Lovora
February 25, 2026
•[ data breach, personal information, email addresses ]
In February 2026, the couples and relationship app Lovora allegedly suffered a data breach that exposed 496k unique email addresses. The data also included users display names and profile photos, along with other personal information collected through use of the app. The apps maker, Plantake, did not respond to multiple attempts to contact them about the incident.
youX
February 15, 2026
•[ unauthorized access, data leak, exfiltration ]
youX (Australian finance technology platform) confirmed unauthorized access by a third party after a threat actor released data it claimed to have obtained during the incident. Public reporting said youX had flagged an IT security incident about a week earlier and that personal information may have been compromised. External threat reporting associated the incident with a large-scale exfiltration claim (hundreds of gigabytes) affecting borrowers and broker organizations, consistent with data-theft extortion behavior. The companys public statements centered on incident response actions, engagement with external experts, and regulatory notification while it worked to determine the precise scope and which individuals and organizations were impacted.
ICE List site
January 13, 2026
•[ denial-of-service attack, data leak, personal information ]
A website known as ICE List, operated by Netherlands-based immigration activist Dominick Skinner and described as dedicated to leaking personal information about U.S. immigration and border personnel, went offline following a denial-of-service attack on the evening of January 13, 2026. Reporting said the outage occurred shortly after media coverage that Skinner planned to publish additional personal data allegedly obtained from a whistleblower. Skinner stated it was only possible to speculate on who directed the attack but claimed a large amount of traffic appeared to come from Russia, consistent with bot traffic intended to overwhelm the site and disrupt access.
Tokyo FM Broadcasting Co., LTD
January 1, 2026
•[ data leak, personal information, telemetry ]
HackRead reported that on January 1, 2026 an actor using the alias victim claimed to have breached Tokyo FMs private computer systems and stolen data exceeding three million records. The stolen dataset was described as containing personal details (full names, birthdays, email addresses) plus technical telemetry (IP addresses and user-agent strings). The actor also claimed to have obtained internal system login IDs and information related to individuals jobs. The report emphasized that the claim was listed as pending verification at the time of publication, but Tokyo FM was described as investigating the allegation.
WhiteDate
December 29, 2025
•[ data breach, data leak, personal information ]
In December 2025, the dating website "for a Europid vision" WhiteDate suffered a data breach that was subsequently leaked online, initially exposing 6.1k unique email addresses. The leaked data included extensive personal information such as physical appearance, income, education and IQ. A more comprehensive dataset was later provided to HIBP, containing usernames, IP addresses, private messages, phpBB password hashes and a total of 20k unique email addresses.
Elmcrest Children’s Center, Inc.
August 12, 2025
•[ unauthorized access, data leak, health information ]
Elmcrest Childrens Center, Inc. detected unauthorized access to its computer network on August 12, 2025. The investigation determined that files containing information for approximately 23,500 individuals were accessed, including names, addresses, dates of birth, treatment details, and insurance information.
Murex Petroleum Corporation
May 27, 2025
•[ unauthorized access, data breach, personal information ]
Unauthorized access to Murex Petroleum Corporation systems resulted in the access and acquisition of certain individuals personal information, as disclosed in a regulatory filing with the New Hampshire Department of Justice.
CFD Investments, Inc.
March 15, 2025
•[ unauthorized access, email account compromise, data leak ]
Unauthorized access to an employee email account at CFD Investments, Inc. resulted in exposure of client personal and financial information between March 15 and May 9, 2025; affected individuals were notified beginning January 28, 2026.
MinnesotaWorks.net
September 6, 2023
•[ unauthorized access, data leak, insider threat ]
The Department of Employment and Economic Development (DEED) in Minnesota notifies jobseekers of a data breach involving unauthorized access to their personal information at the MinnesotaWorks.net platform, after a person claiming to be an employee allegedly, viewed and copied user resume information without authorization.
AssociaÃÆ'Ã'§ÃÆ'Ã'£o de Advogados de SÃÆ'Ã'£o Paulo (AASP)
February 22, 2023
•[ ransomware, data leak, personal information ]
The Ragnar Locker ransomware gang leaks 200 GB of files from the Associa o de Advogados de S''o Paulo (AASP) plus numerous screenshots with personal information after the association denies it was hacked.
Brazilian Triathlon Confederation (cbtri.org.br)
August 5, 2016
•[ data leak, personal information, financial details ]
Anonymous leaked personal, financial and login details from domains like'the Brazilian Confederation of Modern Pentathlon (pentatlo.org.br), official Site of the Brazilian Handball Confederation (brasilhandebol.com.br),Brazilian Confederation of Boxing (cbboxe.com.br) and Brazilian Triathlon Confederation (cbtri.org.br).
norfolkadmirals.com
March 30, 2016
•[ data leak, personal information ]
gift2death posts online the personal information of roughly 250 Norfolk Admirals hockey team customers.
