SmarterTools
January 29, 2026
•[ ransomware, network intrusion, vulnerability ]
SmarterTools confirmed that the Warlock ransomware gang breached its network after compromising a single SmarterMail virtual machine set up by an employee and not kept updated. The company said the intrusion began January 29, 2026 and that the attackers waited about a week before attempting encryption, but security controls reportedly prevented encryption, impacted systems were isolated, and data was restored from backups. SmarterTools stated business applications and customer account data were not impacted.
Center for Life Resources
November 14, 2025
•[ unauthorized access, network intrusion, data breach ]
Center for Life Resources identified unauthorized access to its network in mid-November 2025 and determined that files containing sensitive personal and protected health information may have been accessed or copied, which was later disclosed in regulatory notifications.
Polish Space Agency (Polsa)
March 2, 2025
•[ cyberattack, network intrusion, service disruption ]
The Polish Space Agency (POLSA) went offline after detecting a cyberattack that forced it to disconnect its internal network from the internet to contain the incident. National cybersecurity teams, including CSIRT NASK and CSIRT MON, were engaged to assist in investigating and restoring operations. While POLSA did not disclose specific details, internal sources suggested that email systems were compromised. As a member of the European Space Agency, POLSA temporarily suspended several digital services while ensuring containment, system recovery, and investigation into potential espionage or disruption motives behind the attack.
Lake Washington Vascular
February 14, 2025
•[ network intrusion ]
Provider reported network intrusion; notice filed with Hhs on February twenty-five.
Eckerd Youth Alternatives Inc
November 11, 2024
•[ unauthorized access, network intrusion, data breach ]
Eckerd Connects reported that it observed suspicious activity within its network environment on or around November 11, 2024. In response, it took steps to mitigate the threat (including taking certain systems offline) and engaged outside specialists to investigate. Following an extensive forensic investigation and manual document review, Eckerd Connects determined on November 17, 2025 that personal information may have been accessed or acquired by an unauthorized party during the period from November 3, 2024 through November 11, 2024. Potentially involved data elements include first/last name, address, date of birth, Social Security number, drivers license/state ID number, tax identification number, and medical information.
Drug and Alcohol Treatment Service (DATS)
October 5, 2024
•[ data leak, network intrusion, negligence ]
22,215 patient and employee records containing names, addresses, dates of birth, Social Security numbers, and medical treatment information were accessed during a network intrusion discovered October 2024 at Drug and Alcohol Treatment Service (DATS) in Scranton, Pennsylvania; no ransom demand or actor identified; eight class-action lawsuits filed in May 2025 alleged negligent data protection.
