The Coca-Cola Company
May 22, 2025
•[ ransomware, data leak ]
Everest ransomware actors claimed theft of data on ~959 Coca-Cola employees in the Middle East (UAE, Oman, Bahrain); separate group also claimed a breach at Coca-Cola Europacific Partners. Coded as exploitive data theft based on reporting.
Keir Giles (UK academic)
May 22, 2025
•[ social engineering, phishing, data leak ]
Targeted social-engineering campaign impersonating U.S. State Department tricked Keir Giles into generating app-specific passwords, allowing a nation-state actor to access his Gmail account data stored on Google servers; no evidence of intrusion into affiliated institutional networks.
Kettering Health
May 21, 2025
•[ ransomware, data leak ]
Kettering Health suffered a ransomware attack causing a system-wide outage on May 21, 2025; Interlock later claimed responsibility and leaked stolen data.
Bradford Health Services
May 20, 2025
•[ data leak ]
Provider disclosed a data security incident; investigation concluded May 15, 2025 that multiple categories of PHI/PII may have been affected; notices and credit monitoring offered.
Effortel
May 16, 2025
•[ data leak ]
Test files with names, DOB, emails, phones, addresses, passport and SIM data for ~70,000 MVNO customers were accessed via a support portal during a database integration test.
Doctors Hospital at Renaissance, Ltd. (DHR Health)
May 15, 2025
•[ data leak, healthcare ]
Doctors Hospital at Renaissance (DHR Health) notified the U.S. Department of Health & Human Services that it had experienced a data breach impacting sensitive personal and protected health information. An unauthorized party accessed systems storing patient records, potentially exposing names, Social Security numbers, clinical details, and insurance data for an undisclosed number of individuals. The hospital has since notified the Texas Attorney General and begun mailing breach letters, while law firm investigators explore potential compensation claims for patients whose information may be at heightened risk of identity theft and medical fraud.
Cartier
May 15, 2025
•[ data leak ]
Cartier disclosed that an unauthorized party gained temporary access to its systems in mid-May 2025 and obtained limited client information (names, email addresses, countries). No financial data, passwords, or banking information were compromised.
Kurdish Government and Media Institutions
May 15, 2025
•[ cyber-espionage, phishing, data leak ]
Iran-linked threat actor MuddyWater (MOIS) conducted cyber-espionage operations against Kurdish government and media infrastructure in Iraq during MayJune 2025 using phishing and web-shells to steal credentials and internal documents; reported Jun 25 2025.
Coinbase
May 15, 2025
•[ insider threat, data leak, supply chain ]
Coinbase disclosed a data breach involving bribed third-party support agents; customer data was accessed and losses estimated at $180$400M for remediation and reimbursements.
House of Dior
May 14, 2025
•[ data leak ]
Dior disclosed that an external party accessed a customer database in May; later breach notices warned affected customers about exposed personal data.
Weis Markets
May 14, 2025
•[ payment card theft, data leak ]
Weis Markets completed its investigation and reported skimmers at multiple locations capable of capturing payment card track and PIN data; notices published to customers.
Kerala State Film Development Corporation (KSFDC)
May 12, 2025
•[ data leak, insider threat, surveillance ]
Reporting described a major cybersecurity breach in which CCTV footage recorded inside government-owned theatres in Thiruvananthapuram (Kairali, Sree, and Nila) appeared on pornographic websites and then spread via Telegram/X and other channels. The leaked clips visibly displayed the KSFDC logo on seats, strongly indicating the source. Authorities opened a high-level inquiry and a cyber-cell investigation, with officials considering possibilities including insider misuse by staff with access to surveillance systems or an external intrusion into the CCTV network. No specific perpetrator, intrusion method, or exact timeframe for initial compromise was provided, but the incident resulted in non-consensual exposure of surveillance video of patrons.
Undisclosed U.S. government agency (reported as “Department of Government Efficiencyâ€Â)
May 8, 2025
•[ malware, infostealer, credential theft ]
Ars Technica reports a government software engineers workstation was infected with info-stealing malware, with login credentials appearing in multiple stealer-log dumps since 2023; investigation centers on credential exposure rather than confirmed enterprise compromise.
Outwood Academy Acklam
May 8, 2025
•[ data leak ]
Local reporting says the Middlesbrough school notified families on May 8 of a breach affecting parent information; letters indicated personal details were accessed and the school engaged with authorities.
LockBit ransomware operation
May 7, 2025
•[ ransomware, data leak, deface ]
LockBits dark-web panels were defaced and a MySQL database dump with internal operational data was posted by an unknown actor.
Alvin Independent School District
May 6, 2025
•[ data leak ]
Alvin ISD in Texas notified over 47,000 people of a data breach exposing personal information; investigation and notifications underway.
GlobalX
May 6, 2025
•[ hacktivism, defacement, data leak ]
Hacktivists defaced GlobalXs website and claimed theft of flight records and deportation passenger manifests; reporting cites defacement message referencing deportations. https://databreaches.net/2025/05/06/globalx-airline-for-trumps-deportations-hacked/
Zumpano Patricios (law firm)
May 6, 2025
•[ ransomware, data leak ]
SecurityWeek: HHS tracker shows >232k impacted at Cierant (Cleo file transfer/Cl0p) and ~280k at law firm Zumpano Patricios after May 6 intrusion with possible exfiltration.
WDEF-TV
May 6, 2025
•[ ransomware, data leak ]
WDEF Chattanooga TV station was listed by the Lynx ransomware group; actors posted sample HR/contract files while the station assessed impact.
TeleMessage
May 5, 2025
•[ data leak ]
TeleMessage (an unofficial Signal archiving tool owned by Smarsh) suspended services while investigating a breach that exposed backend credentials and some archived data.
