Full List

Search

Search Results (PII)

• Substack October 23, 2025 • [ data breach, data leak, PII ] In October 2025, the publishing platform Substack suffered a data breach that was subsequently circulated more widely in February 2026. The breach exposed 663k account holder records containing email addresses along with publicly visible profile information from Substack accounts, such as publication names and bios. A subset of records also included phone numbers.
• North Texas Behavioral Health Authority October 13, 2025 • [ network intrusion, data exfiltration, Social Security numbers ] North Texas Behavioral Health Authority detected a network intrusion in October 2025; investigators found that unauthorized individuals accessed and exfiltrated files containing personal information, including Social Security numbers, affecting 285,000 individuals.
• Canadian Tire October 2, 2025 • [ data breach, retail, PII ] In October 2025, retailer Canadian Tire was the victim of a data breach that exposed almost 42M records. The data contained 38M unique email addresses along with names, phone numbers and physical addresses. Passwords were stored as PBKDF2 hashes and for a subset of records, dates of birth and partial credit card data were also included (card type, expiry and masked card number). In its disclosure notice, Canadian Tire advised that the incident did not impact bank account information or loyalty program data.
• DocketWise September 1, 2025 • [ unauthorized access, third-party breach, credential theft ] DocketWise discovered unauthorized access to a third-party partner repository used in a data migration pipeline; an unauthorized actor used valid credentials to clone repositories containing law-firm customer records and personal information of their clients.
• Saint Mary’s Home of Erie August 26, 2025 • [ unauthorized access, PII, PHI ] A forensic investigation found that an unauthorized party accessed the Saint Marys Home of Erie network between August 26 and 28, 2025. Files and folders containing resident PII and PHI may have been exposed. The incident was reported to HHS OCR for at least 501 individuals while review continues.
• Extant Aerospace August 23, 2025 • [ ransomware, data breach, PII ] Extant Aerospace detected ransomware activity on its network in August 2025, later confirming that personal data of over 3,000 U.S. individuals was exposed, including names, addresses, dates of birth and Social Security Numbers.
• Visiting Nurse Association of Texas July 17, 2025 • [ unauthorized access, email compromise, PII ] Visiting Nurse Association of Texas identified suspicious network activity on July 17, 2025; an unauthorized actor accessed employee email accounts and potentially compromised personal and health-related data belonging to thousands of individuals, per notice and investigation.
• Atlas Transfer and Storage July 15, 2025 • [ unauthorized access, data breach, PII ] Atlas Transfer & Storages notice states it identified suspicious activity on July 15, 2025 and launched an investigation. The investigation concluded that an unauthorized party copied certain files on the same date. Atlas reviewed the impacted files and stated the affected information varied by individual but could include identifiers and financial/health insurance information such as SSNs, tax IDs, drivers license/state IDs or other government IDs, payment card numbers, health insurance and medical information, and financial account information. Atlas stated it notified individuals and offered complimentary credit monitoring services.
• Healthcare Interactive July 8, 2025 • [ data leak, hacked, phi ] Healthcare Interactive reported that hackers accessed its network between July 812, 2025 and exfiltrated files containing extensive PHI/PIIincluding names, DOBs, SSNs, contact details, insurance enrollment IDs, diagnoses, provider names, lab results, medical images, treatment plans, and possibly claims datawith the breach detected around July 22; the attack vector wasnt disclosed but regulators were notified.
• Cetera Financial July 7, 2025 • [ unauthorized access, email compromise, PII ] Cetera Financial disclosed that an unauthorized person accessed a single employee email account between July 7 and August 21, 2025. A review completed around January 30, 2026 found that client information, including names, Social Security numbers, drivers license numbers, and financial account details, may have been compromised; affected individuals were notified beginning March 25, 2026.
• Canada Goose July 4, 2025 • [ data leak, third-party breach, customer records ] In February 2026, a data breach allegedly containing data relating to Canada Goose customers was published publicly. The data contained 920k records with 582k unique email addresses and included names, phone numbers, IP addresses, physical addresses and partial credit card data, specifically card type and last 4 digits. Canada Goose advised that the data "appears to relate to past customer transactions" and stated that it originated from a breach at a third party in August 2025. The most recent transaction date in the data is July 2025.
• McDonald’s recruitment chatbot platform June 1, 2025 • [ data leak, recruitment, chatbot ] SecurityWeek reported that a recruitment chatbot platform used by McDonalds leaked data on approximately 64 million job applicants worldwide.
• Ericsson April 17, 2025 • [ unauthorized access, data security incident, PII ] Ericsson disclosed a data security incident at a service provider. The provider detected unauthorized access on 04/28/2025 and later determined files may have been accessed between 04/17/2025 and 04/22/2025. Exposed data varied by person and included names and Social Security numbers, with additional filings indicating dates of birth, drivers license/government ID numbers, financial information, and medical information. The review was completed on 02/23/2026, and a Maine filing referenced 15,661 impacted employees and customers; no group publicly claimed responsibility at the time of reporting.
• Coastal Carolina Health Care March 21, 2025 • [ unauthorized access, data breach, Social Security numbers ] Coastal Carolina Health Care identified suspicious activity that disrupted access to some systems and later determined that an unauthorized actor accessed and acquired information from its network between March 21 and March 27, 2025. The exposed information included names and Social Security numbers for approximately 110,000 individuals.
• Cuties AI March 21, 2025 • [ data breach, data leak, PII ] In March 2026, the NSFW AI companion platform Cuties AI suffered a data breach that was subsequently published to a public hacking forum. The incident exposed 144k unique email addresses along with display names, avatars, prompts and descriptions used to generate AI adult images, as well as URLs to the generated content. The data also included the account that created the content and a stated "preference" of either female or trans.
• Prosper Marketplace January 6, 2025 • [ data leak, PII ] The Record reported that fintech lender Prosper Marketplace disclosed a cyberattack that was initially discovered on September 1, 2025, with an investigation concluding that attackers accessed data between June and August 2025. The company stated there was no evidence of unauthorized access to customer accounts or funds, but reported that sensitive personal information and application-related data were accessed, ultimately affecting about 13.1 million people. The reported exposed elements included high-risk identifiers (SSNs and national IDs), banking details, and extensive identity and application documentation, creating significant fraud and identity-theft risk even without confirmed account takeover.
• Hamilton County Healthcare System December 4, 2024 • [ data leak, healthcare, PII ] Unauthorized actor breached Hamilton County Healthcare System servers in Dec 2024, stealing tens of thousands of patient records; breach verified through Maine AG notification and HIPAA disclosure.
• Senior Dating November 23, 2024 • [ data breach, exposed database, Firebase ] In 2024, the 40+ dating website Senior Dating suffered a data breach. Attributed to an exposed Firebase database, the breach included extensive personal information on 766k users of the service including email addresses, photos, genders, links to Facebook accounts, dates of birth and precise latitude and longitude, among other personal attributes. The website was shut down after the breach was acknowledged by the site operator in December, along with a breach of the "ladies.com" website run by the same organisation.
• Central Kentucky Radiology October 16, 2024 • [ data leak, healthcare, PII ] Unauthorized actor accessed CKRs network Oct 1618 2024 and copied files; ~167k people impacted; notifications issued mid-June 2025; data stolen from Lexington-based servers; no encryption or operational shutdown confirmed.
• Boulanger September 6, 2024 • [ data breach, PII, retail ] In September 2024, French electronics retailer Boulanger suffered a data breach that exposed over 27M rows of data. The data included 2M unique email addresses along with names, physical addresses, phone numbers and latitude and longitude. The data was later publicly published to a popular hacking forum.