Full List

Search

Search Results (leak)

• Venice Film Festival July 7, 2025 • [ hack, leak ] On July 7, 2025, unauthorized actors accessed and copied documents from the Venice Film Festivals servers, extracting personal data of attendees, including journalists and industry professionals. Systems were proactively isolated by the festivals IT team, and authorities were notified. There is no indication of data encryption, nor disruption of payment, booking, or ticketing systems. Notifications to affected individuals began around early August 2025.
• U.S. federal judiciary CM/ECF & PACER systems July 4, 2025 • [ hack, leak, government ] The U.S. federal judiciarys electronic case filing systems (CM/ECF and PACER) were breached around July 4, 2025. Sensitive sealed dataincluding indictments, arrest warrants, and identities of confidential informantswas accessed across multiple district courts. Reports suggest possible theft of system source code and tampering with ~12 dockets. The precise volume of data stolen is unknown, but officials confirmed that a significant number of sealed case files were exposed.
• MPOWERHealth June 29, 2025 • [ ransomware, leak, hack ] WorldLeaks, a criminal ransomware group, claimed responsibility for a June 29, 2025 cyberattack on MPOWERHealth in Addison, Texas. The attackers exfiltrated roughly 1.5 TB of data (over 1.6 million files), including PHI, insurance claims, internal documents, login credentials, and cyber-insurance records. While negotiations began, the company ceased responding, after which WorldLeaks leaked the stolen files. Reports indicate data theft and exposure but no confirmed operational outage.
• Netstar June 23, 2025 • [ leak, ransomware ] Data details undisclosed publicly; breach confirmed as involving data leak following refusal to pay ransom.
• Vietnam Airlines June 20, 2025 • [ hack, leak, technology ] In October 2025, data stolen from the Salesforce instances of multiple companies by a hacking group calling itself "Scattered LAPSUS$ Hunters" was publicly released. Among the affected organisations was Vietnam Airlines, which had 7.5M unique customer email addresses exposed following a breach of its Salesforce environment in June of that year. The compromised data also included names, phone numbers, dates of birth, and loyalty program membership numbers.
• Viva Health Insurance June 14, 2025 • [ leak, misconfiguration, healthcare ] Viva Health, an Alabama-based health insurance company headquartered in Birmingham, experienced exposure of a web-accessible file from June 14 to August 27, 2025. The file contained limited PHI for about 4,945 members and was removed upon discovery. No misuse or encryption was reported.
• Kering June 12, 2025 • [ hack, leak, retail ] Kering confirms June 2025 intrusion affecting multiple brands; ShinyHunters claims Salesforce-based exfiltration (43M+ Gucci, ~13M others); media verified samples and 7.4M unique emails; Kering says no financial/ID data; denies negotiations, which DataBreaches disputes with chat logs and a BTC micro-payment.
• Operation PAR, Inc. June 10, 2025 • [ ransomware, leak, healthcare ] On June 10, 2025, Operation PAR, Inc., a Florida nonprofit providing addiction and mental health services, was hit by the Worldleaks ransomware group. The attacker exfiltrated around 485 GB of datanearly 900,000 files containing sensitive PII and PHIand later posted it on a dark-web leak site. No encryption or service disruption was confirmed.
• Omnicuris June 8, 2025 • [ leak, healthcare ] In June 2025, the Indian CME platform Omnicuris suffered a data breach that exposed approximately 200k records of healthcare professionals. The data included names, email addresses, phone numbers, geographic locations and other data attributes relating to professional expertise and training progress. Omnicuris is aware of the incident.
• West Texas Oral Facial Surgery May 29, 2025 • [ hack, ransomware, leak ] West Texas Oral Facial Surgery suffered a cyberattack beginning May 29, 2025, when INC RANSOM gained unauthorized access to its systems. Patient files including names, imaging data, and treatment reasons were exfiltrated, but no encryption of systems was reported. SSNs, financial information, and the electronic medical records system were not affected. The breach impacted over 11,000 individuals and was reported to HHS-OCR on August 2 and to the Texas Attorney General on August 4.
• ColoCrossing May 24, 2025 • [ leak, misconfiguration, technology ] In May 2025, hosting provider ColoCrossing identified a data breach that impacted customers of their ColoCloud virtual server product. ColoCrossing advised the incident was isolated to their cloud/VPS platform and stemmed from a single sign-on vulnerability. 7k email addresses were exposed in the incident along with names and MD5-Crypt password hashes.
• Columbia University IT Systems May 16, 2025 • [ leak, education ] An unauthorized actor gained access to university systems on May 16, 2025, and exfiltrated approximately 460GB of sensitive personal, financial, and health data following an IT outage; patient records from the medical center were unaffected; notifications are underway
• PDI Health May 14, 2025 • [ ransomware, leak, malware ] On May 14, 2025, PDI Health discovered a cyberattack when the Everest ransomware group infiltrated its internal systems and exfiltrated sensitive patient records. The group leaked samples and claimed responsibility on the dark web, revealing more than 373,000 records stolen. No evidence of encryption or service disruption was confirmed.
• Tiffany & Co May 12, 2025 • [ leak, retail ] Tiffany determined on 09/09/2025 that an unauthorized party accessed gift cardrelated customer data from an incident occurring ~05/12/2025; 2,590 customers affected; exposed data include PII and gift card number + PIN; separate earlier Korea/vendor incident noted but relation unclear.
• Anchorage Neighborhood Health Center May 9, 2025 • [ leak, healthcare ] Anonymous group claims theft of ANHC patient records (10k, later 60k); FBI aware; at least one patient contacted with personal data. ANHC initiated investigation and took systems offline; scope/details pending.
• Ualabee May 6, 2025 • [ leak, misconfiguration, technology ] In May 2025, the South American mobility services platform Ualabee had hundreds of thousands of records scraped from an interface on their platform. The data included 472k unique email addresses along with names, profile photos, dates of birth and phone numbers.
• OnTrac April 13, 2025 • [ leak ] Delivery company OnTrac has suffered a data breach that exposed the personal information of over 40,000 people.
• Samsung Germany Customer Tickets March 30, 2025 • [ leak, malware, technology ] In March 2025, data from Samsung Germany was compromised in a data breach of their logistics provider, Spectos. Allegedly due to credentials being obtained by malware running on a Spectos employee's machine, the breach included 216k unique email addresses along with names, physical addresses, items purchased from Samsung Germany and related support tickets and shipping tracking numbers.
• TehetségKapu March 26, 2025 • [ leak, education ] In March 2025, almost 55k records were breached from the Hungarian education office website TehetsgKapu. The data was subsequently published to a popular hacking forum and included email addresses, names and usernames.
• Sansone Group March 22, 2025 • [ leak ] A data breach at Sansone Group LLC in late March 2025 exposed sensitive PIIfull names and SSNs of an unknown number of individuals. Notifications were sent on July 21; the state AG was notified on August 21. Levi & Korsinsky LLP is investigating possible legal claims.