Pillsbury Winthrop Shaw Pittman LLP
April 1, 2025
•[ social engineering, data leak, personally identifiable information ]
Global law firm Pillsbury Winthrop Shaw Pittman reported that in April 2025 a sophisticated social-engineering attack allowed an intruder to gain limited access to its internal systems. The attacker convinced a single user to grant access and then rapidly downloaded a set of documents containing sensitive personal information, including names, Social Security numbers, addresses, birthdates, and some financial account details for thousands of people. Pillsbury stated that the activity was quickly detected and blocked, and it subsequently bolstered its security controls and notified affected individuals, with public disclosure occurring on November 6, 2025. The breach has since led to class-action litigation alleging inadequate safeguards and delayed notification.
Orthopaedic Specialists of Connecticut
March 2, 2025
•[ data leak, unauthorized access, personally identifiable information ]
Names, dates of birth, Social Security numbers, insurance and medical information for 22,541 individuals were exposed after an unauthorized third party accessed the practices network on March 2, 2025, per the provider notice and HHS filing.
Freddie Mac
February 19, 2025
•[ data leak, personally identifiable information ]
Breach notice filed with Massachusetts AG on Feb 19, 2025; unauthorized access to files containing consumers SSNs.
The House of Dior
January 26, 2025
•[ data leak, personally identifiable information, supply chain attack ]
Dior disclosed that a database was accessed on Jan 26, 2025 exposing data that includes names, contact details, address, DOB, and in some cases passport/ID or SSN. Believed to be related to broader LVMH/ShinyHunters vendor breach cluster.
Schuster Company
January 30, 2024
•[ data leak, personally identifiable information ]
An unauthorized third party gained access to Schuster Companys network between January 2330, 2024 and exfiltrated employee/driver personally identifiable information. The company publicly disclosed the incident on April 4, 2025.
