Greater Pittsburgh Orthopaedic Associates
August 10, 2025
•[ ransomware, data leak, exfiltration ]
Greater Pittsburgh Orthopaedic Associates identified anomalous network activity on August 10, 2025, and later disclosed that patient data was exposed; RansomHouse claimed it encrypted files and exfiltrated data from the network.
Cox Enterprises, Inc.
August 9, 2025
•[ vulnerability, zero-day, data leak ]
Hackers exploited a zeroday vulnerability in Oracle EBusiness Suite, breached Cox Enterprises network, and exfiltrated personal data of about 9,479 individuals; Cl0p group later published stolen files on darkweb leak site
Dartmouth College
August 9, 2025
•[ data leak, ransomware, vulnerability exploit ]
Dartmouth College confirmed that attackers exploited its Oracle E-Business Suite instance between August 9 and 12, 2025 and exfiltrated files containing personal and financial information, including Social Security numbers. Nearly 1,500 Maine residents and over 31,000 New Hampshire residents were impacted. Cl0p later leaked 226 GB of allegedly stolen data.
AgeRight Clinical Services
August 9, 2025
•[ data leak ]
Personal and clinical records of approximately 4897 individuals were accessed and possibly copied without authorization between August 9 and September 10 2025 The breach was discovered internally and publicly disclosed on November 21 2025
Valparaiso University
August 7, 2025
•[ data leak ]
Class-action followed disclosure that files were copied/downloaded Aug 78; notice cites PII potentially impacted
OB-GYN Associates, Nevada
August 7, 2025
•[ ransomware, data leak ]
OB-GYN Associates in Reno, Nevada identified suspicious activity in its IT environment on or around August 7, 2025 and brought in third-party experts, who confirmed that a hacker had accessed areas of the network where patient records were stored; a review completed September 29 showed that names, Social Security numbers, drivers license numbers and medical information for about 62,238 individuals had been exposed, and the Inc Ransom ransomware group later claimed responsibility for the attack, prompting the clinic to harden policies and offer credit monitoring to affected patients.
Bouygues Telecom
August 4, 2025
•[ cyberattack, data leak, IBAN ]
Bouygues Telecom, Frances third-largest mobile operator, detected a cyberattack on August 4, 2025, which exposed personal and contractual customer data including IBANs for approximately 6.4 million accounts; passwords and payment card details were not compromised.
Panera Bread
August 1, 2025
•[ data breach, unauthorized access, data leak ]
Panera Bread reportedly suffered a data breach that exposed approximately 14 million customer records after unauthorized access to an application database, with no evidence of operational disruption disclosed at the time of reporting.
Canada Goose
August 1, 2025
•[ data leak, third-party breach, customer records ]
BleepingComputer reported that Canada Goose was investigating after ShinyHunters leaked more than 600,000 customer records. Canada Goose said it had not found evidence its own systems were breached and believed the data related to past customer transactions. ShinyHunters told BleepingComputer the dataset was unrelated to recent SSO attacks and claimed it originated from a third-party payment processor breach and dates back to August 2025. The exposed data was described as including purchase history plus device/browser information and order values; it did not appear to include full payment card numbers.
Singapore traffic enforcement (dataset of offenders)
July 31, 2025
•[ data leak, government ]
AsiaOne reports that 1,300 names and addresses of traffic offenders were published online; police are investigating.
Mailchimp
July 31, 2025
•[ ransomware, data leak ]
Everest ransomware group claimed a small breach of Mailchimp systems, sharing limited details; no disruption reported.
Louis Vuitton UK (LVMH)
July 31, 2025
•[ cyberattack, data leak ]
HackRead notes a cyberattack affecting Louis Vuitton UK customers, marking the third LVMH incident in three months; details limited.
Sabo (global fashion label)
July 30, 2025
•[ data leak ]
Hackread reports global fashion label Sabo suffered a data breach exposing customer records online.
Toys “R” Us Canada
July 30, 2025
•[ data leak, phishing ]
Company confirmed a threat actor copied records from its customer database and later leaked them on the dark web; investigation verified the datas authenticity and regulators were notified. No payment credentials were exposed; customers warned about phishing.
99 Cents Only Stores (data linked to Dollar Tree acquisition context)
July 30, 2025
•[ ransomware, data leak ]
HackRead reports INC claimed 1.2TB of Dollar Tree data; company statements elsewhere indicate samples match data tied to defunct 99 Cents Only Stores.
Origin Energy
July 30, 2025
•[ insider threat, data leak ]
Encrypted credit/debit card details for 732 customers (plus associated account data) exfiltrated to a personal email account on the employees last day; company disclosed the insider-led breach and began notifications.
JFS Wealth Advisors LLC
July 30, 2025
•[ email compromise, data leak ]
An unauthorized third party accessed a JFS Wealth Advisors corporate email account between July 30 and August 19, 2025, viewing messages containing names and Social Security numbers. JFS secured the account, investigated with third-party experts, and filed notice with state authorities.
Toys “R†Us Canada
July 30, 2025
•[ data leak, phishing, dark web ]
Company confirmed a threat actor copied records from its customer database and later leaked them on the dark web; investigation verified the datas authenticity and regulators were notified. No payment credentials were exposed; customers warned about phishing.
Albavision (Albavisión)
July 28, 2025
•[ ransomware, data leak, business disruption ]
GlobalGroup ransomware group alleged breach and data theft at media giant Albavision affecting broadcast operations, with data samples posted.
Aeroflot
July 28, 2025
•[ hacktivism, data leak, data destruction ]
Two hacktivist groups claim to have gained access to 122 hypervisors, 43 ZVIRT virtualization installations, approximately 100 iLO interfaces used for server management, and four Proxmox clusters. They say they exfiltrated all databases from flight history and employee workstations (including of top executives), wiretapping servers containing phone call recordings, and personnel monitoring systems. Claim to have wiped 7,000 physical and virtual servers hosting 12TB of databases, 8TB of Windows Share files, and 2TB of corporate email. Resulted in the cancellation of more than 60 flights and severe delays on additional flights.
