Full List

Search

Search Results (data leak)

• Adda.io November 23, 2025 • [ data leak ] Data breach at Adda.io: a hacker using the alias Blinkers posted a dataset claiming to contain personal information for approximately 1.86 million users, including names, phone numbers, email addresses, owner IDs, and MD5-hashed passwords.
• French Football Federation (FFF) November 22, 2025 • [ data leak, unauthorized access ] The French Football Federation disclosed that an unauthorized party accessed administrative software on November 22 and exfiltrated personal and membership information for registered members; no operational disruption or actor attribution was identified.
• Almaviva S.p.A. November 20, 2025 • [ data leak ] Threat actor breached Almaviva (IT services provider for FS Italiane Group), exfiltrated about 2.3TB of internal data including technical documentation, contracts, accounting records, HR archives and multicompany repositories across several FS Group companies; data appears recently generated (Q3 2025); Almaviva confirmed a breach, isolated systems, and launched response procedures.
• International Game Technology PLC (IGT) November 20, 2025 • [ ransomware, data leak ] Ransomware-as-a-service group Qilin added gambling-technology giant IGT to its data leak site and claims to have stolen about 10GB of data, roughly 21,600 files, from the companys systems; the archive is labeled as already published on the dark web, but no file samples or detailed data contents were shared publicly at the time of reporting, and IGT has not confirmed or denied the incident, so this entry treats the event as a threat-actor-claimed data-theft attack with the nature of the exposed information still undetermined.
• 4 Student Email Accounts at New Haven Public Schools November 20, 2025 • [ phishing, data leak ] A phishing campaign against New Haven Public Schools used compromised student email accounts to send more than 10,000 messages districtwide that spoofed legitimate requests for bank details. Over 1,000 students opened the emails and an unknown number submitted financial and personal information, putting families at immediate risk of fraud and identity theft. The districts IT team is resetting affected accounts, purging malicious messages, and warning students to contact their banks and avoid clicking suspicious links.
• DocuBizz November 20, 2025 • [ ransomware, data leak ] A ransomware attack against Danish automotive IT provider DocuBizz resulted in theft of drivers license information, CPR numbers, bank account numbers, and other customer data belonging to car dealerships and their clients. No encryption or service disruption has been confirmed.
• Heart of Texas Behavioral Health Network November 20, 2025 • [ data leak, physical security ] A local report stated that Heart of Texas Behavioral Health Network identified a privacy incident on November 20, 2025 after an unauthorized person broke into a McLennan County facility. The organization said paper patient records stored in the building may have been accessed or removed. The potentially involved information includes patient identifiers and protected health information such as names, addresses, dates of birth, Social Security numbers, medical record numbers, diagnoses, and treatment/procedure information, as well as Medicaid or other health insurance details.
• Pajemploi November 19, 2025 • [ data leak ] French social security service Pajemploi reported that its systems suffered a theft of personal data belonging to professional caregivers registered with the program and estimates that information for about 1 point 2 million individuals may have been exposed according to an announcement by parent organisation URSSAF and coverage by DataBreaches
• Doctor Alliance LLC November 18, 2025 • [ ransomware, data leak ] Ransomware actor Kazu again compromised Dallas-based healthcare document and billing platform Doctor Alliance, exploiting an unpatched vulnerability and reused admin credentials to access a high-privilege account and steal nearly 1.27 TB of medical documents and related files affecting potentially more than a million patients; the firm has acknowledged unauthorized access to at least one client account and faces multiple federal class actions while still providing limited public transparency.
• Harvard University November 18, 2025 • [ phishing, vishing, data leak ] Harvard University reported that a voice-phishing attack against Alumni Affairs and Development staff on November 18, 2025 led to unauthorized access to its AAD information systems, exposing contact details, fundraising records and event data for alumni, donors, parents, some students and some faculty and staff; the university locked out the intruder, notified affected individuals beginning November 22, and is working with law enforcement and incident response specialists.
• Coupang November 18, 2025 • [ data leak, phishing ] South Korean e-commerce firm Coupang reported that an unauthorized third party accessed a customer database and exfiltrated personal information on about 4,500 users. Exposed fields included names, contact details, shipping addresses, and information about recent purchases, raising the risk of targeted phishing and fraud using order history. Coupang says it blocked the intruders access as soon as the breach was detected and has notified regulators and customers while monitoring for signs of misuse of the stolen data.
• Eurofiber France November 17, 2025 • [ data leak ] Eurofiber France confirmed that an unauthorized party accessed a customer account system and that verified customer data was offered for sale online; the company reported exposure of contact and account information but no operational disruption or compromise of passwords or payment data.
• Mid South Pulmonary & Sleep Specialists (MSPS) November 17, 2025 • [ ransomware, data leak, data breach ] Reporting on Anubis RaaS described a severe ransomware incident affecting Mid South Pulmonary & Sleep Specialists (MSPS) in Tennessee. The threat actor claimed initial access on Nov. 10, 2025, spent about a week conducting internal reconnaissance and data theft, then paralyzed the organizations network in a single night. The group claimed to have encrypted MSPSs Nutanix systems and used a wiper to delete backups, leaving MSPS unable to restore systems; the actor also claimed exfiltration of roughly 860 GB and leakage of hundreds of gigabytes containing administrative records, insurance billing files, and extensive PII/PHI. MSPS had not publicly confirmed details in the reporting, but the described impacts suggest prolonged disruption and exposure of sensitive medical data.
• Under Armour November 17, 2025 • [ ransomware, data leak ] In November 2025, the Everest ransomware group claimed Under Armour as a victim and attempted to extort a ransom, alleging they had obtained access to 343GB of data. In January 2026, customer data from the incident was published publicly on a popular hacking forum, including 72M email addresses. Many records also contained additional personal information such as names, dates of birth, genders, geographic locations and purchase information.
• Detmold Public Utilities November 16, 2025 • [ ransomware, data leak ] A ransomware attack against Stadtwerke Detmold forced the municipal utility to shut down its IT infrastructure, leaving the company largely unreachable by phone or email and knocking out online customer portals and related services. Multiple affiliated business units, including energy and public transport operations, were impacted in their back-office systems, though the delivery of electricity, gas, water, and district heating reportedly continued. Police cybercrime teams and external specialists were engaged to stabilize systems, analyze the intrusion, and determine whether customer data was accessed.
• Grenoble École de Management November 15, 2025 • [ data leak ] Threat actors claimed access to and sale of a large CRM dataset associated with the institution, which the school acknowledged and began investigating.
• CodeStepByStep November 15, 2025 • [ data leak ] In November 2025, the online coding practice tool CodeStepByStep suffered a data breach that exposed 17k records. The impacted data included names, usernames and email addresses.
• CodeStepByStep November 15, 2025 • [ data leak ] In November 2025, the online coding practice tool CodeStepByStep suffered a data breach that exposed 17k records which were subsequently published online. The following month, a further corpus of data was released bringing the total to 103k. The impacted data included names, usernames and email addresses.
• Petrobras November 14, 2025 • [ ransomware, data leak ] Everest ransomware group listed Petrobras and exploration partner SAExploration on its leak site and claims it stole a large seismic survey database with detailed technical information from Petrobras surveys and Campos Basin projects while threatening further action if the company does not contact the group
• Trumbull County Recorder’s Office November 14, 2025 • [ ransomware, data leak, supply chain attack ] Trumbull County, Ohio reported that a ransomware attack on its third-party vendor C Systems Software led to a security breach affecting systems used for real-estate recordings and property records. County officials said they were alerted around November 14, 2025, and, with help from Ohio Homeland Security and external cybersecurity firm GuidePoint, determined that the same cybercriminals behind the vendor breach had attempted to exploit the county network. While they reported no evidence of successful intrusion into county systems, offices had to fall back on manual processing and suspend some online services for about ten days. The incident is believed to have exposed resident data held by the vendor and has prompted additional security and monitoring measures.