Date
Victim
Summary
Threat Actor
Business Impact
Source Link
August 01, 2025
GiveWP Wordpress Plugin
Pi-hole discloses data breach triggered by WordPress plugin flaw
Unknown
Due to a flaw in the GiveWP WordPress donation plugin, around 30,000 Pi-hole donor names and email addresses were publicly exposed—raising privacy and reputational concerns for the project—though no financial or product-related data was affected
Source: Bleeping Computer
August 01, 2025
Cisco
Cisco discloses data breach impacting Cisco.com user accounts
A wave of Salesforce-linked vishing campaigns-(Apparently)
In July 2025, a cyber criminal executed a successful voice-phishing (vishing) attack on a Cisco representative—gaining access to and exporting user profiles (names, organisation, addresses, user IDs, email, phone, and account metadata) from a third-party cloud CRM system used for Cisco.com accounts, exposing customers to impersonation and phishing risks; no credentials, proprietary data, or services were affected, and although Cisco hasn’t confirmed the attacker’s identity, the incident mirrors a broader wave of Salesforce-linked vishing campaigns tied to the ShinyHunters extortion group.
Source: Bleeping Computer
August 01, 2025
Aeroflot
Hackers leak purported Aeroflot data as Russia denies breach
Pro-Ukraine hacktivist groups Silent Crow and Belarusian Cyber-Partisans
A prolonged cyber attack, attributed to pro-Ukraine hacktivist groups Silent Crow and Belarusian Cyber-Partisans, crippled Aeroflot’s IT systems—forcing cancellation or delay of over 100 flights, affecting some 20,000 passengers, inflicting up to $50 million in financial and reputational damage, and potentially exposing executive travel data—while prompting a criminal investigation.
Source: Record Media
August 01, 2025
Cycle & Carriage
In Singapore, 147,000 customer records exposed in Cycle & Carriage data breach
Unknown
A news report said that a data breach discovered on July 14, 2025, a threat actor gained unauthorised access to Cycle & Carriage’s CRM system and exfiltrated around 147,000 customer records—primarily names and contact details (with about 2% including NRIC numbers and deposit amounts)—causing potential identity theft, reputational damage, regulatory scrutiny, and prompting investigations by both the Singapore police and the Personal Data Protection Commission (PDPC), though no banking or credit card information was exposed.
Source: DataBreaches.net
August 01, 2025
Genoa Medical Facilities (Genoa Community Hospital)
Genoa Community Hospital discloses breach discovered in March
Unknown
According to a news source, in March 2025, Genoa Medical Facilities (Genoa Community Hospital) detected suspicious activity in an employee’s email account—which, according to a subsequent investigation concluded in July, may have exposed patients’ names, birth dates, Social Security or other government ID numbers, financial account data, medical treatment or diagnosis details, and health insurance information—though no misuse has been observed, no threat actor has been identified or claims made, and the hospital has already begun notifying affected individuals and bolstering email security.
Source: DataBreaches.net
August 04, 2025
Chanel
Fashion giant Chanel hit in wave of Salesforce data theft attacks
ShinyHunters
Sources said on July 25, 2025, hackers—linked to the ShinyHunters extortion group—exploited social engineering (via vishing) to trick a third-party vendor into granting malicious OAuth app access to Chanel’s Salesforce database, resulting in the theft of U.S. customer records (names, email, mailing address, phone number), raising risks of targeted phishing and reputational harm, though no financial or credential data was taken and affected individuals have been notified.
Source: Bleeping Computer
August 05, 2025
PBS
PBS confirms data breach after employee info leaked on Discord servers
Insider behavior or opportunistic sharing-(Apparently)
PBS confirmed that a data breach originating from its internal MyPBS.org platform resulted in a JSON file containing corporate contact details for 3,997 employees and affiliates—including names, emails, titles, departments, time zones, locations, job functions, hobbies, and supervisors’ names—being circulated on PBS Kids fan Discord servers, apparently driven by youthful curiosity and a desire for notoriety rather than any malicious intent, though it nonetheless exposes employees to risks like doxxing or phishing.
Source: Bleeping Computer
August 05, 2025
Pandora
Pandora confirms data breach amid ongoing Salesforce data theft attacks
ShinyHunters
Danish jewelry giant Pandora suffered a breach via its Salesforce CRM—its customer names, birthdates, and email addresses were stolen through targeted social engineering and OAuth abuse by the ShinyHunters extortion group (continuing a broader campaign since early 2025), exposing clients to phishing and impersonation risks, while financial, password, and ID data remained secure and Pandora has since reinforced its security.
Source: Bleeping Computer
August 05, 2025
Google’s Salesforce
Google suffers data breach in ongoing Salesforce data theft attacks
ShinyHunters
As per an official report, Google’s corporate Salesforce CRM was compromised in June 2025 as ShinyHunters (tracked as UNC6040/UNC6240) used voice-phishing to infiltrate the system, extracting business names, contact details, and related notes for small-to-medium enterprises before their access was cut off—though no sensitive financial or account credentials were exposed.
Source: Bleeping Computer
August 06, 2025
Air France and KLM
Air France and KLM disclose data breaches impacting customers
ShinyHunters
Air France and KLM suffered a data breach via unauthorised access to an external customer-service platform in late July 2025, resulting in exposure of customer names, contact details, Flying Blue loyalty numbers and statuses, and email subject lines—though no sensitive data like passwords, passports, payment cards, or miles balances were compromised—and the incident, tied to a broader Salesforce-focused campaign likely linked to the ShinyHunters and possibly Scattered Spider groups, led the airlines to notify authorities, inform affected individuals, and implement countermeasures.
Source: Bleeping Computer
August 06, 2025
Bouygues Telecom
Bouygues Telecom confirms data breach impacting 6.4 million customers
Unknown
Bouygues Telecom was hit by a cyber attack, in which a known cyber criminal group breached internal systems and exfiltrated personal data—including contact details, contract information, civil or company status, and IBAN numbers—for approximately 6.4 million customers, prompting swift containment, regulatory notification, customer alerts, and strengthened defenses.
Source: Bleeping Computer
August 07, 2025
Columbia University
Columbia University says hacker stole SSNs and other data of nearly 900,000
Unknown
A politically motivated hacktivist breached Columbia University’s systems—gaining access to and stealing sensitive personal data (including Social Security numbers, contact details, academic records, financial aid, and health insurance information) of approximately 868,969 individuals—disrupting IT services, prompting breach notifications and credit monitoring offers, and leaving the attacker unidentified beyond ideological motives.
Source: Record Media
August 08, 2025
The U.S. Federal Judiciary
U.S. Judiciary confirms breach of court electronic records service
Unknown
The U.S. Federal Judiciary had confirmed that its electronic case management systems—including CM/ECF and PACER—had been breached in early July 2025, potentially exposing sealed court files (such as identities of confidential informants and sensitive filings) across multiple federal districts, prompting the implementation of stricter access controls and enhanced cybersecurity, although the perpetrators remained unidentified, with nation-state–affiliated actors suspected.
Source: Bleeping Computer
August 11, 2025
Connex Credit Union
Connex Credit Union data breach impacts 172,000 members
Unknown
Connex Credit Union had its systems breached around June 2–3, 2025, enabling unknown attackers to steal personal and financial data—including names, account numbers, debit card details, Social Security numbers, and government-issued IDs—impacting approximately 172,000 members, prompting breach notifications, free credit monitoring, fraud warnings, and tightened cybersecurity defenses; no funds were reported lost, and the threat actor remained unidentified.
Source: Bleeping Computer
August 11, 2025
Manpower’s Lansing, Michigan franchise
Manpower discloses data breach affecting nearly 145,000 people
RansomHub
Manpower’s Lansing, Michigan franchise suffered a ransomware breach between December 2024 and January 2025, claimed by the RansomHub gang—which stole roughly 500 GB of sensitive corporate and client data (including passport scans, SSNs, IDs, contracts, and correspondence), prompting the staffing firm to notify nearly 145,000 people
Source: Bleeping Computer
August 13, 2025
Italian Hotels
Tens of thousands of Italian hotel guests may be hit by cyber heist
An anonymous hacker using name; “mydocs”
A cyber criminal using the alias “mydocs” infiltrated the booking systems of around ten Italian hotels between June and July 2025, then posted over 90,000 high-resolution scans of guest identity documents—such as passports and ID cards—for sale on darknet forums, compromising the privacy of tens of thousands of guests and exposing them to identity theft, bank fraud, and social engineering attacks.
Source: Record Media
August 18, 2025
Workday
Workday hit by social engineering data breach targeting its CRM platform
ShinyHunters
Workday fell victim to a sophisticated social engineering campaign in early August 2025—where attackers impersonated HR or IT staff to infiltrate a third-party CRM platform and steal business contact details (names, email addresses, phone numbers) but did not access customer tenants or internal systems; the breach is suspected to be part of the broader ShinyHunters-linked Salesforce-targeted attack wave.
Source: Record Media
August 18, 2025
Bragg Gaming Group
Casino gaming company Bragg says hackers accessed ‘internal computer environment’
Unknown
Bragg Gaming Group suffered a cyber attack discovered on August 16, 2025, in which hackers accessed its internal computer environment—though there was no evidence that personal data was affected or that business operations were disrupted.
Source: Record Media
August 18, 2025
Allianz Life Insurance Company
Massive Allianz Life data breach impacts 1.1 million people
ShinyHunters
Allianz Life Insurance Company of North America endured a major data breach when attackers exploited a third-party, cloud-based CRM platform—via a social engineering-led Salesforce authentication exploit—to steal personally identifiable information for approximately 1.1 million U.S. customers, financial advisors, and select employees (including names, email and physical addresses, dates of birth, phone numbers, and Social Security numbers).
Allianz Life Data Breach
August 20, 2025
Business Council of New York State
Business Council of New York State says nearly 50,000 had data leaked in February cyber attack
Unknown
The Business Council of New York State had suffered a cyber attack in late February 2025 that resulted in the exposure of highly sensitive personal, financial, and medical information for approximately 47,329 individuals—including names, Social Security and state ID numbers, banking details, payment card data, PINs, tax identifiers, e-signatures, health diagnoses, treatments, prescriptions, and insurance records.
Source: Record Media
August 20, 2025
Orange Belgium
Major Belgian telecom firm says cyber attack compromised data on 850,000 accounts
Unknown
Orange Belgium suffered a cyber attack that compromised personal data—including full names, telephone numbers, SIM card numbers, PUK codes, and tariff plan details—for approximately 850,000 customers, though sensitive data like passwords, emails, and financial information remained secure.
Source: Record Media
August 25, 2025
Farmers Insurance
Farmers Insurance data breach impacts 1.1M people after Salesforce attack
ShinyHunters
Farmers Insurance suffered a data breach in May 2025 after the Salesforce-related supply chain attack, exposing personal data—including names, addresses, driver’s license numbers, birth dates, and partial Social Security numbers—of approximately 11 million people.
Source: Bleeping Computer
August 25, 2025
French retail giant Auchan
Auchan retailer data breach impacts hundreds of thousands of customers
Unknown
French retail giant Auchan had disclosed a cyber attack in late August 2025 that compromised personal data from loyalty accounts of several hundred thousand customers—including full names, titles, mailing addresses, email and phone contact details, and loyalty card numbers—while stressing that banking information, passwords, and PINs were unaffected, and that the French data protection authority (CNIL) had been notified.
Source: Bleeping Computer
August 25, 2025
Nissan
Nissan confirms design studio data breach claimed by Qilin ransomware
Qilin Ransomware
Nissan confirmed that hackers from the Qilin ransomware group had breached its subsidiary Creative Box Inc. in mid-August 2025—exfiltrating four terabytes of proprietary assets such as 3D vehicle design models, internal reports, financial documents, VR workflows, and photos
Source: Bleeping Computer
August 25, 2025
Maryland’s Transit Administration
Maryland investigating cyber attack impacting transit service for disabled people
Unknown
Maryland’s Transit Administration had faced a cyber attack that disabled its Mobility paratransit scheduling and real-time information systems—hampering new ride bookings and call-centre operations—while core services like buses and subways remained operational.
Source: Record Media
August 26, 2026
Nevada’s state government
Nevada closes state offices as cyber attack disrupts IT systems
Unknown
Nevada’s state government had suffered a network security incident that forced the closure of state offices for two days and knocked multiple government websites and phone lines offline—while emergency services stayed operational and officials noted that no personal data had been compromised.
Source: Bleeping Computer
August 26, 2026
Healthcare Services Group
Healthcare Services Group data breach impacts 624,000 people
Unknown
Healthcare Services Group detected a network intrusion in late 2024 (between September 27 and October 3), which exfiltrated sensitive personal data—such as names, Social Security numbers, driver’s license numbers, state IDs, financial account information, and login credentials—for approximately 624,000 individuals, prompting breach notifications and credit monitoring offers; as of their August 2025 disclosure, no ransomware group or hacker had claimed responsibility.
Source: Bleeping Computer
August 28, 2025
TransUnion
TransUnion suffers data breach impacting over 4.4 million people
ShinyHunters
TransUnion experienced a Salesforce-based data theft attack in late July 2025 which exposed personal data such as names, billing addresses, phone numbers, email addresses, dates of birth, and unredacted Social Security numbers of over 4.4 million U.S. individuals.
Source: Bleeping Computer
