Date
Victim
Summary
Threat Actor
Business Impact
Source Link
April 02, 2025
Royal Mail, and Spectos GmbH
Royal Mail investigates data leak claims, no impact on operations
“GHNA” handle on BreachForums
Royal Mail is investigating claims of a security breach after a threat actor leaked over 144GB of data allegedly stolen from the company’s systems. A Royal Mail spokesperson said that the British postal service is aware of an incident at Spectos GmbH, a third-party data collection and analytics service provider. Spectos confirmed in a statement shared with BleepingComputer that its systems were breached on March 29, and the attackers gained access to customer data.
Source: Bleeping Computer
April 02, 2025
Port of Seattle
Port of Seattle ‘s August data breach impacted 90,000 people
Rhysida Ransomware
The Port of Seattle revealed that the ransomware attack impacted 90,000 people. The Port started notifying impacted individuals after their personal information was compromised. This incident was a “ransomware” attack by the criminal organisation known as Rhysida.
April 02, 2025
Texas State Bar
Texas State Bar warns of data breach after INC ransomware claims attack
INC Ransomware
The threat actors were able to steal information from the network, including full names and other data that is redacted in the public data breach notifications filed with Attorney Generals’ offices. A notice given by the victim said through the investigation, we determined that there was unauthorised access to our network between January 28, 2025 and February 9, 2025.
Source: Bleeping Computer
April 03, 2025
The city of Lubbock, Texas
Texas city warns thousands of utility payment site breach
Unknown
At least 12,000 people had sensitive financial information stolen by hackers who secretly implanted malicious code into the utility payment website of the city of Lubbock, Texas. The city said the people impacted include anyone who made a utility payment between December 18, 2024, and January 6, 2025. That includes those who paid utilities bills for water, wastewater, storm water and solid waste. The hackers stole names, billing addresses, payment card numbers, CVVs and expiration dates.
Source: The Record Media
April 03, 2025
A multinational car-rental company Europcar Mobility Group
Europcar GitLab breach exposes data of up to 200,000 customers
Europcar (A breachforums name
A hacker breached the GitLab repositories of multinational car-rental company Europcar Mobility Group and stole source code for Android and iOS applications, as well as some personal information belonging to up to 200,000 customers. The actor tried to extort the company by threatening to publish 37GB of data that includes backups and details about the company’s cloud infrastructure and internal applications.
Source: Bleeping Computer
April 04, 2025
AustralianSuper, Hostplus, REST and Australian Retirement Trust, and Insignia Financial
Australian pension funds hit by wave of credential stuffing attacks
Unknown
A massive wave of credential stuffing attacks hit multiple large Australian super funds, compromising thousands of members’ accounts. Reuters learned from a source familiar with the matter that over 20,000 accounts were, allegedly, breached in this massive wave of attacks targeting Australia’s superannuation industry, with some members reportedly losing some of their savings.
Source: Bleeping Computer
April 08, 2025
U.S. Office of the Comptroller of the Currency (OCC)
US banking regulator reports on ‘major’ cyber incident involving senior officials’ emails
Unknown
The OCC discovered that the unauthorised access to a number of its executives’ and employees’ emails included highly sensitive information relating to the financial condition of federally regulated financial institutions used in its examinations and supervisory oversight processes. A source said the unidentified hackers had access to the email accounts of about 100 senior officials and more than 150,000 emails dating back to June 2023.
Source: The Record Media
April 10, 2025
Laboratory Services Cooperative (LSC)
US lab testing provider exposed health data of 1.6 million people
Unknown
Laboratory Services Cooperative (LSC) has released a statement informing it suffered a data breach where hackers stole sensitive information of roughly 1.6 million people from its systems.
Source: Bleeping Computer
April 10, 2025
Western Sydney University
Western Sydney University discloses security breaches, data leak
Unknown
Western Sydney University (WSU) announced two security incidents that exposed personal information belonging to members of its community. One of the incidents disclosed concerns the compromise of one of the University’s single sign-on (SSO) systems between January and February 2025. This breach has reportedly led to the unauthorized access of demographic, enrollment, and progression information for approximately 10,000 current and former students. The second cybersecurity incident concerns a leak on the dark web of personal information belonging to members of the University’s community as hackers published the data on November 1, 2024, WSU only became aware of it this year on March 24.
Source: Bleeping Computer
April 14, 2025
Govtech giant Conduent
Govtech giant Conduent confirms client data stolen in January cyber attack
Unknown
In a new FORM-8K filing with the SEC, Conduent has now confirmed that threat actors had stolen files containing information about the company’s customers. As part of its ongoing investigation, the Company determined that the threat actor exfiltrated a set of files associated with a limited number of the Company’s clients.
Source: Bleeping Computer
April 14, 2025
Hertz
Hertz says customers’ personal data and driver’s licenses stolen in data breach
Cl0p Ransomware
Car rental giant Hertz has begun notifying its customers of a data breach caused by CL0P ransomware. The stolen data varies by region, but largely includes Hertz customers’ names, dates of birth, contact information, driver’s licenses, payment card information, and workers’ compensation claims.
April 14, 2025
Landmark Admin, Young Consulting
2.6 Million Impacted by Landmark Admin, Young Consulting Data Breaches
Unknown hacker was behind Landmark incident but BlackSuit claimed for Young Consulting
More than 2.6 million individuals were impacted by two data breaches at insurance administrator Landmark Admin and software solutions provider Young Consulting, according to fresh filings with regulatory agencies.
April 16, 2025
Ahold Delhaize
Delhaize confirms data was stolen from its U.S. business systems during a November 2024 cyber attack
INC Ransomware
Food retail giant Ahold Delhaize confirms that data was stolen from its U.S. business systems during a November 2024 cyber attack. The firm said that based on its investigation to date, certain files were taken from some of their internal U.S. business systems.
Source: Bleeping Computer
April 17, 2025
Legends International
Entertainment services giant Legends International discloses data breach
Unknown
Entertainment venue management firm Legends International warns it suffered a data breach in November 2024, which has impacted employees and people who visited venues under its management.
Source: Bleeping Computer
April 23, 2025
Yale New Haven Health
Yale New Haven Health data breach affects 5.5 million patients
Unknown
Yale New Haven Health (YNHHS) warned that threat actors stole the personal data of 5.5 million patients in a cyber attack earlier this month.
Source: Bleeping Computer
April 23, 2025
Frederick Health
Frederick Health data breach impacts nearly 1 million patients
Unknown
A ransomware attack in January at Frederick Health Medical Group, a major healthcare provider in Maryland, has led to a data breach affecting nearly one million patients.
Source: Bleeping Computer
April 24, 2025
Blue Shield of California, Onsite Mammography, Kelly & Associates Insurance Group, Behavioral Health Resources, Hamilton Health Care System, Central Texas Pediatric Orthopedics and Medical Express Ambulance Service
Millions impacted by data breaches at Blue Shield of California, mammography service and more
Unknown
The sensitive healthcare information of millions in the U.S. has been leaked through data breaches that multiple insurance companies, clinics, hospitals and more reported recently. The largest involves Blue Shield of California, which informed the U.S. Department of Health and Human Services (HHS) of an incident impacting 4.7 million people.
Source: The Record Media
April 25, 2025
Long Beach, California
Nearly 500,000 impacted by 2023 cyber attack on Long Beach, California
Unknown
More than a year after a cyber attack on the government of Long Beach, California, the city is informing residents that information on nearly half a million people was leaked. In breach notification documents filed in multiple states, the city said 470,060 people had sensitive data accessed by hackers who breached government systems during a cyber attack in November 2023.
Source: The Record Media
April 25, 2025
MTN Mobile
Mobile provider MTN says cyber attack compromised customer data
Unknown
African mobile giant MTN Group announced that a cybersecurity incident has compromised the personal information of some of its subscribers in certain countries.
Source: Bleeping Computer
April 28, 2025
Urban One
Media firm Urban One confirms data breach after cybercriminals claim February attack
Cactus ransomware
Media conglomerate Urban One reported a data breach in recent days involving the personal information of employees and more. The media company said the cyberattack began on February 13 and was initiated through a sophisticated social engineering campaign.
Source: The Record Media
