Dermatology management services giant QualDerm suffered a cyberattack in late 2025 which saw it lose sensitive personal and healthcare data on more than three million people.
The company is now notifying affected individuals by mail, noting in a breach notification letter that between December 23 and 24, 2025, a threat actor managed to access “a limited number of systems” and pull “certain information” stored within. That data includes a combination of people’s names, email addresses, dates of birth, medical record numbers, diagnosis and treatment information.
Read more…
Source: TechRadar News
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Hackers obtain confidential information on Romanian officials after cyber attack at Parliament
January 31, 2024
Hackers breached the database of the Romanian Chamber of Deputies, the lower house of the Parliament, after a recent cyber attack. They reportedly managed to obtain confidential information, such as the prime minister’s identity documents, medical analyses, and other personal data. The hackers threatened to release the personal data of the deputies if they did not ...
- Ukrainian activists launch devastating cyber attack on Russian Space Hydrometeorology Center
January 29, 2024
Ukraine’s Ministry of Defense claims that pro-Ukrainian hacktivists breached the Russian Center for Space Hydrometeorology, known as “planeta” (планета), and wiped 2 petabytes of data. Planeta is a state research center that uses space satellite data and ground sources such as radars and stations to provide information and accurate predictions about weather, climate, natural disasters, extreme ...
- UK: Thousands of EU citizens ‘wrongly fined for breaching Ulez rules’ in potential record data breach
January 26, 2024
Hundreds of thousands of EU citizens were wrongly fined for driving in London’s Ultra Low Emission Zone (Ulez), amid claims of a record data breach. Several EU countries have accused Transport for London (TfL) of illegally obtaining the names and addresses of their citizens to issue the penalties, The Guardian reports. The paper said more than ...
- Veolia North America hit by ransomware attack
January 24, 2024
A department in Veolia North America, a transnational company offering water, energy and waste recycling management services, suffered a ransomware attack which resulted in the theft of some personal data, and forced the company to take parts of its infrastructure offline. In a press release published on the Veolia website, the company confirmed its Municipal Water ...
- UK: Cybercriminals claim to have stolen data from Southern Water
January 24, 2024
Cybercriminals claim they have stolen data from a water company’s IT systems. Southern Water, which has hundreds of thousands of customers in Kent, says it has detected suspicious activity and launched an investigation led by cybersecurity experts. But it says there is no evidence to suggest “customer relationships or financial systems” have been affected. In a ...
- AerCap confirms cybersecurity attack
January 23, 2024
Irish aircraft leasing giant AerCap is investigating a cybersecurity attack on its systems, but says that it suffered no financial loss as result of the hack. Claims surfaced online at the weekend that an organisation had hacked the Dublin-headquartered multinational’s systems and planned to leak data within days. AerCap confirmed that on January 17th it experienced ...