Search Results for "data leak"

Instagram January 7, 2026 • [ data leak, scraping ] In January 2026, data allegedly scraped via an Instagram API was posted to a popular hacking forum. The dataset contained 17M rows of public Instagram information, including usernames, display names, account IDs, and in some cases, geolocation data. Of these records, 6.2M included an associated email address, and some also contained a phone number. The scraped data appears to be unrelated to password reset requests initiated on the platform, despite coinciding in timeframe. There is no evidence that passwords or other sensitive data were compromised.

Panera Bread January 7, 2026 • [ ransomware, data leak ] In January 2026, Panera Bread suffered a data breach that exposed 14M records. After an attempted extortion failed, the attackers published the data publicly, which included 5.1M unique email addresses along with associated account information such as names, phone numbers and physical addresses. Panera Bread subsequently confirmed that "the data involved is contact information" and that authorities were notified.

ManageMyHealth December 30, 2025 • [ ransomware, data leak, healthcare ] A significant volume of patient medical records was accessed and partially encrypted in a cyber intrusion targeting document systems The threat actor issued a ransom demand and published some data samples online before legal action was taken The breach was discovered in late December and publicly confirmed shortly after

University of Lille December 29, 2025 • [ data leak ] Unauthorized access to university systems resulted in the exfiltration of student personal data later advertised on an underground forum.

WhiteDate December 29, 2025 • [ data leak ] In December 2025, the dating website "for a Europid vision" WhiteDate suffered a data breach that exposed 6k unique email addresses. The breach exposed extensive further personal information including data related to physical appearance, income, education and IQ.

Ubisoft December 27, 2025 • [ data leak, service disruption ] Ubisoft suffered a breach in which attackers accessed internal systems controlling the Rainbow Six Siege economy and moderation tools. Game services were globally disrupted, requiring rollback and shutdown of servers for nearly two days.

Chrysler (Stellantis) December 25, 2025 • [ ransomware, data leak ] Everest ransomware group claimed it breached Chrysler systems and exfiltrated 1088 GB of data, including Salesforce-related CRM exports and recall/customer service records, and threatened to leak the full dataset.

SudamericaData December 25, 2025 • [ data leak ] Threat actors advertised an alleged database from SudamericaData on underground forums, claiming exposure of a large volume of personal and registry data; the company has not publicly confirmed the breach at the time of reporting.

Asiana Airlines December 24, 2025 • [ data leak ] Asiana Airlines experienced unauthorized access to its internal intranet via an overseas server on December 24 2025 resulting in the exposure of personal information for approximately 10000 employees and partner staff No customer data was affected The company blocked access reset credentials and notified authorities

Ramside Hall Hotel Golf and Spa December 24, 2025 • [ data leak ] A management system used by Ramside Hall was accessed by unauthorized actors resulting in exposure of some customer data The hotel confirmed the incident publicly and stated the breach originated from a system it uses

Condé Nast / WIRED.com December 20, 2025 • [ data leak ] Hacker Lovely leaked 2.4M WIRED.com subscriber records (emails, names, IDs, contact info). Dataset verified by breach researchers and indexed by Have I Been Pwned. No official confirmation from Cond Nast; actor claims 40M more records may follow.

Club Atletico River Plate December 19, 2025 • [ ransomware, data leak ] On December 19, 2025, Argentine media reported that Club Atltico River Plate was listed on ransomware group Qilins dark web leak site, suggesting the group had gained unauthorized access to the clubs IT environment. The report described a significant compromise of sensitive information and access to the institutions digital infrastructure, with screenshots posted as evidence and indications the club used Microsoft 365 services. The attackers posted metrics referenced data for 4,042 users, one directly compromised employee, and 13 credentials belonging to employees of third parties

Hello Cake, Inc. December 19, 2025 • [ data leak ] Hello Cake, Inc. reported a cybersecurity incident involving unauthorized access to company systems that resulted in exposure of sensitive business information.

Nexar December 19, 2025 • [ data leak ] Nexar disclosed a cyber incident in which attackers gained unauthorized access to internal systems, prompting an investigation into potential data exposure.

Lexipol December 19, 2025 • [ data leak ] Lexipol experienced a cyberattack that led to unauthorized access to its systems, affecting data associated with public safety and law enforcement clients.

Goldman Sachs (via Fried Frank Harris Shriver & Jacobson LLP) December 19, 2025 • [ data leak, third-party breach ] Goldman Sachs notified clients that some client data may have been exposed following a cybersecurity incident at its external law firm, Fried Frank; Goldman stated its own systems were not compromised.

Undisclosed Ghana financial institution December 19, 2025 • [ ransomware, data leak ] A ransomware attack targeted a Ghanaian financial institution, encrypting large volumes of data and resulting in a financial loss of approximately USD 120,000, with authorities later assisting in partial data recovery.

At least one organization in Japan December 18, 2025 • [ data leak ] A cyberattack targeted at least one organization in Japan, resulting in unauthorized access to internal systems and raising concerns about potential data exposure.

Naftali Bennett's phone December 17, 2025 • [ data leak, hacking ] Israel National News reported that the Iranian-affiliated hacker group Handala claimed it infiltrated Naftali Bennetts personal iPhone 13 as part of Operation Octopus and published files it said were extracted from the device, including a contact list with names of senior Israeli officials, internal communications, sensitive documents, and personal photos. The outlet also reported Bennett responded that the matter was being handled by security authorities. Subsequent coverage elsewhere reported Bennetts office said tests indicated the phone was not hacked, though content tied to his accounts/contacts circulated online; the exact extent of compromise is therefore not fully verified beyond an unauthorized leak claim.

Pass'Sport December 17, 2025 • [ data leak ] In December 2025, data from France's Pass'Sport program was posted to a popular hacking forum. Initially misattributed to CAF (the French family allowance fund), the data contained 6.5M unique email addresses affecting 3.5M households. The data also included names, phone numbers, genders and physical addresses. The Ministry of Sports subsequently released a statement acknowledging the incident.

Search Results (data leak)