Skip to content

Incidents in sector:

Government

Zero-dayContained

NAIC confirms data breach after Oracle PeopleSoft zero-day exploited by ShinyHunters

The National Association of Insurance Commissioners disclosed on 23 June 2026 that attackers exploited an Oracle PeopleSoft zero-day to access part of its environment, and by 25 June the extortion group ShinyHunters had published the stolen data online, claiming more than 3.1 terabytes.

Victim
National Association of Insurance Commissioners (NAIC)
Data breachContained

World Food Programme breach exposes data of 600,000 Gaza households (2026)

The UN World Food Programme disclosed that attackers gained unauthorized access to its self-registration application for Palestine, exposing names, ID and phone numbers, and location data for roughly 600,000 households in Gaza in what may be the largest known breach of humanitarian beneficiary data.

Victim
World Food Programme (WFP)
Records
600.0K
Data breachContained

12 million people in the ANTS data leak

France Titres (ANTS), the French government agency issuing secure identity documents, disclosed a breach of its moncompte.ants.gouv.fr portal via an IDOR API flaw; officials confirmed 11.7 million accounts exposed (names, dates of birth, emails, addresses), while a hacker claimed up to 19 million records.

Victim
ANTS (France titres)
Records
11.7M
Data breachContained

Vaucluse Provence Attractivitรฉ: customers targeted after a cyberattack

On 31 March 2026, Vaucluse Provence Attractivitรฉ โ€” the Vaucluse dรฉpartement's public tourism and economic-promotion agency โ€” disclosed a messaging-system compromise that let attackers send fraudulent emails from its official addresses, exposing the names and email addresses of people who had contacted it.

Victim
Vaucluse Provence Attractivitรฉ
Supply chainContained

Leak at Europa (European Commission)

In March 2026, the European Commission's Europa.eu web-hosting infrastructure was breached via a stolen AWS key (Trivy supply-chain compromise); ~91.7 GB of data covering 30+ EU entities โ€” names, emails, email content and documents โ€” was exfiltrated and leaked by ShinyHunters.

Victim
Europa (European Commission)
Data breachContained

62,511 records in the SIA data leak

In late March 2026, a hacker put up for sale data on 62,511 firearms registered in France's Systรจme d'Information sur les Armes (SIA), exposing owners' names, postal addresses, emails, phone numbers, weapon details and transaction histories.

Victim
Systรจme d'Information sur les Armes (SIA)
Records
62.5K
Supply chainContained

310,000 Carte Jeune beneficiaries: Rรฉgion Occitanie data leak

In March 2026, France's Rรฉgion Occitanie disclosed a breach of its Carte Jeune Rรฉgion scheme after a technical service provider was compromised, exposing the personal data of about 310,000 young beneficiaries โ€” including some 270,000 ID photos of minors โ€” which the DumpSec group put up for sale on the dark web.

Victim
Occitanie regional council
Records
310.0K
Data breachResolved

Leak at MDPH 92

In early March 2026, MDPH 92 โ€” the Hauts-de-Seine disability services agency โ€” accidentally exposed around 500 beneficiaries' email addresses by sending a mass post-cyberattack notice with recipients in CC instead of BCC.

Victim
MDPH 92
Records
500
Data breachContained

Leak at Paris Adult Courses Platform

On 2 March 2026, the City of Paris confirmed a data breach affecting the Cours d'Adultes de Paris (adult education) platform, exposing names, dates of birth, emails, postal addresses and phone numbers of users registered before May 2025; no passwords or banking data were affected.

Victim
Paris Adult Courses Platform
Data breachUnknown

8,861 staff - data leak at the French Ministries of the Interior & Armed Forces

On 20 February 2026, a compilation of personal data covering 8,861 staff of the French Ministries of the Interior and Armed Forces โ€” including names, dates of birth, contact details and internal identifiers โ€” surfaced on underground forums, part of a wider aggregate of leaks affecting French public agents.

Victim
French Ministries of the Interior & Armed Forces
Records
8.9K
Data breachOngoing

2,393 officials affected by a Police, Gendarmerie, CNIL data leak

On 20 February 2026, a compiled database exposing 2,393 French state agents โ€” from the Police, Gendarmerie, Defence ministry, DGSI, DGSE, Customs and the CNIL (including 86 CNIL staff) โ€” was published on underground forums, leaking identity, contact and professional details aggregated from hundreds of prior breaches.

Victim
Police, Gendarmerie, CNIL (officials)
Records
2.4K
Data breachContained

Leak at the French Ministry of Sports, Youth and Community Life

In February 2026, the French Ministry of Sports, Youth and Community Life had data on roughly 450,000 candidates exfiltrated from its FORร”MES sports/youth training platform after a legitimate training organisation's account was compromised, exposing names, contact details and dates and places of birth.

Victim
French Ministry of Sports, Youth and Community Life
Records
450.0K
Data breachContained

450,000 FOROM users hit by a data leak

On 19 February 2026 the French Ministry of Sports disclosed that data on roughly 450,000 candidates was exfiltrated from its FORร”MES training and diploma platform after a legitimate training-organisation account was compromised, exposing names, contact details and dates and places of birth.

Victim
French Ministry of Sports (FOROM platform)
Records
450.0K
Data breachContained

1.2 million bank accounts: data leak at FICOBA

France's Ministry of the Economy and Finance disclosed that an intruder who usurped a civil servant's credentials had illegitimately accessed the national bank-account registry FICOBA from late January 2026, exposing the IBAN/RIB details, identity, address and in some cases tax ID of holders of about 1.2 million accounts.

Victim
FICOBA (French Ministry of the Economy and Finance)
Records
1.2M
Data breachContained

Leak at La Carte Avantage Jeune

A January 2026 breach of Info Jeunes Bourgogne-Franche-Comtรฉ's Carte Avantages Jeunes platform exposed the personal data of roughly 283,000 cardholders, including names, dates of birth, addresses, phone numbers and identity documents, later put up for sale on the dark web.

Victim
La Carte Avantage Jeune
Data breachOngoing

Leak at the City of Paris

A leaked file from the City of Paris's municipal adult-education platform (Cours municipaux pour adultes) exposed the personal data of 320,292 registered users, including names, dates of birth, postal addresses, phone numbers and email addresses; no passwords or banking data were involved.

Victim
City of Paris
Records
320.3K
Supply chainOngoing

2.1 million: data leak at OFII / ANEF

On 1 January 2026, a database of around 2.1 million records belonging to France's OFII / ANEF "ร‰trangers en France" immigration portal was put up for sale on BreachForums, exposing foreign nationals' identities, contact details, family situation and residence-permit data after a subcontractor was compromised.

Victim
OFII / ANEF ("ร‰trangers en France" portal โ€“ French Ministry of the Interior)
Records
2.1M
RansomwareContained

Leak at Commune de Lens

In late December 2025, the town hall of Lens (Pas-de-Calais, France) disclosed an intrusion into its information system that paralysed municipal services for about a week, blocking staff software and telephone lines; the attack vector was undisclosed and data theft was not confirmed.

Victim
Commune de Lens
Data breachUnknown

Leak at justice.fr

On 22 December 2025 a database attributed to the French justice system (justice.fr) recirculated online, exposing personal, professional and banking data โ€” including IBAN/BIC โ€” of 1,100+ magistrates, judges, lawyers and judicial staff.

Victim
justice.fr
Data breachContained

Leak at the French Ministry of Sports

On 19 December 2025 France's Ministry of Sports confirmed a breach of a system tied to the Pass'Sport aid scheme, exposing data on about 3.5 million households โ€” names, dates of birth, contact details, social security, INE and CAF numbers โ€” published on a criminal forum.

Victim
French Ministry of Sports
Data breachContained

Leak at the French Ministry of the Interior

In December 2025, attackers compromised professional email accounts at France's Ministry of the Interior and accessed sensitive police files including the TAJ criminal-records and FPR wanted-persons databases; the ministry confirmed a few dozen files were exfiltrated while attackers claimed data on 16.4 million people.

Victim
French Ministry of the Interior
Data breachContained

Leak at France Travail

On 1 December 2025, France Travail and the Missions Locales network disclosed that an attacker who hijacked a local-mission agent's account accessed records of about 1.6 million young people, exposing names, dates of birth, social security numbers and contact details.

Victim
France Travail
Records
1.6M
Data breachOngoing

Leak at Resana

On 18 November 2025, users of Resana โ€” France's interministerial collaborative platform run by DINUM โ€” were notified of a data exfiltration after attackers logged in with a compromised account. Up to roughly one million public agents were potentially exposed, triggering ransom emails to civil servants.

Victim
Resana
Supply chainContained

Data leak at Synbird

In November 2025, Synbird โ€” the SaaS provider handling municipal appointment bookings for around 1,300 French communes โ€” disclosed a breach in which an attacker abused a weakly-secured PDF export to exfiltrate residents' contact details and appointment information.

Victim
Synbird
Data breachContained

Leak at Pajemploi

In November 2025, Pajemploi โ€” the Urssaf service used by French households to declare and pay childcare workers โ€” disclosed a data theft affecting up to 1.2 million employees, exposing names, social security numbers, dates/places of birth, postal addresses and Pajemploi/accreditation numbers.

Victim
Pajemploi
Records
1.2M
Credential stuffingOngoing

Leak at France Travail

In late October 2025, France Travail โ€” France's public employment agency โ€” disclosed a breach in which attackers used credentials harvested by infostealer malware to access job-seeker accounts and exfiltrate sensitive personal, identity and financial data; about 16,479 affected records were catalogued.

Victim
France Travail
Data breachContained

Leak at France Travail

On 6 October 2025, France Travail โ€” France's national public employment agency โ€” was hit by one of several 2025 data leaks, with personal records of roughly 5,500 job seekers exposed, including names, France Travail IDs, registration categories, email addresses, RSA welfare status and CIR identifiers.

Victim
France Travail
Data breachUnknown

Leak at France Travail

On 25 September 2025, a leak attributed to France Travail, France's public employment agency, exposed the personal data of about 9,971 job seekers, including their email addresses, names and the email address of their assigned advisor.

Victim
France Travail
Records
10.0K
Data breachContained

Leak at France Travail

On 12 August 2025, France Travail, France's public employment agency, disclosed unauthorized access to its employer-facing job portal that exposed the contact details of business users โ€” names, email addresses, phone numbers and an internal technical identifier.

Victim
France Travail
Supply chainContained

Leak at France Travail

France Travail disclosed on 22 July 2025 that an intrusion via its Kairos platform exposed the personal data of around 340,000 job seekers, including names, postal and email addresses, phone numbers, France Travail IDs and jobseeker status; passwords and bank details were not affected.

Victim
France Travail
Records
340.0K
Data breachinvestigating

Morocco ANCFCC land registry data leak

Weeks after the CNSS breach, the hacktivist Jabaroot leaked roughly 4 terabytes of data โ€” millions of property certificates, title deeds, ID cards, passports, and banking documents โ€” from Morocco's national land conservation agency ANCFCC.

Victim
Agence Nationale de la Conservation Fonciรจre, du Cadastre et de la Cartographie (ANCFCC)
Records
4.0M
Data breachResolved

Morocco CNSS social security data leak

A hacktivist using the alias Jabaroot leaked more than 53,000 PDF files and CSV databases from Morocco's National Social Security Fund, exposing national ID numbers, salaries, and banking details for nearly 2 million employees across some 500,000 companies.

Victim
Caisse Nationale de Sรฉcuritรฉ Sociale (CNSS)
Loss
$4.0M
Records
2.0M
Data breachUnknown

Leak at Nord Emploi

On 26 February 2025, Nord Emploi โ€” the Nord department's RSA return-to-employment support platform โ€” was hit by a data leak exposing personal and social-support records of roughly 200,000 benefit recipients, including identity, contact, CAF/RSA and detailed welfare-accompaniment data.

Victim
Nord Emploi
Records
200.0K
RansomwareUnknown

Leak at Cogitis

On 31 December 2024, the DragonForce ransomware gang listed Cogitis โ€” a French inter-municipal IT syndicate serving local authorities โ€” on its leak site, claiming around 81 GB of exfiltrated data including internal files and personal data tied to the public bodies it supports.

Victim
Cogitis
RansomwareContained

Leak at Chambres d'agriculture

In November 2024, the Chambres d'agriculture d'Occitanie โ€” France's regional public chambers of agriculture โ€” were hit by a malware/ransomware-type cyberattack that spread across their interconnected national network and rendered the workstations of roughly 1,000 regional staff unusable.

Victim
Chambres d'agriculture
Data breachinvestigating

RENIEC Peru citizen data leak

A threat actor advertised a database said to hold around 37 million records from Peru's national identity registry RENIEC, including DNI numbers, names, birth data, and addresses; RENIEC disputed that its systems were breached.

Victim
RENIEC (Registro Nacional de Identificaciรณn y Estado Civil)
Records
37.0M
EspionageContained

Salt Typhoon US telecom espionage campaign (2024)

China-linked Salt Typhoon infiltrated at least nine U.S. telecom providers โ€” Verizon, AT&T, T-Mobile, Spectrum, Lumen, Consolidated, Windstream โ€” including the CALEA lawful-intercept systems used for court-authorised wiretaps. Metadata for over a million users was exposed; the U.S. Treasury sanctioned a linked PRC contractor.

Victim
U.S. telecommunications providers (Verizon, AT&T, T-Mobile, Spectrum, Lumen, Consolidated Communications, Windstream)
Data breachContained

Leak at Assurance retraite

On 13 September 2024, France's Assurance retraite (Cnav) disclosed a breach of its PPAS social-action partner portal, exposing data on about 370,000 pension beneficiaries including names, addresses, social security numbers and approximate income.

Victim
Assurance retraite (French pension fund)
Records
370.0K
Data breachResolved

Tappware data breach (2024)

In April 2024, a substantial volume of data was taken from the Bangladeshi IT services provider Tappware and published to a popular hacking forum. Comprising of 95k unique email addresses, the data also included extensive labour information on local citizens including names, physical addresses, jobโ€ฆ

Victim
Tappware
Records
94.7K
Data breachinvestigating

Nigeria NIN national-ID data exposure

Unauthorized websites such as XpressVerify and AnyVerify were caught selling Nigerians' National Identification Numbers, Bank Verification Numbers, passports, and other personal data for as little as โ‚ฆ100 โ€” exploiting improperly governed API access to the NIMC identity database.

Victim
National Identity Management Commission (NIMC)
Social engineeringContained

Leak at France Travail

On 8 March 2024, France's national employment agency France Travail disclosed a data breach exposing the personal data of up to 43 million jobseekers registered over the previous 20 years, including names, dates of birth, social security numbers and contact details.

Victim
France Travail
Records
43.0M
RansomwareContained

Westpole LockBit ransomware โ€” Italian PA outage (2023)

LockBit 3.0 encrypted the data centres of Italian cloud provider Westpole, taking down PA Digitale's Urbi platform โ€” which serves 1,300 Italian public administrations including 540 municipalities, the Quirinale presidency, ISTAT, the Bank of Italy, and the Ministry of Environment. Payroll, citizen services, and local-government workflows were degraded for weeks.

Victim
Westpole / PA Digitale (Urbi platform)
RansomwareContained

Xplain Play ransomware and Swiss federal documents leak (2023)

Play ransomware breached Swiss IT services provider Xplain, exfiltrating 1.3 million files. Approximately 65,000 documents belonging to the Swiss Federal Administration โ€” including classified content, personal data, and readable passwords โ€” were published on Play's dark-web leak site in June 2023.

Victim
Xplain (Swiss IT services provider to the Federal Administration)
Records
1.3M
EspionageContained

Microsoft Storm-0558 signing-key theft and US government email access (2023)

China-based Storm-0558 forged authentication tokens using a stolen Microsoft consumer signing key and read email at approximately 25 organisations โ€” including the US State Department, the Department of Commerce, and the U.S. Ambassador to China. The 'cascade of errors' that enabled it became a defining case for cloud-provider key custody.

Victim
Microsoft customers (US State Department, Department of Commerce, ~25 organisations)
Data breachResolved

Convex data breach (2023)

In February 2023, the Russian telecommunications provider Convex was hacked by "Anonymous" who subsequently released 128GB of data publicly, alleging it revealed illegal government surveillance. The leaked data contained 150k unique email, IP and physical addresses, names and phone numbers.

Victim
Convex
Records
150.1K
Data breachResolved

RailYatri data breach (2022)

In December 2022, Indiaโ€™s government-approved online travel agency RailYatri suffered a data breach. The incident impacted over 31M customers and exposed 23M unique email addresses. Also impacted were names, genders, phone numbers and tickets purchased, including travel information and fares.

Victim
RailYatri
Records
23.2M
WiperContained

Albania HomeLand Justice destructive wiper (Iran MOIS, 2022)

Iran's Ministry of Intelligence and Security, operating as 'HomeLand Justice', spent 14 months dwelling in Albanian government networks before launching ransomware-style file encryption and disk-wiping malware. Albania suspended online public services and became the first country in history to sever diplomatic ties with another state over a cyberattack.

Victim
Government of Albania
Data breachunresolved

Shanghai National Police database leak

An exposed Shanghai Public Security Bureau database left a hacker known as 'ChinaDan' offering 23 terabytes of data on roughly 1 billion Chinese residents โ€” names, national ID numbers, phone numbers, addresses and police case records โ€” for 10 bitcoin, in what is widely regarded as the largest government data breach in Chinese history.

Victim
Shanghai National Police (Shanghai Public Security Bureau)
Records
1.00B
WiperResolved

WhisperGate wiper attack

On the eve of Russia's invasion, a destructive wiper disguised as ransomware corrupted master boot records and files across dozens of Ukrainian government, IT and non-profit organisations, defacing official websites and signalling the cyber dimension of the coming war.

Victim
Ukrainian government, IT and non-profit organisations
Data breachContained

Argentina RENAPER national ID database breach (2021)

An attacker used a compromised government VPN account to query Argentina's RENAPER national ID database for all 45 million Argentines. Photos and ID details for the president, soccer star Lionel Messi, and other public figures were posted to Twitter as proof. The data went on sale on a dark-web forum.

Victim
Registro Nacional de las Personas (RENAPER), Argentina
Records
45.0M
Data breachResolved

Protemps data breach (2021)

In October 2021, the Singaporean recruitment website Protemps suffered a data breach that exposed almost 50,000 unique email addresses. The impacted data includes names, email and physical addresses, phone numbers, passport numbers and passwords stored as unsalted MD5 hashes, among troves of otherโ€ฆ

Victim
Protemps
Records
49.6K
RansomwareContained

Transnet 'Death Kitty' ransomware (South Africa, 2021)

A ransomware attack on South Africa's state-owned logistics firm Transnet shut down operations at Durban, Ngqura, Port Elizabeth and Cape Town container terminals, forcing the operator to declare force majeure. Durban โ€” 60% of Southern Africa's containerised trade โ€” reverted to paper-based clearance for cargo for a week.

Victim
Transnet SOC (state-owned freight & port operator)
RansomwareContained

HSE Ireland Conti ransomware national healthcare shutdown (2021)

Conti operators tricked an HSE user into downloading a booby-trapped Excel attachment; the resulting ransomware forced the Health Service Executive to shut down all of Ireland's healthcare IT systems and exfiltrated 700 GB including COVID-19 vaccination PHI. Recovery cost exceeded โ‚ฌ100 million.

Victim
Health Service Executive (HSE) of Ireland
Loss
$110.0M
Data breachResolved

CityBee data breach (2021)

In February 2021, the Lithuanian car-sharing service CityBee announced they'd suffered a data breach that exposed 110k customers' personal information. The breach exposed names, email addresses, government issued IDs and passwords stored as unsalted SHA-1 hashes.

Victim
CityBee
Records
110.2K
Supply chainContained

SolarWinds SUNBURST supply-chain compromise (Cozy Bear)

Russian SVR operators trojanized SolarWinds Orion build infrastructure, distributing a backdoored update to 18,000 customers including the U.S. Treasury, Commerce, DHS, State, and Energy departments. The defining state cyberespionage operation of the decade.

Victim
SolarWinds (Orion customers โ€” ~18,000 organisations including 9 U.S. federal agencies and Microsoft, FireEye, Mimecast)
Loss
$100.00B
Data breachResolved

Experian (South Africa) data breach (2020)

In August 2020, Experian South Africa suffered a data breach which exposed the personal information of tens of millions of individuals. Only 1.3M of the records contained email addresses, whilst most contained government issued identity numbers, names, addresses, occupations and employers, amongstโ€ฆ

Victim
Experian (South Africa)
Records
1.3M
Data breachResolved

Sonicbids data breach (2019)

In December 2019, the booking website Sonicbids suffered a data breach which they attributed to "a data privacy event involving our third-party cloud hosting services". The breach contained 752k user records including names and usernames, email addresses and passwords stored as PBKDF2 hashes.

Victim
Sonicbids
Records
751.7K
Data breachResolved

Bulgarian National Revenue Agency data breach (2019)

In July 2019, a massive data breach of the Bulgarian National Revenue Agency began circulating with data on 5 million people. Allegedly obtained in June, the data was broadly shared online and included taxation information alongside names, phone numbers, physical addresses and 471 thousand uniqueโ€ฆ

Victim
Bulgarian National Revenue Agency
Records
471.2K
Data breachResolved

Hurb data breach (2019)

In approximately March 2019, the online Brazilian travel agency Hurb (formerly Hotel Urbano) suffered a data breach. The data subsequently appeared online for download the following year and included over 20 million customer records with email and IP addresses, names, dates of birth, phone numbersโ€ฆ

Victim
Hurb
Records
20.7M
Data breachResolved

ViewFines data breach (2018)

In May 2018, the South African website for viewing traffic fines online known as ViewFines suffered a data breach. Over 934k records containing 778k unique email addresses were exposed and included names, phone numbers, government issued IDs and passwords stored in plain text.

Victim
ViewFines
Records
777.6K
Data breachUnknown

Aadhaar database exposure

Tribune India journalists demonstrated that paid intermediaries could provide full Aadhaar records โ€” including biometric-linked identity data on roughly 1.1 billion Indian residents โ€” for 500 rupees per record.

Victim
Unique Identification Authority of India (UIDAI) / Aadhaar
Records
1.10B
Data breachResolved

Swedish Transport Agency data leak

A botched IT outsourcing deal exposed Sweden's entire vehicle and driver-licence database โ€” including data on protected identities, police, and military personnel โ€” to foreign IT workers without security clearance, triggering a national political crisis.

Victim
Swedish Transport Agency (Transportstyrelsen)
EspionageResolved

Qatar News Agency hack

Attackers planted malware on Qatar's state news agency in April 2017 and exploited it on 24 May to publish fabricated quotes attributed to the Emir, providing the pretext used by Saudi Arabia, the UAE, Bahrain, and Egypt to launch a blockade of Qatar.

Victim
Qatar News Agency (QNA)
Data breachResolved

Master Deeds data breach (2017)

In March 2017, a 27GB database backup file named "Master Deeds" was sent to HIBP by a supporter of the project. Upon detailed analysis later that year, the file was found to contain the personal data of tens of millions of living and deceased South African residents.

Victim
Master Deeds
Records
2.3M
EspionageResolved

MINDEF I-net breach

A targeted intrusion into Singapore's Ministry of Defence I-net web-surfing system stole the NRIC numbers, phone numbers and birth dates of 850 national servicemen and staff in the country's first publicly disclosed breach of a government defence network.

Victim
Singapore Ministry of Defence (MINDEF)
Records
850
Data breachResolved

CrimeAgency vBulletin Hacks data breach (2017)

In January 2016, a large number of unpatched vBulletin forums were compromised by an actor known as "CrimeAgency". A total of 140 forums had data including usernames, email addresses and passwords (predominantly stored as salted MD5 hashes), extracted and then distributed.

Victim
CrimeAgency vBulletin Hacks
Records
942.0K
EspionageResolved

Democratic National Committee hack

Russian GRU Units 26165 (APT28) and 31165 (APT29) compromised the Democratic National Committee, Hillary Clinton campaign, and DCCC. Stolen emails were selectively released via 'DCLeaks', 'Guccifer 2.0', and WikiLeaks to influence the 2016 U.S. presidential election.

Victim
Democratic National Committee + Clinton campaign + DCCC
Loss
$50.0M
Records
50.0K
EspionageContained

Ukraine power grid attack โ€” Sandworm BlackEnergy (2015)

The Russia-linked Sandworm group used spear-phishing, BlackEnergy3, and KillDisk to remotely flip breakers at three Ukrainian regional electricity distribution companies, cutting power to approximately 230,000 customers for 1โ€“6 hours. It is the first publicly acknowledged successful cyberattack on an electric power grid in history.

Victim
Ukrainian regional electricity distribution companies (Oblenergos)
Data breachResolved

Fridae data breach (2014)

In May 2014, over 25,000 user accounts were breached from the Asian lesbian, gay, bisexual and transgender website known as "Fridae". The attack which was announced on Twitter appears to have been orchestrated by Deletesec who claim that "Digital weapons shall annihilate all secrecy withinโ€ฆ

Victim
Fridae
Records
35.4K
Data breachResolved

JD data breach (2013)

In 2013 (exact date unknown), the Chinese e-commerce service JD suffered a data breach that exposed 13GB of data containing 77 million unique email addresses. The data also included usernames, phone numbers and passwords stored as SHA-1 hashes.

Victim
JD
Records
77.4M
Data breachResolved

Netlog data breach (2012)

In July 2018, the Belgian social networking site Netlog identified a data breach of their systems dating back to November 2012 (PDF). Although the service was discontinued in 2015, the data breach still impacted 49 million subscribers for whom email addresses and plain text passwords were exposed.

Victim
Netlog
Records
49.0M
Data breachResolved

Paddy Power data breach (2010)

In October 2010, the Irish bookmaker Paddy Power suffered a data breach that exposed 750,000 customer records with nearly 600,000 unique email addresses.

Victim
Paddy Power
Records
591.0K
DDoSResolved

2007 cyberattacks on Estonia

A three-week wave of distributed denial-of-service attacks crippled Estonian government, banking, and media websites amid a dispute with Russia, becoming the first cyber assault on an entire nation-state and the birthplace of NATO's cyber-defence doctrine.

Victim
Republic of Estonia (government, banks, media)