Czech Police, Interior Ministry, and other government offices
July 31, 2025
•[ government, hacktivism ]
iRozhlas reports hackers attacked Czech police and government websites in retaliation for cooperation in Ukraine-related operations.
Ministry of iTaukei Affairs
July 31, 2025
•[ hack, government ]
The Ministry of iTaukei Affairs official Facebook page was hacked again after an April 2025 incident.
Foreign embassies in Moscow (multiple missions)
July 31, 2025
•[ espionage, malware, government ]
FSB-linked APT Secret Blizzard (Turla) used ISP-level access in Russia to deliver espionage malware against multiple foreign embassies in Moscow; campaign disclosed by Microsoft. Data stolen likely includes diplomatic emails/credentials; exact volume not reported.
Undisclosed European ministry
July 31, 2025
•[ malware, apt, intelligence collection ]
HackRead reports DoNot APT deployed LOPTiKMod malware against a European ministry to collect intelligence; attribution aligns with prior DoNot operations.
Singapore traffic enforcement (dataset of offenders)
July 31, 2025
•[ data leak, government ]
AsiaOne reports that 1,300 names and addresses of traffic offenders were published online; police are investigating.
Town of Bar Harbor, Maine
July 30, 2025
•[ social, phishing, government ]
Bar Harbor discovered on July 30, 2025 that four municipal email accounts were compromised and used to send phishing messages. Town offices were closed July 31Aug 1 while systems were secured. CrowdStrike and FBI confirmed no ransomware, encryption, malware, financial theft, or data exfiltration.
City of Saint Paul, Minnesota
July 25, 2025
•[ cyberattack, government, service disruption ]
A cyberattack on Saint Paul led to widespread service disruptions; Minnesota activated the National Guard to support response and recovery.
Government servers of Russian-occupied Crimea
July 25, 2025
•[ hack, government ]
Ukraines military intelligence agency said it hacked into government servers in Russian-occupied Crimea that allegedly contained evidence of Russias forced deportation of Ukrainian children from occupied territories.
Parliament of Aruba
July 25, 2025
•[ hack, government ]
Parliamentary email systems in Aruba were hacked in late July 2025, compromising official accounts. The attack affected email communications but did not disrupt broader parliamentary operations. No attribution or data theft has been confirmed.
Curaçao Tax & Customs Administration
July 24, 2025
•[ ransomware, malware, government ]
Ransomware attack on July 24, 2025 encrypted and paralyzed systems of Curaaos Tax & Customs Administration, disabling counters, phone lines, and internal operations. Online tax filing remained active. Services restored by August 4. No perpetrator identified; no data exfiltration reported.
Curaçao Tax & Customs Administration
July 24, 2025
•[ ransomware, operational disruption, government ]
Ransomware attack on July 24, 2025 encrypted and paralyzed systems of Curaaos Tax & Customs Administration, disabling counters, phone lines, and internal operations. Online tax filing remained active. Services restored by August 4. No perpetrator identified; no data exfiltration reported.
Joint Court of Justice (Dutch Caribbean)
July 23, 2025
•[ hack, malware, government ]
A malware infection on July 23, 2025 forced the shutdown of the Joint Court of Justices entire IT network across six islands. Judicial case management, filings, and email were fully disrupted until restoration began around July 28. No group has claimed responsibility; no data exfiltration confirmed.
North St. Paul Police Department
July 23, 2025
•[ phishing, government, hack ]
A phishing email compromised a single business email account in the North St. Paul Police Department around July 23 2025. The incident was swiftly contained with no service disruption and no confirmed data exfiltration, though data compromise is being investigated. Disclosed August 5 2025.
Dutch Public Prosecution Service (Openbaar Ministerie)
July 17, 2025
•[ hack, government ]
Systems shut down after discovery of unauthorized access via Citrix.
Snake River Correctional Institution
July 7, 2025
•[ insider threat, unauthorized access, data breach ]
A former Snake River Correctional Institution Library Coordinator, Demetre Gennette, improperly acquired Oregon Department of Corrections records between July 7, 2025 and early January 2026. The extraction involved more than 7.5GB of data across more than 33,000 files and resulted in unauthorized access to personal information belonging to staff, vendors, adults in custody, and visitors. Gennette was later indicted on charges including computer crime, aggravated theft, official misconduct, supplying contraband, and custodial sexual misconduct.
U.S. federal judiciary CM/ECF & PACER systems
July 4, 2025
•[ hack, leak, government ]
The U.S. federal judiciarys electronic case filing systems (CM/ECF and PACER) were breached around July 4, 2025. Sensitive sealed dataincluding indictments, arrest warrants, and identities of confidential informantswas accessed across multiple district courts. Reports suggest possible theft of system source code and tampering with ~12 dockets. The precise volume of data stolen is unknown, but officials confirmed that a significant number of sealed case files were exposed.
Federal Emergency Management Agency (FEMA) and U.S. Customs and Border Protection (CBP)
July 1, 2025
•[ hack, government ]
Attackers gained unauthorized access to FEMA Region 6s Citrix-based virtual desktop infrastructure beginning July 2025, exfiltrating sensitive employee data from both FEMA and CBP systems. The compromise originated from stolen credentials and enabled lateral movement between federal systems before detection.
Luzerne County Government
July 1, 2025
•[ hack, government ]
Luzerne County, Pennsylvania reported a data breach in July 2025 after discovering unauthorized access to county servers. Investigation suggests personal and possibly financial data were exposed, though no service disruption or encryption was reported.
Operation Endgame 2.0
June 23, 2025
•[ ransomware, malware, government ]
In May 2025, a coalition of law enforcement agencies took down the criminal infrastructure behind the malware used to launch ransomware attacks in a new phase of "Operation Endgame". This followed the first Operation Endgame exercise a year earlier, with the latest action resulting in 15.3M victim email addresses being provided to HIBP by law enforcement. A further 43.8M victim passwords were also provided for HIBP's Pwned Passwords service.
Glasgow City Council
June 19, 2025
•[ data leak, government, supply chain attack ]
Glasgow City Council detected malicious activity on servers managed by supplier CGI on 19 June 2025; online payment and school-absence systems were taken offline; possible theft of customer data under investigation; no financial systems affected.
