In July 2025, a critical zero-day vulnerability in Microsoft SharePoint servers was actively exploited in a widespread global cyberattack, impacting an estimated 100 organizations, with potentially thousands more left vulnerable. The Cybersecurity and...
In June 2025, reports surfaced regarding a potential data breach at T-Mobile, with hackers claiming to have stolen 64 million customer records. The alleged breach included sensitive information such as full names, dates of birth, tax IDs, addresses, p...
In March 2023, Sur La Table, a company that sells kitchenware and offers cooking classes, experienced a data breach. The breach occurred between March 15th and March 25th, 2023, when an unauthorized party gained access to files containing sensitive em...
In December 2024, VisionPoint Eye Center (VisionPoint), an eye care practice based in Bloomington, Illinois, disclosed a data breach that exposed the personal and medical information of its patients. The breach stemmed from a cyberattack that occurred...
In December 2025, Aultman Health System announced a third-party data breach affecting an undetermined number of individuals. The breach occurred within the systems of Cerner Corporation, an IT vendor providing electronic medical record services to Aul...
In December 2025, Sax LLP, a New Jersey-based accounting firm, announced a data breach that occurred in late July 2024. The breach, detected on August 7, 2024, involved unauthorized access to the firm's network, potentially compromising the sensitive ...
In December 2025, Korean Air disclosed a data breach affecting approximately 30,000 employees. The breach stemmed from a cyberattack on Korean Air Catering & Duty-Free (KC&D), a former subsidiary and current in-flight catering supplier that was spun o...
In December 2025, Condé Nast, the parent company of Wired and other major publications, experienced a significant data breach. A hacker known as "Lovely" claimed responsibility, leaking over 2.3 million Wired subscriber records and threatening to rele...
In December 2025, Condé Nast, the parent company of Wired.com and other major publications, experienced a significant data breach. A hacker known as "Lovely" claimed responsibility, leaking the personal data of over 2.3 million Wired.com users on the ...
In December 2025, France's national postal service, La Poste, and its banking arm, La Banque Postale, were hit by a significant cyberattack during the peak Christmas season. The attack, identified as a Distributed Denial of Service (DDoS), rendered La...
Cyber Security Case Studies has worked with a number of groups to develop these risk effect categories which represent a plain-english description of the impacts seen in public cyber events alongside their definition: