CyberHappenings logo
Home Browse Watchlists Experimental About

Track cybersecurity events as they unfold. Sourced timelines. Filter, sort, and browse. Fast, privacy‑respecting. No invasive ads, no tracking.

Ransomware Attack on University of Hawaii Cancer Center

First reported
Last updated
1 unique sources, 2 articles

Summary

Hide ▲

The University of Hawaii Cancer Center suffered a ransomware attack on August 31, 2025, compromising a single research project. The breach resulted in the theft of historical data, including Social Security numbers from the 1990s, affecting nearly 1.2 million individuals. The university engaged with the threat actors to secure a decryptor and ensure the destruction of stolen data. The attack did not impact clinical operations or patient care but delayed restoration efforts. The university has since taken measures to secure its systems, including installing endpoint protection software and conducting third-party security audits.

Timeline

  1. 12.01.2026 20:48 2 articles · 1mo ago

    Ransomware Attack on University of Hawaii Cancer Center

    On August 31, 2025, the University of Hawaii Cancer Center suffered a ransomware attack that compromised a single research project. The breach resulted in the theft of historical data, including Social Security numbers from the 1990s. The university engaged with the threat actors to secure a decryptor and ensure the destruction of stolen data. The attack did not impact clinical operations or patient care but delayed restoration efforts. The university has since taken measures to secure its systems, including installing endpoint protection software and conducting third-party security audits. The compromised data includes names and Social Security numbers from a State Department of Transportation document (collected in 2000) and voter registration data (from 1998). The attackers also encrypted the compromised systems, causing extensive damage and delaying UH's restoration efforts and investigation into the attack's impact.

    Show sources
    Open in new tab

Information Snippets

Similar Happenings

Baker University Data Breach Exposes 53,624 Records

Baker University disclosed a data breach affecting 53,624 individuals after attackers accessed its network from December 2 to 19, 2024. Sensitive personal, health, and financial information was stolen, including Social Security numbers, financial account details, and medical records. The university has not attributed the attack to any specific group and is offering free credit monitoring services to affected individuals. Several other U.S. universities have also been targeted in recent voice phishing attacks. Monroe University recently revealed a separate breach affecting 320,973 individuals, with attackers accessing its network from December 9 to 23, 2024. The stolen data included personal, financial, and health information. Monroe University is offering free credit monitoring services to affected individuals.

Open in new tab

Conduent Data Breach Affects Millions

Conduent, a business services provider, has confirmed that a data breach in 2024 impacted over 10.5 million individuals. The breach, initially disclosed in January 2025, affected government agencies in multiple US states. The attackers accessed Conduent's network on October 21, 2024, and were evicted on January 13, 2025. The compromised data includes names, addresses, dates of birth, Social Security numbers, health insurance details, and medical information. Conduent serves over 600 government and transportation organizations, and roughly half of Fortune 100 companies. The company has not provided an exact number of affected individuals, but breach notices indicate at least 10.5 million people were impacted, with the largest number in Oregon (10.5 million) and over 4 million in Texas. The Safepay ransomware group claimed responsibility for the attack in February 2025 and claimed to have stolen 8.5TB of data. Conduent provides services to several other states where specific data breach figures aren't published, potentially increasing the actual impact. As of October 24, 2025, there is no evidence that the stolen data has been misused. Additionally, Volvo Group North America disclosed that nearly 17,000 customers and/or staff had their personal details exposed in the Conduent data breach. Conduent is sending notifications to impacted parties, offering free membership to identity monitoring services for at least a year, along with credit and dark web monitoring, and identity restoration. Volvo Group North America has recently suffered a new data breach caused by a third-party supplier, Miljödata, exposing staff data such as full names and Social Security Numbers. The breach at Miljödata in August 2025 exposed the information of 1.5 million people, including Volvo Group employees in Sweden and the U.S. Ingram Micro, a major IT services provider, revealed a ransomware attack in July 2025 that affected over 42,000 individuals. The SafePay ransomware group was behind this attack, claiming to have stolen 3.5TB of documents. The attack triggered a massive outage and highlighted SafePay's growing activity as a significant ransomware threat.

Open in new tab

SimonMed Imaging Data Breach Affects 1.2 Million Patients

SimonMed Imaging, a U.S. medical imaging provider, experienced a data breach in January 2025. The breach exposed sensitive information of over 1.2 million individuals. The unauthorized access occurred between January 21 and February 5, 2025. The company detected the breach on January 27 and took immediate steps to contain the situation. The Medusa ransomware group claimed responsibility for the attack and leaked some data as proof. The breach impacted patients across 11 U.S. states, where SimonMed operates approximately 170 medical centers. The company has not confirmed the exact nature of the stolen data but acknowledged the potential for highly sensitive information to have been compromised. SimonMed has offered affected individuals free identity theft protection services.

Open in new tab

Lovesac Data Breach After Ransomware Attack

Lovesac, a furniture retailer, confirmed a data breach impacting an unspecified number of individuals. The breach occurred between February 12, 2025, and March 3, 2025, and involved unauthorized access to internal systems. The company discovered the breach on February 28, 2025, and has offered credit monitoring services to affected individuals. The RansomHub ransomware gang claimed responsibility for the attack, threatening to leak stolen data if a ransom was not paid. Lovesac operates 267 showrooms across the United States and reported annual net sales of $750 million. The stolen data includes full names and other personal information, though the exact details and the number of affected individuals remain undisclosed. The company has not confirmed whether customers, employees, or contractors were impacted.

Open in new tab

Healthcare Services Group Data Breach Affects 624,000 Individuals

Healthcare Services Group (HSG) has disclosed a data breach affecting 624,496 individuals. The breach occurred between September 27, 2024, and October 3, 2024, when unauthorized actors accessed and copied files containing sensitive personal information. The compromised data includes names, Social Security numbers, driver’s license numbers, state identification numbers, financial account details, and credentials. HSG has notified affected individuals and is offering credit monitoring and identity restoration services. The company has not disclosed the specific type of cyberattack involved. The breach was detected on October 7, 2024. HSG has secured its systems, mitigated risks, and notified law enforcement and regulators. As of the disclosure, there is no evidence of identity theft or fraud resulting from the breach, but affected individuals are advised to remain vigilant.

Open in new tab