Ahold Delhaize USA Services, LLC
November 5, 2024
•[ ransomware, unauthorized access, employee data ]
Ahold Delhaize USA detected unauthorized access to U.S. business systems on November 56, 2024. The incident disrupted some U.S. brand, pharmacy, e-commerce, and internal systems, and INC Ransom later claimed responsibility. Ahold Delhaize said files were taken from internal U.S. business systems and later disclosed that 2,242,521 individuals were affected, mostly current and former employees, dependents, and beneficiaries; DataBreach indexed 417,907 rows tied to the breach. The company said customer payment and pharmacy systems were not believed to have been affected.
Methodist Homes of Alabama and Northwest Florida
October 2, 2024
•[ unauthorized access, healthcare data breach, network incident ]
Methodist Homes of Alabama and Northwest Florida reported an incident involving unauthorized access to its network between October 2 and October 14, 2024. The organization notified HHS on January 30, 2025 that 908 patients were affected, and later notified the Maine Attorney Generals Office in October 2025 that the incident affected 25,579 individuals in total.
19 stations, including London Cannon Street, London Bridge, Charing Cross, Clapham Junction, Euston, King’s Cross, Liverpool Street, Paddington, Victoria, Waterloo, Reading, Guildford, Manchester Piccadilly, Liverpool Lime Street, Birmingham New Street, Leeds, Bristol Temple Meads, Edinburgh Waverley, Glasgow Central
September 26, 2024
•[ cyber-security incident, public Wi-Fi hacking, defacement ]
U.K. transport officials and police say they are investigating a cyber-security incident that hit the public Wi-Fi networks at the countrys biggest railway stations and displayed an anti-Islam message in the login page.
Lebanon’s telecoms networks
September 23, 2024
•[ hacking, telecommunications, cyber warfare ]
Israeli military officials warn residents in southern Lebanon and parts of Beirut to evacuate villages and neighbourhoods, sparking concerns that Israel had hacked into its northern neighbours telecommunications networks.
Fidelity Brokerage Services LLC
August 17, 2024
•[ unauthorized access, fraudulent requests, internal database ]
An unauthorized third party accessed and obtained information from Fidelity's computer network between August 17 and August 19, 2024, using two recently established customer accounts to submit fraudulent requests to an internal database that housed document images. Massachusetts regulators later fined Fidelity Brokerage Services LLC $1.25 million over cybersecurity-control and notification failures tied to the breach.
Dr. F.H. Wigmore Regional Hospital patients
July 1, 2024
•[ insider threat, unauthorized access, privacy breach ]
Saskatchewans Information and Privacy Commissioner found a privacy breach at Dr. F.H. Wigmore Regional Hospital where an emergency department unit clerk inappropriately accessed their own health record and the records of 98 other people, for a total of 102 accesses between July 2024 and June 2025. The decision found the employee also disclosed information learned from records in at least two instances, including sharing private health information with a co-worker and texting a family member about another relatives hospital admission.
Humboldt Independent Practice Association (IPA)
June 26, 2024
•[ data leak, healthcare, unauthorized access ]
Between June 26 and July 1 2024, an unauthorized actor accessed a Humboldt Independent Practice Association email account containing protected health information. Exposed data may include patient names, contact details, birth dates, diagnoses, insurance, and identification numbers. No evidence of encryption or confirmed data exfiltration has been reported. The breach was disclosed to HHS in November 2024 and publicly announced on February 15 2025.
Town of Apex
June 23, 2024
•[ ransomware, unauthorized access, data breach ]
The Town of Apex experienced a ransomware event in which unauthorized actors accessed town systems from June 23 to July 2, 2024, uploaded town data to a cloud storage provider, and potentially affected personal information of about 22,000 residents; Apex later recovered the data through court action.
Maryhaven, Inc.
May 30, 2024
•[ data leak, healthcare, unauthorized access ]
Maryhaven, a behavioral health and addiction treatment provider in Ohio, detected unauthorized access to its systems on June 1 2024. An unknown actor accessed and exfiltrated patient and employee PHI/PII data (~7,000 records). No encryption or operational disruption occurred. Disclosure issued April 11 2025 through Cyberscout/TransUnion.
First Contact Health
May 1, 2024
•[ phishing, unauthorized access, health data ]
Guernseys Office of the Data Protection Authority (ODPA) sanctioned First Contact Health after cyber criminals successfully targeted an employee email account in a phishing attack, gaining unauthorized access to confidential health data. The practice reported the breach to the ODPA in May 2024, and the unauthorized access was believed to have occurred at least five months earlier. The enforcement action cited failures in key security controls intended to prevent phishing-based account compromise.
Gastroenterology Associates Of Central Florida
April 11, 2024
•[ data leak, unauthorized access ]
Orlando practice disclosed network intrusion exposing patient data including identifiers and health information.
Woodfords Family Services
April 8, 2024
•[ unauthorized access, personal information, protected health information ]
Woodfords Family Services reported that after discovering suspicious activity in its network on April 8, 2024, it determined that certain files and folders were subject to unauthorized access and that personal and protected health information may have been compromised.
Telefónica
March 1, 2024
•[ cyberattack, data leak, unauthorized access ]
Telefnica investigates the claims of a possible cyberattack occurred in March that allowed criminals to access more than 2 million records of clients and collaborators of the company.
Okanagan-Skaha school district
February 13, 2024
•[ unauthorized access, cyberattack, service disruption ]
On 13 February 2024 Okanagan Skaha School District detected unusual activity in its information systems, confirmed that an unauthorized third party had accessed school district technology systems and proactively took network services offline. The incident knocked out phones and email across School District 67 and also affected the Penticton Seniors Drop-In Centre that shared the network, though teaching continued in person and the
Rödl Management, Inc.
February 9, 2024
•[ unauthorized access, data leak, personal data exposure ]
Rdl Management, Inc., an Atlanta-based professional services firm, reported unauthorized access to its network systems between January 30 and February 9 2024, resulting in exposure of personal data; no encryption or operational disruption reported.
St. Joseph’s College Of Maine
January 24, 2024
•[ data leak, unauthorized access ]
College confirmed unauthorized network access in 20232024; notices sent March 2025.
Legacy Professionals LLP
January 4, 2024
•[ data leak, unauthorized access ]
Legacy Professionals LLP, an Illinois-based accounting and audit firm, reported that sensitive personal information in its custody may have been accessed and acquired following suspicious activity detected on its computer network in late April 2024. The firm investigated and determined an unauthorized third party may have viewed and obtained certain information. Legacy then reviewed the affected data to identify impacted individuals, completing its review on 01/06/2025, and began mailing breach notification letters on 02/27/2025. Information potentially exposed was described as varying by individual and included names, Social Security numbers, and financial account numbers. Public filings referenced in reporting suggested Legacy provided affected individuals with credit monitoring services. Specific technical details such as the attack vector, the duration of unauthorized access, and whether data was exfiltrated beyond the identified categories were not publicly disclosed.
MinnesotaWorks.net
September 6, 2023
•[ unauthorized access, data leak, insider threat ]
The Department of Employment and Economic Development (DEED) in Minnesota notifies jobseekers of a data breach involving unauthorized access to their personal information at the MinnesotaWorks.net platform, after a person claiming to be an employee allegedly, viewed and copied user resume information without authorization.
Tesorer�a General de la Republica (TGR)
January 30, 2023
•[ unauthorized access, hacking forum, credential sale ]
Access to Tesorer''a General de la Rep''blica, the General Treasury of the Republic of Chile (TGR) may be up for sale on a popular hacking forum.
