Norway Savings Bank
August 14, 2025
•[ data leak, supply chain ]
Norway Savings Bank reported that a third-party data services provider suffered a security incident on August 14, 2025, allowing an external actor to access portions of its hosted environment that contained bank customer data. The breach potentially exposed personal and financial information for about 44,259 Maine residents, including identifiers and account details, although no misuse had been confirmed at the time of disclosure. The banks own systems were not directly compromised, but it engaged cybersecurity experts, reviewed transaction patterns, and began offering credit monitoring and identity-theft protection to affected customers.
Coinbase
May 15, 2025
•[ insider threat, data leak, supply chain ]
Coinbase disclosed a data breach involving bribed third-party support agents; customer data was accessed and losses estimated at $180$400M for remediation and reimbursements.
Baker School District
December 19, 2024
•[ data leak, supply chain ]
PowerSchool national breach (Dec 1924, 2024) impacted districts incl. Baker; district announced vendor notifications and monitoring steps.
Undisclosed South Korean company 5
November 1, 2024
•[ supply chain, malware ]
Lazarus leveraged infected supplier web pages to gain access to semiconductor sector organizations in Korea.
ALN Medical Management, LLC
March 18, 2024
•[ data leak, supply chain, healthcare ]
ALN Medical Management, LLC, a revenue-cycle management provider for healthcare practices, reported unauthorized access to third-party hosted systems between March 18 and 24, 2024, exposing sensitive patient and financial data.
