Search Results for "data leak"

Former Minister Ayelet Shaked January 3, 2026 • [ data leak, unauthorized access, cyber espionage ] Iran-linked hacking group Handala claimed it breached the mobile phone of former Israeli minister Ayelet Shaked and published roughly 60 photos and videos it said were stolen from her device. The group alleged it held additional messages, documents, and other confidential material and urged followers to expect further releases. The reported effect is limited to alleged unauthorized access and data theft/exposure involving a single political figure, with no operational disruption to organizations reported.

Prosura January 2, 2026 • [ Data leak, Cyber incident, Personally Identifiable Information (PII) ] Prosura, a car rental insurance provider that partners with VroomVroomVroom and trades as Hiccup, reported a cyber incident after a third party accessed its internal IT systems. Cybernews reported that attackers posted what they claimed was stolen Prosura data on a leak forum and described a dataset of roughly 98 million lines. Cybernews said its team reviewed the sample and believed it could be legitimate, noting it included photocopies of drivers licenses and full insurance policies containing personally identifiable information. The article also reported Prosura said it was working to verify the claims, had taken mitigation steps (including halting sales and some self-service functions), and stated that payment information was not exposed because it does not store credit card details.

WhiteDate January 2, 2026 • [ hacktivism, data leak, data destruction ] Reporting describes a hacktivist using the pseudonym Martha Root who infiltrated an extremist dating website and related sites and later demonstrated deleting them live on stage during the Chaos Communication Congress. The coverage indicates the actor used automated tools/AI chatbots to extract and download user profile information and then published the acquired dataset. As described, the incident combined disruptive impact (site/service deletion) with unauthorized access and data acquisition affecting site users.

Esquire Brands January 2, 2026 • [ ransomware, data leak, extortion ] Cybernews reported that Esquire Brands (a childrens footwear maker operating several brands/licenses) was posted on the Play ransomware leak site, with attackers threatening to publish stolen data shortly thereafter. According to the leak-site post summarized in the article, the attackers claimed they obtained client documents, payroll data, and finance information. The report frames the incident as data theft with extortion leverage (typical double-extortion posture).

LawPavilion January 1, 2026 • [ data breach, unauthorized access, data leak ] Unauthorized actors accessed systems associated with the Nigerian legal technology platform LawPavilion and exposed a database containing user account information affecting approximately 63,000 users, with no reported operational disruption.

French Office for Immigration and Integration (OFII) January 1, 2026 • [ data leak, hacking, third-party breach ] A hacker posted samples of foreigners personal data online on January 1, 2026, stating on a specialist forum that the information was obtained by hacking the French Office for Immigration and Integration (OFII) and that the motive was profit. Reporting described two posted samples: one with fewer than 1,000 foreign nationals and another involving 600 Israelis currently or previously residing in France, with fields such as names, date of entry, status/reasons for stay, email addresses, and phone numbers. OFII confirmed a data theft but said the intrusion was linked to a subcontractor/operator with access to OFII data rather than directly compromising OFIIs information system.

Tokyo FM Broadcasting Co., LTD January 1, 2026 • [ data leak, personal information, telemetry ] HackRead reported that on January 1, 2026 an actor using the alias victim claimed to have breached Tokyo FMs private computer systems and stolen data exceeding three million records. The stolen dataset was described as containing personal details (full names, birthdays, email addresses) plus technical telemetry (IP addresses and user-agent strings). The actor also claimed to have obtained internal system login IDs and information related to individuals jobs. The report emphasized that the claim was listed as pending verification at the time of publication, but Tokyo FM was described as investigating the allegation.

Sedgwick Government Solutions December 31, 2025 • [ ransomware, data leak, file transfer system ] SecurityWeek reported that Sedgwick confirmed a security incident at its subsidiary Sedgwick Government Solutions after the TridentLocker ransomware group claimed to have hacked it. Sedgwick stated the incident affected only an isolated file transfer system and that the subsidiary is segmented from the rest of Sedgwick, with no evidence of access to claims management servers and no impact on service delivery. The article noted that on New Years Eve, TridentLocker claimed it stole roughly 3.4GB of data from Sedgwick Government Solutions and leaked it publicly, while Sedgwick did not comment on the specifics of the attackers claims.

ManageMyHealth December 30, 2025 • [ ransomware, data leak, healthcare ] A significant volume of patient medical records was accessed and partially encrypted in a cyber intrusion targeting document systems The threat actor issued a ransom demand and published some data samples online before legal action was taken The breach was discovered in late December and publicly confirmed shortly after

Sports Medicine and Orthopedics December 30, 2025 • [ ransomware, data leak, healthcare ] Sports Medicine & Orthopaedics, a now-closed practice in East Providence, Rhode Island, reported that it was impacted by a ransomware incident in October 2025. Reporting indicates the attack exposed personal and health-related information for roughly 4,000 patients, prompting the practice to issue breach notifications after it had already shut down operations. Public accounts describe a ransomware-driven compromise that resulted in unauthorized access to patient information (typical elements in these incidents include identifiers and clinical/billing-related data), with the key confirmed impact being exposure of patient data tied to the practice rather than a long-running operational outage (since the practice was shuttered).

Southern Oregon Neurosurgery December 30, 2025 • [ email compromise, hacking, data leak ] Southern Oregon Neurosurgery (Southern Oregon Neurosurgical and Spine Associates, PC) disclosed a hacking incident that stemmed from an email breach and affected at least 1,000 individuals. According to reporting, the incident occurred in November 2025; the organization said its IT staff isolated the issue immediately once identified. The breach was reported to HHS as a hacking/IT incident involving email, indicating unauthorized access to email content (and potentially attachments) that contained patient-related information. While public reporting did not enumerate every exposed field, the confirmed impact is unauthorized access via email compromise with resultant exposure risk to individuals whose information was present in the affected mailbox(es).

University of Lille December 29, 2025 • [ data leak ] Unauthorized access to university systems resulted in the exfiltration of student personal data later advertised on an underground forum.

WhiteDate December 29, 2025 • [ data leak ] In December 2025, the dating website "for a Europid vision" WhiteDate suffered a data breach that exposed 6k unique email addresses. The breach exposed extensive further personal information including data related to physical appearance, income, education and IQ.

WhiteDate December 29, 2025 • [ data leak ] In December 2025, the dating website "for a Europid vision" WhiteDate suffered a data breach that was subsequently leaked online, initially exposing 6.1k unique email addresses. The leaked data included extensive personal information such as physical appearance, income, education and IQ. A more comprehensive dataset was later provided to HIBP, containing usernames, IP addresses, private messages and a total of 20k unique email addresses.

WhiteDate December 29, 2025 • [ data breach, data leak, personal information ] In December 2025, the dating website "for a Europid vision" WhiteDate suffered a data breach that was subsequently leaked online, initially exposing 6.1k unique email addresses. The leaked data included extensive personal information such as physical appearance, income, education and IQ. A more comprehensive dataset was later provided to HIBP, containing usernames, IP addresses, private messages, phpBB password hashes and a total of 20k unique email addresses.

Ubisoft December 27, 2025 • [ data leak, service disruption ] Ubisoft suffered a breach in which attackers accessed internal systems controlling the Rainbow Six Siege economy and moderation tools. Game services were globally disrupted, requiring rollback and shutdown of servers for nearly two days.

At least one customer of Canada Computers December 26, 2025 • [ Magecart, card skimming, data leak ] Canada Computers acknowledged a web-based data security incident affecting its online store after a Magecart-style card-skimming script was found embedded on the checkout page. According to reporting, a shopper identified the suspicious script on January 18, 2026, and the malicious code was removed after the findings were publicized. Archived versions of the checkout page suggested the skimmer may have been active since at least late December 2025, meaning payment-form data entered by customers during that window could have been captured. Canada Computers customer notice said an unauthorized user may have accessed customer information such as names, email addresses, and possibly credit card numbers; customers were advised to monitor statements and consider replacing cards.

Chrysler (Stellantis) December 25, 2025 • [ ransomware, data leak ] Everest ransomware group claimed it breached Chrysler systems and exfiltrated 1088 GB of data, including Salesforce-related CRM exports and recall/customer service records, and threatened to leak the full dataset.

SudamericaData December 25, 2025 • [ data leak ] Threat actors advertised an alleged database from SudamericaData on underground forums, claiming exposure of a large volume of personal and registry data; the company has not publicly confirmed the breach at the time of reporting.

Undisclosed Austrian pharmaceutical company December 25, 2025 • [ ransomware, data leak, extortion ] The article reports that a Vienna-based pharmaceutical company was affected by a ransomware attack in which threat actors compromised systems and leaked corporate data as part of an extortion campaign.

Search Results (data leak)