The Data Breach Brief: Week of November 3, 2025

The following data breaches have been announced this week—make sure you’re in the know.

If you received a data breach notice regarding any of the breaches listed below, act now and contact Morgan & Morgan for a free and confidential case evaluation to see how we may be able to help!

University of Pennsylvania

The University of Pennsylvania has confirmed a cybersecurity incident involving unauthorized access to internal systems. The threat actor claims to have stolen data on approximately 1.2 million donors, students, and alumni. The attack occurred between October 30 and October 31, 2025, after hackers reportedly gained access through a compromised PennKey SSO account. Data compromised in the incident may have included:

• Full Name
• Date of Birth
• Address
• Phone Number
• Estimated Net Worth
• Donation History
• Demographic Information (including religion, race, and sexual orientation)

The university has reported the incident to the FBI and is working with law enforcement and third-party cybersecurity experts to investigate and secure its systems.

OB/GYN Medical Center Associates 

OB/GYN Medical Center Associates has confirmed that a security incident involving its business associate, ConnectOnCall.com, LLC, may have exposed patient information. ConnectOnCall provided voicemail messaging services for the practice through May 2024. The unauthorized access occurred between February 16, 2024, and May 12, 2024. Data compromised in the incident may have included:

• Full Name
• Information About Physical Conditions
• Medications
• Procedures
• Other Personal and Medical Information

Jack’s Family Restaurants

BJH Holding Corp, which does business as Jack’s Family Restaurants, LP, reported to the Attorney General of Maine that it had experienced a data breach in which personal identifiable information in its care may have been compromised between July 24 and August 10, 2025.

Sensitive, personal information accessed includes:

• Names
• Social Security Number

George E. Weems Memorial Hospital - Apalachicola, FL

George E. Weems Memorial Hospital reported that it suffered a data breach when an unauthorized party accessed and copied certain information from its network between May 6, 2025, and May 12, 2025.

The data breach involves sensitive confidential information, including:

• Full Name
• Social Security Number
• Financial Account Information
• Driver’s License Number
• Medical Information
• Health Insurance Information

Co-op Credit Union

Co-op Credit Union reported that it suffered a data breach when an unauthorized party accessed and copied certain information from its network between April 8, 2025, and April 18, 2025.

The data breach involves sensitive confidential information, including:

• Full Name
• Social Security Number
• Financial Account Information

If you or a loved one were affected by any of these data breaches, you may be entitled to compensation. Take action today and contact Morgan & Morgan for a free and confidential case evaluation.