Click any tag below to further narrow down your results
Links
A hacker claims to have accessed and plans to sell about 1.2 million lines of personal data from the University of Pennsylvania, including donor information and internal documents. They assert that financial gain, not ideological motives, drove the breach, distancing themselves from previous university hacks linked to anti-diversity efforts.
Canon confirmed its U.S. subsidiary was targeted in the Oracle E-Business Suite hacking campaign. The incident affected only a web server, and no Canon data has been leaked so far. Other companies, including Cox Enterprises and Mazda, also reported impacts from the same campaign.
Poland faced a significant cyberattack where hackers accessed sensitive personal information from a loan platform, including national ID numbers and bank account details. Authorities are investigating the breach, urging affected users to change passwords and secure their data through a new government website.
LG Uplus has reported a suspected data breach to South Korea's KISA, following a pattern of cybersecurity issues among the country's major telecom operators. Investigations are ongoing, and recent reports suggest that hackers may have accessed data from thousands of servers. The situation highlights ongoing vulnerabilities in South Korea's cybersecurity framework.
Sax, a major US accounting firm, reported a data breach affecting about 220,000 individuals. The breach went undetected for over a year, raising concerns about the firm's cybersecurity measures and the potential exposure of sensitive personal and financial information.
Hackers claim to have stolen records of over 430,000 Cabify drivers, including personal details like names, addresses, and Facebook IDs. This information raises concerns about potential social engineering attacks and identity theft targeting affected individuals.
Cl0p ransomware has leaked 241 GB of data from the NHS and also breached The Washington Post, exposing personal information of nearly 10,000 users. The attacks exploit critical vulnerabilities in Oracle's E-Business Suite, which have been previously flagged by NHS cybersecurity alerts. Experts warn that many systems remain vulnerable despite patches released by Oracle.
Central Maine Healthcare reported a data breach affecting over 145,000 patients, compromising personal, treatment, and health insurance information. The breach was discovered on June 1, 2025, but the intrusion lasted several months. The organization has since notified affected individuals and offered credit monitoring services.
A data breach has exposed sensitive information from about 17.5 million Instagram accounts, including usernames, email addresses, phone numbers, and physical addresses. This information is being traded on the dark web, raising risks for identity theft and phishing attacks. Users are advised to enable two-factor authentication and change their passwords.
Flickr informed users of a data breach linked to a third-party email service that may have exposed personal information, including names, email addresses, and user activity. The company has shut down the affected system and is reviewing its security practices while advising users to check their account settings. No passwords or financial data were compromised.
Gmarket is under investigation after over 60 users reported unauthorized mobile payments linked to their accounts. The Financial Supervisory Service is inspecting the platform following claims that account information was stolen externally, not through hacking. This incident raises further concerns amid recent data leaks at Coupang.
Nicholas Moore, a 24-year-old from Springfield, Tennessee, is set to plead guilty to hacking the U.S. Supreme Court’s electronic filing system multiple times. Between August and October 2023, he accessed a protected computer without authorization on 25 different occasions. Details about the specific information he obtained remain unclear.
Spain's Ministry of Science has partially shut down its IT systems following a cyberattack claim by a hacker group. The breach reportedly involved sensitive data, and the ministry is currently assessing the situation while suspending administrative procedures.
Hackers accessed personal information of about 27,500 individuals from the University of Sydney's online code library. The stolen data includes names, addresses, and job details of current and former staff, as well as some alumni and students from 2010-2019. The university is investigating the breach and notifying those affected.
Muneeb and Sohaib Akhter, two Virginia brothers with prior hacking convictions, were arrested for allegedly erasing nearly 100 US government databases while working as contractors for a firm handling sensitive information. The case raises serious concerns about insider threats and the effectiveness of background checks in securing government systems.
DXS International, a tech provider for NHS England, reported a cyberattack that compromised its office servers. A ransomware group claimed responsibility, alleging they stole 300 gigabytes of data, though the extent of the breach and any impact on patient information remains unclear.
CrowdStrike fired an employee for allegedly leaking information to the Scattered Lapsus$ Hunters hacking group. The hackers claimed to have accessed CrowdStrike through a breach at Gainsight, but CrowdStrike denies any system compromise and has involved law enforcement. The group has a history of using social engineering to infiltrate companies and has previously claimed large-scale data theft.
The French Soccer Federation suffered a cyberattack that compromised member data, including names and contact information. The breach was traced to a compromised account, which has since been disabled and secured. The federation has filed a complaint regarding the incident.
Eurofiber confirmed a cyberattack on its French unit that resulted in data theft from its ticket management platform. Although the company reported it was extorted, it hasn't disclosed whether it paid a ransom. The attack primarily affected B2B operations, with customer-facing services remaining operational.
Barts Health NHS Trust confirmed that the Cl0p ransomware group stole files from its invoice database, exposing sensitive information like patient names and addresses. The breach, which went undetected for months, highlights ongoing vulnerabilities in NHS cybersecurity, despite clinical records remaining safe.
Delta Dental of Virginia has reported a data breach affecting approximately 146,000 individuals. Stolen information includes names, Social Security numbers, and health data, accessed through a compromised email account between March and April 2025. The company is offering a year of free identity protection services to those impacted.
This article examines the traits that make ransomware groups effective, highlighting the role of automation, customization, and advanced tools. It discusses how these elements contribute to their financial success and ability to bypass defenses, ultimately shaping security strategies for enterprises.
A ransomware attack on Conduent has compromised the personal information of at least 15.4 million people in Texas and another 10.5 million in Oregon, significantly more than initially reported. The stolen data includes names, Social Security numbers, and medical information. Conduent is still notifying affected individuals and has faced criticism for its lack of transparency.
The European Space Agency has confirmed a significant security breach where hackers stole 500 GB of sensitive data, including operational procedures and contractor information. The attackers claim they still have access to ESA's systems, prompting a criminal investigation into the incident. This breach follows another incident just a week prior where 200 GB of ESA data was listed for sale.
Hackers accessed the Pierce County Library System's network in April 2025, compromising personal information of over 340,000 patrons, employees, and their family members. The stolen data includes names, Social Security numbers, and financial details. Affected individuals will receive free credit monitoring for a year.
The Apache Software Foundation rejected the Akira ransomware gang's assertion that they stole 23 GB of data from OpenOffice, including sensitive employee and financial information. Apache insists it does not have the data claimed and found no evidence of a breach.
Japanese companies, including Asahi Holdings and Askul, are struggling to recover from ransomware attacks that have caused significant operational disruptions. Many firms are experiencing prolonged recovery times, shipment delays, and potential data breaches, highlighting vulnerabilities in their cybersecurity defenses.
Thousands of Oregonians are being notified about a data breach at TriZetto, where hackers accessed sensitive health information of over 700,000 patients. The breach went undetected for nearly a year, and Cognizant, TriZetto's parent company, is facing multiple lawsuits as a result.
Two British teens, Thalha Jubair and Owen Flowers, have pleaded not guilty to charges related to a cyberattack on Transport for London in August 2024, which caused significant damage and compromised customer data. They are also linked to other international hacking incidents, including attacks on U.S. healthcare networks.
The Everest ransomware group claims to have stolen over 1TB of data from ASUS, including sensitive camera source code and internal tools. ASUS confirmed the breach originated from a third-party supplier, asserting that it does not affect customer products or user privacy.
A 16TB unsecured MongoDB database was discovered, containing around 4.3 billion professional records, primarily linked to personal data like emails and job histories. Researchers believe this data could facilitate targeted cyber attacks, including phishing and corporate fraud. The database's ownership is still unclear, but it may belong to a lead-generation company.
The cybercriminal group ShinyHunters is targeting around 100 organizations in a campaign aimed at stealing Okta single sign-on credentials. Companies like Atlassian and Canva are included among the targets, with reports of successful breaches at Crunchbase and Betterment. Experts recommend stronger multi-factor authentication measures to combat these threats.
Fintech firm Marquis is seeking compensation from SonicWall after a breach at the firewall provider exposed critical data, enabling hackers to steal customer information during a ransomware attack. Marquis confirmed that it stored a backup of its firewall configuration in SonicWall's cloud, linking the two incidents. SonicWall has requested evidence to support Marquis' claims.
The ShinyHunters gang is extorting PornHub after stealing Premium members' search and watch history data from a breach at analytics provider Mixpanel. While PornHub confirmed the breach affected its users, it asserts that Mixpanel's systems were not compromised during this incident, and sensitive data remains secure.
This article outlines the rise of infostealers as a major threat to identity security, highlighting their role in ransomware and data breaches. It offers practical strategies for detecting and managing these attacks, emphasizing the importance of monitoring stolen identities and utilizing operational intelligence.
Nissan has confirmed that a data breach at Red Hat led to the exposure of information for about 21,000 customers in Fukuoka, Japan. The leaked data includes names, addresses, phone numbers, and email addresses, but no financial information was compromised. This incident marks Nissan's second cybersecurity issue this year.
New Zealand's health minister has initiated a review of a cyberattack on ManageMyHealth, potentially exposing the data of over 100,000 patients. The company, which manages health records for nearly 1.85 million people, is working with cybersecurity experts to assess the breach and safeguard data. A hacker claiming responsibility has threatened to release stolen data unless a ransom is paid.
The University of Phoenix reported a data breach affecting 3.5 million individuals, discovered in November 2025 after cybercriminals targeted its systems over the summer. Compromised data includes names, birth dates, Social Security numbers, and bank information, though no leaked data has surfaced publicly. Other universities were also affected by the same campaign.
Askul, a Japanese e-commerce and logistics company, suffered a ransomware attack in October, compromising over 700,000 records. The RansomHouse group claimed responsibility and leaked data after the company refused to pay a ransom. The breach affected both customer and business partner information, disrupting logistics and operations.
Iberia has reported a data breach linked to a third-party supplier, exposing customer information like names, emails, and loyalty IDs. The airline confirmed that financial data and customer passwords were not compromised. A hacker claims to be selling 77 GB of Iberia's internal data, including sensitive technical files.
Substack has informed some users that their email addresses and phone numbers were compromised in a security breach last October. The company detected the issue on February 3rd and claims no financial information was accessed. Users are advised to be cautious of suspicious communications.
Freedom Mobile reported a data breach affecting its customer account management platform, where attackers accessed personal information of some customers. The compromised data includes names, addresses, phone numbers, and account numbers. Although no misuse of the data has been confirmed, the company advises affected customers to remain vigilant against suspicious communications.
A cyberattack on ApolloMD in May 2025 compromised the personal information of over 626,000 individuals. Hackers accessed files containing sensitive data, including names, addresses, and health insurance details, with some Social Security numbers also at risk.
Proxyearth is a website that allows users to find detailed personal information about any Indian citizen using just their mobile number. It reveals sensitive data, including Aadhaar numbers and home addresses, raising serious concerns about privacy and security in India. The tool likely exploits past data breaches, putting millions at risk of surveillance and profiling.
A data breach at 700Credit has compromised the personal information of at least 5.6 million individuals, including names and Social Security numbers. The breach, attributed to an unknown hacker, involved data collected from auto dealerships between May and October 2025. Affected individuals are encouraged to take protective measures, such as credit monitoring.
Moltbook, a social network for AI agents, suffered a major security breach due to a misconfigured Supabase database, exposing 1.5 million API keys and personal data of 17,000 human users. The incident highlights risks in quickly developed applications without adequate security measures.
A massive data breach allegedly linked to Under Armour has exposed the email addresses and personal details of over 72 million people. The Everest ransomware group claims responsibility, and the leaked data includes sensitive information like names, addresses, and purchase history, raising concerns about identity theft and phishing.
The article recounts a personal experience with a sophisticated phishing scam targeting a Coinbase user. The author details how scammers used stolen personal information to manipulate them into revealing more data and discusses Coinbase's inadequate response to the breach.
The Illinois Department of Human Services revealed that a security flaw exposed the personal information of over 700,000 residents for four years. This data included addresses and case details for Medicaid and Medicare recipients, as well as additional information for individuals receiving rehabilitation services. Officials could not confirm if anyone accessed the data during that time.
The Akira ransomware group hacked Fieldtex Products, stealing over 14 GB of data, including sensitive health information. The breach, disclosed by Fieldtex, impacts 238,615 individuals, with data such as names, addresses, and insurance details compromised.
Betterment revealed that hackers accessed customer personal information through a social engineering attack. The breach allowed the attackers to send fake notifications to users about a crypto scam, although no account logins or passwords were compromised. The company is investigating the incident and has advised affected customers to ignore the fraudulent messages.
A data breach at the Minnesota Department of Human Services exposed the private information of nearly 304,000 individuals. While there’s no evidence of misuse, the state is monitoring for fraudulent activity and has advised those affected to check their health care statements and credit reports.
Nearly 30 organizations, including major companies like Logitech and The Washington Post, have been named as victims of a recent Oracle E-Business Suite hack linked to the Cl0p ransomware group. The attackers have leaked data from 18 of these victims, with indications that vulnerabilities exploited may have been known prior to the attack.
Coupang has announced a compensation package of $1.18 billion for South Korean users affected by a recent data leak. The company aims to address concerns over personal data security and restore customer trust following the incident.
Covenant Health suffered a data breach in May 2025, affecting over 478,000 individuals. The Qilin ransomware group claimed responsibility and released stolen data, which includes personal and health information. The breach was initially reported to involve only 7,800 individuals.
Grubhub has confirmed a data breach where hackers accessed its systems and are now demanding a Bitcoin ransom. The company is investigating and has partnered with a cybersecurity firm while assuring that sensitive customer information was not compromised. Sources indicate that the ShinyHunters group is behind the extortion.
The Qilin ransomware group claims to have stolen over 120,000 resumes and more than 1 million files from Cornerstone Staffing Solutions. The breach exposes sensitive personal information, including Social Security numbers and employee details, raising concerns about identity theft and phishing attacks.
A recent AWS report identifies major security issues in cloud systems, with human errors and operational misconfigurations leading to data breaches. Despite widespread cloud adoption, concerns about cybersecurity and integration challenges persist among businesses. The report underscores the need for organizations to address these vulnerabilities as they transition to cloud-based solutions.
OpenAI's analytics partner Mixpanel suffered a data breach, exposing customer profile information from OpenAI API accounts. The breach occurred due to a smishing attack, and while OpenAI claims its systems were not compromised, affected customers have been notified and advised to stay vigilant against phishing attempts.
Brightspeed is looking into claims from the Crimson Collective that they stole data from over 1 million customers. The hackers say the breached information includes personal details, payment history, and user account information. Brightspeed is committed to keeping stakeholders informed as the investigation unfolds.
A hacker named Lovely claims to have accessed a Condé Nast database, leaking over 2.3 million user records and threatening to release an additional 40 million. While Condé Nast has been accused of neglecting security, a counterargument suggests the hacker is a criminal seeking a payoff. This breach adds to a troubling trend of cybersecurity incidents affecting high-profile companies.
Localmind's software, used by over 150 organizations, suffered a serious data breach due to a flaw allowing demo accounts full root access. The compromised data includes sensitive information from banks, hotels, and energy companies, with passwords stored in plain text. A security researcher uncovered these vulnerabilities and the extent of the breach.
The Everest ransomware group claims to have breached Polycom’s systems, stealing about 90GB of data, potentially from legacy environments before HP Inc. acquired the company. They threaten to publish internal documentation and screenshots if their demands aren't met, though there's no evidence of customer data being compromised. HP Inc. has not confirmed the breach.
The Everest ransomware group claims to have hacked Nissan, releasing screenshots of internal files and directory structures. They are demanding a response within five days or they will leak the data online. This incident adds to Nissan's history of cybersecurity breaches.
Instagram recently addressed a problem where users received unsolicited password reset emails triggered by an external party. The company insists there was no breach, despite reports of personal data from millions of accounts being available on the dark web.
Dentsu announced a data breach affecting its subsidiary, Merkle, with hackers stealing sensitive files related to clients, suppliers, and employees. The breach was detected after unusual activity on the network, prompting immediate action and system shutdowns. Affected individuals will receive notifications and dark web monitoring services.
Hackers known as ShinyHunters leaked data from over 5 million Panera Bread customers after failing to extort the company. The breach, which involved compromised single-sign-on credentials, includes email addresses, names, and phone numbers. Experts warn this poses significant risks for further phishing and identity theft attacks.
Fintech firm Marquis reported a ransomware attack that compromised customer data for dozens of U.S. banks and credit unions. At least 400,000 individuals had their personal and financial information stolen, primarily due to a vulnerability in Marquis's SonicWall firewall. The number of affected customers is expected to increase as more notifications are filed.
The ICE-tracking service StopICE accused a CBP agent of hacking its platform to send alarming text messages to users, falsely claiming their information was compromised. The app's developer, Sherman Austin, denied the allegations and stated that StopICE does not store personal data. The service has faced numerous DDoS attacks and claims to have traced the hacking attempt back to the agent's server.
Asahi Group Holdings suffered a ransomware attack in September, compromising personal data of approximately 2 million customers and employees. The Qilin ransomware group has claimed responsibility, leaking sensitive information including names, addresses, and phone numbers, while the company works to restore operations.
Researchers found a significant security flaw in WhatsApp that allowed hackers to easily access phone numbers and some profile information for all 3.5 billion users. Despite being warned about the issue since 2017, Meta only implemented a fix in October 2023. Users are urged to review their privacy settings to protect their information.
Coupang, South Korea's largest e-commerce platform, announced a data breach affecting 33.7 million customer accounts. The breach exposed personal information but not payment details, and a former employee is suspected to be involved. The government is investigating potential violations of data protection regulations.
Harvard University reported a data breach affecting alumni, donors, and some students due to a voice phishing attack. Compromised data includes personal details like email addresses and home addresses, but financial information and passwords were not affected. The university warns that this information could be used for further phishing attempts.
Coupang's CEO, Park Dae-jun, resigned following a data breach that exposed 33.7 million customer accounts. The company is facing a class-action lawsuit in the U.S. and has come under scrutiny from South Korean authorities for its security practices.
Two members of the DOGE team allegedly accessed and shared Americans' Social Security numbers to assist a political advocacy group aiming to overturn election results. The actions may have violated federal laws, and a whistleblower claims that the team uploaded sensitive records to an insecure cloud server.
Javier Checa, CISO for Equifax in Europe, discusses the company's significant cybersecurity overhaul following the 2017 data breach that affected 147 million people. He highlights investments in cloud technology, a security-first culture, and the importance of transparency and collaboration in rebuilding trust.
A data breach at Coupang exposed the personal information of 33.7 million customers, traced back to a former employee who retained access after leaving. The breach, discovered in November 2025, has prompted police investigations and led to the CEO's resignation. Phishing incidents have surged in South Korea as a result.
Iberia has informed customers about a data breach involving a third-party vendor, exposing names, email addresses, and loyalty card IDs. While no login credentials or financial information were compromised, the airline is monitoring for suspicious activity and has strengthened account protections.
Logitech has confirmed a data breach linked to the Clop extortion gang, which exploited a vulnerability in Oracle E-Business Suite. The stolen data may include limited employee and customer information, but sensitive data like credit card details was not compromised. This breach follows a trend of similar attacks targeting organizations through zero-day vulnerabilities.
Gulshan Management Services confirmed a data breach affecting over 377,000 individuals, exposing sensitive information like Social Security numbers and financial details. The breach, discovered on September 27, 2025, went undetected for days, and notifications to affected individuals were delayed until January 2026. Multiple class action lawsuits are now targeting the company for inadequate security measures.
A hacktivist group claims to have leaked 2.3TB of data affecting 36 million Mexicans. The government denies the severity, stating the exposed information is outdated and comes from previous breaches, with no sensitive data currently at risk.
A 4TB SQL backup file from EY was found publicly accessible due to a cloud misconfiguration, exposing sensitive information like API keys and passwords. The breach highlights the risks of modern cloud tools that prioritize convenience over security. EY responded effectively to the incident after being notified.
Princeton University experienced a data breach on November 10, affecting a database with personal information of alumni, donors, faculty, and students. While no sensitive financial data or passwords were compromised, the breach resulted from a phone phishing attack on an employee. The university is notifying those impacted and investigating the incident.
Japanese e-tailer Askul resumed limited online sales 45 days after a ransomware attack disrupted its operations. While B2B services are back online, consumer sales remain suspended, affecting companies that rely on Askul's logistics. The incident has resulted in significant data breaches and financial repercussions for the company.
Endesa, a major Spanish energy company, reported a data breach where hackers accessed and stole sensitive customer information, including national ID numbers and payment details. The breach affected millions of customers across Europe, prompting concerns over identity theft and security negligence.
Pornhub has alerted Premium members about potential sextortion emails following a data breach at a third-party analytics provider. While no passwords or payment info were leaked, users should be vigilant for blackmail attempts and follow safety guidelines if they receive suspicious emails.
Tokyo FM Broadcasting Co. was hacked on January 1, 2026, with a group claiming to have stolen over 3 million records. The stolen data includes names, birthdays, email addresses, IP addresses, and internal login IDs, raising significant security concerns for listeners and employees. Verification of the claims is still pending.
Conduent revealed a cyberattack that may have compromised sensitive data of around 10 million individuals. The breach, linked to the SafePay ransomware group, lasted nearly three months and exposed various personal and health information, particularly affecting residents in states like Texas and Washington.
A data breach at Vitas Hospice exposed personal information of over 319,000 current and former patients, including names, addresses, and Social Security numbers. It's uncertain if the breach involved ransomware, as no group has claimed responsibility.
Nikkei reported a data breach affecting over 17,000 employees and partners after malware compromised its Slack platform. The stolen information includes names, email addresses, and chat histories, but the company asserts that sensitive journalistic data remains secure.
Hyundai AutoEver America reported a data breach that exposed personal information, including Social Security Numbers and driver's licenses. The company detected the intrusion on March 1, 2025, after hackers accessed its systems starting February 22. Approximately 2,000 individuals, mainly current and former employees, were affected.
The UK ICO fined LastPass £1.2 million after a 2022 breach exposed personal data of 1.6 million users. The breach resulted from a series of security failures, including a compromised employee device and weak password practices, allowing attackers to access sensitive customer information.
A data breach at SitusAMC, a vendor processing mortgage data, has raised alarms among major banks like JPMorgan, Citi, and Morgan Stanley regarding potential customer data exposure. The breach, discovered on November 12, involved access to sensitive corporate and possibly client information, prompting ongoing investigations and heightened security measures.
France’s data regulator fined Free SAS and Free Mobile a total of $48 million for failing to secure personal data after a hacker accessed sensitive information of 24 million subscribers. The companies violated GDPR rules by not properly notifying customers about the breach and had inadequate security measures in place. They plan to appeal the decision, claiming the penalties are excessive.
A cyberattack on financial tech firm SitusAMC exposed customer data from several major U.S. banks, including JPMorgan Chase and Citigroup. The breach, identified on November 12, involved the theft of corporate data and legal agreements, but the full extent of the impact remains unclear. The FBI is investigating the incident, which left no operational disruption to banking services.
The FBI has shared 630 million passwords with Troy Hunt to help organizations block potential account takeovers. This data, some of which is newly identified, adds to the existing database and enhances security measures against cybercrime. Hunt emphasizes the importance of using this information to protect accounts effectively.
The OnSolve CodeRED emergency alert system experienced a ransomware attack by the Inc Ransom group, leading to significant disruptions and a data breach. Affected cities and law enforcement agencies reported an inability to send emergency notifications, prompting a swift response from OnSolve to transition customers to a new platform.
Aflac reported a data breach impacting 22.65 million individuals. Hackers accessed sensitive information including names, Social Security numbers, and medical data. The company is offering affected individuals two years of free credit monitoring and identity theft protection.
CIRO reported that a cybersecurity breach has compromised data for approximately 750,000 individuals. The incident raises concerns about data security and potential impacts on those affected. More details about the breach and its implications are expected to follow.
Match Group confirmed a data breach affecting users of its dating services, including Hinge and OkCupid. Hackers accessed a limited amount of user data after compromising an Okta account, but there's no evidence of stolen login credentials or financial information. The company is investigating the incident and notifying affected individuals.