#data-breach

[ follow ]
fromSecurityWeek
7 hours ago

Romanian Hacker Pleads Guilty to Selling Access to US State Network

The man, Catalin Dragomir, 45, of Constanta, Romania, obtained access to the computer network in June 2021. The hacker allegedly advertised admin access to the state's emergency management department, negotiated a $3,000 sale in Bitcoin, and accessed the network several times to prove the legitimacy of his claim. According to court documents, Dragomir provided a prospective buyer with samples of personal identifying information extracted from the compromised network, including an employee's login information, name, email address, and Social Security number.
Information security
#paypal
#ivanti-epmm
fromTheregister
20 hours ago
Information security

Attacker gets into France's DB listing all bank accounts

A January breach exposed 1.2 million French bank account records, while attackers actively exploit two critical Ivanti EPMM zero-days targeting unpatched systems worldwide.
fromThe Hacker News
1 week ago
EU data protection

Dutch Authorities Confirm Ivanti Zero-Day Exploit Exposed Employee Contact Data

Cyberattacks exploiting Ivanti EPMM flaws accessed employee names, business emails, and phone numbers at Dutch agencies, the European Commission, and Finland's Valtori.
fromDataBreaches.Net
1 day ago

The hospitality sector continues to be lucrative targets - DataBreaches.Net

Choice Hotels International disclosed a breach affecting franchisees and applicants. Its notification letter states that a "skilled person used social engineering" to gain access on January 14, 2026 to an application that contained records regarding franchisees and franchise applicants. The access occurred even though access required multifactor authentication (MFA). The information involved included names and Social Security numbers. There is no indication that any guest data was involved. No gang has publicly claimed responsibility for the attack as yet.
Information security
fromTheregister
1 day ago

Cornwall council mishandles complaints in data breach case

A UK councillor has dubbed her local authority's data breach "crazy" after the personal details of individuals behind a series of complaints were revealed to her. Dulcie Tudor, an independent councillor for the Threemilestone and Chacewater area in Cornwall, England, publicized the data protection gaffe via social media following complaints about comments she made during a November council meeting. Cllr Tudor received ten complaints after asking fellow councillor Leigh Knight whether a trans woman was a real woman.
Privacy professionals
#shinyhunters
fromTechCrunch
2 weeks ago
Information security

Hackers publish personal information stolen during Harvard, UPenn data breaches | TechCrunch

fromTheregister
3 weeks ago
Information security

ShinyHunters claims Panera Bread in alleged data theft

ShinyHunters claims to have stolen tens of millions of records from Panera Bread, CarMax, Edmunds and other companies, including PII and account details.
fromSecurityWeek
4 weeks ago
Privacy professionals

Crunchbase Confirms Data Breach After Hacking Claims

Crunchbase confirmed a cybersecurity breach with over two million records allegedly exfiltrated by ShinyHunters and more than 400 MB of stolen files publicly posted.
fromTechCrunch
2 weeks ago
Information security

Hackers publish personal information stolen during Harvard, UPenn data breaches | TechCrunch

fromTechzine Global
3 days ago

PayPal leaked sensitive data for six months due to software error

PayPal is warning customers about a data breach that leaked personal data for six months. The leaked data includes social security numbers. The software error occurred in the PayPal Working Capital application, an app that allows small businesses to easily take out a business loan. The leak occurred between July 1, 2025, and December 13, 2025. In addition to names and email addresses, phone numbers, business addresses, social security numbers, and dates of birth were also compromised.
Information security
#ficoba
fromDataBreaches.Net
3 days ago
Information security

A single compromised account gave hackers access to 1.2 million French banking records - DataBreaches.Net

fromDataBreaches.Net
3 days ago
Information security

A single compromised account gave hackers access to 1.2 million French banking records - DataBreaches.Net

#cybersecurity
fromDataBreaches.Net
3 days ago
Information security

Loan applications, drivers licences, personal data of 440k Aussies exposed after hacker hits Sydney finance tech company youX - DataBreaches.Net

fromDataBreaches.Net
3 days ago
Information security

Loan applications, drivers licences, personal data of 440k Aussies exposed after hacker hits Sydney finance tech company youX - DataBreaches.Net

fromDataBreaches.Net
3 days ago

San Jose slow to tell workers about data breach - DataBreaches.Net

San Jose administrators have disclosed that private information for current and former city employees may have been compromised, following a data breach last month. The incident occurred on Jan. 9 when a "workforce member" lost a USB drive that may have contained Social Security numbers, according to a letter city officials sent to people whose data may have been involved in the breach. San José officials have not said how many people were affected by the breach.
Information security
fromTheregister
3 days ago

ICO wins battle in fight to fine tech retailer 500k

The Information Commissioner's Office (ICO) originally fined DSG Retail £500,000 ($673,000) in 2020, the maximum financial penalty allowed under the Data Protection Act 1998 (DPA 1998) - the relevant legislation at the pre-GDPR time. Its monetary penalty notice (MPN) was upheld by the Court of Appeal's first-tier tribunal but later reversed by the upper tribunal [PDF], which sided with DSG Retail and, if that decision was final, would have effectively nullified the ICO's fine.
EU data protection
fromSan Jose Spotlight
3 days ago

San Jose slow to tell workers about data breach - San Jose Spotlight

when a "workforce member" lost a USB drive that may have contained Social Security numbers, according to a letter city officials sent to people whose data may have been involved in the breach. San José Spotlight spoke with three people who said they received the city's letter in recent days, including a current employee and two former employees. One of the former employees said they last worked for the city in 2000. The individuals requested anonymity to protect their privacy.
Privacy professionals
Public health
fromDataBreaches.Net
4 days ago

Privacy breaches following the Lapu Lapu Day Festival - DataBreaches.Net

Employees intentionally accessed patients' medical records after the Lapu Lapu Day tragedy, causing widespread privacy breaches and undermining trust in health care.
#social-engineering
fromTechRepublic
4 days ago
Information security

Figure Data Breach Exposes Nearly 1 Million Customers Online

A social engineering attack on fintech Figure exposed 967,200 customer records, including names, birth dates, addresses and phone numbers, increasing identity-fraud risk.
fromTechCrunch
1 week ago
Information security

Fintech lending giant Figure confirms data breach | TechCrunch

Figure Technology suffered a social-engineering data breach; ShinyHunters published 2.5GB of allegedly stolen customer data including names, addresses, birthdates, and phone numbers.
Privacy professionals
fromTechCrunch
4 days ago

Sex toys maker Tenga says hacker stole customer information | TechCrunch

Tenga experienced an email account breach exposing approximately 600 U.S. customers' names, emails, and possibly order or customer service details.
Information security
fromSecurityWeek
4 days ago

Nearly 1 Million User Records Compromised in Figure Data Breach

Nearly one million Figure Technology Solutions user records, including names, birth dates, emails, addresses, and phone numbers, were exposed after a social engineering attack.
fromDataBreaches.Net
4 days ago

Leaked Data Raises Questions About Hackers' Claims and Moldova's Prior Denial - DataBreaches.Net

The Compensatii platform enables residents to register and apply for compensation for energy bills, including heating, natural gas, and electricity, during the colder months. To register, applicants need to provide: The name, surname, and IDNP of all persons residing in the declared household; Data from energy consumption invoices; Mortgage loan amount and cadastral number (if applicable); The monthly income of each member for the months of April-September; Personal IBAN account for transferring the compensation.
fromThe Local France
4 days ago

Hacker accesses info on 1.2 mn French bank accounts

Since the end of January, the hacker used the stolen credentials of an official to access and consult "parts of the file of all of the accounts open in French banks and which contains personal data such as bank account numbers, name of the account holder, address and in certain cases the account owner's tax number," the ministry said in a statement.
France news
fromTheregister
4 days ago

Adidas investigates third-party data breach

Allegations of an incident at Adidas emerged on February 16, when someone claiming to be the Lapsus$ Group posted on BreachForums (screenshot shared here on Daily Dark Web) that they compromised the sportswear giant's extranet. According to the crooks, the stolen files - 815,000 rows of information - allegedly include: first and last names, email addresses, passwords, birthdays, company names, and "a lot of technical data."
Information security
Information security
fromTheregister
4 days ago

ShinyHunters allegedly drove off with 1.7M CarGurus records

ShinyHunters claims to have stolen 1.7 million CarGurus corporate records and posted them, threatening further leaks and extortion by 20 Feb 2026.
Information security
fromTechCrunch
5 days ago

Data breach at fintech giant Figure affects close to a million customers | TechCrunch

A Figure data breach exposed personal information for about 967,200 customers, including names, dates of birth, addresses, phone numbers, and email addresses.
#substack
fromTechCrunch
2 weeks ago
Information security

Substack confirms data breach affecting users' email addresses and phone numbers | TechCrunch

fromTechCrunch
2 weeks ago
Information security

Substack confirms data breach affecting users' email addresses and phone numbers | TechCrunch

World news
fromSecuritymagazine
5 days ago

Global Leaders, Executives Exposed in Data Leak

Unprotected cloud storage linked to Abu Dhabi Finance Week exposed scans of over 700 passports and state ID cards, including documents of high-profile individuals.
fromSecuritymagazine
5 days ago

Conduent Data Breach: Overview and What to Know

Conduent experienced a data incident on that is proving to have widespread repercussions. The business services provider offers a range of support for organizations, including printing/mailroom services, payment integrity, document processing, and back-office aid, so this attack on its network affected more entities than itself. On Jan. 13, 2025, Conduent found a cyber incident had affected part of its network. Upon this discovery, the organization secured networks and commenced an investigation alongside third-party forensic experts.
Information security
#discord
fromZDNET
1 week ago
Privacy professionals

My 5 favorite Discord alternatives - no ID verification required

fromZDNET
1 week ago
Information security

Discord's age verification lockdown: What to know, and alternatives users are considering

fromZDNET
1 week ago
Privacy professionals

My 5 favorite Discord alternatives - no ID verification required

fromZDNET
1 week ago
Information security

Discord's age verification lockdown: What to know, and alternatives users are considering

Information security
fromArs Technica
5 days ago

Password managers' promise that they can't see your vaults isn't always true

Password manager “zero knowledge” assurances can be bypassed by account recovery, sharing, or group features, allowing server compromises to expose user vaults.
#eurail
fromTheregister
1 week ago

Dutch cops arrest man after sending him confidential files

The chain of events reads less like a breach and more like an own goal. In connection with a separate investigation, the man contacted the police on February 12 to report he had images that might be relevant. An officer responded by sending him a link so he could upload the files - except the link sent was a download link, effectively giving him access to confidential police documents.
Miscellaneous
#lvmh
fromDataBreaches.Net
1 week ago
Privacy professionals

Korea's Personal Information Protection Commissioner fines 3 LVMH luxury brands after Salesforce data breaches - DataBreaches.Net

fromDataBreaches.Net
1 week ago
Privacy professionals

Korea's Personal Information Protection Commissioner fines 3 LVMH luxury brands after Salesforce data breaches - DataBreaches.Net

fromDataBreaches.Net
1 week ago

He tried to extort the Dutch police. It didn't work out well for him. - DataBreaches.Net

He wanted something in return for returning files to the Dutch police. What he got in return was an arrest. A press release from Dutch police sums it up: On Thursday evening around 7:00 PM, police arrested a 40-year-old man from Ridderkerk on Prinses Beatrixstraat in Ridderkerk for computer hacking. Due to a police error, the man had inadvertently gained access to confidential police documents.
Privacy technologies
EU data protection
fromTechzine Global
1 week ago

Data breach at Odido: responsibility and compensation under discussion

Odido reported a data breach affecting an estimated 6.2 million customers; the company says compensation is not automatic while it assesses causes and harm.
Information security
fromwww.theguardian.com
1 week ago

Brushing fraud: Britons told to beware of mystery parcels as new scam soars

Unexpected cheap parcels can be part of brushing fraud where criminals use stolen delivery details to post fake verified reviews and boost their online credibility.
Privacy professionals
fromDataBreaches.Net
1 week ago

Dutch phone giant Odido says millions of customers affected by data breach - DataBreaches.Net

Odido suffered a breach exposing over 6.2 million customers' personal and financial data, including government ID details and IBANs.
US politics
fromDataBreaches.Net
1 week ago

Attorney General Ken Paxton Demands Information from Blue Cross Blue Shield of Texas and Conduent as Part of Investigation into Largest Data Breach in U.S. History - DataBreaches.Net

Texas Attorney General Ken Paxton issued Civil Investigative Demands to BCBS and Conduent over a Conduent breach exposing about four million Texans' personal health data.
Information security
fromDataBreaches.Net
1 week ago

South Korea blames Coupang data breach on management failure, not sophisticated attack - DataBreaches.Net

Coupang's massive data leak resulted from management failure and lax authentication oversight, with a former engineer exploiting vulnerabilities to access and leak user data.
#telecommunications
fromTechCrunch
1 week ago
EU data protection

Dutch phone giant Odido says millions of customers affected by data breach | TechCrunch

fromTechCrunch
1 week ago
EU data protection

Dutch phone giant Odido says millions of customers affected by data breach | TechCrunch

Information security
fromSecurityWeek
1 week ago

Dutch Carrier Odido Discloses Data Breach Impacting 6 Million

Odido data breach exposed names, contact details, dates of birth, customer and bank account numbers, and passport/driver's license information for about 6.2 million customers.
#coupang
fromTechCrunch
1 week ago
E-Commerce

More U.S. investors sue South Korean government over handling of Coupang data breach | TechCrunch

fromTechCrunch
1 week ago
E-Commerce

More U.S. investors sue South Korean government over handling of Coupang data breach | TechCrunch

#ransomware
fromdatabreaches.net
3 weeks ago
Information security

Ransomware attack compromised 377,000 people's Social Security and driver's license numbers from Texas gas station and convenience store chain

A September ransomware attack on Gulshan Management Services exposed highly sensitive personal data, including SSNs and driver's license details, affecting 377,082 people.
fromTechRepublic
1 month ago
Information security

Under Armour Ransomware Attack Exposes 72M Email Addresses - TechRepublic

Everest ransomware gang stole 343 GB from Under Armour in November 2025, exposing 72 million customer email addresses and extensive personal data.
fromdatabreaches.net
3 weeks ago
Information security

Ransomware attack compromised 377,000 people's Social Security and driver's license numbers from Texas gas station and convenience store chain

Information security
fromZDNET
1 week ago

Can you trust LastPass in 2026? Inside the multimillion-dollar quest to rebuild its security culture

LastPass used the 2022 data breach as a catalyst to substantially strengthen security controls and prioritize consumer security beyond typical program standards.
fromBusiness Matters
1 week ago

NCSC reveals Budget forecasts accessed almost 25,000 times before publication

A report by the National Cyber Security Centre found that documents prepared by the Office for Budget Responsibility were downloaded on "at least" 24,701 occasions in the hour before Rachel Reeves delivered her Budget speech on 26 November. The figure is far higher than the 43 downloads cited in an initial internal review. The NCSC said the first full download of the OBR's forecasts occurred shortly after 11.35am on Budget day,
UK politics
Information security
fromTheregister
1 week ago

Discord puts everyone in teen mode by default

Discord will default all users to teen settings, requiring ID, video selfie, or automated age inference to restore adult access despite prior ID-data breach.
Information security
fromTechCrunch
2 weeks ago

Exclusive: Hacktivist scrapes over 500,000 stalkerware customers' payment records

More than 536,000 customer payment records from Struktura's stalkerware services were scraped, exposing emails, partial card details, and purchased surveillance app subscriptions.
#class-action
fromDataBreaches.Net
3 weeks ago
Information security

RINA Accountants & Advisors is creating $400K settlement fund to settle lawsuit over 2022 data breach - DataBreaches.Net

fromDataBreaches.Net
3 weeks ago
Information security

RINA Accountants & Advisors is creating $400K settlement fund to settle lawsuit over 2022 data breach - DataBreaches.Net

Information security
fromSecurityWeek
2 weeks ago

Flickr Security Incident Tied to Third-Party Email System

Flickr experienced a third-party email service vulnerability that may have exposed users' names, email addresses, usernames, account types, IP addresses, locations, and activity data.
fromTheregister
2 weeks ago

Betterment breach scope pegged at 1.4M users

Betterment, which offers automated investment and financial planning services, first disclosed the breach in January after detecting unauthorized access to certain internal systems on January 9. Betterment said the hacker gained entry through a social engineering scheme that relied on impersonation to infiltrate third-party marketing and operations tools, then used that access to send customers a fraudulent cryptocurrency promotion disguised as an official company message.
Information security
Information security
fromTechCrunch
2 weeks ago

Data breach at govtech giant Conduent balloons, affecting millions more Americans | TechCrunch

A January 2025 ransomware attack on Conduent may have exposed personal data of potentially tens of millions of US residents across multiple states.
Canada news
fromwww.cbc.ca
2 weeks ago

Nearly 1,300 customers affected by Canada Computers data breach, company says | CBC News

Canada Computers experienced a retail website data breach affecting 1,284 customers and sent inconsistent notifications, causing customer frustration and credit card cancellations.
Privacy professionals
fromSecuritymagazine
2 weeks ago

Epstein Files Leak Sensitive Data, Victim Information, and Credentials

Government-retracted Epstein records exposed PII of about 100 victims, leaked financial data, passwords, and account credentials, leading to threats and alleged account compromises.
UK news
fromTheregister
2 weeks ago

PSNI to compensate officers 7,500 for 2023 data breach

PSNI employees affected by the 2023 data breach will each receive £7,500 compensation, with £119 million ringfenced for payments beginning in April.
fromFast Company
2 weeks ago

Moltbook, the viral social network for AI agents, has a major security problem

The rise of OpenClaw, a proactive agentic AI controlled through interfaces more familiar to the average user than tools like Anthropic's Claude Code, which enthralled early adopters over the holiday period, has been one of the most seismic shifts in the AI world since the release of ChatGPT. By piggybacking on user-friendly interfaces paired with powerful AI agent technology, OpenClaw has pushed AI further into the public eye.
Information security
fromAxios
2 weeks ago

Exclusive: Sen. Maggie Hassan presses AI toy company on child data privacy

Catch up quick: Researchers reported last month that bondu, an AI-powered conversational toy company, inadvertently exposed children's chat transcripts and personal data through a publicly accessible portal. Bondu, which allows parents to check their children's conversations, said it took down the exposed portal and relaunched it the next day with authentication measures, according to Wired. Driving the news: New Hampshire Senator Maggie Hassan, the ranking member of the Senate's Joint Economic Committee, is now asking bondu to explain how the exposure occurred.
Privacy technologies
Information security
fromSecurityWeek
2 weeks ago

Hackers Leak 5.1 Million Panera Bread Records

A ShinyHunters vishing-based SSO compromise exposed contact details for about 5.1 million Panera customers and claims a 14 million-record theft.
#moltbook
fromBusiness Insider
2 weeks ago
Information security

Researchers hacked Moltbook's database in under 3 minutes and accessed thousands of emails and private DMs

fromEngadget
2 weeks ago
Artificial intelligence

Moltbook, the AI social network, exposed human credentials due to vibe-coded security flaw

fromFortune
3 weeks ago
Information security

Top AI leaders are begging people not to use Moltbook, the AI agent social media: 'disaster waiting to happen' | Fortune

fromBusiness Insider
2 weeks ago
Information security

Researchers hacked Moltbook's database in under 3 minutes and accessed thousands of emails and private DMs

fromEngadget
2 weeks ago
Artificial intelligence

Moltbook, the AI social network, exposed human credentials due to vibe-coded security flaw

fromFortune
3 weeks ago
Information security

Top AI leaders are begging people not to use Moltbook, the AI agent social media: 'disaster waiting to happen' | Fortune

#comcast
fromDataBreaches.Net
3 weeks ago
Privacy professionals

Comcast agrees to $117.5 million settlement to resolve lawsuits over 2023 Citrix Bleed data breach - DataBreaches.Net

fromDataBreaches.Net
3 weeks ago
Privacy professionals

Comcast agrees to $117.5 million settlement to resolve lawsuits over 2023 Citrix Bleed data breach - DataBreaches.Net

Privacy professionals
fromDataBreaches.Net
3 weeks ago

BD: 14,000 journos' personal data leaked online - DataBreaches.Net

A technical failure on the Bangladesh Election Commission portal exposed sensitive personal data of about 14,000 journalists, including NID numbers and contact details.
#healthcare
fromDataBreaches.Net
3 weeks ago
Privacy professionals

Investigation into data breach involving Blue Cross Blue Shield members could head to court - DataBreaches.Net

fromDataBreaches.Net
3 weeks ago
Privacy professionals

Investigation into data breach involving Blue Cross Blue Shield members could head to court - DataBreaches.Net

Information security
fromDataBreaches.Net
3 weeks ago

SK Telecom rejects consumer agency's compensation settlement over personal data leak - DataBreaches.Net

SK Telecom rejected a 100,000-won per-person settlement and is legally contesting a $91 million penalty, citing potential costs up to 2.3 trillion won.
fromwww.cbc.ca
3 weeks ago

Data breach at Canada Computers & Electronics leaks personal customer information | CBC News

The company became aware of the breach which included personal information of its website customers "including credit card information" on Friday, it told CBC News in a statement. Canada Computers & Electronics said the affected customers were informed on Monday, given recommendations about steps to take, and that the breach was reported to authorities. But neither the statement, nor the notices seen by CBC News that went out to customers, says when the breach happened, how long it lasted or how many customers were affected.
Information security
Information security
fromTheregister
3 weeks ago

ShinyHunters claims it stole10M records from dating apps

ShinyHunters claims to have stolen over 10 million records from Match Group affecting Hinge, Match.com, and OkCupid, potentially via AppsFlyer.
Information security
fromTechRepublic
3 weeks ago

ShinyHunters Claims 14M Panera Bread Records Exposed in Data Breach - TechRepublic

ShinyHunters claims it stole roughly 14 million Panera Bread customer records via a Microsoft Entra single sign-on compromise, enabling phishing, identity fraud, and account takeover risks.
#telehealth
fromDataBreaches.Net
4 weeks ago
Privacy professionals

Call-On-Doc allegedly had a breach affecting more than 1 million patients. They've yet to comment. - DataBreaches.Net

fromDataBreaches.Net
4 weeks ago
Information security

Call-On-Doc allegedly had a breach affecting more than 1 million patients. They've yet to comment. - DataBreaches.Net

fromDataBreaches.Net
4 weeks ago
Privacy professionals

Call-On-Doc allegedly had a breach affecting more than 1 million patients. They've yet to comment. - DataBreaches.Net

fromDataBreaches.Net
4 weeks ago
Information security

Call-On-Doc allegedly had a breach affecting more than 1 million patients. They've yet to comment. - DataBreaches.Net

Information security
fromDataBreaches.Net
4 weeks ago

France's Waltio faces ransom threat from notorious hacker collective - DataBreaches.Net

Waltio faces a ShinyHunters ransom threat claiming nearly 50,000 users' data and threatening to leak 2024 tax reports, while core systems remain secure.
Information security
fromWIRED
4 weeks ago

DOGE May Have Misused Social Security Data, DOJ Admits

US immigration and law enforcement agencies use warrantless tactics, purchased data, and surveillance technologies that undermine Fourth Amendment protections and public privacy.
fromTechzine Global
3 weeks ago

Nearly 30 million SoundCloud accounts affected by data breach

A data breach at SoundCloud that came to light in December 2025 is now becoming clearer. The data breach monitor Have I Been Pwned added the leaked dataset to its database this week, revealing the true extent of the impact. SoundCloud is a global audio platform where artists and listeners come together and where hundreds of millions of music and audio tracks are hosted.
Information security
US politics
fromDataBreaches.Net
3 weeks ago

Treasury cancels $21 million in Booz Allen contracts, blaming a breach that happened years ago - DataBreaches.Net

The Treasury Department canceled $21 million in Booz Allen contracts after a former Booz employee stole tax return data, prompting accusations of inadequate safeguards.
Information security
fromTheregister
4 weeks ago

Data thieves claim they stole 1.4 TB from Nike and

Extortion group WorldLeaks claims to have stolen 1.4TB and 188,347 internal Nike files focused on design and manufacturing; Nike is investigating.
[ Load more ]