ATSG, Inc., an IT services company based in New York serving healthcare organizations and other businesses, experienced a data breach that may have impacted the personally identifiable information and protected health information of approximately 909,...
In May 2024, Gas Express LLC, a large Circle K franchisee in the United States, experienced a data breach that exposed the personal information of numerous employees. This information included names, driver's license numbers, and Social Security numbe...
PPL Electric Utilities recently disclosed a data breach connected to a global cybersecurity incident in June 2023 involving MOVEit file transfer software. A Russian ransomware group exploited a vulnerability in the software to steal data from various...
SimonMed Imaging, a radiology practice based in Scottsdale, Arizona, experienced a ransomware attack last week. The attack was first reported by SuspectFile.com on Tuesday, with ransomware group Medusa claiming responsibility on the dark web. Medusa c...
BT Americas, Inc. experienced a data breach on its BT Conferencing platform on or around October 25, 2024. The breach was discovered by BT on an unspecified date and an investigation, aided by third-party cybersecurity experts, was launched. The inves...
Octagon, Inc. LLP recently experienced a data breach that exposed consumers' sensitive personal information. The breach was discovered after Octagon identified a security incident on its IT network. An investigation, conducted with the help of third-p...
On August 13, 2024, Bankers Cooperative Group, Inc. (BCG) discovered suspicious activity within one of their employee's email accounts. An investigation was immediately launched with the assistance of third-party cybersecurity experts. The investigat...
Zenith American Solutions, Inc. experienced a data breach beginning on September 6, 2024, when an unauthorized third party gained access to an employee's email account. Zenith discovered the breach on September 6, 2024, and initiated an investigation ...
In late December 2024, Asheville Eye Associates (AEA), a healthcare provider in Western North Carolina, experienced a cybersecurity incident involving the DragonForce ransomware group. DragonForce claimed to have stolen 540 GB of data, including names...
In February 2025, Lee Enterprises, a major U.S. newspaper chain, experienced a significant cybersecurity event that disrupted its operations. The incident, initially detected on February 3, affected the company's business applications, leading to disr...
Cyber Security Case Studies has worked with a number of groups to develop these risk effect categories which represent a plain-english description of the impacts seen in public cyber events alongside their definition: