Undisclosed Fashion Firm Hong Kong
January 10, 2024
•[ data leak ]
Regulator found fashion company at fault over customer data breach handling.
Matadero de Gijón
January 5, 2024
•[ ransomware, data leak ]
The Matadero de Gijn is hit with a RansomHub ransomware attack.
Legacy Professionals LLP
January 4, 2024
•[ data leak, unauthorized access ]
Legacy Professionals LLP, an Illinois-based accounting and audit firm, reported that sensitive personal information in its custody may have been accessed and acquired following suspicious activity detected on its computer network in late April 2024. The firm investigated and determined an unauthorized third party may have viewed and obtained certain information. Legacy then reviewed the affected data to identify impacted individuals, completing its review on 01/06/2025, and began mailing breach notification letters on 02/27/2025. Information potentially exposed was described as varying by individual and included names, Social Security numbers, and financial account numbers. Public filings referenced in reporting suggested Legacy provided affected individuals with credit monitoring services. Specific technical details such as the attack vector, the duration of unauthorized access, and whether data was exfiltrated beyond the identified categories were not publicly disclosed.
Medusind Solutions
December 29, 2023
•[ data leak, healthcare ]
Medusind Solutions, a healthcare billing and revenue cycle management provider, suffered a data breach on December 29, 2023, when unauthorized actors accessed its systems and exfiltrated sensitive patient data. Compromised data included names, addresses, insurance details, and other medical information of patients from multiple provider clients. The company disclosed the breach on January 10, 2024. There was no service disruption reported, but patient data privacy was significantly impacted.
Alpha Omega Winery, LLC
December 27, 2023
•[ ransomware, data leak ]
Alpha Omega Winery in Napa County, California experienced a data-focused cyber incident on or about December 2728, 2023 involving unauthorized access to systems containing sensitive personal and medical information; although the organization described the event as ransomware, no encryption, extortion, or operational disruption was confirmed, and affected individuals were notified in November 2025.
Brown Paindiris & Scott LLP
November 9, 2023
•[ data leak ]
The Connecticut law firm Brown Paindiris & Scott disclosed a November 79, 2023 network intrusion that exposed client PII/PHI; notifications to affected individuals began in March 2025 and litigation followed.
Chess
November 8, 2023
•[ data leak, scraping, user records ]
In November 2023, over 800k user records were scraped from the Chess website and posted to a popular hacking forum. The data included email address, name, username and the geographic location of the user. A further 446k scraped records were later provided and added to HIBP.
Hospital Español Auxilio Mutuo (Hospital Auxilio Mutuo)
September 24, 2023
•[ network incident, healthcare, patient data breach ]
Hospital Espaol Auxilio Mutuo (Hospital Auxilio Mutuo) in Puerto Rico notifies of a network incident affecting 500 patients.
Araújo e Policastro Advogados
September 18, 2023
•[ ransomware, data leak ]
The 8BASE ransomware gang lists the Brazilian law firm Arajo e Policastro Advogados among their victims.
OCH Regional Medical Center
September 6, 2023
•[ data leak ]
OCH data breach exposed 67K patient files
MinnesotaWorks.net
September 6, 2023
•[ unauthorized access, data leak, insider threat ]
The Department of Employment and Economic Development (DEED) in Minnesota notifies jobseekers of a data breach involving unauthorized access to their personal information at the MinnesotaWorks.net platform, after a person claiming to be an employee allegedly, viewed and copied user resume information without authorization.
Eisner Advisory Group LLC
September 4, 2023
•[ data leak ]
Between September 4 and 9 2023, an unauthorized actor accessed and acquired files from Eisner Advisory Groups network. A forensic review completed February 2025 determined the data contained sensitive personal information. Notification letters were mailed beginning April 8 2025.
Renton School District
August 3, 2023
•[ ransomware, data leak ]
Washington school district listed by Akira with threats to leak stolen data
Wojeski & Company
July 28, 2023
•[ ransomware, phishing, data leak ]
NY AG says Wojeski suffered a phishing-led ransomware incident that locked access to files, followed by a second breach when a vendors employee improperly accessed and exfiltrated client data. Notifications lagged by over a year. Settlement requires encryption, inventorying locations of personal data, stronger access controls, vulnerability management, and a formal IR plan; $60,000 penalty and credit monitoring for affected New Yorkers.
RadÃÆ'Ã'ÂÂÂ
June 20, 2023
•[ data leak, Breach Forums, database ]
A database with 25,000 records of the Italian jewelry firm Rad'', is published on Breach Forums.
Belgian State Security Service (VSSE)
May 31, 2023
•[ data leak, nation-state attack, vulnerability exploit ]
China-linked threat actors compromised VSSEs Barracuda Email Security Gateway between February 2021 and May 2023, exfiltrating around 10% of all staff email communications and employee personal data. No encryption or operational disruption was reported.
Prizm Media Inc.
April 28, 2023
•[ data leak ]
Investigation notice details Prizm Media email breach affecting PHI and PII.
VisitFaroeIslands.com
March 4, 2023
•[ defacement, data leak, employee data ]
The SeigedSec hacking group claims to have defaced the tourist website for the Faroe Islands '" a self-governing territory of the Kingdom of Denmark '" and to have stolen employee data and other sensitive information.
AssociaÃÆ'Ã'§ÃÆ'Ã'£o de Advogados de SÃÆ'Ã'£o Paulo (AASP)
February 22, 2023
•[ ransomware, data leak, personal information ]
The Ragnar Locker ransomware gang leaks 200 GB of files from the Associa o de Advogados de S''o Paulo (AASP) plus numerous screenshots with personal information after the association denies it was hacked.
