Harrods
May 1, 2025
•[ unauthorized access, security incident ]
Harrods reported attempts to gain unauthorized access and restricted internet access as a precaution; no confirmed breach or disruption attributable to attackers (not a successful cyber event).
Defense and critical-infrastructure entities in Ukraine
May 1, 2025
•[ phishing, unauthorized access, data leak ]
Rare Werewolf APT, a Russia-aligned espionage group, conducted spear-phishing and remote-administration toolbased intrusions in MayJune 2025 targeting defense and critical-infrastructure entities in Ukraine, resulting in unauthorized access and data exfiltration.
Cities of Palo Alto, Redwood City, and Menlo Park (Crosswalk systems)
April 21, 2025
•[ Hacktivism, Unauthorized Access, Deepfake ]
Hacktivists hijacked Bay Area pedestrian crosswalk systems in Palo Alto, Redwood City, and Menlo Park to broadcast deepfake audio messages impersonating Elon Musk and Mark Zuckerberg mocking billionaire culture; no data theft or operational outage beyond altered messages reported.
City of Seattle (Crosswalks system)
April 21, 2025
•[ hacktivism, unauthorized access, system compromise ]
Hacktivists compromised Seattle pedestrian crosswalk systems to broadcast spoofed audio announcements mocking technology billionaires; no evidence of data exfiltration or wider operational impact reported.
The Fondation Cancer
April 18, 2025
•[ unauthorized access, email security, incident response ]
Fondation Cancer stated it detected a suspicious incident involving one of its email accounts. After analysis, its specialized IT provider concluded there had been malicious access into part of the organizations email mailboxes and implemented containment measures to stop the intrusion. The foundation indicated it informed partners and Luxembourgs national data protection commission promptly. In its communication, the organization said it had no indication that its internal data were disclosed, stolen, or copied, and that patient-service data were not affected. It also emphasized that the event did not impact the foundations financial operations because financial transactions are processed through separate secure connections.
Bremanger Kraft AS
April 7, 2025
•[ hacktivism, unauthorized access, industrial control systems ]
On April 7 2025, hacktivists accessed a web-exposed control interface for Bremanger Kraft ASs hydroelectric dam in western Norway and opened a valve releasing 500 L/s of water for four hours; no casualties or structural damage reported; Norwegian authorities attributed the incident to pro-Russian hacktivists.
Ocuco, Inc.
March 28, 2025
•[ data leak, unauthorized access ]
Ireland-based eyecare software services provider Ocuco detected unauthorized actor access to two non-production servers between Mar 28Apr 1 2025; KillSec claims data theft; company review shows ~240,961 affected; investigation ongoing; no confirmed service outage or encryption.
Office of the State’s Attorney for Baltimore City
March 19, 2025
•[ ransomware, data leak, unauthorized access ]
Following a March 2025 intrusion, the Kairos ransomware group stole internal legal and police records from the Baltimore City States Attorneys Office and later published portions online; the office reported no service disruption but confirmed investigation of unauthorized access.
CFD Investments, Inc.
March 15, 2025
•[ unauthorized access, email account compromise, data leak ]
Unauthorized access to an employee email account at CFD Investments, Inc. resulted in exposure of client personal and financial information between March 15 and May 9, 2025; affected individuals were notified beginning January 28, 2026.
Trocaire College
March 13, 2025
•[ unauthorized access, data leak, data breach ]
Trocaire College identified unauthorized access to its systems. A forensic investigation determined that sensitive personal information may have been acquired by an unauthorized actor. The college notified affected individuals in January 2026 and reported the incident to regulators.
Civil Service Employees Association (CSEA)
March 5, 2025
•[ data breach, identity theft, Social Security numbers ]
The Civil Service Employees Association (CSEA), a New York labor union, reported a 2025 data breach in which attackers were present in its systems for nearly a month. The breach notification said malicious actors roamed CSEA systems between May 3 and May 31, 2025. A submission to the Maine Attorney Generals Office indicated over 47,000 individuals were affected. The investigation stated attackers may have accessed members names and Social Security numbers, creating risk of identity theft and fraud. The report did not identify the threat actor or the initial access method.
Orthopaedic Specialists of Connecticut
March 2, 2025
•[ data leak, unauthorized access, personally identifiable information ]
Names, dates of birth, Social Security numbers, insurance and medical information for 22,541 individuals were exposed after an unauthorized third party accessed the practices network on March 2, 2025, per the provider notice and HHS filing.
Angel One Ltd.
February 27, 2025
•[ unauthorized access, data leak ]
Indian stock brokerage Angel One disclosed on February 27, 2025, that unauthorized actors accessed some of its Amazon Web Services (AWS) resources following a dark web alert. The company confirmed exposure of limited client information but no compromise of funds or credentials. Investigation and containment measures were initiated immediately.
City of Jasper
February 20, 2025
•[ unauthorized access, government ]
Unauthorized access identified around Feb 20; no evidence of citizen/employee personal data access; services largely unaffected.
Commvault
February 20, 2025
•[ vulnerability, unauthorized access ]
A zero-day vulnerability (CVE-2025-3928) in Commvaults cloud backup platform was exploited, allowing unauthorized access to internal systems and credentials. Commvault stated that customer backup data was not impacted, and no data theft has been confirmed.
Beverly Hills Oncology Medical Group
February 7, 2025
•[ data leak, unauthorized access ]
Beverly Hills Oncology Medical Group in California identified and blocked unauthorized access to parts of its network between February 7 and February 11, 2025, then engaged third-party cybersecurity experts to investigate. The review confirmed that an external actor had accessed and potentially removed files containing patient information. On October 13 the practice confirmed that exposed data included names, Social Security numbers, government ID numbers, financial account and credit/debit card details, health insurance information, and diagnostic, treatment, prescription and other clinical data, and on October 31 it filed breach notices and began notifying affected individuals while offering 12 months of complimentary credit monitoring.
St. Anthony Hospital (Chicago)
February 6, 2025
•[ data leak, healthcare, unauthorized access ]
St. Anthony Hospital in Chicago reported that on February 6, 2025 it discovered a data breach involving a small number of employee email accounts that had been accessed by an unauthorized actor. The compromised mailboxes contained personal and medical information such as names, addresses, dates of birth, Social Security numbers, medical record and account numbers, prescription details, and medical histories for roughly 6,679 individuals. The hospital engaged outside cybersecurity experts, reset credentials, and began notifying potentially affected patients and staff while offering guidance on credit monitoring. Officials said there was no evidence of misuse yet but warned people to remain vigilant for fraud or identity theft.
Baylor Scott & White Texas Spine & Joint Hospital
January 10, 2025
•[ Email Compromise, Data Leak, Unauthorized Access ]
Unauthorized access to O365 mailbox exposed patient demographic and treatment information.
UK Foreign, Commonwealth and Development Office (FCDO)
January 10, 2025
•[ data leak, unauthorized access, government ]
UK authorities investigated a cyber intrusion into the Foreign, Commonwealth and Development Office (FCDO) that was reportedly discovered during routine monitoring in October 2025. According to officials briefed on the matter, attackers accessed a segment of the foreign offices IT environment used for policy coordination and diplomatic communications and obtained sensitive but non-classified material. The reported accessed information included internal correspondence, briefing papers, and contact details related to overseas missions, while systems handling classified intelligence were described as segregated and unaffected. The incident prompted containment actions, server isolation, and a wider government security review led with support from the National Cyber Security Centre.
Byzfunder NY LLC
January 9, 2025
•[ data leak, unauthorized access ]
Byzfunder reported a security incident involving a cloud software solution. An unauthorized third party may have accessed or acquired certain files during the period 09/01/202509/20/2025, with the incident becoming known to the company on 09/19/2025. The company later reported the incident to the Maine Attorney General and began notifying affected individuals.
