CyEx Watch - CyEx

Real Time Data Breach Intelligence

Access validated data on the latest data breaches and ransomware attacks to identify plaintiffs and build your case before the competition.

Latest Ransomware Breaches

Gulshan Management Services

377,082

Insightin Health

155,086

Catalyst RCM

139,964

Spindletop Center

88,863

Alpine Ear, Nose & Throat, PLLC

65,648

Live map of confirmed US ransomware Attacks

96%

Of ransomware attacks now involve data theft, not just encrypted files. This provides the “injury in fact” required to survive motions to dismiss based on Article III standing.1

1 in 5

Ransomware attacks now result in immediate class action filings. Targeting these breaches isn’t just speculative—it’s a statistically high-yield litigation strategy.2

284 Days

Average time to identify and contain a breach. CyEx helps uncover the breach early, allowing you to get ahead with a solution.3

95%

Of major filings are centralized into a single MDL. Early access to data is the key to securing a lead role before the docket locks.4

Database of US ransomware attacks

Want Monthly Updates on the top breaches? Sign up now for our monthly data breach digest.

Name(Required)

First Last

Email(Required)

Enter Email Confirm Email

Privacy(Required)

I agree with the storage and handling of my data by this website. - Privacy Policy *

Frequently Asked Questions

Where does this data come from?

Our breach figures are based solely on official reports filed by impacted entities with state Attorneys General, the Department of Health and Human Services (HHS) OCR breach tool, and other regulatory bodies. We do not use unverified figures quoted by ransomware groups on dark web leak sites, as these are often inaccurate.

How often is the breach intelligence updated?

The “Top Ransomware Attacks” and live maps are updated daily via Comparitech’s data feed to ensure attorneys have the most current data for identifying potential plaintiffs.

Why are some "records affected" counts listed as unknown?

Many recent attacks have unknown record counts while we wait for formal breach notifications to be processed and published by the relevant authorities. Once that information is identified, the record tracker is automatically updated.

Does this page track all data breaches or just ransomware?

Currently, this page focuses specifically on ransomware attacks to provide the most accurate and “clean” data possible. In the near future, this feed will include all breaches identified and reported.

What time frame does the data cover?

While our historical database includes data from 2018 onwards, the interactive maps and charts focus on the most actionable data from 2022 to the present.

What does “confirmed” mean in relation to a ransomware attack?

Hundreds of claims are made by ransomware groups each month but until these are verified and acknowledged by the entity involved, we will keep these attacks as unconfirmed. Once the organization issues a statement and/or data breach notification about the attack, we will change its status to confirm and add it into our tracker.

Identity Defense

Minor Defense

Financial Shield

Medical Shield

Medical Shield + HealthLock

Privacy Shield

Class Action

Cyber Incident

Post Breach Remediation

Data Breach Readiness

Incident Call Center Support

Incident Notification

Looking for enrollment assistance?