Community Health Center (CHC)
January 2, 2025
•[ leak, healthcare ]
Community Health Center (CHC), a leading Connecticut healthcare provider, notifies over 1 million patients of a data breach that impacted their personal and health data.
InfoCert via Third Party Ticketing Vendor
January 2, 2025
•[ hack, leak, technology ]
I dati sottratti messi in vendita sul dark web. L'azienda provider di servizi di identit digitale rassicura:Informazioni sottratte sono quelle delle richieste di assistenza clienti, i dati di accesso a InfoCert non sono stati compromessi
MedSave Health Insurance
January 1, 2025
•[ leak, healthcare ]
A threat actor with the Moniker 0mid16B claims to have breached MedSave Health Insurance TPA Ltd (MedSave), stealing 561 gigabytes of databases, containing data of 10,617,943 people.
Visionworks
January 1, 2025
•[ leak, healthcare ]
The federal suit, which seeks class-action status, alleges a data breach exposed 40,000 customers' private data.
Trusteed Plans Service Corporation
December 26, 2024
•[ leak, finance ]
TPSC detected a breach on 12/26/2024; investigation found unauthorized access and data acquisition. A data review completed 08/07/2025 identified 19,775 impacted individuals. Notices sent 09/1509/16/2025 detail exposure of PII/PHI (DOB, SSN, health info; sometimes insurance IDs). No outage or misuse evidence reported.
Speedio
December 24, 2024
•[ leak, misconfiguration, technology ]
In December 2024, data alleged to have been taken from the Brazilian lead generation platform Speedio was posted for sale to a popular hacking forum. The data was allegedly obtained from an unsecured Elasticsearch instance and contained over 62M records of largely public business information including company names, phone numbers and physical addresses, along with 27M unique email addresses, predominantly from public services such as Gmail and Outlook. Speedio did not respond to multiple attempts to disclose the incident, and the origin of the data could not be independently verified. The data was provided to HIBP by a source who requested it be attributed to "ayame@xmpp.jp".
Cornwell Quality Tools
December 20, 2024
•[ leak, manufacturing ]
Cornwell Quality Tools discovered a data breach (Dec 20, 2024), later completed an investigation (Aug 4, 2025) and mailed notices (Sept 4, 2025) offering credit monitoring; exposed data may include names, SSNs, DL numbers, financial accounts, and medical information
Fota Wildlife Park
December 5, 2024
•[ financial, hack, leak ]
People who purchased tickets to visit Fota Wildlife Park in Cork, Ireland, are warned to cancel their bank cards following the discovery of a cyberattack that may have exposed the data on those cards.
Multiple e-commerce platforms
December 2, 2024
•[ leak, retail ]
At least 100,000 customers' personal information, including credit cards, is believed to have been stolen from 11 e-commerce websites from multiple organizations in Japan including the coffee chain Tully's Coffee Japan and the national federation of fisheries cooperatives (JF Zengyoren).
Pembina Trails School Division
December 2, 2024
•[ ransomware, financial, leak ]
Canadian school division compromised by Rhysida ransomware Dec 2, 2024. Attack disrupted thousands of devices and exposed ~35,000+ student records and staff payroll/financial data. Group attempted $1.7M ransom before leaking stolen data on the dark web.
Port of Rijeka
November 30, 2024
•[ ransomware, financial, leak ]
The 8Base ransomware group hits Croatias Port of Rijeka, stealing sensitive data, including contracts and accounting info.
Bologna Football Club 1909
November 29, 2024
•[ ransomware, leak ]
Bologna Football Club 1909 confirms it suffered a ransomware attack after its stolen data is leaked online by the RansomHub extortion group.
Undisclosed prisons in the U.K.
November 23, 2024
•[ leak, government ]
Confidential prison layouts in the U.K. are leaked onto the dark web.
Senior Dating
November 23, 2024
•[ leak, misconfiguration, technology ]
In 2024, the 40+ dating website Senior Dating suffered a data breach. Attributed to an exposed Firebase database, the breach included extensive personal information on 766k users of the service including email addresses, photos, genders, links to Facebook accounts, dates of birth and precise latitude and longitude, among other personal attributes. The website was shut down after the breach was acknowledged by the site operator in December, along with a breach of the "ladies.com" website run by the same organisation.
Numocity
November 21, 2024
•[ leak, technology ]
The threat actor named CyberN-----s claims to have breached Tesla leaking 116,000 rows of data. in reality the data belongs to Numocity, a manufacturer of EV charging software, middleware, smart charges and more.
Yonéma
November 21, 2024
•[ leak, finance ]
In November 2024, data from the Senegalese payment platform Yonma was posted to a popular hacking forum. The data included 36k unique email addresses alongside phone numbers, names and what appears to be encrypted passwords and dates of birth.
Central Group
November 20, 2024
•[ leak, retail ]
A threat actor with the moniker 0mid16B claims to have breached the1 Card membership system across every retail and consumer brand under the Central Group, and to have stolen 5,108,826 records.
Undisclosed Law Firm
November 19, 2024
•[ leak, misconfiguration, government ]
A threat actor, who goes online with the name name Altam Beezley, gained access to a computer file shared in a secure link among lawyers whose clients have given damaging testimony related to Matt Gaetz, the former Florida congressman who is President-elect Donald J. Trumps choice to be attorney general.
FlipaClip
November 18, 2024
•[ leak, misconfiguration, technology ]
In November 2024, the animation app FlipaClip suffered a data breach that exposed almost 900k records due to an exposed Firebase server. The impacted data included name, email address, country and date of birth. FlipaClip advised the issue has since been rectified.
Southern Graphics
November 18, 2024
•[ leak ]
Cybersecurity breach at SGS & Co. starting Nov 18, 2024, exposing PII/PHI of over 31,000 individuals. Enterprise-wide forensic review conducted; notifications in early September 2025; multiple law firms investigating possible claims.
