Search Results for "Data breach"

Atlas Menu May 30, 2026 • [ data breach, gaming, data leak ] In May 2026, the GTA V and CS2 cheat service Atlas Menu suffered a data breach. An attacker claimed to have gained access to all Atlas systems and published the service's database to a public GitHub repository. The incident exposed 64k unique email addresses along with usernames, IP addresses, support tickets and passwords stored as bcrypt hashes.

Almerys May 22, 2026 • [ data breach, healthcare, personally identifiable information ] Almerys, a French third-party health payments processor, suffered a May 2026 breach involving its online coverage authorization portal used by healthcare professionals and facilities. Reporting said hackers gained access to the portal and that a threat actor later advertised more than 44 million Almerys-linked records and more than 15 million unique French Social Security numbers for sale. Almerys reportedly took the affected portal offline as a containment measure; no named actor, encryption, data destruction, or attacker-caused operational disruption was confirmed.

Undisclosed Vietnamese ministry-level agency 2 May 22, 2026 • [ data breach, cyberattack, unauthorized access ] Vietnamese cybersecurity authorities said hackers infiltrated one of two ministry-level agency systems containing millions of user records. VNCERT investigated the incidents on May 21-22, 2026, and reported that existing SOC monitoring systems at the affected agencies failed to detect the attacks.

GitHub May 18, 2026 • [ poisoned extension, data breach, internal repositories ] GitHub confirmed that attackers compromised an employee device through a poisoned Visual Studio Code extension and exfiltrated approximately 3,800 internal repositories. TeamPCP claimed responsibility and reportedly offered the stolen data for sale, while GitHub said customer repositories and external enterprise customer data were not impacted.

Powell Electronics May 7, 2026 • [ data breach, Personally Identifiable Information (PII), extortion ] PayoutsKING claimed responsibility for an attack on Powell Electronics and threatened to release sensitive data unless the company negotiated. DataBreach indexed 198,676 rows with names, email addresses, phone numbers, and street addresses. Later breach-notification reporting said Powell began notifying affected individuals that data including Social Security numbers and driver's license information had been accessed. Public reporting did not confirm encryption, data destruction, or attacker-caused operational disruption.

4VPS May 2, 2026 • [ ransomware, infrastructure compromise, billing systems ] 4VPS disclosed on May 2, 2026 that an attack affected its website and billing systems. DataBreaches.net reported that The Gentlemen ransomware group later acknowledged that part of its own backend infrastructure had been compromised because some of it was hosted with 4VPS. Public reporting did not identify the attacker, the exact intrusion method, the total data volume, or the duration of service disruption.

Reborn Gaming April 30, 2026 • [ data breach, gaming, vulnerability ] In April 2026, the gaming community Reborn Gaming suffered a data breach due to a vulnerability in cPanel and WebHost Manager (WHM). The breach exposed 126 unique email addresses along with IP addresses and Steam IDs. Reborn Gaming self-submitted the data to Have I Been Pwned.

ADT Inc. April 20, 2026 • [ vishing, social engineering, data breach ] ShinyHunters compromised an ADT employee Okta SSO account through vishing, used the account to access ADTs Salesforce instance, and stole personal information later assessed by Have I Been Pwned as affecting 5.5 million individuals.

ADT April 20, 2026 • [ data breach, extortion, data leak ] In April 2026, home security firm ADT confirmed a data breach by ShinyHunters, which listed the company on its website as part of a "pay or leak" extortion attempt. The breach impacted 5.5M unique email addresses along with names, phone numbers and physical addresses. ADT also advised that "in a small percentage of cases, dates of birth and the last four digits of Social Security numbers or Tax IDs were included" and that it had contacted all affected people.

Council of Engineers Thailand April 15, 2026 • [ data breach, personal information, database security ] A hacker breached the Council of Engineers Thailand member database while data was being transferred between servers, stealing personal information of approximately 350,000 engineers.

Nigeria's Corporate Affairs Commission (CAC) April 15, 2026 • [ unauthorized access, data exfiltration, data breach ] Nigerias Corporate Affairs Commission confirmed unauthorized access to limited aspects of its information systems; ByteToBreach claimed it exfiltrated about 25 million documents, roughly 750 GB, from CAC infrastructure, but CAC did not confirm the volume or identify the perpetrator.

Booking.com April 15, 2026 • [ unauthorized access, data breach, PII leak ] Booking.com detected suspicious activity affecting a number of reservations and notified customers that unauthorized third parties may have accessed booking details, names, email addresses, addresses, phone numbers, and information shared with properties; financial information was not accessed, and Booking.com reset reservation PINs for affected users.

Basic-Fit April 13, 2026 • [ unauthorized access, data breach, data leak ] Basic-Fit detected unauthorized access to the system that records member visits and stopped the intrusion within minutes, but external security experts determined that data for active members in several countries had been downloaded, affecting about 1 million members overall, including around 200,000 in the Netherlands.

Rockstar Games April 11, 2026 • [ data breach, third-party breach, SaaS breach ] ShinyHunters claimed it stole nearly 80 million business records from Rockstar Games through a third-party SaaS/Snowflake-related breach; Rockstar said only a limited amount of non-material company information was accessed and that there was no impact on operations or players.

McGraw Hill April 10, 2026 • [ data breach, extortion, misconfiguration ] In April 2026, education company McGraw Hill confirmed a data breach following an extortion attempt. Attributed to a Salesforce misconfiguration, the company stated the incident exposed "a limited set of data from a webpage hosted by Salesforce on its platform". More than 100GB of data was later publicly distributed, containing 13.5M unique email addresses across multiple files, with additional fields such as name, physical address and phone number appearing inconsistently across some records.

Saver April 9, 2026 • [ ransomware, personal data, operational disruption ] Saver was hit by ransomware on April 9, disrupting systems and phone lines while attackers accessed servers containing personal data.

ChipSoft April 7, 2026 • [ ransomware, data breach, healthcare ] ChipSoft was hit by a ransomware attack on April 7, 2026, causing hosted patient-facing and provider-facing digital services to be disconnected or taken offline while the company investigated and restored systems. ChipSoft later confirmed that personal and medical patient data from some Dutch healthcare customers had been stolen and said the stolen data was destroyed and not published.

My Lovely AI April 7, 2026 • [ data breach, NSFW, AI-generated content ] In April 2026, the NSFW AI girlfriend platform My Lovely AI suffered a data breach that exposed over 100k users. The data included user-created prompts and links to the resulting AI-generated images, along with a small number of Discord and X usernames.

ChipSoft April 7, 2026 • [ ransomware, healthcare, data breach ] Embargo ransomware hit ChipSoft on April 7, 2026, disrupting its website and digital healthcare services, causing hospitals to disconnect or take ChipSoft-connected systems offline, and stealing medical personal data from several Dutch healthcare institutions; ChipSoft later said the stolen data had been destroyed.

LegionProxy April 6, 2026 • [ data breach, email addresses, password hashes ] In April 2026, the commercial residential and ISP proxy network LegionProxy suffered a data breach. The incident exposed 10k email addresses, bcrypt password hashes, names and purchases.

Search Results (Data breach)