In late 2021, Lakeview Loan Servicing, a large mortgage servicing company, experienced a cyberattack that compromised the personal data of roughly 2.5 million borrowers. The attack compromised sensitive information, including Social Security numbers. ...
In March 2026, L&S Mechanical, a Texas-based plumbing, HVAC, and electrical services contractor, reported a significant data breach affecting 5,139 Texas residents. The breach was the result of a ransomware attack claimed by the Space Bears group, who...
In March 2026, Brown Advisory LLC, a Maryland-based investment management and strategic advisory firm, reported a data breach affecting over 1,900 individuals. The breach was discovered on January 21, 2026, when the company identified unauthorized acc...
In March 2026, Strauss Borrelli PLLC announced an investigation into a data breach affecting Northwest Medical Homes, LLC, which operates as Springfield Family Physicians. The breach involved the potential compromise of sensitive personal information ...
In December 2025, Frankel Loughran Starr & Vallone LLP (FLSV), an accounting and tax advisory firm, experienced a data breach that compromised sensitive personal information. The firm discovered unusual activity disrupting access to certain systems an...
In March 2026, Wendy Foster, O.D., an optometry practice based in Kansas, experienced a data breach impacting approximately 20,000 individuals. The breach involved sensitive personal information and protected health information. Wendy Foster provides ...
In March 2026, Children's Council of San Francisco, a non-profit child care organization, announced a data breach affecting over 12,000 individuals. The incident, which occurred on August 3, 2025, involved a network disruption that led to an investiga...
In February 2026, Dutch telecommunications provider Odido suffered a cyberattack that compromised the personal data of approximately 6.2 million customers, including those of its subsidiary Ben. The breach occurred within a customer contact system, gr...
In March 2026, Mercer Advisors, a large Registered Investment Advisor (RIA), became the target of a cyberattack by the notorious "pay or leak" group ShinyHunters, resulting in two class-action lawsuits. ShinyHunters, known for high-profile data breach...
M&Y Personal Injury Lawyers, a California-based law firm specializing in personal injury cases, experienced a data breach involving sensitive personal information and protected health information. The breach was first detected on November 25, 2025, wh...
Cyber Security Case Studies has worked with a number of groups to develop these risk effect categories which represent a plain-english description of the impacts seen in public cyber events alongside their definition: