Full List

Search

Search Results (data leak)

• WindTre S.p.A. February 25, 2025 • [ data leak ] WindTre confirmed unauthorized access was detected on 25 Feb 2025 affecting a resellers system; limited customer personal data (names/IDs/contacts) may have been exposed; incident reported to Italys DPA and described as contained.
• Northern Caribbean University February 24, 2025 • [ data leak ] Cyberattack crippled key systems; NCU warned students of possible data release.
• Cleveland Municipal Court February 23, 2025 • [ ransomware, data leak ] Cleveland Municipal Court experienced a full shutdown beginning 2025-02-23 due to a Qilin ransomware attack that encrypted court systems and exfiltrated roughly 44 GB of data. Operations were halted for about 17 days. The attacker demanded $4 million and threatened to leak stolen court documents.
• Invest Hong Kong February 22, 2025 • [ ransomware, data leak ] Follow-up coverage of InvestHK ransomware; checking possible client/staff info exposure; later update: no evidence of leakage.
• Philippine Army & Navy February 22, 2025 • [ data leak ] Local group claimed breach of PH Army/Navy mail; claim public, no confirmation of access or data exposure.
• Anne Arundel County February 22, 2025 • [ data leak ] Between Jan 28 and Feb 22 2025, attackers accessed and downloaded files from a limited portion of Anne Arundel Countys network, including health-related systems. County officials confirm data was not encrypted, but certain files were exfiltrated. A subsequent HHS/OCR filing in May 2025 listed roughly 500 affected individuals.
• Hyundai AutoEver America February 22, 2025 • [ data leak, employee data, PII exposure ] Hyundai AutoEver America, an IT services affiliate of Hyundai Motor Group based in Orange County, California, reported that Undetermined attackers gained unauthorized access to its IT environment between February 22 and March 2, 2025, with the incident discovered on March 1. Forensic investigation and U.S. state regulator filings indicate that personal information stored in employment related systems was exposed, including names, Social Security numbers, and drivers license details. Subsequent updates clarified that approximately 2,000 primarily current and former employees of Hyundai AutoEver America and Hyundai Motor America were notified. The company engaged external cybersecurity experts, cooperated with law enforcement, and is offering two years of credit monitoring while stressing that no connected vehicle data or broader customer information appears to have been affected.
• Niva Bupa Health Insurance Company Ltd February 21, 2025 • [ data leak ] Niva Bupa received a threat email from an unidentified actor claiming possession of customer data and referencing a leak site; the company reported the incident and obtained a Delhi High Court order to block the site while investigating. No data theft has been confirmed as of Oct 2025.
• Bybit February 21, 2025 • [ data leak ] Bybit disclosed major security breach; services restored and recovery efforts reported shortly after.
• CarMoney February 21, 2025 • [ hacktivism, data leak, unverified ] On February 21 2025, the hacktivist group Ukrainian Cyber Alliance claimed responsibility for a cyberattack on Russian vehicle-loan firm CarMoney. The group stated it destroyed digital infrastructure and exfiltrated terabytes of borrower data, including information tied to Russian military and intelligence officers. CarMoney confirmed shutting down all systems but denied any personal data compromise. No encryption or verified data leak has been independently confirmed.
• Cumberland County Hospital February 21, 2025 • [ data leak ] Unauthorized access between Feb 21 Apr 3 2025 to hospital file servers outside the EMR system exposed personal and medical data of about 36 k patients and employees; no operational disruption reported; public disclosure Jun 2 2025.
• Oracle Health February 20, 2025 • [ data leak, compromised credentials, healthcare ] A breach at Oracle Health (formerly Cerner) exposed patient data from legacy EHR migration servers after attackers used compromised customer credentials to access and copy records. The incident, which began after January 22, 2025, was discovered on February 20, 2025. Impacted hospitals have been notified and face potential HIPAA obligations; Oracle has offered support but has not publicly acknowledged the full scope of the breach.
• HCRG Care Group February 20, 2025 • [ ransomware, data leak ] Medusa ransomware group claimed theft of ~2.275 TB from HCRG and demanded $2m by Feb 27, leaking sample files; HCRG says containment measures are in place and services remain operational; reports indicate exposure of sensitive medical, personal and financial records
• the private provider (contractor) supplying NHS services February 20, 2025 • [ ransomware, data leak ] A private provider serving the NHS was hit by ransomware, disrupting network operations and potentially exposing patient or internal data, causing service interruptions in NHS operations dependent on it.
• Supreme Administrative Court of Bulgaria February 20, 2025 • [ ransomware, data leak ] RansomHouse used White Rabbit ransomware against Bulgarias Supreme Administrative Court on Jan 27, encrypting ~140 computers; group posted employee-related files as proof of data theft. Court remained operational via paper processes; investigation into data leakage ongoing.
• Intellihartx, LLC (vendor for Arkansas Heart Hospital LLC) February 20, 2025 • [ data leak, third-party breach ] Intellihartx, LLC, a healthcare revenue-cycle and patient engagement vendor for Arkansas Heart Hospital, reported that unauthorized actors accessed and exfiltrated files from its systems between January 22 and February 20 2025. The vendors Maine Attorney General notice states 1,674,294 individuals were affected across its clients. Exposed data included names, Social Security numbers, dates of birth, contact information, and medical and insurance details for patients linked to Arkansas Heart Hospital.
• Pulmonary Physicians Of South Florida February 19, 2025 • [ ransomware, data leak ] Ransomware Group Listed Provider And Posted Screenshots Suggesting Patient Records Exposure.
• Freddie Mac February 19, 2025 • [ data leak, personally identifiable information ] Breach notice filed with Massachusetts AG on Feb 19, 2025; unauthorized access to files containing consumers SSNs.
• Cardex February 18, 2025 • [ vulnerability, theft, data leak ] Abstract reported a session key vulnerability in Cardex that allowed an attacker to perform unauthorized transactions and drain funds from thousands of wallets.
• India Post February 17, 2025 • [ data leak, vulnerability, idor ] IDOR flaw allowed retrieval of KYC documents by altering IDs in URLs; reports indicate thousands of records were exposed.