In March 2018, Air Canada disclosed that some of its customers' hotel booking information may have been compromised due to a data breach at Orbitz, a travel partner. According to Air Canada, Orbitz reported a breach affecting approximately 800,000 rec...
On September 29, 2025, Humana, Inc. discovered unauthorized access to its internal systems stemming from a vulnerability in a vendor's Oracle software. The law firm Edelson Lechtzin LLP is investigating potential data privacy claims related to this br...
In November 2022, Tangoe US, a business-to-business company managing telecom, mobile, and cloud expenses for large enterprises, experienced a data breach when an unauthorized third party accessed its computer systems. The breach, which occurred betwee...
In April 2026, the Italian data protection regulator levied a €12.5 million ($14.7 million) fine against Italy's national postal service provider, Poste Italiane SpA, and its digital payments subsidiary, Postepay SpA, for data privacy violations. Post...
Lovable, a Swedish AI-powered platform that allows users to build applications without coding, is facing scrutiny over a recent security incident. A researcher discovered a vulnerability that allowed anyone with a free account to access sensitive data...
In April 2026, a significant cyber security incident occurred within the New South Wales (NSW) government, involving the alleged exfiltration of a substantial cache of sensitive documents. Internal security monitoring systems detected a suspected unau...
In April 2026, the Mexican cybersecurity firm BePrime, which provides security services to major corporations, suffered a significant cyberattack. The attackers claimed to have exfiltrated 12.6 GB of data and gained access to the company's network inf...
The Chartered Institute of Bankers of Nigeria (CIBN) is reportedly the victim of a significant cybersecurity incident involving a potential data breach of approximately 250GB. The alleged breach, which surfaced on underground cybercrime forums, involv...
In April 2026, the French government's National Agency for Secure Documents (ANTS), also known as France Titres, which manages official identity and registration documents like ID cards, passports, and driver's licenses, suffered a cyberattack. The In...
In January 2025, Lexington Diagnostic Center (LDC) disclosed a data breach that compromised the sensitive personal and protected health information of thousands of individuals. The breach stemmed from a security incident that LDC became aware of aroun...
Cyber Security Case Studies has worked with a number of groups to develop these risk effect categories which represent a plain-english description of the impacts seen in public cyber events alongside their definition: