Data Breach Desk

Japan's Kyushu Electric Power reports an unencrypted SSD containing 10.9 million customer records vanished from a locked server room, becoming Japan's largest data breach.

ShinyHunters threatens to leak 26 million customer records from MSG Sports, owner of the Knicks and Rangers, as today's June 15 deadline passes.

Pharmaceutical giant Novo Nordisk confirmed attackers copied clinical trial patient data and healthcare professional information from internal systems. The company says affected data was pseudonymized and cannot identify patients by name.

Attackers compromised France's secure messaging platform via social engineering, allegedly stealing 650,000 messages and 13.5GB of data from civil servants.

11-nation operation shuts down €336M cryptocurrency laundering service. Two operators arrested in Georgia, 25 domains seized, and over 6,000 money mule accounts exposed.

Attackers exploited an unauthenticated API endpoint to query ServiceNow customer instances. The company received a bug report in April but didn't patch until June 5—after exploitation began.

A cyberattack on the World Food Programme exposed sensitive data of 600,000 Gaza households, potentially the largest humanitarian data breach on record. 17-day notification delay raises concerns.

DentaQuest confirms breach after ShinyHunters dumps 233GB of patient data including Medicaid IDs, government IDs, and health insurance details. Class action investigations underway.

ShinyHunters claims responsibility for Carnival breach exposing names, passport numbers, and driver's licenses. Company offering two years of credit monitoring.

7-Eleven confirms data breach after ShinyHunters demanded $250K ransom. Over 600,000 Salesforce records allegedly stolen from franchise application systems.

Immigration law platform DocketWise confirms data breach affecting 143,480 people. SSNs, passport numbers, and medical information compromised via cloned repositories.

Attackers compromised DigiCert's support portal via malicious chat attachment, stealing EV code signing certificates. 11 certificates used to sign Zhong Stealer malware.

ShinyHunters threatens to leak 42 million Charter Communications customer records by May 27. The telecom giant confirms incident but disputes data sensitivity claims.

Grafana Labs confirms hackers stole source code through a GitHub token that slipped through rotation after the TanStack supply chain compromise. The company refused to pay the ransom demand.

ShinyHunters leaked 140GB of Zara customer data stolen through compromised Anodot authentication tokens. The breach exposed email addresses, order history, and support tickets from Snowflake and BigQuery integrations.

Armenian GeForce NOW operator GFN.AM suffered a data breach exposing user emails, names, and phone numbers. NVIDIA clarifies its own infrastructure wasn't compromised. ShinyHunters claims credit.

Educational tech giant Instructure confirms data breach affecting Canvas LMS users. ShinyHunters claims 275 million student and teacher records stolen from 9,000 schools, with a May 6 leak deadline.

Trellix, formed from McAfee Enterprise and FireEye merger, disclosed unauthorized access to source code. Forensic investigation ongoing with no evidence of code exploitation.

ShinyHunters breached home security giant ADT via voice phishing to compromise an employee's Okta SSO, stealing 5.5 million customer records from Salesforce.

ShinyHunters claims breach of Canada Life Assurance exposing 5.6 million Salesforce records with PII. Ransom deadline passed April 21, 2026—data leak threatened.

Attackers hijacked Seiko USA's website to post a ransom demand, claiming theft of customer data from the watchmaker's Shopify store. A 72-hour deadline was issued before public release.

Compromised Google Workspace OAuth app 110671459871-30f1spbu0hptbs60cb4vsmv79i7bbvqj breached Vercel, exposing API keys and source code. Hackers demand $2M; audit Workspace apps and rotate credentials.

Booking.com confirms hackers accessed customer reservation data including names, emails, phone numbers, and booking details. Company resets PINs but won't disclose breach scope.

Dutch fitness chain Basic-Fit confirms hackers accessed bank account details, addresses, and personal data for up to 1 million members across six European countries.

A fraudulent Ledger Live app distributed through Apple's Mac App Store stole $9.5M from 50+ victims who entered seed phrases. ZachXBT traced funds to KuCoin.

GTA 6 developer Rockstar Games confirms third-party breach after ShinyHunters stole Snowflake credentials through Anodot. Ransom deadline set for April 14.

AI startup Mercor confirms breach via LiteLLM supply chain attack. Lapsus$ claims 4TB stolen including candidate data, source code, and API keys. Meta pauses contracts.

ShinyHunters compromised SaaS analytics provider Anodot, using stolen authentication tokens to access and exfiltrate data from dozens of Snowflake customers.

World Leaks gang dumps 7TB of sensitive police data including personnel files and Internal Affairs investigations after breaching LA City Attorney's Office.

Attackers stole 50.9 BTC from company wallets after obtaining settlement account credentials. Second security incident for the crypto ATM operator since 2023.

Telehealth company Hims & Hers reveals data breach affecting customer support tickets. ShinyHunters gang exploited Okta SSO to access Zendesk platform.

Solana's Drift Protocol lost $285 million in 2026's largest DeFi hack. TRM Labs attributes the attack to North Korean actors who exploited oracle manipulation and pre-signed transactions.

Die Linke confirms Qilin stole internal data and employee info from party headquarters. Officials suggest attack may be politically motivated hybrid warfare.

Toy giant Hasbro filed an SEC 8-K disclosing unauthorized network access discovered March 28. Systems remain offline with recovery expected to take weeks.

Intesa Sanpaolo hit with $36 million GDPR fine after a single employee accessed 3,573 customer accounts undetected for over two years, including politicians.

API defect in Lloyds, Halifax, and Bank of Scotland apps let users view strangers' transactions including account numbers and NI numbers. Bank paying compensation.

Hackers compromised the European Commission's Amazon cloud infrastructure, claiming to steal 350GB of data including employee databases. Investigation ongoing.

An API vulnerability in AFC Ajax systems let attackers access fan data and transfer 42,000+ season tickets. Club patched after journalists demonstrated the flaw.

K-12 student information system provider Infinite Campus discloses breach affecting school staff data. ShinyHunters issued March 25 ransom deadline after claiming to steal Salesforce records.

Hackers infected a contractor's device to steal Okta credentials, then pivoted to Crunchyroll's Zendesk. Support ticket data for 6.8 million subscribers extracted.

Workplace benefits administrator Navia discloses data breach affecting 2.7 million individuals. Social Security numbers, health plan data, and personal information stolen during December-January intrusion.

Turkish restaurant chain Baydöner confirms breach affecting 3.7 million customers. Data includes 622,000 plaintext passwords and 42,000 national IDs now circulating on forums.

Infutor data breach reportedly exposes 676 million consumer records including Social Security numbers. Misconfigured Elasticsearch database blamed for the exposure.

Canadian BPO giant confirms breach after ShinyHunters claims massive data theft including call recordings, source code, and FBI background checks. Ransom ignored.

British government registry's WebFiling vulnerability let logged-in users access other companies' dashboards since October 2025. Unauthorized filings were possible.

Threat group ShinyHunters exploits misconfigured Salesforce Experience Cloud sites, stealing data from 100+ organizations including 921K records from Aura.com.

Attackers compromised 889 Starbucks Partner Central accounts using fake login portals, exposing employee names, Social Security numbers, and bank details.

Iranian-linked hacktivists claim devastating attack on medical device maker Stryker, weaponizing Intune's remote wipe capability to erase systems in 79 countries.

Ericsson's U.S. subsidiary confirms data theft affecting employees and customers after attackers compromised a service provider. SSNs, medical info, and financial details exposed.

Cognizant subsidiary TriZetto Provider Solutions confirms breach affecting 3.4 million patients. SSNs, Medicare IDs, and health data exposed after attackers went undetected for nearly a year.

Anubis gang claims 170GB of data including passport scans and client agreements from AkzoNobel's US operations. Company says breach contained.

Attacker leverages infostealer-compromised credentials to extort restaurant POS provider HungerRush, sending threatening emails directly to customers demanding response.

FulcrumSec threat actor exploits React2Shell vulnerability to breach LexisNexis AWS infrastructure, leaking 2GB of customer data including .gov email addresses and federal employee records.

A coding error in PayPal Working Capital exposed customer SSNs and business data since July 2025. Unauthorized transactions detected on some affected accounts.

Japanese semiconductor test equipment maker Advantest hit by ransomware on Feb 15. Investigation ongoing as company assesses potential data exposure.

ShinyHunters claims 800,000+ Wynn Resorts employee records including SSNs, salaries, and personal details. Group demands 22 Bitcoin by February 23, exploited Oracle PeopleSoft.

VIQ Solutions confirms sensitive Australian court data including domestic violence and national security cases accessed by unauthorized Indian subcontractor e24 Technologies.

Attacker impersonating civil servant accessed French FICOBA registry containing 300M+ bank account records. 1.2 million accounts compromised in late January attack.

University of Mississippi Medical Center shuts 35 clinics statewide after ransomware attack disables Epic EHR access. FBI investigating as doctors resort to pen and paper for patient care.

WormGPT database allegedly leaked on dark web forums, exposing emails, payment data, and subscription details of cybercriminals using the service.

Wiz researchers found Moltbook's Supabase database exposed without authentication, leaking 1.5M API tokens, private messages, and plaintext OpenAI keys.

Odido confirms cyberattack exposed names, IBANs, passport numbers, and personal data of 6.2 million Dutch customers. Services remain operational.

Enriched AT&T breach dataset with 148M Social Security numbers and 133M addresses is circulating privately, creating fresh identity theft and SIM-swap risks.

Flickr discloses a data breach through a third-party email provider vulnerability that exposed names, emails, and IP addresses for up to 35 million users.

Substack's October 2025 breach went undetected for four months. 700,000 users' email addresses and phone numbers were accessed by an unauthorized third party.

The January 2025 ransomware attack on govtech giant Conduent keeps growing—15.4M in Texas, 10.5M in Oregon, with more states still counting.

Match Group confirms breach after ShinyHunters dumps 1.7GB of user data. Attackers used voice phishing to compromise an Okta SSO account.

Flare researchers find a single threat actor wiping misconfigured MongoDB databases and demanding $500 Bitcoin ransoms. Nearly half of unauthenticated instances already compromised.

Federal jury convicts Linwei Ding on 14 counts of economic espionage and trade secret theft for stealing Google's AI infrastructure secrets for China.

Extortion group confirms voice phishing attacks stealing SSO credentials from Crunchbase, Betterment, and more. Custom phishing kits enable real-time MFA bypass.

Microsoft disrupts multi-stage attack combining adversary-in-the-middle phishing with BEC. Attackers abused SharePoint and inbox rules for persistence.

Fake maintenance emails urge users to backup their vaults before a deadline, redirecting victims to credential-harvesting sites. The campaign launched over MLK weekend.

SafePay ransomware group allegedly stole 3.5TB from the $48B IT distributor. Employee SSNs, passports, and performance reviews exposed.

A backup misconfiguration led to the exposure of nearly 324,000 user records from the notorious hacking forum, including usernames, hashed passwords, and IP addresses.

Australian government schools confirm hackers accessed student names, emails, and encrypted passwords. VCE students prioritized for credential resets before school year.

Food delivery giant confirms hackers stole data and are now extorting the company. Attack traced to credentials stolen in August 2025 Salesloft breach.

Russia-linked ransomware group posts samples allegedly from Nissan's internal systems including dealership records and financial documents.

Attackers claim 98 million records from the car rental insurance provider. Stolen data includes license photos, policy documents, and personal details.

Scraped data from 2024 API misconfiguration resurfaces on dark web. Attackers weaponize leaked emails to flood users with legitimate password reset requests.

A threat actor shared Instagram user data including emails and phone numbers for free. Users report receiving suspicious password reset emails within hours of the leak.

Pickett USA breach exposes LiDAR scans, transmission line surveys, and substation layouts for Tampa Electric, Duke Energy Florida, and American Electric Power. Asking price: 6.5 BTC.

Consumer credit provider 700Credit suffers massive data breach affecting auto loan applicants nationwide, with millions of Social Security numbers potentially compromised through dealership credit checks.

Threat actor '1011' posted alleged data from the semiconductor equipment giant to a Russian cybercrime forum. Security researchers are verifying the files.

System enhancement gone wrong allowed members to view other members' names, diagnoses, and medications. The insurer is offering affected individuals credit monitoring.

Russian ransomware group Clop claims responsibility for breach at Dartmouth College, posting stolen data on dark web and affecting more than 40,000 individuals including students, staff, and alumni.

Russian ransomware gang exploited CVE-2025-61882 to steal SSNs and financial data from the college. The same vulnerability hit Harvard, UPenn, and 100+ organizations.

US fiber broadband provider Brightspeed confirms investigation into cyberattack claims by emerging threat group Crimson Collective, which alleges exfiltration of over one million customer records.

Cryptocurrency hardware wallet maker Ledger confirms customer data exposed after third-party payment processor Global-e suffers cloud system breach.

Aurora College in Canada's Northwest Territories cancels all classes January 5-9 after cyber attack over Christmas break takes down servers, email, and e-learning systems.

New Year's Eve attack on Sedgwick Government Solutions compromises file transfer system serving DHS, CISA, and ICE. TridentLocker claims 3.4GB of stolen data.

After ASUS missed ransom deadline, Everest releases complete data trove including ROG source code, Qualcomm SDKs, and ArcSoft files on cybercrime forums.

Configuration error left addresses, case numbers, and demographic data publicly accessible on mapping website from January 2022 until September 2025.

ManageMyHealth confirms Kazu ransomware gang compromised Health Documents module, threatening to leak 108GB of medical records unless $60,000 ransom is paid.

Investigation reveals Qilin ransomware attack in May 2025 was far larger than initially reported. The gang has already leaked 850GB of stolen data.

Threat actor '888' claims 200GB of source code, API keys, and credentials from ESA's Bitbucket and JIRA servers. Agency says only unclassified scientific systems were affected.

Attackers accessed Chipotle employee Workday accounts between October 9-26, potentially exposing personal information stored in payroll systems.

Oltenia Energy Complex shut down IT systems on December 26 after a ransomware attack encrypted critical documents and disrupted ERP, email, and web operations.

Hackers exploited Oracle EBS vulnerability at catering subsidiary to steal employee data including bank account numbers. Second major Korean airline breach this week.

Database dump posted Christmas Day includes subscriber emails, names, and addresses. Attacker 'Lovely' claims access to broader Condé Nast data spanning multiple publications.

Attackers pushed malicious update v2.68 to Chrome Web Store using leaked API key. Hundreds affected as seed phrases harvested via embedded analytics library.

South Korea's largest e-commerce breach exposed personal data for two-thirds of the population. Former employee identified as perpetrator. National Assembly hearings scheduled.

Ransomware group says it exfiltrated over a terabyte of Chrysler customer data including Salesforce records and recall case narratives. Threatening to publish in days.

ICO penalty cites inadequate security measures that enabled hackers to steal data of 1.6 million UK users. Cryptocurrency theft linked to breach exceeds $438 million.

Crimson Collective hackers breached Red Hat's self-managed GitLab in September, stealing 570GB from 28,000 repositories including Nissan customer data.

Insurance giant Aflac discloses hackers stole SSNs, health records, and personal data from 22.6 million people in a June 2025 breach attributed to Scattered Spider.

Fried Frank Harris Shriver & Jacobson data breach exposes Goldman Sachs alternative fund investor information, prompting class action lawsuit.

Akira ransomware gang exploited known SonicWall vulnerability to hit fintech vendor serving 700+ banks and credit unions. SSNs and card numbers stolen.

Oracle E-Business Suite zero-day exploitation adds another victim to Clop's CVE-2025-61882 campaign. SSNs and bank account numbers among exposed data.

Anna's Archive claims to have scraped 86 million audio files from Spotify. The platform confirms DRM circumvention but says user data is not affected.

Artem Stryzhak admits role in double-extortion ransomware attacks targeting large US and European companies from 2018 to 2021.

Attackers weaponized Windows BitLocker to encrypt systems across Romanian Waters, impacting 10 of 11 river basin management organizations.

ShinyHunters cyber extortion group targets SoundCloud, compromising 20% of users and launching DDoS attacks. Company confirms email addresses exposed.

Urban VPN and related browser extensions secretly harvest conversations from ChatGPT, Claude, Copilot, and other AI platforms, selling data to advertisers.