The Children’s Center of Hamden
December 28, 2024
•[ data breach, data theft, unauthorized network activity ]
In late December 2024, The Childrens Center of Hamden detected unauthorized network activity later linked to the criminal group INC. The attack resulted in theft of sensitive patient and staff information including SSNs and medical records. No encryption reported. Public notice issued August 28 2025.
At least one undisclosed government or financial organization
December 1, 2024
•[ malware, espionage, data theft ]
Kaspersky tracks PassiveNeuron using bespoke Neursite and NeuralExecutor implants, often gaining RCE on exposed Windows servers (e.g., via MSSQL) and then staging modular plugins for stealthy collection through compromised internal servers. Campaign-level report without a single victim suitable for event coding.
ARC Community Services
November 4, 2024
•[ unauthorized activity, data breach, protected health information ]
ARC Community Services disclosed it became aware of unauthorized activity in its network on November 4, 2024 and initiated incident response actions, including taking systems offline until operations could be safely restored. During the ensuing investigation and data review, ARC determined that files containing protected health information (PHI) were taken from its network. The potentially affected PHI varies by individual but may include contact information (name/address), date of birth, medical record number, health information, drivers license number, and financial account information.
Undisclosed Victims In Mena
September 1, 2024
•[ malware, data theft ]
Campaign used Facebook ads and Telegram links to deliver Asyncrat and steal data.
