In January 2025, Alpha Baking Co. experienced a data breach that compromised the private information of its consumers, leading to a class action lawsuit. The lawsuit alleged that Alpha Baking failed to adequately protect sensitive information, includi...
In May 2026, OpenAI confirmed a security breach stemming from a supply chain attack targeting open-source software. The incident involved the Shai-Hulud malware campaign and affected two employee devices through a compromised TanStack npm package, a t...
In May 2026, a series of cyberattacks targeted France's tourism industry, impacting multiple booking websites. Gîtes de France, a popular booking platform, reported a security incident resulting in unauthorized access to customer booking records. The ...
Verber Dental Group, a dental practice operating 14 locations in South Central Pennsylvania, experienced a data security breach that potentially compromised patient information. The company detected unusual network activity on January 27, 2026, and im...
The town of Surfside Beach, South Carolina, fell victim to a cyber scam in March 2026, resulting in a loss of over $545,000. The incident involved a fraudulent payment intended for Wildcat Contractors, Inc., a North Carolina construction firm. Town of...
In May 2026, the African National Congress (ANC), South Africa's largest political party, was reportedly hit by a data breach in which nearly 2GB of private information belonging to its members was exposed. The cybercriminal group Black X claimed resp...
The Goodstone Group, a hospitality organization operating in northern Tasmania, Australia, has confirmed it was the victim of a ransomware attack by the CMD Organization. The attack, which began on April 18, 2026, resulted in the theft of data from th...
On Wednesday, May 2026, Murray County Government experienced a cyberattack that significantly impacted several county offices, leading to closures and limited functionality. The Tax Commissioner's Office, Tax Assessor's Office, Juvenile Court, and Pro...
The Boys & Girls Club of the Northern Plains, specifically its Yankton Club branch, fell victim to a sophisticated cyberattack resulting in a $200,000 loss. The attack, classified as a "deepfake fraud," involved the use of AI-powered voice cloning and...
In May 2026, a series of cyberattacks targeted high-profile Signal users in Germany, raising concerns about the security of the encrypted messaging app. Reports from German media outlets indicated that approximately 300 Signal accounts belonging to po...
Cyber Security Case Studies has worked with a number of groups to develop these risk effect categories which represent a plain-english description of the impacts seen in public cyber events alongside their definition: