Qantas
June 30, 2025
•[ data leak, third-party ]
Qantas detected unusual activity on a thirdparty contactcenter platform; a significant amount of customer data may be stolen; airline core systems remained secure.
York County
May 27, 2025
•[ data leak, third-party ]
County alerted residents to a possible data privacy event involving a vendor.
Income Insurance
May 25, 2025
•[ ransomware, data leak, third-party ]
Bonus statements of at least 146 policyholders compromised after ransomware at printing/mailing vendor DataPost; exposed data includes names, postal address, policy number/plan, and 2024 annual bonus; Income says its own systems remain secure and investigation continues.
CareNexa dba Molecular Testing Labs
March 13, 2025
•[ ransomware, third-party ]
MTL disclosed that a data hosting/security vendor suffered a ransomware incident on or about March 13, 2025, potentially affecting information in MTLs possession; investigations and notifications initiated.
Bpost
January 12, 2025
•[ ransomware, data leak, third-party ]
Reporting indicated that data attributed to Belgian postal operator bpost appeared on the TridentLocker ransomware leak site (about 30GB across thousands of files). Subsequent reporting cited a bpost spokesperson confirming a cyber incident and describing a limited data leak tied to a third-party exchange/platform used by a specific department (not linked to letters or parcels). The company stated it took immediate measures to contain the incident and said affected customers would be informed, while postal delivery operations were not expected to be endangered.
Vultr
July 8, 2022
•[ data leak, third-party ]
In March 2023, the "AI-first global cloud platform" Vultr disclosed a security incident at a third-party vendor. Dating back to the previous year, the incident was attributed to the ActiveCampaign email marketing service provider and resulted in the exposure of 188k unique email addresses. A small number of records also included name, IP address and country of origin. No Vultr systems or additional customer data were impacted. Vultr subsequently self-submitted the impacted data to HIBP.
