In November 2025, SitusAMC, a technology vendor providing services to the real estate finance industry, experienced a cyberattack that potentially compromised sensitive client data. The breach, detected on November 12, 2025, involved unauthorized acce...
In March 2025, Davis Lu, a former senior software developer, was found guilty of sabotaging his ex-employer, Eaton Corporation. Lu, who had been with the company from November 2007 to October 2019, introduced malware onto the company's production syst...
In March 2025, Federman & Sherwood announced an investigation into a data breach affecting Archie Cochrane Motors, a Ford dealership headquartered in Billings, Montana. The breach was reported to the Attorney General of Vermont on February 27, 2025, a...
In January 2024, Ripple co-founder Chris Larsen suffered a $150 million cryptocurrency theft, which has now been linked to the LastPass security breach of 2022. U.S. federal investigators have reached the same conclusion as security researchers who, s...
In March 2025, it was revealed that the Renton School District suffered a ransomware attack in August 2023, with the Akira ransomware group claiming responsibility and threatening to leak 200 gigabytes of stolen data, including sensitive medical infor...
Endless Mountains Health Systems (EMHS) in Pennsylvania is currently managing a cyberattack that has disrupted its operations and affected some of its systems. The organization first acknowledged the issues on its Facebook page starting March 3, 2025,...
In November 2025, Salesforce confirmed it was investigating a security incident involving unusual activity within Gainsight-published applications connected to its platform. The investigation revealed that unauthorized access to certain customers' Sal...
A significant cyber security incident has come to light involving Italy's national railway operator, FS Italiane Group (FS), and their IT services provider, Almaviva. A threat actor claims to have successfully breached Almaviva's systems, resulting in...
In November 2025, Norway Savings Bank (NSB), a Maine-based financial institution, announced a data breach that may have compromised the personal information of approximately 51,000 individuals. The breach occurred on August 14, 2025, at Marquis Softwa...
In November 2025, Coupang, a major e-commerce company, experienced a significant data breach that compromised the personal information of over 4,500 customers. Unauthorized access to user accounts occurred on November 6th, but the breach went undetect...
Cyber Security Case Studies has worked with a number of groups to develop these risk effect categories which represent a plain-english description of the impacts seen in public cyber events alongside their definition: