In March 2024, Lee University, a Christian university in Cleveland, Tennessee, experienced a data breach due to a third-party software vulnerability. The breach was discovered a year later, in March 2025, and affected current and former students, dono...
Pacific Residential Mortgage (PacRes Mortgage) experienced a ransomware attack on February 10, 2025. An investigation revealed that an unauthorized third party gained access to sensitive personal information, including names, addresses, dates of birt...
Several major Australian superannuation funds, including AustralianSuper, Australian Retirement Trust, Rest, Hostplus, and Insignia Financial, experienced cyberattacks using credential stuffing. This method uses stolen credentials from other breaches...
Over the past weekend, several large Australian superannuation funds experienced a series of credential stuffing cyberattacks. While the majority of attacks were thwarted, some resulted in unauthorized access to thousands of member accounts, with at ...
Central Texas Pediatric Orthopedics (CTPO) experienced a data breach on or around March 3, 2025. The breach was discovered during a routine security check, prompting CTPO to initiate an investigation with the help of cybersecurity specialists. The inv...
In late March 2025, Europcar Mobility Group, a global car rental company, experienced a significant data breach. A threat actor infiltrated the company's systems, gaining access to their GitLab repositories. The hacker, using Europcar's name as an ali...
Monro, Inc., a company entrusted with sensitive personal and protected health information, experienced a data breach in late 2024. The breach originated from an employee's compromised electronic mailbox, which an unauthorized third party accessed. Thi...
Nevro Corp., a medical device company based in Redwood City, California, experienced a data breach that exposed the personal information of approximately 6,381 individuals in Texas. The breach, discovered in April 2025, involved unauthorized access to...
In September 2024, Chord Specialty Dental Partners, a dental service organization supporting over 60 practices across six US states, discovered suspicious activity in an employee's email account. An investigation revealed unauthorized access to multip...
A Maryland pharmacist is facing allegations of installing spyware on 400 computers at the University of Maryland Medical System over an eight-year period. The lawsuit, filed by six women, claims the pharmacist used this access to spy on women at the h...
Cyber Security Case Studies has worked with a number of groups to develop these risk effect categories which represent a plain-english description of the impacts seen in public cyber events alongside their definition: