The Week in Breach News: 04/23/25 – 04/29/25    

Exploit: Hacking

Industry: Real Estate

The Siegel Group, a Las Vegas-based real estate firm, recently revealed a data breach that compromised sensitive personal and protected health information. The breach occurred between January 28 and February 2, 2025, when an unauthorized third party accessed files on the company’s network. The impacted data may include names, Social Security numbers, birth dates, passport numbers, state IDs, direct deposit details, signatures and medical information. Following an investigation, Siegel Group identified the affected individuals and began notifying them on March 31, 2025. Compensation may be offered to those whose information was compromised. 

Exploit: Hacking

Industry: Food & Agriculture

Cereal maker WK Kellogg Co. confirmed it fell victim to a cyberattack by cybercrime group Cl0p. The group has been exploiting vulnerabilities in Cleo file-transfer software, which over 4,000 organizations worldwide use. The Michigan-based cereal company said the Cleo servers, used to transfer employee files, were hacked on December 7, 2024, but the breach wasn’t discovered until February 27, 2025. The filing with the Maine Attorney General noted that the exposed data included the name and Social Security number of a Maine-based employee. Still, it remains unclear whether additional employees were affected.

Exploit: Hacking

Industry: Education

Fall River Public Schools is investigating a cybersecurity breach after an unauthorized party accessed parts of the district’s internal network, the district announced Monday, April 7, 2025. The district’s chief information officer discovered the suspicious activity earlier that day. IT staff acted quickly to contain the incident and are now working with third-party cybersecurity experts and law enforcement to investigate the breach. In a press release, the district stated there is currently no evidence that any personal data belonging to students or staff was accessed or misused.

Exploit: Hacking

Industry: Technology

A hacker known as “Satanic” is claiming responsibility for a data breach involving SendGrid, a cloud-based email platform owned by Twilio. The hacker posted on Breach Forums on April 3, 2025, offering the stolen data for $2,000. The database, which allegedly contains information for 848,960 entities, includes detailed customer and company data such as emails, phone numbers, physical addresses, social media profiles, company revenue, employee counts and financial metrics. The data also reveals company tech stacks, including CMS platforms, payment solutions and CRM tools. High-profile companies like Bank of America, Bazaarvoice and the BBC are reportedly among the exposed entities. The data is highly structured, containing not just contact info but also insights into web analytics, internal emails, geolocation and backend technologies, suggesting this breach could be more than a typical leak.

Exploit: Hacking

Industry: Healthcare

ALN, a Nebraska-based healthcare services provider recently acquired by Health Prime International, has disclosed a data breach involving sensitive personal information. Founded in 2000, ALN provides operational support and revenue cycle management to more than 800 clients and 6,000 physicians nationwide. The company reported that in March 2024, it detected suspicious activity on certain systems hosted by a third-party service provider. An investigation revealed that between March 18 and March 24, 2024, an unauthorized party may have accessed sensitive personal data stored in the affected environment. The potentially compromised information includes names, Social Security numbers, driver’s license and government-issued ID numbers, financial details, medical information, and health insurance data. ALN has not publicly disclosed how many individuals were impacted but it has taken steps to notify affected parties and enhance security protocols in coordination with Health Prime.

Exploit: Hacking

Industry: Non-profit

German authorities suspect Russian state-backed hackers were behind a recent cyberattack on the German Association for Eastern European Studies (DGO), marking the second breach of the Berlin-based research institute in just six months. The late-March 2025 attack, described by the DGO as “highly professional,” specifically targeted its email systems and succeeded in bypassing enhanced cybersecurity defenses implemented after an earlier October 2024 breach. German intelligence officials believe the intrusion may be linked to APT29, also known as Cozy Bear, a group reportedly affiliated with Russia’s Foreign Intelligence Service (SVR). The DGO, which focuses on Eastern European policy and research, was labeled an “extremist organization” and banned in Russia in July 2024. That designation puts Russian citizens who collaborate with the group at legal risk and may have increased its profile as a target.

Exploit: Hacking

Industry: Education

Morocco’s Caisse Nationale de Sécurité Sociale (CNSS) confirmed a major cyberattack that exposed sensitive personal data on Telegram. Hackers bypassed security to steal internal documents, and early investigations suggest the breach was politically motivated, linked to tensions between Morocco and Algeria. Hackers claimed the attack was retaliation for alleged Moroccan “harassment” of Algeria on social media and warned of further strikes if Algerian platforms are targeted.