In late 2021, Lakeview Loan Servicing, a large mortgage servicing company, experienced a cyberattack that compromised the personal data of roughly 2.5 million borrowers. The attack compromised sensitive information, including Social Security numbers. ...
In March 2025, Ontario Medical Supply (OMS), a vendor for Ontario Health atHome, which coordinates home care and palliative resources, experienced a significant ransomware attack. The initial infiltration occurred on March 17, 2025, with the ransomwar...
In March 2026, Service Lighting, Inc., a light fixture and bulb provider based in Minnesota, experienced a cybersecurity incident that compromised the payment card information of over 25,000 individuals. An unauthorized person gained access to Service...
In March 2026, L&S Mechanical, a Texas-based plumbing, HVAC, and electrical services contractor, reported a significant data breach affecting 5,139 Texas residents. The breach was the result of a ransomware attack claimed by the Space Bears group, who...
In March 2026, the Department of Health and Human Services' (HHS) Office for Civil Rights (OCR) announced a settlement with MMG Fusion, LLC (MMG), a Maryland-based software company, regarding potential violations of the Health Insurance Portability an...
A developer experienced a significant financial shock after their Google Cloud API key was compromised, leading to over $82,000 in unauthorized charges within a 48-hour period. The charges stemmed primarily from the use of Gemini 3 Pro Image and Gemin...
A potential data breach at Colombia's national tax authority, the Dirección de Impuestos y Aduanas Nacionales (DIAN), has caused significant concern due to the possible exposure of millions of citizens' records. A hacker, known as "ArcRaidersPlayer," ...
In March 2026, NYC Health + Hospitals disclosed two separate data security incidents affecting patients' personal and protected health information. The first incident involved NADAP, a care management partner providing services under NYC Health + Hosp...
In March 2026, Passaic County, New Jersey, experienced a malware attack that disrupted its IT systems and phone lines. County officials are working with federal and state authorities to investigate and contain the issue. The county first reported phon...
In March 2026, Brown Advisory LLC, a Maryland-based investment management and strategic advisory firm, reported a data breach affecting over 1,900 individuals. The breach was discovered on January 21, 2026, when the company identified unauthorized acc...
Cyber Security Case Studies has worked with a number of groups to develop these risk effect categories which represent a plain-english description of the impacts seen in public cyber events alongside their definition: