Search Results (Personally Identifiable Information (PII))
Prosura
January 2, 2026
•[ Data leak, Cyber incident, Personally Identifiable Information (PII) ]
Prosura, a car rental insurance provider that partners with VroomVroomVroom and trades as Hiccup, reported a cyber incident after a third party accessed its internal IT systems. Cybernews reported that attackers posted what they claimed was stolen Prosura data on a leak forum and described a dataset of roughly 98 million lines. Cybernews said its team reviewed the sample and believed it could be legitimate, noting it included photocopies of drivers licenses and full insurance policies containing personally identifiable information. The article also reported Prosura said it was working to verify the claims, had taken mitigation steps (including halting sales and some self-service functions), and stated that payment information was not exposed because it does not store credit card details.
French Office for Immigration and Integration (OFII)
January 1, 2026
•[ data leak, hacking, third-party breach ]
A hacker posted samples of foreigners personal data online on January 1, 2026, stating on a specialist forum that the information was obtained by hacking the French Office for Immigration and Integration (OFII) and that the motive was profit. Reporting described two posted samples: one with fewer than 1,000 foreign nationals and another involving 600 Israelis currently or previously residing in France, with fields such as names, date of entry, status/reasons for stay, email addresses, and phone numbers. OFII confirmed a data theft but said the intrusion was linked to a subcontractor/operator with access to OFII data rather than directly compromising OFIIs information system.
Center for Life Resources
November 14, 2025
•[ unauthorized access, network intrusion, data breach ]
Center for Life Resources identified unauthorized access to its network in mid-November 2025 and determined that files containing sensitive personal and protected health information may have been accessed or copied, which was later disclosed in regulatory notifications.
Knownsec
November 9, 2025
•[ data leak, cyber espionage, malware ]
According to coverage in The Register of research by Chinese blog MXRN, attackers breached the systems of Beijing linked security company Knownsec and leaked more than twelve thousand classified documents describing Chinese state cyber weapons, internal tools and global targeting lists, along with code for remote access trojans that can compromise major desktop and mobile operating systems; the cache also reportedly includes a spreadsheet of 80 successfully attacked overseas targets and massive datasets such as Indian immigration records, South Korean telecom call logs and Taiwanese road planning information that Knownsec had previously obtained in offensive operations, some of which were briefly published to GitHub before being removed.
Catwig LLC d/b/a Victory Disability
October 27, 2025
•[ unauthorized access, data breach, Personally Identifiable Information (PII) ]
Catwig LLC (doing business as Victory Disability) stated it became aware in November 2025 of claims that an unknown party obtained information belonging to the firm. The company initiated an investigation with third-party cybersecurity specialists and notified federal law enforcement. The investigation concluded that an unknown party accessed a portion of Victory Disabilitys environment between October 27 and November 12, 2025 and may have viewed or copied certain information stored there. Potentially impacted data included names, contact information, Social Security numbers, and in some cases dates of birth and medical information (diagnosis, treatment, medications, lab results) if provided to Victory in connection with a case. The company reported filing notice with the California Attorney General and beginning written notifications on December 12, 2025.
Monroe University
December 9, 2024
•[ data breach, network access, personally identifiable information (PII) ]
BleepingComputer reported that Monroe University disclosed that threat actors accessed its network for roughly two weeks (December 9 to December 23, 2024) and stole documents later determined to contain personal, financial, and health information. The university stated it determined on September 30, 2025 that certain individuals data was contained in the stolen files, and filings indicated 320,973 individuals were affected. Exposed data elements were described as varying by person and potentially including name, date of birth, Social Security number, drivers license or passport numbers, government ID numbers, medical and health insurance information, email or electronic account usernames and passwords, financial account information, and student-related data. Notifications were mailed beginning January 2, 2026.
Eckerd Youth Alternatives Inc
November 11, 2024
•[ unauthorized access, network intrusion, data breach ]
Eckerd Connects reported that it observed suspicious activity within its network environment on or around November 11, 2024. In response, it took steps to mitigate the threat (including taking certain systems offline) and engaged outside specialists to investigate. Following an extensive forensic investigation and manual document review, Eckerd Connects determined on November 17, 2025 that personal information may have been accessed or acquired by an unauthorized party during the period from November 3, 2024 through November 11, 2024. Potentially involved data elements include first/last name, address, date of birth, Social Security number, drivers license/state ID number, tax identification number, and medical information.
