclosed financial institution where sensitive information was stolen via exploitation of application server infrastructure.
Undisclosed Chemical Manufacturer
September 15, 2025
•[ data leak, nation-state, AI-automated attack ]
Anthropic reported that GTG-1002, a China-linked nation-state threat actor, conducted an AI-automated intrusion campaign detected in mid-September 2025; one successful breach involved an undisclosed chemical manufacturer where sensitive information was stolen via exploitation of application server infrastructure.
Undisclosed Government Agency
September 15, 2025
•[ nation-state, data leak, vulnerability exploit ]
Anthropic reported that GTG-1002, a China-linked nation-state threat actor, conducted an AI-automated intrusion campaign detected in mid-September 2025; one successful breach involved an undisclosed government agency where sensitive information was stolen via exploitation of application server infrastructure.
Wood Personnel Services
September 12, 2025
•[ data leak ]
Wood Personnel Services reported unauthorized access to certain files on its network discovered in September 2025. The company stated that files containing personal information may have been accessed without authorization and notified affected individuals in December 2025. No operational disruption or data volume was disclosed.
National Credit Information Center (CIC)
September 11, 2025
•[ data leak ]
Personal/credit records for citizens and companies held by the State Banks CIC; Vietnams CERT confirmed data theft with scope still being assessed; operations continued without disruption.
Virginia Urology
September 11, 2025
•[ data leak, ransomware ]
DataBreaches reported that threat actors calling themselves MS13-089 claimed they hacked Virginia Urology on November 9, 2025 and exfiltrated about 927 GB of data, while stating they did not encrypt systems so as not to harm the patients. The outlet reviewed sample files and described faxed referrals and medical reports whose filenames appeared to include patients names and dates of birth, with additional pages containing extensive protected health information such as insurance and contact details and clinical histories. Virginia Urology had not publicly confirmed the incident or responded to inquiries in the reporting, but the presence of leaked sample data indicates unauthorized access and exfiltration consistent with an exploitive breach.
WIRED
September 8, 2025
•[ data leak ]
In December 2025, 2.3M records of WIRED magazine users allegedly obtained from parent company Cond Nast were published online. The most recent data dated back to the previous September and exposed email addresses and display names, as well as, for a small number of users, their name, phone number, date of birth, gender, and geographic location or full physical address. The WIRED data allegedly represents a subset of Cond Nast brands the hacker also claims to have obtained.
Sun Valley Surgery Center
September 3, 2025
•[ data leak ]
During a September 3, 2025 incident, an unauthorized third party accessed Sun Valley Surgery Centers information systems; more than 27,000 individuals sensitive personal and protected health information may have been exposed, though the facility reports no confirmed misuse or operational disruption.
MetroWest Community Federal Credit Union
September 3, 2025
•[ ransomware, data leak ]
MetroWest Community Federal Credit Union disclosed that unauthorized access to its systems in early September 2025 resulted in the compromise of sensitive member information, with the incident attributed to the Akira cybercriminal group.
Prosper
September 2, 2025
•[ data leak ]
Prosper disclosed September breach; HIBP reports 17.6M affected with sensitive data
California Casualty Companies
September 2, 2025
•[ data leak ]
California Casualty Companies reported that an unauthorized third party accessed company systems on September 2 and acquired files containing customer personal, financial, insurance, and identification information; no operational disruption or actor attribution was reported.
Farmácia Moniz Silva
September 2, 2025
•[ ransomware, data leak, healthcare ]
Ransomware group Qilin claimed responsibility for a September 2025 attack on Farmcia Moniz Silva, a pharmacy located in Luanda, Angola. The group listed the victim on its data-leak site, consistent with broader Qilin activity against healthcare organizations. No confirmation from the victim or Angolan CERT was available.
Wynn Resorts
September 1, 2025
•[ data leak, employee personnel records, Social Security numbers ]
Attackers associated with the ShinyHunters cybercriminal group gained unauthorized access to Wynn Resorts systems in September 2025. The intrusion exposed approximately 800,000 employee personnel records containing Social Security numbers and other personal identifying information.
Vibra Hospital of Sacramento
August 30, 2025
•[ data leak, PHI ]
Attack on Vibra Hospital of Sacramentos network occurred between August 30 and September 5, 2025. The breach exposed protected health information, including medical and insurance details but no financial or Social Security data. No ransomware or encryption occurred, and no threat group has publicly claimed responsibility.
Personic Management Company LLC d/b/a Personic Health
August 29, 2025
•[ data leak, healthcare, third-party breach ]
Healthcare management firm Personic Management Company (Personic Health) reported that an unauthorized actor accessed a third-party software platform used to process patient information on August 29, 2025. The intrusion, discovered on September 1, enabled the attacker to obtain data containing patients names and associated protected health information from Personic-affiliated providers. After engaging external cybersecurity experts and notifying law enforcement, Personic filed breach notices with state regulators and began sending letters to impacted individuals, warning them about identity-theft risks and the potential misuse of their medical data.
Personic Management Company LLC
August 29, 2025
•[ data leak, unauthorized access, third-party breach ]
Personic reported unauthorized activity affecting a third-party software platform it used to process patient information. The company stated it became aware of the issue on September 1, 2025, and an investigation concluded an unauthorized actor accessed the platform on August 29, 2025 and obtained certain data. The public notice stated the impacted data may include names and protected health information. Personic reported filing a notice with the Maine Attorney Generals office and beginning notification of impacted individuals on November 18, 2025.
Conifer Value-Based Care, LLC
August 28, 2025
•[ business email compromise, data leak ]
Conifer Value-Based Care, LLC disclosed unauthorized access to a Microsoft 365 business email account on August 2829, 2025. The incident may have exposed personal and health-related information contained in emails. Core systems were not compromised and the account was secured after discovery.
Unity Technologies (SpeedTree website)
August 26, 2025
•[ payment skimmer, data leak ]
A malicious payment skimmer was injected into the checkout page of Unity Technologies SpeedTree website, harvesting customer payment and personal data. The compromise, discovered on August 26 2025, affected 428 individuals according to regulatory filings. Impacted users were offered identity protection and credit monitoring.
Marshfield Clinic Health System
August 26, 2025
•[ data leak ]
Marshfield Clinic Health System reported that an unauthorized party accessed certain systems on August 26 and may have viewed personal and clinical information; the organization noted no operational disruption, no misuse evidence, and no confirmed actor attribution.
Saint Mary’s Home of Erie
August 26, 2025
•[ data leak, unauthorized access ]
A forensic investigation found that an unauthorized party accessed the Saint Marys Home of Erie network between August 26 and 28, 2025. Files and folders containing resident PII and PHI may have been exposed. The incident was reported to HHS OCR for at least 501 individuals while review continues.
