Data Breach

Attacker impersonating civil servant accessed French FICOBA registry containing 300M+ bank account records. 1.2 million accounts compromised in late January attack.

WormGPT database allegedly leaked on dark web forums, exposing emails, payment data, and subscription details of cybercriminals using the service.

Wiz researchers found Moltbook's Supabase database exposed without authentication, leaking 1.5M API tokens, private messages, and plaintext OpenAI keys.

Odido confirms cyberattack exposed names, IBANs, passport numbers, and personal data of 6.2 million Dutch customers. Services remain operational.

Enriched AT&T breach dataset with 148M Social Security numbers and 133M addresses is circulating privately, creating fresh identity theft and SIM-swap risks.

Flickr discloses a data breach through a third-party email provider vulnerability that exposed names, emails, and IP addresses for up to 35 million users.

Substack's October 2025 breach went undetected for four months. 700,000 users' email addresses and phone numbers were accessed by an unauthorized third party.

The January 2025 ransomware attack on govtech giant Conduent keeps growing—15.4M in Texas, 10.5M in Oregon, with more states still counting.

Russian-linked gang dumps executive emails, employee IDs, and banking communications in first airline sector attack of 2026.

Match Group confirms breach after ShinyHunters dumps 1.7GB of user data. Attackers used voice phishing to compromise an Okta SSO account.

SafePay ransomware group allegedly stole 3.5TB from the $48B IT distributor. Employee SSNs, passports, and performance reviews exposed.

A backup misconfiguration led to the exposure of nearly 324,000 user records from the notorious hacking forum, including usernames, hashed passwords, and IP addresses.

Australian government schools confirm hackers accessed student names, emails, and encrypted passwords. VCE students prioritized for credential resets before school year.

Food delivery giant confirms hackers stole data and are now extorting the company. Attack traced to credentials stolen in August 2025 Salesloft breach.

Russia-linked ransomware group posts samples allegedly from Nissan's internal systems including dealership records and financial documents.

Attackers claim 98 million records from the car rental insurance provider. Stolen data includes license photos, policy documents, and personal details.

Scraped data from 2024 API misconfiguration resurfaces on dark web. Attackers weaponize leaked emails to flood users with legitimate password reset requests.

A threat actor shared Instagram user data including emails and phone numbers for free. Users report receiving suspicious password reset emails within hours of the leak.

Pickett USA breach exposes LiDAR scans, transmission line surveys, and substation layouts for Tampa Electric, Duke Energy Florida, and American Electric Power. Asking price: 6.5 BTC.

Consumer credit provider 700Credit suffers massive data breach affecting auto loan applicants nationwide, with millions of Social Security numbers potentially compromised through dealership credit checks.

Threat actor '1011' posted alleged data from the semiconductor equipment giant to a Russian cybercrime forum. Security researchers are verifying the files.

System enhancement gone wrong allowed members to view other members' names, diagnoses, and medications. The insurer is offering affected individuals credit monitoring.

Russian ransomware group Clop claims responsibility for breach at Dartmouth College, posting stolen data on dark web and affecting more than 40,000 individuals including students, staff, and alumni.

Russian ransomware gang exploited CVE-2025-61882 to steal SSNs and financial data from the college. The same vulnerability hit Harvard, UPenn, and 100+ organizations.

US fiber broadband provider Brightspeed confirms investigation into cyberattack claims by emerging threat group Crimson Collective, which alleges exfiltration of over one million customer records.

Cryptocurrency hardware wallet maker Ledger confirms customer data exposed after third-party payment processor Global-e suffers cloud system breach.

New Year's Eve attack on Sedgwick Government Solutions compromises file transfer system serving DHS, CISA, and ICE. TridentLocker claims 3.4GB of stolen data.

Configuration error left addresses, case numbers, and demographic data publicly accessible on mapping website from January 2022 until September 2025.

ManageMyHealth confirms Kazu ransomware gang compromised Health Documents module, threatening to leak 108GB of medical records unless $60,000 ransom is paid.

Investigation reveals Qilin ransomware attack in May 2025 was far larger than initially reported. The gang has already leaked 850GB of stolen data.

Threat actor '888' claims 200GB of source code, API keys, and credentials from ESA's Bitbucket and JIRA servers. Agency says only unclassified scientific systems were affected.

Attackers accessed Chipotle employee Workday accounts between October 9-26, potentially exposing personal information stored in payroll systems.

Database dump posted Christmas Day includes subscriber emails, names, and addresses. Attacker 'Lovely' claims access to broader Condé Nast data spanning multiple publications.

South Korea's largest e-commerce breach exposed personal data for two-thirds of the population. Former employee identified as perpetrator. National Assembly hearings scheduled.

ICO penalty cites inadequate security measures that enabled hackers to steal data of 1.6 million UK users. Cryptocurrency theft linked to breach exceeds $438 million.

Crimson Collective hackers breached Red Hat's self-managed GitLab in September, stealing 570GB from 28,000 repositories including Nissan customer data.

Insurance giant Aflac discloses hackers stole SSNs, health records, and personal data from 22.6 million people in a June 2025 breach attributed to Scattered Spider.

Akira ransomware gang exploited known SonicWall vulnerability to hit fintech vendor serving 700+ banks and credit unions. SSNs and card numbers stolen.

Oracle E-Business Suite zero-day exploitation adds another victim to Clop's CVE-2025-61882 campaign. SSNs and bank account numbers among exposed data.

From the largest cryptocurrency heist in history to nation-state espionage campaigns targeting critical infrastructure, 2025 redefined the cyber threat landscape.

ShinyHunters cyber extortion group targets SoundCloud, compromising 20% of users and launching DDoS attacks. Company confirms email addresses exposed.