Date
Victim
Summary
Threat Actor
Business Impact
Source Link
November 01, 2025
University of Pennsylvania
‘We got hacked’ emails threaten to leak University of Pennsylvania data
Unknown
The attack resulted in mass “We got hacked (Action Required)” emails being sent from University of Pennsylvania systems, and the alleged threat actor claimed to have stolen data on approximately 1.2 million students, alumni and donors (names, birthdates, addresses, phone numbers, net worth estimates, donation history, demographic details) after compromising an employee’s SSO account and accessing systems like Salesforce, Qlik, SAP and SharePoint.
Source: Bleeping Computer
November 04, 2025
Swedish IT supplier Miljödata
Swedish DPA launches investigation into massive data breach affecting 1.5M people
Datacarry ransomware-group
Cyber attack on Miljödata exposed personal data of about 1.5 million Swedes including their names, addresses, ID numbers and sensitive health/employee info which was later published to the darknet by the Datacarry ransomware-group.
November 05, 2025
Nikkei
Nikkei Says 17,000 impacted by data breach stemming from slack account hack
Unknown
Nikkei said that malware-stolen Slack credentials let hackers access its internal Slack workspace and exposed names, email addresses and chat histories of ~17,368 employees and business partners.
November 05, 2025
Hyundai AutoEver America
Hyundai AutoEver America data breach exposes SSNs, drivers licenses
Unknown
Hackers breached Hyundai AutoEver America (HAEA) by gaining access between Feb 22 and Mar 2, 2025, and exposed personal data including names, Social Security numbers and driver’s license numbers of individuals (primarily about 2,000 current/former employees), putting them at heightened risk of identity theft and long-term fraud.
Source: Bleeping Computer
November 06, 2025
The Congressional Budget Office (CBO)
U.S. Congressional Budget Office hit by suspected foreign cyber attack
Silk Typhoon
The Congressional Budget Office (CBO) was hit by a suspected foreign cyber attack organised by a suspected threat actor Silk Typhoon, potentially exposing sensitive internal emails, policy analyses, economic forecasts and communications between lawmakers and CBO analysts, threatening confidentiality of U.S. fiscal planning.
Source: Bleeping Computer
November 10, 2025
GlobalLogic
Hitachi-owned GlobalLogic admits data stolen on 10k current and former staff
Clop Ransomware
More than 10,000 current and former GlobalLogic employees had personal data — including names, addresses, social-security/tax IDs, passport info, bank account and salary details — stolen after attackers linked to Clop exploited zero-day flaws in Oracle E-Business Suite.
Source: The Register
November 13, 2025
The Washington Post
The Washington Post data breach impacts nearly 10K employees, contractors
Clop Ransomware
The breach exposed personal and financial details including names, bank account and routing numbers, social‑security and tax IDs of about 9,720 employees and contractors at The Washington Post after a zero‑day in Oracle E-Business Suite was exploited between July and August 2025. The intrusion has been linked to the Clop ransomware group.
Source: Bleeping Computer
November 13, 2025
DoorDash
DoorDash says personal information of customers, dashers stolen in data breach
Insider threat
An employee-targeted social engineering attack on DoorDash exposed names, phone numbers, email addresses and physical addresses of customers, delivery workers and merchants, putting them at risk of phishing and other scams while no financial or government ID data was stolen.
November 13, 2025
Checkout.com
Checkout.com discloses data breach after extortion attempt
ShinyHunters
The breach exposed outdated merchant-onboarding documents and internal operational files from Checkout.com after attackers from ShinyHunters gained access to a legacy third-party cloud storage system while payment processing, merchant funds and card data were not compromised.
November 17, 2025
Logitech
Logitech discloses data breach after Clop claims
Clop Ransomware
Hackers exploited a zero-day flaw in a third-party software platform used by Logitech to copy internal corporate data. The breach was claimed by Clop with approximately 1.8 terabytes of data exfiltrated.
Source: The Record
November 20, 2025
Almaviva
Hacker claims to steal 2.3 TB data from Italian rail group, Almaviva
ByteToBreach
A hacker group known as ByteToBreach claimed to have breached Almaviva and stolen 2.3 terabytes of internal corporate data affecting the Italian rail group FS Italiane.A hacker group known as ByteToBreach claimed to breach Almaviva and steal 2.3 terabytes of internal corporate data affecting the Italian rail group FS Italiane.
Source: Bleeping Computer
November 21, 2025
Gainsight
Salesforce instances hacked via Gainsight integrations
ShinyHunters
The breach allowed unauthorised access via Gainsight‑published apps connected to Salesforce, potentially exposing CRM data of more than 200 customer organisations, thanks to a supply‑chain attack claimed by ShinyHunters.
Source: Security Week
November 22, 2025
Cox Enterprises
Cox Enterprises discloses Oracle E-Business Suite data breach
Clop Ransomware
Cox Enterprises confirmed that a zero-day flaw in Oracle E‑Business Suite (CVE-2025-61882) was exploited, exposing personal data of about 9,479 individuals; the attack was claimed by the Clop ransomware gang.
Source: Bleeping Computer
November 24, 2025
Harvard University
Harvard University discloses data breach affecting alumni, donors
Unknown
Harvard University confirmed that a voice-phishing attack exposed contact details, addresses, event-attendance data and donor information of alumni, donors, students, staff and faculty, with no specific threat actor identified.
Source: Bleeping Computer
November 24, 2025
SitusAMC
Real-estate finance services giant SitusAMC breach exposes client data
Unknown
The data breach at SitusAMC compromised corporate records and possibly customer data for some of its clients, including accounting documents and legal agreements tied to major banks such as JPMorgan Chase, Citi and Morgan Stanley, causing broad exposure of sensitive loan- and real-estate-related information.
Source: Bleeping Computer
November 24, 2025
Dartmouth College
Dartmouth College confirms data breach after Clop extortion attack
Clop Ransomware
Dartmouth College said a zero day attack on Oracle E Business Suite exposed names, social security numbers and financial account data of at least 1,494 people and the breach was claimed by the Clop ransomware gang.
Source: Bleeping Computer
November 30, 2025
Coupang
South Korea’s largest e-commerce firm discloses breach of 33.7 million customer accounts
Suspected former Insider
Names, emails, phone numbers, addresses, and some order histories were accessed by an unauthorised party starting in June. No payment details were leaked, but authorities launched an emergency probe and warned affected users to guard against phishing.
Source: Reuters