U.S. federal judiciary CM/ECF & PACER systems
July 4, 2025
•[ hack, leak, government ]
The U.S. federal judiciarys electronic case filing systems (CM/ECF and PACER) were breached around July 4, 2025. Sensitive sealed dataincluding indictments, arrest warrants, and identities of confidential informantswas accessed across multiple district courts. Reports suggest possible theft of system source code and tampering with ~12 dockets. The precise volume of data stolen is unknown, but officials confirmed that a significant number of sealed case files were exposed.
Clinical Diagnostics NMDL (Eurofins) lab systems
July 3, 2025
•[ hack, healthcare ]
A breach at the Clinical Diagnostics NMDL lab in Rijswijk compromised personal and medical data of women who participated in cervical cancer screenings; hackers accessed the data starting July 3, 2025, with notification to affected individuals beginning around August 11
University of Iowa Community HomeCare
July 3, 2025
•[ hack, healthcare ]
Cybercriminal gained unauthorized access to UI Community HomeCare computer system on July 3, 2025; systems restored within one business day but files containing patient information were viewed and copied.
Royal Health
July 3, 2025
•[ hack, healthcare ]
Data breach at Royal Health Inc. detected on or about July 3, 2025, where an unauthorized party accessed documents potentially containing full names and Social Security numbers. The breach was disclosed to the Massachusetts Attorney General and notifications began August 21. Compensation inquiries are underway under Levi & Korsinsky LLPs investigation.
Luzerne County Government
July 1, 2025
•[ hack, government ]
Luzerne County, Pennsylvania reported a data breach in July 2025 after discovering unauthorized access to county servers. Investigation suggests personal and possibly financial data were exposed, though no service disruption or encryption was reported.
Federal Emergency Management Agency (FEMA) and U.S. Customs and Border Protection (CBP)
July 1, 2025
•[ hack, government ]
Attackers gained unauthorized access to FEMA Region 6s Citrix-based virtual desktop infrastructure beginning July 2025, exfiltrating sensitive employee data from both FEMA and CBP systems. The compromise originated from stolen credentials and enabled lateral movement between federal systems before detection.
MPOWERHealth
June 29, 2025
•[ ransomware, leak, hack ]
WorldLeaks, a criminal ransomware group, claimed responsibility for a June 29, 2025 cyberattack on MPOWERHealth in Addison, Texas. The attackers exfiltrated roughly 1.5 TB of data (over 1.6 million files), including PHI, insurance claims, internal documents, login credentials, and cyber-insurance records. While negotiations began, the company ceased responding, after which WorldLeaks leaked the stolen files. Reports indicate data theft and exposure but no confirmed operational outage.
Somerset County Children & Youth Services
June 26, 2025
•[ hack, healthcare ]
Email accounts of Somerset County CYS were breached during a fourday period; exposed data includes Social Security and insurance IDs, medical dates, condition/treatment info, sometimes paternity testing info; no confirmed misuse yet; County working with forensics, notifying affected, improving email security and staff training.
Carter Credit Union
June 25, 2025
•[ hack, finance ]
A cybercriminal infiltrated Carter Credit Unions network between June 25 and July 2, 2025, accessing files containing personal and medical information of approximately 68,934 individuals. Investigations are ongoing, notifications have been sent, and affected members were offered credit monitoring services. Law firms are reviewing legal claims.
Union Home Mortgage Corp.
June 25, 2025
•[ hack, finance ]
Union Home Mortgage Corp. experienced unauthorized access to internal servers, exposing personal and identification data of roughly 24,000 customers. No encryption or ransomware activity was reported.
Vietnam Airlines
June 20, 2025
•[ hack, leak, technology ]
In October 2025, data stolen from the Salesforce instances of multiple companies by a hacking group calling itself "Scattered LAPSUS$ Hunters" was publicly released. Among the affected organisations was Vietnam Airlines, which had 7.5M unique customer email addresses exposed following a breach of its Salesforce environment in June of that year. The compromised data also included names, phone numbers, dates of birth, and loyalty program membership numbers.
Sree Padmanabhaswamy Temple
June 13, 2025
•[ hack, insider, financial ]
On June 13, 2025, the Sree Padmanabhaswamy Temples computer system in Kerala, India, was hacked, suspected to involve a former IT staff member retaining access after transfer. Critical operational and financial records were accessed and tampered with, though no encryption or ransomware-style disruption was reported. The breach was discovered by temple officials and reported to police, with a forensic probe launched.
Kering
June 12, 2025
•[ hack, leak, retail ]
Kering confirms June 2025 intrusion affecting multiple brands; ShinyHunters claims Salesforce-based exfiltration (43M+ Gucci, ~13M others); media verified samples and 7.4M unique emails; Kering says no financial/ID data; denies negotiations, which DataBreaches disputes with chat logs and a BTC micro-payment.
Sturgis Hospital
June 12, 2025
•[ hack, healthcare ]
Sturgis Hospital confirmed a second unauthorized network access event discovered in June 2025 while investigating an earlier breach. The incident involved potential access to protected health information. No ransomware or disruption to hospital operations was reported.
Phil Smith Automotive Group
June 10, 2025
•[ hack, retail ]
Unauthorized access to Phil Smith Automotive Group systems resulted in exfiltration of personal data. Approximately 12,274 individuals were affected. No encryption occurred; breach notices were mailed July 31, 2025.
Precision Endodontics of Raleigh
June 10, 2025
•[ hack, healthcare ]
Precision Endodontics discovered unauthorized access to an email account on June 10, 2025. The breach exposed patient names and email addresses, and for some individuals, patient portal usernames and passwords. No misuse has been identified. The incident was reported to HHS-OTCR on August 5 and security improvements have been implemented.
Chess.com
June 5, 2025
•[ hack ]
Chess.com says 4,500 people had data stolen during June breach.
West Texas Oral Facial Surgery
May 29, 2025
•[ hack, ransomware, leak ]
West Texas Oral Facial Surgery suffered a cyberattack beginning May 29, 2025, when INC RANSOM gained unauthorized access to its systems. Patient files including names, imaging data, and treatment reasons were exfiltrated, but no encryption of systems was reported. SSNs, financial information, and the electronic medical records system were not affected. The breach impacted over 11,000 individuals and was reported to HHS-OCR on August 2 and to the Texas Attorney General on August 4.
SonicWall
May 9, 2025
•[ hack, brute-force, technology ]
Threat actors brute-forced the MySonicWall portal and accessed cloud backup firewall preference files for a subset of customers (<5%). SonicWall terminated access, issued Essential Credential Reset guidance, and involved law enforcement. Risk centers on reuse of secrets/config intelligence for follow-on compromises.
Unnamed U.S. Banking Organization
May 9, 2025
•[ social, misconfiguration, finance ]
ReliaQuest links Scattered Spider to renewed activity against U.S. financial services, including a bank intrusion achieved via social engineering + Azure AD SSPR, followed by lateral movement (Citrix/VPN), ESXi compromise, and cloud data access attempts (Snowflake/AWS).
