Exposed data includes customer names, addresses, phone numbers, email addresses, and sales related records. The breach gained wider attention this week after Have I Been Pwned obtained the dataset and notified 72 million people. Reported fields include names, email addresses, genders, dates of birth, ZIP codes or postcodes, and purchase related information, plus employee email addresses.
Washington Post Confirms Theft of Data on 9,720 Workers in Oracle Zero Day Attack
AllerVie Health, an allergy and immunology provider based in Frisco, Texas, detected unusual network activity on 2 Nov, 2025 and later confirmed unauthorized access between 24 Oct, 2025 and 3 Nov, 2025. SoundCloud disclosed a data breach after detecting unauthorized activity within an ancillary service dashboard. The company confirmed that attackers exfiltrated email addresses and other information already visible on public user profiles, affecting about 20% of its user base. Conduent disclosed its ransomware breach in an SEC filing on April 9, 2025, confirming attackers accessed systems from October 21, 2024 to January 13, 2025 and stole more than 8 terabytes of data. Initial impact estimates near 4 million surged in February 2026, when Texas officials reported 15.4 million residents affected and Oregon identified 10.5 million, pushing the total to at least 25.9 million people.
- According to IBM’s 2025 Cost of a Data Breach Report, breaches involving shadow AI cost organizations $4.63 million on average—$670,000 more than standard incidents.
- Highly sensitive PII and Protected Health Information (PHI), including names, addresses, phone numbers, Aadhaar IDs, passport details, and COVID test results, were exposed.
- Pornhub stated passwords and payment information were not exposed and emphasized it ended its Mixpanel relationship in 2021, suggesting the dataset is historical.
- After the attack and damages resulting in over $180 million, Home Depot promised to invest in cybersecurity to better protect sensitive financial data.
- Lawyers are investigating claims on behalf of individuals whose personal information was exposed.
- The review determined that the personal information potentially subject to unauthorized access includes names, Social Security numbers and financial account information.
The 83 Biggest Data Breaches Ranked by Impact
Mailfire, an email marketing software used by adult dating sites and ecommerce websites, had its database breached exposing https://rogerdmoore.ca/ai-main/ai-solutions personal user records from over 70 websites. At the time of writing this, it is unknown whether the compromised credit card numbers were complete or hashed. Even if hashed, they could still be unencrypted with sophisticated brute force methods.
Coinbase Support Leak Shocker: 30 Users Hit
Tools like GDPR Register’s GDPR Compliance Software simplify this process by centralizing breach documentation, reporting workflows, and compliance tracking. Data protection strategies should keep pace with the ongoing addition, removal and movement of data through regular updates and reviews. One of the main challenges has been inconsistent cooperation across crypto platforms. The exchange eXch allowed over $90 million to be moved through its systems before taking action. The attackers secretly altered a digital wallet address, redirecting 401,000 Ethereum coins to their own wallet.
- While other victims saw hundreds of gigabytes released online, no Phoenix data has surfaced publicly, and Cl0p has not yet listed Penn.
- In an email to its users, Plex assured its users that all compromised passwords were hashed and secured in accordance with best cybersecurity practices.
- These attackers often leverage social engineering techniques to create a sense of urgency or fear, compelling individuals to act impulsively without verifying the authenticity of the request.
- Askul’s logistics network supports major Japanese retailers such as Muji and The Loft, whose operations were disrupted, though neither company has confirmed a direct data impact.
- Connex Credit Union, serving more than 70,000 members and managing assets exceeding $1 billion, disclosed a cybersecurity breach that compromised the personal data of 172,000 individuals.
- In June of 2018, Florida-based marketing and data aggregation firm Exactis exposed a database containing nearly 340 million records on a publicly accessible server.
The breach involves Instructure, the parent company of Canvas, a web-based learning management system used daily by educators and students for coursework, assignments and communication. Thousands of institutions and millions of users have reportedly been affected, including the University of Pennsylvania. After stealing Gaff’s sensitive data and encrypting their internal systems, Conti started publishing some of the stolen records on the dark web, promising to only stop of their ransom of up to ten millions of pounds is paid. Exclusive UK Jeweller, Gaff, suffered a data breach that compromised many of its famous clients. The Russian cybercriminal group, Conti, was responsible for the attack which involved the deployment of ransomware (ransom software).
TridentLocker Claims 30 GB Data Theft in Breach Affecting bpost
Timely communication is imperative in mitigating the negative impact a data breach can have on both the individuals affected and the organization’s reputation. A well-crafted communications plan should include key elements such as clear messaging, channels for dissemination, legal requirements, and designated spokespersons. It’s crucial to inform individuals about the breach, the type of data compromised, potential risks, and mitigation steps they can take. Organizations should implement strict security measures such as encryption, access controls, and employee training to prevent physical theft data breaches. Malware attacks can originate from various sources, including malicious email attachments, compromised websites, or infected USB drives.