A data breach has exposed sensitive information from about 17.5 million Instagram accounts, including usernames, email addresses, phone numbers, and physical addresses. This information is being traded on the dark web, raising risks for identity theft and phishing attacks. Users are advised to enable two-factor authentication and change their passwords.

Flickr informed users of a data breach linked to a third-party email service that may have exposed personal information, including names, email addresses, and user activity. The company has shut down the affected system and is reviewing its security practices while advising users to check their account settings. No passwords or financial data were compromised.

The cybercriminal group ShinyHunters is targeting around 100 organizations in a campaign aimed at stealing Okta single sign-on credentials. Companies like Atlassian and Canva are included among the targets, with reports of successful breaches at Crunchbase and Betterment. Experts recommend stronger multi-factor authentication measures to combat these threats.

The article recounts a personal experience with a sophisticated phishing scam targeting a Coinbase user. The author details how scammers used stolen personal information to manipulate them into revealing more data and discusses Coinbase's inadequate response to the breach.

OpenAI's analytics partner Mixpanel suffered a data breach, exposing customer profile information from OpenAI API accounts. The breach occurred due to a smishing attack, and while OpenAI claims its systems were not compromised, affected customers have been notified and advised to stay vigilant against phishing attempts.

Harvard University reported a data breach affecting alumni, donors, and some students due to a voice phishing attack. Compromised data includes personal details like email addresses and home addresses, but financial information and passwords were not affected. The university warns that this information could be used for further phishing attempts.

A data breach at Coupang exposed the personal information of 33.7 million customers, traced back to a former employee who retained access after leaving. The breach, discovered in November 2025, has prompted police investigations and led to the CEO's resignation. Phishing incidents have surged in South Korea as a result.

Princeton University experienced a data breach on November 10, affecting a database with personal information of alumni, donors, faculty, and students. While no sensitive financial data or passwords were compromised, the breach resulted from a phone phishing attack on an employee. The university is notifying those impacted and investigating the incident.

Ledger customers are at risk after a data breach at Global-e, a third-party payment processor. Though no financial information was compromised, personal details like names and contact information were exposed. Ledger advises users to stay vigilant against potential phishing attempts.

Match Group confirmed a data breach affecting users of its dating services, including Hinge and OkCupid. Hackers accessed a limited amount of user data after compromising an Okta account, but there's no evidence of stolen login credentials or financial information. The company is investigating the incident and notifying affected individuals.

HMRC has reported a loss of £47 million due to a phishing scam that compromised 100,000 taxpayer accounts, although affected individuals will not incur any financial loss. The breach involved organized crime using stolen personal information, but HMRC clarified that it was not a cyber-attack and has since secured the accounts and removed any incorrect information. Affected taxpayers will receive notifications from HMRC in the coming weeks.

Coinbase experienced a significant data breach in 2025 that compromised the personal information of nearly 70,000 users due to unauthorized access by outsourced call center agents in India. The attackers leveraged social engineering tactics, leading to a rise in phishing attempts, while Coinbase faced estimated remediation costs between $180 million to $400 million and launched a bounty for information on the perpetrators. The incident has sparked discussions on the vulnerabilities associated with outsourcing sensitive customer data management.

French retailer Auchan has reported a data breach affecting several hundred thousand customers, compromising sensitive information linked to loyalty accounts, such as names, addresses, and contact details. The company has notified affected individuals and the French Data Protection Authority, advising them to be cautious of potential phishing attempts. However, bank data and passwords remain secure following the incident.

Toys “R” Us Canada has notified customers of a data breach in which threat actors leaked personal customer information, including names, addresses, emails, and phone numbers, but not passwords or credit card details. The breach was discovered on July 30, 2025, when the data was posted on the dark web, prompting the company to enhance its cybersecurity measures and notify regulatory authorities. Customers are advised to be vigilant against phishing attempts following the breach.

Cyberattacks surged during the summer of 2025, with ransomware groups targeting healthcare and retail sectors, while nation-state actors engaged in geopolitical cyber activities. Major incidents included the rise of the Interlock and Qilin ransomware groups, significant data breaches in retail, and the exploitation of Microsoft SharePoint vulnerabilities in a widespread campaign. Organizations are urged to improve their defenses by patching vulnerabilities, training personnel, and monitoring for lateral movement post-intrusion.

A series of data breaches affecting companies such as Qantas, Allianz Life, LVMH, and Adidas has been attributed to the ShinyHunters extortion group, which uses voice phishing to compromise Salesforce CRM accounts. The attackers impersonate IT support to manipulate employees into entering connection codes that link malicious applications to Salesforce environments, leading to data theft and potential extortion attempts without public leaks so far. Salesforce has confirmed that their platform is not compromised, emphasizing the importance of customer vigilance against social engineering attacks.

Air France and KLM have reported a data breach resulting from unauthorized access to a third-party platform, compromising customer information such as names, contact details, and loyalty program numbers. The airlines have advised customers to be cautious of phishing attempts but confirmed that sensitive information like passwords and credit card details were not accessed.

A massive leak of 16 billion login credentials from various online services has been confirmed, marking one of the largest data breaches in history. Cybersecurity experts warn that these compromised credentials pose a significant risk for account takeovers and phishing attacks, emphasizing the importance of switching to secure passkeys and maintaining strong password hygiene. Users are urged to change passwords, utilize password managers, and adopt multi-factor authentication to protect their accounts.

Adidas has confirmed that hackers stole personal data from a third-party customer service provider, primarily affecting contact information of customers who interacted with their help desk. The company assures that sensitive information like passwords and payment details were not compromised, but warns customers to remain vigilant against potential phishing attempts due to the breach.