Merck Sharp & Dohme LLC
December 19, 2024
•[ data leak, supply chain attack ]
Merck stated it was informed that its data was found within files impacted by a security incident at vendor Graebel Companies, Inc. After internal review, Merck determined certain current and former employees personal information was included in the impacted data and began notifying affected individuals. Reported potentially impacted elements included names and financial account information. The underlying vendor incident involved unauthorized access to or taking of certain files from the vendors network during a defined window in December 2024, with subsequent file review and customer notifications occurring later.
Hertz Global Holdings
December 1, 2024
•[ data leak, supply chain attack, vulnerability exploit ]
Hertz confirmed that customer personal data was stolen through exploitation of zero-day vulnerabilities in its vendor Cleo Communications managed file transfer platform between October and December 2024. The company completed analysis on April 2 2025 and disclosed the breach publicly on April 10 2025. The compromised data included names, contact information, drivers license numbers, and limited payment and identification information. No encryption or operational disruption was reported.
Mutua Madrileña
September 27, 2024
•[ cyber attack, data leak, third-party breach ]
Mutua Madrilea suffers a cyber attack on its home customer base, through an external provider, which affects thousands of customers.
Korrespondent.net
June 27, 2017
•[ NotPetya, ransomware, malware ]
Threat actors deploy a tool, called NotPetya, with the purpose of encrypting data on victims' machines and rendering it unusable. The malware was spread through tax software that companies and individuals require for filing taxes in Ukraine and spread globally.'Australia, Estonia,'Denmark, Lithuania, Ukraine, the United Kingdom, and the United States issued statements attributing NotPetya to Russian state-sponsored actors.
