Poland faced a significant cyberattack where hackers accessed sensitive personal information from a loan platform, including national ID numbers and bank account details. Authorities are investigating the breach, urging affected users to change passwords and secure their data through a new government website.

Central Maine Healthcare reported a data breach affecting over 145,000 patients, compromising personal, treatment, and health insurance information. The breach was discovered on June 1, 2025, but the intrusion lasted several months. The organization has since notified affected individuals and offered credit monitoring services.

A data breach has exposed sensitive information from about 17.5 million Instagram accounts, including usernames, email addresses, phone numbers, and physical addresses. This information is being traded on the dark web, raising risks for identity theft and phishing attacks. Users are advised to enable two-factor authentication and change their passwords.

Security researchers uncovered a North Korean operation that lures engineers into renting their identities for fraudulent activities. The group uses tactics like deep fakes and deception to secure jobs at major companies while the compromised engineers take on the risks. The operation exploits both legitimate and fake identities to carry out espionage and revenue generation.

Delta Dental of Virginia has reported a data breach affecting approximately 146,000 individuals. Stolen information includes names, Social Security numbers, and health data, accessed through a compromised email account between March and April 2025. The company is offering a year of free identity protection services to those impacted.

Hackers accessed the Pierce County Library System's network in April 2025, compromising personal information of over 340,000 patrons, employees, and their family members. The stolen data includes names, Social Security numbers, and financial details. Affected individuals will receive free credit monitoring for a year.

This article outlines the rise of infostealers as a major threat to identity security, highlighting their role in ransomware and data breaches. It offers practical strategies for detecting and managing these attacks, emphasizing the importance of monitoring stolen identities and utilizing operational intelligence.

South Korea will require facial recognition for anyone signing up for a new mobile phone number starting March 23. This measure aims to combat identity theft and voice phishing scams by ensuring only legitimate users can activate devices. The policy affects major mobile carriers and follows a rise in reported scams.

Researchers tracked Lazarus Group's Chollima division using fake job offers to infiltrate companies. They captured operators in a controlled environment, revealing tools for identity theft and remote access without deploying malware. This highlights the risks of remote hiring for businesses.

Aflac reported a data breach impacting 22.65 million individuals. Hackers accessed sensitive information including names, Social Security numbers, and medical data. The company is offering affected individuals two years of free credit monitoring and identity theft protection.

The Richmond Behavioral Health Authority reported a ransomware attack that compromised the personal information of over 113,000 individuals. Stolen data includes names, Social Security numbers, and health information. The Qilin ransomware group has claimed responsibility for the attack.

Andy Frain Services, a security firm, revealed that a ransomware attack by the Black Basta group has affected over 100,000 individuals, with sensitive information likely compromised. The breach, discovered in October 2024, involved the theft of 750 GB of data, prompting the company to offer credit monitoring and identity restoration services to those impacted.

A misconfigured Azure Blob storage container belonging to TalentHook has exposed nearly 26 million resumes, containing sensitive personal information of US job seekers. This breach poses significant risks for identity theft and targeted phishing attacks, leading to potential harassment and fraud against individuals whose data was leaked.

Connex Credit Union has reported a data breach impacting 172,000 individuals, with hackers likely stealing personal information such as names, account numbers, and Social Security numbers. The breach was detected on June 3, and while no unauthorized access to member accounts has been found, the organization is warning customers about potential scam calls and messages.

Manpower, a major staffing agency, has disclosed a data breach affecting nearly 145,000 individuals after attackers accessed its systems in late December 2024. The RansomHub ransomware group claimed responsibility for the attack, reportedly stealing around 500GB of sensitive data, including personal client information. In response, Manpower is enhancing its IT security and offering affected individuals free credit monitoring services.

Laboratory Services Cooperative has reported a significant data breach affecting 1.6 million individuals, with personal and medical information stolen during an October 2024 cyberattack. The organization is providing affected individuals with free credit monitoring and identity protection services while monitoring the dark web for any misuse of the stolen data.

Onsite Mammography, a Massachusetts medical provider, has reported a data breach that has compromised the personal and health information of over 350,000 patients. The breach, discovered in October 2024, involved unauthorized access to an employee's email account, leading to exposure of sensitive data including Social Security numbers and medical information. The company is offering affected individuals 12 months of free credit monitoring and identity protection services.

A 19-year-old college student, Matthew D. Lane, pleaded guilty to charges related to a cyberattack on PowerSchool that extorted millions by threatening to leak sensitive personal data of millions of students and teachers. The attack involved breaching a telecommunications company to access and steal confidential information before demanding a ransom from PowerSchool and subsequently targeting individual school districts for further extortion.

IdeaLab has confirmed that sensitive data was stolen during a ransomware attack last October, attributed to the Hunters International group. The breach affected current and former employees and contractors, with 137,000 files leaked on the dark web, prompting the company to offer identity theft protection to impacted individuals.

Fairmont Federal Credit Union in West Virginia has notified approximately 187,000 individuals of a data breach that exposed sensitive personal information, including Social Security numbers and financial details. The breach, detected in January 2024, is linked to vulnerabilities in third-party software or employee phishing attacks, highlighting the ongoing cybersecurity challenges faced by smaller financial institutions. Affected individuals are being offered credit monitoring services while investigations into potential negligence and class-action claims are underway.

The Business Council of New York State has disclosed a data breach affecting over 47,000 individuals, with attackers accessing personal, financial, and health information between February 24 and 25. Although the breach was detected six months later, there is currently no evidence of fraud or identity theft related to the incident, and affected individuals will receive free credit monitoring services.

TransUnion reported a significant data breach in which hackers stole personal information from 4.4 million customers. The compromised data includes sensitive details that could potentially lead to identity theft and fraud. The company is working with law enforcement to investigate the breach and mitigate its impact on affected individuals.

A cyberattack on VeriSource Services has compromised the personal information of 4 million individuals, including names, addresses, and Social Security numbers. Discovered on February 28, 2024, the company is offering affected individuals 12 months of free credit monitoring and identity protection services.

Young Consulting, now operating as Connexure, has reported that over 1 million individuals were affected by a data breach attributed to a ransomware attack by the BlackSuit group. The breach, which occurred between April 10 and 13, 2024, compromised sensitive data including Social Security numbers and insurance information, with the victim count being updated multiple times since the incident. The company is offering credit monitoring and identity theft restoration services to those affected.

A significant rise in identity-based cyberattacks, driven by advanced phishing kits and infostealers, has led to a 156% increase in login-targeting attacks, making them 59% of all investigations by eSentire. Organizations are urged to adopt stronger security measures, such as passkeys, to combat the growing threat of business email compromise (BEC) and ransomware, which are often facilitated by phishing-as-a-service platforms.

Lee Enterprises reported that a recent ransomware attack impacted nearly 40,000 individuals, compromising personal information such as names and Social Security numbers. The company is offering affected individuals 12 months of free credit monitoring and identity protection services following the breach.

NASCAR confirmed that personal information, including names and Social Security numbers, was stolen during a ransomware attack that occurred between March 31 and April 3, 2025. The Medusa ransomware group has claimed responsibility, demanding a $4 million ransom for the return of the stolen data, while NASCAR offers impacted individuals credit monitoring services.

Over 160,000 individuals were affected by a data breach at Wayne Memorial Hospital in Georgia, where hackers stole sensitive personal information, including Social Security numbers and financial data. The breach occurred between May 30 and June 3, 2024, during which ransomware was used to compromise the hospital's network. WMH is offering affected individuals 12 months of free credit monitoring and identity theft protection services.

Dior is notifying U.S. customers of a data breach that occurred on January 26, 2025, which compromised personal information such as names, contact details, and Social Security numbers. The breach is connected to a cyberattack attributed to the ShinyHunters group, affecting multiple brands under the LVMH umbrella. Affected individuals are being offered free credit monitoring and are advised to remain vigilant against potential scams.

Prospect, a UK trade union, has notified its members of a data breach that exposed sensitive personal information, including sexual orientation and disabilities, affecting up to 160,000 individuals. The breach occurred in June 2025, but members were only informed recently, and the union is offering credit and identity monitoring services to mitigate risks. Prospect is actively investigating the incident and has advised members to enhance their personal security measures.

A significant leak on a Russian forum has revealed sensitive information related to credit cards, with implications for users' financial security. The breach involves the exposure of personal data that could facilitate fraud and identity theft, raising concerns about cybersecurity measures in place.

A data breach involving Serviceaide has potentially exposed sensitive information of over 483,000 patients of Catholic Health between September 19 and November 5, 2024. Although there is no evidence of data being exfiltrated, affected individuals are being notified and offered 12 months of free credit monitoring and identity theft protection.

A data breach at Motility, a dealership software provider, has affected approximately 766,000 individuals, compromising sensitive information such as names, addresses, and social security numbers. The breach has raised concerns about the security measures in place and the potential for identity theft among those impacted.

Matthew D. Lane, a 19-year-old college student, was sentenced to four years in prison for his role in a cyberattack on PowerSchool that led to a significant data breach affecting millions of students and teachers. He pleaded guilty to multiple charges, including unauthorized access and cyber extortion, and was ordered to pay $14 million in restitution. The attack involved stealing sensitive data and demanding a ransom, with ongoing legal scrutiny surrounding PowerSchool's security practices.

A cybercriminal group, J Group, claims to have breached FAI Aviation Group, a German charter operator, leaking approximately 3TB of sensitive data including patient information, employee records, and internal documents. The breach raises concerns about identity theft and potential misuse of the leaked information, particularly in the context of the company's medical services.