A threat actor affiliated with the HellCat ransomware group has claimed responsibility for a significant data breach at Telefónica. The attacker, known as "Rey", alleges the exfiltration of over 106GB of sensitive internal data.

The City of Coppell, Texas, has notified 16,835 residents of a data breach following a ransomware attack in October 2024. The breach exposed sensitive personal data, including Social Security numbers.

IdeaLab is notifying individuals impacted by a data breach incident last October when hackers accessed sensitive information. The leak contains 137,000 files totaling 262.8 GB in size.

On April 22, 2025, Gloucester County, Virginia, experienced a ransomware attack that compromised sensitive data of 3,527 current and former employees. The BlackSuit ransomware group later claimed responsibility for the attack.

Surmodics, a Minnesota-based medical device manufacturer, reported a cyberattack discovered on June 5, 2025, which forced the company to shut down parts of its IT infrastructure.

Kelly Benefits disclosed a significant data breach that affected over 553,000 individuals. The breach, which occurred in December 2024, has impacted dozens of corporate clients across critical sectors including healthcare and financial services.

Australian airline Qantas detected a cyberattack involving a third-party platform used by its contact center. The breach, publicly disclosed on July 2, 2025, potentially exposed personal data of up to six million customers.

Ahold Delhaize, a major global food retailer, disclosed a ransomware attack on its US operations that exposed personal data of over 2.2 million individuals. The attack was detected on November 6, and primarily affected internal employment records.

The International Criminal Court (ICC) has reported a new, sophisticated, and targeted cybersecurity incident, detected and contained through its internal alert and response mechanisms.

The ransomware attack forced Johnson Controls to shut down large portions of its IT infrastructure, severely impacting global operations and customer-facing systems. The initial breach occurred in Johnson Controls’ Asian offices in February 2023.