SoundCloud
December 15, 2025
•[ data leak, extortion ]
In December 2025, SoundCloud announced it had discovered unauthorised activity on its platform. The incident allowed an attacker to map publicly available SoundCloud profile data to email addresses for approximately 20% of its users. The impacted data included 30M unique email addresses, names, usernames, avatars, follower and following counts and, in some cases, the users country. The attackers later attempted to extort SoundCloud before publicly releasing the data the following month.
Ahome City Hall
December 12, 2025
•[ data leak, ransomware, extortion ]
Article warns that Mexicos government cybersecurity is structurally weak. Experts cite basic misconfigurations, poor maintenance, limited staff training, and lack of an overarching cybersecurity law. Recent incidents, including municipal data leaks and ransomware affecting Guanajuatos attorney general, show risks of extortion, fraud, and weakened public trust.
Dolar Financial Group
November 25, 2025
•[ ransomware, data leak, extortion ]
Money Mart (National Money Mart Company Database) was posted to the Everest ransomware groups leak site around Nov 25, 2025, with the attackers claiming they exfiltrated 80,000+ internal files and threatening to publish them by Nov 30. Reporting states Cybernews reviewed the leaked samples and observed multiple categories of data, including customer identification/contact details and identity documents, financial data (including partial credit card details and transaction-related records), and extensive employee information. The report describes the incident primarily as data theft/extortion, with no confirmed public statement from Money Mart included in the article and no operational outage details provided in the cited reporting.
Checkout.com
November 6, 2025
•[ extortion, unauthorized access, data leak ]
Checkout.com reported that an extortion actor accessed a legacy cloud file storage system and claimed to have obtained data; the company confirmed unauthorized access but no operational disruption or verified data theft.
Envoy Air (American Airlines)
October 17, 2025
•[ ransomware, data leak, vulnerability ]
Envoy Air confirmed it was hit in a broader Clop campaign abusing an Oracle EBS zero-day. Reuters notes a small amount of Envoy business information may have been accessed; Clop listed American Airlines, but the target was Envoy, AAs regional carrier. Primary impact: unauthorized access/data theft for extortion, not operational outage.
Unnamed Minnesota hospital
October 6, 2025
•[ ransomware, extortion, data leak ]
Ransomware group Radiant listed an unnamed Minnesota hospital on its leak site and issued a 7-day extortion deadline; hospital not yet identified and operational impact undisclosed.
Red Hat
October 2, 2025
•[ extortion, data leak ]
Red Hat confirmed incident affecting a consulting GitLab instance; extortion group claims access to repos and CERs with potentially sensitive client details.
Assaf Harofeh Medical Center
October 1, 2025
•[ extortion, data leak, healthcare ]
Hospital hit during Yom Kippur; extortion demand ~$700,000; brief outage of shared records system reported; authorities probing possible data leak.
GlobalLogic
October 1, 2025
•[ ransomware, data leak, extortion ]
cl0p exploited an Oracle-hosted cloud application used by GlobalLogic for HR data management, exposing approximately 10,000 employee records including names, email addresses, phone numbers, and employee identifiers, as part of a broader extortion campaign targeting Oracle cloud tenants.
Quasar Inc
August 12, 2025
•[ extortion, data leak ]
Hackread reported that the Space Bears extortion group claimed it obtained Comcast-related technical documentation via a breach at Quasar Inc. and threatened to publish it after a countdown timer. The article states the group did not provide file samples for the Comcast-related claim, making independent verification impossible at the time of publication; the leak site also listed Quasar as a separate victim. Because the only available evidence in the source is a threat-actor claim without proof or victim confirmation, this should be treated as an unverified claim rather than a confirmed cyber event record.
Pornhub
August 11, 2025
•[ extortion, phishing, data leak ]
Cybercriminal group ShinyHunters claimed theft of a 94GB dataset containing about 201 million records tied to Pornhub Premium user activity and launched an extortion campaign demanding payment in Bitcoin. Reporting linked the compromise to third-party analytics provider Mixpanel, where access allegedly began on November 8, 2025 after a smishing attack harvested employee login credentials. Samples reviewed by journalists reportedly included email addresses, approximate location (city/country), video titles and URLs, search keywords, and timestamps for watches/downloads. Pornhub stated its internal systems were not directly hacked and that sensitive items such as passwords and credit card details remained secure, while Mixpanel later suggested some access may have involved a legitimate employee account associated with Pornhubs parent company, Aylo.
Naval Group
July 23, 2025
•[ data leak, extortion ]
Threat actor leaked 1TB of alleged Naval Group data after an extortion attempt. Naval Group says no intrusion confirmed and operations unaffected.
Nymburk Hospital
July 8, 2025
•[ ransomware, extortion ]
Czech police investigating a cyberattack on Nymburk Hospital including extortion elements; disruption reported.
Scania AB
May 28, 2025
•[ data leak, extortion ]
Scania confirms insurance claim data breach in extortion attempt
BYOND
May 26, 2025
•[ ddos, extortion ]
BYOND endured a weeks-long DDoS that repeatedly knocked services offline; an extortion note said attacks would stop if BYOND went open-source.
Oracle Corporation (legacy cloud environment)
January 22, 2025
•[ data leak, extortion ]
Threat actor rose87168 exploited Oracles legacy Gen 1 Cloud infrastructure, stealing credentials and configuration data from ~140,000 tenants (6 million+ records) and attempting extortion; Oracle privately confirmed breach to customers.
At least one individual in Singapore
January 11, 2025
•[ malware, extortion, data leak ]
Singapore Police warned of a malware-enabled sextortion scam in which victims were lured via social media offers of online sexual services and deceived into downloading a malicious application. Police said the malware enabled scammers to remotely access victims photo galleries and contact lists, and in some cases capture or retrieve compromising content. Attackers then threatened to send the images to the victims contacts unless payments were made. Police reported at least six cases since November 2025 with total losses of at least S$20,000.
Pop TV
February 8, 2022
•[ financial, extortion, technology ]
Slovenia's top TV channel is hit with a cyberattack interrupting its broadcast capabilities in an apparent extortion attempt.
