Cuero Chamber of Commerce
January 26, 2026
•[ malware, social engineering, ClickFix ]
The Cuero Chamber of Commerce reported a malware/social engineering incident affecting its web properties after a customer noticed suspicious activity in an email sent January 26. The chamber said users registering for an event were shown a CAPTCHA prompt and then instructed to press Windows+R and paste/run contentbehavior consistent with ClickFix social engineering designed to trick victims into executing malicious commands on their own devices. The chamber stated that the Cuero Development Corporation website was the only confirmed security breach and that significant data loss occurred, and it believed the malware was introduced via a third-party platform (Shopify) used for event registration. The chamber said it could not determine how many people or organizations were affected and implemented additional safeguards.
French Office for Immigration and Integration (OFII)
January 1, 2026
•[ data leak, hacking, third-party breach ]
A hacker posted samples of foreigners personal data online on January 1, 2026, stating on a specialist forum that the information was obtained by hacking the French Office for Immigration and Integration (OFII) and that the motive was profit. Reporting described two posted samples: one with fewer than 1,000 foreign nationals and another involving 600 Israelis currently or previously residing in France, with fields such as names, date of entry, status/reasons for stay, email addresses, and phone numbers. OFII confirmed a data theft but said the intrusion was linked to a subcontractor/operator with access to OFII data rather than directly compromising OFIIs information system.
Goldman Sachs (via Fried Frank Harris Shriver & Jacobson LLP)
December 19, 2025
•[ data leak, third-party breach ]
Goldman Sachs notified clients that some client data may have been exposed following a cybersecurity incident at its external law firm, Fried Frank; Goldman stated its own systems were not compromised.
Truenorth Corporation
November 25, 2025
•[ ransomware, third-party breach, government ]
Puerto Rico officials reported a Thanksgiving-week cyberattack targeting IT contractor Truenorth Corporation that briefly disrupted systems used by three major agencies: the Department of Education, the Puerto Rico Health Insurance Administration (ASES), and the State Insurance Fund Corporation (CFSE). Reporting cited an independent cybersecurity source describing the incident as ransomware detected on Nov. 25, 2025, with rapid ripple effects into those agencies systems. Officials stated citizen data was not compromised, and other agencies under Truenorth contracts (including the State Elections Commission) were reported as not affected. The events primary confirmed impact was short-term operational disruption across multiple government agencies tied to the vendors environment.
ModMed (Modernizing Medicine)
October 24, 2025
•[ data leak, healthcare, third-party breach ]
Modernizing Medicine (ModMed) said it discovered unauthorized activity on July 29, 2025, and confirmed that attackers had accessed and exfiltrated data from servers hosting podiatry-client EHR information between July 910. Exposed fields include full names, addresses, DOB, SSNs, contact details, health insurance info, medical record and patient account numbers, dates of service, providers/practices, billing/diagnostic codes, prescription/medication data, and diagnosis/treatment information; providers were notified on September 19 and patients on October 17. Days later, a seller advertised a partial EHR database (1,0001,500 podiatry patient records) on a breach forum/Telegram, indicating financially motivated data trafficking, though ModMed has not confirmed a second intrusion. Overall impact: large-scale PHI exposure from vendor-hosted servers, with evidence of downstream data sale attempts.
Dodd Group
October 19, 2025
•[ data leak, third-party breach ]
Report claims Russian group accessed contractor and leaked MoD base documents
Windsor International Airport
October 14, 2025
•[ hacktivism, unauthorized access, third-party breach ]
Unauthorized pro-Palestinian messages played; one Delta flight delayed; third-party cloud PA cited
Renault UK
October 3, 2025
•[ data leak, third-party breach ]
Third-party service provider breach affecting Renault UK customer records; exposed contact and vehicle identifiers; Renault says own systems not compromised.
Discord
October 3, 2025
•[ data leak, third-party breach ]
Third-party customer support vendor was breached, exposing support tickets, personal data, limited billing details, and a small number of government-ID images; Discord core systems unaffected.
Vitas Hospice
September 21, 2025
•[ data leak, third-party breach, healthcare ]
Vitas Hospice Services (Vitas Healthcare) detected a cybersecurity intrusion on 10/24/2025. According to the organizations breach notice and subsequent reporting, the threat actor gained access to certain Vitas systems by using a compromised third-party vendor account. The unauthorized access persisted from approximately 09/21/2025 through 10/27/2025, and the attacker downloaded files containing personal information of current and former patients. Exposed data elements included identifiers (name, address, phone number, date of birth), government identifiers (drivers license number and Social Security number), and protected health information such as medical and insurance details, plus next-of-kin contact information. Government breach tracking and reporting indicated 319,177 individuals were affected. Vitas stated it took steps to secure systems, investigate, and notify impacted individuals, though the specific malware or group responsible was not publicly identified.
Personic Management Company LLC d/b/a Personic Health
August 29, 2025
•[ data leak, healthcare, third-party breach ]
Healthcare management firm Personic Management Company (Personic Health) reported that an unauthorized actor accessed a third-party software platform used to process patient information on August 29, 2025. The intrusion, discovered on September 1, enabled the attacker to obtain data containing patients names and associated protected health information from Personic-affiliated providers. After engaging external cybersecurity experts and notifying law enforcement, Personic filed breach notices with state regulators and began sending letters to impacted individuals, warning them about identity-theft risks and the potential misuse of their medical data.
Personic Management Company LLC
August 29, 2025
•[ data leak, unauthorized access, third-party breach ]
Personic reported unauthorized activity affecting a third-party software platform it used to process patient information. The company stated it became aware of the issue on September 1, 2025, and an investigation concluded an unauthorized actor accessed the platform on August 29, 2025 and obtained certain data. The public notice stated the impacted data may include names and protected health information. Personic reported filing a notice with the Maine Attorney Generals office and beginning notification of impacted individuals on November 18, 2025.
CoVantage Credit Union
August 14, 2025
•[ data leak, third-party breach ]
CoVantage reported a data breach originating at its third-party vendor, Marquis Software Solutions. CoVantage learned on 08/14/2025 that Marquis experienced a cybersecurity incident affecting its internal environment, and Marquis later determined that files containing CoVantage customer information had been accessed or acquired. CoVantage filed notice with the Maine Attorney General and began notifying affected individuals on 11/26/2025.
Industrial Credit Union of Whatcom County
August 14, 2025
•[ data leak, third-party breach ]
Industrial Credit Union of Whatcom County reported a data breach stemming from a security incident at a third-party communication delivery vendor that provides print and email services to financial institutions; the credit union stated its own systems were not breached. The potentially impacted data includes names, dates of birth, Social Security numbers, and financial/banking information. The credit union filed notice with the Washington State Attorney Generals office and began sending notification letters to impacted individuals on Nov. 26, 2025. Public reporting linked this incident to the Marquis Software Solutions vendor intrusion detected on Aug. 14, 2025.
Canada Goose
August 1, 2025
•[ data leak, third-party breach, customer records ]
BleepingComputer reported that Canada Goose was investigating after ShinyHunters leaked more than 600,000 customer records. Canada Goose said it had not found evidence its own systems were breached and believed the data related to past customer transactions. ShinyHunters told BleepingComputer the dataset was unrelated to recent SSO attacks and claimed it originated from a third-party payment processor breach and dates back to August 2025. The exposed data was described as including purchase history plus device/browser information and order values; it did not appear to include full payment card numbers.
Canada Goose
July 4, 2025
•[ data leak, third-party breach, customer records ]
In February 2026, a data breach allegedly containing data relating to Canada Goose customers was published publicly. The data contained 920k records with 582k unique email addresses and included names, phone numbers, IP addresses, physical addresses and partial credit card data, specifically card type and last 4 digits. Canada Goose advised that the data "appears to relate to past customer transactions" and stated that it originated from a breach at a third party in August 2025. The most recent transaction date in the data is July 2025.
With Intelligence Ltd. (via third-party PeopleCheck)
June 28, 2025
•[ data leak, third-party breach, compromised credentials ]
On June 28, 2025, threat actors using compromised login credentials accessed PeopleCheck systems, a third-party provider for With Intelligence Ltd., resulting in exposure of sensitive personal information of job candidates and employeesincluding SSNs and birth dates. No evidence of data encryption or disruption. With Intelligence notified the affected parties by July 11, 2025 and provided 24 months of credit monitoring.
Tiffany & Co.
May 26, 2025
•[ data leak, third-party breach ]
Selected Tiffany Korea customers notified of unauthorized access to a vendor system used for customer data; reporting to date only confirms impact on Korean/Chinese customers and does not indicate EU/US exposure or operational disruption.
Toppan Next Tech
April 7, 2025
•[ ransomware, data leak, third-party breach ]
A ransomware attack on DBS Bank's third-party printing vendor Toppan Next Tech in Singapore led to the potential exposure of around 8,200 DBS customer statements and related letters, mostly for DBS Vickers trading and Cashline loan accounts. The attacker compromised Toppan's systems, leaving encrypted statement files potentially accessible, but DBS' own banking infrastructure and customer funds remained unaffected. Exposed data in the printed correspondence includes customers' names, mailing addresses and details of equity holdings or loan accounts, while passwords, government ID numbers and balances were not part of the leak. Authorities and cybersecurity agencies are assisting the investigation as DBS halts work with the vendor and notifies affected customers.
Western Alliance Bank
March 18, 2025
•[ data leak, third-party breach ]
Western Alliance Bank notified 21,899 customers that their personal information was stolen after a breach of a third-party secure file transfer system. The breach occurred between October 12 and October 24, 2024, and exposed names, Social Security numbers, dates of birth, financial account numbers, drivers licence numbers, tax IDs and/or passport information. The company found no evidence of fraudulent use yet and is providing one year of complimentary credit monitoring to those impacted.
