MP Kalyan Banerjee
November 8, 2025
•[ online banking fraud, identity theft, insider threat ]
Reports from Indian media state that cybercriminals somehow obtained the ability to operate a dormant State Bank of India account held by Trinamool Congress MP Kalyan Banerjee, transferring about 5556 lakh from his active Kalighat branch account into the dormant account and then withdrawing the full amount; the bank has filed a complaint with the Kolkata Police cybercrime division, which is investigating how forged or manipulated KYC information, including Banerjees photo and mobile number, was used to facilitate the online banking fraud and whether any internal security lapses contributed to the theft.
Kaufman County
October 1, 2025
•[ data leak, identity theft, government ]
A letter dated Oct 1 states personal data in Kaufman County systems may have been accessed; residents received 24 months of credit monitoring. This disclosure came three weeks before a second October incident, indicating repeated compromise pressure against the countys environment and elevating identity-theft risk even where misuse is not yet observed.
Personic Management Company LLC d/b/a Personic Health
August 29, 2025
•[ data leak, healthcare, third-party breach ]
Healthcare management firm Personic Management Company (Personic Health) reported that an unauthorized actor accessed a third-party software platform used to process patient information on August 29, 2025. The intrusion, discovered on September 1, enabled the attacker to obtain data containing patients names and associated protected health information from Personic-affiliated providers. After engaging external cybersecurity experts and notifying law enforcement, Personic filed breach notices with state regulators and began sending letters to impacted individuals, warning them about identity-theft risks and the potential misuse of their medical data.
Stubhub
March 6, 2025
•[ vulnerability exploitation, data leak, third-party breach ]
A cybercrime group exploited a URL redirection vulnerability in a third-party contractor system for StubHub to steal around 1,000 digital tickets for major events, including Taylor Swifts Eras Tour. The stolen tickets, valued at approximately $635,000, were resold online for profit. The scheme operated between June 2022 and July 2023 before being uncovered through a coordinated investigation by cybersecurity and law enforcement agencies. Two individuals, Tyrone Rose and Shamara P. Simmons, were arrested and charged with grand larceny, identity theft, and computer tampering in connection with the operation.
Bangladesh e-Apostille service (MyGov) - impersonated portal
January 10, 2025
•[ phishing, data leak, identity theft ]
A fraudulent website mimicking Bangladeshs official e-apostille platform exposed sensitive personal documents belonging to more than 1,100 citizens. The fake portal generated fabricated apostille certificates with QR codes that redirected users to a sequentially ordered database where changing digits in the URL revealed other applicants scanned records, a weakness consistent with insecure direct object reference (IDOR). Leaked materials reportedly included national ID cards, passports, academic and marriage certificates, trade licences, business agreements, and other private records that could enable identity theft and targeted fraud. Officials indicated the fraud operation appeared to have been active since October 2025.
