Data Breaches Digest - Week 51 2025

Welcome to this week's Data Breaches Digest, a catalogue of links concerning Data Breaches and Cyber Security that were published on the Internet during the period between 15th December and 21st December 2025.

16th December

Australia: Two Queensland clinics named in separate alleged ransomware listings

15th December

16TB of MongoDB Database Exposes 4.3 Billion Lead Gen Records

100GB Database of Kuwait Energy Basra Leaked Online

700Credit Data Breach Exposes 5.6 Million Americans’ SSNs and Personal Info

700Credit data breach exposes millions of personal records

700Credit Data Breach Exposes Names, Addresses, and Social Security Numbers

700Credit Data Breach Impacts 5.8 Million Individuals

700Credit data breach impacts 5.8 million vehicle dealership customers

Afghan Refugees Sue UK Ministry Of Defence Over Data Breach

Almost half of business owners in the floriculture sector are unaware of the consequences of cyber-attack

Apple urges updates as hackers target iPhones

Asahi Cyberattack Forces Shift to Zero-Trust Model, Delays Earnings by Over 50 Days

Asahi to Launch Cybersecurity Overhaul After Crippling Cyber-Attack

Beware of DroidLock, an Android Ransomware that Can Take Over Your Phone and Infiltrate Banking Data

BlueCross members in Tennessee urged to act after data breach exposes personal info

BreachForums Reemerges, Admin Apologizes for Honeypot Confusion, Claims the Attack the French Government Announced Impacting Over 16 Million Individuals

Coinbase Phishing Scammer Arrested in New York After Probe

Conduent data breach exposed data of 10.5 million people, including Social Security numbers

Coupang CEO Steps Down After Data Breach Hits 33.7 Million Users

Coupang data breach fuels calls to expand class action lawsuits

Coupang data breach traced to ex-employee with system access

Critical Amazon Kindle Hack Confirmed - What You Need To Know

Critical React2Shell Vulnerability (CVE-2025-55182) Analysis: Surge in Attacks Targeting RSC-Enabled Services Worldwide

Cyber attack on Leroy Merlin

Data breach at 700Credit exposes personal info of 5.8 million Americans

Diaz Gill Medicina Laboratorial S.A. Targeted by RansomHouse Ransomware Attack

DraftKings Hacker Pleads Guilty After Group Stole About $600K

DXS Systems Ransomware Attack by Devman Group (300GB Data Breach)

Europe’s Digital Markets Act (DMA) raises new security worries for mobile ecosystems

Expert MRI Data Breach Exposes PII & PHI

FBI Cautions Alaskans Against Phone Scams Using Fake Arrest Threats

FBI confirms 630,000,000 passwords stolen in major data breach

Featured Chrome Browser Extension Caught Intercepting Millions of Users' AI Chats

Flaw in Hacktivist Ransomware Lets Victims Decrypt Own Files

Former Coupang employee linked to data breach exposing 33.7 million customer records

FreePBX Patches Critical SQLi, File-Upload, and AUTHTYPE Bypass Flaws Enabling RCE

French Interior Ministry confirms cyberattack on email servers

FrogBlight Android Banking Trojan Targets Turkish Android Users via Smishing and Fake Government Court File Portals

Gentlemen Ransomware Emerges as a Threat to Corporate Networks

GitHub Scanner for React2Shell (CVE-2025-55182) Turns Out to Be Malware

Google links more Chinese hacking groups to React2Shell attacks

Google Threat Research Uncovers Data Breach in NHS Linked to Oracle Vulnerability

Hackers Steal Personal Data in 700Credit Breach Affecting 5.6 Million

Hackers turn ChatGPT, Grok chat links into malware traps on search engines

Hamas Linked Hackers Using AshTag Malware Against Diplomatic Offices

Harbour Town Doctors suffers alleged patient data breach

Healthcare Interactive data breach exposes sensitive information of 87,565 Americans

How AI Can Help Fight the Ransomware Threat

How to Spot a Browser-in-the-Browser Phishing Attack

Inc Ransomware Group Attack Hits City of Signal Hil and Steel Works Inc

Information Commissioner’s Office (ICO) Issues Post Office Public Reprimand Instead of Fine Over Data Breach

Jaguar Land Rover confirms staff data stolen in cyberattack

LastPass fined £1.2M by ICO for comprehensive data breach

Major Data Breach at 700Credit Linked to Third-Party API Vulnerability

Manufacturing is becoming a test bed for ransomware shifts

Manufacturing sector turns into a testing ground for ransomware hackers

Marquis Companies Data Breach Exposes SSNs & Medical Info

McElroy & Associates (OPEH&W Health Plan) Data Breach Affects 6,633 People

Nashua Botswana Data Breach: 21.5GB Sensitive Data for Sale

National Cyber Security Centre (NCSC) Playbook Embeds Cyber Essentials in Supply Chains

Nearly 20 million affected by Prosper, 700Credit data breaches

New Android Malware Mimic as mParivahan and e-Challan Attacking Android Users to Steal Login Credentials

New Gentlemen Ransomware Breaching Corporate Networks to Exfiltrate and Encrypt Sensitive Data

New Gentlemen Ransomware Hits Corporations, Steals Confidential Data Before Locking Systems

New VolkLocker Ransomware Variant Targets Both Linux and Windows Systems

PayPal Subscription Feature Abused in Sophisticated Phishing Campaign

PEAR Ransomware Group Lists Angstrom Automotive and Gordon Clifford

Petco confirms major data breach involving customer data

Phantom Stealer Spread by ISO Phishing Emails Hitting Russian Finance Sector

Pierce County Library System Cyberattack Exposes Data of Over 340,000 People

PlayTicket Data Breach: 210k User and Order Records for Sale

PornHub extorted after hackers steal Premium member activity data

Preparing users for the newest wave of AI-powered phishing

Pro-Russian CyberVolk Ransomware Flawed by Master Key for Free Decryption

Qilin Ransomware Breaches STIC, Hopper, Kier & Wright

Ransomware, Cloud and AI Risks Reshape the Global Cyber Threat

Ransomware victims to top 7,000 by 2026 as cloud risks rise

Researchers see global surge in attacks by new ransomware group “Gentlemen”

Royal Family thrown into chaos after King Charles’ confidential data breach

Russian Phishing Campaign Delivers Phantom Stealer Via ISO Files

Russian spy tracked down using her cat’s microchip number

Sophos finds rise in data theft as encryption declines in manufacturing attacks

Still running Windows 10? Here's why that's a bad idea

Storm-0249 Abusing EDR Process Via Sideloading to Hide Malicious Activity

Storm-0249 Exploits EDR Process Sideloading to Conceal Malicious Behavior

Texas sues 5 smart TV manufacturers over data collection practices

The Budget Effect of a Security Incident

'The hunt has begun': Iran-linked hackers put bounties for info on Israeli air defense developers

ThermoEx Company Limited Data Breach: 170GB of Files for Sale

Third Defendant Pleads Guilty in Fantasy Sports Betting Hack Case

Third DraftKings Hacker Pleads Guilty

Top 25 Most Dangerous Software Weaknesses of 2025 Revealed

U.S. fintech and data services firm 700Credit suffered a data breach impacting at least 5.6 million people

Up to 300 attempts made to access information from Police Service of Northern Ireland (PSNI) data breach

Update your Apple devices to fix actively exploited vulnerabilities! (CVE-2025-14174, CVE-2025-43529)

Venezuela: Cyber attack hits PDVSA systems, oil cargo delays confirmed

Venezuela announces that the state-owned oil company has been subjected to a cyber attack

Venezuela's PDVSA suffers cyberattack, tankers make u-turns amid tensions with US

Venezuelan Regime Accuses U.S. Of Conducting Cyber Attack Against Its State-Run Oil Company: 'Trying To Affect National Stability'

Victory Disability Data Breach Exposes Sensitive Patient Info

Village of Franklin Falls Victim to Cyber Crime

VolkLocker Emerges as a Cross-Platform Ransomware Threat Targeting Linux and Windows

VolkLocker Ransomware Exposed by Hard-Coded Master Key Allowing Free Decryption

What types of compliance should your password manager support?

World Leaks Ransomware Hits Thrings Solicitors and Wavenet

Yalidine Express Allegedly Breached: 123 GB of Data Listed for Sale