In October 2025, Dentsu, a global advertising and public relations firm, disclosed a "security incident" affecting its U.S.-based subsidiary, Merkle. The incident involved unauthorized access to Merkle's network, leading to the exfiltration of certain...
In August 2025, Google confirmed that one of its corporate Salesforce instances was breached in June by the cybercriminal group ShinyHunters, also tracked as UNC6040, resulting in the theft of customer data. This incident is part of a larger wave of a...
In November 2025, a significant data breach at Swedish IT company Miljödata, a major IT systems supplier for approximately 80% of Sweden's municipalities, exposed the personal information of over 1.5 million individuals, prompting a formal investigati...
In October 2025, the University of Pennsylvania (UPenn) experienced a significant cyber security breach that began with mass emails sent from compromised university accounts. These emails contained offensive content criticizing the university as an "e...
New York Attorney General Letitia James has filed a lawsuit against Allstate and its National General unit, alleging failures in data security that led to two significant data breaches in 2020 and 2021. These breaches exposed the driver's license numb...
In August 2025, Cisco disclosed a data breach stemming from a successful voice phishing (vishing) attack against one of its representatives. The incident, discovered on July 24, involved a malicious actor who manipulated an employee into granting unau...
Taiwanese authorities have detained three individuals, including two current employees and one former employee, for allegedly stealing technology trade secrets from Taiwan Semiconductor Manufacturing Co. (TSMC), the world's largest chip foundry. The d...
Michigan State Police and the Great Lakes Water Authority (GLWA) are currently investigating a potential cyber breach that occurred at the Northeast Water Treatment Plant in Detroit. The incident involved a standalone monitoring and reporting system a...
In July 2025, a cybercriminal known as Tsar0Byte claimed responsibility for breaching Nokia’s internal network. The attacker asserted they gained unauthorized access through a third-party contractor's system, exploiting its integration with Nokia’s in...
In September 2025, Anchorage Neighborhood Health Center (ANHC) experienced a data security incident where an anonymous hacker group claimed to have stolen and leaked patient records. The FBI is aware of the alleged breach affecting ANHC and takes such...
Cyber Security Case Studies has worked with a number of groups to develop these risk effect categories which represent a plain-english description of the impacts seen in public cyber events alongside their definition: