MiniMed Panamá
May 2, 2026
•[ data exposure, PII, plaintext credentials ]
MiniMed Panam was listed among the Panamanian health-sector platforms directly affected by data exposure in a Vecert Analyzer intelligence report cited by La Estrella de Panam. The incident was dated May 2, 2026, and outside OSINT reporting described roughly 400,000 exposed records associated with MiniMed, including a usersdata table with 74,233 records containing PII and plaintext credentials. Public reporting did not identify the threat actor, encryption, data destruction, or operational disruption.
McGraw Hill
April 14, 2026
•[ misconfiguration, data leak, extortion ]
McGraw Hill confirmed that a Salesforce-hosted webpage misconfiguration exposed limited contact data, while ShinyHunters claimed millions of Salesforce records and attempted extortion.
My Lovely AI
April 7, 2026
•[ data breach, NSFW, AI-generated content ]
In April 2026, the NSFW AI girlfriend platform My Lovely AI suffered a data breach that exposed over 100k users. The data included user-created prompts and links to the resulting AI-generated images, along with a small number of Discord and X usernames.
Świętokrzyskie Rehabilitation Center
March 31, 2026
•[ ransomware, encryption, personal data ]
witokrzyskie Rehabilitation Center reported a ransomware attack that encrypted personal-data files and may have exposed data.
Station Casinos LLC
March 5, 2026
•[ unauthorized access, personal information, PII ]
Station Casinos LLC identified unauthorized external access to its systems on March 5, 2026 and began notifying affected individuals in May 2026. Public filings confirmed names were exposed and warned that additional personal information may have been compromised, but the company had not publicly confirmed the total number of affected individuals.
At least one organization in Mexico
January 12, 2026
•[ data leak, leak portals, cybercrime ]
During 2025, the data of 74 Mexican organizations was exposed on leak portals used by criminal groups, a figure that doubles the 37 cases registered in 2024
Global-e
January 7, 2026
•[ data exposure, third-party compromise, unauthorized access ]
Reporting aggregated by DataBreaches.Net indicates Ledger was impacted by a data exposure incident involving its third-party payment processor, Global-e. The report describes an email notification stating that an unauthorized party accessed Global-es cloud system and obtained Ledger customers personal details, including names and contact information associated with orders. The notification did not specify when the access occurred, how many Ledger customers were affected, or whether additional data types (e.g., payment details) were involved. The incident is treated as a third-party compromise affecting Ledger customer data.
PayPal
July 1, 2025
•[ data exposure, software error, personally identifiable information ]
PayPal disclosed that a software error in its PayPal Working Capital (PPWC) loan application exposed sensitive personal information, including Social Security numbers, for nearly six months in 2025. The exposure window was reported as beginning July 1, 2025 and ending when PayPal fixed/rolled back the problematic code and blocked further access on December 13, 2025. PayPal stated it notified affected customers and offered credit monitoring, and reporting noted some accounts showed unauthorized activity that PayPal said it reimbursed. The incident was characterized as a data exposure caused by an application error rather than a compromise of PayPals broader systems.
