Town of Bourne
January 11, 2025
•[ ransomware, data leak ]
Unauthorized access to Bournes IT network was disclosed after a Jan 11, 2025 cyberattack. MA AG filings list 625 affected MA residents with SSN/financial/drivers-license data. RansomHub later claimed the attack and 100 GB theft; encryption not confirmed.
LG Energy Solution
January 11, 2025
•[ ransomware, data leak, supply chain attack ]
LG Energy Solution confirmed that an overseas facility was hit by a ransomware incident in November 2025, which briefly affected operations before systems were restored. The Akira ransomware group listed LG on its leak site, claiming to have stolen around 1.7 TB of data, including corporate documents and an employee database with personal information. LG stated that the incident was contained to the single facility and that production had resumed, while it continued to investigate the scope of the data theft. The case underscores the risk to global manufacturing supply chains from targeted ransomware operations.
Agfa
January 11, 2025
•[ ransomware, data leak ]
Agfa-Gevaert faced public claims from the Everest ransomware group alleging the theft of Agfa data. Subsequent public reporting indicates Agfa conducted an internal investigation and concluded in early December 2025 that its IT systems were operational and that the data at issue was limited to older, non-sensitive information. Agfas communications emphasized that there was no indication that critical or current sensitive data was compromised. Details such as the initial access vector, the precise systems affected, and whether any encryption or operational disruption occurred were not publicly disclosed in accessible reporting. This entry codes the incident as an unauthorized access/data exposure event based on the companys statement about what information was involved after its probe.
Slovakian Geodesy, Cartography and Cadastre Office (UGKK)
January 10, 2025
•[ ransomware, malware, government ]
A cyber attack targets the Slovakian Geodesy, Cartography and Cadastre Office (UGKK), which manages land and property data. The agencys systems are shut down, and its physical offices closed following an alleged ransomware attack. According to local media reports, the attackers are demanding millions of euros in ransom.
Barts Health NHS
January 8, 2025
•[ ransomware, data leak, vulnerability exploit ]
Barts Health NHS Trust confirmed that the Cl0p ransomware group exploited a vulnerability in Oracle E-Business Suite to access and steal files from one of its invoice databases. The stolen material was described as including patient names and addresses associated with billed care, records related to former staff with unresolved salary issues, and supplier payment details (much of which is already public). The breach was reported as occurring in August 2025 and was not detected until later when data appeared on the threat actors leak site. Barts stated that core clinical systems and electronic patient records were not affected, and it reported the incident to relevant UK authorities and regulators while taking steps to limit further dissemination.
Fieldtex Products, Inc.
January 8, 2025
•[ ransomware, data leak ]
Fieldtex Products Inc., including its e-First Aid Supplies division, reported a data security incident after identifying unauthorized access to certain systems during August 2025. Public reporting associated the incident with the Akira ransomware group, which claimed responsibility on a leak site and alleged it stole corporate documents, though those claims were not independently verified in the available notice. According to reporting on the incident and breach tracking, the event potentially exposed limited protected health information related to individuals, with data elements including name, address, date of birth, member identification number, health plan name, coverage effective and termination dates, and gender. External reporting cited approximately 238,615 affected individuals. Fieldtex indicated it took steps to investigate, mitigate, and notify impacted people; the initial compromise method and the full extent of any data exfiltration beyond the limited PHI described were not publicly detailed in the accessible notice.
Excelsior Orthopaedics
January 7, 2025
•[ ransomware, malware, healthcare ]
Excelsior Orthopaedics notifies approximately 357,000 people that their personal and health information was compromised in a data breach resulting from a ransomware attack that came to light in June 2024.
Addison Northwest School District
January 7, 2025
•[ ransomware, education ]
The Addison Northwest School District (ANWSD) suffers a ransomware attack.
Laramie County Library System
January 7, 2025
•[ ransomware, malware, education ]
CHEYENNE Early Tuesday morning, the Laramie County Library System was the victim of a ransomware attack that shut down library servers and immobilized most digital services.
Valencia Chamber of Commerce
January 7, 2025
•[ ransomware ]
Ransomware in July 2025 with ransom demand; Chamber says damage was minimal and it recovered using backups/security; plans further investment in prevention.
Towne Mortgage
January 6, 2025
•[ ransomware, data leak ]
Towne Mortgage disclosed that a June 2025 incident may have involved a hacker copying data from its network. Reporting on subsequent litigation stated that the lender did not publicly specify how many customers were impacted, but a disclosure referenced at least 474 Massachusetts residents and indicated that Social Security numbers and financial account information were compromised. The same report noted that some cybersecurity blogs attributed the attack to the BlackByte ransomware-as-a-service group, though the company itself did not confirm attribution. Multiple class action lawsuits were filed after the lenders breach announcement, alleging failure to protect sensitive borrower information.
Health Service Executive (HSE) – primary care services, Midlands (third-party processor)
January 2, 2025
•[ ransomware, data breach, third-party breach ]
DataBreaches summarized reporting that the Irish Health Service Executive confirmed a second ransomware attack occurred in February 2025, targeting a third-party processor and resulting in a data protection breach reported by HSE primary care services in the Midlands. The HSE stated there was no evidence that patients data was stolen in the incident, and the brief report did not describe prolonged operational disruption or specify what systems were encrypted. Based on the confirmation of a ransomware incident affecting a processor, this is coded as a disruptive event with limited publicly available detail on scope and duration.
STIIIZY
January 1, 2025
•[ ransomware, retail ]
Popular cannabis brand STIIIZY discloses a data breach after threat actors breached its point-of-sale (POS) vendor to steal customer information, including government IDs and purchase information. The Everest. ransomware group claims responsibility for the attack.
Nikki‑Universal Co. Ltd
January 1, 2025
•[ ransomware, malware, manufacturing ]
Nikki-Universal Co. Ltd., produsen kimia asal Jepang jadi korban serangan ransomware pada Desember 2024. Data dicuri, server tak berfungsi
Cell C
January 1, 2025
•[ ransomware, technology ]
Cell C said that the threat actors that breached its systems and stole a limited amount of customer data identified themselves as the RansomHouse hacking group.
Starkville-Oktibbeha Consolidated School District
January 1, 2025
•[ ransomware, education ]
A data breach that has crippled Starkville-Oktibbeha Consolidated School Districts network appears to be a ransomware attack, according to online sources.
Private individuals (elderly victims in Encino, California)
January 1, 2025
•[ malware, phishing, ransomware ]
Malware infection launched by phishing email locked elderly victims computer, prompting payment of 25,000 USD to scammers; suspect Tai Su was arrested when he arrived to collect another 35,000 USD and later sentenced to 10 months in federal prison.
Cierant Corporation
January 1, 2025
•[ ransomware, data leak ]
SecurityWeek: HHS tracker shows >232k impacted at Cierant (Cleo file transfer/Cl0p) and ~280k at law firm Zumpano Patricios after May 6 intrusion with possible exfiltration.
Fondo Genesis (MetLife)
December 31, 2024
•[ ransomware, malware, finance ]
The ransomware group RansomHub claims responsibility for a breach of MetLife's operations in Latin America. MetLife denies the allegations, acknowledging a separate cyber incident involving Fondo Genesis, a subsidiary operating solely in Ecuador. Claims to have exfiltrated 1TB of data.
Undisclosed U.S. Engineering and Construction Firm
December 29, 2024
•[ ransomware, data leak ]
On December 29 2024, Anubis listed an unnamed U.S. firm from the engineering and construction sector on its leak site. KELA reported the inclusion, and SecurityWeek referenced the finding. Stolen material reportedly included project and client documentation. No encryption or service interruption confirmed.
