Date
Victim
Summary
Threat Actor
Business Impact
Source Link
May 01, 2025
Ascension
Healthcare group Ascension discloses second cyber attack on patients’ data
Unknown
Ascension Health informed some of its patients, potentially for the second time in the space of a year, that their medical data was compromised during a major cyber attack. The company said one of its former business partners, with which the company shared some patient medical data (about 430,000), was ransacked by criminals that exploited a vulnerability in some third-party software.
May 01, 2025
Barnstable County Sheriff’s Office
Barnstable County Sheriff’s Office Employee On Leave, Suspected In Data Breach
Insider Threat (Suspected)
An employee with the Barnstable County Sheriff’s Office (BCSO) has been placed on leave for allegedly leaking personal information via a breach of data on over 100 former and one current employee. The sheriff’s office said that the leaked information included names, home addresses, and Social Security numbers.
May 01, 2025
Oracle Health Outage
45 CHS hospitals were affected by the Oracle Health outage
Human Error
Reportedly all resolved now, on April 25, Becker’s Hospital Review reported that 45 hospitals affiliated with Franklin, Tenn.-based Community Health Systems were experiencing IT outages after data storage linked to their Oracle Health EHRs was accidentally deleted. The hospitals have reverted to paper for patient records, with the issue expected to be resolved by the evening of April 28. Oracle Health engineers mistakenly deleted the storage while conducting maintenance work at one of their data centers.
Source: DataBreaches.net
May 02, 2025
Co-op UK
Co-op cyber attack affects customer data, firm admits, after hackers contact the BBC
DragonForce
Hackers said they had infiltrated IT networks and stolen huge amounts of customer and employee data as a Co-op spokesperson said the hackers “accessed data relating to a significant number of our current and past members”. The cyber criminals claim to have the private information of 20 million people who signed up to Co-op’s membership scheme, but the firm would not confirm that number.
Source: The BBC
May 02, 2025
Emera Power
Nova Scotia Power Says Hackers Stole Customer Information
Unknown
Emera reported earlier this week that on April 25 they detected unauthorised access to parts of their Canadian network and servers used for business applications. The impacted servers were shut down and isolated in response to the hack, which resulted in the disruption of customer phone lines and online services. However, the power company said there was no disruption to physical operations.
May 02, 2025
Harrods
Harrods the next UK retailer targeted in a cyber attack
DragonForce (Allegedly)
In a statement, Harrods said threat actors recently attempted to hack into their systems, causing the company to restrict access to sites.
Source: Bleeping Computer
May 02, 2025
Star Health Insurance
Hacker hired Telangana man to courier threats to Star Health Insurance MD
Xenzen
The case of breach of data of 3.1 crore customers of the Chennai-headquartered Star Health Insurance has taken a fresh turn with its MD Anand Roy, his wife Akhila Shetty Roy and CFO Nilesh Kambli allegedly getting threat messages delivered via courier from Hyderabad. A probe by the TN cyber crime wing has found that the hacker known by his online identity ‘Xenzen’, who had released the data in public domain in September 2024, had hired a Hyderabad-based youth to send threats to the company’s officials in February 2025.
May 02, 2025
Dating app Raw
Dating app Raw exposed users’ location data and personal information
Unknown
A security lapse at dating app Raw publicly exposed the personal data and private location data of its users as the exposed data included users’ display names, dates of birth, dating and sexual preferences associated with the Raw app, as well as users’ locations. Some of the location data included coordinates that were specific enough to locate Raw app users with street-level accuracy.
May 02, 2025
Saskatoon children’s hospital
Saskatoon children’s hospital nurse unlawfully snooped on records of 314 patients: privacy report
Insider Threat
Without legal authority, a nurse who worked at Saskatoon’s Jim Pattison Children’s Hospital snooped on the private medical records of 314 patients, according to a recent report. The report stated that a registered nurse (RN) who was employed in the maternity department accessed the records for reasons “unrelated to patient care.”
Source: Yahoo.com
May 06, 2025
UK Legal Aid Agency
UK Legal Aid Agency investigates cybersecurity incident
Unknown
The Legal Aid Agency (LAA), an executive agency of the UK’s Ministry of Justice that oversees billions in legal funding, warned law firms of a security incident and said the attackers might have accessed financial information.
UK Legal Aid Agency data breach
May 06, 2025
Masimo
Medical device maker Masimo warns of cyber attack, manufacturing delays
Unknown
Medical device company Masimo Corporation warned that a cyber attack is impacting production operations and causing delays in fulfilling customers’ orders.
Source: Bleeping Computer
May 06, 2025
iHeartRadio
Multiple iHeartRadio stations breached in December
Unknown
Several radio stations owned by iHeartMedia were breached in December, exposing Social Security numbers, financial information and other personal details.
Source: The Record
May 07, 2025
Insight Partners
VC giant Insight Partners confirms investor data stolen in breach
Unknown
Venture capital firm Insight Partners has confirmed that sensitive data for employees and limited partners was stolen in a January 2025 cyberattack.
Source: Bleeping Computer
May 08, 2025
Pearson
Education giant Pearson hit by cyber attack exposing customer data
Unknown
Education giant Pearson suffered a cyber attack, allowing threat actors to steal corporate data and customer information. Pearson confirmed they suffered a cyber attack and that data was stolen, but stated it was mostly “legacy data.”
Source: Bleeping Computer
May 13, 2025
Marks & Spencer
Marks & Spencer confirms customer data stolen in cyber attack
DragonForce/Scattered Spider
British retailer Marks and Spencer (M&S) announced that it was writing to customers to confirm their personal data had been compromised in a recent and massive cyber attack.
Marks & Spencer data breach
May 14, 2025
Nova Scotia Power
Nova Scotia Power says customer banking details may have been stolen by hackers
Unknown
Nova Scotia’s largest electric utility, Emera said that hackers stole sensitive information from customers in a recent cyber attack. The company discovered on April 25 that an intruder had gained access to parts of its network, prompting the companies to isolate the affected servers.
Source: The Record
May 14, 2025
Coinbase
Coinbase offers $20 million bounty after extortion attempt with stolen data
Unknown hackers
Coinbase said in a regulatory filing with the Securities and Exchange Commission (SEC) that an “unknown threat actor” emailed a demand on May 11 for $20 million, threatening to publish stolen data about Coinbase customers and other company information. “We said no,” Coinbase said Thursday in a blog post explaining the incident. “Criminals targeted our customer support agents overseas. They used cash offers to convince a small group of insiders to copy data in our customer support tools for less than 1% of Coinbase monthly transacting users,” the blog post said. “Their aim was to gather a customer list they could contact while pretending to be Coinbase—tricking people into handing over their crypto.”
Coinbase data breach
May 14, 2025
Australian Human Rights Commission
Australian Human Rights Commission leaks docs to search engines
Unknown
The Australian Human Rights Commission (AHRC) disclosed a data breach incident where private documents leaked online and were indexed by major search engines. Many of the hundreds of documents exposed online contained private, sensitive information, like names, contact information, health details, schooling, religion, employment info, and photographs.
May 26, 2025
Adidas
Adidas warns of data breach after customer service provider hack
Unknown
German sportswear giant Adidas disclosed a data breach after attackers hacked a customer service provider and stole some customers’ data.
Source: Bleeping Computer
May 28, 2025
LexisNexis
Data broker LexisNexis discloses data breach affecting 364,000 people
Unknown
Data broker giant LexisNexis Risk Solutions, a Georgia-based American data analytics company, has revealed that attackers stole the personal information of over 364,000 individuals in a December breach.
Source: Bleeping Computer
