Breach Advisories

Analysis of the IDMerit KYC data exposure affecting approximately 1 billion identity verification records across 26 countries due to a misconfigured MongoDB database.

Analysis of the Under Armour data breach with 72 million customer records allegedly leaked by the Everest ransomware group after a failed extortion attempt.

Analysis of the Conduent ransomware breach affecting over 25 million individuals including government benefits recipients. SafePay group claimed to have exfiltrated 8TB of data.

Analysis of the alleged Instagram data leak of 17.5 million accounts. Meta denies the breach occurred and the claims remain unverified.

Analysis of the CarGurus data breach reportedly exposing 12.4 million user records including hashed passwords.

Analysis of the alleged Match Group breach reportedly exposing 10 million records from Hinge, Match.com, and OkCupid via claimed compromise of marketing analytics partner.

Analysis of the Odido data breach affecting over 6 million individuals in the Netherlands. Social engineering attack bypassed MFA and exposed customer data including IBANs and identity document metadata.

Analysis of the Panera Bread data breach with 5.1 million customer accounts leaked by ShinyHunters after failed extortion attempt.

Analysis of the TriZetto Provider Solutions data breach affecting over 3.4 million patients. An 11-month unauthorised access to healthcare claims processing systems exposed SSNs and health data.

Analysis of the Crunchbase data breach exposing 2 million records including internal documents and contracts.

Analysis of the MexiTravels data leak exposing approximately 1.98 million travel reservation records. SQL database dump published on dark web forums.

Analysis of the Den kulturelle skolesekken (DKS) data breach in Norway exposing approximately 1.3 million records from the national cultural education programme.

Analysis of the University of Hawai'i Cancer Center ransomware attack affecting up to 1.24 million individuals. Legacy research data from the 1990s exposed including SSNs.

Analysis of the FICOBA breach exposing 1.2 million French bank account records from the national registry.

Analysis of the Brightspeed data breach affecting over 1 million customers with partial payment card information exposed.

Analysis of the Figure Technology breach affecting 967,000 users via social engineering by the ShinyHunters group.

Analysis of the Adidas licensing partner breach exposing 815,000 rows of data including plaintext passwords.

Analysis of the CIRO breach affecting 750,000 people at Canada's investment regulatory organisation via phishing attack.

Analysis of the Illinois DHS data exposure affecting 705,017 individuals due to a system misconfiguration exposing public assistance data.

Analysis of Roku's second data breach in two years affecting 576,000 customer accounts.

Analysis of the youX breach exposing 444,538 Australian borrowers' government IDs and driver's licences.

Analysis of the Minnesota DHS insider threat incident affecting 303,965 individuals' personal and protected information.

Analysis of the Clinic Service Corporation breach affecting 82,331 individuals' health data.

Analysis of the LifeLong Medical Care breach affecting 70,000 individuals via hacking at a business associate.

Analysis of the Bryan Texas Utilities ransomware attack disrupting billing services for 70,000 customers.

Analysis of the Avosina Healthcare ransomware attack by Qilin group affecting 44,425 individuals.

Analysis of the PayPal credential-stuffing attack affecting 34,942 users with SSN exposure over a 5-month period.

Analysis of the Vida Y Salud breach affecting 34,504 individuals with SSNs and medical data exposed.

Analysis of the Wakefield & Associates ransomware attack by Akira group affecting 31,751 individuals.

Analysis of the Jefferson-Blount Mental Health Authority ransomware attack by Medusa group affecting 30,434 individuals.

Analysis of the Japan Airlines breach affecting 28,000 customers via unauthorised access to luggage delivery reservation system.

Analysis of the Mid Michigan Medical Billing ransomware attack by Qilin group affecting 28,185 individuals.

Analysis of the RTL Group breach exposing 27,000 employees' contact and job details.

Analysis of the Volvo Group breach affecting 17,000 employees via the Conduent/SafePay ransomware supply chain attack.

Analysis of the Pecan Tree Dental ransomware attack by Sinobi group affecting 13,300 individuals.

Analysis of the Central Ozarks Medical Center breach affecting 11,818 individuals' health data.

Analysis of the 360 Dental PC ransomware attack affecting 11,273 individuals.

Analysis of the ICE and Border Patrol insider leak exposing 4,500 law enforcement workers' details.

Analysis of the Microsoft Outlook add-in credential theft affecting 4,000 user accounts.

Analysis of the Coinbase insider threat exposing 30 individuals' KYC data and crypto wallet balances.

Analysis of the Nike data breach with 1.4TB of internal design and manufacturing data claimed stolen by WorldLeaks.

Analysis of the LexisNexis cloud breach exposing 2GB of legal and government client data.

Analysis of the Wynn Resorts ransomware attack exposing customer and corporate data.

Analysis of the Substack breach exposing subscriber email addresses and phone numbers.

Analysis of the Flickr data exposure via third-party breach including user IP addresses and locations.

Analysis of the Eurail breach with passport and customer data allegedly offered for sale on the dark web.

Analysis of the European Commission staff data exposure via exploited Ivanti Endpoint Manager Mobile vulnerability.

Analysis of the claimed Senegal government biometric database breach by Green Blood Group with 139TB of identity data.

Analysis of the Terry Reilly Health Services breach via TriZetto supply chain cascade exposing SSNs and health data.

Analysis of the San Diego Eye Bank ransomware attack exposing patient and donor data.

Analysis of the Dutch Data Protection Authority breach via Ivanti vulnerability - the data privacy regulator itself compromised.

Analysis of the Iron Mountain extortion attempt claiming 1.4TB of data from the records management company.

Analysis of the Ledger/Global-e breach exposing crypto wallet customer data including physical addresses and order details.

Analysis of the Handala group’s destructive wiper attack on Stryker Corporation, which reportedly wiped up to 200,000 devices across 79 countries using the company’s own Microsoft Intune platform.

Analysis of the TELUS Digital breach where ShinyHunters allegedly stole close to 1 petabyte of data, reportedly including BPO customer data for 28 companies, using credentials from the Salesloft Drift breach.

Analysis of the Infutor data exposure affecting approximately 677 million records of US consumer data, including Social Security Numbers, reportedly caused by a misconfigured Elasticsearch database.

Analysis of the Loblaw Companies data breach where hackers accessed customer contact information from Canada’s largest food and pharmacy retailer, which operates 2,400+ stores.

Analysis of the Anubis ransomware attack on AkzoNobel where the group claims to have stolen 170GB of data including passport scans and confidential agreements from the global paints and coatings manufacturer.