Foster City
March 19, 2026
•[ cyberattack, service disruption, network intrusion ]
GovTech (via SFGATE/TNS) reported a cyberattack that left Foster City (Bay Area; ~33,000 residents) largely paralyzed for five consecutive days after suspicious activity was discovered on the citys computer network on Thursday morning (Mar. 19, 2026). City officials said most computer systems were taken offline as a precaution while independent cybersecurity specialists investigate and remediate. Most government services were suspended with no restart timeline provided, while police and 911 services continued operating. Public reporting did not confirm the intrusion vector, ransomware group, or whether data was exfiltrated; the confirmed primary effect is prolonged disruption of municipal services.
Undisclosed U.S. aerospace and defense firm
March 6, 2026
•[ backdoor, data exfiltration, nation-state actor ]
SecurityWeek summarized Broadcom Symantec/Carbon Black reporting that Iran-linked MuddyWater (also known as Seedworm/Mango Sandstorm and linked to Irans MOIS) had established presence in multiple organizations networks, including a US airport, a US bank, an NGO operating in the US and Canada, an aerospace and defense contractor, and a software company with a presence in Israel. The report said MuddyWater deployed a new backdoor called Dindoor in several environments and a Python backdoor called Fakeset in others, and attempted to exfiltrate data from the software companys Israeli branch.
SmarterTools
January 29, 2026
•[ ransomware, network intrusion, vulnerability ]
SmarterTools confirmed that the Warlock ransomware gang breached its network after compromising a single SmarterMail virtual machine set up by an employee and not kept updated. The company said the intrusion began January 29, 2026 and that the attackers waited about a week before attempting encryption, but security controls reportedly prevented encryption, impacted systems were isolated, and data was restored from backups. SmarterTools stated business applications and customer account data were not impacted.
Center for Life Resources
November 14, 2025
•[ unauthorized access, network intrusion, data breach ]
Center for Life Resources identified unauthorized access to its network in mid-November 2025 and determined that files containing sensitive personal and protected health information may have been accessed or copied, which was later disclosed in regulatory notifications.
Charlottesville Settlement Company
September 1, 2025
•[ data breach, network intrusion, data theft ]
WVIR (29News) reported that Charlottesville Settlement Company disclosed a September 2025 data breach that was discovered on March 10, 2026 and communicated to affected individuals in a letter dated March 18. The company said an unknown actor broke into its network and stole customers personal information, impacting 22,041 customers. The firm provides title insurance and settlement services for real estate transactions. The report did not enumerate specific data elements stolen, but stated affected individuals were offered credit monitoring and reimbursement coverage.
US Mortgage
May 13, 2025
•[ ransomware, unauthorized access, data breach ]
US Mortgage disclosed that an unauthorized third party gained access to a portion of its computer network in May 2025 in a ransomware event, and outside reporting tied the incident to SAFEPAY.
Polish Space Agency (Polsa)
March 2, 2025
•[ cyberattack, network intrusion, service disruption ]
The Polish Space Agency (POLSA) went offline after detecting a cyberattack that forced it to disconnect its internal network from the internet to contain the incident. National cybersecurity teams, including CSIRT NASK and CSIRT MON, were engaged to assist in investigating and restoring operations. While POLSA did not disclose specific details, internal sources suggested that email systems were compromised. As a member of the European Space Agency, POLSA temporarily suspended several digital services while ensuring containment, system recovery, and investigation into potential espionage or disruption motives behind the attack.
Lake Washington Vascular
February 14, 2025
•[ network intrusion ]
Provider reported network intrusion; notice filed with Hhs on February twenty-five.
Eckerd Youth Alternatives Inc
November 11, 2024
•[ unauthorized access, network intrusion, data breach ]
Eckerd Connects reported that it observed suspicious activity within its network environment on or around November 11, 2024. In response, it took steps to mitigate the threat (including taking certain systems offline) and engaged outside specialists to investigate. Following an extensive forensic investigation and manual document review, Eckerd Connects determined on November 17, 2025 that personal information may have been accessed or acquired by an unauthorized party during the period from November 3, 2024 through November 11, 2024. Potentially involved data elements include first/last name, address, date of birth, Social Security number, drivers license/state ID number, tax identification number, and medical information.
Drug and Alcohol Treatment Service (DATS)
October 5, 2024
•[ data leak, network intrusion, negligence ]
22,215 patient and employee records containing names, addresses, dates of birth, Social Security numbers, and medical treatment information were accessed during a network intrusion discovered October 2024 at Drug and Alcohol Treatment Service (DATS) in Scranton, Pennsylvania; no ransom demand or actor identified; eight class-action lawsuits filed in May 2025 alleged negligent data protection.
