Skip to content

Incidents by attack type:

Vulnerability exploit

Vulnerability exploitContained

Leak at Maeva

In May 2026, Maeva โ€” the holiday-rental brand of Pierre & Vacances-Center Parcs โ€” disclosed a breach in which an attacker scraped up to ten years of booking data, exposing names, dates of birth, phone numbers and stay details for around 4.5 million customers across 1.6 million reservations.

Victim
Maeva
Vulnerability exploitContained

Leak at I-Cad

I-Cad, France's national dog, cat and ferret identification registry, disclosed in March 2026 that a September 2025 software vulnerability had allowed automated querying of its database, exposing users' email addresses and fuelling phishing campaigns against pet owners.

Victim
I-Cad
Vulnerability exploitContained

Leak at Oracle Cloud

In late March 2025, a threat actor known as 'rose87168' claimed to have stolen roughly 6 million authentication records from an Oracle Cloud SSO/LDAP endpoint, potentially affecting over 140,000 tenants; Oracle initially denied any breach before privately confirming a compromise to customers.

Victim
Oracle Cloud
Records
6.0M
Vulnerability exploitResolved

Virgin Mobile Polska data breach

An unauthorised party exploited a flaw in Virgin Mobile Polska's prepaid-registration application to access the personal data of over 114,000 subscribers, including PESEL identity numbers and ID-card details. Poland's data-protection authority fined the operator nearly PLN 2 million for inadequate security testing.

Victim
Virgin Mobile Polska
Records
115.0K
Vulnerability exploitResolved

First American Financial document exposure

An insecure direct object reference (IDOR) flaw on First American Financial's website exposed roughly 885 million title-insurance and mortgage documents โ€” including Social Security numbers, bank account details, and driver's-license images โ€” dating back to 2003, accessible to anyone without authentication.

Victim
First American Financial Corporation
Loss
$1.5M
Records
885.0M