Search Results for "data breach"

Reborn Gaming April 30, 2026 • [ data breach, gaming, vulnerability ] In April 2026, the gaming community Reborn Gaming suffered a data breach due to a vulnerability in cPanel and WebHost Manager (WHM). The breach exposed 126 unique email addresses along with IP addresses and Steam IDs. Reborn Gaming self-submitted the data to Have I Been Pwned.

ADT April 20, 2026 • [ data breach, extortion, data leak ] In April 2026, home security firm ADT confirmed a data breach by ShinyHunters, which listed the company on its website as part of a "pay or leak" extortion attempt. The breach impacted 5.5M unique email addresses along with names, phone numbers and physical addresses. ADT also advised that "in a small percentage of cases, dates of birth and the last four digits of Social Security numbers or Tax IDs were included" and that it had contacted all affected people.

McGraw Hill April 10, 2026 • [ data breach, extortion, misconfiguration ] In April 2026, education company McGraw Hill confirmed a data breach following an extortion attempt. Attributed to a Salesforce misconfiguration, the company stated the incident exposed "a limited set of data from a webpage hosted by Salesforce on its platform". More than 100GB of data was later publicly distributed, containing 13.5M unique email addresses across multiple files, with additional fields such as name, physical address and phone number appearing inconsistently across some records.

My Lovely AI April 7, 2026 • [ data breach, NSFW, AI-generated content ] In April 2026, the NSFW AI girlfriend platform My Lovely AI suffered a data breach that exposed over 100k users. The data included user-created prompts and links to the resulting AI-generated images, along with a small number of Discord and X usernames.

SongTrivia2 April 2, 2026 • [ data breach, data leak, password hashes ] In April 2026, the music trivia platform SongTrivia2 suffered a data breach that was subsequently published to a public hacking forum. The data contained a total of 291k unique email addresses sourced from either Google OAuth logins or accounts created on the site, the latter also containing bcrypt password hashes. The data also included names, usernames and avatars.

ZenBusiness March 27, 2026 • [ data breach, extortion, ransomware ] In March 2026, the hacker and extortion group "ShinyHunters" claimed to have obtained a substantial corpus of data from ZenBusiness, a business formation and compliance platform. The group claimed the data had been exfiltrated from platforms including Snowflake, Mixpanel and Salesforce, and threatened to publish it if a ransom was not paid. The following month, after claiming payment had not been made, ShinyHunters publicly released the data. The collection amounted to many terabytes across thousands of files that appeared to originate from multiple systems and business functions, including leads, support records and other CRM-related data. The data contained approximately 5M unique email addresses, often accompanied by name and phone number depending on the source file.

Hong Kong Correctional Services Department March 24, 2026 • [ unauthorized access, data breach, personal data leak ] Hong Kong's Correctional Services Department said a hacker illegally accessed its internal Knowledge Management System on March 24, 2026 and then accessed another system containing personal data of about 6,800 current and former staff.

Centrum Medyczne Eskulap March 24, 2026 • [ ransomware, medical records, encryption ] Centrum Medyczne Eskulap reported that a ransomware attack on March 24, 2026 encrypted servers dedicated to patient services and blocked access to medical data and medical histories; reporting also said there was a high probability patient data may have been obtained before encryption, but no theft was confirmed.

P3 Global Intel March 18, 2026 • [ data breach, data leak, personally identifiable information ] DataBreaches summarized reporting that hackers calling themselves The Internet YIFF Machine stole data from cloud-based tip and intelligence management company P3 Global Intel and provided it to DDoSecrets. The exposed dataset includes millions of tips and extensive personal data about people accused in tips, including names, email addresses, dates of birth, phone numbers, home addresses, license plate numbers, Social Security numbers, and criminal histories. The platform is used by thousands of clients, including Crime Stoppers programs, local and federal law enforcement agencies, public schools, and the U.S. military, so the breach has broad downstream exposure across many organizations.

Roan and Eurocamp March 16, 2026 • [ data breach, phishing, supply chain attack ] Roan and Eurocamp disclosed that an unauthorized third party exploited a vulnerability in a third-party technology provider on March 16, 2026 and stole guest booking data later used in WhatsApp scam attempts; no encryption was reported.

Divine Skins March 13, 2026 • [ data breach, unauthorised access, data leak ] In March 2026, the League of Legends custom skins service Divine Skins suffered a data breach. The incident was disclosed via the service's Discord server, where Divine Skins stated that an unauthorised third party accessed part of its systems, deleted all skins from the database and exposed email addresses and usernames. The data also contained a history of purchases made by users.

Crunchyroll March 12, 2026 • [ data breach, data leak, PII ] In March 2026, the anime streaming service Crunchyroll suffered a data breach alleged to have impacted 6.8M users. The exposed data is reported to have originated from the company's Zendesk support system where "name, login name, email address, IP address, general geographic location and the contents of the support tickets" were exposed. A subset of 1.2M email addresses from an alleged 2M record dataset being sold was later provided to HIBP.

Telus Digital March 12, 2026 • [ Data breach, Credential theft, Cloud security ] Telus Digital confirmed a security incident after ShinyHunters claimed it stole nearly 1 petabyte of data in a multi-month breach. Reporting stated ShinyHunters said it gained initial access using Google Cloud Platform credentials found in data stolen in the Salesloft/Drift breach, and that Telus was not negotiating. At publication, Telus Digital had not been added to the actors leak site in the cited report, and specific data categories and affected individuals were not publicly enumerated in the DataBreaches summary.

Michelin March 11, 2026 • [ data breach, zero-day exploitation, hacking campaign ] Michelin confirmed it was impacted by the Oracle E-Business Suite (EBS) hacking campaign, which SecurityWeek reports was claimed by Cl0p and involved exploitation of an Oracle EBS zero-day. Michelin stated that hackers accessed some files, but said only a small, localized volume of data was affected and it contained no sensitive or technical IT information; the company also said there was no ransomware and no impact on its global systems, and that corrective actions were effective. SecurityWeek reported the cybercriminals publicly released more than 315GB of archives allegedly stolen from Michelin, with a file-tree review indicating at least some data originated from an Oracle EBS environment.

Trio-Tech subsidiary March 11, 2026 • [ ransomware, encryption, data breach ] The Record reported that Trio-Tech International told regulators its subsidiary in Singapore suffered a ransomware attack discovered on March 11, 2026. The filing said the attack led to encryption of files within the subsidiarys network. Trio-Tech took the network offline, notified law enforcement in Singapore, and hired cybersecurity experts to respond. The company said it was still restoring systems and that it was unclear what data may have been taken, but that the subsidiary was in the process of notifying affected parties.

Loblaw March 10, 2026 • [ data breach, unauthorized access, customer information ] Canadian retailer Loblaw disclosed a data breach after a criminal third party accessed basic customer information. The company said the accessed data included names, email addresses and phone numbers. Loblaw stated its investigation indicated passwords, health information, and credit card data were not compromised, and PC Financial was not impacted. The company did not provide the number of affected customers, the intrusion vector or evidence of ransomware. The confirmed primary effect is unauthorized access to limited customer contact information.

Slavia Insurance March 10, 2026 • [ data breach, medical records, vendor error ] Czech insurer Slavia pojiovna reported that attackers obtained about 150 GB of sensitive data, including insurance documents, medical records, and direct communications with clients. The companys spokesperson attributed the incident to an error by a supplier/vendor and said the issue was detected by Slavias security systems and remediation steps were underway to prevent recurrence. Public reporting did not identify the attacker or provide counts of affected clients, but indicated the stolen data types are sensitive and could enable fraud or targeted extortion/phishing.

Baydöner March 8, 2026 • [ data breach, data leak, plaintext passwords ] In March 2026, the Turkish restaurant chain Baydner suffered a data breach which was subsequently published to a public hacking forum. The incident exposed over 1.2M unique email addresses along with names, phone numbers, cities of residence and plaintext passwords. A small number of records also included Turkish national ID number and date of birth. In their disclosure notice, Baydner stated that payment and financial data was not affected.

Elecq March 7, 2026 • [ ransomware, data breach, cloud security ] Fleet World reported that EV charging solutions provider Elecq suffered a ransomware attack on its AWS cloud platform discovered on March 7, 2026 after unusual activity. A notice to customers said compromised information included customer names, email addresses, phone numbers, home addresses, and location data. The company stated that no payment/financial information was accessed and that the physical charging devices were not affected and remained secure and operational.

FBI surveillance system March 6, 2026 • [ data breach, surveillance system, law enforcement sensitive information ] Reporting stated the White House was working with the FBI, NSA, and CISA to respond to an apparent breach of an FBI surveillance system disclosed to Congress. The system is unclassified but contains law-enforcement sensitive information, including returns from legal process such as pen register and trap-and-trace surveillance returns, and personally identifiable information about subjects of FBI investigations. The report did not identify the attacker, intrusion vector, or the full scope/timeline of access.

Search Results (data breach)