Parcel Plus (Hanover)
March 28, 2025
•[ phishing, data leak ]
York County tax preparer reported spearphishing breach linked to foreign actors.
Sensata Technologies
March 28, 2025
•[ ransomware, data leak ]
A ransomware attack between March 28 and April 6 2025 disrupted Sensata Technologies manufacturing, shipping, and support operations worldwide. The company confirmed that threat actors viewed and obtained internal files containing employee and personal data, including names, addresses, Social Security numbers, and financial and health information. Regulatory filings indicate at least 362 affected individuals (Maine AG notice). No ransomware group has claimed responsibility.
Ocuco, Inc.
March 28, 2025
•[ data leak, unauthorized access ]
Ireland-based eyecare software services provider Ocuco detected unauthorized actor access to two non-production servers between Mar 28Apr 1 2025; KillSec claims data theft; company review shows ~240,961 affected; investigation ongoing; no confirmed service outage or encryption.
Sam’s Club
March 28, 2025
•[ ransomware, data leak, cybersecurity investigation ]
Sams Club, a U.S. warehouse retail chain owned by Walmart Inc., is investigating claims by the ransomware group Clop that it breached the companys systems. Clop added Sams Club to its dark-web leak site but so far has not provided any proof of data exfiltration. Sams Club acknowledged awareness of the potential incident and emphasized protecting member information is a priority while its internal investigation continues.
Capital
March 27, 2025
•[ data leak ]
Ukrainian outlet said site was attacked after articles about a public figure.
College Hospital Costa Mesa
March 27, 2025
•[ data leak ]
California hospital disclosed a cybersecurity incident exposing patient information.
United States Government Senior Officials
March 27, 2025
•[ data leak, government, leaked credentials ]
Reports said private contact details and some passwords of top officials were leaked online.
German Association for Eastern European Studies (DGO)
March 27, 2025
•[ data leak, espionage, government ]
SVR (COZYBEAR) infiltrated email servers of the German Association for Eastern European Studies in late March 2025, exfiltrating correspondence and membership data; the German Interior Ministry formally attributed the intrusion to Russias foreign intelligence service on April 22 2025.
Holt Group
March 27, 2025
•[ ransomware, data leak, legal action ]
Holt Group breach tied to Cactus with large data leak; suit filed.
Health New Zealand (Te Whatu Ora) Central Region
March 27, 2025
•[ data leak ]
Health New Zealand said a malicious actor accessed staff safety records.
WideOpenWest (Wow!)
March 26, 2025
•[ ransomware, data leak ]
Arkana security claims ransomware attack on wow with data theft.
Nsw Online Registry (Department Of Communities And Justice)
March 26, 2025
•[ data leak ]
Major breach led to downloads of sensitive court files including Avos and affidavits.
Spyx
March 25, 2025
•[ data leak, stalkerware ]
Stalkerware service reportedly leaked user data including iCloud credentials and device identifiers.
Lighthouse Wealth Partners
March 25, 2025
•[ data leak ]
Lighthouse Wealth Partners, recently disclosed that it suffered a data breach that compromised the sensitive personal data of individuals.
Troy Hunt / Have I Been Pwned Mailing List
March 25, 2025
•[ phishing, data leak, account takeover ]
Phishing led to Mailchimp account takeover and export of subscriber list.
Anne Arundel Dermatology
March 25, 2025
•[ data leak ]
Practice disclosed a data breach impacting about 1.9 million individuals, following an intrusion earlier in 2025; investigation and notifications ongoing.
Undisclosed European drone manufacturer
March 25, 2025
•[ phishing, social engineering, malware ]
North Korean operators approached European defense engineers with fake job offers, delivering loaders that sideloaded ScoringMathTea and BinMergeLoader/MISTPEN to exfiltrate proprietary UAV designs and manufacturing know-how. Intelligence-collection focus; campaign targets several firms rather than one discrete victim record.
Access Financial Services Limited
March 24, 2025
•[ data leak ]
Jamaica lender addressed recent cybersecurity incident and reassured stakeholders.
ADDA
March 24, 2025
•[ data leak ]
In March 2025, data allegedly breached from the ADDA housing societies service was posted to a public hacking forum. The data contained over 1.8M unique email addresses along with names, phone numbers and MD5 password hashes.
New York University
March 22, 2025
•[ data leak ]
Data reportedly leaked on nyu website exposing millions of applicants.
