In August 2025, the state of Nevada was hit by a significant cyberattack that crippled state services and shut down state offices and websites. The attack was later confirmed to be a ransomware attack, with officials acknowledging that some data had b...
In November 2025, Marshfield Clinic Health System announced a data breach that occurred in late August. The organization detected unusual activity in employee email accounts around August 27, 2025, and a subsequent investigation revealed unauthorized ...
In July of 2025, DealMed Medical Supplies, a medical supply manufacturer and distributor based in Brooklyn, NY, identified a data security incident. An investigation revealed that an unauthorized third party had accessed their network around June 7, 2...
In November 2025, GlobalLogic, a Hitachi-owned digital engineering company, disclosed a data breach affecting 10,471 current and former employees. The breach stemmed from a widespread exploitation of vulnerabilities in Oracle E-Business Suite (EBS) an...
In January 2025, Wakefield & Associates, a third-party collection agency for healthcare providers, identified suspicious activity on its network, leading to the discovery of a data breach. An unauthorized actor gained access to files containing protec...
In October of 2025, Jetobra, doing business as Hoffman Auto Group, discovered a significant data breach that had occurred the previous month. An unauthorized actor gained access to Jetobra's internal network between September 16th and 17th, 2025, pote...
On November 2025, the Malta Tax and Customs Administration (MTCA) experienced a data breach that exposed the contact details of approximately 7,000 companies. The incident occurred during a routine communication process when an incorrect file was atta...
In November 2025, Roger Keith & Sons Insurance Agency ("Roger Keith") announced a data breach that compromised sensitive personal and protected health information. The breach stemmed from a phishing attack on January 27, 2025, which allowed an unautho...
In November 2025, Checkout.com, a global payment service provider, disclosed a data breach after being targeted by the ShinyHunters extortion group. The attackers gained unauthorized access to a legacy, third-party cloud file storage system that was u...
Integrated Silicon Solution, Inc. (ISSI) experienced a data breach in June of 2025, which compromised the personal data of individuals. The incident was detected on June 30, 2025, prompting ISSI to launch an investigation with the assistance of third-...
Cyber Security Case Studies has worked with a number of groups to develop these risk effect categories which represent a plain-english description of the impacts seen in public cyber events alongside their definition: