In December 2024, VisionPoint Eye Center (VisionPoint), an eye care practice based in Bloomington, Illinois, disclosed a data breach that exposed the personal and medical information of its patients. The breach stemmed from a cyberattack that occurred...
In August 2025, the Qilin ransomware group claimed responsibility for a cyberattack on Nissan's design studio, Creative Box Inc. (CBI), resulting in the theft of 4 terabytes of sensitive data. This data included 3D vehicle designs, internal reports, f...
In November 2024, Legends International, a global sports and entertainment venue management firm, detected unauthorized activity within its IT systems, leading to a data breach. The company, which manages over 350 venues across five continents and gen...
In April 2025, Business Insurance Services, Inc. (BISI), a Hawaii-based insurance agency, publicly announced a data breach that compromised the personal information of certain customers. The company became aware of potential unauthorized network acces...
In April 2025, German intelligence officials began investigating a suspected Russian cyber attack targeting the German Association for East European Studies (DGO). The DGO, a research group specializing in foreign policy and international relations, i...
In August 2024, Charlton Athletic Football Club experienced a ransomware cyber attack that resulted in the loss of significant financial data. The attack targeted the club's legacy accounting system, which had been in use since October 2023. While the...
Fairfax County is exploring ways to improve its ambulance fee collection rates following disruptions caused by a cyberattack on its former billing contractor, Change Healthcare, in February 2024. The data breach led to a halt in billing for Fairfax Em...
In April 2025, the UK's Information Commissioner's Office (ICO) fined Merseyside-based law firm DPP Law Ltd £60,000 following a cyber attack in June 2022 that resulted in the exposure of highly sensitive client information on the dark web. The ICO det...
In December 2025, Baker University announced a data security event stemming from suspicious network activity detected in December 2024, which caused a network outage. An investigation revealed that unauthorized access and acquisition of files occurred...
The state of New York is suing Early Warning Services (EWS), the company behind the Zelle money transfer system, alleging years of poor cybersecurity practices and inadequate fraud protections that led to over $1 billion in fraudulent transactions. Th...
Cyber Security Case Studies has worked with a number of groups to develop these risk effect categories which represent a plain-english description of the impacts seen in public cyber events alongside their definition: