Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Data breach at University of Hawaiʻi Cancer Center impacts 1.2 Million individuals

A ransomware attack on the University of Hawaiʻi Cancer Center exposed personal data of 1.2 million people. A 2025 ransomware attack targeting the University of Hawaiʻi Cancer Center compromised the personal information of about 1.2 million individuals. The attack hit the University of Hawaiʻi Cancer Center on August 31, 2025, impacting servers that support research […]

University of Hawaiʻi Cancer Center

A ransomware attack on the University of Hawaiʻi Cancer Center exposed personal data of 1.2 million people.

A 2025 ransomware attack targeting the University of Hawaiʻi Cancer Center compromised the personal information of about 1.2 million individuals.

The attack hit the University of Hawaiʻi Cancer Center on August 31, 2025, impacting servers that support research operations but not clinical care or patient services. Officials engaged with the threat actors to obtain a decryption tool and secure assurances that exfiltrated data was destroyed, but did not disclose whether a ransom was paid.

“On or about August 31, 2025, UHCC learned that it was the victim of a cyberattack isolated to specific systems that support its Epidemiology Division.” reads General Incident Overview. “The unauthorized third party encrypted large amounts of data, and provided proof that it had potentially exfiltrated a portion of that data. There was no impact to information held by the UHCC’s Clinical Trials operations, patient care or any other divisions, and there was no impact to student records.”

After detecting unauthorized access to research files, UHCC disconnected affected systems, removed the threat actor.

At the time of the incident, the organization notified law enforcement and investigated the security breach with the help of external cybersecurity experts.

Stolen data includes names, Social Security numbers, driver’s license details, voter registration records, and health-related information, raising serious concerns about identity theft and long-term privacy risks for those affected.

The breach involved three main groups. First, two legacy files from 1998–2000 containing names and SSNs, drawn from Hawaii driver’s license and voter registration records, which at the time often used SSNs as identifiers. Second, files tied to the Multiethnic Cohort Study and other cancer research projects, including names, addresses, SSNs, limited health data, and registry information. Third, additional research registry files with names and SSNs collected from public health sources for epidemiological studies.

Most of the exposed data relates to a long-running study launched in 1993 that recruited over 215,000 participants. Records of 87,493 participants were compromised, including names, Social Security numbers, and in some cases research and health information.

“There was no impact to information held by the UH Cancer Center’s Clinical Trials operations, patient care, or any other divisions of the UH Cancer Center. There was no impact on UH student records,” the institution says.

The University of Hawaiʻi is offering affected individuals 12 months of free credit monitoring and identity theft protection services.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, University of Hawaiʻi Cancer Center)