A former Walt Disney World employee was arrested by the FBI for allegedly hacking into the company's servers and tampering with menu information. The suspect, a former menu production manager, was fired in June 2024 under contentious circumstances. Hi...
In September 2025, Zscaler, along with numerous other organizations, disclosed a data breach stemming from a supply chain attack targeting Salesloft Drift, a marketing automation platform integrated with Salesforce. The threat actor, identified as UNC...
In August 2025, Google confirmed that one of its corporate Salesforce instances was breached in June by the cybercriminal group ShinyHunters, also tracked as UNC6040, resulting in the theft of customer data. This incident is part of a larger wave of a...
In May 2024, Datavant Group, a health IT company, experienced a data breach stemming from a phishing email that compromised an employee's email account. An unauthorized individual gained access to the account for a brief period, potentially exposing t...
In June 2025, MemberSource Credit Union, a financial institution with approximately 15,000 members and $200 million in assets, experienced a significant data breach that compromised the personal and financial information of over 22,000 individuals. Th...
In May 2026, Edelson Lechtzin LLP, a national class action law firm, announced an investigation into a data breach affecting Cardinal Services, Inc., Cardinal Employer Organization, and Preferred Employer Solutions, collectively known as "Cardinal." C...
In March 2026, Station Casinos LLC, a hotel and casino company based in Las Vegas, experienced a data breach involving unauthorized access to its systems. The company discovered the breach on March 5, 2026, and believes the unauthorized access occurre...
In late March 2026, the Connecticut Department of Social Services (DSS) and Gainwell Technologies, the account administrator for the state's HUSKY Medicaid program, discovered a data breach affecting approximately 22,500 to 23,000 patients. An unautho...
Cross Valley Federal Credit Union (CVFCU) reached a settlement of up to $1 million to resolve a class action lawsuit stemming from a December 2024 cyberattack. The lawsuit alleged that CVFCU failed to adequately protect the sensitive information of it...
The INC Ransom threat group has claimed responsibility for a cyber attack against Metaval, an Australian engineering and manufacturing firm servicing the industrial sector globally. INC Ransom listed Metaval on its dark web leak site, alleging the exf...
Cyber Security Case Studies has worked with a number of groups to develop these risk effect categories which represent a plain-english description of the impacts seen in public cyber events alongside their definition: