The House of Dior
January 26, 2025
•[ data leak, personally identifiable information, supply chain attack ]
Dior disclosed that a database was accessed on Jan 26, 2025 exposing data that includes names, contact details, address, DOB, and in some cases passport/ID or SSN. Believed to be related to broader LVMH/ShinyHunters vendor breach cluster.
Munson Healthcare (via Cerner legacy systems)
January 22, 2025
•[ data leak, third party breach, healthcare data ]
Munson Healthcare confirmed that an unauthorized third party gained access to and obtained data maintained by its electronic health record vendor, Cerner, on legacy Cerner systems used by Munson. The investigation indicated access occurred at least as early as January 22, 2025, and could have exposed patient identifiers and clinical information, including Social Security numbers and medical record data. Munson and Cerner reported taking steps to secure the affected systems and notified impacted individuals with options for identity-protection services.
EyeCare Partners
January 1, 2025
•[ email compromise, unauthorized access, data breach ]
EyeCare Partners disclosed that an unauthorized third party accessed certain ECP-managed email accounts between December 3, 2024 and January 28, 2025. The accessed files may have contained personal identifiers and limited health-related information, including addresses, dates of birth, Social Security numbers, drivers license numbers, health plan information, and limited clinical information; the notice emphasized that full medical records and detailed clinical information were not impacted. The organization reported the incident to Massachusetts regulators on February 4, 2026 and began outreach and remediation steps consistent with an email-system compromise.
Schuster Company
January 30, 2024
•[ data leak, personally identifiable information ]
An unauthorized third party gained access to Schuster Companys network between January 2330, 2024 and exfiltrated employee/driver personally identifiable information. The company publicly disclosed the incident on April 4, 2025.
Thai Public Health Ministry’s Immunization Centre.
January 22, 2024
•[ data leak, hacktivism, personally identifiable information ]
A threat actor named '9Near Hacktivist' claims to leak 55 million records allegedly taken from the Thai Public Health Ministrys Immunization Centre.
Windows93 / Myspace93
January 1, 2021
•[ data breach, plain text passwords, software exploit ]
In January 2021, the parody site Windows93 suffered a data breach of the Myspace93 sub-site after a beta application was exploited to download server files. The compromised data was later leaked in June and included 46k Myspace93 accounts containing email and IP addresses, usernames and passwords stored in plain text.
