Search Results for "data breach"

PcComponentes January 22, 2026 • [ data breach, investigation, customer data ] TechRadar reported that the PC-components retailer PcComponentes was looking into online claims of a breach while the company denied that a confirmed customer data breach had occurred. The article focused on the investigation and the companys public position. In the accessible page text used here, there was no definitive disclosure of an attacker, a verified data set, or a confirmed number of affected customers, so the impact to customer data is coded as undetermined.

Cloud Imperium Games (CIG) January 21, 2026 • [ unauthorized access, data breach, personal information ] Cloud Imperium Games disclosed that on January 21, 2026 it was targeted by a sophisticated attack that resulted in unauthorized access to some backup systems with limited access to users basic account details. The company said impacted data included metadata, contact details, username, date of birth, and name. It stated the access was read-only and that no passwords or financial/payment information were stored in or accessible from the affected systems, and it had no indication the data had been leaked publicly at the time of disclosure.

MRO Corp. January 20, 2026 • [ data breach, third-party vendor incident, healthcare ] DataBreaches summarized a disclosure that a data breach at third-party medical records vendor MRO Corp. exposed personal and health information of patients tied to two Deaconess Health System hospitals in Western Kentucky (Deaconess Henderson Hospital and Deaconess Union County Hospital), as well as affected clinic patients whose records were subject to release-of-information requests. The health system stated the breach did not affect Deaconess internal systems or its electronic medical records platform; the incident was contained to the ROI vendor environment. The reporting did not enumerate specific data elements in the excerpt.

Starbucks January 19, 2026 • [ phishing, credential theft, data breach ] Starbucks disclosed a data breach affecting nearly 900 employees after attackers accessed Partner Central (the employee portal used to manage personal details, payroll, and benefits). Starbucks detected the incident on February 6, 2026 and said attackers obtained employee credentials through a phishing attack using fake websites mimicking the Partner Central portal. The company stated unauthorized access to employee accounts occurred between January 19 and February 11, 2026. Starbucks said some employees personal information may have been accessed,including names, Social Security numbers, dates of birth, and bank account and routing numbers, and that affected employees were offered identity-protection services.

Tampa Bay Dental Implants & Periodontics January 19, 2026 • [ ransomware, electronic medical records, backup data ] Tampa Bay Dental Implants & Periodontics identified a ransomware incident on January 19, 2026 affecting an internal legacy server containing backup electronic medical record data. The practice said it found no evidence of data exfiltration or misuse, but encryption of legacy system logs prevented it from forensically ruling out unauthorized access. The incident was reported to HHS OCR as affecting 6,400 individuals.

Choice Hotels International January 14, 2026 • [ social engineering, unauthorized access, PII leak ] An unauthorized person used social engineering to gain access to a Choice Hotels application containing records on franchisees and franchise applicants, exposing names and Social Security numbers.

Kyowon Group January 14, 2026 • [ ransomware, service outage, data exfiltration ] Kyowon Group, a large South Korean conglomerate with major education/publishing and digital services operations, confirmed a ransomware incident after initially describing a suspected attack that caused service outages. In a follow-up update, the company stated the incident occurred in January around 10 a.m. and that an attacker exfiltrated data from its systems. Reporting cited Korean media indicating the event may have impacted a substantial portion of Kyowons infrastructure (roughly 600 of 800 servers) and that there are millions of registered accounts, though Kyowon said it was still determining whether stolen data included customer information. The company said it notified relevant authorities (including KISA), engaged security experts, and worked to restore services while conducting a detailed investigation into scope and data exposure.

Victorian Government Schools January 14, 2026 • [ unauthorized access, data breach, student information ] The Department of Education in Victoria, Australia notified parents that an unauthorized third party accessed a database holding student account information. According to disclosure reporting, attackers accessed current and former students personal and school-related fields including names, school names, year levels, school-issued email addresses, and encrypted passwords associated with those accounts. The department stated that more sensitive details such as birth dates, home addresses, and phone numbers were not exposed. Authorities and cyber experts were involved, and the department reset student passwords as a precaution, temporarily restricting access until new credentials were issued. At the time of reporting, investigators had not found evidence that the accessed data had been publicly released or shared onward.

Endesa January 13, 2026 • [ data breach, unauthorized access, data exfiltration ] SecurityWeek reported that Spanish energy company Endesa notified customers about a data breach involving unauthorized access to its commercial platform, also impacting customers of its gas distributor Energia XXI. Endesa stated that attackers accessed and likely exfiltrated basic customer identification information, contact details, national identification numbers (DNI), contract information, and payment details including IBANs. The company said passwords were not compromised and that the incident was contained quickly, with additional safeguards implemented and notifications sent to affected customers.

Town of La Hague January 13, 2026 • [ intrusion, email compromise, unauthorized access ] The municipality of La Hague (France) announced it was the victim of an intrusion into its information system that impacted internal email accounts. Upon learning of the incident, the commune reported immediate actions including changing passwords for affected and administrator accounts, temporarily suspending email sending for impacted users, notifying relevant authorities (including ANSSI, CERT-FR, DINUM, CNIL, and local digital authorities), informing partners, and filing a formal complaint with the gendarmerie. Specialized law enforcement units began investigating the incident and its consequences while technical teams and service providers conducted parallel analysis. The announcement emphasized heightened vigilance against suspicious links/attachments and stated the municipality was working to restore system security.

Waterloo Regional Health Network January 13, 2026 • [ personal health information, third-party security incident, data breach ] Waterloo Regional Health Network notified patients that a third-party security incident affecting its connection to the Health Report Manager service may have exposed personal health information for approximately 150,000 patients who received care between April 2025 and January 2026. WRHN said the incident occurred outside WRHNs internal systems, was contained within hours on January 13, and no misuse was believed likely.

Langley Twigg Law January 11, 2026 • [ cyberattack, data breach, malware ] Langley Twigg Law (Napier, New Zealand) stated it was hit by a cyberattack on January 11, 2026. The firm said digital forensics and cyber specialists confirmed a malicious third-party launched a virus on its IT network, which was not protected by its cybersecurity software at the time. The firm reported the attacker extracted a portion of data from its file server containing internal operational information and some client documents. Langley Twigg said it disconnected its network from the internet, notified the Privacy Commissioner and police, and was working to determine exactly what information was affected before contacting impacted clients.

Pecan Tree Dental, PLLC January 11, 2026 • [ data breach, data exfiltration, personally identifiable information ] Pecan Tree Dental, PLLC, a dental practice in Grand Prairie, Texas, discovered a cybersecurity incident on January 11, 2026. Sinobi claimed responsibility and claimed to have exfiltrated 250 GB of data. HHS/OCR-style reporting listed 13,300 affected individuals, while DataBreach.com indexed 24,504 rows containing Social Security numbers, email addresses, and phone numbers. Public reporting did not confirm successful encryption or operational disruption.

Metro Pet Vet January 7, 2026 • [ ransomware, data breach, technical difficulties ] A Lancaster County veterinary practice (Metro Pet Vet) reported it was hit by a ransomware attack after several days of technical issues. The office said Monday and Tuesday it experienced major technical difficulties, including its router stopping, and by Wednesday morning ransomware was detected and the practice lost access to its server. Staff reported they could not access pet vaccine and medication histories and had to operate like 40 years ago using paper while continuing to treat animals and relying on an app for scheduling. The practice stated no credit card or Social Security information was stored on the affected server, but client phone numbers and addresses were stored there, and it expected recovery work to continue into the following week.

Brightspeed January 5, 2026 • [ cybersecurity event, extortion, data breach ] Brightspeed said it is investigating reports of a cybersecurity event after the Crimson Collective extortion group claimed it breached the company and stole personal data tied to more than one million residential customers. Reporting described the attackers claimed dataset as including names, emails, phone numbers, postal addresses, user account information linked to session or user IDs, payment history, partial payment card information, and appointment or order records containing customer information. Brightspeed publicly stated it takes security seriously and is investigating the reports and would keep customers, employees, and authorities informed as it learns more.

ManoMano January 1, 2026 • [ data breach, third-party compromise, PII ] ManoMano disclosed that hackers compromised a third-party customer service provider in January 2026 and unlawfully extracted customer account-related personal data and customer service interaction data affecting 38 million individuals.

LawPavilion January 1, 2026 • [ data breach, unauthorized access, data leak ] Unauthorized actors accessed systems associated with the Nigerian legal technology platform LawPavilion and exposed a database containing user account information affecting approximately 63,000 users, with no reported operational disruption.

Venezuelan Ministry of Foreign Affairs January 1, 2026 • [ espionage, state-sponsored attack, data breach ] The same China-linked espionage campaign that compromised the Cuban Embassy in Washington D.C. also reportedly exploited Microsoft Exchange servers used by Venezuelas Ministry of Foreign Affairs and accessed officials email communications during the same January 2026 regional campaign.

WhiteDate December 29, 2025 • [ data breach, data leak, personal information ] In December 2025, the dating website "for a Europid vision" WhiteDate suffered a data breach that was subsequently leaked online, initially exposing 6.1k unique email addresses. The leaked data included extensive personal information such as physical appearance, income, education and IQ. A more comprehensive dataset was later provided to HIBP, containing usernames, IP addresses, private messages, phpBB password hashes and a total of 20k unique email addresses.

QualDerm December 23, 2025 • [ data breach, data leak, unauthorized access ] SecurityWeek reported that QualDerm Partners is notifying more than 3.1 million people of a December 2025 breach discovered on Dec. 24, 2025. QualDerm said attackers had unauthorized access to its network for two days and exfiltrated data from a limited number of compromised systems. Stolen data included personal identifiers and health/insurance information such as names, addresses, dates of birth, email addresses, medical record numbers, doctor names, treatment/diagnosis information, health insurance information, dates of death, and in some cases government-issued ID information. QualDerm said its investigation is ongoing and it notified law enforcement and regulators.

Search Results (data breach)