Troy Hunt / Have I Been Pwned Mailing List
March 25, 2025
•[ phishing, data leak, account takeover ]
Phishing led to Mailchimp account takeover and export of subscriber list.
Anne Arundel Dermatology
March 25, 2025
•[ data leak ]
Practice disclosed a data breach impacting about 1.9 million individuals, following an intrusion earlier in 2025; investigation and notifications ongoing.
Undisclosed European drone manufacturer
March 25, 2025
•[ phishing, social engineering, malware ]
North Korean operators approached European defense engineers with fake job offers, delivering loaders that sideloaded ScoringMathTea and BinMergeLoader/MISTPEN to exfiltrate proprietary UAV designs and manufacturing know-how. Intelligence-collection focus; campaign targets several firms rather than one discrete victim record.
Access Financial Services Limited
March 24, 2025
•[ data leak ]
Jamaica lender addressed recent cybersecurity incident and reassured stakeholders.
ADDA
March 24, 2025
•[ data leak ]
In March 2025, data allegedly breached from the ADDA housing societies service was posted to a public hacking forum. The data contained over 1.8M unique email addresses along with names, phone numbers and MD5 password hashes.
New York University
March 22, 2025
•[ data leak ]
Data reportedly leaked on nyu website exposing millions of applicants.
Delta Dental of Virginia
March 21, 2025
•[ phishing, data leak ]
An unauthorized actor accessed a Delta Dental of Virginia employee email account between March 21 and April 23, 2025, viewing or acquiring emails and attachments containing personal, financial, and protected health information for 145,918 individuals. Notification letters were issued on November 21, 2025.
StreamElements
March 20, 2025
•[ phishing, data leak ]
StreamElements confirmed that one of its former third-party service providers experienced a data breach, which led to the exposure of customer information including names, addresses, phone numbers and email addresses. The breach is believed to relate to the period between 2020 and 2024. Although StreamElements stated its own servers were not compromised, it is actively contacting affected customers and warning of increased phishing risk.
Pam Golding Properties
March 20, 2025
•[ data leak ]
South African real-estate firm investigated data leak after reports of compromise.
Sunnking Sustainable Solutions
March 20, 2025
•[ data leak ]
Unauthorized actor accessed Sunnking Sustainable Solutions internal servers in Rochester, New York and exfiltrated about 35,000 employee and client records. Breach detected March 20 2025 and disclosed April 2 2025. No encryption or service disruption occurred.
Meigs Ems
March 20, 2025
•[ data leak, medical ]
Ambulance service asked patients to be vigilant after discovering a cyber breach.
James Pascoe Group
March 19, 2025
•[ data leak ]
Owner of Farmers and Whitcoulls notified regulator of a data breach.
Office of the State’s Attorney for Baltimore City
March 19, 2025
•[ ransomware, data leak ]
Following a March 2025 intrusion, the Kairos ransomware group stole internal legal and police records from the Baltimore City States Attorneys Office and later published portions online; the office reported no service disruption but confirmed investigation of unauthorized access.
California Cryobank
March 18, 2025
•[ data leak ]
California Cryobank, a leading sperm donation organization, reported a data breach after detecting unauthorized access to its network between April 20 and 22, 2024. The incident exposed sensitive personal and financial information, including names, bank details, Social Security numbers, drivers license numbers, payment card data, and health insurance information. The company assured that its core operations remained unaffected and began notifying affected individuals, offering complimentary credit monitoring and identity protection services. Authorities and cybersecurity experts are investigating the scope of the breach to determine how the attackers gained access and whether donor-related data was compromised.
Western Alliance Bank
March 18, 2025
•[ data leak, third-party breach ]
Western Alliance Bank notified 21,899 customers that their personal information was stolen after a breach of a third-party secure file transfer system. The breach occurred between October 12 and October 24, 2024, and exposed names, Social Security numbers, dates of birth, financial account numbers, drivers licence numbers, tax IDs and/or passport information. The company found no evidence of fraudulent use yet and is providing one year of complimentary credit monitoring to those impacted.
Harcourts Prime Properties
March 18, 2025
•[ ransomware, data leak ]
Unauthorized access to Harcourts Prime Properties internal systems followed by ransom demand; investigation ongoing; no confirmed data volume or encryption reported.
Precision Orthopaedics and Sports Medicine
March 17, 2025
•[ phishing, data leak ]
Hospital reported mailbox compromise exposing patient demographic and clinical information.
Atlas Healthcare Group Facilities
March 17, 2025
•[ data leak ]
Multiple facilities reported data security incident; breach letters sent March third.
Mountain West Insurance & Financial Services LLC
March 17, 2025
•[ phishing, data leak ]
On March 17, 2025, Mountain West Insurance & Financial Services detected unauthorized access to several corporate email accounts. An investigation determined that emails containing extensive personal, financial, and health-related information may have been accessed or acquired without authorization. Mountain West issued breach notices on September 22, 2025.
Ascom
March 16, 2025
•[ ransomware, data leak ]
Hellcat claims theft from ascom; company confirms ticketing system incident.
