In February 2026, Dutch telecommunications provider Odido suffered a cyberattack that compromised the personal data of approximately 6.2 million customers, including those of its subsidiary Ben. The breach occurred within a customer contact system, gr...
In October 2025, Goosehead Insurance Agency, LLC announced a cybersecurity incident that compromised the personal information of tens of thousands of individuals. The breach involved an unauthorized person gaining access to records containing customer...
A cybersecurity researcher discovered a publicly accessible, non-password-protected database containing over 178,000 unencrypted files linked to Invoicely, a cloud-based invoicing SaaS. The exposed documents included invoices, scanned checks, tax fili...
In October 2025, Arbella Insurance Group disclosed a data breach that compromised sensitive personal and protected health information. The breach led to concerns about the security of data entrusted to the company. Arbella reported the incident to the...
In October 2025, Doctors Imaging Group, a radiology practice in Florida, reported a significant data breach affecting over 171,000 individuals. The breach, classified as a "Hacking/IT Incident," occurred between November 5 and November 11, 2024, when ...
The Louisiana Office of Student Financial Assistance (LOSFA), the state agency responsible for managing the TOPS scholarship program and the START 529 education savings program, is currently investigating a technology outage that has significantly dis...
Skagit Regional Health has reached a settlement in a class action lawsuit alleging the unauthorized disclosure of patient information to third parties. The lawsuit claims that the hospital shared personal, identifiable, and protected health informatio...
In September 2025, Oxford County reported a cybersecurity incident impacting its information systems. Upon discovering the unauthorized activity, the county's IT staff took immediate action to prevent further intrusion. The county has engaged external...
In September 2025, Suffolk County Council experienced a cyber-attack that rendered its website and online services temporarily unavailable. The incident was confirmed by a council spokesperson as a denial of service (DoS) attack, characterized by a de...
On November 18, 2024, Tekni-Plex, Inc. discovered a data breach stemming from unauthorized access to their computer network. An investigation revealed that an unknown third party potentially accessed and acquired personal information between October 2...
Cyber Security Case Studies has worked with a number of groups to develop these risk effect categories which represent a plain-english description of the impacts seen in public cyber events alongside their definition: