Financial Business And Consumer Solutions
February 1, 2024
•[ data leak ]
Debt Collector Updated Affected Count For 2024 Breach To 4,253,394 Individuals.
Schuster Company
January 30, 2024
•[ data leak, personally identifiable information ]
An unauthorized third party gained access to Schuster Companys network between January 2330, 2024 and exfiltrated employee/driver personally identifiable information. The company publicly disclosed the incident on April 4, 2025.
St. Joseph’s College Of Maine
January 24, 2024
•[ data leak, unauthorized access ]
College confirmed unauthorized network access in 20232024; notices sent March 2025.
TriZetto Provider Solutions,
January 11, 2024
•[ data leak, healthcare ]
TriZetto Provider Solutions, a Cognizant-owned vendor providing revenue management services to healthcare organizations, reported a cybersecurity incident affecting a customer web portal. TriZetto identified suspicious portal activity on 10/02/2025, secured the portal, and engaged Mandiant to investigate and validate remediation. Forensic work determined an unauthorized third party had been accessing historical eligibility transaction reports within TriZetto systems since November 2024, nearly a year before detection. The reports contained protected health information for patients of certain healthcare provider clients. TriZettos review determined compromised data could include patient and primary insured names combined with other personal and insurance information such as addresses, dates of birth, Social Security numbers, member/Medicare numbers, insurer names, and related demographic health and coverage details. TriZetto stated it believed the actor had been eradicated and no further unauthorized portal activity was detected after 10/02/2025; the total number of affected clients/individuals was not yet publicly confirmed.
Trinity Petroleum Management
January 10, 2024
•[ data leak ]
Texas filing indicated unauthorized access exposing names addresses and Social Security numbers.
Undisclosed Fashion Firm Hong Kong
January 10, 2024
•[ data leak ]
Regulator found fashion company at fault over customer data breach handling.
Legacy Professionals LLP
January 4, 2024
•[ data leak, unauthorized access ]
Legacy Professionals LLP, an Illinois-based accounting and audit firm, reported that sensitive personal information in its custody may have been accessed and acquired following suspicious activity detected on its computer network in late April 2024. The firm investigated and determined an unauthorized third party may have viewed and obtained certain information. Legacy then reviewed the affected data to identify impacted individuals, completing its review on 01/06/2025, and began mailing breach notification letters on 02/27/2025. Information potentially exposed was described as varying by individual and included names, Social Security numbers, and financial account numbers. Public filings referenced in reporting suggested Legacy provided affected individuals with credit monitoring services. Specific technical details such as the attack vector, the duration of unauthorized access, and whether data was exfiltrated beyond the identified categories were not publicly disclosed.
Medusind Solutions
December 29, 2023
•[ data leak, healthcare ]
Medusind Solutions, a healthcare billing and revenue cycle management provider, suffered a data breach on December 29, 2023, when unauthorized actors accessed its systems and exfiltrated sensitive patient data. Compromised data included names, addresses, insurance details, and other medical information of patients from multiple provider clients. The company disclosed the breach on January 10, 2024. There was no service disruption reported, but patient data privacy was significantly impacted.
Alpha Omega Winery, LLC
December 27, 2023
•[ ransomware, data leak ]
Alpha Omega Winery in Napa County, California experienced a data-focused cyber incident on or about December 2728, 2023 involving unauthorized access to systems containing sensitive personal and medical information; although the organization described the event as ransomware, no encryption, extortion, or operational disruption was confirmed, and affected individuals were notified in November 2025.
Brown Paindiris & Scott LLP
November 9, 2023
•[ data leak ]
The Connecticut law firm Brown Paindiris & Scott disclosed a November 79, 2023 network intrusion that exposed client PII/PHI; notifications to affected individuals began in March 2025 and litigation followed.
OCH Regional Medical Center
September 6, 2023
•[ data leak ]
OCH data breach exposed 67K patient files
Eisner Advisory Group LLC
September 4, 2023
•[ data leak ]
Between September 4 and 9 2023, an unauthorized actor accessed and acquired files from Eisner Advisory Groups network. A forensic review completed February 2025 determined the data contained sensitive personal information. Notification letters were mailed beginning April 8 2025.
Renton School District
August 3, 2023
•[ ransomware, data leak ]
Washington school district listed by Akira with threats to leak stolen data
Wojeski & Company
July 28, 2023
•[ ransomware, phishing, data leak ]
NY AG says Wojeski suffered a phishing-led ransomware incident that locked access to files, followed by a second breach when a vendors employee improperly accessed and exfiltrated client data. Notifications lagged by over a year. Settlement requires encryption, inventorying locations of personal data, stronger access controls, vulnerability management, and a formal IR plan; $60,000 penalty and credit monitoring for affected New Yorkers.
Belgian State Security Service (VSSE)
May 31, 2023
•[ data leak, nation-state attack, vulnerability exploit ]
China-linked threat actors compromised VSSEs Barracuda Email Security Gateway between February 2021 and May 2023, exfiltrating around 10% of all staff email communications and employee personal data. No encryption or operational disruption was reported.
Prizm Media Inc.
April 28, 2023
•[ data leak ]
Investigation notice details Prizm Media email breach affecting PHI and PII.
Christensen Group Insurance
October 10, 2022
•[ phishing, data leak ]
Company posted 24-02-2025 notice about 2022 email-account breach; data breach letters now being sent.
Government Communications Headquarters
August 24, 2022
•[ insider threat, data leak ]
Former intern admitted unauthorized transfer of top secret data from Gchq.
Advanced Computer Software Group Ltd
August 4, 2022
•[ ransomware, data leak ]
Ico fined Advanced after 2022 ransomware that disrupted Nhs services and leaked data.
Vultr
July 8, 2022
•[ data leak, third-party ]
In March 2023, the "AI-first global cloud platform" Vultr disclosed a security incident at a third-party vendor. Dating back to the previous year, the incident was attributed to the ActiveCampaign email marketing service provider and resulted in the exposure of 188k unique email addresses. A small number of records also included name, IP address and country of origin. No Vultr systems or additional customer data were impacted. Vultr subsequently self-submitted the impacted data to HIBP.
