Liberty Mutual Insurance
April 30, 2026
•[ data-extortion, data leak, personal information ]
Everest Group claimed responsibility for a data-extortion attack against Liberty Mutual Insurance on April 30, 2026 and began leaking what it claimed was more than 108 GB of stolen data, including policyholder personal, financial, and insurance information. Public reporting did not confirm encryption, deletion, or operational disruption.
Blanchard Training and Development, Inc.
March 3, 2026
•[ unauthorized access, PII, financial information ]
Blanchard Training and Development, Inc. identified unusual activity in its network environment on March 4, 2026, and later determined that an unauthorized individual may have copied certain information between March 3 and March 4. DataBreach indexed 494,404 rows tied to Blanchard, including names, contact information, addresses, and bank account information.
Odido
February 12, 2026
•[ data breach, extortion, PII ]
In February 2026, Dutch telco Odido was the victim of a data breach and subsequent extortion attempt. Shortly after, a total of 6M unique email addresses were published across four separate data releases over consecutive days. The exposed data includes names, physical addresses, phone numbers, bank account numbers, dates of birth, customer service notes and passport, drivers licence and European national ID numbers. Odido has published a disclosure notice including an FAQ to support affected customers.
Family Health Centers of Southern Indiana
February 2, 2026
•[ cyberattack, data leak, PII ]
Termite claimed responsibility for a cyberattack against Family Health Centers of Southern Indiana, identified by the domain fhcenters.org, on February 2, 2026. DataBreach later indexed 60,425 rows tied to the breach, with exposed fields including dates of birth, phone numbers, names, street addresses, and bank account information. Public sources did not confirm the intrusion vector, encryption, operational disruption, or exact data-theft mechanism.
Daniel L Kaler DDS PC
January 15, 2026
•[ data leak, unauthorized access, medical information ]
Attackers gained unauthorized access to systems at a Dakota Dunes dental practice and exfiltrated patient records from its databases. The breach exposed personal, medical, and financial information belonging to approximately 27000 individuals.
Erie Family Health Centers
December 10, 2025
•[ unauthorized access, data leak, medical records ]
Erie Family Health Centers detected unauthorized access in January 2026 and later determined that an unauthorized third party accessed its network between December 10, 2025 and January 27, 2026, exposing personal, financial, credential, medical, and health insurance information for approximately 570,000 individuals.
New York Life Insurance Company
December 2, 2025
•[ unauthorized access, email compromise, personally identifiable information ]
New York Life Insurance Company discovered unauthorized access to one of its agents' email accounts on December 2, 2025. After securing the account and completing its investigation, the company confirmed on April 8, 2026 that the compromised account contained some clients' personal information, including identifiers, financial information, medical information, and health insurance information. Public reporting did not identify a responsible actor, data volume, ransomware, or operational disruption.
Florida Physician Specialists
November 27, 2025
•[ unauthorized access, data breach, personal information ]
Florida Physician Specialists said unauthorized access to its network occurred between approximately November 27 and November 29, 2025. A review completed on April 6, 2026 determined that personal, financial, medical, and health insurance information may have been removed from the network, affecting 276,498 individuals.
Western Orthopaedics
September 17, 2025
•[ data leak, ransomware, personal information ]
Western Orthopaedics confirmed that an unauthorized actor accessed files between September 17 and September 25, 2025, exposing personal, health insurance, medical billing, and financial information for 113,330 individuals. PEAR claimed responsibility and reportedly leaked the stolen data after ransom was not paid.
Atlas Transfer and Storage
July 15, 2025
•[ unauthorized access, data breach, PII ]
Atlas Transfer & Storages notice states it identified suspicious activity on July 15, 2025 and launched an investigation. The investigation concluded that an unauthorized party copied certain files on the same date. Atlas reviewed the impacted files and stated the affected information varied by individual but could include identifiers and financial/health insurance information such as SSNs, tax IDs, drivers license/state IDs or other government IDs, payment card numbers, health insurance and medical information, and financial account information. Atlas stated it notified individuals and offered complimentary credit monitoring services.
CFD Investments, Inc.
March 15, 2025
•[ unauthorized access, email account compromise, data leak ]
Unauthorized access to an employee email account at CFD Investments, Inc. resulted in exposure of client personal and financial information between March 15 and May 9, 2025; affected individuals were notified beginning January 28, 2026.
Monroe University
December 9, 2024
•[ data breach, network access, personally identifiable information (PII) ]
BleepingComputer reported that Monroe University disclosed that threat actors accessed its network for roughly two weeks (December 9 to December 23, 2024) and stole documents later determined to contain personal, financial, and health information. The university stated it determined on September 30, 2025 that certain individuals data was contained in the stolen files, and filings indicated 320,973 individuals were affected. Exposed data elements were described as varying by person and potentially including name, date of birth, Social Security number, drivers license or passport numbers, government ID numbers, medical and health insurance information, email or electronic account usernames and passwords, financial account information, and student-related data. Notifications were mailed beginning January 2, 2026.
