In November 2024, Indiana University Health (IU Health) experienced a security breach when an employee's email account was compromised between August 27 and October 2, 2024. IU Health was first alerted to the potential breach on November 8, 2024, and...
Mortgage Investors Group (MIG), a prominent mortgage lender in the southeastern United States, experienced a significant cybersecurity breach in December of the previous year. The incident, which commenced on December 11th and was detected the followi...
Teton Orthopaedics, a medical practice based in Jackson, Wyoming, experienced a ransomware attack that exposed the sensitive personal and protected health information of 13,409 individuals. The attack, executed by the ransomware group DragonForce, occ...
The Kendal Corporation (TKC) experienced a data breach that exposed sensitive personal information of numerous current and former employees, as well as individuals associated with its affiliated care communities. The breach occurred on June 26 and Jun...
In October 2024, HCF Management Inc., a healthcare organization that manages numerous long-term care facilities, discovered unusual activity on its computer network. An investigation revealed that an unauthorized party had accessed the network on Sept...
DBM Global, Inc., a steel fabrication and erection company, experienced a data breach around November 20, 2024. The company discovered suspicious activity within its computer systems and confirmed unauthorized third-party access to sensitive personal ...
In January 2025, Nominet, the UK internet domain registry, experienced a cyber security breach. The unauthorized intrusion was made possible by exploiting a zero-day vulnerability in Nominet's Virtual Private Network (VPN) software, Ivanti Connect Se...
In November 2024, the City of Athens, Ohio fell victim to a sophisticated phishing scam resulting in the loss of $721,976.26. The perpetrators impersonated Pepper Construction, a contractor working with the city, and submitted fraudulent bank transfer...
In January 2025, a significant data breach was reported at Gravy Analytics, a location data broker, exposing sensitive location data of millions of smartphone users. The breach involved unauthorized access to Gravy Analytics' Amazon Web Services (AWS)...
In late 2024, Otelier, a cloud-based hotel management platform used by over 10,000 hotels worldwide, experienced a significant data breach. Threat actors exploited stolen employee credentials to access Otelier's systems, ultimately compromising approx...
Cyber Security Case Studies has worked with a number of groups to develop these risk effect categories which represent a plain-english description of the impacts seen in public cyber events alongside their definition: