Orange Romania
February 24, 2025
•[ financial, hack, leak ]
In February 2025, the Romanian arm of telecommunications company Orange suffered a data breach which was subsequently published to a popular hacking forum. The data included 556k email addresses (of which hundreds of thousands were in the form of [phone number]@as1.romtelecom.net), phone numbers, subscription details, partial credit card data (type, last 4 digits, expiration date and issuing bank). The breach also exposed an extensive number of internal documents.
Goshen Medical Center
February 15, 2025
•[ ransomware, leak, malware ]
BianLian-attributed intrusion at Goshen Medical Center; files accessed on 02/15/2025, detected 03/04/2025; 456,385 affected with PHI/PII including SSNs and DL numbers; listed on BianLians leak site in March; no outage confirmed.
Adpost
February 14, 2025
•[ leak ]
In February 2025, data allegedly obtained from an earlier Adpost breach surfaced. The dataset contained 3.3M records including email addresses, usernames, and display names. Multiple attempts to contact Adpost regarding the incident received no response.
The Lovesac Company
February 12, 2025
•[ ransomware, leak, retail ]
Lovesac confirmed a data breach after a ransomware site listing; letters say attackers accessed internal systems between Feb 12Mar 3, stole PII, and the firm offered 24 months of credit monitoring; RansomHub claimed the attack and threatened leaks; no encryption/service disruption reported.
Baltimore Archdiocese (via Stinson LLP & BRG)
February 1, 2025
•[ leak, finance ]
Protected survivor data exposed from law firm (Stinson LLP) and financial advisor (BRG) systems supporting Archdiocese bankruptcy cases
CenterPoint Energy
January 28, 2025
•[ leak, energy ]
CenterPoint Energy, a large Texas energy company confirms it is investigating reports of stolen customer data that has been published on a cybercriminal forum after it was allegedly taken during the 2023 MOVEit breach.
Doxbin Scrape
January 24, 2025
•[ leak, misconfiguration, technology ]
In January 2025, 435k email addresses were scraped from the "doxing" service Doxbin. Posts to the service are usually intended to disclose the personal information of non-consensually third parties. The data was provided to HIBP by a source who requested it be attributed to "oathnet.ru".
Rostelecom
January 21, 2025
•[ leak, technology ]
A major Russian telecommunications provider, Rostelecom, says that it is investigating a suspected cyberattack on one of its contractors after threat actors from Silent Crow claim to have leaked the company's data.
Cycle & Carriage Singapore
January 21, 2025
•[ hack, leak, retail ]
Cycle & Carriage Singapore disclosed a data breach in which attackers accessed an application server and exfiltrated ~147,000 customer records. No encryption or disruption of operations was reported.
Northwest Radiologists / Mount Baker Imaging
January 20, 2025
•[ hack, leak, healthcare ]
Northwest Radiologists (Mount Baker Imaging) discovered a network intrusion on January 25, 2025, with malicious activity beginning around January 20 that exposed patient data from its systems. The breach compromised PII/PHIincluding names, contact details, dates of birth, SSNs, drivers license/ID numbers, treatment/diagnosis information, medical record and insurance detailsimpacting about 348,118 Washington residents; no ransomware claim or operational disruption was confirmed.
Manpower
January 20, 2025
•[ ransomware, leak, malware ]
Manpower disclosed that a ransomware attack by RansomHub led to the theft of 500GB of files and the exposure of personal data from roughly 140000 individuals. The attackers listed Manpower on their leak site but later removed it, suggesting a ransom settlement.
Otelier
January 17, 2025
•[ leak, misconfiguration, technology ]
Hotel management platform Otelier suffers a data breach after threat actors breached its Amazon S3 cloud storage to stole millions of guests' personal information and reservations for well-known hotel brands like Marriott, Hilton, and Hyatt.
Frame & Optic
January 16, 2025
•[ leak, retail ]
In January 2025, the eyewear seller Frame & Optic suffered a data breach. The incident exposed almost 16k unique email addresses along with names, phone numbers and geolocation data including country, state and postcode. The data was provided to HIBP by a source who requested it be attributed to "oathnet.ru".
FortiGate devices
January 14, 2025
•[ leak, misconfiguration, technology ]
A new group dubbed "Belsen Group" leaks the configuration files, IP addresses, and VPN credentials for over 15,000 FortiGate devices on the dark web in a 1.6 GB archive, allegedly obtained exploiting CVE-2022-40684.
Stealer Logs, Jan 2025
January 13, 2025
•[ leak, malware ]
In January 2025, stealer logs with 71M email addresses were added to HIBP. Consisting of email address, password and the website the credentials were entered against, this breach marks the launch of a new HIBP feature enabling the retrieval of the specific websites the logs were collected against. The incident also resulted in 106M more passwords being added to the Pwned Passwords service.
Bank of America
January 10, 2025
•[ leak, finance ]
Bank of America notifies 414 individuals that their names, addresses, phone numbers, passport numbers, Social Security numbers, and their mortgage load numbers might have been compromised in a data breach at an unnamed third-party provider.
Wolf Haldenstein Adler Freeman & Herz
January 10, 2025
•[ leak ]
Wolf Haldenstein Adler Freeman & Herz LLP ("Wolf Haldenstein") a U.S. Law Firm, reports it has suffered a data breach that exposed the personal information of nearly 3.5 million individuals to threat actors.
United Nations' International Civil Aviation Organization (ICAO)
January 7, 2025
•[ leak, government ]
The United Nations' International Civil Aviation Organization (ICAO) announces it is investigating what it describes as a "reported security incident." 42,000 recruitment application data records are affected.
Nodex
January 6, 2025
•[ hack, leak, technology ]
Ukrainian hacktivists, part of the Ukrainian Cyber Alliance group, announce they had breached Russian internet service provider Nodex's network and wiped hacked systems after stealing sensitive documents.
Gravy Analytics
January 4, 2025
•[ leak, technology ]
Gravy Analytics, a major player in the location data broker market confirms to Norway's Data Protection Authority that it was breached by a threat actor who obtained an unknown number of files.
