Search Results for "Data Leak"

Russell Cellular March 23, 2026 • [ data leak, customer records, employee credentials ] Russell Cellular was reported to be the source of a dataset offered for sale containing alleged customer records and employee credentials.

Le Centre national des œuvres universitaires et scolaires March 23, 2026 • [ data leak, data exfiltration, personal information ] The Cnous said data was exfiltrated from its mesrdv.etudiant.gouv.fr appointment platform, exposing personal information from student social-services and housing appointments taken over the past ten years.

P3 Global Intel March 18, 2026 • [ data breach, data leak, personally identifiable information ] DataBreaches summarized reporting that hackers calling themselves The Internet YIFF Machine stole data from cloud-based tip and intelligence management company P3 Global Intel and provided it to DDoSecrets. The exposed dataset includes millions of tips and extensive personal data about people accused in tips, including names, email addresses, dates of birth, phone numbers, home addresses, license plate numbers, Social Security numbers, and criminal histories. The platform is used by thousands of clients, including Crime Stoppers programs, local and federal law enforcement agencies, public schools, and the U.S. military, so the breach has broad downstream exposure across many organizations.

Aura March 18, 2026 • [ voice phishing, vishing, data leak ] BleepingComputer reported Aura confirmed an incident where an unauthorized party gained access to nearly 900,000 records containing names and email addresses. Aura said the incident was caused by voice phishing targeting an employee and that the exposed data originated from a marketing tool used by a company acquired in 2021. Aura stated the event exposed information for 20,000 current and 15,000 former customers within the larger marketing dataset and that compromised customer information includes full names, email addresses, home addresses, and phone numbers, while emphasizing SSNs, account passwords, and financial information were not compromised. ShinyHunters claimed responsibility and said it stole 12GB of files and leaked them.

Infinite Campus March 18, 2026 • [ unauthorized access, data leak, account compromise ] An unauthorized actor accessed an Infinite Campus employee's Salesforce account, exposing names and contact information for school staff; Infinite Campus said no student databases were accessed.

The Gauteng Provincial Governmen March 17, 2026 • [ ransomware, data leak, data exfiltration ] Daily Maverick reported a ransomware-as-a-service syndicate calling itself XP95 claimed it stole 3.8TB of data from the Gauteng Provincial Government. The article describes the breach as a major failure of basic cybersecurity infrastructure and governance, with a massive dataset reportedly lifted/exfiltrated and allegedly offered for sale. The report did not provide a definitive public inventory of affected systems or all data elements, but characterized the exposure as potentially spanning personnel, procurement, and other government records at very large scale.

Sweden's BankID March 17, 2026 • [ data leak, credential leak, source code leak ] Biometric Update reported a hacker group calling itself ByteToBreach claimed a breach at CGIs Swedish division, leaking code and credentials tied to systems used by Swedish public authorities and linked in reporting to BankID authentication flows (including for the Swedish Tax Agency). The article said other databases containing personal data and electronic signature documents were allegedly being sold separately. The report is based on attacker claims and leak assertions and does not provide an official confirmation of full scope from CGI or BankID in the excerpt.

COMPAS (French Ministry of Education) March 15, 2026 • [ data leak, intrusion, personal information ] An intrusion into the French Education Ministry's COMPAS system exposed personal information linked to approximately 243,000 trainees and permanent education staff.

Divine Skins March 13, 2026 • [ data breach, unauthorised access, data leak ] In March 2026, the League of Legends custom skins service Divine Skins suffered a data breach. The incident was disclosed via the service's Discord server, where Divine Skins stated that an unauthorised third party accessed part of its systems, deleted all skins from the database and exposed email addresses and usernames. The data also contained a history of purchases made by users.

Companies House March 13, 2026 • [ data leak, PII exposure, broken access control ] Computer Weekly reported Companies House pulled its WebFiling service offline on Friday, March 13, 2026 after a security issue was discovered that exposed certain data to other logged-in users with an authorized code. Companies House said exposed data included dates of birth, residential addresses, and company addresses, and that it may have been possible to perform unauthorized actions such as changing directors or filing accounts. It stressed that credentials and identity verification data (e.g., passport information) were not exposed and that existing filed documents could not be altered. WebFiling was restored by Monday, March 16, and Companies House urged companies to review filings and report anomalies.

Crunchyroll March 12, 2026 • [ data breach, data leak, PII ] In March 2026, the anime streaming service Crunchyroll suffered a data breach alleged to have impacted 6.8M users. The exposed data is reported to have originated from the company's Zendesk support system where "name, login name, email address, IP address, general geographic location and the contents of the support tickets" were exposed. A subset of 1.2M email addresses from an alleged 2M record dataset being sold was later provided to HIBP.

Telus Digital March 12, 2026 • [ Data breach, Credential theft, Cloud security ] Telus Digital confirmed a security incident after ShinyHunters claimed it stole nearly 1 petabyte of data in a multi-month breach. Reporting stated ShinyHunters said it gained initial access using Google Cloud Platform credentials found in data stolen in the Salesloft/Drift breach, and that Telus was not negotiating. At publication, Telus Digital had not been added to the actors leak site in the cited report, and specific data categories and affected individuals were not publicly enumerated in the DataBreaches summary.

England Hockey March 12, 2026 • [ ransomware, data leak, extortion ] England Hockey said it is investigating after the AiLock ransomware group listed the organization on its leak site and claimed it stole 129GB of data. England Hockey stated it is working with internal teams and external experts to determine what occurred. Public reporting did not confirm encryption or service disruption; the confirmed effect at reporting time was a data-theft/extortion claim under investigation.

Crunchyroll March 12, 2026 • [ data leak, malware, third-party risk ] The Record reported an unidentified threat actor claimed to have breached a Telus employee account in India (a business process vendor for Crunchyroll with access to support tickets). The attacker said they infected the employee device with malware and stole about 100GB of data from Crunchyrolls ticketing system. The outlet reported samples included IP addresses, email addresses, and other information related to customer service tickets. Screenshots showed access to Crunchyrolls platforms including Slack, Zendesk, and Google Workspace; the hacker claimed the breach occurred on March 12, 2026 and that access was revoked within 24 hours.

Michelin March 11, 2026 • [ data breach, zero-day exploitation, hacking campaign ] Michelin confirmed it was impacted by the Oracle E-Business Suite (EBS) hacking campaign, which SecurityWeek reports was claimed by Cl0p and involved exploitation of an Oracle EBS zero-day. Michelin stated that hackers accessed some files, but said only a small, localized volume of data was affected and it contained no sensitive or technical IT information; the company also said there was no ransomware and no impact on its global systems, and that corrective actions were effective. SecurityWeek reported the cybercriminals publicly released more than 315GB of archives allegedly stolen from Michelin, with a file-tree review indicating at least some data originated from an Oracle EBS environment.

Westfield Mall of the Netherlands March 9, 2026 • [ phishing, data leak, PII ] Westfield Mall of the Netherlands informed customers that unauthorized persons accessed a database containing information for newsletter subscribers and Westfield Club loyalty program members. Reported exposed fields include first and last name, email address, telephone number, postal code, and date of birth. The mall said no financial data was compromised because bank account numbers, credit card details, and passwords were not stored in the affected database. The mall warned of phishing risk, reported the incident to data protection authorities, and URW filed a complaint with competent authorities.

JBS Brasil March 9, 2026 • [ ransomware, data leak, corporate data ] A ransomware group calling itself Coinbasecartel claimed it breached JBS Brasil and obtained approximately 3 TB of corporate data. The report noted the actor did not provide verifiable samples or clear technical indicators supporting the claim, and did not describe the specific file types or whether encryption/disruption occurred.

Community College of Beaver County March 9, 2026 • [ ransomware, cryptolocker, extortion ] Community College of Beaver County said it was under an encryption-based cryptolocker attack that forced a lockdown of college IT resources, and later outside reporting tied the incident to an Interlock extortion claim alleging theft of 780 GB of data.

Baydöner March 8, 2026 • [ data breach, data leak, plaintext passwords ] In March 2026, the Turkish restaurant chain Baydner suffered a data breach which was subsequently published to a public hacking forum. The incident exposed over 1.2M unique email addresses along with names, phone numbers, cities of residence and plaintext passwords. A small number of records also included Turkish national ID number and date of birth. In their disclosure notice, Baydner stated that payment and financial data was not affected.

Aura March 6, 2026 • [ data leak, PII exposure, marketing tool breach ] In March 2026, the online safety service Aura disclosed a data breach that exposed 900k unique email addresses. The data was primarily associated with a marketing tool from a previously acquired company, with fewer than 20k active Aura customers affected. Exposed data included names, phone numbers, physical and IP addresses, and customer service notes. Aura advised that no Social Security numbers, passwords or financial information were compromised.

Search Results (Data Leak)