Full List

Search

Search Results (data leak)

• Behavioral Health Resources November 20, 2024 • [ data breach, data leak ] Unauthorized actor accessed Behavioral Health Resources network in Nov 2024, exfiltrating client PII and medical records; organization confirmed breach via Maine AG filing and began notifications in Apr 2025.
• Converse University November 20, 2024 • [ data leak ] Class action alleges delayed notice following a late-2024 data breach.
• Erickson Companies November 18, 2024 • [ data leak ] Company notified individuals after data breach potentially exposing Social Security numbers.
• Systematic Financial Management November 16, 2024 • [ data leak ] Intrusion confirmed; files with PII may have been accessed; discovery Nov 16, 2024; PII confirmed Jan 10, 2025.
• Pound Road Medical Centre November 13, 2024 • [ ransomware, data leak ] On November 13, 2024, PRMC reported a cyber incident and later Anubis publicly claimed it as a victim, alleging patient data may have been accessed and taken. No public confirmation of encryption or operational disruption was made.
• Legends International November 9, 2024 • [ data leak ] On November 9 2024, Legends International detected unauthorized access to its internal systems. The investigation confirmed that an external actor exfiltrated files containing sensitive personal and financial data of employees and customers. No ransomware, encryption, or operational disruption was reported.
• VeraCore (Advantive) November 5, 2024 • [ data leak, vulnerability, web shell ] The Vietnamese-linked cybercriminal group XE Group exploited two zero-day vulnerabilities (CVE-2024-57968, CVE-2025-25181) in the U.S. software vendor VeraCores warehouse management and fulfillment platform. Attackers uploaded web shells, maintained persistent access since 2020, exfiltrated configuration and system data, and executed commands on compromised servers, potentially exposing data from client organizations using VeraCore for logistics operations.
• Hixson Holdings, Inc November 5, 2024 • [ data leak ] Hixson Holdings Inc., a Cincinnati-based architecture, engineering and project management firm, detected suspicious activity on its network on November 5, 2024. A forensic investigation later determined that an Undetermined intruder may have accessed sensitive data on Hixson's systems from that date through October 9, 2025, before the review concluded. Exposed information includes names, contact details, Social Security numbers and medical or insurance identifiers, highlighting that the firm handled protected health information for some clients. Hixson filed notice with the Massachusetts Attorney General and began mailing breach letters on October 31, 2025, while law firms and regulators assess potential legal and remediation obligations.
• The Plastic Surgery Center November 4, 2024 • [ data leak ] Names, dates of birth, Social Security numbers, passport and drivers license numbers, financial, biometric, and medical information
• Biomedical Caledonia Medical Laboratory November 1, 2024 • [ data leak, hacked, third-party breach ] In November 2024, unauthorized actors accessed Biomedical Caledonia Medical Laboratorys systems through an external vendor, prompting an investigation and cybersecurity upgrades. The lab confirmed the intrusion but did not disclose specific data types or quantities affected. No evidence of encryption or operational disruption has been reported.
• Fall Mountain Regional School District November 1, 2024 • [ phishing, data leak ] District warned community after phishing scam; vendor ids and emails exposed.
• City of McKinney, Texas October 31, 2024 • [ ransomware, data leak ] Ransomware group INC claimed responsibility for breaching the City of McKinney, Texas, beginning October 31, 2024. Officials confirmed that personal and health data of approximately 17,751 individuals were exfiltrated. The city discovered the breach on November 14, 2024, and publicly reported it in February 2025. No encryption was reported.
• Finastra October 31, 2024 • [ compromised credentials, data leak ] Intruder used compromised credentials to access Finastras SFTP/Aspera platform, copied files on Oct 31, 2024, and maintained access until Nov 8. A forum post later advertised ~400 GB of alleged Finastra data. Finastra isolated the platform, said there was no malware/ransomware and no impact to core operations, and began notifications in Feb 2025.
• City of Sheboygan October 31, 2024 • [ ransomware, data leak ] 67,000+ residents PII including SSNs, state IDs, license plate numbers were accessed during an Oct 31, 2024 ransomware incident; breach letters filed May 2025.
• Energy Capital Credit Union October 29, 2024 • [ data leak ] Energy Capital Credit Union disclosed unauthorized access to certain systems occurring between October 29 and November 19, 2024, which was discovered in 2025. State breach filings reported 49,664 affected Texas residents; the credit union has not released a nationwide total. The incident involved exposure of member personal, financial, and limited medical information, and no operational disruption was publicly reported.
• Fillmore County Hospital October 27, 2024 • [ phishing, data leak ] An unauthorized party accessed an employee email account on 2024-10-27. Investigation completed 2024-12-18. Affected data includes personal, medical, payment, and insurance information. Individuals were notified 2025-02-13.
• Hellenic Open University October 25, 2024 • [ ransomware, data leak ] Greek open university confirmed ransomware with prolonged disruption and data leak.
• Georgia Urology October 25, 2024 • [ email compromise, healthcare, data leak ] Georgia Urology disclosed unauthorized access to two employee Microsoft 365 email accounts that exposed patient PII/PHI; notification letters began March 27 2025.
• The Superior Court of California for the County of San Joaquin October 25, 2024 • [ data leak ] The Superior Court of California for the County of San Joaquin later concluded that an unauthorized person had accessed its computer network between October 25 and 30, 2024, after first reporting significant connectivity issues and a cybersecurity incident around the end of that month. Subsequent investigation determined that files containing sensitive personal information such as Social Security numbers, drivers license numbers and credit card numbers had been exposed. The court has not disclosed how many files or people were affected but is offering one year of identity protection and credit monitoring services to potentially impacted individuals and has posted a data breach notice on its website.
• Word & Brown Insurance Administrators, Inc. October 23, 2024 • [ data leak ] Word & Brown Insurance Administrators, Inc. experienced unauthorized access to an employee workstation on or about October 23, 2024. The attacker accessed and copied insurance administration records containing personal and health-related information for clients and employees. No encryption or operational disruption was reported. Disclosure was filed December 23, 2024.