Aura
March 6, 2026
•[ data leak, PII exposure, marketing tool breach ]
In March 2026, the online safety service Aura disclosed a data breach that exposed 900k unique email addresses. The data was primarily associated with a marketing tool from a previously acquired company, with fewer than 20k active Aura customers affected. Exposed data included names, phone numbers, physical and IP addresses, and customer service notes. Aura advised that no Social Security numbers, passwords or financial information were compromised.
Ttareungyi (Seoul public bike-sharing service)
January 30, 2026
•[ data breach, PII exposure, data leak ]
Approximately 4500000 user records including user IDs and mobile phone numbers were exposed in a data breach affecting Seouls public bike-sharing service Ttareungyi; authorities stated the timing of the exposure was under investigation, and no attacker attribution had been confirmed at the time of reporting.
Victorian Government Schools
January 14, 2026
•[ unauthorized access, data breach, student information ]
The Department of Education in Victoria, Australia notified parents that an unauthorized third party accessed a database holding student account information. According to disclosure reporting, attackers accessed current and former students personal and school-related fields including names, school names, year levels, school-issued email addresses, and encrypted passwords associated with those accounts. The department stated that more sensitive details such as birth dates, home addresses, and phone numbers were not exposed. Authorities and cyber experts were involved, and the department reset student passwords as a precaution, temporarily restricting access until new credentials were issued. At the time of reporting, investigators had not found evidence that the accessed data had been publicly released or shared onward.
APOIA.se
December 16, 2025
•[ data breach, data leak, PII exposure ]
In December 2025, a database of the Brazilian crowdfunding platform APOIA.se was posted to an online forum. In January 2026, the company confirmed it had suffered a data breach. The incident exposed 451k unique email addresses along with names and physical addresses.
Hyundai AutoEver America
February 22, 2025
•[ data leak, employee data, PII exposure ]
Hyundai AutoEver America, an IT services affiliate of Hyundai Motor Group based in Orange County, California, reported that Undetermined attackers gained unauthorized access to its IT environment between February 22 and March 2, 2025, with the incident discovered on March 1. Forensic investigation and U.S. state regulator filings indicate that personal information stored in employment related systems was exposed, including names, Social Security numbers, and drivers license details. Subsequent updates clarified that approximately 2,000 primarily current and former employees of Hyundai AutoEver America and Hyundai Motor America were notified. The company engaged external cybersecurity experts, cooperated with law enforcement, and is offering two years of credit monitoring while stressing that no connected vehicle data or broader customer information appears to have been affected.
