A.D. Edri Brothers Ltd.
March 6, 2025
•[ data leak ]
Report claimed compromise of Israeli firm with emails and database leaked.
Stubhub
March 6, 2025
•[ vulnerability exploitation, data leak, third-party breach ]
A cybercrime group exploited a URL redirection vulnerability in a third-party contractor system for StubHub to steal around 1,000 digital tickets for major events, including Taylor Swifts Eras Tour. The stolen tickets, valued at approximately $635,000, were resold online for profit. The scheme operated between June 2022 and July 2023 before being uncovered through a coordinated investigation by cybersecurity and law enforcement agencies. Two individuals, Tyrone Rose and Shamara P. Simmons, were arrested and charged with grand larceny, identity theft, and computer tampering in connection with the operation.
FlexCare Medical Staffing
March 6, 2025
•[ phishing, data leak ]
FlexCare sent breach letters after employee email compromises with sensitive data
Farmer Bros Co.
March 6, 2025
•[ ransomware, data leak ]
Farmer Bros Co., a Texas-based coffee and foodservice manufacturer, experienced a ransomware attack beginning March 6 2025 that encrypted portions of its administrative network and exposed personal data of 14,460 individuals. FalconFeeds.io reported on June 23 2025 that the Chaos ransomware group claimed responsibility via its leak site; the company has not independently confirmed this attribution.
Goosehead Insurance Agency, LLC
March 6, 2025
•[ data leak ]
Between March 613 2025 an unauthorized third party accessed and copied files from Gooseheads network environment; Goosehead began investigation and later mailed breach notices in October 2025. Some open-source posts attributed the incident to a group calling itself CHAOS and claimed ~300 GB exfiltrated, but that actor attribution and total volume remain unconfirmed by Goosehead.
Toronto Zoo
March 5, 2025
•[ data leak, cyberattack ]
Zoo reported cyberattack with decades of visitor data stolen and leaked.
MainStreet Bank (via third-party vendor)
March 4, 2025
•[ data leak, third-party breach ]
MainStreet Bancshares (Nasdaq: MNSB & MNSBP), the financial holding company behind MainStreet Bank, has disclosed a data breach impacting some of its customers.
Amherst College
March 3, 2025
•[ data leak ]
Amherst College disclosed unauthorized access to its email and payroll system. The college initiated an investigation with third-party cybersecurity experts, confirming on March 3 2025 that an unauthorized party had viewed and possibly copied sensitive personal information. Compromised data included employee names and Social Security numbers. The college notified the Massachusetts Attorney General and affected individuals on March 28 2025.
Orthopaedic Specialists of Connecticut
March 2, 2025
•[ data leak, unauthorized access, personally identifiable information ]
Names, dates of birth, Social Security numbers, insurance and medical information for 22,541 individuals were exposed after an unauthorized third party accessed the practices network on March 2, 2025, per the provider notice and HHS filing.
National Presto Industries
March 1, 2025
•[ ransomware, data leak ]
National Presto Industries disclosed a cybersecurity incident on March 6 2025 after the Interlock ransomware group claimed responsibility for an attack on March 1 2025. The company confirmed operational disruptions affecting manufacturing, shipping, and back-office systems. Interlock claimed to have stolen approximately 3 million files across about 450,000 folders from a subsidiary, though the company has not verified the data theft. No encryption has been confirmed in company statements or reporting.
Berkeley Research Group
March 1, 2025
•[ ransomware, data leak ]
BRG suffered a ransomware intrusion detected in March 2025 that led to data theft and encryption activity. Subsequent disclosures and DOJ statements indicate exposure of sensitive information relating to survivors involved in multiple Catholic diocesan bankruptcy cases; the firm engaged external responders and notified affected parties.
Missouri Department of Conservation
February 28, 2025
•[ data leak, hipaa breach ]
Missouri Department of Conservation reported suspicious cybersecurity activity on February 28, 2025. Forensic investigation found that a threat actor accessed internal servers containing employee and former employee health-plan data. The agency confirmed that files with HIPAA-protected information were exposed but not encrypted. No operational disruption occurred.
Central New York Cardiology
February 27, 2025
•[ data leak, healthcare ]
Practice reported a data breach impacting extensive patient PHI/PII per public notice.
Angel One Ltd.
February 27, 2025
•[ unauthorized access, data leak ]
Indian stock brokerage Angel One disclosed on February 27, 2025, that unauthorized actors accessed some of its Amazon Web Services (AWS) resources following a dark web alert. The company confirmed exposure of limited client information but no compromise of funds or credentials. Investigation and containment measures were initiated immediately.
Las Cruces-based organization
February 27, 2025
•[ data leak ]
Article reports a Las Cruces organization disclosed a data breach involving health information; specific systems and counts not provided in accessible copy.
Ally Financial
February 27, 2025
•[ data leak ]
Class action alleges a data breach at Ally Financial exposed personal data of ~4.2M customers; litigation filed Feb 2025.
NorthWest Arkansas Community College
February 27, 2025
•[ data leak ]
NWACC began mailing letters indicating personal information may have been affected; incident under review and notifications ongoing.
Rockhill Women's Care
February 26, 2025
•[ data leak ]
Rockhill Womens Care reported that it became aware of a security incident on or about 02/26/2025 and that an unauthorized third party gained access to its systems. Reporting indicates that sensitive personal and protected health information was involved, and that the organization publicly disclosed the incident and began notifying impacted individuals on or around 09/30/2025. The available descriptions do not specify the initial intrusion vector, but do indicate unauthorized access and potential exposure of patient data.
Orange Group
February 25, 2025
•[ data leak ]
Orange confirmed breach of a non-critical back-office app; hacker leaked internal docs and data from Orange Romania.
Brydens Lawyers
February 25, 2025
•[ ransomware, data leak ]
Sydney law firm reported ransomware with alleged 600GB data leak under investigation.
