At least one organization in Mexico
January 12, 2026
•[ data leak, leak portals, cybercrime ]
During 2025, the data of 74 Mexican organizations was exposed on leak portals used by criminal groups, a figure that doubles the 37 cases registered in 2024
Global-e
January 7, 2026
•[ data exposure, third-party compromise, unauthorized access ]
Reporting aggregated by DataBreaches.Net indicates Ledger was impacted by a data exposure incident involving its third-party payment processor, Global-e. The report describes an email notification stating that an unauthorized party accessed Global-es cloud system and obtained Ledger customers personal details, including names and contact information associated with orders. The notification did not specify when the access occurred, how many Ledger customers were affected, or whether additional data types (e.g., payment details) were involved. The incident is treated as a third-party compromise affecting Ledger customer data.
PayPal
July 1, 2025
•[ data exposure, software error, personally identifiable information ]
PayPal disclosed that a software error in its PayPal Working Capital (PPWC) loan application exposed sensitive personal information, including Social Security numbers, for nearly six months in 2025. The exposure window was reported as beginning July 1, 2025 and ending when PayPal fixed/rolled back the problematic code and blocked further access on December 13, 2025. PayPal stated it notified affected customers and offered credit monitoring, and reporting noted some accounts showed unauthorized activity that PayPal said it reimbursed. The incident was characterized as a data exposure caused by an application error rather than a compromise of PayPals broader systems.
