Data Breaches

From the Office of NYS Comptroller Thomas P. DiNapoli: North Salem Central School District – Audit Follow-Up (2022M-140-F) Issued Date September 26, 2025 [read complete report – pdf] | [read complete 2022 report – pdf] Purpose of Review The purpose of our review was to assess the North Salem Central School District’s (District’s) progress, as of May… Source

Frederick Sutton Sinclair of CBS reports: The University of Pennsylvania is investigating a vulgar email that was sent to members of its campus community. Penn told CBS News Philadelphia that it was not hacked, but the university is working to find the source of the fraudulent email. The email’s subject line read “We Got Hacked”… Source

Veradigm LLC is a health information technology company that provides software solutions to healthcare providers. On September 22, 2025, Veradigm filed breach notification letters with some state attorneys general. According to the notice, Veradigm learned that an unauthorized party accessed some clients’ data on December 15, 2024. The clients’ data was located in a storage… Source

Mathew J. Schwartz reports: Russian police arrested “three young IT specialists” suspected of developing and selling the Meduza credential-harvesting malware. Authorities from the Ministry of Internal Affairs of Russia, together with police investigators, charged the men with developing and supplying the information-stealing malware, and tied it to an attack that breached and stole data from… Source

Mathura Kayir reports: In a historic breach of China’s censorship infrastructure, over 500 gigabytes of internal data were leaked from Chinese infrastructure firms associated with the Great Firewall (GFW) in September 2025. Researchers now estimate the full dump is closer to approximately 600 GB, with a single archive comprising around 500 GB alone. The material… Source

Today’s reminder of the insider threat comes to us from the National Health Service in the U.K. Craig Meighan and Billy Gaddi report: A woman has been charged after Scots patients had their private medical records accessed during an NHS data breach. Reports suggest around 100 patients in NHS Lothian could have had their records… Source

Charmian Aw, Melissa B. Levine, and Ciara O’Leary of Hogan Lovells write: On 9 October 2025 the Federal Court of Australia (the Court) imposed an AU$5.8 million civil penalty on Australian Clinical Labs Limited, one of Australia’s largest private hospital pathology service providers (the Company), for systemic failures that led to the unauthorised access to… Source

‏DataBreaches recently reported that researchers had discovered two courts had sealed filings and court records exposed, but the vendor responsible wasn’t responding to notifications. Despite months of trying to get a software vendor to respond to alerts that their clients’ files are exposed on the internet — including confidential and sealed court records — the… Source

Waqas reports: A Ukrainian national accused of helping run one of the world’s most damaging ransomware operations, Conti, is now in US custody. After being extradited from Ireland, 43-year-old Oleksii Oleksiyovych Lytvynenko made his first court appearance in the Middle District of Tennessee to face charges tied to the Conti ransomware group. Prosecutors allege that… Source

Jim Dunton reports: The chief executive of the Legal Aid Agency has told MPs that the organisation is still working out the extent of a cyberattack that was uncovered back in the spring. Jane Harbottle told members of parliament’s Public Accounts Committee that a team of analysts is still exploring how much of the compromised… Source