A security lapse at HelloGym exposed 1.6 million audio recordings of gym customers and staff, including sensitive personal and financial information, due to an unencrypted and unprotected database. The vulnerability could allow criminals to exploit the recordings for identity theft and social engineering scams, highlighting the importance of data security measures such as encryption and proper data management.

Andy Frain Services, a security firm, revealed that a ransomware attack by the Black Basta group has affected over 100,000 individuals, with sensitive information likely compromised. The breach, discovered in October 2024, involved the theft of 750 GB of data, prompting the company to offer credit monitoring and identity restoration services to those impacted.

Connex Credit Union has reported a data breach impacting 172,000 individuals, with hackers likely stealing personal information such as names, account numbers, and Social Security numbers. The breach was detected on June 3, and while no unauthorized access to member accounts has been found, the organization is warning customers about potential scam calls and messages.

A significant data breach affecting hotels in Italy has raised concerns over the potential misuse of stolen personal identification information. The Italian data protection authority has initiated an investigation and advised individuals to monitor their documents and report any suspected theft. Malicious actors frequently target the hospitality sector, heightening the urgency for protective measures.

Bitcoin Depot has disclosed a data breach affecting nearly 27,000 customers, revealing sensitive information such as names, phone numbers, and driver's license numbers. The breach was detected in June 2023, but public notification was delayed due to an ongoing federal investigation. Affected individuals are urged to remain vigilant for fraud, as no identity protection services are being offered.

Kelly Benefits experienced a significant data breach in December that affected over 400,000 individuals. The breach involved the exposure of sensitive personal information, prompting the company to inform affected clients and offer support for identity theft protection.

Rainwalk, a pet insurance provider, has reportedly exposed sensitive customer data related to 158,000 pets, including personal and medical information. This data breach raises significant concerns about privacy and data security within the pet insurance industry as affected customers face potential identity theft and fraud risks.

Wealthsimple, a Canadian financial services firm, has reported a data breach affecting the personal data of less than 1% of its customers. The company confirmed that no funds or passwords were compromised, and it is offering affected users two years of complimentary credit monitoring and security advice. The breach was linked to a third-party software package and is not related to ongoing Salesforce data theft incidents.

Manpower, a major staffing agency, has disclosed a data breach affecting nearly 145,000 individuals after attackers accessed its systems in late December 2024. The RansomHub ransomware group claimed responsibility for the attack, reportedly stealing around 500GB of sensitive data, including personal client information. In response, Manpower is enhancing its IT security and offering affected individuals free credit monitoring services.

Onsite Mammography, a Massachusetts medical provider, has reported a data breach that has compromised the personal and health information of over 350,000 patients. The breach, discovered in October 2024, involved unauthorized access to an employee's email account, leading to exposure of sensitive data including Social Security numbers and medical information. The company is offering affected individuals 12 months of free credit monitoring and identity protection services.

A 19-year-old college student, Matthew D. Lane, pleaded guilty to charges related to a cyberattack on PowerSchool that extorted millions by threatening to leak sensitive personal data of millions of students and teachers. The attack involved breaching a telecommunications company to access and steal confidential information before demanding a ransom from PowerSchool and subsequently targeting individual school districts for further extortion.

Laboratory Services Cooperative has reported a significant data breach affecting 1.6 million individuals, with personal and medical information stolen during an October 2024 cyberattack. The organization is providing affected individuals with free credit monitoring and identity protection services while monitoring the dark web for any misuse of the stolen data.

IdeaLab has confirmed that sensitive data was stolen during a ransomware attack last October, attributed to the Hunters International group. The breach affected current and former employees and contractors, with 137,000 files leaked on the dark web, prompting the company to offer identity theft protection to impacted individuals.

Sotheby's reported a data breach that occurred on July 24, affecting the financial account information and Social Security numbers of two Maine residents. The auction house has implemented safeguards to protect data but is now offering affected individuals 12 months of credit monitoring services following the incident. This breach follows a similar attack on Christie's in 2024, highlighting ongoing vulnerabilities in the auction industry.

Fairmont Federal Credit Union in West Virginia has notified approximately 187,000 individuals of a data breach that exposed sensitive personal information, including Social Security numbers and financial details. The breach, detected in January 2024, is linked to vulnerabilities in third-party software or employee phishing attacks, highlighting the ongoing cybersecurity challenges faced by smaller financial institutions. Affected individuals are being offered credit monitoring services while investigations into potential negligence and class-action claims are underway.

A data breach at Harbin Clinic has compromised the financial and personal information of over 210,000 patients, including names, addresses, Social Security numbers, and financial account details. The clinic advises affected individuals to monitor their financial accounts for suspicious activity as stolen data may end up on underground markets, posing risks of identity theft and fraud.

The Business Council of New York State has disclosed a data breach affecting over 47,000 individuals, with attackers accessing personal, financial, and health information between February 24 and 25. Although the breach was detected six months later, there is currently no evidence of fraud or identity theft related to the incident, and affected individuals will receive free credit monitoring services.

TransUnion reported a significant data breach in which hackers stole personal information from 4.4 million customers. The compromised data includes sensitive details that could potentially lead to identity theft and fraud. The company is working with law enforcement to investigate the breach and mitigate its impact on affected individuals.

Ascension, a major U.S. healthcare system, has disclosed a data breach affecting personal and health information of patients due to a vulnerability in third-party software used by a former partner. The breach impacted over 114,000 individuals in Texas and included sensitive data such as Social Security numbers and medical records. Ascension is offering two years of free identity monitoring services to those affected.

The State Bar of Texas has reported a data breach after the INC ransomware gang claimed responsibility and leaked samples of stolen data. The breach occurred between January 28 and February 9, 2025, but was only discovered on February 12, leading to notifications sent to affected members and the offer of credit monitoring services.

A cyberattack on VeriSource Services has compromised the personal information of 4 million individuals, including names, addresses, and Social Security numbers. Discovered on February 28, 2024, the company is offering affected individuals 12 months of free credit monitoring and identity protection services.

Young Consulting, now operating as Connexure, has reported that over 1 million individuals were affected by a data breach attributed to a ransomware attack by the BlackSuit group. The breach, which occurred between April 10 and 13, 2024, compromised sensitive data including Social Security numbers and insurance information, with the victim count being updated multiple times since the incident. The company is offering credit monitoring and identity theft restoration services to those affected.

AT&T is investigating claims that approximately 86 million customer records are being sold on a cybercrime forum, believed to be a repackaging of data from a previous breach. The leaked information includes sensitive details such as dates of birth, phone numbers, and social security numbers, raising concerns about potential identity theft. AT&T is working to determine the origins of the data and has alerted law enforcement.

Over 160,000 individuals were affected by a data breach at Wayne Memorial Hospital in Georgia, where hackers stole sensitive personal information, including Social Security numbers and financial data. The breach occurred between May 30 and June 3, 2024, during which ransomware was used to compromise the hospital's network. WMH is offering affected individuals 12 months of free credit monitoring and identity theft protection services.

NASCAR confirmed that personal information, including names and Social Security numbers, was stolen during a ransomware attack that occurred between March 31 and April 3, 2025. The Medusa ransomware group has claimed responsibility, demanding a $4 million ransom for the return of the stolen data, while NASCAR offers impacted individuals credit monitoring services.

Kelly Benefits has reported a data breach affecting over 550,000 customers, where unauthorized access to its IT systems occurred between December 12-17, 2024. The compromised information includes personal details such as names, Social Security numbers, and health insurance data, prompting the company to offer credit monitoring services to affected individuals.

Lee Enterprises reported that a recent ransomware attack impacted nearly 40,000 individuals, compromising personal information such as names and Social Security numbers. The company is offering affected individuals 12 months of free credit monitoring and identity protection services following the breach.

Chess.com reported a data breach involving unauthorized access to a third-party file transfer application, affecting over 4,500 users' personally identifiable information. The platform has emphasized that its own infrastructure remains secure and no financial data was compromised, while offering impacted users identity theft protection services. Previous incidents include a massive scraping of user data due to an API flaw in November 2023.

SimonMed Imaging has notified over 1.27 million individuals about the compromise of their protected health information due to a cyberattack in January 2025. While the company confirmed data theft, there have been no reported cases of misuse, and affected individuals are being offered complimentary credit monitoring services.

Dior is notifying U.S. customers of a data breach that occurred on January 26, 2025, which compromised personal information such as names, contact details, and Social Security numbers. The breach is connected to a cyberattack attributed to the ShinyHunters group, affecting multiple brands under the LVMH umbrella. Affected individuals are being offered free credit monitoring and are advised to remain vigilant against potential scams.

Prospect, a UK trade union, has notified its members of a data breach that exposed sensitive personal information, including sexual orientation and disabilities, affecting up to 160,000 individuals. The breach occurred in June 2025, but members were only informed recently, and the union is offering credit and identity monitoring services to mitigate risks. Prospect is actively investigating the incident and has advised members to enhance their personal security measures.

A significant leak on a Russian forum has revealed sensitive information related to credit cards, with implications for users' financial security. The breach involves the exposure of personal data that could facilitate fraud and identity theft, raising concerns about cybersecurity measures in place.

A data breach involving Serviceaide has potentially exposed sensitive information of over 483,000 patients of Catholic Health between September 19 and November 5, 2024. Although there is no evidence of data being exfiltrated, affected individuals are being notified and offered 12 months of free credit monitoring and identity theft protection.

A data breach at Motility, a dealership software provider, has affected approximately 766,000 individuals, compromising sensitive information such as names, addresses, and social security numbers. The breach has raised concerns about the security measures in place and the potential for identity theft among those impacted.

Murphy Law Firm is investigating a data breach involving Century Support Services, which compromised the personal information of 160,759 individuals, including sensitive data such as Social Security numbers and financial information. The firm is evaluating legal claims and potential class action lawsuits for those affected by the breach.

Esse Health has notified over 263,000 patients that their personal and health information was compromised in a cyberattack that occurred on April 21, 2025. The breach resulted in the theft of sensitive data, although there was no evidence of stolen social security numbers, and the organization is offering free identity protection services to affected individuals. Restoration efforts suggest a ransomware attack, but no group has claimed responsibility for the incident.

Matthew D. Lane, a 19-year-old college student, was sentenced to four years in prison for his role in a cyberattack on PowerSchool that led to a significant data breach affecting millions of students and teachers. He pleaded guilty to multiple charges, including unauthorized access and cyber extortion, and was ordered to pay $14 million in restitution. The attack involved stealing sensitive data and demanding a ransom, with ongoing legal scrutiny surrounding PowerSchool's security practices.

A cybercriminal group, J Group, claims to have breached FAI Aviation Group, a German charter operator, leaking approximately 3TB of sensitive data including patient information, employee records, and internal documents. The breach raises concerns about identity theft and potential misuse of the leaked information, particularly in the context of the company's medical services.