Santeda International B.V.
May 1, 2025
•[ data breach, credential leak, unencrypted data ]
Investigators reported a data breach affecting MyStake, a Curaao-licensed online casino operated by Santeda International B.V., tracing the exposure back to approximately May 2025. A PDF containing login credentials for 540 MyStake accounts was shared online, and specialists reportedly confirmed they could log into most accounts listed, indicating passwords were still valid long after the leak became known. Once logged in, auditors said they could view sensitive player details stored without encryption, including names, home addresses, phone numbers, dates of birth, and detailed transaction histories. Reporting alleged that users were not notified for more than eight months and that MyStake did not enforce password resets or suspend compromised accounts during that period, increasing risk of account takeover, fraud, and identity misuse.
Ottawa Family Physicians
December 10, 2024
•[ data leak, unencrypted data, healthcare ]
Between December 1015, 2024, an unauthorized actor accessed Ottawa Family Physicians systems and exfiltrated patient data from an internal server. The EMR database was not affected. Data types included personal identifiers, financial, and health information. No encryption was used, and no operational disruption occurred. The incident was reported to HHS on February 13, 2025.
