At least one Russian industrial company
January 1, 2025
•[ phishing, spyware, data leak ]
Kaspersky-reported campaign uses phishing and a new spyware ('Batavia') to exfiltrate sensitive documents and system info from Russian industrial firms.
Kenton County School District
December 20, 2024
•[ social, phishing, education ]
Personal data from current and former students in Kenton County School District are compromised in a phishing scheme.
Boone County School District
December 19, 2024
•[ social, phishing, education ]
Personal data from current and former students in Boone County School District are compromised in a phishing scheme.
"Tony" (undisclosed crypto investor)
December 18, 2024
•[ social, phishing, finance ]
A scammer impersonating Google manages to phish 45 bitcoins approximately $4,725,000 at todays value from Tony, a 42-year-old professional from northern California.
Integrated Oncology Network (multiple practices)
December 13, 2024
•[ phishing, data leak ]
Phishing incident Dec 1316, 2024 led to unauthorized access to a small number of email and SharePoint accounts; by late June 2025, notices mailed; HHS lists grew to 22 locations affecting 116,557 patients.
Individuals in South Korea
December 11, 2024
•[ financial, phishing, finance ]
A South Korean law enforcement operation, dubbed Operation Midas, and carried out by the Korean Financial Security Institute (K-FSI), takes down a large-scale fraud network that extorted $6.3m from victims with fake online trading platforms.
Ukrainian Defense Companies and Security and Defense Forces
December 7, 2024
•[ social, phishing, government ]
The Computer Emergency Response Team of Ukraine (CERT-UA) discover a series of phishing emails targeting Ukrainian defense companies and security and defense forces with a fake NATO standards conference. Some recipients opened the phishing emails execiting the malicious RAR attachments.
Coinbase users
December 1, 2024
•[ phishing, social engineering ]
Between December 2024 and January 2025, criminal phishing campaigns impersonating Coinbase support stole approximately $65 million in cryptocurrency from hundreds of users worldwide. Attackers used fake login pages, wallet-draining scripts, and social-engineering messages to capture credentials and bypass two-factor authentication. Coinbase confirmed that its own systems were not breached.
Grand Forks Public Schools
November 21, 2024
•[ financial, phishing, education ]
Grand Forks Public Schools loses $2.2M to a phishing scam
City of Clark Fork
November 15, 2024
•[ social, phishing, government ]
The City of Clark Fork is scammed out of half a million dollars by a man posing as its construction contractor.
Kumamoto Prefecture Violence Prevention Movement Promotion Center
November 15, 2024
•[ social, phishing, government ]
The Kumamoto Prefecture Violence Prevention Movement Promotion Center says that 2,500 people who have used its counseling services (which aid with everything from evading extortion to disentangling romantically from Yakuza members) have been impacted by a data breach following a successful phishing attack.
Town of Webster, New York
November 15, 2024
•[ financial, social, phishing ]
The Town of Webster fell victim to a phishing scam in November 2024, when scammers impersonated a contractor and tricked officials into diverting $520,275.67. Criminal investigation recovered over $300,000, and cyber insurance is expected to cover the remainder. No sensitive or confidential data was compromised.
Northwest Asthma & Allergy Center
November 12, 2024
•[ hack, phishing, healthcare ]
An unauthorized party accessed an employees email account on November 12, 2024, compromising sensitive patient data at Northwest Asthma & Allergy Center. The breach was discovered and contained by November 13. At least ~1,000 patients were notified by January 2, 2025, and the incident was reported to HHS OCR. Investigation did not find evidence of exfiltration beyond what was accessible via the compromised mailbox.
Fall Mountain Regional School District
November 1, 2024
•[ phishing, data leak ]
District warned community after phishing scam; vendor ids and emails exposed.
Individuals
October 31, 2024
•[ financial, phishing, retail ]
Researchers at Human reveal that more than 1,000 legitimate shopping sites have been compromised to promote fake product listings in a credit card phishing scheme dubbed Phish n Ships,
Fillmore County Hospital
October 27, 2024
•[ phishing, data leak ]
An unauthorized party accessed an employee email account on 2024-10-27. Investigation completed 2024-12-18. Affected data includes personal, medical, payment, and insurance information. Individuals were notified 2025-02-13.
Ou Medicine (Ou Health)
October 18, 2024
•[ phishing, data leak ]
Ou Health reported unauthorized access to two email accounts impacting patient information.
Westmoreland County
October 16, 2024
•[ social, phishing, government ]
Municipal Authority of Westmoreland County officials say the water and sewer utility has recovered more than $826,000 that was stolen in what it called a vendor impersonator scheme.
The Good Life Medical Staff LLC
October 15, 2024
•[ phishing, data leak ]
Healthcare staffing firm reported email account compromise exposing sensitive information
General Dynamics
October 10, 2024
•[ social, phishing, manufacturing ]
Aerospace and defense giant General Dynamics says threat actors compromised dozens of employee benefits accounts after a successful phishing campaign targeting its personnel.
