Hewlett Packard Enterprise
February 5, 2025
•[ data leak ]
HPE filed notice with MA AG after a cybersecurity incident allowed access to consumer data; notification letters sent Feb 5, 2025.
Ntt Communications Corporation
February 5, 2025
•[ data leak ]
Data exfiltration impacted thousands of corporate customers at ntt communications.
Professional Finance Company
February 5, 2025
•[ ransomware, data leak ]
A ransomware attack detected February 5 2025 disrupted Professional Finance Companys billing and collection systems and resulted in confirmed theft of patient financial and medical data for roughly 125,000 individuals. The firm disclosed the incident publicly in April 2025 and reported it to HHS as both a ransomware and data-exfiltration event.
SimonMed Imaging
February 5, 2025
•[ ransomware, data leak, healthcare ]
Medusa claimed theft of 212GB of data impacting 1.2M patients after JanuaryFebruary attack window.
Jefferson School District 251
February 4, 2025
•[ ransomware, data leak ]
Ransomware was discovered on Jefferson School Districts computer systems in early February 2025, leading to the cancellation of classes across all 11 schools in the district while networks were rebuilt. About 5,000 student devices were affected, and the FBI and third-party forensic teams were engaged. No evidence of student data theft or exfiltration has been reported.
Lee Enterprises
February 3, 2025
•[ ransomware, data leak ]
On February 3, 2025, Lee Enterprises suffered a ransomware attack that encrypted multiple critical applications and exfiltrated files. The Qilin group claimed responsibility, asserting theft of about 350 GB of data. The incident caused partial but significant disruption of operations for roughly one week, affecting printing, billing, and vendor systems. Approximately 39,779 individuals had personal information compromised.
Rubrik
February 2, 2025
•[ data leak ]
Rubrik disclosed on February 2, 2025, that an unauthorized actor accessed a log server containing telemetry data. The company rotated all authentication keys, confirmed no customer data or source code was affected, and reported the incident to authorities.
Rainbow District School Board
February 1, 2025
•[ data leak ]
School Board Reported Data Access During Incident; Services Restored And Data Allegedly Deleted.
Valsoft Corporation
February 1, 2025
•[ data leak ]
Valsoft disclosed a February 2025 breach where attackers accessed company files for several days; personal information for over 160,000 people was compromised.
Opexus
February 1, 2025
•[ insider threat, data leak, sabotage ]
Insider compromise at Opexus by two employees previously convicted of hacking led to improper access, and the compromise/deletion of dozens of databases (including IRS and GSA data sets), triggering outages in two key software systems used by federal agencies; terminations followed and investigations cite a major lapse in security controls.
Undisclosed Canadian Telecommunications Company
February 1, 2025
•[ data leak, vulnerability ]
Three network devices at a Canadian telecom were compromised in mid-Feb 2025 via Cisco IOS XE CVE-2023-20198; attackers retrieved configs and set up a GRE tunnel to collect network traffic; disclosed by Canadas Cyber Centre in June 2025.
Business Registration Service (Kenya)
January 31, 2025
•[ data leak, criminal actors ]
Kenyas Business Registration Service confirmed a major data breach on January 31 2025 that exposed registry and beneficial-owner data, including national ID numbers, addresses, phone numbers, and company ownership details. Media reports suggest over two million company and shareholder records were compromised and sold on the dark web. The attack was financially motivated and attributed to criminal actors; the government continues to assess the extent of the breach.
Unimicron Technology Corporation
January 30, 2025
•[ ransomware, data leak ]
Unimicron Technology Corporation disclosed a ransomware incident on January 30, 2025, affecting its Shenzhen subsidiary. The Sarcoma ransomware group claimed responsibility and alleged 377 GB of stolen data. Unimicron confirmed ransomware encryption but has not verified any data exfiltration. Investigation ongoing.
University Of Notre Dame Australia
January 30, 2025
•[ data leak ]
University confirmed cyber incident with disruption; later confirmed Tax File Numbers were affected.
Swift Institute
January 30, 2025
•[ data leak ]
James J. Lynch, MD Ltd. d/b/a Swift Institute disclosed that it detected unusual activity in its network environment on or about January 30, 2025. An internal investigation determined that certain files may have been copied by an unauthorized individual as part of the event on or about January 30, 2025. Swift Institute conducted a comprehensive review of the affected data set and confirmed on October 14, 2025 that personal information and/or protected health information was contained in the files. Notification letters dated December 10, 2025 were issued to potentially impacted individuals, and the organization offered credit monitoring and fraud assistance services.
Fashion Box S.p.A.
January 29, 2025
•[ brute-force, data leak ]
Fashion Box S.p.A., owner of the Replay brand, disclosed a brute-force intrusion on January 29 2025 that allowed unauthorized access to internal servers and the exfiltration of corporate information and personal data of employees and external stakeholders. The company notified multiple European data-protection authorities. No encryption was confirmed. An undisclosed amount of personal and corporate data was taken.
Chronopost
January 28, 2025
•[ data leak ]
Chronopost confirmed a cyberattack discovered on January 28, 2025, that exposed personal data of about 210,000 clients, including names, addresses, and signatures. The company reported to CNIL and claimed no banking or payment data was compromised.:contentReference[oaicite:0]{index=0}
State Bar of Texas
January 28, 2025
•[ ransomware, data leak ]
The State Bar of Texas reported a ransomware-linked intrusion attributed to INC. Unauthorized access occurred between January 28 and February 9 2025 (intrusion start used as event_date = 2025-01-28), leading to exfiltration of personal data including names, SSNs, drivers license numbers, and limited financial or medical information. Approximately 2 700 individuals were notified. The Bar reported no evidence of encryption or operational disruption.
The Siegel Group, Inc.
January 28, 2025
•[ data leak ]
The Siegel Group reported that an unauthorized party accessed its network between Jan 28 and Feb 2, 2025; notices were filed with state AGs (e.g., Vermont) and mailed to impacted individuals.
Episource
January 27, 2025
•[ data leak ]
Episource detected unauthorized access between January 27 and February 6 2025 affecting approximately 5.4 million individuals; attackers exfiltrated protected health information including SSNs, medical data, and insurance identifiers; no actor identified or ransom claim confirmed.
