Incindent List 2025- 2026 2025 2024 2023 2021 2020 2019 2018
DATE |
NAME |
Info | CATEG. |
WEB |
| 31.12.25 | Baker University says 2024 data breach impacts 53,000 people | Baker University has disclosed a data breach after attackers gained access to its network one year ago and stole the personal, health, and financial information of over 53,000 individuals. | Incindent | |
| 31.12.25 | Nissan says thousands of customers exposed in Red Hat breach | Nissan Motor Co. Ltd. (Nissan) has confirmed that information of thousands of its customers has been compromised after the data breach at Red Hat in September. | Incindent | |
| 31.12.25 | University of Phoenix data breach impacts nearly 3.5 million individuals | The Clop ransomware gang has stolen the data of nearly 3.5 million University of Phoenix (UoPX) students, staff, and suppliers after breaching the university's network in August. | Incindent | |
| 31.12.25 | Coupang breach affecting 33.7 million users raises data protection questions | Coupang disclosed a data breach affecting 33.7 million customers after unauthorized access to personal data went undetected for nearly five months. Penta Security explains how the incident highlights insider credential abuse risks and why encrypting customer data beyond legal requirements can reduce exposure and limit damage. | Incindent | |
| 25.12.25 | LastPass 2022 Breach Led to Years-Long Cryptocurrency Thefts, TRM Labs Finds | The encrypted vault backups stolen from the 2022 LastPass data breach have enabled bad actors to take advantage of weak master passwords to crack them open and drain | Incindent | The Hacker News |
| 25.12.25 | University of Sydney suffers data breach exposing student and staff info | Hackers gained access to an online coding repository belonging to the University of Sydney and stole files with personal information of staff and students. | Incindent | |
| 20.12.25 | SoundCloud confirms breach after member data stolen, VPN access disrupted | Audio streaming platform SoundCloud has confirmed that outages and VPN connection issues over the past few days were caused by a security breach in which threat actors stole a database exposing users' email addresses and profile information. | Incindent | |
| 20.12.25 | PornHub extorted after hackers steal Premium member activity data | Adult video platform PornHub is being extorted by the ShinyHunters extortion gang after the search and watch history of its Premium members was reportedly stolen in a recent Mixpanel data breach. | Incindent | |
| 20.12.25 | 700Credit data breach impacts 5.8 million vehicle dealership customers | 700Credit, a U.S.-based financial services and fintech company, will start notifying more than 5.8 million people that their personal information has been exposed in a data breach incident. | Incindent | |
| 20.12.25 | Coupang data breach traced to ex-employee who retained system access | A data breach at Coupang that exposed the information of 33.7 million customers has been tied to a former employee who retained access to internal systems after leaving the company. | Incindent | |
| 14.12.25 | MKVCinemas streaming piracy service with 142M visits shuts down | An anti-piracy coalition has dismantled one of India's most popular streaming piracy services, which has provided free access to movies and TV shows to millions over the past two years. | Incindent | |
| 14.12.25 | UK fines LastPass over 2022 data breach impacting 1.6 million users | The UK Information Commissioner's Office (ICO) fined the LastPass password management firm £1.2 million for failing to implement security measures that allowed an attacker to steal personal information and encrypted password vaults belonging to up to 1.6 million UK users in a 2022 breach. | Incindent | |
| 14.12.25 | Over 10,000 Docker Hub images found leaking credentials, auth keys | More than 10,000 Docker Hub container images expose data that should be protected, including live credentials to production systems, CI/CD databases, or LLM model keys. | Incindent | |
| 13.12.25 | Spain arrests teen who stole 64 million personal data records | The National Police in Spain have arrested a suspected 19-year-old hacker in Barcelona, for allegedly stealing and attempting to sell 64 million records obtained from breaches at nine companies. | Incindent | |
| 7.12.25 | Barts Health NHS discloses data breach after Oracle zero-day hack | Barts Health NHS Trust has announced that Clop ransomware actors have stolen files from a database by exploiting a vulnerability in its Oracle E-business Suite software. | Incindent | |
| 7.12.25 | Marquis data breach impacts over 74 US banks, credit unions | Financial software provider Marquis Software Solutions is warning that it suffered a data breach that impacted dozens of banks and credit unions across the US. | Incindent | |
| 7.12.25 | French DIY retail giant Leroy Merlin discloses a data breach | Leroy Merlin is sending security breach notifications to customers in France, informing them that their personal data was compromised. | Incindent | |
| 7.12.25 | Freedom Mobile discloses data breach exposing customer data | Freedom Mobile, the fourth-largest wireless carrier in Canada, has disclosed a data breach after attackers hacked into its customer account management platform and stole the personal information of an undisclosed number of customers. | Incindent | |
|
6.12.25 |
University of Phoenix discloses data breach after Oracle hack | The University of Phoenix (UoPX) has joined a growing list of U.S. universities breached in a Clop data theft campaign targeting vulnerable Oracle E-Business Suite instances in August 2025. | Incindent | |
|
6.12.25 |
Microsoft: KB5070311 triggers File Explorer white flash in dark mode | Microsoft has confirmed that the KB5070311 preview update is triggering bright white flashes when launching the File Explorer in dark mode on Windows 11 systems. | Incindent | |
|
6.12.25 |
University of Pennsylvania confirms new data breach after Oracle hack | The University of Pennsylvania (Penn) has confirmed a new data breach after attackers stole documents containing personal information from its Oracle E-Business Suite servers in August. | Incindent | |
|
6.12.25 |
Microsoft says new Outlook can't open some Excel attachments | South Korea's largest retailer, Coupang, has suffered a data breach that exposed the personal information of 33.7 million customers. | Incindent | |
| 3.12.25 | Retail giant Coupang data breach impacts 33.7 million customers | South Korea's largest retailer, Coupang, has suffered a data breach that exposed the personal information of 33.7 million customers. | Incindent | |
| 3.12.25 | Japanese beer giant Asahi says data breach hit 1.5 million people | Asahi Group Holdings, Japan's largest beer producer, has finished the investigation into the September cyberattack and found that the incident has impacted up to 1.9 million individuals. | Incindent | |
| 30.11.25 | Public GitLab repositories exposed more than 17,000 secrets | After scanning all 5.6 million public repositories on GitLab Cloud, a security engineer discovered more than 17,000 exposed secrets across over 2,800 unique domains. | Incindent | |
| 30.11.25 | French Football Federation discloses data breach after cyberattack | The French Football Federation (FFF) disclosed a data breach on Friday after attackers used a compromised account to gain access to administrative management software used by football clubs. | Incindent | |
| 30.11.25 | Comcast to pay $1.5M fine for vendor breach affecting 270K customers | Comcast will pay a $1.5 million fine to settle a Federal Communications Commission investigation into a February 2024 vendor data breach that exposed the personal information of nearly 275,000 customers. | Incindent | |
| 30.11.25 | Dartmouth College confirms data breach after Clop extortion attack | Dartmouth College has disclosed a data breach after the Clop extortion gang leaked data allegedly stolen from the school's Oracle E-Business Suite servers on its dark web leak site. | Incindent | |
| 29.11.25 | Real-estate finance services giant SitusAMC breach exposes client data | SitusAMC, a company that provides back-end services for top banks and lenders, disclosed on Saturday a data breach it had discovered earlier this month that impacted customer data. | Incindent | |
| 29.11.25 | Harvard University discloses data breach affecting alumni, donors | Harvard University disclosed over the weekend that its Alumni Affairs and Development systems were compromised in a voice phishing attack, exposing the personal information of students, alumni, donors, staff, and faculty members. | Incindent | |
| 29.11.25 | Iberia discloses customer data leak after vendor security breach | Spanish flag carrier Iberia has begun notifying customers of a data security incident stemming from a compromise at one of its suppliers. The disclosure comes days after a threat actor claimed on hacker forums to have access to 77 GB of data allegedly stolen from the airline. | Incindent | |
| 29.11.25 | WhatsApp API flaw let researchers scrape 3.5 billion accounts | Researchers compiled a list of 3.5 billion WhatsApp mobile phone numbers and associated personal information by abusing a contact-discovery API that lacked rate limiting. | Incindent | |
| 29.11.25 | Cox Enterprises discloses Oracle E-Business Suite data breach | Cox Enterprises is notifying impacted individuals of a data breach that exposed their personal data to hackers who breached the company network after exploiting a zero-day flaw in Oracle E-Business Suite. | Incindent | |
| 23.11.25 | Hacker claims to steal 2.3TB data from Italian rail group, Almaviva | Data from Italy's national railway operator, the FS Italiane Group, has been exposed after a threat actor breached the organization's IT services provider, Almaviva. | Incindent | |
| 23.11.25 | Salesforce investigates customer data theft via Gainsight breach | Salesforce says it revoked refresh tokens linked to Gainsight-published applications while investigating a new wave of data theft attacks targeting customers. | Incindent | |
| 22.11.25 | French agency Pajemploi reports data breach affecting 1.2M people | Pajemploi, the French social security service for parents and home-based childcare providers, has suffered a data breach that may have exposed personal information of 1.2 million individuals. | Incindent | |
| 20.11.25 | Eurofiber France warns of breach after hacker tries to sell customer data | Eurofiber France disclosed a data breach it discovered late last week when hackers gained access to its ticket management system by exploiting a vulnerability and exfiltrated information. | Incindent | |
| 20.11.25 | Princeton University discloses data breach affecting donors, alumni | A Princeton University database was compromised in a cyberattack on November 10, exposing the personal information of alumni, donors, faculty members, and students. | Incindent | |
| 20.11.25 | Pennsylvania AG confirms data breach after INC Ransom attack | The office of Pennsylvania's attorney general has confirmed that the ransomware gang behind an August 2025 cyberattack stole files containing personal and medical information. | Incindent | |
| 16.11.25 | Jaguar Land Rover cyberattack cost the company over $220 million | Jaguar Land Rover (JLR) published its financial results for July 1 to September 30, warning that the cost of a recent cyberattack totaled £196 million ($220 million) in the quarter. | Incindent | |
| 16.11.25 | Logitech confirms data breach after Clop extortion attack | Hardware accessory giant Logitech has confirmed it suffered a data breach in a cyberattack claimed by the Clop extortion gang, which conducted Oracle E-Business Suite data theft attacks in July. | Incindent | |
| 16.11.25 | DoorDash hit by new data breach in October exposing user information | DoorDash has disclosed a data breach that hit the food delivery platform this October. Beginning yesterday evening, DoorDash, which serves millions of customers across the U.S., Canada, Australia, and New Zealand, started emailing those impacted by the newly discovered security incident. | Incindent | |
| 16.11.25 | Washington Post data breach impacts nearly 10K employees, contractors | The Washington Post is notifying nearly 10,000 employees and contractors that some of their personal and financial data has been exposed in the Oracle data theft attack. | Incindent | |
| 14.11.25 | GlobalLogic warns 10,000 employees of data theft after Oracle breach | GlobalLogic, a provider of digital engineering services part of the Hitachi group, is notifying over 10,000 current and former employees that their data was stolen in an Oracle E-Business Suite (EBS) data breach. | Incindent | |
| 9.11.25 | ID verification laws are fueling the next wave of breaches | ID laws are forcing companies to store massive amounts of sensitive data, turning compliance into a security risk. Acronis explains how integrated backup and cybersecurity platforms help MSPs reduce complexity and close the gaps attackers exploit. | Incindent | |
| 9.11.25 | Hyundai AutoEver America data breach exposes SSNs, drivers licenses | Hyundai AutoEver America is notifying individuals that hackers breached the company's IT environment and gained access to personal information. | Incindent | |
| 9.11.25 | SonicWall says state-sponsored hackers behind September security breach | SonicWall's investigation into the September security breach that exposed customers' firewall configuration backup files concludes that state-sponsored hackers were behind the attack. | Incindent | |
| 9.11.25 | University of Pennsylvania confirms data stolen in cyberattack | The University of Pennsylvania has confirmed that a hacker breached numerous internal systems related to the university's development and alumni activities and stole data in a cyberattack. | Incindent | |
| 8.11.25 | Data breach at major Swedish software supplier impacts 1.5 million | The Swedish Authority for Privacy Protection (IMY) is investigating a cyberattack on IT systems supplier Miljödata that exposed data belonging to 1.5 million people. | Incindent | |
| 8.11.25 | Media giant Nikkei reports data breach impacting 17,000 people | Japanese publishing giant Nikkei announced earlier today that its Slack messaging platform had been compromised, exposing the personal information of over 17,000 employees and business partners. | Incindent | |
| 8.11.25 | Hacker steals over $120 million from Balancer DeFi crypto protocol | The Balancer Protocol announced that hackers had targeted its v2 pools, with losses reportedly estimated to be more than $128 million. | Incindent | |
| 8.11.25 | Hackers use RMM tools to breach freighters and steal cargo shipments | Threat actors are targeting freight brokers and trucking carriers with malicious links and emails to deploy remote monitoring and management tools (RMMs) that enable them to hijack cargo and steal physical goods. | Incindent | |
| 3.11.25 | Penn hacker claims to have stolen 1.2 million donor records in data breach | A hacker has taken responsibility for last week's University of Pennsylvania "We got hacked" email incident, saying it was a far more extensive breach that exposed data on 1.2 million donors and internal documents. | Incindent | |
| 3.11.25 | ‘We got hacked’ emails threaten to leak University of Pennsylvania data | The University of Pennsylvania suffered a cybersecurity incident on Friday, where students and alumni received a series of offensive emails from various University email addresses, claiming that data was stolen in a breach. | Incindent | |
| 3.11.25 | Major telecom services provider Ribbon breached by state hackers | Ribbon Communications, a provider of telecommunications services to the U.S. government and telecom companies worldwide, revealed that nation-state hackers breached its IT network as early as December 2024. | Incindent | |
| 2.11.25 | BPO giant Conduent confirms data breach impacts 10.5 million people | American business services giant Conduent has confirmed that a 2024 data breach has impacted over 10.5 million people, according to notifications filed with the US Attorney General's offices. | Incindent | |
| 2.11.25 | Canada says hacktivists breached water and energy facilities | The Canadian Centre for Cyber Security warned today that hacktivists have breached critical infrastructure systems multiple times across the country, allowing them to modify industrial controls that could have led to dangerous conditions. | Incindent | |
| 1.11.25 | Advertising giant Dentsu reports data breach at subsidiary Merkle | Japanese advertising giant Dentsu has disclosed that its U.S.-based subsidiary Merkle suffered a cybersecurity incident that exposed staff and client data. | Incindent | |
| 1.11.25 | Google disputes false claims of massive Gmail data breach | Google was once again forced to announce that it had not suffered a data breach after numerous news outlets published sensational stories about a fake breach that purportedly exposed 183 million accounts. | Incindent | |
| 27.10.25 | Fake LastPass death claims used to breach password vaults | LastPass is warning customers of a phishing campaign sending emails with an access request to the password vault as part of a legacy inheritance process. | Incindent | |
| 27.10.25 | Toys “R” Us Canada warns customers' info leaked in data breach | Toys "R" Us Canada has sent notices of a data breach to customers informing them of a security incident where threat actors leaked customer records they had previously stolen from its systems. | Incindent | |
| 26.10.25 | FinWise data breach shows why encryption is your last defense | The FinWise breach shows that when insider threats strike, encryption is the last line of defense. Penta Security's D.AMO platform unites encryption, key management, and access control to keep sensitive data secure. | Incindent | |
| 25.10.25 | Experian fined $3.2 million for mass-collecting personal data | Experian Netherlands has been fined EUR 2.7 million ($3.2 million) for multiple violations of the General Data Protection Regulation (GDPR) | Incindent | |
| 21.10.25 | Hackers Used Snappybee Malware and Citrix Flaw to Breach European Telecom Network | A European telecommunications organization is said to have been targeted by a threat actor that aligns with a China-nexus cyber espionage group known as Salt Typhoon . The | Incindent | |
| 19.10.25 | American Airlines subsidiary Envoy confirms Oracle data theft attack | Envoy Air, a regional airline carrier owned by American Airlines, confirms that data was compromised from its Oracle E-Business Suite application after the Clop extortion gang listed American Airlines on its data leak site. | Incindent | |
| 19.10.25 | Auction giant Sotheby’s says data breach exposed financial information | Major international auction house Sotheby's is notifying individuals of a data breach incident on its systems where threat actors stole sensitive information, including financial details. | Incindent | |
| 19.10.25 | Have I Been Pwned: Prosper data breach impacts 17.6 million accounts | Hackers stole the personal information of over 17.6 million people after breaching the systems of financial services company Prosper. | Incindent | |
| 19.10.25 | Capita to pay £14 million for data breach impacting 6.6 million people | The Information Commissioner's Office (ICO) in the UK has fined Capita, a provider of data-driven business process services, £14 million ($18.7 million) for a data breach incident in 2023 that exposed the personal information of 6.6 million people. | Incindent | |
| 19.10.25 | Fake LastPass, Bitwarden breach alerts lead to PC hijacks | An ongoing phishing campaign is targeting LastPass and Bitwarden users with fake emails claiming that the companies were hacked, urging them to download a supposedly more secure desktop version of the password manager. | Incindent | |
| 19.10.25 | Clothing giant MANGO discloses data breach exposing customer info | Spanish fashion retailer MANGO is sending notices of a data breach to its customers, warning that its marketing vendor suffered a compromise exposing personal data. | Incindent | |
| 18.10.25 | SimonMed says 1.2 million patients impacted in January data breach | U.S. medical imaging provider SimonMed Imaging is notifying more than 1.2 million individuals of a data breach that exposed their sensitive information. | Incindent | |
| 18.10.25 | SonicWall VPN accounts breached using stolen creds in widespread attacks | Researchers warn that threat actors have compromised more than a hundred SonicWall SSLVPN accounts in a large-scale campaign using stolen, valid credentials. | Incindent | |
| 18.10.25 | Harvard investigating breach linked to Oracle zero-day exploit | Harvard University is investigating a data breach after the Clop ransomware gang listed the school on its data leak site, saying the alleged breach was likely caused by a recently disclosed zero-day vulnerability in Oracle's E-Business Suite servers. | Incindent | |
| 16.10.25 | F5 Breach Exposes BIG-IP Source Code — Nation-State Hackers Behind Massive Intrusion | U.S. cybersecurity company F5 on Wednesday disclosed that unidentified threat actors broke into its systems and stole files containing some of BIG-IP's source code and information | Incindent | |
|
12.10.25 |
SonicWall: Firewall configs stolen for all cloud backup customers | SonicWall has confirmed that all customers that used the company's cloud backup service are affected by the security breach last month. | Incindent | |
|
12.10.25 |
Hackers claim Discord breach exposed data of 5.5 million users | Discord says they will not be negotiating with threat actors who claim to have stolen the data of 5.5 million unique users from the company's Zendesk support system instance, including government IDs and partial payment information for some people. | Incindent | |
|
12.10.25 |
Crimson Collective hackers target AWS cloud instances for data theft | The 'Crimson Collective' threat group has been targeting AWS (Amazon Web Services) cloud environments for the past weeks, to steal data and extort companies. | Incindent | |
|
12.10.25 |
London police arrests suspects linked to nursery breach, child doxing | The UK Metropolitan Police has arrested two suspects following an investigation into the doxing of children online after a ransomware attack on a chain of London-based nurseries. | Incindent | |
|
12.10.25 |
DraftKings warns of account breaches in credential stuffing attacks | Sports betting giant DraftKings has notified an undisclosed number of customers that their accounts had been hacked in a recent wave of credential stuffing attacks. | Incindent | |
|
12.10.25 |
Electronics giant Avnet confirms breach, says stolen data unreadable | Electronic components distributor Avnet confirmed in a statement for BleepingComputer that it suffered a data breach but noted that the stolen data is unreadable without proprietary tools. | Incindent | |
|
12.10.25 |
Experts Warn of Widespread SonicWall VPN Compromise Impacting Over 100 Accounts | Cybersecurity company Huntress on Friday warned of "widespread compromise" of SonicWall SSL VPN devices to access multiple customer environments. "Threat actors are authenticating | Incindent | |
|
11.10.25 |
Red Hat data breach escalates as ShinyHunters joins extortion | Enterprise software giant Red Hat is now being extorted by the ShinyHunters gang, with samples of stolen customer engagement reports (CERs) leaked on their data leak site. | Incindent | |
|
11.10.25 |
LinkedIn sues ProAPIs for using 1M fake accounts to scrape user data | LinkedIn has filed a lawsuit against Delaware company ProAPIs Inc. and its founder and CTO, Rehmat Alam, for allegedly scraping legitimate data through more than a million fake accounts. | Incindent | |
|
11.10.25 |
ParkMobile pays... $1 each for 2021 data breach that hit 22 million | ParkMobile has finally wrapped up a class action lawsuit over the platform's 2021 data breach that hit 22 million users. But there's a catch: victims are receiving compensation in the form of a $1 in-app credit, which they must claim manually. And, it comes with an expiration date. | Incindent | |
|
11.10.25 |
Discord discloses data breach after hackers steal support tickets | Hackers stole partial payment information and personally identifiable data, including names and government-issued IDs, from some Discord users after compromising a third-party customer service provider. | Incindent | |
|
11.10.25 |
Renault and Dacia UK warn of data breach impacting customers | Customers of Renault and Dacia in the United Kingdom have been notified that sensitive information they shared with the car maker was compromised following a data breach at a third-party provider. | Incindent | |
|
11.10.25 |
ShinyHunters launches Salesforce data leak site to extort 39 victims | An extortion group has launched a new data leak site to publicly extort dozens of companies impacted by a wave of Salesforce breaches, leaking samples of data stolen in the attacks. | Incindent | |
|
5.10.25 |
Red Hat confirms security incident after hackers breach GitLab instance | An extortion group calling itself the Crimson Collective claims to have stolen nearly 570GB of compressed data across 28,000 internal development respositories, with the company confirming it was a breach of one of its GitLab instances. | Incindent | |
|
5.10.25 |
Data breach at dealership software provider impacts 766k clients | A ransomware attack at Motility Software Solutions, a provider of dealer management software (DMS), has exposed the sensitive data of 766,000 customers. | Incindent | |
|
5.10.25 |
WestJet data breach exposes travel details of 1.2 million customers | Canadian airline WestJet is informing customers that the cyberattack disclosed in June compromised the personal information of 1.2 million customers, including passports and ID documents. | Incindent | |
|
5.10.25 |
Allianz Life says July data breach impacts 1.5 million people | Allianz Life has completed the investigation into the cyberattack it suffered in July and determined that nearly 1.5 million individuals are impacted. | Incindent | |
| 4.10.25 | Japan's largest brewer suspends operations due to cyberattack | Asahi Group Holdings, Ltd (Asahi), the brewer of Japan's top-selling beer, has disclosed a cyberattack that disrupted several of its operations. | Incindent | |
| 4.10.25 | Harrods suffers new data breach exposing 430,000 customer records | UK retail giant Harrods has disclosed a new cybersecurity incident after hackers compromised a third-party supplier and stole 430,000 records with sensitive e-commerce customer information. | Incindent | |
| 28.9.25 | Google: Brickstorm malware used to steal U.S. orgs' data for over a year | Suspected Chinese hackers have used the Brickstorm malware in long-term persistence espionage operations against U.S. organizations in the technology and legal sectors. | Incindent | |
| 28.9.25 | Boyd Gaming discloses data breach after suffering a cyberattack | US gaming and casino operator Boyd Gaming Corporation disclosed it suffered a breach after threat actors gained access to its systems and stole data, including employee information and data belonging to a limited number of other individuals. | Incindent | |
| 27.9.25 | Automaker giant Stellantis confirms data breach after Salesforce hack | Automotive manufacturing giant Stellantis has confirmed that attackers stole some of its North American customers' data after gaining access to a third-party service provider's platform. | Incindent | |
| 21.9.25 | ShinyHunters claims 1.5 billion Salesforce records stolen in Drift hacks | The ShinyHunters extortion group claims to have stolen over 1.5 billion Salesforce records from 760 companies using compromised Salesloft Drift OAuth tokens. | Incindent | |
| 21.9.25 | SonicWall warns customers to reset credentials after breach | Microsoft reminded customers again this week that Office 2016 and Office 2019 will reach the end of extended support in less than 30 days, on October 14, 2025. | Incindent | |
| 20.9.25 | BreachForums hacking forum admin resentenced to three years in prison | Conor Brian Fitzpatrick, the 22-year-old behind the notorious BreachForums hacking forum, was resentenced today to three years in prison after a federal appeals court overturned his prior sentence of time served and 20 years of supervised release. | Incindent | |
| 20.9.25 | Jaguar Land Rover extends shutdown after cyberattack by another week | Jaguar Land Rover (JLR) announced today that it will extend the production shutdown for another week, following a devastating cyberattack that impacted its systems at the end of August. | Incindent | |
| 20.9.25 | FinWise insider breach impacts 689K American First Finance customers | FinWise Bank is warning on behalf of corporate customers that it suffered a data breach after a former employee accessed sensitive files after the end of their employment. | Incindent | |
| 18.9.25 | SonicWall Urges Password Resets After Cloud Backup Breach Affecting Under 5% of Customers | SonicWall is urging customers to reset credentials after their firewall configuration backup files were exposed in a security breach impacting MySonicWall accounts. The company said it | Incindent | The Hacker News |
| 14.9.25 | Jaguar Land Rover confirms data theft after recent cyberattack | Jaguar Land Rover (JLR) confirmed today that attackers also stole "some data" during a recent cyberattack that forced it to shut down systems and instruct staff not to report to work. | Incindent | |
| 13.9.25 | Plex tells users to reset passwords after new data breach | Media streaming platform Plex is warning customers to reset passwords after suffering a data breach in which a hacker was able to steal customer authentication data from one of its databases. | Incindent | |
| 13.9.25 | Lovesac confirms data breach after ransomware attack claims | American furniture brand Lovesac is warning that it suffered a data breach impacting an undisclosed number of individuals, stating their personal data was exposed in a cybersecurity incident. | Incindent | |
| 13.9.25 | Sports streaming piracy service with 123M yearly visits shut down | Calcio, a large piracy sports streaming platform with more than 120 million visits in the past year, was shut down following a collaborative effort by the Alliance for Creativity and Entertainment (ACE) and DAZN. | Incindent | BleepingComputer |
| 13.9.25 | Salesloft: March GitHub repo breach led to Salesforce data theft attacks | Salesloft says attackers first breached its GitHub account in March, leading to the theft of Drift OAuth tokens later used in widespread Salesforce data theft attacks in August. | Incindent | |
| 12.9.25 | Financial services firm Wealthsimple discloses data breach | ealthsimple, a leading Canadian online investment management service, has disclosed a data breach after attackers stole the personal data of an undisclosed number of customers in a recent incident. | Incindent | |
| 9.9.25 | GitHub Account Compromise Led to Salesloft Drift Breach Affecting 22 Companies | Salesloft has revealed that the data breach linked to its Drift application started with the compromise of its GitHub account. Google-owned Mandiant, which began an | Incindent | The Hacker News |
| 7.9.25 | Texas sues PowerSchool over breach exposing 62M students, 880k Texans | Texas Attorney General Ken Paxton has filed a lawsuit against education software company PowerSchool, which suffered a massive data breach in December that exposed the personal information of 62 million students, including over 880,000 Texans. | Incindent | |
| 7.9.25 | Chess.com discloses recent data breach via file transfer app | Chess.com has disclosed a data breach after threat actors gained unauthorized access to a third-party file transfer application used by the platform. | Incindent | |
| 6.9.25 | SaaS giant Workiva discloses data breach after Salesforce attack | Workiva, a leading cloud-based SaaS (Software as a Service) provider, notified its customers that attackers who gained access to a third-party customer relationship management (CRM) system stole some of their data. | Incindent | |
| 6.9.25 | Disney to pay $10M to settle claims it collected kids’ data on YouTube | Disney will pay $10 million to settle claims by the U.S. Federal Trade Commission that it mislabeled videos for children on YouTube, which allowed the collection of kids' personal information without their consent or notification to their parents. | Incindent | |
| 6.9.25 | Hackers breach fintech firm in attempted $130M bank heist | Hackers tried to steal $130 million from Evertec's Brazilian subsidiary Sinqia S.A.after gaining unauthorized access to its environment on the central bank's real-time payment system (Pix). | Incindent | |
| 6.9.25 | Palo Alto Networks data breach exposes customer info, support cases | Palo Alto Networks suffered a data breach that exposed customer data and support cases after attackers abused compromised OAuth tokens from the Salesloft Drift breach to access its Salesforce instance. | Incindent | |
| 6.9.25 | Zscaler data breach exposes customer info after Salesloft Drift compromise | Cybersecurity company Zscaler warns it suffered a data breach after threat actors gained access to its Salesforce instance and stole customer information, including the contents of support cases. | Incindent | |
| 31.8.25 | TransUnion suffers data breach impacting over 4.4 million people | Consumer credit reporting giant TransUnion warns it suffered a data breach exposing the personal information of over 4.4 million people in the United States, with BleepingComputer learning the data was stolen from it's Salesforce account. | Incindent | |
| 30.8.25 | Healthcare Services Group data breach impacts 624,000 people | The Healthcare Services Group (HSGI) is alerting more than 600,000 individuals that their personal information was exposed in a security breach last year. | Incindent | |
| 30.8.25 | Farmers Insurance data breach impacts 1.1M people after Salesforce attack | U.S. insurance giant Farmers Insurance has disclosed a data breach impacting 1.1 million customers, with BleepingComputer learning that the data was stolen in the widespread Salesforce attacks. | Incindent | BleepingComputer |
| 30.8.25 | Auchan retailer data breach impacts hundreds of thousands of customers | French retailer Auchan is informing that some sensitive data associated with loyalty accounts of several hundred thousand of its customers was exposed in a cyberattack. | Incindent | |
| 29.8.25 | Google Warns Salesloft OAuth Breach Extends Beyond Salesforce, Impacting All Integrations | Google has revealed that the recent wave of attacks targeting Salesforce instances via Salesloft Drift is much broader in scope than previously thought, stating it | Incindent | The Hacker News |
| 24.8.25 | DaVita says ransomware gang stole data of nearly 2.7 million people | Kidney dialysis firm DaVita has confirmed that a ransomware gang that breached its network stole the personal and health information of nearly 2.7 million individuals. | Incindent | |
| 24.8.25 | Orange Belgium discloses data breach impacting 850,000 customers | Orange Belgium, a subsidiary of telecommunications giant Orange Group, disclosed on Wednesday that attackers who breached its systems in July have stolen the data of approximately 850,000 customers. | Incindent | |
| 23.8.25 | NY Business Council discloses data breach affecting 47,000 people | The Business Council of New York State (BCNYS) has revealed that attackers who breached its network in February stole the personal, financial, and health information of over 47,000 individuals. | Incindent | |
| 23.8.25 | Massive Allianz Life data breach impacts 1.1 million people | Hackers have stolen the personal information of 1.1 million individuals in a Salesforce data theft attack, which impacted U.S. insurance giant Allianz Life in July. | Incindent | |
| 23.8.25 | HR giant Workday discloses data breach after Salesforce attack | Human resources giant Workday has disclosed a data breach after attackers gained access to a third-party customer relationship management (CRM) platform in a recent social engineering attack. | Incindent | |
| 13.8.25 | Researchers Spot XZ Utils Backdoor in Dozens of Docker Hub Images, Fueling Supply Chain Risks | New research has uncovered Docker images on Docker Hub that contain the infamous XZ Utils backdoor, more than a year after the discovery of the incident. | Incindent | The Hacker News |
| 25.7.25 | Major European healthcare network discloses security breach | AMEOS Group, an operator of a massive healthcare network in Central Europe, has announced it has suffered a security breach that may have exposed customer, employee, and partner information. | Incindent | |
| 25.7.25 | Ring denies breach after users report suspicious logins | Ring is warning that a backend update bug is responsible for customers seeing a surge in unauthorized devices logged into their account on May 28th. | Incindent | |
| 25.7.25 | ExpressVPN bug leaked user IPs in Remote Desktop sessions | ExpressVPN has fixed a flaw in its Windows client that caused Remote Desktop Protocol (RDP) traffic to bypass the virtual private network (VPN) tunnel, exposing the users' real IP addresses. | Incindent | |
| 25.7.25 | Dior begins sending data breach notifications to U.S. customers | The House of Dior (Dior) is sending data breach notifications to U.S. customers informing them that a May cybersecurity incident compromised their personal information. | Incindent | |
| 25.7.25 | Dell confirms breach of test lab platform by World Leaks extortion group | A newly rebranded extortion gang known as "World Leaks" breached one of Dell's product demonstration platforms earlier this month and is now trying to extort the company into paying a ransom. | Incindent | |
| 20.7.25 | Co-op confirms data of 6.5 million members stolen in cyberattack | UK retailer Co-op has confirmed that personal data of 6.5 million members was stolen in the massive cyberattack in April that shut down systems and caused food shortages in its grocery stores. | Incindent | |
| 20.7.25 | Louis Vuitton says regional data breaches tied to same cyberattack | Luxury fashion giant Louis Vuitton confirmed that breaches impacting customers in the UK, South Korea, and Turkey stem from the same security incident, which is believed to be linked to the ShinyHunters extortion group. | Incindent | BleepingComputer |
| 13.7.25 | '123456' password exposed chats for 64 million McDonald’s job chatbot applications | Cybersecurity researchers discovered a vulnerability in McHire, McDonald's chatbot job application platform, that exposed the chats of more than 64 million job applications across the United States. | Incindent | BleepingComputer |
| 13.7.25 | Qantas confirms data breach impacts 5.7 million customers | Australian airline Qantas has confirmed that 5.7 million people have been impacted by a recent data breach, in which threat actors stole customers' data. | Incindent | BleepingComputer |
| 11.7.25 | Employee gets $920 for credentials used in $140 million bank heist | Hackers stole nearly $140 million from six banks in Brazil by using an employee's credentials from C&M, a company that offers financial connectivity solutions. | Incindent | |
| 11.7.25 | Qantas is being extorted in recent data-theft cyberattack | Qantas has confirmed that it is now being extorted by threat actors following a cyberattack that potentially exposed the data for 6 million customers. | Incindent | BleepingComputer |
| 6.7.25 | Ingram Micro suffers global outage as internal systems inaccessible | IT giant Ingram Micro is experiencing a global outage that is impacting its websites and internal systems, with customers concerned that it may be a cyberattack after the company remains silent on the cause of the issues. | Incindent | |
| 6.7.25 | Hacker leaks Telefónica data allegedly stolen in a new breach | A hacker is threatening to leak 106GB of data allegedly stolen from Spanish telecommunications company Telefónica in a breach that the company did not acknowledge. | Incindent | BleepingComputer |
| 5.7.25 | Qantas discloses cyberattack amid Scattered Spider aviation breaches | Australian airline Qantas disclosed that it detected a cyberattack on Monday after threat actors gained access to a third-party platform containing customer data. | Incindent | BleepingComputer |
| 5.7.25 | Kelly Benefits says 2024 data breach impacts 550,000 customers | Kelly & Associates Insurance Group (dba Kelly Benefits) is informing more than half a million people of a data breach that compromised their personal information. | Incindent | |
| 5.7.25 | Esse Health says recent data breach affects over 263,000 patients | Esse Health, a healthcare provider based in St. Louis, Missouri, is notifying over 263,000 patients that their personal and health information was stolen in an April cyberattack. | Incindent | |
| 5.7.25 | Johnson Controls starts notifying people affected by 2023 breach | Building automation giant Johnson Controls is notifying individuals whose data was stolen in a massive ransomware attack that impacted the company's operations worldwide in September 2023. | Incindent | |
| 29.6.25 | Retail giant Ahold Delhaize says data breach affects 2.2 million people | Ahold Delhaize, one of the world's largest food retail chains, is notifying over 2.2 million individuals that their personal, financial, and health information was stolen in a November ransomware attack that impacted its U.S. systems. | Incindent | |
| 29.6.25 | Hawaiian Airlines discloses cyberattack, flights not affected | Hawaiian Airlines, the tenth-largest commercial airline in the United States, is investigating a cyberattack that has disrupted access to some of its systems. | Incindent | BleepingComputer |
| 29.6.25 | Ex-student charged over hacking university for cheap parking, data breaches | New South Wales police in Australia have arrested a 27-year-old former Western Sydney University (WSU) student for allegedly hacking into the University's systems on multiple occasions, starting with a scheme to obtain cheaper parking. | Incindent | |
| 29.6.25 | Hacker 'IntelBroker' charged in US for global data theft breaches | A British national known online as "IntelBroker" has been charged by the U.S. for stealing and selling sensitive data from dozens of victims, causing an estimated $25 million in damages. | Incindent | |
| 26.6.25 | McLaren Health Care says data breach impacts 743,000 patients | McLaren Health Care is warning 743,000 patients that the health system suffered a data breach caused by a July 2024 attack by the INC ransomware gang. | Incindent | |
| 26.6.25 | Steel giant Nucor confirms hackers stole data in recent breach | Nucor, North America's largest steel producer and recycler, has confirmed that attackers behind a recent cybersecurity incident have also stolen data from the company's network. | Incindent | |
| 23.6.25 | Oxford City Council suffers breach exposing two decades of data | Oxford City Council warns it suffered a data breach where attackers accessed personally identifiable information from legacy systems. | Incindent | BleepingComputer |
| 23.6.25 | No, the 16 billion credentials leak is not a new data breach | News broke today of a "mother of all breaches," sparking wide media coverage filled with warnings and fear-mongering. However, it appears to be a compilation of previously leaked credentials stolen by infostealers, exposed in data breaches, and via credential stuffing attacks. | Incindent | |
| 22.6.25 | Krispy Kreme says November data breach impacts over 160,000 people | U.S. doughnut chain Krispy Kreme confirmed that attackers stole the personal information of over 160,000 individuals in a November 2024 cyberattack. | Incindent | |
| 22.6.25 | Healthcare SaaS firm says data breach impacts 5.4 million patients | Episource warns of a data breach after hackers stole health information of over 5 million people in the United States in a January cyberattack. | Incindent | |
| 21.6.25 | Asana warns MCP AI feature exposed customer data to other orgs | Work management platform Asana is warning users of its new Model Context Protocol (MCP) feature that a flaw in its implementation potentially led to data exposure from their instances to other users and vice versa. | Incindent | BleepingComputer |
| 21.6.25 | Scania confirms insurance claim data breach in extortion attempt | Automotive giant Scania confirmed it suffered a cybersecurity incident where threat actors used compromised credentials to breach its systems and steal insurance claim documents. | Incindent | |
| 21.6.25 | UK fines 23andMe for ‘profoundly damaging’ breach exposing genetics data | The UK Information Commissioner's Office (ICO) has fined genetic testing provider 23andMe £2.31 million ($3.12 million) over 'serious security failings' that led to a 'profoundly damaging' data breach in 2023. | Incindent | BleepingComputer |
| 21.6.25 | Hacker steals 1 million Cock.li user records in webmail data breach | Email hosting provider Cock.li has confirmed it suffered a data breach after threat actors exploited flaws in its now-retired Roundcube webmail platform to steal over a million user records. | Incindent | BleepingComputer |
| 21.6.25 | Washington Post's email system hacked, journalists' accounts compromised | Email accounts of several Washington Post journalists were compromised in a cyberattack believed to have been carried out by a foreign government. | Incindent | |
| 21.6.25 | Zoomcar discloses security breach impacting 8.4 million users | Zoomcar Holdings (Zoomcar) has disclosed via an 8-K form filing with the U.S. Securities and Exchange Commission (SEC) a data breach incident impacting 8.4 million users. | Incindent | |
| 21.6.25 | Over 46,000 Grafana instances exposed to account takeover bug | More than 46,000 internet-facing Grafana instances remain unpatched and exposed to a client-side open redirect vulnerability that allows executing a malicious plugin and account takeover. | Incindent | BleepingComputer |
| 21.6.25 | WestJet investigates cyberattack disrupting internal systems | WestJet, Canada's second-largest airline, is investigating a cyberattack that has disrupted access to some internal systems as it responds to the breach. | Incindent | BleepingComputer |
| 15.6.25 | Victoria’s Secret restores critical systems after cyberattack | Victoria's Secret has restored all critical systems impacted by a May 24 security incident that forced it to shut down corporate systems and the e-commerce website. | Incindent | |
| 14.6.25 | Texas Dept. of Transportation breached, 300k crash records stolen | The Texas Department of Transportation (TxDOT) is warning that it suffered a data breach after a threat actor downloaded 300,000 crash records from its database. | Incindent | |
| 14.6.25 | Five plead guilty to laundering $36 million stolen in investment scams | Five men from China, the United States, and Turkey pleaded guilty to their involvement in an international crime ring and laundering nearly $37 million stolen from U.S. victims in cryptocurrency investment scams carried out from Cambodia. | Incindent | BleepingComputer |
| 14.6.25 | Stolen Ticketmaster data from Snowflake attacks briefly for sale again | The Arkana Security extortion gang briefly listed over the weekend what appeared to be newly stolen Ticketmaster data but is instead the data stolen during the 2024 Snowflake data theft attacks. | Incindent | BleepingComputer |
| 14.6.25 | SentinelOne shares new details on China-linked breach attempt | SentinelOne has shared more details on an attempted supply chain attack by Chinese hackers through an IT services and logistics firm that manages hardware logistics for the cybersecurity firm. | Incindent | BleepingComputer |
| 14.6.25 | Sensata Technologies says personal data stolen by ransomware gang | Sensata Technologies is warning former and current employees it suffered a data breach after concluding an investigation into an April ransomware attack. | Incindent | BleepingComputer |
| 14.6.25 | Grocery wholesale giant United Natural Foods hit by cyberattack | United Natural Foods (UNFI), North America's largest publicly traded wholesale distributor, was forced to shut down some systems following a recent cyberattack. | Incindent | BleepingComputer |
| 8.6.25 | Old AT&T data leak repackaged to link SSNs, DOBs to 49M phone numbers | A threat actor has re-released data from a 2021 AT&T breach affecting 70 million customers, this time combining previously separate files to directly link Social Security numbers and birth dates to individual users. | Incindent | BleepingComputer |
| 8.6.25 | Germany fines Vodafone $51 million for privacy, security breaches | The German data protection authority (BfDI) has fined Vodafone GmbH, the telecommunications company's German subsidiary, €45 million ($51.4 million) for privacy and security violations. | Incindent | |
| 7.6.25 | Media giant Lee Enterprises says data breach affects 39,000 people | Publishing giant Lee Enterprises is notifying nearly 40,000 people whose personal information was stolen in a February 2025 ransomware attack. | Incindent | BleepingComputer |
| 6.6.25 | Victoria’s Secret delays earnings release after security incident | Fashion retail giant Victoria's Secret has delayed its first quarter 2025 earnings release because of ongoing corporate system restoration efforts following a May 24 security incident. | Incindent | BleepingComputer |
| 6.6.25 | Cartier discloses data breach amid fashion brand cyberattacks | Luxury fashion brand Cartier is warning customers it suffered a data breach that exposed customers' personal information after its systems were compromised. | Incindent | BleepingComputer |
| 6.6.25 | The North Face warns customers of April credential stuffing attack | Outdoor apparel retailer The North Face is warning customers that their personal information was stolen in credential stuffing attacks targeting the company's website in April. | Incindent | |
| 1.6.25 | Victoria’s Secret takes down website after security incident | Victoria's Secret, the fashion giant, has taken down its website and some store services because of an ongoing security incident | Incindent | BleepingComputer |
| 1.6.25 | Data broker LexisNexis discloses data breach affecting 364,000 people | Data broker giant LexisNexis Risk Solutions has revealed that unknown attackers stole the personal information of over 364,000 individuals in a December breach. | Incindent | BleepingComputer |
| 30.5.24 | Adidas warns of data breach after customer service provider hack | German sportswear giant Adidas disclosed a data breach after attackers hacked a customer service provider and stole some customers' data. | Incindent | BleepingComputer |
| 24.5.24 | Marks & Spencer faces $402 million profit hit after cyberattack | British retailer giant Marks & Spencer (M&S) is bracing for a potential profit hit of up to £300 million £300 million ($402 million) following a recent cyberattack that led to widespread operational and sales disruptions. | Incindent | |
| 24.5.24 | Coinbase says recent data breach impacts 69,461 customers | Coinbase, a cryptocurrency exchange with over 100 million customers, revealed that a recent data breach in which cybercriminals stole customer and corporate data affected 69,461 individuals | Incindent | BleepingComputer |
| 24.5.24 | PowerSchool hacker pleads guilty to student data extortion scheme | A 19-year-old college student from Worcester, Massachusetts, has agreed to plead guilty to a massive cyberattack on PowerSchool that extorted millions of dollars in exchange for not leaking the personal data of millions of students and teachers. | Incindent | |
| 23.5.24 | Arla Foods confirms cyberattack disrupts production, causes delays | Arla Foods has confirmed to BleepingComputer that it was targeted by a cyberattack that has disrupted its production operations. | Incindent | BleepingComputer |
| 23.5.24 | UK Legal Aid Agency confirms applicant data stolen in data breach | The United Kingdom's Legal Aid Agency (LAA) has confirmed that a recent cyberattack is more serious than first believed, with hackers stealing a large trove of sensitive applicant data in a data breach. | Incindent | BleepingComputer |
| 18.5.24 | Nova Scotia Power confirms hackers stole customer data in cyberattack | Nova Scotia Power confirms it suffered a data breach after threat actors stole sensitive customer data in a cybersecurity incident discovered last month. | Incindent | BleepingComputer |
| 17.5.24 | Fashion giant Dior discloses cyberattack, warns of data breach | House of Dior, the French luxury fashion brand commonly referred to as Dior, has disclosed a cybersecurity incident that has exposed customer information. | Incindent | BleepingComputer |
| 17.5.24 | Twilio denies breach following leak of alleged Steam 2FA codes | Twilio has denied in a statement for BleepingComputer that it was breached after a threat actor claimed to be holding over 89 million Steam user records with one-time access codes | Incindent | |
| 16.5.24 | M&S says customer data stolen in cyberattack, forces password resets | Marks and Spencer (M&S) confirms that customer data was stolen in a cyberattack last month, when ransomware was used to encrypt servers. | Incindent | |
| 16.5.24 | Ascension says recent data breach affects over 430,000 patients | Ascension, one of the largest private healthcare systems in the United States, has revealed that the personal and healthcare information of over 430,000 patients was exposed in a data breach disclosed last month. | Incindent | BleepingComputer |
| 16.5.24 | Education giant Pearson hit by cyberattack exposing customer data | Education giant Pearson suffered a cyberattack, allowing threat actors to steal corporate data and customer information, BleepingComputer has learned. | Incindent | BleepingComputer |
| 16.5.24 | VC giant Insight Partners confirms investor data stolen in breach | Venture capital firm Insight Partners has confirmed that sensitive data for employees and limited partners was stolen in a January 2025 cyberattack. | Incindent | BleepingComputer |
| 11.5.24 | UK Legal Aid Agency investigates cybersecurity incident | The Legal Aid Agency (LAA), an executive agency of the UK's Ministry of Justice that oversees billions in legal funding, warned law firms of a security incident and said the attackers might have accessed financial information. | Incindent | |
| 8.5.24 | Microsoft finds default Kubernetes Helm charts can expose data | Microsoft warns about the security risks posed by default configurations in Kubernetes deployments, particularly those using out-of-the-box Helm charts, which could publicly expose sensitive data. | Incindent | |
| 4.5.24 | Hacker 'NullBulge' pleads guilty to stealing Disney's Slack data | A California man who used the alias "NullBulge" has pleaded guilty to illegally accessing Disney's internal Slack channels and stealing over 1.1 terabytes of internal company data. | Incindent | |
| 3.5.24 | Harrods the next UK retailer targeted in a cyberattack | London's iconic department store, Harrods, has confirmed it was targeted in a cyberattack, becoming the third major UK retailer to report cyberattacks in a week following incidents at M&S and the Co-op. | Incindent | BleepingComputer |
| 27.4.25 | Mobile provider MTN says cyberattack compromised customer data | African mobile giant MTN Group announced that a cybersecurity incident has compromised the personal information of some of its subscribers in certain countries. | Incindent | BleepingComputer |
| 27.4.25 | Baltimore City Public Schools data breach affects over 31,000 people | Baltimore City Public Schools notified tens of thousands of employees and students of a data breach following an incident in February when unknown attackers hacked into its network. | Incindent | |
| 26.4.25 | Yale New Haven Health data breach affects 5.5 million patients | Yale New Haven Health (YNHHS) is warning that threat actors stole the personal data of 5.5 million patients in a cyberattack earlier this month. | Incindent | BleepingComputer |
| 26.4.25 | Blue Shield of California leaked health data of 4.7 million members to Google | Blue Shield of California disclosed it suffered a data breach after exposing protected health information of 4.7 million members to Google's analytics and advertisement platforms. | Incindent | |
| 25.4.25 | Marks & Spencer confirms a cyberattack as customers face delayed orders | Marks & Spencer (M&S) has disclosed that it is responding to a cyberattack over the past few days that has impacted operations, including its Click and Collect service. | Incindent | BleepingComputer |
| 21.4.25 | Entertainment services giant Legends International discloses data breach | Entertainment venue management firm Legends International warns it suffered a data breach in November 2024, which has impacted employees and people who visited venues under its management. | Incindent | BleepingComputer |
| 20.4.25 | CISA warns of increased breach risks following Oracle Cloud leak | On Wednesday, CISA warned of heightened breach risks after the compromise of legacy Oracle Cloud servers earlier this year and highlighted the significant threat to enterprise networks. | Incindent | |
| 20.4.25 | Landmark Admin data breach impact now reaches 1.6 million people | Landmark Admin has issued an update to its investigation of a cyberattack it suffered in May 2024, increasing the number of impacted individuals to 1.6 million. | Incindent | |
| 20.4.25 | Hertz confirms customer info, drivers' licenses stolen in data breach | Car rental giant Hertz Corporation warns it suffered a data breach after customer data for its Hertz, Thrifty, and Dollar brands was stolen in the Cleo zero-day data theft attacks. | Incindent | BleepingComputer |
| 20.4.25 | Govtech giant Conduent confirms client data stolen in January cyberattack | American business services giant and government contractor Conduent disclosed today that client data was stolen in a January 2025 cyberattack. | Incindent | BleepingComputer |
| 13.4.25 | Western Sydney University discloses security breaches, data leak | Western Sydney University (WSU) announced two security incidents that exposed personal information belonging to members of its community. | Incindent | |
| 13.4.25 | US lab testing provider exposed health data of 1.6 million people | Laboratory Services Cooperative (LSC) has released a statement informing it suffered a data breach where hackers stole sensitive information of roughly 1.6 million people from its systems. | Incindent | BleepingComputer |
| 13.4.25 | Oracle says "obsolete servers" hacked, denies cloud breach | Oracle finally confirmed in email notifications sent to customers that a hacker stole and leaked credentials that were stolen from what it described as "two obsolete servers." | Incindent | BleepingComputer |
| 12.4.25 | Hackers lurked in Treasury OCC’s systems since June 2023 breach | Unknown attackers who breached the Treasury's Office of the Comptroller of the Currency (OCC) in June 2023 gained access to over 150,000 emails. | Incindent | BleepingComputer |
| 10.4.25 | Food giant WK Kellogg discloses data breach linked to Clop ransomware | US food giant WK Kellogg Co is warning employees and vendors that company data was stolen during the 2024 Cleo data theft attacks. | Incindent | BleepingComputer |
| 6.4.25 | Australian pension funds hit by wave of credential stuffing attacks | Over the weekend, a massive wave of credential stuffing attacks hit multiple large Australian super funds, compromising thousands of members' accounts. | Incindent | BleepingComputer |
| 6.4.25 | Europcar GitLab breach exposes data of up to 200,000 customers | A hacker breached the GitLab repositories of multinational car-rental company Europcar Mobility Group and stole source code for Android and iOS applications, as well as some personal information belonging to up to 200,000 users. | Incindent | BleepingComputer |
| 6.4.25 | Europcar GitLab breach exposes data of up to 200,000 customers | A hacker breached the GitLab repositories of multinational car-rental company Europcar Mobility Group and stole source code for Android and iOS applications, as well as some personal information belonging to up to 200,000 users. | Incindent | BleepingComputer |
| 5.4.25 | GitHub expands security tools after 39 million secrets leaked in 2024 | Over 39 million secrets like API keys and account credentials were leaked on GitHub throughout 2024, exposing organizations and users to significant security risks. | Incindent | |
| 5.4.25 | Royal Mail investigates data leak claims, no impact on operations | Royal Mail is investigating claims of a security breach after a threat actor leaked over 144GB of data allegedly stolen from the company's systems. | Incindent | |
|
30.3.25 |
Oracle Health breach compromises patient data at US hospitals | A breach at Oracle Health impacts multiple US healthcare organizations and hospitals after a threat actor stole patient data from legacy servers. | Incindent | |
|
29.3.25 |
StreamElements discloses third-party data breach after hacker leaks data | Cloud-based streaming company StreamElements confirms it suffered a data breach at a third-party service provider after a threat actor leaked samples of stolen data on a hacking forum. | Incindent | |
|
28.3.25 |
23andMe files for bankruptcy, customers advised to delete DNA data | California-based genetic testing provider 23andMe has filed for Chapter 11 bankruptcy and plans to sell its assets following years of financial struggles. | Incindent | BleepingComputer |
|
23.3.25 |
Oracle denies breach after hacker claims theft of 6 million data records | Oracle denies it was breached after a threat actor claimed to be selling 6 million data records allegedly stolen from the company's Oracle Cloud federated SSO login servers | Incindent | |
|
22.3.25 |
Pennsylvania education union data breach hit 500,000 people | The Pennsylvania State Education Association (PSEA), the largest public-sector union in Pennsylvania, is notifying over half a million individuals that attackers stole their personal information in a July 2024 security breach. | Incindent | |
|
22.3.25 |
Sperm donation giant California Cryobank warns of a data breach | US sperm donor giant California Cryobank is warning customers it suffered a data breach that exposed customers' personal information. | Incindent | |
|
22.3.25 |
Western Alliance Bank notifies 21,899 customers of data breach | Arizona-based Western Alliance Bank is notifying nearly 22,000 customers their personal information was stolen in October after a third-party vendor's secure file transfer software was breached. | Incindent | BleepingComputer |
|
19.3.25 |
CISA Warns of Active Exploitation in GitHub Action Supply Chain Compromise | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a vulnerability linked to the supply chain compromise of the GitHub Action, | Incindent | The Hacker News |
|
15.3.25 |
PowerSchool previously hacked in August, months before data breach | PowerSchool has published a long-awaited CrowdStrike investigation into its massive December 2024 data breach, which determined that the company was previously hacked over 4 months earlier, in August, and then again in September. | Incindent | BleepingComputer |
| 9.3.25 | Developer guilty of using kill switch to sabotage employer's systems | A software developer has been found guilty of sabotaging his ex-employer's systems by running custom malware and installing a "kill switch" after being demoted at the company. | Incindent | BleepingComputer |
| 9.3.25 | Data breach at Japanese telecom giant NTT hits 18,000 companies | Japanese telecommunication services provider NTT Communications Corporation (NTT) is warning almost 18,000 corporate customers that their information was compromised during a cybersecurity incident. | Incindent | BleepingComputer |
| 8.3.25 | Rubrik rotates authentication keys after log server breach | Rubrik disclosed last month that one of its servers hosting log files was breached, causing the company to rotate potentially leaked authentication keys. | Incindent | BleepingComputer |
| 1.3.25 | Over 49,000 misconfigured building access systems exposed online | Researchers discovered 49,000 misconfigured and exposed Access Management Systems (AMS) across multiple industries and countries, which could compromise privacy and physical security in critical sectors. | Incindent | BleepingComputer |
| 1.3.25 | Belgium probes if Chinese hackers breached its intelligence service | The Belgian federal prosecutor's office is investigating whether Chinese hackers were behind a breach of the country's State Security Service (VSSE). | Incindent | BleepingComputer |
|
19.1.25 | Wolf Haldenstein law firm says 3.5 million impacted by data breach | Wolf Haldenstein Adler Freeman & Herz LLP ("Wolf Haldenstein") reports it has suffered a data breach that exposed the personal information of nearly 3.5 million individuals to hackers. | Incindent | BleepingComputer |
|
19.1.25 | Label giant Avery says website hacked to steal credit cards | Avery Products Corporation is warning it suffered a data breach after its website was hacked to steal customers' credit cards and personal information. | Incindent | BleepingComputer |
|
19.1.25 | Allstate car insurer sued for tracking drivers without permission | Texas Attorney General Ken Paxton has filed a lawsuit against Allstate and its data subsidiary Arity for unlawfully collecting, using, and selling driving data from over 45 million Americans. | Incindent | BleepingComputer |
|
19.1.25 | Telefónica confirms internal ticketing system breach after data leak | Spanish telecommunications company Telefónica confirms an internal ticketing system was breached after stolen data was leaked on a hacking forum. | Incindent | BleepingComputer |
|
12.1.25 | STIIIZY data breach exposes cannabis buyers’ IDs and purchases | Popular cannabis brand STIIIZY disclosed a data breach this week after hackers breached its point-of-sale (POS) vendor to steal customer information, including government IDs and purchase information. | Incindent | BleepingComputer |
|
12.1.25 | Largest US addiction treatment provider notifies patients of data breach | BayMark Health Services, North America's largest provider of substance use disorder (SUD) treatment and recovery services, is notifying an undisclosed number of patients that attackers stole their personal and health information in a September 2024 breach. | Incindent | BleepingComputer |
|
12.1.25 | Medical billing firm Medusind discloses breach affecting 360,000 people | Medusind, a leading billing provider for healthcare organizations, is notifying hundreds of thousands of individuals of a data breach that exposed their personal and health information more than a year ago, in December 2023. | Incindent | BleepingComputer |
|
12.1.25 | Thousands of credit cards stolen in Green Bay Packers store breach | American football team Green Bay Packers says cybercriminals stole the credit card data of over 8,500 customers after hacking its official Pro Shop online retail store in a September breach. | Incindent | BleepingComputer |
|
12.1.25 | UN aviation agency confirms recruitment database security breach | The United Nations' International Civil Aviation Organization (ICAO) has confirmed that a threat actor has stolen approximately 42,000 records after hacking into its recruitment database. | Incindent | BleepingComputer |
|
12.1.25 | PowerSchool hack exposes student, teacher data from K-12 districts | Education software giant PowerSchool has confirmed it suffered a cybersecurity incident that allowed a threat actor to steal the personal information of students and teachers from school districts using its PowerSchool SIS platform. | Incindent | BleepingComputer |
|
12.1.25 | Casio says data of 8,500 people exposed in October ransomware attack | Japanese electronics manufacturer Casio says that the October 2024 ransomware incident exposed the personal data of approximately 8,500 people. | Incindent | BleepingComputer |
|
11.1.25 | Washington state sues T-Mobile over 2021 data breach security failures | Washington state has sued T-Mobile over failing to secure the sensitive personal information of over 2 million Washington residents in a 2021 data breach. | Incindent | BleepingComputer |