Mt. Spokane Pediatrics
January 1, 2026
•[ ransomware, data leak, healthcare ]
Mt. Spokane Pediatrics experienced unauthorized access to certain systems in its network environment on or about January 1, 2026, and files containing patient information were removed. LockBit 5.0 claimed responsibility on January 3, 2026 and threatened to leak the stolen data. The clinic's forensic investigation determined on April 22, 2026 that exfiltrated files contained personal and protected health information for 32,021 individuals, including 29,410 Washington accounts.
WhiteDate
December 29, 2025
•[ data breach, data leak, personal information ]
In December 2025, the dating website "for a Europid vision" WhiteDate suffered a data breach that was subsequently leaked online, initially exposing 6.1k unique email addresses. The leaked data included extensive personal information such as physical appearance, income, education and IQ. A more comprehensive dataset was later provided to HIBP, containing usernames, IP addresses, private messages, phpBB password hashes and a total of 20k unique email addresses.
ASC Ortho Management Company, LLC d/b/a Aligned Orthopedic Partners
December 16, 2025
•[ email environment breach, unauthorized access, personal information ]
ASC Ortho Management Company, LLC d/b/a Aligned Orthopedic Partners identified unusual activity in its email environment on December 8, 2025 and later determined that an unknown actor had unauthorized access to the email environment between November 16 and December 16, 2025, potentially accessing certain emails and files containing personal and protected health information. Aligned Orthopedic mailed notices to affected individuals on April 17, 2026.
Erie Family Health Centers
December 10, 2025
•[ unauthorized access, data leak, medical records ]
Erie Family Health Centers detected unauthorized access in January 2026 and later determined that an unauthorized third party accessed its network between December 10, 2025 and January 27, 2026, exposing personal, financial, credential, medical, and health insurance information for approximately 570,000 individuals.
Florida Physician Specialists
November 27, 2025
•[ unauthorized access, data breach, personal information ]
Florida Physician Specialists said unauthorized access to its network occurred between approximately November 27 and November 29, 2025. A review completed on April 6, 2026 determined that personal, financial, medical, and health insurance information may have been removed from the network, affecting 276,498 individuals.
NYC Health + Hospitals
November 25, 2025
•[ third-party breach, healthcare data, biometric data ]
Unauthorized actors accessed NYC Health + Hospitals systems through a third-party vendor between approximately November 25, 2025 and February 2026, exposing personal, medical, health insurance, biometric, and financial information of approximately 1.8 million individuals.
Western Orthopaedics
September 17, 2025
•[ data leak, ransomware, personal information ]
Western Orthopaedics confirmed that an unauthorized actor accessed files between September 17 and September 25, 2025, exposing personal, health insurance, medical billing, and financial information for 113,330 individuals. PEAR claimed responsibility and reportedly leaked the stolen data after ransom was not paid.
Charlottesville Settlement Company
September 1, 2025
•[ data breach, network intrusion, data theft ]
WVIR (29News) reported that Charlottesville Settlement Company disclosed a September 2025 data breach that was discovered on March 10, 2026 and communicated to affected individuals in a letter dated March 18. The company said an unknown actor broke into its network and stole customers personal information, impacting 22,041 customers. The firm provides title insurance and settlement services for real estate transactions. The report did not enumerate specific data elements stolen, but stated affected individuals were offered credit monitoring and reimbursement coverage.
Elmcrest Children’s Center, Inc.
August 12, 2025
•[ unauthorized access, data leak, health information ]
Elmcrest Childrens Center, Inc. detected unauthorized access to its computer network on August 12, 2025. The investigation determined that files containing information for approximately 23,500 individuals were accessed, including names, addresses, dates of birth, treatment details, and insurance information.
American Lending Center
July 24, 2025
•[ ransomware, internal network compromise, data breach ]
American Lending Center experienced a ransomware attack between July 24 and July 30, 2025, in which a threat actor compromised its internal network, executed ransomware, and accessed files that may have contained personal and sensitive information. No named ransomware group, confirmed encryption details, outage duration, or specific disrupted systems were publicly reported.
Williams Hart & Boundas
June 30, 2025
•[ phishing, unauthorized access, personal information ]
Williams Hart & Boundas discovered that a firm email account had sent and received phishing emails and determined the account had been accessed by an unauthorized individual; review found personal information in the account, and a Texas filing reported 7,844 affected Texas residents.
Murex Petroleum Corporation
May 27, 2025
•[ unauthorized access, data breach, personal information ]
Unauthorized access to Murex Petroleum Corporation systems resulted in the access and acquisition of certain individuals personal information, as disclosed in a regulatory filing with the New Hampshire Department of Justice.
CFD Investments, Inc.
March 15, 2025
•[ unauthorized access, email account compromise, data leak ]
Unauthorized access to an employee email account at CFD Investments, Inc. resulted in exposure of client personal and financial information between March 15 and May 9, 2025; affected individuals were notified beginning January 28, 2026.
Syracuse Police Department, N.Y.
January 10, 2025
•[ unauthorized access, social security numbers, personal information ]
Syracuse Police Department detected a security incident on Jan. 11, 2025, shut down its computer system to prevent spread, and later determined that certain digital files were accessed or acquired without authorization between Jan. 10 and Jan. 12; notifications were sent in 2026 to people whose personal information, including Social Security numbers, may have been compromised.
Duo Info
January 1, 2025
•[ hacking, matchmaking service, personal information ]
A Duo employee's work computer was hacked in January 2025, compromising personal information of 427,464 matchmaking service clients, including identifiers, contact details, and detailed personal profile information.
Town of Apex
June 23, 2024
•[ ransomware, unauthorized access, data breach ]
The Town of Apex experienced a ransomware event in which unauthorized actors accessed town systems from June 23 to July 2, 2024, uploaded town data to a cloud storage provider, and potentially affected personal information of about 22,000 residents; Apex later recovered the data through court action.
Woodfords Family Services
April 8, 2024
•[ unauthorized access, personal information, protected health information ]
Woodfords Family Services reported that after discovering suspicious activity in its network on April 8, 2024, it determined that certain files and folders were subject to unauthorized access and that personal and protected health information may have been compromised.
MinnesotaWorks.net
September 6, 2023
•[ unauthorized access, data leak, insider threat ]
The Department of Employment and Economic Development (DEED) in Minnesota notifies jobseekers of a data breach involving unauthorized access to their personal information at the MinnesotaWorks.net platform, after a person claiming to be an employee allegedly, viewed and copied user resume information without authorization.
AssociaÃÆ'Ã'§ÃÆ'Ã'£o de Advogados de SÃÆ'Ã'£o Paulo (AASP)
February 22, 2023
•[ ransomware, data leak, personal information ]
The Ragnar Locker ransomware gang leaks 200 GB of files from the Associa o de Advogados de S''o Paulo (AASP) plus numerous screenshots with personal information after the association denies it was hacked.
Brazilian Triathlon Confederation (cbtri.org.br)
August 5, 2016
•[ data leak, personal information, financial details ]
Anonymous leaked personal, financial and login details from domains like'the Brazilian Confederation of Modern Pentathlon (pentatlo.org.br), official Site of the Brazilian Handball Confederation (brasilhandebol.com.br),Brazilian Confederation of Boxing (cbboxe.com.br) and Brazilian Triathlon Confederation (cbtri.org.br).