Delta Dental of Virginia
March 21, 2025
•[ phishing, data leak ]
An unauthorized actor accessed a Delta Dental of Virginia employee email account between March 21 and April 23, 2025, viewing or acquiring emails and attachments containing personal, financial, and protected health information for 145,918 individuals. Notification letters were issued on November 21, 2025.
StreamElements
March 20, 2025
•[ phishing, data leak ]
StreamElements confirmed that one of its former third-party service providers experienced a data breach, which led to the exposure of customer information including names, addresses, phone numbers and email addresses. The breach is believed to relate to the period between 2020 and 2024. Although StreamElements stated its own servers were not compromised, it is actively contacting affected customers and warning of increased phishing risk.
Pam Golding Properties
March 20, 2025
•[ data leak ]
South African real-estate firm investigated data leak after reports of compromise.
Sunnking Sustainable Solutions
March 20, 2025
•[ data leak ]
Unauthorized actor accessed Sunnking Sustainable Solutions internal servers in Rochester, New York and exfiltrated about 35,000 employee and client records. Breach detected March 20 2025 and disclosed April 2 2025. No encryption or service disruption occurred.
Meigs Ems
March 20, 2025
•[ data leak, medical ]
Ambulance service asked patients to be vigilant after discovering a cyber breach.
James Pascoe Group
March 19, 2025
•[ data leak ]
Owner of Farmers and Whitcoulls notified regulator of a data breach.
Office of the State’s Attorney for Baltimore City
March 19, 2025
•[ ransomware, data leak ]
Following a March 2025 intrusion, the Kairos ransomware group stole internal legal and police records from the Baltimore City States Attorneys Office and later published portions online; the office reported no service disruption but confirmed investigation of unauthorized access.
Office of the State’s Attorney for Baltimore City
March 19, 2025
•[ ransomware, data leak, unauthorized access ]
Following a March 2025 intrusion, the Kairos ransomware group stole internal legal and police records from the Baltimore City States Attorneys Office and later published portions online; the office reported no service disruption but confirmed investigation of unauthorized access.
California Cryobank
March 18, 2025
•[ data leak ]
California Cryobank, a leading sperm donation organization, reported a data breach after detecting unauthorized access to its network between April 20 and 22, 2024. The incident exposed sensitive personal and financial information, including names, bank details, Social Security numbers, drivers license numbers, payment card data, and health insurance information. The company assured that its core operations remained unaffected and began notifying affected individuals, offering complimentary credit monitoring and identity protection services. Authorities and cybersecurity experts are investigating the scope of the breach to determine how the attackers gained access and whether donor-related data was compromised.
Western Alliance Bank
March 18, 2025
•[ data leak, third-party breach ]
Western Alliance Bank notified 21,899 customers that their personal information was stolen after a breach of a third-party secure file transfer system. The breach occurred between October 12 and October 24, 2024, and exposed names, Social Security numbers, dates of birth, financial account numbers, drivers licence numbers, tax IDs and/or passport information. The company found no evidence of fraudulent use yet and is providing one year of complimentary credit monitoring to those impacted.
Harcourts Prime Properties
March 18, 2025
•[ ransomware, data leak ]
Unauthorized access to Harcourts Prime Properties internal systems followed by ransom demand; investigation ongoing; no confirmed data volume or encryption reported.
Precision Orthopaedics and Sports Medicine
March 17, 2025
•[ phishing, data leak ]
Hospital reported mailbox compromise exposing patient demographic and clinical information.
Atlas Healthcare Group Facilities
March 17, 2025
•[ data leak ]
Multiple facilities reported data security incident; breach letters sent March third.
Mountain West Insurance & Financial Services LLC
March 17, 2025
•[ phishing, data leak ]
On March 17, 2025, Mountain West Insurance & Financial Services detected unauthorized access to several corporate email accounts. An investigation determined that emails containing extensive personal, financial, and health-related information may have been accessed or acquired without authorization. Mountain West issued breach notices on September 22, 2025.
Ascom
March 16, 2025
•[ ransomware, data leak ]
Hellcat claims theft from ascom; company confirms ticketing system incident.
AUTOSUR
March 16, 2025
•[ data leak, phishing ]
In March 2025, the French vehicle inspection company AUTOSUR suffered a data breach exposing over 10M customer records, though only 487k unique email addresses were present. The compromised data included names, phone numbers, physical addresses, and vehicle details such as make and model, VIN, and registration plate. AUTOSUR later issued a disclosure notice with further details.
Water & Sewerage Corporation
March 15, 2025
•[ ransomware, data leak ]
In mid-March 2025, the Water & Sewerage Corporation of the Bahamas experienced a ransomware attack targeting internal data systems. The utility confirmed unauthorized access but stated there was no evidence of customer data access or theft. While no encryption or operational outage has been verified, remediation efforts were ongoing as of April 2025.
NASCAR
March 15, 2025
•[ ransomware, data leak ]
NASCAR confirmed a ransomware breach of internal systems in March 2025 attributed to Medusa; ~1 TB of sensitive data stolen with $4M ransom demand; notifications and protections offered.
CFD Investments, Inc.
March 15, 2025
•[ unauthorized access, email account compromise, data leak ]
Unauthorized access to an employee email account at CFD Investments, Inc. resulted in exposure of client personal and financial information between March 15 and May 9, 2025; affected individuals were notified beginning January 28, 2026.
Tj-Actions
March 14, 2025
•[ data leak, supply chain attack, credential exposure ]
A popular GitHub Action called tj-actions/changed-files was compromised: an attacker modified its code and version tags so that when used in CI/CD workflows it executed a script that dumped runner memory and exposed secrets (AWS keys, GitHub PATs, npm tokens, private RSA keys) in publicly accessible logs. The incident, tracked as CVE-2025-30066 (and linked to CVE-2025-30154 for a related Action), affected thousands of repositories across many organizations. Users are advised to stop using the impacted versions, rotate all credentials, and review any workflows that ran between March 1415, 2025.
