In November 2025, the cybercriminal organization Cl0p exploited a zero-day vulnerability in Oracle's E-Business Suite, leading to significant data breaches for over 100 companies worldwide. The group, known for its sophisticated extortion techniques a...
In November 2025, Coupang, a major e-commerce company, experienced a significant data breach that compromised the personal information of over 4,500 customers. Unauthorized access to user accounts occurred on November 6th, but the breach went undetect...
In April 2025, Delta Dental of Virginia (DDVA) detected suspicious activity within an employee email account, leading to the discovery of a data breach that compromised the personal information of approximately 145,918 individuals. An unauthorized thi...
In November 2025, OpenAI experienced a significant data breach stemming from a security incident at Mixpanel, its third-party analytics provider. The breach exposed the personal data of some OpenAI API users, including names, email addresses, and user...
Harvard University experienced a data breach in November 2025, impacting its Alumni Affairs and Development Office. An unauthorized party gained access to the university's systems through a phone-based phishing attack. The compromised data includes pe...
In late September 2025, Asahi Group Holdings, Japan's largest brewing company, experienced a significant ransomware cyberattack that crippled its operations. The attack, claimed by the Qilin ransomware group, led to the theft of approximately 27 gigab...
Booking.com has become the latest target of the ClickFix cyberattack, a persistent phishing operation aimed at infecting hospitality workers with malware such as Remote Access Trojans (RATs) and infostealers. Threat actors are attempting to compromise...
In November 2024, Furniture Mart USA experienced a security incident that led to a data breach, compromising the sensitive personal information of 9,718 individuals. The company detected suspicious activity on its IT network on November 3, 2024, and i...
In March 2025, Merkur, a prominent German gambling company, experienced a significant security breach that potentially compromised the personal data of up to 800,000 players across several of its platforms, including Slotmagie, Crazybuzzer, and Merkur...
In late February 2025, Brydens Lawyers, a prominent New South Wales law firm with offices across Sydney and regional NSW, fell victim to a significant cyberattack. The firm, known for its close ties to various sporting organizations, including the NRL...
Cyber Security Case Studies has worked with a number of groups to develop these risk effect categories which represent a plain-english description of the impacts seen in public cyber events alongside their definition: