Albemarle County, Virginia
July 15, 2025
•[ ransomware, data leak ]
Albemarle County said a specific ransomware group was responsible for a July attack that disrupted services and potentially accessed internal records.
The TEAM Companies
July 15, 2025
•[ data leak ]
TTC reported a security incident on its internal network and an investigation found that an unauthorized third party accessed internal systems during the window 07/15/202507/26/2025. TTC later began sending notification letters to affected individuals. The incident involved exposure of personal information and protected health information as described in the notice summary.
Crenshaw Community Hospital
July 14, 2025
•[ ransomware, data leak ]
Ransomware group PayoutsKing claimed responsibility for a July 14 2025 attack on Crenshaw Community Hospital, exfiltrating approximately 53 GB of data; encryption was not confirmed.
France Travail (French public employment service)
July 12, 2025
•[ data leak ]
France Travail reported unauthorized access to personal data, discovered July 12; employment portal was closed for analysis; at least 340,000 job seekers impacted, third such incident in <2 years.
Healthcare Interactive Inc. (HCIactive)
July 12, 2025
•[ data leak, unauthorized access ]
Healthcare Interactive Inc. (HCIactive), a benefits and insurance administration technology provider, disclosed that an unauthorized actor accessed its network and copied certain files between July 8 and July 12, 2025. Suspicious activity was detected on July 22, triggering a forensic investigation that confirmed a data breach affecting at least 501 individuals, with exposed information including names, addresses, dates of birth, Social Security numbers, contact details, and health insurance enrollment data. The company notified regulators and consumers beginning in September 2025, offered credit monitoring, and stated that it had implemented additional technical safeguards. There is no indication of significant operational disruption, but the confidentiality impact for affected individuals is substantial.
Laurel Health Centers
July 11, 2025
•[ unauthorized access, email compromise, data leak ]
Laurel Health Centers identified unauthorized access to portions of its email system during July 2025, which resulted in the potential exposure of personal and protected health information belonging to patients, as later disclosed in a public notice.
Philadelphia Corporation for Aging
July 10, 2025
•[ data leak, healthcare ]
A data breach at the Philadelphia Corporation for Aging allowed unauthorized access to systems between July 10 and July 25, 2025, during which personal and protected health information for 19,820 individuals was copied. PCA filed notice on November 4, 2025.
Coos County Family Health Services
July 9, 2025
•[ data leak ]
Provider reported unauthorized server access on July 9; investigation indicates possible viewing or copying of patient data.
Flutter Entertainment (Paddy Power and Betfair)
July 9, 2025
•[ data leak ]
Unauthorized third-party access to Flutter Entertainments Paddy Power and Betfair systems exposed personal account data of about 800,000 users; the company contained the breach and reported no financial data compromise.
Khan & Associates CPA, Inc.
July 9, 2025
•[ unauthorized access, data leak ]
An unauthorized user accessed Khan & Associates CPAs Intuit tax filing software between July 916 2025, filing false federal and state tax returns and exposing clients PII including SSNs and bank data.
Undisclosed Florida orthopedic practice
July 8, 2025
•[ data leak, healthcare ]
Beckers reports a data breach affecting a Florida orthopedic practice; details on scope and vector limited.
Healthcare Interactive
July 8, 2025
•[ data leak, hacked, phi ]
Healthcare Interactive reported that hackers accessed its network between July 812, 2025 and exfiltrated files containing extensive PHI/PIIincluding names, DOBs, SSNs, contact details, insurance enrollment IDs, diagnoses, provider names, lab results, medical images, treatment plans, and possibly claims datawith the breach detected around July 22; the attack vector wasnt disclosed but regulators were notified.
Axis Max Life Insurance (Max Financial Services)
July 5, 2025
•[ data leak ]
Max Financial disclosed its insurance subsidiary received notice of unauthorized access to customer data; investigation underway; details not disclosed.
Louis Vuitton Korea
July 4, 2025
•[ data leak ]
Bloomberg-reported cyberattack resulted in customer data leak affecting Louis Vuitton Korea customers; details limited at disclosure.
Aeroméxico
July 4, 2025
•[ data leak ]
Criminal group ShinyHunters claimed responsibility for compromising Aeromxicos Salesforce or related cloud application environment around July 4 2025, exfiltrating approximately 172 GB of passenger data including contact and ID information. Aeromxico has not confirmed the intrusion or the volume of records exposed.
Canada Goose
July 4, 2025
•[ data leak, third-party breach, customer records ]
In February 2026, a data breach allegedly containing data relating to Canada Goose customers was published publicly. The data contained 920k records with 582k unique email addresses and included names, phone numbers, IP addresses, physical addresses and partial credit card data, specifically card type and last 4 digits. Canada Goose advised that the data "appears to relate to past customer transactions" and stated that it originated from a breach at a third party in August 2025. The most recent transaction date in the data is July 2025.
Avantic Medical Lab
July 3, 2025
•[ ransomware, data leak ]
Everest listed the lab June 10 and leaked 31 GB of patient files on July 3; contents include PHI, EOB files, and some financial details.
Columbia University
July 3, 2025
•[ data leak, hacktivism ]
University said a hacker with a political agenda broke into IT systems and stole targeted student data; no threat activity detected since June 24.
Louis Vuitton
July 2, 2025
•[ data leak ]
Louis Vuitton confirmed multiregion customer data breach. No payment data impacted. Undisclosed amount of data was stolen.
Deutsche Welthungerhilfe (WHH)
July 2, 2025
•[ ransomware, data leak ]
RaaS group listed WHH and offered stolen data for sale; WHH shut down affected systems, involved police and DPA, and refused to pay.
