Ungava Tulattavik Health Centre (UTHC)
January 11, 2025
•[ data leak, phishing ]
Ungava Tulattavik Health Center in Kuujjuaq (Nunavik, Quebec) disclosed it was the victim of a cyberattack in November 2025. The centre said the attack was blocked upon detection, but warned that files containing clinical and administrative information related to some people who use the health centre and some employees may have been stolen. The centre established a crisis unit, deployed enhanced surveillance/security tools, and worked with the Sret du Qubec, the Nunavik Regional Board of Health and Social Services, and Sant Qubecs Cyber Defence Operational Centre during the investigation. Officials advised users and employees to monitor bank accounts and watch for suspicious emails or calls while the incident response and review continued.
Lifebridge Health
January 10, 2025
•[ hack, phishing, healthcare ]
LifeBridge Health sent letters to patients and families about an email phishing incident that was discovered on Nov. 12.
Bangladesh e-Apostille service (MyGov) - impersonated portal
January 10, 2025
•[ phishing, data leak, identity theft ]
A fraudulent website mimicking Bangladeshs official e-apostille platform exposed sensitive personal documents belonging to more than 1,100 citizens. The fake portal generated fabricated apostille certificates with QR codes that redirected users to a sequentially ordered database where changing digits in the URL revealed other applicants scanned records, a weakness consistent with insecure direct object reference (IDOR). Leaked materials reportedly included national ID cards, passports, academic and marriage certificates, trade licences, business agreements, and other private records that could enable identity theft and targeted fraud. Officials indicated the fraud operation appeared to have been active since October 2025.
Individual in Linz, Austria
January 9, 2025
•[ financial, phishing ]
Vor neuerlichen Phishing-Attacken ber sogenannte Wiederverkaufsplattformen im Internet warnt die Arbeiterkammer Obersterreich (AK O). Einer Linzerin waren ber einen Trick ihre Kontodaten herausgelockt und rund 8.000 Euro abgebucht worden, ehe sie den Betrug bemerkte.
City of Corvallis (Councilor Paul Schaffer)
January 8, 2025
•[ hack, phishing, government ]
A Corvallis city councilor's email is hacked by a scammer and used to reach nearly 3,500 email addresses in an attempt to steal the recipients' personal information.
Stroboertje Food Bank
January 4, 2025
•[ financial, phishing, healthcare ]
Voedselbank Stroboertje in Merksem, een van de grootste voedselbanken van Antwerpen, is slachtoffer geworden van phishing. De organisatie zag inmiddels al meer dan 20.000 euro van hun rekening verdwijnen en zit met de handen in het haar. Ik denk zelfs dat we ons personeel niet gaan kunnen betalen, we gaan mensen moeten ontslaan deze maand.
Private individuals (elderly victims in Encino, California)
January 1, 2025
•[ malware, phishing, ransomware ]
Malware infection launched by phishing email locked elderly victims computer, prompting payment of 25,000 USD to scammers; suspect Tai Su was arrested when he arrived to collect another 35,000 USD and later sentenced to 10 months in federal prison.
At least one individual tricked by scam network impersonating CNN, BBC, CNBC
January 1, 2025
•[ phishing, scam, impersonation ]
Global phishing and investment scam campaign impersonating CNN, BBC, and CNBC; CTM360 identified over 17,000 fake sites used to steal identity and financial data through bogus crypto platforms like Eclipse Earn, Solara, and Vynex
At least one Russian industrial company
January 1, 2025
•[ phishing, spyware, data leak ]
Kaspersky-reported campaign uses phishing and a new spyware ('Batavia') to exfiltrate sensitive documents and system info from Russian industrial firms.
Kenton County School District
December 20, 2024
•[ social, phishing, education ]
Personal data from current and former students in Kenton County School District are compromised in a phishing scheme.
Boone County School District
December 19, 2024
•[ social, phishing, education ]
Personal data from current and former students in Boone County School District are compromised in a phishing scheme.
"Tony" (undisclosed crypto investor)
December 18, 2024
•[ social, phishing, finance ]
A scammer impersonating Google manages to phish 45 bitcoins approximately $4,725,000 at todays value from Tony, a 42-year-old professional from northern California.
Integrated Oncology Network (multiple practices)
December 13, 2024
•[ phishing, data leak ]
Phishing incident Dec 1316, 2024 led to unauthorized access to a small number of email and SharePoint accounts; by late June 2025, notices mailed; HHS lists grew to 22 locations affecting 116,557 patients.
Individuals in South Korea
December 11, 2024
•[ financial, phishing, finance ]
A South Korean law enforcement operation, dubbed Operation Midas, and carried out by the Korean Financial Security Institute (K-FSI), takes down a large-scale fraud network that extorted $6.3m from victims with fake online trading platforms.
Ukrainian Defense Companies and Security and Defense Forces
December 7, 2024
•[ social, phishing, government ]
The Computer Emergency Response Team of Ukraine (CERT-UA) discover a series of phishing emails targeting Ukrainian defense companies and security and defense forces with a fake NATO standards conference. Some recipients opened the phishing emails execiting the malicious RAR attachments.
Coinbase users
December 1, 2024
•[ phishing, social engineering ]
Between December 2024 and January 2025, criminal phishing campaigns impersonating Coinbase support stole approximately $65 million in cryptocurrency from hundreds of users worldwide. Attackers used fake login pages, wallet-draining scripts, and social-engineering messages to capture credentials and bypass two-factor authentication. Coinbase confirmed that its own systems were not breached.
Grand Forks Public Schools
November 21, 2024
•[ financial, phishing, education ]
Grand Forks Public Schools loses $2.2M to a phishing scam
City of Clark Fork
November 15, 2024
•[ social, phishing, government ]
The City of Clark Fork is scammed out of half a million dollars by a man posing as its construction contractor.
Kumamoto Prefecture Violence Prevention Movement Promotion Center
November 15, 2024
•[ social, phishing, government ]
The Kumamoto Prefecture Violence Prevention Movement Promotion Center says that 2,500 people who have used its counseling services (which aid with everything from evading extortion to disentangling romantically from Yakuza members) have been impacted by a data breach following a successful phishing attack.
Town of Webster, New York
November 15, 2024
•[ financial, social, phishing ]
The Town of Webster fell victim to a phishing scam in November 2024, when scammers impersonated a contractor and tricked officials into diverting $520,275.67. Criminal investigation recovered over $300,000, and cyber insurance is expected to cover the remainder. No sensitive or confidential data was compromised.
