In December 2025, Methodist Le Bonheur Healthcare, a six-hospital system based in Memphis, Tennessee, reported being affected by a data breach that occurred in January 2025 involving Oracle Health. Oracle Health, an EHR vendor, notified the healthcare...
In December 2025, Purpose Financial, formerly known as Advance America, reached a $7.75 million settlement in a class action lawsuit stemming from a data breach that occurred on February 7, 2023. The lawsuit alleged that Purpose Financial failed to im...
In December 2025, the Dutch Data Protection Authority (AP) fined HAN University of Applied Sciences €175,000 for violating the General Data Protection Regulation (GDPR) following a 2021 data breach. The breach occurred when a hacker gained access to t...
Strauss Borrelli PLLC is currently investigating McIntosh Laboratory, Inc. following a recent data breach that compromised sensitive personal information. McIntosh, an audio sound system manufacturing company founded in 1949 and based in Binghamton, N...
In December 2025, Mitchell County announced that it had experienced a data security breach. The incident was detected on October 20, 2025, when ransomware was discovered on the county's computer network. Upon detection, the county initiated an investi...
In December 2025, Kevin Tyler Martin, a former ransomware threat negotiator for DigitalMint, and Ryan Clifford Goldberg, who worked for Sygnia Cybersecurity Services, pleaded guilty to conspiracy to interfere with commerce by extortion. The charges st...
In December 2025, Microf, LLC, an HVAC financing and leasing company based in Georgia, reported a data breach affecting an undetermined number of individuals. The breach was discovered on June 19, 2025, when Microf became aware of potential unauthoriz...
In December 2025, the French data protection regulator, CNIL, fined Nexpublica France, a software company, €1.7 million ($2 million) due to inadequate cybersecurity practices that led to a data breach. The breach occurred in November 2022 when users o...
In December 2025, Prince William County Schools (PWCS) experienced a data breach involving the inadvertent sharing of parent and student information with Hazel Health, a contracted provider of mental telehealth services. The breach occurred when PWCS ...
In late December 2025, Associated Radiologists of the Finger Lakes, P.C. (ARFL) notified its current and former patients of a data breach that occurred in its systems during the final days of October. ARFL became aware of suspicious activity on Octobe...
Cyber Security Case Studies has worked with a number of groups to develop these risk effect categories which represent a plain-english description of the impacts seen in public cyber events alongside their definition: