In December 2024, Eastern Washington University (EWU) discovered a data breach affecting former student and temporary employees dating back to 1997. An unauthorized individual gained access to an electronic folder containing sensitive employee informa...
A significant data breach recently affected Rapido, a major ride-hailing service in India. The breach originated from a vulnerability in their online feedback form, which exposed sensitive user and driver data. This vulnerability, discovered by a secu...
BT Group, a multinational telecommunications company, experienced a cybersecurity breach impacting its BT Conferencing division. The Black Basta ransomware group claims responsibility for the attack and alleges to have exfiltrated 500 GB of data, incl...
SRP Federal Credit Union (SRPFCU), headquartered in North Augusta, South Carolina, experienced a cybersecurity breach between September 5, 2024, and November 4, 2024. The credit union, which serves approximately 200,000 individuals in Georgia and Sou...
Sligo County Council in Ireland was fined €29,500 after an inquiry by the Data Protection Commission (DPC) found multiple breaches of the General Data Protection Regulation (GDPR). The inquiry, focused on the Council's use of CCTV and Automatic Number...
A ransomware attack on Wood County computer systems was detected on December 10, 2024. The attack impacted numerous county offices, including the sheriff's office, jail, and common pleas court. While emergency services have not been disrupted, many of...
In May 2024, Duke Energy, a utility company serving over 2 million customers in Florida, experienced a cyber security breach. The breach exposed customer data including names, birth dates, the last four digits of Social Security numbers, account numbe...
On February 17, 2024, Change Healthcare, a vendor used by BMC, experienced a data security breach. The breach potentially impacted some BMC patients' information. Change Healthcare is in the process of notifying individuals whose personal information...
On December 16, 2024, the Ukrainian TV channel Espreso was targeted in a cyberattack aimed at seizing control of its broadcasting capabilities. The attackers, identified as Russian hackers based on the content they attempted to broadcast, sought to sp...
PS Logistics, a transportation and logistics company specializing in flatbed trucking solutions, recently announced a data breach stemming from a cyberattack that occurred in February 2024. The breach was discovered on February 20, 2024, when an unaut...
Cyber Security Case Studies has worked with a number of groups to develop these risk effect categories which represent a plain-english description of the impacts seen in public cyber events alongside their definition: