Mango
October 15, 2025
•[ data leak ]
External marketing provider breach exposed limited customer contact data; Mango said core systems unaffected
Russian IT service provider
October 15, 2025
•[ data leak, espionage, apt ]
China-linked Jewelbug infiltrated Russian IT provider for months, exfiltrating repositories and data
Ansell Limited
October 14, 2025
•[ data leak ]
Ansell disclosed unauthorized access to certain company data and began mitigation; no operational disruption reported.
Volkswagen Group France
October 14, 2025
•[ ransomware, data leak ]
Qilin gang claimed a ransomware attack on Volkswagen France with ~150GB of data allegedly stolen; investigation ongoing.
Vietnam Airlines
October 14, 2025
•[ data leak ]
Reuters/MarketScreener notes customer data breach; internal IT systems not impacted
Methodist Church of Southern Africa
October 13, 2025
•[ ransomware, data leak ]
Ransomware actors claimed an attack on the Methodist Church of Southern Africa; verification and technical details remain limited.
Cyprus Post
October 13, 2025
•[ data leak, government ]
Hackers accessed Cyprus Post systems, leaking sensitive government correspondence and citizen data via the Thalis platform.
Banco Hipotecario del Uruguay
October 13, 2025
•[ ransomware, data leak ]
Uruguayan bank BHU said attackers leaked user data and demanded payments; reports attribute incident to Crypto24 group.
MAYA Systems Ltd.
October 12, 2025
•[ data leak, hacktivism, espionage ]
An Iran-linked hacktivist group known as Cyber Toufan claimed responsibility for breaching Israeli defense contractor MAYA Systems in October 2025, stealing and releasing files allegedly showing Iron Beam laser-defense system designs and other IDF technologies. Israeli authorities have not verified the authenticity of the leaked materials.
The Department of the Interior and Local Government (DILG)
October 10, 2025
•[ data leak ]
Philippines DILG said it is probing an alleged breach of ~40M records from its FDPP portal.
Department of the Interior and Local Government (FDPP portal)
October 10, 2025
•[ data leak ]
Alleged breach of ~40 million records from the FDPP portal; authorities probing.
TriMed
October 9, 2025
•[ data leak ]
Orthopedic device maker reported cybersecurity incident; threat group posted samples of stolen internal data.
Methodist Homes
October 9, 2025
•[ data leak ]
Law firm Lynch Carpenter announced an investigation tied to a Methodist Homes data breach affecting notified individuals.
Prospect
October 9, 2025
•[ data leak ]
Security incident at Prospect exposed Bectu members personal and bank details.
Multiple compromised email accounts at third undisclosed US university
October 9, 2025
•[ phishing, data leak ]
Credential-phishing on university payroll platforms diverted salary payments.
Chipotle Mexican Grill, Inc.
October 9, 2025
•[ phishing, social engineering, data leak ]
Chipotle Mexican Grill disclosed unauthorized access to employee Workday payroll accounts between October 9 and October 26, 2025. Attackers used phishing and social engineering to access accounts and alter payroll information. State breach notices identified 31 affected employees in Maine and 2 in New Hampshire; the company has not disclosed a nationwide total, and state figures represent only partial reporting.
Williams & Connolly
October 8, 2025
•[ espionage, state-sponsored attack, data leak ]
Breach of U.S. law firm with major political clients linked to Chinese espionage campaign.
CPAP Medical Supplies and Services, Inc.
October 8, 2025
•[ data leak, healthcare, government ]
Data breach affecting ~90,000 military members, veterans and families exposed SSNs and medical details.
London North Eastern Railway
October 8, 2025
•[ data leak, supply chain attack ]
Media report warns LNER customers after supplier breach exposed contact and journey data
Policing Board laptop
October 8, 2025
•[ data leak, stolen hardware ]
A laptop belonging to a staff member of the Northern Ireland Policing Board was stolen from a Belfast city centre pub on October 8, 2025, prompting a data-breach report and a Police Service of Northern Ireland investigation. The rucksack containing the laptop was taken between 5 p.m. and 6 p.m.; a suspect was arrested and charged shortly afterwards. The board says the laptop was immediately decommissioned remotely by IT Assist, other items from the bag were recovered, and there is no identified or residual risk arising from data on the device, but the incident has drawn scrutiny because of previous PSNI data breaches.
