Timeline of cyberattacks
Every catalogued incident, plotted by disclosure date.
2026
589 incidentsAdaptHealth reports material breach of patient data after social-engineering attack
Home medical equipment provider AdaptHealth disclosed a material cybersecurity incident in which a social-engineering attack on a third-party contractor let a threat actor into its cloud systems and reach patient personal and health information.
Medtronic notifies 3.8 million people of ShinyHunters data breach
Medical device maker Medtronic began notifying roughly 3.8 million people that their personal data was exposed when the ShinyHunters extortion group accessed its corporate IT systems in April 2026.
DHS confirms breach of HSIN sensitive information-sharing network
The U.S. Department of Homeland Security confirmed that hackers breached the Homeland Security Information Network, an unclassified platform used to share sensitive information with federal, state, local and private-sector partners.
Kubota North America says hackers had month-long access to its network
Kubota North America said an unauthorised party had month-long access to its network in early 2026, reaching HR files with the personal data of employees and dependents.
Aflac Japan breach exposes personal data of 4.38 million customers and agents
Aflac disclosed that attackers who breached its Japanese subsidiary's policyholder portal exfiltrated the personal information of roughly 4.38 million customers and insurance agents.
Sapporo Holdings investigates cyberattack on overseas subsidiaries
Japanese beverage group Sapporo Holdings disclosed suspected unauthorised access at its overseas subsidiaries Pokka in Singapore and Sleeman Breweries in Canada, shutting down affected systems to investigate.
Nissan Americas discloses employee data breach via Oracle PeopleSoft zero-day
Nissan's Americas operations disclosed that attackers exploiting a zero-day in Oracle PeopleSoft accessed sensitive data belonging to current and former employees in the United States, Canada, Mexico and Brazil.
German naval defense firm Atlas Elektronik listed on TheGentlemen ransomware leak site
The fast-growing extortion group TheGentlemen added German naval-defense electronics manufacturer Atlas Elektronik to its dark-web leak site on 28 June 2026, claiming a double-extortion attack dated to around 25 June, though the TKMS subsidiary had not publicly confirmed any breach.
Polymarket frontend supply-chain attack drains $3 million
Attackers compromised a third-party frontend vendor and injected malicious JavaScript into Polymarket's website, tricking users into approving fraudulent transactions and draining about $3 million.
Cisco Unified CM SSRF flaw exploited to drop webshells (CVE-2026-20230)
Attackers began actively exploiting a critical unauthenticated server-side request forgery flaw in Cisco Unified Communications Manager, tracked as CVE-2026-20230, using the WebDialer service to write files and drop JSP webshells on enterprise telephony servers.
KDDI email-platform breach exposes up to 14.2 million ISP logins
A flaw in third-party software let attackers breach the shared email platform KDDI operates for six Japanese ISPs, potentially exposing up to 14.22 million email addresses and passwords.
Bajaj Auto hit by ransomware attack on its IT systems
Indian automaker Bajaj Auto disclosed that a ransomware attack detected on the morning of 23 June 2026 affected systems at the company and its technology subsidiary, prompting containment measures and regulatory filings with CERT-In and SEBI.
NAIC confirms data breach after Oracle PeopleSoft zero-day exploited by ShinyHunters
The National Association of Insurance Commissioners disclosed on 23 June 2026 that attackers exploited an Oracle PeopleSoft zero-day to access part of its environment, and by 25 June the extortion group ShinyHunters had published the stolen data online, claiming more than 3.1 terabytes.
Phishing breach at healthtech firm Xsolis exposes 1.4 million people
Xsolis, a US healthcare AI vendor, disclosed that a January phishing attack exposed the personal and protected health information of nearly 1.4 million people.
Qilin claims ransomware attack on the Central Bank of Libya
The Qilin ransomware group publicly claimed a June cyberattack on the Central Bank of Libya, threatening to leak stolen data after the bank said the intrusion touched a limited number of systems.
Blackfield ransomware hits Nidec's Taiwanese subsidiary, demands $2 million
Japanese motor and electronics giant Nidec confirmed a ransomware attack on its Taiwanese subsidiary Nidec Chaun Choung Technology, after which the Blackfield gang claimed the breach and demanded a $2 million ransom.
Tata Electronics breach: World Leaks dumps 630GB of alleged Apple and Tesla files
Tata Electronics confirmed a cyberattack after data-extortion group World Leaks published over 200,000 stolen files, including documents researchers say reference Apple and Tesla.
London Hydro data breach exposes customer account information
Attackers used a customer account to exploit a system vulnerability at Canadian utility London Hydro, potentially accessing the names, contact details and account information of other customers.
Klue supply-chain breach exposes customers' Salesforce data
A dormant API credential let attackers compromise competitive-intelligence platform Klue and harvest OAuth tokens for customers' connected apps, exfiltrating Salesforce records from firms including Huntress and Recorded Future in a supply-chain attack later tied to the Icarus extortion group.
Cherry Health discloses data breach after suspected ransomware outage
Michigan's largest federally qualified health center, Cherry Health, posted a preliminary breach notice on 18 June 2026 after suspicious network activity detected in April triggered a days-long outage and the copying of patient and staff data, including Social Security numbers.
Nintendo employee survey data stolen via third-party TinyPulse platform
Nintendo of America confirmed that threat actors stole internal employee survey data from TinyPulse, a third-party HR engagement platform it used, after the SHADOWBYT3$ group claimed to have exfiltrated about 859 MB of data and demanded a US$2 million ransom — while stressing that Nintendo's own systems and customer data were not affected.
Texas Parks and Wildlife vendor breach exposes 3 million license holders
A breach at the third-party vendor that processes Texas hunting and fishing licence sales exposed the driver's licence numbers, passport numbers and contact details of more than three million Texans, though the state said Social Security numbers and financial data were not taken.
Eastman Kodak confirms data breach claimed by ShinyHunters
Imaging and materials company Eastman Kodak confirmed that an unauthorised third party temporarily accessed a limited amount of company data, after the ShinyHunters extortion gang listed Kodak on its dark-web leak site and claimed to hold more than 2.2 million records of customer and internal corporate data.
FortiBleed: leaked dataset exposes VPN credentials for ~74,000 Fortinet firewalls
A dataset dubbed FortiBleed exposed valid Fortinet FortiGate VPN credentials — including plaintext passwords — for 73,932 firewall URLs across 194 countries, the product of a Russian-speaking crew that reused passwords from earlier breaches and infostealer logs rather than any new Fortinet vulnerability.
Mastra npm scope hijacked: 144 AI-framework packages backdoored (easy-day-js)
A hijacked contributor account was used to republish 144 packages in the popular @mastra AI-agent npm scope with a malicious typosquatted dependency, easy-day-js, that pulled down a cross-platform remote-access trojan and cryptocurrency stealer onto any developer machine or build system that installed them.
ShinyHunters leaks Madison Square Garden Sports data online
The ShinyHunters extortion gang published data it claims to have stolen from Madison Square Garden Sports — owner of the New York Knicks and Rangers — after the company missed a ransom deadline.
UNC6508 PRC-nexus medical & defense research espionage campaign
Google's Threat Intelligence Group disclosed that PRC-nexus actor UNC6508 spent more than a year inside U.S. and Canadian medical, academic and military-health research environments, compromising legacy REDCap servers, deploying custom INFINITERED malware and abusing Google Workspace email compliance rules to silently exfiltrate research and defense data.
ShinyHunters claims theft of 297GB of Council of Europe payroll and HR data via Oracle PeopleSoft zero-day
The extortion group ShinyHunters claimed it stole roughly 297GB of payroll, HR and financial records belonging to more than 10,000 current and former Council of Europe staff by exploiting the Oracle PeopleSoft zero-day CVE-2026-35273, prompting the intergovernmental body to investigate.
Cyberattack disrupts four major Iranian banks via their shared communications network
A cyberattack against the shared communications infrastructure used by Bank Melli, Bank Saderat, Bank Tejarat and the Export Development Bank of Iran knocked ATMs, point-of-sale terminals and online banking offline, though officials said no customer data was accessed.
OptinMonster, TrustPulse and PushEngage WordPress plugins backdoored in Awesome Motive CDN supply-chain attack
Attackers stole a CDN API key from Awesome Motive and tampered with JavaScript served to the OptinMonster, TrustPulse and PushEngage WordPress plugins, silently creating rogue administrator accounts and planting backdoors on sites whose logged-in admins loaded the malicious code.
152 'live wallpaper' Chrome extensions caught harvesting user data and faking Google search traffic
Socket's Threat Research Team uncovered a coordinated family of 152 new-tab 'live wallpaper' Chrome extensions, spread across 38 publisher accounts and three brands, that secretly logged user telemetry and laundered extension-generated visits into fake Google organic search traffic despite declaring they collected no data.
'Atomic Arch' supply-chain attack hijacks 400+ Arch Linux AUR packages to deploy a credential stealer and eBPF rootkit
Sonatype researchers uncovered 'Atomic Arch,' a supply-chain campaign in which attackers adopted hundreds of orphaned Arch User Repository packages and rewrote their build scripts to install a malicious npm package that drops a Linux credential stealer with optional eBPF rootkit capabilities.
Novo Nordisk discloses breach of clinical-trial patient data after IT security incident
Danish pharmaceutical giant Novo Nordisk disclosed that attackers copied pseudonymised patient information from some of its clinical trials out of its internal IT systems, prompting it to take certain systems offline while it investigates.
University of Nottingham student-records breach claimed by ShinyHunters (2026)
The University of Nottingham confirmed a cyber incident after the ShinyHunters extortion group claimed to have stolen around 40 GB of data from its student-records system, exposing roughly 455,000 email addresses along with names, passport numbers, and fee-payment details.
FulcrumSec leaks Global Schools Foundation data, exposing 33,000+ children's and parents' passports
The extortion group FulcrumSec claimed it stole roughly 4.8 terabytes of data from Singapore-based Global Schools Foundation after exploiting database credentials left unchanged since a 2022 breach, leaking 33,088 passport numbers belonging to children and parents and around 9.4 million internal messages when ransom negotiations collapsed.
Max-severity Ivanti Sentry flaw exploited for root code execution (CVE-2026-10520)
Ivanti patched a maximum-severity unauthenticated command-injection flaw in its Sentry mobile gateway that gives attackers root-level remote code execution, and within days real-world exploitation followed a public proof-of-concept, prompting CISA to add it to its Known Exploited Vulnerabilities catalog.
Microsoft Defender 'RoguePlanet' zero-day grants SYSTEM privileges (CVE-2026-47281)
Researchers disclosed a Microsoft Defender privilege-escalation zero-day dubbed RoguePlanet (CVE-2026-47281) that abuses a race condition to redirect a SYSTEM-level file operation and hand a local attacker full SYSTEM access on fully updated Windows machines.
Oracle PeopleSoft PeopleTools zero-day exploited by ShinyHunters (CVE-2026-35273)
Oracle issued an emergency out-of-band alert after the ShinyHunters crew exploited a critical unauthenticated remote-code-execution zero-day in PeopleSoft PeopleTools to steal data from more than 100 organisations, most of them universities.
Google patches actively exploited Chrome V8 zero-day (CVE-2026-11645)
Google shipped an emergency Chrome update fixing CVE-2026-11645, a high-severity out-of-bounds memory flaw in the V8 engine that lets a crafted web page run arbitrary code and for which an exploit already exists in the wild.
ServiceNow discloses unauthenticated API flaw that let attackers query customer instance data
ServiceNow disclosed that a misconfigured, unauthenticated REST API endpoint allowed actors to query data from hosted customer instances, an issue the company patched on 5 June but did not publish a (login-gated) advisory for until days later.
French government Tchap messaging platform breached via hijacked account (2026)
French authorities confirmed that an attacker hijacked a Tchap user account to access public chat rooms on the French state's secure messaging platform, with the intruder claiming to have scraped tens of thousands of accounts and hundreds of thousands of messages.
Check Point VPN authentication-bypass zero-day exploited in the wild (CVE-2026-50751)
Check Point disclosed that attackers, including a Qilin ransomware affiliate, were actively exploiting a critical authentication-bypass zero-day (CVE-2026-50751) in its Remote Access and Mobile Access VPN products to log in without a valid password.
Meta Instagram 'High Touch Support' account-takeover breach (2026)
Attackers abused a verification flaw in Meta's AI-assisted Instagram account-recovery tool, High Touch Support, to trigger password resets and hijack 20,225 accounts before Meta detected and disabled the tool.
Baker Distributing ShinyHunters Salesforce data-extortion leak (2026)
After negotiations stalled, the ShinyHunters extortion crew published data it claimed to have stolen from Baker Distributing's Salesforce and SharePoint systems, exposing more than 100,000 customer email addresses and contact records.
Cisco SD-WAN Manager zero-day exploited in the wild (CVE-2026-20245)
Cisco warned that an unpatched high-severity zero-day in Catalyst SD-WAN Manager (CVE-2026-20245) was being actively exploited to execute arbitrary commands and escalate to root, after Mandiant reported a limited number of real-world attacks.
Miasma worm hits 73 Microsoft GitHub repositories in supply-chain attack (2026)
A self-replicating supply-chain worm dubbed Miasma compromised 73 repositories across four Microsoft GitHub organisations, planting configuration files that harvested cloud and developer credentials when the projects were opened in AI coding agents such as Claude Code and Cursor.
IronWorm self-propagating malware hits 36 npm packages (2026)
Researchers disclosed IronWorm, a Rust-based, self-propagating infostealer that compromised 36 npm packages, stealing developer and CI secrets and republishing trojanized packages using stolen npm publishing credentials.
DentaQuest ShinyHunters data breach exposes 2.6 million accounts (2026)
Dental benefits administrator DentaQuest confirmed a network breach after the extortion group ShinyHunters leaked roughly 234 GB of stolen data, exposing personal, identity, and health-insurance information tied to about 2.6 million accounts.
Google patches actively exploited Android zero-day (CVE-2025-48595)
Google's June 2026 Android security update fixed 124 vulnerabilities, including CVE-2025-48595, an actively exploited integer-overflow flaw in the Android Framework that lets a local attacker escalate privileges without user interaction.
World Food Programme breach exposes data of 600,000 Gaza households (2026)
The UN World Food Programme disclosed that attackers gained unauthorized access to its self-registration application for Palestine, exposing names, ID and phone numbers, and location data for roughly 600,000 households in Gaza in what may be the largest known breach of humanitarian beneficiary data.
Atlas Menu data breach (2026)
In May 2026, the GTA V and CS2 cheat service Atlas Menu suffered a data breach. An attacker claimed to have gained access to all Atlas systems and published the service's database to a public GitHub repository.
Data breachResolvedBCD Travel data breach (2026)
In May 2026, the corporate travel management company BCD Travel was claimed as a victim of the ShinyHunters "pay or leak" extortion campaign. Data allegedly obtained from BCD was subsequently published publicly in early June and contained 396k unique email addresses.
Data breachResolved1,528 contacts at Nature & Cie, claimed leak
In late May 2026, a B2B commercial database attributed to French organic-food distributor Nature & Cie surfaced on a cybercriminal forum, exposing roughly 5,635 stores, over 1,500 professional contacts and around 1,500 sales-visit reports covering Biocoop, Naturalia and La Vie Claire partners.
Eyguières town hall paralyzed by ransomware
On 22 May 2026, the town hall of Eyguières (Bouches-du-Rhône, ~7,000 inhabitants) was hit by a Qilin ransomware attack that took down its municipal IT systems and put residents' administrative and personal data at risk of compromise.
Les Embruns d'Oléron: data of 1,800 campsite holidaymakers exfiltrated
On 24 May 2026, the 4-star campsite Les Embruns d'Oléron in Le Château-d'Oléron, France, was hit by a data breach exposing some 39 GB of internal files, including the personal and booking details of at least 1,832 holidaymakers from 2024-2026 reservations.
Optic 2000: nearly 8,000 PDF invoices and franchisee data leaked
The Optic 2000 group, one of the leading networks of opticians in France, appears in a data leak published on a cybercrime forum. The
Leak at Alan (via Almerys)
On 23 May 2026, French digital health insurer Alan warned members that a cyberattack on its third-party claims processor Almerys had exposed their personal data — names, dates of birth, social security numbers and insurance contract details — though payment, password and health data were spared.
18,140 people affected by claimed leak at AVEA Vacances
On 23 May 2026, AVEA Vacances, a French association organising educational stays and holiday camps for children and teenagers, was named in a forum leak of roughly 46,000 records (128 MB), including an 18,140-line file of postal-worker and CSE data plus booking and accounting documents.
Avea Vacances hit by a cyberattack: 46,000 stay records exposed
On 23 May 2026, French holiday-camp association Avea Vacances was named by the threat actor ChimeraZ, who published roughly 46,000 records (128 MB) on a cybercrime forum, including stay-organisation documents and a file of more than 18,000 La Poste employees' details.
Camping-Car Plus: victim of a data leak, passwords exposed
Camping-Car Plus, a French e-commerce retailer of motorhome and camper-van accessories, notified customers in May 2026 of a data breach exposing names, postal and email addresses, phone numbers and account login credentials including passwords; no banking data was affected.
Charter data breach (2026)
In May 2026, the telecommunications company Charter Communications (the parent company behind the consumer broadband and cable brand Spectrum) was named by the ShinyHunters group in a "pay or leak" extortion campaign.
Data breachResolvedDelko, ongoing cyberattack and extortion.
A data leak targeting Delko, a French network of garages and car maintenance centres, is currently being claimed by the cybercriminal group LAPSUS$, known for its extortion operations…
Largo hit by a cyberattack: customer and order data leaked
The French high-tech refurbishment specialist Largo informs its customers that it was the victim of a security incident that affected part of
Almerys at the heart of a massive leak of 15 million social security numbers
In May 2026, French third-party health-payment operator Almerys disclosed a breach after a database of more than 44 million records — including 15.4 million unique social security numbers, names, birthdates and insurance details — was offered for sale on a cybercrime forum.
Atol Mon Opticien: 5.9 million customers exposed in a massive data leak
On 22 May 2026, a database holding the personal records of roughly 5.9 million customers of French optical chain Atol Mon Opticien was put up for sale on a cybercrime forum, exposing names, birthdates, emails, phone numbers and postal addresses.
5,924,215 Atol customer records: claimed data leak
On 22 May 2026, a database allegedly holding 5,924,215 customer records from the French optician cooperative Atol was put up for sale on a cybercrime forum, exposing names, birth dates, postal addresses, emails and phone numbers.
Auchan Optique: more than 218,000 customers leaked after a cyberattack
On 22 May 2026, a database holding the records of about 218,000 Auchan Optique customers — names, dates of birth, postal addresses, phone numbers and account identifiers — was put up for sale on a cybercrime forum, part of a coordinated wave of leaks hitting French opticians.
Jimmy Fairly: massive leak of 357,000 customers after a cyberattack
On 22 May 2026, a database attributed to French eyewear retailer Jimmy Fairly was put up for sale on a cybercrime forum, exposing the personal details of more than 357,000 customers, including names, full postal addresses, emails and dates of birth.
Data leak at the Haute-Garonne departmental digital media library
In May 2026, the Haute-Garonne departmental digital media library network (media31.mediatheques.fr) confirmed an intrusion after the threat actor AplaGroup exploited critical vulnerabilities and extracted user-account data on roughly 765 people.
Leak at the Haute-Garonne Departmental Council digital media library
Disclosed around 22 May 2026, the Haute-Garonne departmental media library network (Média31) was breached via exploited website vulnerabilities, exposing data on roughly 765 users including names, emails, dates of birth, cities and login details.
Move Up Formation hacked: database, source code and administrator access leaked
On 22 May 2026, French professional-training provider Move Up Formation (moveup-formation.fr) was listed on a cybercrime forum, where attackers claimed to have stolen its full SQL database, customer records, the site's entire source code and Stripe administrator access.
Data leak at Nemea Groupe confirmed by the company
Nemea Groupe, a French operator of student residences, tourist residences and apart'hotels, confirmed a data breach affecting rental applicants after attacker ChimeraZ exfiltrated a database covering about 12,590 individuals, exposing identity, contact, banking and scanned ID documents.
23,685 records: claimed leak at ATOA
A threat actor put a database from ATOA — a French real-estate tokenization and fractional-investment fintech — up for sale on a dark web forum, exposing roughly 23,685 user and financial records plus 326 full KYC archives containing passports, ID cards and banking details.
McDonald's hit by a cyberattack: loyalty accounts used without customers' knowledge
On 21 May 2026, McDonald's France confirmed a credential-stuffing campaign that hijacked customer McDo+ loyalty accounts, with fraudsters draining accumulated points for free orders; no banking data was affected and the company launched a mass password reset.
GitHub hit by a cyberattack, nearly 4,000 internal private repositories leaked
GitHub, the development platform used by millions of developers worldwide, confirmed having been the victim of a cyberattack that
99,671 people: claimed data leak at Lagrange Vacances
On 19 May 2026 a threat actor known as ChimeraZ claimed to have leaked a database of French holiday-rental operator Lagrange Vacances, allegedly exposing booking records for more than 44,000 holidaymakers, reportedly via an IDOR vulnerability.
Leak at Maeva
In May 2026, Maeva — the holiday-rental brand of Pierre & Vacances-Center Parcs — disclosed a breach in which an attacker scraped up to ten years of booking data, exposing names, dates of birth, phone numbers and stay details for around 4.5 million customers across 1.6 million reservations.
Groupe CRIT: HR documents and ID papers from a Tunisian subsidiary exposed
The Titan ransomware group claimed a double-extortion attack on Groupe CRIT's Tunisian subsidiary CRIT Tunisie, leaking payroll and administrative records, financial files and scanned identity documents and passports belonging to workers and employees.
MediaVacances: 256,000 invoices exposed in a data leak
On 18 May 2026, MediaVacances, a French peer-to-peer vacation-rental platform, had a database of roughly 256,000 customer invoices spanning 2005 to 2026 published on a cybercriminal forum, exposing names, addresses, payment details and listing data.
Gîtes de France: 389,000 customers' bookings in a data leak
On 17 May 2026, the French rural-tourism rental network Gîtes de France disclosed a data leak exposing booking records for 389,129 customers — names, contact details, postal addresses and stay details — taken via fraudulent access tied to a shared IT provider.
Transitions Pro Centre-Val de Loire: tens of GB of data threatened after a ransomware attack
Transitions Pro Centre-Val de Loire, the regional body that funds and supports employee career-retraining projects, was hit by the Prinz Eugen ransomware group, which claimed to have exfiltrated and encrypted hundreds of gigabytes of HR, financial and personal data and threatened to publish it.
Djaboo: more than 25 GB of sensitive internal files published after a cyberattack
On 15 May 2026, more than 25 GB of internal data from French document-management platform Djaboo (djaboo.com) was published on a cybercriminal forum, including a full database dump and records for 12,378 CRM accounts, 6,372 client companies and 13,578 individuals.
Pierre & Vacances: 4.5 million holidaymakers exposed in a massive data leak
In May 2026, French tourism group Pierre & Vacances-Center Parcs disclosed a breach of its maeva-owned 'La France du Nord au Sud' platform, exposing personal data tied to about 1.6 million reservations and up to 4.5 million customers, including names, dates of birth, phone numbers and stay details.
OpenAI: internal data compromised after installation of the booby-trapped TanStack library
OpenAI confirmed in May 2026 that two employee devices were compromised through the TanStack npm supply-chain attack, allowing attackers to exfiltrate limited authentication credentials from internal code repositories that contained its software signing certificates.
4.5 million Pierre & Vacances-Center Parcs customers, data leak
Pierre & Vacances-Center Parcs customers are affected by a data leak confirmed by the group, linked to the La France du Nord au Sud booking platform, used in particular for…
Collège de France: more than 1,600 researchers, teachers and internal documents leaked
On 14 May 2026, a threat actor known as ChimeraZ claimed a leak of around 1,600 researcher and staff profiles from the Collège de France, along with hundreds of megabytes of internal files pulled from a Nextcloud file-sharing instance.
EFC Formation: a massive leak exposes 60,000 administrative documents and 49,000 students
On 14 May 2026, threat actor ChimeraZ leaked data from EFC Formation (École Française de Comptabilité), publishing a 1.3 GB archive on about 49,000 students and offering a second 41 GB set of 60,683 administrative and banking PDFs for sale.
FFMOTO: 2.3 million French motorcyclists exposed in a data leak
On 13 May 2026, a threat actor using the alias lazasec123 advertised a database of roughly 2.3 million profiles tied to French motorcycle licences and FFMOTO.org, exposing names, dates of birth, postal addresses, emails and phone numbers, offered for sale at 150 euros.
422 email addresses exposed in a claimed data leak at Union-prof.asso.fr
On 14 May 2026, the cybercriminal ChimeraZ published roughly 11,000 documents (about 8.6 MB of JSON and PDF files) attributed to UPPCTSC (Union-prof.asso.fr), exposing training-center conventions, institution details, professional email addresses and timestamped download logs.
A.R.Ge.Co: accounting and financial data leaked after a cyberattack
The Anubis ransomware group claims to have compromised the systems of A.R.Ge.Co, a French company specializing in accounting services and
Akitatek: data on nearly 5,500 customers leaked after a cyberattack
On 13 May 2026, a threat actor known as ChimeraZ published on a cybercrime forum a roughly 1 MB JSON file said to contain about 5,500 customer profiles from French online computer-hardware retailer Akitatek, exposing names, postal addresses and phone numbers.
Foxconn Nitrogen ransomware breach (2026)
The Nitrogen ransomware group claimed on its dark-web leak site that it had stolen over 11 million files from Foxconn's North American facilities, including confidential information belonging to customers Apple, Dell, Google, Intel, Nvidia, and Sony. Foxconn said affected factories were resuming normal production.
Le Domaine des Tournels targeted by a cyberattack
The Qilin ransomware group claims to have compromised the systems of Le Domaine des Tournels, an establishment located in the Gulf of Saint-Tropez. At this
Mistral AI: 450 private repositories and 5 GB of internal code threatened with release after a cyberattack
A hacker going by the name TeamPCP claims to hold a significant quantity of internal data belonging to Mistral AI, the French startup
Škoda: a cyberattack exposes passwords and customer data of the online store
Carmaker Škoda, a subsidiary of the Volkswagen group, has confirmed it was the victim of an intrusion targeting its online store. According to
Woop: more than 256,000 users exposed with contact details and banking data
On 13 May 2026, a database of 256,319 records attributed to French last-mile delivery platform Woop (woopit.fr) was put up for sale on a cybercriminal forum, exposing names, postal addresses, phone numbers, email addresses, birth dates and banking details.
Data leak at Best Western Hotels - customer reservations accessed
Best Western parent BWH Hotels disclosed in May 2026 that an unauthorised third party had access to a guest-reservation web application from 14 October 2025 to 22 April 2026, exposing names, emails, phone numbers, postal addresses and booking details; payment data was not affected.
CalendrIDEL: data of 1,400 self-employed nurses publicly disclosed
On 11 May 2026, a dataset attributed to CalendrIDEL, a French scheduling platform for self-employed nurses, was posted on a cybercrime forum, exposing the email addresses, mobile numbers, postal codes and profile names of roughly 1,400 nurses.
CARMF: 2.4 million doctor records leaked after a cyberattack
In May 2026, an actor using the alias lazasec claimed to have breached CARMF, France's pension and benefits fund for self-employed doctors, leaking a database of up to 2.4 million records with names, contributor codes, postal addresses and last-declaration dates; CARMF said the exposed data was public and non-sensitive.
Data leak at Enercoop after account compromise
On 11 May 2026, French renewable-energy cooperative Enercoop suffered a security incident in which email addresses tied to customer, prospect and member accounts were compromised and abused to send fraudulent phishing messages impersonating its customer service.
La Boîte Immo: profiles and real estate documents released after a cyberattack
The hacker ChimeraZ claims to hold data linked to La Boîte Immo, a French company specialized in software and digital services for
6,410 LuxTrust accounts linked to Thales: claimed leak
On 12 May 2026, a threat actor known as ChimeraZ published an 85 MB JSON file with roughly 6,410 user profiles from a digital-trust platform tied to LuxTrust and Thales, exposing names, emails, phone numbers, organizations and account roles.
Nuhanciam: over 156,000 customers exposed in a leak targeting the cosmetics brand
In May 2026, a database attributed to French dermo-cosmetics brand Nuhanciam surfaced on a cybercrime forum, exposing more than 156,000 customer records including names, emails, dates of birth, postal addresses, phone numbers and hashed passwords.
Roubaix: the Kiosque famille suspended after a data leak concerning schoolchildren
The town of Roubaix disclosed a data breach on its Kiosque famille school-services platform after two user accounts were compromised, exposing identity and schooling details of 165 enrolled children and their families; no banking data was affected.
Thales: thousands of employee records released publicly on a cybercriminal forum
On 12 May 2026, a threat actor known as ChimeraZ published an 85 MB JSON file with roughly 6,400 user profiles tied to French defence group Thales; the data originated from LuxTrust, an outsourced e-signature provider, and exposed names, emails, phone numbers, organisations and account roles.
Kams Paris: 188,000 customer contact details and IBANs exposed after a cyberattack
On May 10, 2026, a database of 187,927 records attributed to Paris niche perfumery Kams Paris was put up for sale on a cybercriminal forum, exposing customers' names, postal addresses, phone numbers, dates of birth and IBANs.
Leak at Once for all (via Actradis)
On 11 May 2026, Once For All disclosed unauthorized access to its Actradis B2B compliance platform, exposing professional contact data (names, professional emails, phone and contact details); a leaked database circulating since early May reportedly held about 305,000 records.
Leak at La France Insoumise
In May 2026, France's La France Insoumise party had data from its Action Populaire activist platform stolen and posted on a hacking forum, exposing some 120,000 email addresses, 20,000 phone numbers, postal addresses and member activity spanning 2017-2026.
765 users affected by claimed leak at Média31
On 9 May 2026, the threat actor AplaGroup claimed an intrusion into Média31, the online media-library platform of the Haute-Garonne departmental libraries (France), exposing data on roughly 765 users; the breach was confirmed on 21 May 2026.
Monservicederemplacement.fr: nearly 185,000 people exposed in a sensitive data leak
A database tied to Monservicederemplacement.fr, the platform run by France's agricultural replacement service (Service de Remplacement France), surfaced online in May 2026, exposing 213,477 records on about 184,724 people, including names, contact details, dates of birth and social security numbers.
Arsène Valentin: customer data exposed after malicious code was injected on the site
On 8 May 2026, French e-cigarette retailer Arsène Valentin disclosed that malicious code injected into its e-commerce website had exposed customer personal data — names, emails, postal addresses, phone numbers, dates of birth and order history; the breach was reported to the CNIL.
812,000 Boulangerie Ange customers affected by a data leak
On 8 May 2026, French bakery chain Boulangerie Ange confirmed a data breach exposing the names, phone numbers and cities of around 812,000 customers registered on its digital services, after an exposed authentication token allowed API access to its database.
Soprolux: banking documents and customer data released after a cyberattack
In May 2026, the BravoX ransomware group claimed a double-extortion attack on Soprolux, a French food distributor serving restaurants and professional clients, publishing banking documents, SEPA mandates, IBAN/RIB details and customer and supplier records to pressure the company.
West Pharmaceutical: the Nouvion-en-Thiérache plant paralysed by a cyberattack
In early May 2026, West Pharmaceutical's plant at Le Nouvion-en-Thiérache (Aisne, France), which employs around 770 people making rubber components for syringes and medical devices, was hit by a cyberattack that halted production for roughly two weeks; no data exfiltration was confirmed.
Académie de Montpellier: sensitive document leak after a cyberattack
In early May 2026, the MedusaLocker ransomware gang listed the Académie de Montpellier / CSJM — a French public-school network around Béziers — on its leak site, claiming to have exfiltrated administrative documents and credentials, with reported exposure of 309 staff and 6,915 user accounts.
Action Populaire: data linked to La France Insoumise activists leaked
On 7 May 2026, a hacker using the alias 'fuzzeddffmepg' claimed to have breached Action Populaire, the activist platform of France's La France Insoumise party, exposing roughly 120,000 email addresses, 20,000 phone numbers, private messages and payment data spanning 2017-2026.
Leak at Bilov
In May 2026, Bilov — operator of the French Boulangeries Ange bakery chain — disclosed a data breach exposing the personal details (name, city, phone number) of around 812,000 customers after an active authentication token allowed unauthorized API access.
Leroy Merlin: more than 367,000 customers exposed in a leak linked to the Leroy&moi program
On May 6, 2026, a threat actor using the alias Lagui posted a database of 367,462 Leroy Merlin France loyalty-program customers — names, dates of birth, contact details, postal addresses and account data — said to have been harvested by automated scraping of the Leroy&moi platform.
BookMyName: a cyberattack compromised data linked to domain names
French domain registrar BookMyName detected a security incident on 5 May 2026 in which an attacker exploited a vulnerability to fraudulently alter domain contact data, exposing logins, names, emails, phone numbers and postal addresses of some customers.
Cetelem: customer email addresses exposed after a cyberattack
Cetelem, the consumer-credit brand of BNP Paribas Personal Finance, confirmed a cyberattack on 20 April 2026 that exposed the email addresses of several hundred thousand customers; the company says no passwords, banking or payment data were compromised.
Cushman & Wakefield data breach (2026)
In May 2026, the real estate services firm Cushman & Wakefield was the target of a "pay or leak" extortion campaign by the ShinyHunters group. Following the threat, the group publicly published data they alleged had been obtained from the firm, consisting mostly of C&W email addresses along with…
Data breachResolvedErla Technologies: a data leak claimed by a ransomware group
On 5 May 2026, the SpaceBears ransomware group listed French industrial-equipment manufacturer Erla Technologies SAS on its leak site, claiming to have stolen employee and client personal data, financial documents and project files — including documentation tied to a French army client.
Newdeal Institut: a database exposed with passwords and sensitive documents
A database attributed to Newdeal Institut, a language training centre, has been published on a cybercrime forum by a hacker posing as
Quiberon: municipal services disrupted after a cyberattack
On 3 May 2026 the town of Quiberon (Morbihan, France) was hit by a Qilin ransomware attack that encrypted part of its IT systems and exfiltrated personal data; the city refused the ransom and began a gradual, secured rebuild of its infrastructure.
220 candidates in data leak at Auto École du Lys
On 4 May 2026, Auto École du Lys — a French driving school in Dammarie-les-Lys — was hit by a confirmed data leak exposing files on its 220 candidates, including very recent records with driving-exam dates running up to April 2026.
428 candidates of Auto École du Moulin affected by a data leak
Auto École du Moulin, a driving school in La Rochelle, France, suffered a data leak disclosed on 4 May 2026 that exposed personal records of 428 candidates, including their driving-licence examination history.
1,556 candidates: data leak at École de conduite Vincent
On 4 May 2026, a confirmed data leak at École de conduite Vincent, a driving school in Ancenis-Saint-Géréon (France), exposed the records of around 1,556 candidates, including names, dates of birth, emails, NEPH dossier numbers and detailed driving-exam histories.
École de Psychologues Praticiens: student database exposed in a massive leak
On 4 May 2026, a threat actor using the alias Spirigatito claimed to publish roughly 55 GB attributed to France's École de Psychologues Praticiens (Psycho-Prat), including a student database, ID documents, IBANs and the site's full source code.
Groupe CGA: 65,000 customers and 2,500 employees included in a data leak
On 4 May 2026, the threat actor DumpsecV2 claimed a breach of French automotive dealership group Groupe GCA, exposing data on roughly 65,000 customers and 2,500 employees, including names, contact details and vehicle information such as registration numbers and VINs.
67,500 Groupe GCA customers affected by a claimed data leak
Customers of Groupe GCA, a network of car dealerships, are reportedly affected by a claimed leak impacting nearly 67,500 people, according to the claim. The Dumpsec collective states…
i-Run: the leak of 1.2 million customers does not come from their database
In May 2026 a threat actor using the alias lowiq advertised a database of roughly 1,223,520 records attributed to French running-gear e-tailer i-Run, but the company investigated and determined the data did not originate from its own systems.
La Redoute: a logistics database of 96,000 customers tied to deliveries leaked
On 4 May 2026 a hacker using the alias Lagui published a database of roughly 96,000 La Redoute customers — names, postal addresses, phone numbers, emails and order/delivery histories — that the retailer traced to a January 2026 breach at its logistics partner Relais Colis.
Smallable: nearly 700,000 children in a public data leak
The hacker ChimeraZ has published a database attributed to Smallable.com, an e-commerce site specialising in children's and family products. The
Actradis: 82,000 business customers and 222,000 internal tracking records leaked
On 3 May 2026, a threat actor using the alias Lagui published a database attributed to Actradis, a French enterprise compliance-document platform, exposing roughly 82,611 client records and 222,473 internal tracking entries.
Clinique Ambroise Paré Beuvry: also a victim of a cyberattack
The Ambroise Paré clinic in Beuvry says it was the victim of a cybersecurity incident on 21 April 2026, according to a communication published on 30
Leak at French Basketball Federation
In April 2026 the French Basketball Federation (FFBB) suffered a data breach after an attacker abused a compromised user account in its licensee-management tool, exposing identity and contact details of up to ~2 million licensees and ~900,000 legal representatives.
Leak at Interrail
A December 2025 cyberattack on Eurail B.V., operator of the Interrail and Eurail rail passes, exposed personal data of roughly 308,000 travellers — including names, contact details, dates of birth and passport numbers — which by 2026 was being sold on the dark web.
Profil Search: over 100,000 candidate profiles exposed in a data leak
A threat actor known as Lagui published a database attributed to French recruitment firm Profil Search containing roughly 100,642 candidate records, exposing names, emails, phone numbers, postal addresses and professional details.
French Ministry of Sports: more than 217,000 photos and sensitive data of educators leaked
A hacker using the alias Cybernox claims to be putting up for sale a database attributed to the French Ministry of Sports, Youth and
ObjetRama: over 80,000 customers exposed in a 209,000-row leak
On 2 May 2026, a database attributed to French promotional-items retailer ObjetRama.fr was published by a hacker using the alias ChimeraZ, exposing roughly 209,000 order and billing records tied to nearly 80,000 distinct customers.
Service Civique: contacts from public and association organisations published after a cyberattack
France's Agence du Service Civique disclosed a personal-data breach affecting its volunteer-host training platform, after a database of contacts at accredited organisations — names, emails, postal addresses, phone numbers and accreditation numbers — was published on a cybercrime forum.
Faco Paris: more than 11,000 sensitive documents, IBANs and source code exposed in a leak
On 1 May 2026, a hacker claimed to have breached Faco Paris, a private higher education institution, and released a roughly 12 GB archive holding over 11,000 sensitive documents, 27,000+ source code files, identity papers, IBANs and student data.
Instructure Canvas LMS ShinyHunters breach (2026)
ShinyHunters exploited Canvas's Free-For-Teacher account programme to exfiltrate 3.65 TB of data spanning approximately 275 million users across nearly 9,000 schools — names, email addresses, student IDs, and some private messages between students and teachers. Instructure reportedly paid the ransom and the data was destroyed.
Jour de Fête: 543,000 customer accounts leaked after a cyberattack
On 1 May 2026, a database holding 543,124 customer records attributed to boutique-jourdefete.com — the online store of French party-supplies retailer Jour de Fête — surfaced on a cybercrime forum, exposing names, emails, postal addresses, phone numbers and login tokens.
67,767 La Pizza de Nico customers - claimed data leak
On 1 May 2026, French pizzeria chain La Pizza de Nico was named in an unverified breach claim alleging that a database of 67,767 customers had been published, exposing personal contact details of nearly 68,000 people.
Madeindesign: 464,000 customer accounts exposed in a data leak
On 1 May 2026, a database attributed to French design e-commerce site Madeindesign.com was posted on a cybercrime forum by a threat actor known as ChimeraZ, exposing around 464,000 customer accounts in a roughly 205 MB JSON dataset; the company has not formally confirmed the breach.
ADEMI: cyberattack on an agricultural weighing system
A database attributed to ADEMI, an agricultural weighing system, is currently circulating online, exposing sensitive information related to
Ankama: customer contact details exposed after a cyberattack
On 30 April 2026, French video game studio Ankama (Dofus, Wakfu) disclosed a cyberattack that gave attackers unauthorized access to account data — names, emails, cities, IP addresses, order history and partial card numbers — affecting hundreds of thousands of players.
AQUAES: contact details of environmental consulting firms exposed
A database attributed to AQUAES, a directory of French environmental consulting and engineering firms, surfaced online on 30 April 2026, exposing firm names, manager names, full postal addresses, phone numbers, email addresses, websites and GPS coordinates.
374 customers affected by a data leak at Deltadore
Disclosed on 30 April 2026, a data leak at French smart-home manufacturer Delta Dore exposed personal data of at least 374 people registered on its professional training portal, formation-pro.deltadore.fr, prompting affected-user notifications.
Reborn Gaming data breach (2026)
In April 2026, the gaming community Reborn Gaming suffered a data breach due to a vulnerability in cPanel and WebHost Manager (WHM). The breach exposed 126 unique email addresses along with IP addresses and Steam IDs. Reborn Gaming self-submitted the data to Have I Been Pwned.
Data breachResolvedYomoni contests the data leak involving 443,000 customers
On 30 April 2026 a hacker claimed to be selling a 443,000-record database tied to French online savings platform Yomoni, exposing names, contact details, dates of birth and tax-residency data; Yomoni disputed the leak after investigation.
Acrimed: online shop hit by a cyberattack
On 29 April 2026, French media-criticism association Acrimed disclosed a cyberattack on its online shop that exposed customers' email addresses, encrypted passwords and order history; names, postal addresses, phone numbers and banking details were said to be unaffected.
Aréli: some of its partners exposed after a cyberattack
Aréli, a Lille-based social-housing association, disclosed via a letter to partner organizations that a 12 January 2026 cyberattack exposed partner contact details and bank account information (RIB), affecting less than 2% of the data held on its servers.
Campus France: 18,000 applications exposed after a leak targeting a public service
On 29 April 2026, a threat actor published a partial database from toucan.campusfrance.org, the online application platform of France's public higher-education agency Campus France, exposing roughly 18,000 international student application files (about 430 MB of JSON) including names, emails, and chosen programs.
Saint-Étienne: city hit by a cyberattack through its ticketing provider
On 29 April 2026, the City of Saint-Étienne and Saint-Étienne Métropole disclosed a security incident at their third-party ticketing provider, prompting the precautionary deactivation of user account passwords and a forced reset for online ticketing customers.
MyPiscine: customer orders and accounts exposed after a cyberattack
The MyPiscine e-commerce site informs its customers that it was hit by an intrusion on 23 April 2026, resulting in unauthorised access to certain
Vimeo data breach (2026)
In April 2026, the ShinyHunters extortion group listed Vimeo on their extortion portal as part of their "pay or leak" campaign. They subsequently published hundreds of gigabytes of data, predominantly consisting of video titles, technical data and metadata.
Data breachResolvedBordeaux Métropole: leak of 11,000 tourist tax filers and tourist rental addresses
A threat actor leaked a database extracted from Bordeaux Métropole's tourist tax portal, exposing the names, emails, phone numbers and property addresses of around 11,000 holiday-rental declarants; the metropolitan authority later confirmed the breach.
Exclusive Networks: cyberattack at a key player in cybersecurity solutions
On 27 April 2026, the Qilin ransomware group listed Exclusive Networks — the France-headquartered global cybersecurity and IT distributor — on its leak site, threatening to publish stolen data unless the company entered negotiations; the scope remained unconfirmed.
L'Opticienne Verte: 13,039 customers exposed after a cyberattack
On 27 April 2026, French eco-friendly online eyewear brand L'Opticienne Verte was named in an unverified data-leak claim involving 13,039 customer records — names, emails, phone numbers, postal addresses and dates of birth; the company disputes any intrusion.
Université de Toulouse: students and staff exposed after a cyberattack
On 27 April 2026, a group calling itself LunarisSec claimed to have breached Université de Toulouse and leaked a database of academic profiles—names, emails, phone numbers and research details for faculty, doctoral candidates and staff—though the university issued no official confirmation.
CTT data breach (2026)
In April 2026, data allegedly obtained from CTT, Portugal's national postal service, was posted to a public hacking forum. The data included 468k unique email addresses along with names, phone numbers and parcel tracking numbers which can be used to retrieve the tracking history of the parcel.
French Ministry of Ecological Transition: more than 1,000 staff accounts compromised
On 26 April 2026, a database of 1,154 user profiles tied to the French Ministry of Ecological Transition was published online, exposing staff names, professional @developpement-durable.gouv.fr email addresses, login dates and group memberships.
National Gendarmerie: nearly 60,000 gendarmes exposed after the Resana leak was republished
On 26 April 2026, the hacker Angel_Batista republished a dataset on about 59,000 French National Gendarmerie members — names, phone numbers, personal and professional emails, postings and account details — scraped in 2025 from the inter-ministerial Resana platform.
Sejourneur.com: 53,000 bookings and thousands of invoices in a data leak
On 26 April 2026, a threat actor known as ChimeraZ published online the database of Sejourneur.com, a French seasonal-rental management platform, exposing around 53,000 bookings, over 7,000 PDF invoices and personal data on more than 46,000 people.
Adele.org: leak of 261,000 student housing files with ID cards and passports
On 25 April 2026, a hacker using the alias ChimeraZ claimed to have stolen and published the database of French student-housing platform Adele.org, exposing roughly 261,000 rental application files (~560 MB) containing scanned ID cards, passports, health-insurance cards, bank details and tax documents.
Leak at Céram Décor
On 25 April 2026, a confirmed data leak exposed customer personal data — names, email addresses, phone numbers, postal addresses and hashed passwords — from French ceramic and tile decoration retailer Céram Décor.
86,683 teachers affected by a data leak at IFprofs
On 25 April 2026, IFprofs — the global social network for French-language teaching professionals run by the Institut français — had a database of roughly 90,000 member accounts published online by a threat actor known as ChimeraZ, exposing profile details and platform activity.
Agence de services et de paiement (ASP): sensitive data leak, social security numbers and IBANs exposed
The Agence de services et de paiement (ASP), the public body responsible for paying out many state benefits, has confirmed a security incident that
Leak at Agence Nationale des Fréquences
ANFR, France's national frequency agency, disclosed that an intrusion into its Radiomaritime online service exposed the personal data — names, postal addresses, phone numbers, emails and dates of birth — of roughly 330,000 users; a sample was put up for sale online.
ANFR: 330,000 users of the Radiomaritime service affected after a cyberattack
The Agence Nationale des Fréquences (ANFR), the public authority responsible for managing the radio spectrum in France, has been the victim of a cyberattack
STOR Solutions: a hacker claims access to 120,000 UPS units and the datacenter's systems
On 24 April 2026 an unnamed hacker claimed on Telegram to have compromised the supervision infrastructure of STOR Solutions, a La Réunion datacenter operator, alleging access to internal monitoring consoles and to 120,000+ UPS units; the claims remain unverified.
Data leak at Système U
In April 2026, French retail cooperative Système U disclosed a breach of its magasins-u.com loyalty portal in which attackers gained unauthorized access to customer accounts, exposing names, contact details and loyalty-card numbers but no banking data.
Udemy data breach (2026)
In April 2026, online training company Udemy was the victim of a “pay or leak” extortion attempt perpetrated by the ShinyHunters group. The data was subsequently leaked publicly and contained 1.4M unique email addresses belonging to customers and instructors.
Data breachResolvedBodyhit: 218,000 customers and 42,000 IBANs put up for sale after a cyberattack
On 23 April 2026, a threat actor using the alias 'undef' claimed to be selling a database from French electrostimulation fitness chain Bodyhit, exposing the personal and banking details of more than 218,000 customers, including over 42,000 IBANs.
France Titre (ANTS): the leak would be much larger than 12 million accounts
Follow-up reporting on the April 2026 breach at France Titres (ANTS), France's secure-identity-document agency: beyond the officially confirmed ~11.7 million exposed accounts, the threat actor now claims access to roughly 600 million lines of data, including plaintext passwords, API and encryption keys, and source code.
La Mie Câline Biscarrosse: data and administrator access released publicly
On 23 April 2026, a threat actor claimed to have breached the internal website of La Mie Câline's bakery in Biscarrosse, France, leaking a local database of customer records along with administrator credentials on a cybercrime forum.
Parcoursup: data leak of 705,000 applicants after fraudulent access in Occitanie
The French Ministry of Higher Education, Research and Space has revealed a security incident affecting the data of certain applicants
Wazari: customer data leaked after the Assuréa cyberattack
Insurance broker Wazari is informing its customers of a security incident linked to an external attack that affected a management and storage tool
Rituals: customer personal data leaked after a cyberattack
On 22 April 2026, Dutch cosmetics and home-fragrance brand Rituals disclosed an unauthorised download of its loyalty membership database, exposing members' names, dates of birth, gender, postal and email addresses and phone numbers; no passwords or payment data were affected.
Université Aix-Marseille: an internal data leak targeting students and staff
On 22 April 2026 the group LunarisSec claimed a data leak from France's Université Aix-Marseille, posting screenshots of internal user lists with names, institutional emails and profile data for students, doctoral candidates, interns and staff; the university cut its network and said systems and data integrity were preserved.
EDF: alarming leak of images of French nuclear power plants
A hacker claims to have 6 GB of images related to several French nuclear power plants operated by EDF, following a claim published on a forum
Engie: a cyberattack claimed by a ransomware group
In April 2026, the Coinbase Cartel extortion group listed French energy giant Engie on its dark web leak site, claiming to have stolen sensitive data and threatening to publish a full dump unless a ransom was paid; Engie did not publicly confirm the breach.
Ledil Immobilier: 6,700 profiles exposed after a data leak
On 21 April 2026, a database holding around 6,700 unique profiles tied to French real estate network Ledil Immobilier was posted for download on a cybercriminal forum, exposing names, contact details, internal CRM records and property/transaction data.
Data leak at Magasins U - unspecified volume
In April 2026, French retail cooperative Magasins U notified loyalty-card holders that unauthorized access to its magasins-u.com customer area exposed personal data including names, contact details and loyalty-card numbers, though banking data was not affected.
Sterimed: internal files published after a cyberattack
On 21 April 2026, French medical-packaging manufacturer Sterimed was claimed by the Qilin ransomware group, which published internal files — technical documents, project data, HR records, IT-security material and system backups — on its dark-web leak site.
Super U: customer data accessible after a cyberattack
The Magasins U group (Super U) informs some customers that it has been the victim of an external and malicious cyberattack that led to unauthorised
ADT data breach (2026)
In April 2026, home security firm ADT confirmed a data breach by ShinyHunters, which listed the company on its website as part of a "pay or leak" extortion attempt. The breach impacted 5.5M unique email addresses along with names, phone numbers and physical addresses.
Data breachResolvedAman data breach (2026)
In April 2026, the ultra-luxury hotel brand Aman was named by ShinyHunters as the target of a "pay or leak" extortion campaign, with the data allegedly obtained from their Salesforce CRM. The data was subsequently leaked publicly and contained over 200k unique email addresses.
Data breachResolved12 million people in the ANTS data leak
France Titres (ANTS), the French government agency issuing secure identity documents, disclosed a breach of its moncompte.ants.gouv.fr portal via an IDOR API flaw; officials confirmed 11.7 million accounts exposed (names, dates of birth, emails, addresses), while a hacker claimed up to 19 million records.
Canada Life data breach (2026)
In April 2026, Canada Life was the victim of a "pay or leak" extortion campaign by the ShinyHunters group. The group subsequently published the data which contained over 200k unique email addresses along with names, phone numbers, physical addresses and, in some cases, customer support tickets.
Data breachResolvedCity'Pro Marionneau: data leak after a claimed cyberattack
On 20 April 2026, the City'Pro Marionneau vocational and driving-training network was hit by a cyberattack claimed by the Qilin ransomware group, which published stolen files — trainee records, HR documents, and commercial data — on its leak site.
Gueguen Avocats: a claimed data leak with thousands of documents exposed
On 20 April 2026, French law firm Gueguen Avocats was listed on the Qilin ransomware leak site, which claimed to have exfiltrated thousands of files including internal emails, financial reports, a password spreadsheet, employee data and client case files.
Pitney Bowes data breach (2026)
In April 2026, the hacking collective ShinyHunters claimed to have obtained data from Pitney Bowes as part of a broader extortion campaign that also named several other organisations.
Data breachResolvedUniversité de Bourgogne: a claimed data leak targeting students
On 19 April 2026, the Algerian hacktivist group LunarisSec claimed to have extracted a user database from Université de Bourgogne, exposing names, email addresses and account activity details of students and staff; the scale was not disclosed and the university issued no confirmation.
Vercel: security incident confirmed after a leak claim
On 19 April 2026, cloud platform Vercel (creator of Next.js) confirmed a security incident traced to a compromised third-party AI tool, exposing non-sensitive environment variables and a limited subset of customer accounts.
Carnival data breach (2026)
In April 2026, the notorious hacking collective ShinyHunters claimed they had obtained a substantial volume of data belonging to the Carnival cruise operator and attempted to extort the organisation to prevent the data from being leaked.
Data breachResolved38,085 customers exposed in a claimed leak at Comptoir du Rêve
On 18 April 2026, the threat actor ChimeraZ claimed to have published a customer database stolen from Comptoir du Rêve, a Toulouse-based comics and manga bookseller, containing 42,606 records tied to 38,085 individuals.
Imprimerie Nationale: leak of the software handling French secure documents
On 18 April 2026, a hacker group claimed on a cybercrime forum to be selling 'Smart Card Middleware Desktop' software attributed to IN Groupe (formerly Imprimerie Nationale), the French state-owned maker of secure identity documents.
JeuJouet.com: alerts customers after a cyberattack on its e-commerce site
The online retailer JeuJouet.com informed its customers by email after a cyberattack affecting the Magento e-commerce platform, used by many
Magento: 7,500+ sites compromised in a global hacking wave
A global automated campaign exploiting an unauthenticated file-upload weakness in Magento defaced 7,500+ e-commerce sites across 15,000+ hostnames, dropping malicious files on stores tied to brands including Toyota, Fiat, Asus and FedEx.
Moulin Roty: customer data exposed after a cyberattack
On 18 April 2026 French toy and baby-goods brand Moulin Roty emailed customers to warn that a cyberattack on its shared Magento e-commerce platform may have exposed identity, contact, account-login, purchase-history and marketing data, though no compromise was confirmed and banking details were not affected.
Bazar du Manga: data leak confirmed after customer cold-calling
On 17 April 2026, online manga retailer Bazar du Manga confirmed that customer identity and contact details had been extracted without authorisation from its database and were being used by a third party, Panda Manga, for unsolicited marketing; no payment data was affected.
ComptoirDuReve.fr: a leak exposes the contact details of 42,000 customers
On 17 April 2026, the French bookstore e-commerce site ComptoirDuReve.fr was reported to have suffered a data leak exposing a database of nearly 42,000 customers, including names, titles and full postal addresses usable for targeted fraud.
French Basketball Federation (FFBB): 1.9 million licence holders exposed in a massive leak
On 17 April 2026, France's Basketball Federation (FFBB) disclosed that fraudulent access to a user account let an attacker (alias HexDex) extract identity, contact and licence data on up to 1.9 million members and roughly 800,000 parents.
Filair: nearly 50 years of internal archives published after a cyberattack
Filair, a French industrial metal-fabrication company, was hit by the Lamashtu extortion group, which exfiltrated and published nearly 50 years of internal archives — tens of thousands of files spanning CAD engineering data, financial records and HR documents.
Gauthier Tissus: 54 GB of internal data published after a cyberattack
Gauthier Tissus, a French manufacturer of technical woven and finished fabrics, was listed on the Lamashtu extortion group's leak site, which published roughly 54 GB (about 8,500 files spanning 1996–2026) of internal financial, HR, commercial and R&D data.
Leak at Jeu Jouet
French online toy retailer JeuJouet.com warned customers in April 2026 that its Magento e-commerce platform was compromised in a mass exploitation campaign, potentially exposing names, email addresses, account credentials and order data; no banking details were affected.
Clinique de l'Yvette: a leak of medical imaging claimed
The Clinique de l'Yvette in Longjumeau is reportedly targeted by a cyberattack, with data put online and administrator access claimed by a
ETAI (Infopro Digital Automotive): 6,600 garages exposed in a leak
On 16 April 2026, a threat actor known as ChimeraZ claimed to be distributing a roughly 6,600-record database stolen from ETAI (Infopro Digital Automotive), exposing French garages' business identifiers, contact details and hashed account credentials.
Assuréa: leak of 150 GB of data (140k leads and 11k contracts)
In April 2026, the DumpSec group claimed to have stolen roughly 150 GB of data from Assuréa, an auto-insurance broker in the Meilleurtaux group, exposing some 139,000 clients, contract records and 11,000+ documents containing IBANs.
Brit Hotel: 682,000 loyalty programme members in a data leak
On 15 April 2026, threat actor HexDex offered for sale a database stolen from French hotel chain Brit Hotel, exposing 682,662 loyalty-programme members along with emails, phone numbers, postal addresses and a decade of reservation history (2016–2026).
Kemper data breach (2026)
In April 2026, the American insurance holding company Kemper Corporation was named by the ShinyHunters ransomware group in a "pay or leak" extortion campaign.
Data breachResolvedNational Police: cyberattack against the e-campus platform, 176k officers affected
On 15 April 2026 France's National Police (DGPN) confirmed that its e-campus online training platform, run by a third-party provider, was hacked in mid-March; the group HexDex claimed 176,317 agent profiles including names, professional emails, locations and login histories.
1,178 records exposed, data leak at Pompes Funèbres Musulmanes Toulouse
On 15 April 2026, Pompes Funèbres Musulmanes Toulouse, an Islamic funeral provider, suffered a data leak claimed by an actor known as "ntmpd" who posted a 1,178-record database dump plus working admin credentials on a hacker forum, exposing client and deceased records.
Zara data breach (2026)
In April 2026, the fashion brand Zara was among a number of organisations targeted by the ShinyHunters extortion group as part of their "pay or leak" campaign.
Data breachResolvedAbrigo data breach (2026)
In April 2026, the fintech software company Abrigo was targeted in a "pay or leak" extortion attempt by the ShinyHunters group. Shortly after, data allegedly taken from the company's Salesforce instance was published publicly and contained over 700k unique email addresses belonging to both Abrigo…
Data breachResolvedCNAOC: 30 years of internal archives and sensitive data exposed after a cyberattack
On 14 April 2026, the threat actor Lamashtu claimed to have stolen roughly 52.6 GB of data and about 41,000 files from France's wine appellations confederation CNAOC, spanning 1994-2025 and including financial, HR and governance records.
Logis Hotels: 598,000 loyalty program members exposed in massive leak
On 14 April 2026, a hacker known as HexDex claimed the theft and sale of personal data belonging to 598,154 members of Logis Hotels' ETIK loyalty program, with records spanning 2012 to 2026 and including identity, contact, billing and login details.
Basic-Fit: 1 million customers affected, banking details exposed after a cyberattack
In April 2026, gym chain Basic-Fit disclosed that attackers breached its member check-in system, exposing the personal and banking details of roughly 1 million members across France, Belgium, Germany, Spain, Luxembourg and the Netherlands.
Leak at Chateau royal de Blois / Maison de la Magie
The online ticketing data of visitors to the Château royal de Blois / Maison de la Magie was exposed in the breach of its provider Vivaticket (Tickeasy), leaking names, email and postal addresses, dates of birth, phone and fax numbers and VAT numbers.
Leak at IAE Grenoble (via AlumnForce)
In April 2026, alumni of IAE Grenoble were exposed in a breach of AlumnForce, the third-party platform managing its alumni network; the stolen dataset spanned ~2.7M profiles across 49 French institutions and included names, contact details and full professional/education histories.
Booking.com: customer reservation data exposed
A security incident reportedly affected Booking.com, with unauthorised access to data related to customer reservations. According to initial
Ardèche department: 26 GB of administrative RSA-related data exposed
In April 2026, France's Ardèche department disclosed a breach in which an attacker exploited a flaw at an external service provider and exfiltrated roughly 26 GB across 88,000+ files of RSA welfare-beneficiary data spanning 2017-2026.
École Directe: false cyberattack alert
After the massive leak referencing EduConnect, a new alert is circulating around École Directe, a platform widely used in schools
Insei.fr: 2,700 profiles and ID documents leaked after a cyberattack
The hacker ChimeraZ claims to have published a database linked to the Insei.fr site, containing sensitive personal information as well as
Marcus & Millichap data breach (2026)
In April 2026, the commercial real estate brokerage firm Marcus & Millichap was named as one of multiple alleged victims of the ShinyHunters hacking and extortion group.
Data breachResolvedMytheresa data breach (2026)
In April 2026, the luxury fashion e-commerce platform Mytheresa was listed as a victim of the ShinyHunters "pay or leak" extortion group. After the ransom deadline passed, the group publicly released the data which contained 84k unique email addresses.
Data breachResolvedAcadémie de Paris: more than 5,000 contact records and student photos leaked
In April 2026, a hacker using the alias Cybernox claimed to have compromised a Paris secondary school under the Académie de Paris, exposing data on more than 5,500 people — including 1,701 students (minors) and 3,811 guardians — with names, addresses, INE numbers, ID photos and guardians' IBANs.
ADMR: 5,280 employees and volunteers exposed in data leak
The hacker Cybernox claims to hold a database linked to ADMR (Aide à Domicile en Milieu Rural), containing several thousand profiles. According to the
70,551 vehicles - claimed leak at Base véhicules d'occasion France
On 11 April 2026, a database described as a France-wide used-vehicle export covering 70,551 vehicles, along with the buyers and suppliers recorded against them, was put forward in a claimed but unverified data leak.
EduConnect: more than 3.1 million student accounts leaked on the State platform
A hacker claims to hold a database tied to EduConnect, the official Ministry of Education system used to track schooling of
3,204 accounts affected by claimed data leak at FranceVerif.fr
A threat actor on DarkForums claimed in April 2026 to have stolen the FranceVerif.fr database, exposing at least 3,204 unique accounts belonging to reviewers and merchants, including names, emails, phone numbers, postal addresses and business identifiers (SIRET/VAT).
Addresses of 70,000 luxury car owners exposed
A hacker known as HexDex claims to be selling a database containing more than 70,000 vehicles, along with detailed information about their
Leak at Alumni Université Côte d'Azur (via AlumnForce)
In April 2026, alumni data of Université Côte d'Azur was exposed as part of a breach of the AlumnForce platform, leaking names, contact details, education and detailed professional/career information for tens of thousands of graduates, within a wider 2.7-million-record leak across 49 institutions.
DB Telecom: a 40k-customer database put up for sale
Around 10 April 2026, a threat actor put DB Telecom (Service Telecom) — a Marseille-based IP-telephony operator on the Orange/Or-Tel network — up for sale, leaking a database of roughly 41,470 customers and 2,835,372 records including names, contacts, plaintext passwords and internal emails.
Data leak at EasyLounge, Hi-Fi and home cinema reseller
EasyLounge customers are affected by a data leak confirmed by the company, after a cybersecurity incident communicated to the people concerned. The company, Hi-Fi and…
Leak at ENSAI Network (via AlumnForce)
ENSAI Network alumni data was exposed in the April 2026 breach of its platform provider AlumnForce, which leaked some 2.7 million student and graduate profiles from 49 French institutions — including names, emails, phone numbers, locations, career history and education details — now offered for sale on cybercrime forums.
Leak at Lilagora (via AlumnForce)
In April 2026, Lilagora — the University of Lille's alumni network — saw its members' data exposed in a breach of its third-party platform provider AlumnForce, part of a wider incident affecting 2.7 million profiles across 49 French institutions, with names, contact details and professional histories leaked.
McGraw Hill data breach (2026)
In April 2026, education company McGraw Hill confirmed a data breach following an extortion attempt. Attributed to a Salesforce misconfiguration, the company stated the incident exposed "a limited set of data from a webpage hosted by Salesforce on its platform".
Data breachResolvedSon-Video.com & EasyLounge: customer data leak after a cyberattack
On 10 April 2026, French hi-fi and home-cinema retailer Son-Video.com (and sister brand EasyLounge) notified customers of a data leak following unauthorised access, exposing names, contact details, postal addresses and order history, though no banking data or passwords.
Data leak at UPPA Alumni (via AlumnForce)
UPPA Alumni, the alumni network of the University of Pau et des Pays de l'Adour, confirmed its members' data was exposed in the April 2026 breach of its provider AlumnForce, leaking names, contacts, education and detailed professional profiles.
Vranken-Pommery: customer data exposed after a cyberattack on the ticketing system
French champagne group Vranken-Pommery disclosed on 10 April 2026 that a ransomware attack on its external online-ticketing provider exposed personal data of visitors to its Reims tourist sites, including names, dates of birth, contact details and reservation records, though banking data was not affected.
93,061 candidates affected by a claimed data leak at DCL
Individuals who took the DCL (Diplôme de Compétence en Langue) would be affected, according to the claim, by the sale of a file containing the personal data of 93,061…
1,133,731 members - claimed leak at French University Sport Federation
In April 2026 a threat actor known as HexDex advertised the sale of a database stolen from France's university sport federation (FFSU), exposing the identities, contact details and registration data of roughly 1.1 million students, licensees and staff.
7-Eleven data breach (2026)
In April 2026, 7-Eleven was the victim of a "pay or leak" extortion campaign by ShinyHunters, with the data later published that month. The incident exposed 185k unique email addresses, along with names, physical addresses, dates of birth and phone numbers.
Data breachResolvedAcadémie de Nice: personal data of teachers and staff leaked
On 8 April 2026, a database tied to France's Académie de Nice was found circulating online, exposing roughly 19,000 records on teachers and administrative staff, including names, professional emails, job assignments and workplace details.
Alinto: a massive leak of 40 million emails hits CAC40 companies
French email-security provider Alinto left an unsecured Elasticsearch cluster exposing more than 40 million SMTP records (around 4.5 million unique addresses) — metadata for emails from L'Oréal, Renault, Carrefour, DHL and 14,000 French government accounts.
Leak at Alumni Université de Strasbourg (via AlumnForce)
On 8 April 2026, the alumni network of the University of Strasbourg was exposed as part of a wider compromise of the AlumnForce platform, leaking members' names, contact details, education history and professional career data across 49 French institutions (~2.7M profiles in total).
Diamond: OneDrive and SharePoint documents leaked by the Gunra group
On 8 April 2026, the French metal-grating manufacturer Diamond was listed on the Gunra ransomware group's leak site, which claimed to have exfiltrated confidential OneDrive and SharePoint documents covering projects, clients and internal operations.
FICOBA: 1.2 million bank accounts exposed after intrusion into state systems
France's DGFiP disclosed that an attacker, using a civil servant's usurped credentials, accessed the FICOBA national bank-account registry between late January and early April 2026, exposing IBAN/RIB details, names and addresses for about 1.2 million accounts.
Data leak at KFC France, undisclosed volume
Members of KFC France's Colonel Club loyalty program received an email informing them of a breach of their personal data. KFC France said in this message that the number…
My Lovely AI data breach (2026)
In April 2026, the NSFW AI girlfriend platform My Lovely AI suffered a data breach that exposed over 100k users. The data included user-created prompts and links to the resulting AI-generated images, along with a small number of Discord and X usernames.
Data breachResolvedSynergy: a key player in data and cloud in France hit by ransomware
In early April 2026, Synergy, a French data-management and cloud-services provider, was reportedly hit by a ransomware attack involving unauthorised access to its systems and a probable threat to exfiltrated client data; the scale and attacker were not disclosed.
AlumnForce: 2.7 million students and graduates exposed
In April 2026, AlumnForce — the French SaaS platform that powers alumni networks for dozens of universities and grandes écoles — was hit by a data breach exposing roughly 2.7 million profiles, including names, emails, phone numbers and detailed career data, later put up for sale on criminal forums.
Gauthier Connectique (nicomatic): 42 GB of sensitive data threatened after a cyberattack
On 6 April 2026, the Akira ransomware group listed French aerospace connector manufacturer Gauthier Connectique (a Nicomatic company) on its leak site, threatening to publish 42 GB of exfiltrated data including employee ID documents, technical drawings, financial records and NDAs.
LegionProxy data breach (2026)
In April 2026, the commercial residential and ISP proxy network LegionProxy suffered a data breach. The incident exposed 10k email addresses, bcrypt password hashes, names and purchases.
Data breachResolvedYMED (SOONCARE): 253,000 patients exposed, 132 GB of medical data exfiltrated
On 6 April 2026, Bordeaux-based healthcare software publisher YMED, which runs the SOONCARE® appointment platform, was hit by an extortion attack claimed by the group XP95, which exfiltrated 132 GB of data covering 253,342 patients and over 431,000 medical files.
Aircos Pascual (Anjac): ongoing ransomware attack by the TheGentlemen group after a cyberattack
French cosmetics manufacturer Aircos Pascual, a subsidiary of the Anjac group, is targeted by a ransomware attack claimed by the group
ARS: 35 million patients affected by a data leak, 130 hospitals and AP-HP targeted
On 5 April 2026, the DumpSec group advertised for sale a database it claims covers 35 million French patients tied to France's Regional Health Agencies (ARS), more than 130 hospitals and AP-HP, exposing identities, social security numbers and health records.
Nosho: 133,000 users compromised, a new leak that weakens the medical sector
Following our article published on 5 April 2026, the company Nosho wanted to provide several clarifications on the incident: An attack on our database
Alltricks: more than 820,000 customer accounts for sale on the dark web
In April 2026, a database of more than 820,000 Alltricks customer accounts (roughly 105 MB) was put up for sale on dark web forums, exposing names, emails, dates of birth, postal addresses, mobile numbers and loyalty data; the retailer disputes that the data came from its systems.
Leak at Contrat d'intégration républicaine
France's OFII immigration agency notified signatories of the Contrat d'intégration républicaine that a January 2026 breach via a compromised subcontractor exposed the names, emails, phone numbers and postal addresses of roughly 2.1 million people.
Ledger: 105,000 French cryptocurrency holders exposed
In April 2026, a database of roughly 105,000 French Ledger customers — stolen in the January 2026 breach of its e-commerce provider Global-e and exposing names, postal addresses, emails and phone numbers — was put back up for sale on a cybercrime forum.
French Office for Immigration: massive data leak on the Republican Integration Contract
OFII, France's immigration and integration agency, confirmed in April 2026 that a compromised subcontractor exposed personal data of foreigners enrolled in the Republican Integration Contract, with roughly 2.1 million records offered for sale on BreachForums.
Or en Cash: new data leak confirmed in gold buying/reselling
On 4 April 2026, French gold buyer/reseller Or en Cash confirmed a data breach exposing the personal data of more than 70,000 customers — including identities, ID documents, contact details and transaction history — days after a similar attack on Gold Union.
Veuve Clicquot: visitor data compromised after a cyberattack on the ticketing system
Champagne house Veuve Clicquot disclosed in April 2026 that a ransomware attack on its third-party visit-booking provider exposed personal data of people who reserved cellar tours since at least July 2024, including names, dates of birth, phone numbers and emails.
Adobe: 13 million support tickets leaked after a cyberattack
Adobe is reportedly targeted by a massive data leak claimed by the hacker Mr. Raccoon, involving more than 13 million support tickets. The
Amtrak data breach (2026)
In April 2026, the hacking group ShinyHunters claimed they had breached Amtrak. The group typically compromises organisations' Salesforce instances before demanding a ransom and later, if not paid, dumping the data publicly.
Data breachResolvedFountain: intrusion and data theft during a ransomware cyberattack
Fountain, a Belgian stock-listed provider of workplace coffee and refreshment services, disclosed in early April 2026 a ransomware attack involving unauthorized access to part of its IT systems and confirmed data exfiltration, with the DragonForce group claiming responsibility.
Data leak at La Quiberonnaise
In early April 2026, the French cannery La Quiberonnaise confirmed that unauthorized access to its systems exposed customer personal data — names, postal addresses, email addresses and phone numbers — with the company notifying affected clients by email and reporting the breach to the CNIL.
291,000 users affected by a claimed leak at SongTrivia2.io
In April 2026, the music trivia game platform SongTrivia2 suffered a data breach published to a public hacking forum, exposing roughly 291,000 user accounts including email addresses, names, usernames, avatars, auth tokens and bcrypt password hashes.
French National Hunters Federation: nearly 1 million members in a leak resurfacing
On 2 April 2026, a database with the personal details of 1,048,991 members of France's National Hunters Federation (FNC) — including names, postal addresses, phone numbers, emails and hunting-permit data — was offered for sale on the dark web.
Gold Union: more than 120,000 gold buyers exposed with ID documents and transactions
In April 2026, French precious-metals dealer Gold Union suffered a data breach exposing records on more than 126,000 customers (2023-2026), including identities, addresses, transaction histories, IBANs and around 6,000 ID-card copies.
Maxance: 348,000 people publicly exposed, French state employees among those affected
Insurance broker Maxance is hit by a data leak now publicly disseminated, affecting more than 348,000 people. Among the
Serap: ransomware with 50 GB of data threatened
French manufacturer Serap, the world's leading maker of farm milk cooling tanks, was hit by an Akira ransomware double-extortion attack disclosed on 2 April 2026, with the group threatening to publish around 50 GB of stolen internal data.
SongTrivia2 data breach (2026)
In April 2026, the music trivia platform SongTrivia2 suffered a data breach that was subsequently published to a public hacking forum. The data contained a total of 291k unique email addresses sourced from either Google OAuth logins or accounts created on the site, the latter also containing bcrypt…
Data breachResolvedUnder Armour: the brand warns French customers after the leak of 72 million accounts
Under Armour confirmed a breach by the Everest ransomware group that exposed roughly 72.7 million unique customer email addresses along with names, dates of birth, genders, locations and purchase histories, leaked publicly after extortion failed and now reaching French customers.
Force Ouvrière (FO): more than 160,000 profiles exposed in a data leak
On 1 April 2026, French labour union Force Ouvrière (FO) was hit by a data breach claimed by an actor known as HexDex, who put up for sale a database of 161,343 member profiles including over 161,000 email addresses, 130,000 postal addresses and nearly 100,000 phone numbers.
Missions Locales: more than 500,000 young people exposed following a cyberattack
On 1 April 2026, more than 506,000 profiles of young people enrolled in France's Missions Locales network were put up for sale on dark web forums, exposing full identities, contact details, and sensitive data on their education, employment, and social circumstances.
Notre-Dame du Grandchamp: thousands of pupils exposed after a cyberattack
On 1 April 2026, the French Catholic school group Notre-Dame du Grandchamp was listed on NightSpire's leak site after a ransomware attack that exfiltrated roughly 330 GB of data, including students' medical records, academic files and HR data on thousands of pupils and staff.
Vacancéole: new customer leak in the tourism sector
Vacancéole, a specialist in holiday rentals in France, was the victim of a security incident involving a technical provider, confirming a
Hallmark data breach (2026)
In March 2026, Hallmark suffered an alleged breach and subsequent extortion after attackers gained access to data stored within Salesforce. The data was later published after the extortion deadline passed, exposing 1.7M unique email addresses across both Hallmark and the Hallmark+ streaming…
Data breachResolvedHomair: customer data exposed after a cyberattack
On 31 March 2026, French camping and holiday-village operator Homair disclosed a data breach traced to a compromised third-party technical provider, exposing customers' names, email addresses, phone numbers and booking details (destination, stay dates, amount paid), while bank data, passwords and postal addresses were said to be unaffected.
Leak at La Mine Bleue (via Vivaticket)
On 31 March 2026, French tourist attraction La Mine Bleue notified customers that their personal data — names, postal code/country, email and purchase history — was exposed in the ransomware breach of its ticketing provider Vivaticket; no banking data was affected.
Vaucluse Provence Attractivité: customers targeted after a cyberattack
On 31 March 2026, Vaucluse Provence Attractivité — the Vaucluse département's public tourism and economic-promotion agency — disclosed a messaging-system compromise that let attackers send fraudulent emails from its official addresses, exposing the names and email addresses of people who had contacted it.
Belambra: customer contact details exposed after a cyberattack
French holiday-club operator Belambra disclosed in March 2026 that a cyberattack on a shared reservation-system provider exposed personal data of roughly 400,000 customers, including names, emails, phone numbers and booking details, though no banking data or passwords.
French Savate Federation: nearly 680,000 licence holders exposed over 49 years
On 30 March 2026, the Fédération Française de Savate had a database of roughly 679,000 licence-holder profiles spanning 49 years (1977–2026) stolen and put up for sale by an actor known as HexDex, exposing names, contact details and sports-licensing information.
Leak at GDQuest
On 30 March 2026, a database from GDQuest — a French e-learning platform for the Godot game engine — surfaced on a hacking forum, exposing learners' email addresses, usernames/account slugs and the titles and prices of purchased courses.
Iliad (Free): new cyberattack with leaked network data
On 30 March 2026, the extortion group ALP-001 listed French telecom group Iliad (parent of Free) on its leak site, publishing a 5.4 GB sample of mobile-network engineering data — radio measurements, GPS drive tests, and network optimization records — and threatening fuller disclosure.
La Centrale de Financement: 387 GB of data leaked
On 30 March 2026, French mortgage broker La Centrale de Financement suffered a 387 GB breach of its corporate network — more than 400,000 documents including KYC scans, bank statements and tax returns — later put up for sale for $25,000 after extortion talks failed.
Le Petit Vapoteur: 3.3 million customers exposed
In late March 2026, French e-cigarette retailer Le Petit Vapoteur was hit by a data breach after a hacker using the alias 'undef' put its customer database up for sale, exposing names, emails, phone numbers, postal addresses and IP logs for a claimed 3.3 million customers and 599 employees spanning 2012-2026.
Handisport: nearly 200,000 members affected by a cyberattack
On 28 March 2026, the Fédération Française Handisport disclosed a data breach exposing the records of 197,276 licensed members, including civil-identity, contact and sensitive health data such as disability type, with a database put up for sale by the actor 'HexDex'.
Scalian: sensitive employee data leaked after a cyberattack
Around 27 March 2026, French IT services and engineering firm Scalian disclosed a cyberattack that leaked sensitive employee data — names, contact details, ID cards, vehicle registration papers and bank mandates — with the number of affected staff not yet known.
Allopneus: 453,000 customers exposed after a cyberattack
On 23 March 2026, French online tyre retailer Allopneus suffered a cyberattack on the software managing its home tyre-fitting service, exposing data on 453,299 unique customers across 739,316 records (2014–2026); no banking data or passwords were compromised.
Mondial Tissus: 365,900 customers compromised by a leak
A major data leak is reportedly currently targeting the Mondial Tissus chain. According to information circulated on a hacker forum, 365
SIA: data leak of 62,511 firearms in France
In late March 2026, France's Système d'Information sur les Armes (SIA), the national firearms registry run by the Interior Ministry, was hit by a leak of records on 62,511 weapons and their owners after a company account was compromised and the data put up for sale.
European Union: cyberattack on the Europa platform
On 27 March 2026 the European Commission confirmed a cyberattack on the cloud infrastructure hosting its Europa.eu web platform; the ShinyHunters extortion group claimed to have stolen 350+ GB of data and leaked over 90 GB, with around 30 EU entities potentially affected.
ZenBusiness data breach (2026)
In March 2026, the hacker and extortion group "ShinyHunters" claimed to have obtained a substantial corpus of data from ZenBusiness, a business formation and compliance platform.
Data breachResolvedBreachForums Version 5 data breach (2026)
In March 2026, a breach of one of the many iterations of the BreachForums hacking forum known as "Version 5" was publicly disclosed. The incident exposed 340k unique email addresses along with usernames and argon2 password hashes.
Data breachResolvedLeak at Les Champs Libres
On 26 March 2026, a breach at Les Champs Libres — the public cultural complex in Rennes — exposed user account data including names, email addresses, phone numbers and plain-text passwords.
Addi data breach (2026)
In March 2026, the Colombian fintech company Addi identified unauthorised activity on its platform and advised customers that "it is possible that your personal information may have been compromised".
Data breachResolvedCerballiance: medical data exposed after a cyberattack
On 25 March 2026, French medical-laboratory network Cerballiance disclosed a breach traced to a compromised external IT provider that exposed patient identities, portal credentials, medical test reports and social security numbers.
176,317 staff exposed: data leak at the French Ministry of the Interior (E-campus)
On 25 March 2026 a security incident was disclosed at the French National Police's E-campus training platform, where an intruder accessed personal data of officers and administrative staff; a hacker claimed a database of 176,317 agent profiles.
Sound Radix data breach (2026)
In March 2026, the audio production tools company Sound Radix disclosed a data breach that they subsequently self-submitted to HIBP. The incident impacted 293k unique email addresses and names.
Data breachResolvedCrous: 770,000 students affected by a massive leak
In March 2026, France's Cnous confirmed that an attacker exfiltrated data on 774,000 people from the Crous appointment platform mesrdv.etudiant.gouv.fr, including 139,000 individuals whose stolen files contained ID documents.
Leak at Crunchyroll
On 24 March 2026, anime streaming service Crunchyroll confirmed a data breach traced to a compromised third-party support vendor (Telus), exposing customer support-ticket data — names, emails, IP addresses and partial payment-card details — with a hacker claiming ~8M ticket records and ~6.8M unique email addresses.
Leak at Europa (European Commission)
In March 2026, the European Commission's Europa.eu web-hosting infrastructure was breached via a stolen AWS key (Trivy supply-chain compromise); ~91.7 GB of data covering 30+ EU entities — names, emails, email content and documents — was exfiltrated and leaked by ShinyHunters.
Volume unspecified - data leak at French Free Flight Federation
On 24 March 2026, the French Free Flight Federation (FFVL) was reported to have suffered a data leak exposing member records after unauthorized access to its systems; the volume of affected licence holders was not specified.
Leak at Marseille-Provence Metropolis
On 24 March 2026, the Métropole Aix-Marseille-Provence disclosed a data leak stemming from a compromised subcontractor, potentially exposing around 19,728 user accounts, including email addresses, names and passwords.
62,511 records in the SIA data leak
In late March 2026, a hacker put up for sale data on 62,511 firearms registered in France's Système d'Information sur les Armes (SIA), exposing owners' names, postal addresses, emails, phone numbers, weapon details and transaction histories.
Leak at I-Cad
I-Cad, France's national dog, cat and ferret identification registry, disclosed in March 2026 that a September 2025 software vulnerability had allowed automated querying of its database, exposing users' email addresses and fuelling phishing campaigns against pet owners.
Intoxalock: a cyberattack locks cars in the United States
Around 14 March 2026, US ignition-interlock provider Intoxalock was hit by a DDoS-style flood that knocked its servers offline for about a week, disrupting calibration and account services and leaving an estimated 150,000 court-ordered drivers across 46 states unable to start their cars.
Catholic education: a cyberattack exposes 1.5 million pieces of data
In March 2026, France's General Secretariat of Catholic Education (SGEC) disclosed a cyberattack on an administrative application that exposed the personal data of around 1.5 million students, families and teachers, including names, dates of birth, postal addresses, emails and phone numbers.
363,000 customers affected by data leak at Airsoft-Entrepot
In March 2026, French airsoft e-commerce retailer Airsoft-Entrepot was hit by a data breach exposing roughly 363,000 customers and 2.9 million orders spanning 2013-2026, including names, emails, postal addresses, phone numbers and order histories offered for sale by a threat actor.
109,302 CMF members: data leak claimed
On 20 March 2026, a database of the Confédération Musicale de France (CMF) — France's federation of amateur music ensembles and schools — was put up for sale by the actor HexDex, allegedly exposing 109,302 members including many minors, with identities, contact details, school records and disability notes.
113,000 members affected by a cyberattack at La Mutuelle Familiale
La Mutuelle Familiale, a French complementary health insurer, disclosed a computer intrusion detected on 17 March 2026 that potentially affected its roughly 113,000 members, exposing identity documents, bank details (RIB) and health and insurance data.
Data leak at Mingat
On 19 March 2026, French vehicle-rental company Mingat confirmed a data leak affecting its customers, notifying them of a security incident that exposed personal information held in its rental records.
262,651 teachers affected, data leak at the French Ministry of Education
The 262,651 teachers, future teachers and trainee teachers are affected by a data leak tied to the system managing the education authorities. The incident covers a history of several…
10,816 Canada Goose customers in a data leak
French customers of luxury outerwear brand Canada Goose were caught up in a data leak by the ShinyHunters extortion group, with 10,816 records in the France-related subset of a broader corpus of roughly 600,000 customer records traced to a third-party payment processor.
Leak at Musée des Arts et Métiers
Disclosed on 18 March 2026, the Musée des Arts et Métiers was caught up in the Vivaticket supply-chain ransomware breach, exposing online shop and ticketing customers' names, email addresses, account details and order history.
60,000 staff exposed in a claimed data leak at Annuaire Administration
On 17 March 2026, the actor HexDex claimed on DarkForums a leak from the French Annuaire de l'administration, a centralized public-sector directory, exposing the names, phone numbers, professional and personal addresses, and job titles of roughly 60,000 government agents.
Leak at Bibliothèque Nationale de France
A March 2026 ransomware attack on the Bibliothèque Nationale de France's third-party online ticketing provider exposed the names and email addresses of users who had booked cultural events; banking data, handled by a separate vendor, was not affected.
LA Metro (LACMTA) Iran-linked breach (2026)
Iran-linked hackers breached Los Angeles' transit agency LA Metro in March 2026, stealing at least 700 GB of internal data and disrupting passenger-information and TAP fare systems.
594 phone numbers in the claimed leak at Sarah Knafo #2
On 14 March 2026, a leak was claimed to expose roughly 594 phone numbers of Parisian Reconquête! members tied to Sarah Knafo's municipal campaign — a follow-on to the earlier public exposure of her campaign website's contributor data.
Divine Skins data breach (2026)
In March 2026, the League of Legends custom skins service Divine Skins suffered a data breach. The incident was disclosed via the service's Discord server, where Divine Skins stated that an unauthorised third party accessed part of its systems, deleted all skins from the database and exposed email…
Data breachResolved890,000 users affected by a claimed leak at GPS Santé
On 13 March 2026, a threat actor claimed to have leaked a database belonging to GPS Santé, a French health-tech firm offering online medical scheduling and teleconsultation, allegedly exposing data on roughly 890,000 patients and practitioners.
71,502 patients affected by a claimed data leak at Therapeutes.com
On 13 March 2026, a dataset claimed to come from the French therapist-booking platform Therapeutes.com was put up for sale, exposing around 71,502 patients along with nearly 199,697 appointment records and highly sensitive mental-health consultation details.
Data leak at Université Paris-Est
Students, staff and partners of Université Paris-Est are affected by a confirmed leak affecting the establishment's administrative files. Approximately 315,000 lines of…
813,866 users affected by the data leak at Medoucine
On 12 March 2026, French alternative-medicine booking platform Medoucine confirmed a data breach in which a database of 813,866 users — including about 6,500 practitioners — was put up for sale, exposing names, emails, phone numbers and consultation history.
476,282 customers affected by a claimed leak at Intersport Rent
On 11 March 2026, a database belonging to INTERSPORT Rent — the ski- and snowboard-equipment rental arm of the Intersport sports retail group — was dumped on a hacker forum, exposing roughly 1.2 million rows covering about 476,282 unique customers, including names, emails, phone numbers, loyalty numbers and rental order histories.
Leak at Pronote
A claimed leak of Pronote login credentials (email addresses and passwords) belonging to French students and parents was reported circulating for sale on the dark web; publisher Index Education stated its own systems were not breached, the credentials stemming from phishing and account theft.
Stryker Handala wiper attack (Iran-linked, 2026)
The Iranian state-linked group Handala compromised Stryker's Microsoft Intune administrator account and used the endpoint-management tool to wipe more than 200,000 servers, mobile devices, and corporate endpoints across 79 countries — bringing operations at one of the world's largest medical-device makers to a halt.
Data leak at Vivaticket following a ransomware attack
On 2 March 2026, ticketing platform Vivaticket disclosed a RansomHouse ransomware attack that exfiltrated customer data — names, emails, postal codes and purchase history — affecting users of 3,500 partner venues including the Louvre and the BnF.
1,005,361 members of the ASPTT Multi-Sports Federation: claimed data leak
Members of the ASPTT Multi-Sports Federation may be affected by a claimed leak involving more than a million registrations, for the 2014-2026 period, according to the claim...
310,000 Carte Jeune beneficiaries: Région Occitanie data leak
In March 2026, France's Région Occitanie disclosed a breach of its Carte Jeune Région scheme after a technical service provider was compromised, exposing the personal data of about 310,000 young beneficiaries — including some 270,000 ID photos of minors — which the DumpSec group put up for sale on the dark web.
Data leak at Vatel Capital
On 9 March 2026, French AMF-regulated asset manager Vatel Capital emailed its clients to disclose an accidental exposure of files that occurred between 21 February and early March 2026, affecting personal data held by the firm.
1,042 Airclaim customers affected by a claimed data leak
On 8 March 2026, a threat actor put a 121 GB database from flight-compensation platform Airclaim up for sale on a hacker forum, claiming 55,867 affected passengers — including 1,042 French nationals — with scanned passports, signatures and boarding passes exposed.
Baydöner data breach (2026)
In March 2026, the Turkish restaurant chain Baydöner suffered a data breach which was subsequently published to a public hacking forum. The incident exposed over 1.2M unique email addresses along with names, phone numbers, cities of residence and plaintext passwords.
Data breachResolved74,572 FNATH members: claimed data leak
Members of FNATH are affected by a claimed leak involving nearly 75,000 people, according to the claim. The association supporting victims of life accidents is reportedly the subject of a...
800,000 Le Temps des Cerises customers - claimed data leak
On 8 March 2026, a data leak was claimed against French ready-to-wear and denim brand Le Temps des Cerises, reportedly exposing personal details of roughly 800,000 customers who had ordered through its website.
1,342,952 Stych customers affected by a data leak
In March 2026, a threat actor put a fresh database of 1,342,952 customer records from Stych — a French online driving school — up for sale on a hacking forum, exposing names, contact details, postal addresses, dates of birth and driving-training profile data.
4,600 people affected by a claimed leak at Ordoclic
On 7 March 2026, a threat actor claimed a data leak at Ordoclic, a French e-prescription and e-health provider, allegedly exposing data on nearly 4,600 people including patients and business contacts; the claim remains unverified.
161 GB of data: claimed data leak at SYNLAB France
SYNLAB France customers and partners are potentially affected, according to the claim by the HexDex collective. The group claims to hold 161 GB of internal data belonging to the…
Aura data breach (2026)
In March 2026, the online safety service Aura disclosed a data breach that exposed 900k unique email addresses. The data was primarily associated with a marketing tool from a previously acquired company, with fewer than 20k active Aura customers affected.
Data breachResolvedData leak at Centre des Monuments Nationaux
In early March 2026, France's Centre des Monuments Nationaux disclosed a data leak stemming from a ransomware attack on its online ticketing provider, exposing visitors' emails, names, postal addresses, purchase history and hashed passwords, but no banking data.
Claimed leak at TAJ (Traitement d'antécédents judiciaires)
Systems linked to TAJ, used by the French Police and Gendarmerie, are allegedly affected by a claimed leak. According to the claim, a data package allegedly presents a complete system image…
713,814 people affected by a claimed data leak at ImmoJeune
On 5 March 2026, a database of 713,814 people who had submitted rental applications on the French student-housing platform ImmoJeune was offered for sale on a cybercrime forum, exposing names, emails, phone numbers, postal addresses and income details.
25,000 students affected by a claimed data leak at Penninghen
On 5 March 2026, a threat actor known as st0jke claimed to have breached Penninghen, a Paris art and design school, and offered for sale roughly 14 GB of data on around 25,000 students and parents, including photos, IBANs, ID documents and the platform source code.
15,000 employees affected by claimed data leak at ANCT
On 4 March 2026, a threat actor claimed on a hacking forum to be selling a database tied to France's Agence Nationale de la Cohésion des Territoires (ANCT), allegedly exposing professional and contact details of around 15,000 employees and administrative contacts, with a sample posted as proof.
1,462,485 beneficiaries affected by the Banque Alimentaire data leak
On 4 March 2026 the Fédération française des Banques Alimentaires confirmed a data breach exposing personal records of 659,658 aid-recipient families — about 1,462,485 people — including identity, contact, family-situation, income and aid-history details.
8,220 users affected - claimed data leak at Brouillon de culture
On 4 March 2026, a threat actor claimed to have leaked roughly 8,220 customer accounts belonging to Au Brouillon de Culture, a long-established bookshop in Nice, France, that also sells books through its online store.
SUCCESS data breach (2026)
In March 2026, the personal development and achievement media brand SUCCESS suffered a data breach. The incident exposed 250k unique email addresses along with names, IP addresses, phone numbers and, for a limited number of staff members, bcrypt password hashes.
Data breachResolvedWoflow data breach (2026)
In March 2026, the AI-driven merchant data platform Woflow was named as a victim by the ShinyHunters data extortion group. The group subsequently published tens of thousands of files allegedly obtained from the company, comprising more than 2TB of data.
Data breachResolved6.6 million users exposed in data leak at YGG Torrent
In March 2026, a lone hacker known as Gr0lum fully compromised the French BitTorrent tracker YggTorrent, exfiltrating roughly 6.6 million user accounts plus emails, password hashes, IP addresses and 54,776 plaintext bank card records before the site shut down permanently.
13,000 Be-bunk customers affected by a data leak
On 3 March 2026, Be-bunk, a fintech payment provider serving French overseas territories, confirmed a data breach affecting around 13,000 customers, with an actor claiming a 75-million-line database including IBANs, balances and identity data.
1,457,473 orders affected by claimed leak at Florajet
On 3 March 2026, French flower-delivery service Florajet confirmed unauthorised access to its B2B ordering tool after a criminal put 1,457,473 order records (2023-2026, ~136 GB) up for sale, exposing names, full postal addresses, ~952,000 phone numbers and intimate accompanying messages.
Ameriprise data breach (2026)
In March 2026, the financial services firm Ameriprise Financial was named by the ShinyHunters group in a "pay or leak" extortion campaign. The group claimed possession of more than 200GB of compressed data exfiltrated from Ameriprise's Salesforce environment and internal SharePoint infrastructure,…
Data breachResolved2,200 patients affected by a claimed leak at Bioserveur
Bioserveur's patients are reportedly affected by a claimed leak involving approximately 2,200 PDF documents, according to the claim. These files are described as test result reports…
Leak at Cloud Imperium Games
Cloud Imperium Games, developer of Star Citizen and Squadron 42, disclosed in March 2026 that a January attack on its backup systems gave intruders read-only access to player account data including names, usernames, dates of birth and contact details.
Leak at Lisi
In early March 2026, French aerospace and automotive fastener manufacturer LISI Group was hit by the Qilin ransomware gang, which exfiltrated a limited set of corporate data — bank account/IBAN details, supply contracts, confidentiality agreements and employee information — from two ancillary sites.
Leak at MDPH 92
In early March 2026, MDPH 92 — the Hauts-de-Seine disability services agency — accidentally exposed around 500 beneficiaries' email addresses by sending a mass post-cyberattack notice with recipients in CC instead of BCC.
Leak at the Oceanographic Museum of Monaco (via Vivaticket)
Customer data of the Oceanographic Museum of Monaco was exposed via a ransomware attack on its ticketing provider Vivaticket (subsidiary Irec SAS), disclosed 2 March 2026 and claimed by RansomHouse, leaking names, emails, phone numbers, postal locations and order/booking history.
Leak at Palais de la Porte Dorée
On 2 March 2026, the Palais de la Porte Dorée was among 40+ French cultural institutions affected by a ransomware attack on shared ticketing provider Vivaticket, potentially exposing visitors' names, contact details, dates of birth, purchase histories and encrypted passwords.
Leak at Paris Adult Courses Platform
On 2 March 2026, the City of Paris confirmed a data breach affecting the Cours d'Adultes de Paris (adult education) platform, exposing names, dates of birth, emails, postal addresses and phone numbers of users registered before May 2025; no passwords or banking data were affected.
Data leak at Tactis
In early 2026, French digital-infrastructure consultancy Tactis was hit by the Qilin ransomware gang, which listed the firm on its leak site and threatened to publish exfiltrated internal data covering its telecom and smart-city projects for public and private clients.
10,000 members affected by a claimed data leak at Tchap
On 2 March 2026, a cybercriminal claimed to have breached Tchap, the French state's secure messaging service run by DINUM, exposing data tied to around 10,000 members and naming internal rooms linked to the Interior Ministry and security forces.
Data leak at Orléans city hall (via Vivaticket)
On 2 March 2026, Orléans city hall warned ticket buyers that its online booking provider Vivaticket was hit by a RansomHouse ransomware attack; exposed customer data may include names, emails, country, postal code and purchase history, but no banking details.
2,500 people affected by a claimed leak at BE ATEX
On 1 March 2026, a threat actor claimed to have stolen a database from BE ATEX, a French industrial safety-equipment distributor near Toulouse, allegedly exposing personal data on roughly 2,500 of the firm's clients and employees.
343,734 members - data leak claimed at French Aeronautics Federation
On 28 February 2026, the French Aeronautics Federation (FFA) disclosed unauthorised access to its SMILE member-management platform, exposing the names, dates of birth, emails and postal addresses of 343,734 members, with archives reaching back to 2002.
37,472 licence holder photos in FFR XIII data leak
Licence holders of the French Rugby XIII Federation are affected by a confirmed leak involving photos and licence information. Nearly 37,000 of the exposed photos relate to...
Data leak at Union Nationale du Sport Scolaire
France's school-sport federation UNSS disclosed in late February 2026 that intruders accessed its OPUSS membership platform and leaked personal data and roughly 1.5 million ID photos of student athletes (11-18) on the darknet, spanning ~668,000 current and ~889,000 former members.
3 million students: claimed data leak at UNSS #2
On 28 February 2026, the group DumpSec claimed it had exfiltrated about 65 GB of data and roughly 1.5 million student identity photos from the French school sports federation UNSS, after breaching its OPUSS intranet; names, birth dates, schools and contact details were exposed.
175,942 people exposed in the Eiffage (NextSend) data leak
On 25 February 2026, the LAPSUS$ group claimed a breach of NextSend, the file-transfer platform (edited by Hegyd) used internally by French construction group Eiffage, publishing 77 files exposing 175,942 employees and external contacts.
Leak at ESPCI
In late February 2026, ESPCI Paris (a PSL University engineering and research school) disclosed that an access-control flaw let unidentified actors harvest its internal directory, exposing identity and contact details of students, staff and external personnel; passwords were not affected.
Leak at French Gymnastics Federation
In late February 2026, France's gymnastics federation (FFGym) disclosed a breach of its FFGym Licence system via a phished club account, exposing data on roughly 2.9 million current and former licensees registered since 2004.
203,179 members - claimed leak at French Ski Federation
In late February 2026, a threat actor advertised a database of 203,179 members of the French Ski Federation (FFS), spanning records from 1999 to 2026 and exposing civil-status details, contact data and family information; the FFS confirmed the breach and notified the CNIL.
Data leak at Westfield Club - customer information exposed
In February 2026, Unibail-Rodamco-Westfield disclosed unauthorised access to a database holding Westfield Club loyalty members' and newsletter subscribers' names, email addresses, phone numbers, postcodes and dates of birth; no financial data or passwords were exposed.
15 million patients affected by a data leak at Cegedim
The records of nearly 15 million patients managed via software from publisher Cegedim are affected by a confirmed leak. The publicly released elements indicate that this data comes from…
2,978,518 members - claimed data leak at French Gymnastics Federation
The French Gymnastics Federation (FFGym) suffered a data breach disclosed in early 2026 in which attackers used a phishing-compromised club account on the FFGym Licence platform to access personal data of roughly 2.9 million current and former members licensed since 2004.
Claimed data leak at French Karate Federation, volume unspecified
Licence holders and members of the French Karate Federation are affected by a claimed data leak, according to the claim. According to the announcement, a FFK database has been...
Leak at Sports and Cultural Federation of France
The Sports and Cultural Federation of France (FSCF) had the personal data of roughly 1.33 million members exposed after a third-party licence-management provider was compromised, leaking names, dates of birth, postal addresses, contact details and licence/membership records.
116,122 customers and prospects: claimed data leak at Santeo
Customers and prospects of Santeo, a health insurance comparator, are reportedly affected by a claimed data leak impacting around 116,122 people, according to the claim published on 26…
Data leak at CAF (RSA) - unspecified volume
In late February 2026, France's family-allowance fund CAF disclosed that around 70,000 RSA welfare recipients' dossiers were exposed after the HubEE inter-agency document platform was breached, leaking names, social-security numbers and contact details.
Leak at Caisse d'allocations familiales (via Direction du Numérique (DINUM))
Disclosed in late February 2026, a compromise of HubEE — the inter-administrative document-exchange platform operated by France's DINUM — exposed personal data of RSA welfare claimants, with roughly 70,000 dossiers (about 160,000 documents) affected; no banking data or passwords were exposed.
352,502 members affected by a claimed leak at FFAAA
Members of the French Aikido, Aikibudo and Associated Federations (FFAAA) are affected by a claimed leak of their personal data. According to the claim, a corpus of 352,502…
KomikoAI data breach (2026)
In February, the AI-powered comic generation platform KomikoAI suffered a data breach. The incident exposed 1M unique email addresses along with names, user posts and the AI prompts used to generate content. The exposed data enables the mapping of individual AI prompts to specific email addresses.
Data breachResolvedLovora data breach (2026)
In February 2026, the couples and relationship app Lovora allegedly suffered a data breach that exposed 496k unique email addresses. The data also included users’ display names and profile photos, along with other personal information collected through use of the app.
Data breachResolved18 GB of data (ID cards, bank details, photos) - claimed leak at MyConnect
In late February 2026, a threat actor known as DumpSec advertised the sale of data allegedly stolen from French digital temp agency MyConnect — around 125,000 records and 18 GB of files (ID scans, bank details, birth certificates) for some 16,000 people.
8,571 KYC documents, leak claimed at Ayomi
On 24 February 2026, a threat actor claimed to have leaked a database of 8,571 KYC identity-verification documents belonging to clients and project owners of Ayomi, the French equity-crowdfunding and fundraising platform for SMEs and startups.
74,312 business accounts: leak claimed at Cegid
A threat actor claimed to have leaked a database of 74,312 business-customer records from French software publisher Cegid, exposing company names, contact details, IBAN/RIB bank identifiers and invoice metadata for clients in France, Belgium and Spain.
728,732 members - claimed data leak at French Motor Sport Federation
On 24 February 2026, a threat actor claimed to be selling a database of 728,732 members of the French Motor Sport Federation (FFSA), exposing names, dates of birth, postal and email addresses, phone numbers and licence details after a third-party provider was compromised.
Leak at the Civil Aviation Safety Organisation
In February 2026 the LAPSUS$ extortion group claimed the theft of about 420 GB of data from France's Civil Aviation Safety Organisation (OSAC), including ID cards, passports, diplomas, proof-of-address documents and internal files; the data was later leaked in full.
11 million records and documents - claimed leak at French Athletics Federation
In February 2026, a database of around 11.4 million records belonging to licensed athletes, officials and coaches of the French Athletics Federation (FFA) was put up for sale, exposing personal details and millions of passwords, including roughly 3 million in plain text.
5 million records: data leak at Mondial Relay
Mondial Relay customers are affected by a confirmed data leak impacting approximately 5 million records. The published elements indicate this is a corpus aggregated from…
400,000 Olympique de Marseille customers, claimed leak
Olympique de Marseille customers are reportedly affected by a claimed leak impacting nearly 400,000 people, according to the claim. The publication announces the sale of a database…
80,000 documents: claimed leak at Unis Cité
On 23 February 2026, the civic-service association Unis Cité was hit by a data breach exposing roughly 80,000 people and around 40 GB of data, including national ID cards, photos, IBANs and other sensitive documents on young volunteers, claimed by the DumpSec group.
Data leak at the French Badminton Federation
The French Badminton Federation disclosed that an unauthorized export from its internal Poona membership platform, traced to a compromised administrator account and discovered in September 2025, exposed personal data on roughly 300,000 licensed members, including names, dates of birth, contact details and parents' names.
Claimed leak at MaSalleDeSport - unspecified volume
On 22 February 2026, a hacker known as "84City" claimed to have breached MaSalleDeSport, a CRM and management provider for 2,000+ French gyms (Basic-Fit, Fitness Park, ON AIR Fitness, L'Orange Bleue), exposing member names, phone numbers, SMS and addresses for a potential 1M+ people.
Data leak at IDMerit - Exposed database
An unprotected MongoDB database linked to identity-verification provider IDMerit exposed roughly 1 billion KYC records across 26 countries, including full names, addresses, dates of birth, national ID numbers, phone numbers and emails.
41,000 customers affected by a claimed leak at Innovorder
On 21 February 2026, Innovorder — a French SaaS provider of POS and management software for the foodservice industry — confirmed a data breach after a dataset of around 41,000 records, accessed via credentials compromised in an unrelated breach, was offered on a hacking forum.
19,000 people affected by a claimed leak at Azaé
On 20 February 2026, a threat actor claimed a data leak at Azaé, the French home personal-services provider, allegedly exposing personal information on roughly 19,000 clients and employees; the claim remains unconfirmed by the company.
65,000 employees affected by data leak at French National Gendarmerie (RESANA)
On 20 February 2026, a dataset of roughly 65,000 records on French National Gendarmerie personnel surfaced online, scraped in March 2025 from the inter-ministerial RESANA collaboration platform and exposing names, contact details and job assignments.
400,000 members affected by a claimed data leak at KeepCool
On 20 February 2026, a threat actor put up for sale on BreachForums a database claimed to belong to French gym chain KeepCool, affecting some 400,000 members across 270 clubs and exposing names, emails, phone numbers and some IBANs.
8,861 staff - data leak at the French Ministries of the Interior & Armed Forces
On 20 February 2026, a compilation of personal data covering 8,861 staff of the French Ministries of the Interior and Armed Forces — including names, dates of birth, contact details and internal identifiers — surfaced on underground forums, part of a wider aggregate of leaks affecting French public agents.
Claimed leak at OSAC (Civil Aviation) - Ransomware - see details
On 20 February 2026 the LAPSUS$ extortion group claimed to have stolen about 420 GB of data from France's civil-aviation safety body OSAC, including ID documents, passports and internal files; the full dataset was later published online.
Data leak at PayPal: exposure affects PayPal Working Capital customers
PayPal disclosed in February 2026 that a coding error in its PayPal Working Capital (PPWC) business-lending platform exposed the personal data — including names, dates of birth, SSNs and business addresses — of around 100 customers, some of whom in France, for nearly six months.
2,393 officials affected by a Police, Gendarmerie, CNIL data leak
On 20 February 2026, a compiled database exposing 2,393 French state agents — from the Police, Gendarmerie, Defence ministry, DGSI, DGSE, Customs and the CNIL (including 86 CNIL staff) — was published on underground forums, leaking identity, contact and professional details aggregated from hundreds of prior breaches.
Leak at FFCK and Paddle Sports
In February 2026, the French Canoe Kayak and Paddle Sports Federation (FFCK) had a member database covering decades of licence-holders leaked and offered for sale, exposing the names, dates of birth, postal addresses, phone numbers, emails and club/licence details of roughly 393,374 people.
Leak at the French Ministry of Sports, Youth and Community Life
In February 2026, the French Ministry of Sports, Youth and Community Life had data on roughly 450,000 candidates exfiltrated from its FORÔMES sports/youth training platform after a legitimate training organisation's account was compromised, exposing names, contact details and dates and places of birth.
450,000 FOROM users hit by a data leak
On 19 February 2026 the French Ministry of Sports disclosed that data on roughly 450,000 candidates was exfiltrated from its FORÔMES training and diploma platform after a legitimate training-organisation account was compromised, exposing names, contact details and dates and places of birth.
Claimed leak at Valgo - internal and customer data (ransomware)
On 19 February 2026, the Incransom ransomware group claimed to have stolen 279 GB of data (225,372 files) from French environmental-remediation firm Valgo SA, including contracts, NDAs, financial records and client data naming Renault Group and others.
1,431,906 members affected by a data leak at CFDT
On 18 February 2026, France's CFDT trade union confederation confirmed a data breach exposing the names, postal addresses and union-affiliation details of up to 1.4 million current and former members, after an attacker abused a hijacked regional manager's account.
Cyrillus data leak detected via a third-party provider
French family-clothing retailer Cyrillus reported a customer data leak originating from one of its third-party providers, detected on 13 February 2026 and confirmed from publicly disclosed elements; the full number of affected customers was not made public.
Leak at Direction Générale des Finances Publiques
France's tax authority (DGFiP) disclosed on 18 Feb 2026 that an attacker who hijacked a civil servant's credentials accessed FICOBA, the national bank-account registry, exposing identity, address, IBAN and in some cases tax-ID data for about 1.2 million account holders.
Leak at Espace CE
In February 2026, personal data belonging to thousands of employees was found circulating on the dark web after a breach of Espace CE (Espace CSE), a French platform managing benefits for Works Councils; exposed fields included names, contact details, dates of birth and hashed passwords.
1.2 million bank accounts: data leak at FICOBA
France's Ministry of the Economy and Finance disclosed that an intruder who usurped a civil servant's credentials had illegitimately accessed the national bank-account registry FICOBA from late January 2026, exposing the IBAN/RIB details, identity, address and in some cases tax ID of holders of about 1.2 million accounts.
5,022 records from Lycée Carnot Paris: claimed data leak
Students, their parents and staff at Lycée Carnot Paris could be affected by the disclosure of approximately 5,022 user records. According to the claim, these records were reportedly…
512,000 On Air Fitness members, claimed data leak
On Air Fitness members and former members are reportedly affected, according to the claim, by a data leak impacting around 512,000 people. According to the announcement, the files cover…
358,000 Réglo Mobile (Leclerc) customers affected by a data leak
On 18 February 2026, Réglo Mobile — the E.Leclerc/SFR-backed mobile virtual operator — disclosed that a subcontractor breached from 13 February exposed data on about 358,000 customers, including identity, contact details, dates of birth, PUK codes, call records and partial banking data, with the database offered for sale by actor "84City".
27,000 employees affected by a data leak at RTL Group
In February 2026, a threat actor claimed to have breached the intranet of European broadcaster RTL Group, exposing an internal directory of more than 27,000 current and former employees including names, work emails, addresses, phone numbers and job details.
8,000,000 Axa customers: claimed data leak
Axa France customers are affected, according to the claim, by an announced leak that would impact more than 8 million people. The claim indicates that 'data and access' were…
Quitbro data breach (2026)
In February 2026, the porn addiction app Quitbro allegedly suffered a data breach that exposed 23k unique email addresses. The data also included users’ years of birth, responses to questions within the app and their last recorded relapse time.
Data breachResolved1,617 customers and partners hit by Adidas data leak
Adidas customers and partners are affected by a confirmed leak that exposes personal and commercial information. According to available information, around 1,617 people have been…
CNRS data leak - ransomware targeting agents before 2007
Permanent and non-permanent staff who worked at CNRS before 31 December 2006 are affected by a data leak confirmed by CNRS. The exact volume of exposed information has not…
31 million bookings claimed in data leak at Socloz
Customers of Socloz partner brands are affected, according to the claim, by the exfiltration of approximately 31 million booking lines in early 2026. Socloz is a platform…
Data leak at Voyage Privé - upcoming bookings exposed
Voyage Privé, the French flash-sale travel platform, confirmed in February 2026 that a compromised third-party partner exposed reservation data for customers with upcoming trips — including names, country of residence, emails, phone numbers and, in some cases, passport numbers — fuelling a wave of WhatsApp phishing.
14,753 people affected by a claimed leak at EPITA
On 15 February 2026, the Lapsus$ group listed a database allegedly stolen from French engineering school EPITA on BreachForums, claiming records on 14,753 students and staff including names, email addresses, graduation years and profile photos.
CarGurus data breach (2026)
In February 2026, the automotive marketplace CarGurus was the target of a data breach attributed to the threat actor ShinyHunters. Following an attempted extortion, the data was published publicly and contained more than 12M email addresses across multiple files including user account ID mappings,…
Data breachResolved97,795 FFVRC members affected by claimed data leak
Members of the French Radio-Controlled Cars Federation (FFVRC) may be affected by a claimed leak involving nearly 98,000 people. According to the claim, 97,795...
19,313 Chez Switch customers: data leak claimed
Chez Switch customers are, according to the claim, affected by a data leak that would impact nearly 19,300 people. Chez Switch presents itself as an energy supplier and…
Leak at Grain de Malice (via Socloz)
Customer data of French womenswear retailer Grain de Malice was exposed in February 2026 through a breach of its omnichannel retail provider Socloz, leaking names, email addresses and phone numbers as part of a dataset of up to ~31 million records.
3,600 Gustave-Auto customers affected by a claimed data leak
Gustave-Auto, a French automotive services platform (vehicle convoyage, fleet management and repairs), disclosed in February 2026 that an access anomaly exposed partner data — names, postal and email addresses, phone numbers, IBAN/BIC banking details and SIRET/VAT numbers — with a tracker claim citing around 3,600 records.
Claimed leak at Kimsufi (OVHcloud) affecting databases
A threat actor claimed to have stolen data tied to Kimsufi, the budget hosting brand of French cloud provider OVHcloud, alleging exposure of roughly 1.6 million customers and data from 5.9 million hosted websites; OVHcloud denied the breach, saying the sample did not come from its systems.
Cyberattack at Les Restos du Cœur
On 11 February 2026, French food-aid charity Les Restos du Cœur suffered a cyberattack on an internal system, exposing the personal data of its employees and volunteers, including names, roles, departments, email addresses and phone numbers.
2.4 million licence holders - data leak at French Judo Federation
In February 2026, the French Judo Federation (France Judo) suffered a breach of its federal extranet in which the group RavenSec stole and offered for sale roughly 2.4 million records covering 533,730 licence holders, including photos, 948 national ID cards, social security numbers and medical data.
Odido data breach (2026)
In February 2026, Dutch telco Odido was the victim of a data breach and subsequent extortion attempt. Shortly after, a total of 6M unique email addresses were published across four separate data releases over consecutive days.
Leak at Commune de Bourg-Achard
The town hall of Bourg-Achard (Eure, Normandy) disclosed a cyberattack dating to 29 January 2026 that led to a data leak, with municipal room-reservation records among the information exposed; the CNIL, gendarmerie and ANSSI/Normandie Cyber were notified.
13,016 customer accounts, data leak claimed at Birdee
On 10 February 2026, a threat actor claimed to have stolen 13,016 unique customer records from Birdee, the online savings and robo-advisor platform, allegedly extracted from two database files containing account holders' personal details.
70,000 customers affected by a claimed leak at Ciffreo Bona
Ciffreo Bona customers are affected by a claimed leak involving nearly 70,000 accounts, according to the claim. The announced file would cover 15 years of activity (2009-2024) and…
Data leak at Safran Group: supply chain exposed
In February 2026, a database tied to French aerospace and defense group Safran surfaced on a hacking forum, exposing roughly 718,716 order records — names, emails, phone numbers, ERP references and logistics data — leaked through a third-party provider rather than Safran's own systems.
Data leak at Aïkan affecting Flitter and Wakam customers
Disclosed on 9 February 2026, a data leak at French insurance-delegated-management firm Aïkan, traced to an intrusion detected on 15 January, exposed personal data of policyholders managed on behalf of partners Flitter and Wakam.
4,198,129 employees affected by the data leak at Groupe Atalian
A dataset of 4,198,129 rows tied to Groupe Atalian — a global facility-services and cleaning company — surfaced on BreachForums, exposing HR records including names, dates and places of birth, addresses, nationalities, contract and payroll details, and immigration-card numbers.
Leak at La Carte Avantage Jeune
A January 2026 breach of Info Jeunes Bourgogne-Franche-Comté's Carte Avantages Jeunes platform exposed the personal data of roughly 283,000 cardholders, including names, dates of birth, addresses, phone numbers and identity documents, later put up for sale on the dark web.
348,346 Maxance customers: claimed data leak
Maxance customers are, according to the claim, affected by the publication of 348,346 records containing personal and contractual information. The file is announced as…
Data leak at PharmaShopi - volume not specified
Customers who placed or attempted an order on PharmaShopi are affected by a confirmed leak. The site, an online pharmacy and parapharmacy, had payment information exposed…
Data leak at Prozon, volume not specified
In February 2026, French company Prozon disclosed a data breach affecting its customers after an attacker gained unauthorised access to one of its infrastructure tools; the company confirmed the incident and notified France's data-protection regulator, the CNIL, though the volume of affected records was not specified.
12,143 Renault Sud-Est customers affected by a claimed data leak
On 9 February 2026, a threat actor published a claimed CRM database export from a Renault dealership network in south-eastern France (PACA), exposing roughly 12,143 customer records including names, contact details, addresses and vehicle information.
Data leak at Sumsub
In February 2026, identity-verification (KYC) provider Sumsub disclosed a 2024 breach — undetected for ~18 months — in which an attacker reached a customer-support environment and exposed the names, email addresses and phone numbers of clients of crypto and fintech platforms it serves.
28,000 customers and staff affected by a claimed leak at Immo-pop
On 8 February 2026, a threat actor claimed to have leaked data on roughly 28,000 customers and staff of Immo-pop, the French fixed-fee online real estate agency; the claim was logged by a French breach tracker and remains unverified by the company.
1,227 registrations exposed in the data leak at Rankfyt
Participants registered via Rankfyt are affected by a data leak impacting 1,227 registrations, with details concerning more than 2,000 linked people (teammates). The files…
12,711 coordinators affected by a claimed data leak at CetteFamille
On 7 February 2026, a threat actor claimed a data leak from French eldercare platform CetteFamille, exposing the names, email addresses and account status of around 12,711 coordinators across roughly 333,000 documents (about 41 GB).
Leak at the French Office for Biodiversity
In early February 2026 the French Office for Biodiversity (OFB) disclosed that an intrusion into its national hunting-licence application exposed personal data of licence candidates, applicants and holders — including full identity, contact details, nationality and licence numbers.
Claimed data leak at Voyages Robin
In early February 2026, the Qilin ransomware group listed French coach-travel operator Voyages Robin on its dark-web leak site, claiming to have stolen customer booking details, travel itineraries and financial records.
Leak at French Table Tennis Federation
The French Table Tennis Federation (FFTT) disclosed a cyberattack in which a compromised account was used to bulk-extract licence-holder records — names, dates and places of birth, nationality, licence numbers and contact details for an estimated 210,000–254,000 members; no banking or health data was affected.
Leak at French Sailing Federation
In early February 2026, France's national sailing federation (FFVoile) disclosed a data breach of its licence-management platform via a compromised club account, exposing personal data of several hundred thousand licensees including names, birthdates, addresses, emails, phone numbers and disability status.
Leak at the City of Paris
A leaked file from the City of Paris's municipal adult-education platform (Cours municipaux pour adultes) exposed the personal data of 320,292 registered users, including names, dates of birth, postal addresses, phone numbers and email addresses; no passwords or banking data were involved.
Toy Battles data breach (2026)
In February 2026, the online gaming community Toy Battles suffered a data breach. The incident exposed 1k unique email addresses alongside usernames, IP addresses and chat logs. Following the breach, Toy Battles self-submitted the data to Have I Been Pwned.
Data breachResolvedLeak at ADMR
On 5 February 2026, the threat group RavenSec claimed a breach of France's ADMR home-care network, leaking member data — names, email and postal addresses and organisation details — with over 10,000 people initially affected and a claimed underlying database of millions.
15,108 employees hit by claimed leak at ARS
On 5 February 2026 a threat actor claimed to be selling a database holding the professional email addresses of 15,108 staff of France's Agence Régionale de Santé (ARS), alongside other work-related details, on a cybercrime forum.
7,665 patients affected by a claimed data leak at Asten Santé
On 5 February 2026, a threat actor known as sux1337 claimed to have leaked 7,665 lines of patient data from Asten Santé, a French home-healthcare provider, publishing the records for free on a cybercrime forum days before the company suspended its patient and prescriber extranets for security reasons.
Leak at Centre Communal d'Action Sociale de Dunkerque
In early February 2026, a hacker put up for sale a database of 66,343 people supported by the CCAS of Dunkerque, exposing names, dates of birth, postal addresses, phone numbers, emails and family-situation details of social-aid beneficiaries.
4,000 officers affected by a claimed data leak at Centre National de Gestion (CNG)
On 5 February 2026, a threat actor claimed to have leaked roughly 4,000 lines of data concerning authorising officers (agents ordonnateurs) at France's Centre National de Gestion, the public body managing HR for hospital practitioners and healthcare directors.
39,896 customers affected by a claimed leak at Family Cinema
Family Cinema customers would be affected by a data leak, according to the claim. The advertised batch would contain nearly 156,489 orders and 39,896 unique customers, covering the period…
813,983 FFRandonnée members - claimed data leak
On 5 February 2026, the French Hiking Federation (FFRandonnée) was named in a claimed data leak said to expose the personal records of 813,983 members, part of the 2026 wave of breaches hitting French sports federations through shared licensee-management systems.
Data leak at Flickr confirmed by the company
Flickr users residing in Europe are affected by a metadata exposure that hit the service in February 2026. According to the official announcement, approximately 228,000 European accounts...
Data leak at Protexia France
In early February 2026, Protexia France — the legal-protection insurance subsidiary of Allianz France — was reported to have suffered a data breach exposing personal information belonging to its policyholders and contacts.
1,150 people affected by a data leak at Notre-Dame des Dunes
On 4 February 2026, the Collège-Lycée Notre-Dame des Dunes, a private Catholic secondary school in Dunkirk, France, disclosed a confirmed data leak affecting roughly 1,150 people, mainly its pupils and the staff and external contributors connected to the school.
553 Collège Saint-Charles pupils affected by a data leak
The 553 pupils enrolled in the Sports Association of Collège Saint-Charles (Guipavas/Brest) were exposed in the wider UNSS school-sports breach, with their names, dates of birth, school and ID photos leaked online after the federation's OPUSS platform was compromised.
828,000 stop-points exposed in data leak at Loxam
On 4 February 2026, French equipment-rental group Loxam disclosed a breach of a third-party delivery-planning system that exposed roughly 60 GB of logistics data — 94,735 delivery routes and about 828,000 geolocated stop-points covering 2020-2026, plus customer, driver and vehicle details.
377,418 jobseekers - data leak at Choisir le service public
France's state recruitment portal Choisir le service public disclosed in early February 2026 a breach exposing the application profiles of 377,418 candidates after attackers abused a compromised manager account; names, contact details, birth dates and career data were leaked and offered for sale.
697,313 Substack records exposed in data leak
Substack disclosed in February 2026 that an unauthorized third party scraped its systems, exposing roughly 697,313 user records including email addresses, phone numbers, names, user and Stripe IDs, and profile metadata; passwords and financial data were not affected.
79,164 customers affected by a data leak at Darty.com (Kitchen)
A compromise of a third-party appointment-scheduling tool used by Darty's kitchen design service exposed personal and project data on 79,164 French customers, including names, postal addresses, emails, phone numbers and kitchen budgets, with no passwords or banking data affected.
Leak at French Army
In late January 2026, a hacker claimed to have exfiltrated 2,971 files (about 4.5 GB, including 1,533 PDFs) from the French Army (Armée de Terre) via a compromised account, with documents marked 'Diffusion Restreinte' (restricted distribution) and internal technical guides.
66,000 users: data leak claimed at CCAS de Dunkerque
A threat actor claimed to have stolen and put up for sale a database of about 66,343 beneficiaries of the CCAS de Dunkerque, France's municipal social-welfare body, exposing names, emails, phone numbers, dates of birth, addresses and household details.
21,647 people affected by a data leak at Inria
Disclosed on 31 January 2026, a confirmed data leak at France's Inria research institute exposed personal records of about 21,647 staff and collaborators from Inria, IRISA and partner research units, including names, dates of birth, postal addresses and household details.
23,535 locum doctors - claimed data leak at Médecins Remplaçants
On 31 January 2026, a dataset advertised on BreachForums as the 2026 directory of French locum (replacement) doctors was claimed to expose roughly 23,535 records, including names, emails, phone numbers and professional practice-authorisation numbers.
Claimed leak at ANPS (Association Nationale des Premiers Secours)
On 30 January 2026 a 1.06 GB SQL database stolen from French first-aid non-profit ANPS was posted to BreachForums, exposing roughly 5,600 unique email addresses along with names, dates and places of birth traced back to a legacy system.
Association Nationale des Premiers Secours data breach (2026)
In January 2026, a data breach impacting the French non-profit Association Nationale des Premiers Secours (ANPS) was posted to a hacking forum. The breach exposed 5.6k unique email addresses along with names, dates of birth and places of birth.
Leak at Code Rousseau
In late January 2026, French driving-education company Codes Rousseau disclosed unauthorized access to its Easysystème platform, exposing learner identity and contact details, ID photos, signatures and NEPH driving-licence numbers; ~30,000 records were later put up for sale.
Cyberattack at Codes Rousseau targeting the Easysystème application
Codes Rousseau disclosed unauthorized access to its Easysystème driving-school platform, used by nearly all French driving schools, exposing learner drivers' identity data including names, contact details, ID photos, signatures and NEPH licence numbers.
37.8 million user accounts in the ManoMano data leak
People with a ManoMano account are affected by a data leak hitting the online DIY and gardening site. Nearly 38 million accounts are reportedly involved, according to…
Leak at OpQuast
On 30 January 2026, a data leak at Opquast — the French web-quality assurance and certification company based in Mérignac — exposed the email addresses of around one hundred people.
Provecho data breach (2026)
In early 2026, data purportedly sourced from the recipe and meal planning service Provecho was alleged to have been obtained in a breach. The exposed data included 713k unique email address along with username and the creator account holders followed.
Data breachResolved1,000,000 customers of FranceCasse.fr - claimed data leak
Customers of FranceCasse.fr are, according to the claim, affected by a leak exposing more than a million profiles. According to the claim, a 98 GB file structured via PrestaShop...
Leak at Match Group (Hinge, Match, OKCupid)
On 29 January 2026, Match Group — parent of Hinge, Match and OKCupid — disclosed a breach after the ShinyHunters group used a vishing attack to hijack an employee Okta SSO account; exposed PII included names, dates of birth, phone numbers and IP addresses.
20,000 customers affected by the Multi-French-Real-Estate-Agencies data leak
In late January 2026, a cybercriminal put up for sale on a hacking forum a 500 GB trove of more than 1.18 million files stolen from eleven French real estate agencies, exposing the personal, contractual and financial data of at least 20,000 owners, tenants, co-owners and suppliers.
126,998 Reseau.site customers affected by a data leak
On 29 January 2026, a full database dump from Reseau.site — a French SaaS platform for merchants and craftspeople — exposed 126,998 customer records, including names, contact details, hashed passwords, bank card numbers and IBANs.
900,000 VeryChic customers affected by a data leak
On 29 January 2026, French luxury travel agency VeryChic, which specialises in private sales of hotel stays and trips, was hit by a confirmed data leak affecting roughly 900,000 customer records.
Leak at 11 real estate agencies
On 28 January 2026, a leak of roughly 1.18 million files (500+ GB) affecting 11 French real estate agencies — including Marteau Immobilier (Orpi), AFG Immobilier and Trenta Immobilier — was put up for sale on a cybercrime forum, exposing IDs, IBANs, contracts and credentials of an estimated 20,000+ owners, tenants and co-owners.
Leak at Puteaux Medical Imaging Centre
On 28 January 2026, patient personal data from the Centre d'Imagerie Médicale de Puteaux — a radiology and medical imaging centre in the Hauts-de-Seine — was exposed in a confirmed data breach, including names, dates of birth, contact details and appointment history.
Figure data breach (2026)
In February 2026, data obtained from the fintech lending platform Figure was publicly posted online. The exposed data, dating back to January 2026, contained over 900k unique email addresses along with names, phone numbers, physical addresses and dates of birth.
Data breachResolvedLeak at Le CNAM
A dataset tied to the Conservatoire National des Arts et Métiers (CNAM), the French public higher-education institution, was reported leaked around 28 January 2026, exposing personal records for roughly 10,000 people including names, contact details, dates of birth and job information.
Leak at Lovys
On 28 January 2026, a data leak was claimed against Lovys, a French 100% digital neo-insurer, allegedly exposing customer records; the scale and exact data categories remain unverified.
Data leak at UGSEL
On 28 January 2026, a dataset exposing personal details of roughly 600 students linked to UGSEL — the French Catholic-schools sports federation — surfaced online, including names, gender, dates of birth and class/category information.
Data leak at Wemind (via Allianz)
On 28 January 2026, a data leak affecting Wemind, the French neo-insurer for freelancers and small businesses, exposed members' contact details — names, postal addresses, email addresses and phone numbers — through its Allianz insurance/back-office channel.
10,000,000 O'Tacos customers affected by a data leak
On 27 January 2026, a database tied to O'Tacos' loyalty programme and mobile app surfaced for sale on a hacking forum: a 9 GB JSON dump of roughly 29 million user records, about 10 million with full identity details, across the French chain's international markets.
5.88 million customers affected in data leak at Techni-Contact
On 27 January 2026, French B2B equipment marketplace Techni-Contact was hit by a confirmed customer data leak, with a corpus of roughly 5.88 million records circulating that exposed customer contact and account details.
Data leak at AutoForever linked to a flaw in the Brevo extension
Customers and contacts of AutoForever are affected by a confirmed data leak, with the volume remaining unspecified. The company states it does not know whether personal data was stolen following…
900,000 Lyleoo users affected by a data leak
On 26 January 2026, Lyleoo, a French ophthalmology tele-expertise platform, confirmed a data breach after attackers used a partner optician's stolen credentials to access its systems; the DumpSec group leaked about 900,000 records of user contact details.
508,276 Coriolis Télécom customers affected by a data leak
French mobile and internet operator Coriolis Télécom was hit by a data leak in which a hacker put a 356 MB database of 508,276 customer records — including names, postal and email addresses, dates of birth, IBAN/BIC bank details and business SIRET numbers — up for sale on a dark-web marketplace.
Leak at French Sports for All Federation
On 25 January 2026, the Fédération Française Sports pour Tous saw the personal data of 1,493 of its members exposed, including names, postal addresses, phone numbers, member status, affiliated club, qualifications and activities.
683,936 customers affected by claimed leak at Livre en Poche
On 25 January 2026, a threat actor claimed to have leaked order-related customer data from the French secondhand-bookshop cooperative Livrenpoche (Livre en Poche), with roughly 683,936 rows reportedly affected; the claim is unverified by the company.
Leak at Sciences Po
On 25 January 2026, a SQL dump of internal databases belonging to Sciences Po — the Paris Institute of Political Studies — surfaced online, exposing data held by the higher-education institution as part of a broader wave of French data leaks that month.
CarMax data breach (2026)
In January 2026, data allegedly sourced from US automotive retailer CarMax was published online following a failed extortion attempt. The data included 431k unique email addresses along with names, phone numbers and physical addresses.
Data breachResolvedEdmunds data breach (2026)
In January 2026, the automotive research and car-shopping platform Edmunds was listed by the ShinyHunters hacking group as having been breached. Data purportedly obtained in the incident was later published publicly and included 178k unique email addresses, usernames, passwords, IP addresses, phone…
Data breachResolved950,000 people affected by data leak at FFESSM
On 24 January 2026, France's underwater diving federation FFESSM disclosed a personal-data breach after unauthorised access to one of its IT systems exposed identity and contact details of members and licence holders, with roughly 950,000 people affected and data offered for sale on the dark web.
Leak at Guiot de Bourg
On 24 January 2026, a customer database from French silver-jewelry brand Guiot de Bourg covering some 90,000 e-commerce accounts surfaced online, exposing names, emails, dates of birth, hashed passwords and order/payment metadata.
Leak at Movida
Customer data from French vehicle-rental company Movida was exposed in a breach disclosed on 24 January 2026, including names, contact details and bank account numbers (IBANs).
Leak at Panorama Banques
On 24 January 2026, a database attributed to French bank-comparison and credit-brokerage service Panorama Banques (Panorabanques) surfaced online, exposing personal, contact and detailed financial-profile data on roughly 2.34 million customers.
Leak at French Fencing Federation
On 23 January 2026, the French Fencing Federation (FFE) had its licensee database leaked as part of a wave of attacks on French sports federations, exposing members' names, contact details, postal addresses, nationality and licence/club information.
Leak at French Hunting Federation
On 23 Jan 2026 the Fédération Nationale des Chasseurs disclosed a breach of its hunting-permit validation portal, exposing names, dates of birth, postal/email addresses, phone numbers, federal IDs and licence details of roughly 1.4 million hunters.
1,200,000 people exposed in data leak at FFVolley
The French Volleyball Federation (FFVolley) confirmed a breach of its membership database affecting roughly 1.2 million licensees, with about 23 GB of highly sensitive files — including national ID cards, passports and birth certificates — exfiltrated and offered for sale.
Leak at French Firefighters Federation
On 23 January 2026, the French Firefighters Federation suffered a data breach exposing the personal records of roughly 822,449 firefighters, including names, email addresses, phone numbers and postal addresses.
Leak at Grand Froid
On 23 January 2026, a customer database from French frozen-food home-delivery company Grand Froid (Saint-Nabord, Vosges) surfaced online, exposing customers' names, postal addresses and order dates.
Leak at Orpi
In January 2026, a database from the French real-estate network Orpi's owner/tenant extranet surfaced online, exposing names, postal addresses, IBANs, rent receipts and extranet logins with passwords stored in plain text.
83,000 users affected by a claimed data leak at Scoring.fit
On 23 January 2026, a threat actor claimed to have leaked the database of Scoring.fit, a French fitness-competition management platform, exposing personal data tied to roughly 83,000 athletes, clubs and volunteers registered for events.
Data leak at Too Easy
On 23 January 2026, a data leak attributed to Too Easy was reported, exposing customer personal data including names, email addresses, phone numbers and IP addresses. The full scale of the incident has not been publicly confirmed.
Data leak at Valorissimo
Disclosed on 23 January 2026, a leak from Valorissimo — the French B2B new-build real estate marketplace owned by Bouygues Immobilier — exposed account data of platform users, including logins, email addresses, names, phone numbers, postal addresses and company affiliations.
Data leak at Waltio
In January 2026, French crypto-tax platform Waltio disclosed a breach exposing data from around 50,000 users — email addresses and 2024 tax-report summaries (gains/losses and year-end balances) — followed by an extortion attempt the company refused to pay.
1,224,196 records exposed in the data leak at ffgolf
Current and former licence holders of the French Golf Federation (ffgolf) are affected by a confirmed leak involving more than 1.2 million records. The leak comes from the central database of...
1,416,000 records in the FNC and OFB data leak
In January 2026, the French National Hunters Federation (FNC) and the French Office for Biodiversity (OFB) suffered linked data breaches exposing personal data of roughly 1.4 million hunting-permit holders, with a 27 GB dataset offered for sale on the dark web.
822,499 FNSPF members affected by data leak
Around 822,499 members of France's National Firefighters Federation (FNSPF) had their personal data exposed in a January 2026 leak tied to a wider campaign of French federation breaches, with names, dates of birth, postal and email addresses and phone numbers harvested and resold on underground forums.
3.7 million Babyvista customers affected by a data leak
Customers of Babyvista, a maternity photography service, are affected by a data leak impacting nearly 3.7 million people. The leak, initially dated 15/03/2025, covers…
Claimed leak at École nationale supérieure d'arts et métiers (volume not specified)
On 21 January 2026, French engineering grande école ENSAM (Arts et Métiers) disclosed a personal-data breach resulting from external malicious activity, exposing students' names, social security numbers, scholarship decisions and amounts, and work-stoppage dates; the total volume was not specified.
Leak at ENSAM
ENSAM, a French public engineering school (Arts et Métiers), reported a data breach caused by a malicious external act, exposing students' names, social security numbers, scholarship award decisions and amounts, and sick-leave dates.
Leak at ConseilJuridique.net
On 20 January 2026, a data leak affecting ConseilJuridique.net — a French online legal-consultation platform connecting individuals with lawyers — was reported, exposing customer account data; the precise scale and exposed fields were not publicly detailed.
Claimed data leak at Delko - Ransomware
Delko, a French automotive repair and spare-parts franchise network, was hit by the Sinobi ransomware group around December 2025; the gang published the company on its leak site on 5 January 2026, with the claim relayed to affected customers and publicly on 20 January 2026.
Leak at France Éducation International (via GAEL)
A January 2026 cyberattack on France Éducation International's GAEL platform exposed civil-identity data of roughly 5.8 million DELF-DALF exam candidates and diploma holders since 2005, after attackers used compromised external user credentials.
108,000 Syma Mobile customers: claimed data leak
On 20 January 2026, a database of around 108,000 customers of French mobile virtual operator Syma Mobile was offered for sale on a dark-web forum, exposing names, dates of birth, postal and email addresses, phone numbers and copies of identity documents.
Leak at Info Jeunes Bourgogne Franche-Comté
In January 2026, Info Jeunes Bourgogne Franche-Comté, the regional youth information service running the Carte Avantages Jeunes, had identity data on some 282,906 cardholders stolen and offered for sale on the dark web; exposed fields were limited to identification and contact details.
12 million employees affected by the Urssaf DPAE data leak
On 19 January 2026, France's Urssaf disclosed fraudulent access to its DPAE pre-hire declaration API via a compromised partner account, exposing the names, dates of birth, employer SIRET and hire dates of around 12 million employees hired in the past three years.
46,506 people exposed in a claimed leak at Pix Orga (education)
The 46,506 people linked to Pix Orga are reportedly affected, according to the claim, mainly pupils and teaching team members. The Pix Orga service, used by institutions…
90,726 people affected by the TooEasy Agence Web data leak
A data set tied to TooEasy Agence Web, a French web and digital agency based in Valence, was put up for sale on a dark web forum, exposing roughly 90,726 unique email addresses along with client names, phone numbers and recruitment records.
6,727,398 Under Armour customers affected by a data leak
In January 2026, sportswear brand Under Armour was hit by a data leak after the Everest ransomware gang published roughly 72.9 million stolen customer records online, including about 6.7 million people in France, exposing names, emails, dates of birth and purchase history.
93,746 customers affected by a claimed leak at Ioburo
On 17 January 2026, a threat actor advertised a database allegedly stolen from French office-supplies and IT retailer iOBURO, claiming 93,746 customer records were exposed; the claim remains unverified by the company.
9,599 records in a claimed data leak at Le Bambou Castillonnais (Cartedepeche.fr)
A January 2026 claim alleges that data on members of AAPPMA Le Bambou Castillonnais (Castillon-la-Bataille, Gironde) was exposed through the national Cartedepeche.fr angling platform, with around 9,599 records said to be affected following a breach the FNPF disclosed in early 2026.
134,209 Wobz (formerly Dalvin) customers: claimed data leak
On 17 January 2026, a threat actor claimed to have leaked a Wobz (formerly Dalvin) customer database of about 134,209 records, exposing customer and corporate names, email addresses, internal security keys and GoCardless payment identifiers.
43,366 customers affected by a claimed data leak at StorePasCher
StorePasCher customers are affected by a claimed leak involving 43,366 accounts, according to the claim. The case concerns the e-commerce site StorePasCher, which offers online sales…
598 people exposed in the Force Ouvrière UD 75 data leak
On 15 January 2026, a leak exposed the personal data of 598 people linked to the Paris Departmental Union of the Force Ouvrière trade union (UD 75), reportedly stemming from an export batch pulled from the union's membership management system.
888 employees affected by a claimed data leak at Groupe Fondasol
Employees of Groupe Fondasol are affected by a claimed data leak covering 888 profiles, according to the claim. The engineering firm in the construction sector works on projects in…
3,691,752 customers in a claimed data leak at LBP Granville (Le Bureau de Prospection)
LBP Granville customers are reportedly affected by a data leak, according to the claim. The announced volume exceeds 3.6 million records and a sale is mentioned for January 15…
Leak at Lire Demain
On 15 January 2026, French children's and educational book publisher Lire Demain (Auzou group) suffered a data breach exposing the personal details and order history of around 4,616 customers.
Leak at Eurail
In January 2026, Eurail B.V. — operator of the Interrail and Eurail rail-pass schemes — disclosed a data breach exposing personal and passport details of customers, with up to ~309,000 travellers reportedly affected and stolen data later offered for sale on the dark web.
Data leak at Zurflüh-Feller
The Akira ransomware group listed French roller-shutter component manufacturer Zurflüh-Feller as a victim in early 2026, threatening to publish around 66 GB of stolen corporate data, including employee identity documents, financials, contracts and NDAs.
Leak at Blackstore
On 12 January 2026, French streetwear and sneaker retailer Blackstore had a customer database leaked exposing the personal and order details of 101,979 people, including names, email addresses, phone numbers, store locations and order records.
Leak at Instagram
In January 2026 a dataset of about 17.5 million Instagram records — usernames, full names, email addresses, phone numbers and partial location data — went up for sale on a dark-web forum, reportedly harvested via a 2024 API scraping leak.
Leak at monlogicielmedical.com
Breach of the MonLogicielMedical (MLM) practice software by Cegedim Santé, disclosed to affected doctors in early January 2026, exposing patient administrative records — name, date of birth, address, social-security scheme — for up to 11–15 million patients via compromised doctor accounts.
65,000 users affected by a data leak at nephael.net/chloesanchez.com
Users of the adult sites nephael.net and chloesanchez.com are affected by a confirmed data leak involving around 65,000 accounts. According to the elements published, the…
9.5 million records in the data leak at Relais Colis
Customers and recipients who used Relais Colis are affected by a confirmed leak impacting nearly 9.5 million records. The volume announced is 9,526,266 rows, and a claim…
Claimed leak at ACRV.FR (web agency)
On 10 January 2026, a threat actor claimed a data leak at French digital agency ACRV.FR, alleging it had exfiltrated archives and databases tied to several client sites the agency hosts or maintains; the claim is unverified and the scale is unconfirmed.
115,000 customers affected by claimed leak at Audiophonics.fr
Customers of Audiophonics.fr are reportedly affected, according to the claim, by a leak involving a database announced at around 115,000 users. The site targeted is an online shop…
324,400 accounts exposed in the BreachForums data leak (2025)
A database from the cybercrime forum BreachForums leaked online, exposing roughly 324,000 user accounts — email addresses, usernames, Argon2 password hashes, IP addresses, forum posts and private messages — after a backup was left in an unsecured folder in August 2025.
2,340,422 Panorabanques.com customers affected by a data leak
Panorabanques.com customers are affected by a confirmed leak affecting around 2.34 million people. The financial comparator, used by individuals to compare offers…
146,605 patients affected by a claimed leak at SOS Oxygène
On 10 January 2026, a threat actor advertised on BreachForums a database allegedly stolen from French home-respiratory-care provider SOS Oxygène, claiming roughly 146,605 unique patients with names, full postal addresses and GPS coordinates exposed.
Claimed data leak at Apec Région Occitanie - volume not specified
Accounts linked to Apec Région Occitanie (Montpellier / Nîmes / Toulouse) are reportedly affected by a leak, according to a claim on Breachforums that mentions a scope of around 3,000 profiles. To…
Betterment data breach (2026)
In January 2026, the automated investment platform Betterment confirmed it had suffered a data breach attributed to a social engineering attack. As part of the incident, Betterment customers received fraudulent crypto-related messages promising high returns if funds were sent to an…
Data breachResolved7,761 people affected by a data leak at Euronature
Students and teachers of Euronature (School of Naturopathy) are affected by a confirmed data leak. According to the estimate, around 7,761 people would be exposed; the corpus released…
616 contributors affected by the Paris à cœur ouvert data leak
On 9 January 2026, the campaign website of Paris mayoral candidate Sarah Knafo (Reconquête) publicly exposed the personal data of hundreds of contributors to its 'Paris à cœur ouvert' forum, including names, emails, phone numbers and IP addresses, even for people who had asked to stay anonymous.
282,906 young people affected by an Avantages Jeunes data leak
Young holders of the Carte Avantages Jeunes (CRIJ Bourgogne-Franche-Comté) are affected by a confirmed leak impacting nearly 283,000 people. The published elements include, according to the…
111,000 Casino de Paris customers: data leak
In January 2026, the Casino de Paris music hall confirmed a data leak affecting roughly 111,000 customers, with names, email addresses and postal locations (city and zip code) exposed after a database appeared for sale on a hacker forum.
23,920 Corse GSM customers affected by a data leak
Corse GSM, Corsica's independent mobile and internet operator, was hit by a data leak disclosed on 8 January 2026 exposing roughly 23,920 customer records, including names, postal addresses, phone numbers and banking details (IBAN/BIC).
262,925 licensed members affected by a claimed data leak at FFB
On 8 January 2026, a database of 262,925 licensed members of the French Bridge Federation (FFB) was claimed on a hacker forum, exposing names, dates of birth, postal and email addresses and phone numbers as part of a wider wave of attacks on French federations via a shared IT provider.
200,415 licence holders affected by claimed leak at FFFA
Licence holders of the French American Football Federation (FFFA) are affected by a claimed leak said to target 200,415 records. According to the claim, the corpus would contain...
561,502 licence holders affected by data leak at FFME
In January 2026 the French Federation of Mountaineering and Climbing (FFME) disclosed a data breach in which a fraudulently used member account gave illegitimate access to contact data — names, dates of birth, addresses, licence types — for its licence holders, a leak tracked at 561,502 records.
599,797 licence holders: claimed data leak at FSGT
In January 2026, the Fédération Sportive et Gymnique du Travail (FSGT), a French workers' multisport federation, was hit by a claimed data leak exposing the personal records of its licence holders, with the claim referencing a database of roughly 600,000 accounts.
Leak at EasyCash
A threat actor put a customer database stolen from second-hand retailer EasyCash up for sale on a hacking forum, exposing roughly 14 million records — names, dates of birth, postal addresses, phone numbers and email addresses — apparently extracted via a compromised internal/partner account.
393,374 members affected in the data leak at FFCK
On 7 January 2026, a database of the French Canoe-Kayak Federation (FFCK) holding 31 years of member records was leaked, exposing the personal data of 393,374 members, including 392,892 postal addresses, 212,342 phone numbers and 158,434 unique emails.
599,797 FFRS licence holders affected by data leak
Roughly 600,000 licence holders of France's Roller and Skateboard Federation (FFRS) had their personal data exposed after the Rolskanet membership-management platform run by a shared third-party provider was breached, leaking names, contact details, and birth information.
162,263 licence holders affected by claimed leak at FFSquash
On 7 January 2026 a leak claim surfaced alleging the theft of a 162,263-row database of French Squash Federation (FFSquash) licence holders, part of a wider wave of attacks on French sports federations exposing members' personal data.
Panera Bread data breach (2026)
In January 2026, Panera Bread suffered a data breach that exposed 14M records. After an attempted extortion failed, the attackers published the data publicly, which included 5.1M unique email addresses along with associated account information such as names, phone numbers and physical addresses.
Data breachResolved78,133 members affected by claimed data leak at FFPLUM
On 8 January 2026 the French Microlight Federation (FFPLUM) disclosed that an attacker had fraudulently accessed an administrator account on its licence-management platform, exposing the personal data of roughly 78,000 members, including names, dates of birth, postal addresses, emails and phone numbers.
52,785 licence holders affected by claimed data leak at FFTwirl
On 6 January 2026 a data leak claimed against the French Twirling Baton Federation (FFTwirl) exposed the personal records of around 52,785 licence holders, volunteers and officials, including names, postal and email addresses, phone numbers, birth dates and club affiliations.
133,297 members affected by Lions Clubs of France data leak
In early January 2026, a member database of the Fondation des Lions de France (Lions Clubs of France) was published on BreachForums, exposing 133,297 deduplicated individuals — including full civil status, home addresses, phone numbers and profile photos — in a leak traced to the MyAssoc club-management platform.
Claimed leak at L'Orange Bleue Fitness Club
Managers and operators of about 600 L'Orange Bleue clubs are reportedly affected by an internal data leak dating back to June 2025, according to the claim. A public sample analyzed includes…
5,304 customers affected by claimed data leak at Loft by Denis Moines
On 6 January 2026, a database of 5,304 customers of the Paris hair salon Loft by Denis (rue des Moines) was published on BreachForums, exposing names, mobile numbers, email addresses, visit counts and profile timestamps.
47,561 subscribers - claimed data leak at Philharmonie de Paris
On 6 January 2026, a database from the Philharmonie de Paris's 'Philharmonie à la Demande' (PAD) music platform was published online, exposing 47,561 accounts — names, email addresses, logins and professional profiles — in a leak claimed by an actor known as HexDex2.
Data leak at DCE Conseil and partners (prisons, armed forces, luxury)
French engineering consultancy DCE Conseil suffered a breach after an employee's cloud account was compromised with stolen credentials, exposing roughly 844 GB of sensitive technical files — including plans of prisons, a military base and luxury and corporate clients — later offered for sale on BreachForums.
Data leak at Ledger (via Global-e) - Undisclosed volume
Ledger customers are affected by a data leak confirmed by the Global-e provider. The number of impacted customers has not been publicly disclosed.
Leak at the French Office for Immigration and Integration
In early January 2026, France's immigration and integration agency OFII disclosed a breach traced to a subcontractor handling integration-contract language courses; attackers exposed identity, contact and immigration-status data on foreign residents and advertised 2.1 million records for sale.
1,050 identities exposed in the data leak at Petits-fils
On 5 January 2026, French home-care franchise network Petits-fils confirmed a data leak exposing roughly 1,050 identities of staff and collaborators across its network of agencies and franchises.
800,000 records in Adecco data leak
In early January 2026, staffing agency Adecco was hit by a data leak after a threat actor put a database of roughly 800,000 candidate profiles — including about 750,000 CVs with names, contact details and work histories — up for sale, claiming extraction from an internal Adecco tool.
Data leak at AgroParisTech
In January 2026, AgroParisTech — France's leading graduate school of agronomy and life sciences — suffered a cyberattack in which an intruder claimed to have exfiltrated around 211 GB of data, exposing HR and personal records of staff, students and external contributors.
Claimed data leak at AXYON (EDF, Eiffage, Bouygues, Engie, Renault, etc.)
AXYON customers and partners are affected by a claimed leak said to involve around 340 GB of internal data, according to the claim. AXYON provides B2B engineering services…
Data leak at Dream Up (LAPSUS$) across multiple sites
In early January 2026, the LAPSUS$ group publicly leaked around 40 GB of data extracted from 54 client SQL databases managed by French web agency Dream Up (dream-me-up.fr), exposing customer and contact information from the e-commerce and showcase sites it hosts.
24,000 trainees affected by a claimed data leak at AFPPCD-IDF
On 2 January 2026, a data leak was claimed against AFPPCD-IDF, a Paris-based dental-assistant training association, exposing personal records on roughly 24,000 trainees including names, dates and places of birth, contact details and French social-security (NIR) numbers.
70,981 customers affected by a claimed leak at Trescal
On 2 January 2026, a dark-web forum member claimed to be selling an internal Trescal customer database of roughly 70,981 unique records, exposing names, business emails, phone and fax numbers, job titles, company names and French SIRET numbers.
2.1 million: data leak at OFII / ANEF
On 1 January 2026, a database of around 2.1 million records belonging to France's OFII / ANEF "Étrangers en France" immigration portal was put up for sale on BreachForums, exposing foreign nationals' identities, contact details, family situation and residence-permit data after a subcontractor was compromised.
2025
1646 incidentsLeak at École Nationale de la statistique et de l'analyse de l'information
In late December 2025, a hacker claimed a cyberattack on ENSAI, France's national school of statistics near Rennes, and published roughly 21 GB of data exposing personal records of around 3,900 students, including ID photos and partial payment card details.
Leak at French Speleology Federation
On 31 December 2024 the French Speleology Federation (FFS) disclosed a data leak from its insurance-subscription portal, exposing members' identity, contact details, nationality, profession and licence numbers as part of a wider wave of attacks on French sports federations.
Leak at Institut Polytechnique de Paris
In late December 2025, a data set on roughly 9,551 students of Institut Polytechnique de Paris (incl. ENSAE) was posted to a leak forum, exposing names, emails, postal addresses, phone numbers and about 4,179 IBANs.
Leak at Grenoble School of Management
On 29 December 2025, an actor calling themselves CZX leaked a 1.35 GB database of more than 400,000 Grenoble École de Management students, alumni and prospects on BreachForums, exposing names, contact details and academic records.
Data leak at Université de Lille
On 29 December 2025, a record of 7,244 Université de Lille students — reportedly from an IUT Informatique internship database — was posted on BreachForums by an actor using the LAPSUS$ name, exposing names, dates of birth, postal addresses, emails and phone numbers.
WhiteDate data breach (2025)
In December 2025, the dating website "for a Europid vision" WhiteDate suffered a data breach that was subsequently leaked online, initially exposing 6.1k unique email addresses. The leaked data included extensive personal information such as physical appearance, income, education and IQ.
Data breachResolvedLeak at Allegro Musique
On 28 December 2025, a database of 161,412 members of French at-home music-lesson provider Allegro Musique was leaked, exposing names, postal addresses, emails, phone numbers, social security numbers and registration details.
Leak at Batterie de Portable
On 28 Dec 2025, French e-commerce retailer Batteriedeportable (Aubagne) disclosed a November cyberattack that exposed customer identity and contact data — names, dates of birth, postal/email addresses and phone numbers. It claims over a million European customers.
Leak at Europages
On 28 December 2025, a database of 205,403 B2B prospects from European business directory Europages was reported leaked, exposing contact and company-registration details (names, job titles, employers, postal and email addresses, phone numbers, SIRET and VAT identifiers).
Leak at the French Ministry of Agriculture and Food
In late December 2025, the LAPSUS$ Group claimed a breach of France's Ministry of Agriculture and Food, leaking roughly 60 GB (97,210 files) of FTP credentials, SQL databases and system logs spanning 32 departments and 19 business applications.
Leak at Club de nation 95 (via ACRV)
On 27 December 2025, data on roughly 200 members of Club de natation 95 was exposed after its service provider ACRV was compromised, leaking names, postal and email addresses, phone numbers and IP addresses.
Leak at ENI
In December 2025, the French operations of Italian energy group ENI suffered a data breach claimed by the Lapsus$ group, exposing professional contact details for tens of thousands of business customers; ENI confirmed the incident and notified the CNIL.
Leak at HelloWork
In late December 2025, French recruitment platform HelloWork disclosed that data on roughly 2.8 million jobseekers — names, emails and professional-profile details — was scraped from its CV library via a fraudulently used recruiter account and offered for sale online.
Leak at PayTrip
On 27 December 2025, French money-transfer fintech PayTrip suffered a data breach exposing data on 74,877 customers, including names, contact details, IBANs and account balances, later circulated online by a threat actor.
Leak at Commune de Lens
In late December 2025, the town hall of Lens (Pas-de-Calais, France) disclosed an intrusion into its information system that paralysed municipal services for about a week, blocking staff software and telephone lines; the attack vector was undisclosed and data theft was not confirmed.
Leak at French Kick Boxing Federation
In late December 2025, the French Kick Boxing Federation (FFKMDA) had its member database leaked on BreachForums, exposing 361,321 licensees' names, dates of birth, nationalities, contact details, postal addresses and licence records across 2015-2026 seasons.
Leak at Mondial Relay
In December 2025, French parcel-delivery firm Mondial Relay disclosed a cyberattack in which attackers accessed customer and shipment data — names, emails, postal addresses, phone numbers and parcel-tracking details; a dark-web actor claimed roughly 25.7 million records.
Leak at Nouvelle Lune
On 26 December 2025, a customer database from French online boutique Nouvelle Lune was leaked, exposing personal data for roughly 161 customers, including names, email and postal addresses, and order history.
Leak at French Swimming Federation
Data on roughly 1.3 million members of the French Swimming Federation (FFN) was put up for sale on BreachForums on 23 December 2025 after its Extranat management platform was breached, exposing identity details, contact information and licence numbers.
Leak at 123 casting
On 22 December 2025, a database of roughly 240,000 users of French casting platform 123casting was published on BreachForums, exposing identities, contact details, MD5-hashed passwords, physical measurements, ethnic origin, photo/video books, private messages and payment data.
Leak at Altitude Infra
Altitude Infra, a major French independent fiber-optic infrastructure operator, had ~5.76 GB (52 files) stolen from a partner extranet and offered for sale online, exposing network documentation, ISP-partner files and end-customer eligibility data across its 3M+ connected locations.
Leak at justice.fr
On 22 December 2025 a database attributed to the French justice system (justice.fr) recirculated online, exposing personal, professional and banking data — including IBAN/BIC — of 1,100+ magistrates, judges, lawyers and judicial staff.
Leak at Chronopost
In December 2025, a 680 MB dataset on ~860,000 Chronopost customers — names, emails and parcel details scraped from the La Poste Pickup relay-point network — was published on BreachForums; the data covered shipments from spring 2025.
Leak at La Licra
On 19 December 2025, a data leak at French anti-racism association La Licra (LICRA) exposed the email addresses and hashed passwords of 186 website subscribers and 8 administrators.
Leak at the French Ministry of Sports
On 19 December 2025 France's Ministry of Sports confirmed a breach of a system tied to the Pass'Sport aid scheme, exposing data on about 3.5 million households — names, dates of birth, contact details, social security, INE and CAF numbers — published on a criminal forum.
Leak at Red by SFR
In December 2025, French telecom operator SFR disclosed a data breach affecting Red by SFR customers, exposing names, postal and email addresses, phone numbers and customer reference numbers after an internal fiber-connection management tool was compromised.
Leak at Parashop
On 17 December 2025, a leak of customer data from French parapharmacy retailer Parashop was disclosed, exposing personal records including full names, dates of birth and postal addresses.
Pass'Sport data breach (2025)
In December 2025, data from France's Pass'Sport program was posted to a popular hacking forum. Initially misattributed to CAF (the French family allowance fund), the data contained 6.5M unique email addresses affecting 3.5M households.
APOIA.se data breach (2025)
In December 2025, a database of the Brazilian crowdfunding platform APOIA.se was posted to an online forum. In January 2026, the company confirmed it had suffered a data breach. The incident exposed 451k unique email addresses along with names and physical addresses.
Leak at PornHub
On 16 December 2025, adult-content platform Pornhub disclosed that historical analytics data on select Premium users — including email addresses and search/viewing history — was stolen via third-party provider Mixpanel; ShinyHunters claimed ~200 million records and demanded a ransom.
Data leak at SoundCloud
In December 2025, music-streaming platform SoundCloud disclosed a breach in which an attacker abused an internal system to map roughly 29.8 million private email addresses to public profile data — about 20% of its users; no passwords or payment data were taken.
Raaga data breach (2025)
In December 2025, data allegedly breached from the Indian streaming music service "Raaga" was posted for sale to a popular hacking forum. The data contained 10M unique email addresses along with names, genders, ages (in some cases, full date of birth), postcodes and passwords stored as unsalted MD5…
Data breachResolvedLeak at the French Ministry of the Interior
In December 2025, attackers compromised professional email accounts at France's Ministry of the Interior and accessed sensitive police files including the TAJ criminal-records and FPR wanted-persons databases; the ministry confirmed a few dozen files were exfiltrated while attackers claimed data on 16.4 million people.
Leak at Euromatik
On 12 December 2025, customer data from French roller-shutter and home-automation retailer Euromatik was exposed in a breach, including names, postal and email addresses, phone numbers, order and contract details, and hashed passwords.
Leak at France Ventilation
On 12 December 2025, France Ventilation, a French ventilation and air-treatment specialist, disclosed a data breach that exposed customers' payment card details — card number, expiration date and CVV — raising a direct risk of banking fraud.
Leak at French Cycling Federation
On 10 December 2025, the Fédération Française de Cyclisme detected an intrusion (via stolen credentials/infostealers, no MFA) exposing licensees' names, dates of birth, nationality, postal addresses, emails and phone numbers; group Dumpsec also claimed to hold ID documents.
Leak at Résidence du Parc (Champdeniers-Saint-Denis)
In December 2025, the EHPAD Résidence du Parc nursing home in Champdeniers-Saint-Denis (Deux-Sèvres, France), home to around 90 residents, was hit by a ransomware attack that encrypted files and dropped a $5 million ransom note; administrative data and possibly scanned ID documents were exposed.
Data leak at UFOLEP (via Exalto)
On 10 December 2025, UFOLEP — the French multi-sport federation — disclosed that a compromised account on its third-party licence-management provider Exalto exposed at least 3,624 member records, including identity, contact and legal-guardian details.
Dragonica Lunaris data breach (2025)
In December 2025, the European Dragonica private server Dragonica Lunaris suffered a data breach. The incident exposed 126k email addresses, usernames, dates of birth and bcrypt password hashes. The service operator confirmed the breach and advised it has since been fixed.
Data breachResolvedLeak at ASAF & AFPS (via Itelis)
Members of insurer ASAF & AFPS had personal data exposed after a breach at Itelis, the optical-care network processing their claims; names, dates of birth, social security numbers, claim records and vision-correction data from 2020-2022 were affected.
Leak at Cuisinella
In December 2025, French kitchen retailer Cuisinella (Schmidt Groupe) disclosed that an unauthorized third party accessed customer contact details — title, first name, last name, phone number and email address — for thousands of customers; no bank, address or password data was exposed.
Leak at French Handball Federation (via GestHand)
In early December 2025, the French Handball Federation (FFHandball) disclosed that its GestHand administrative platform — used by some 2,400 clubs, committees and leagues — was breached via compromised credentials, exposing licensees' names, gender, dates of birth, emails and phone numbers.
Leak at Schmidt
In early December 2025, French kitchen and home-furnishing group Schmidt (brands Schmidt and Cuisinella) disclosed that an unauthorized third party had accessed the contact details of thousands of customers and prospects — title, name, first name, phone number and email address.
Leak at Médecin Direct
MédecinDirect, the French teleconsultation platform (a Teladoc Health subsidiary), disclosed on 3 December 2025 a data breach detected on 28 November exposing the personal and health data of around 285,000 patients, with a threat actor claiming up to 323,069 records.
Leak at Leroy Merlin
In December 2025, French DIY retailer Leroy Merlin disclosed a cyberattack that exposed the loyalty-program data of several hundred thousand French customers, including names, contact details, postal addresses and dates of birth; no banking data or passwords were affected.
Leak at France Travail
On 1 December 2025, France Travail and the Missions Locales network disclosed that an attacker who hijacked a local-mission agent's account accessed records of about 1.6 million young people, exposing names, dates of birth, social security numbers and contact details.
Coupang insider data breach (2025)
A former Coupang employee accessed personal data on 33.7 million customer accounts of South Korea's largest e-commerce platform. Coupang announced a $1.17 billion compensation plan; its head of Korean e-commerce resigned.
Leak at La Centrale du Financement
A threat actor exfiltrated around 387 GB of data (some 411,000 files) from French mortgage and credit broker La Centrale de Financement, exposing highly sensitive customer KYC documents, financial records and internal files, then offered the dataset for sale after failed extortion negotiations.
Leak at French Football Federation (via Footclub)
In late November 2025, the French Football Federation disclosed that attackers used a compromised account to access its Footclubs club-management software and exfiltrate licensees' personal data, including names, dates and places of birth, addresses, contact details and license numbers.
Leak at La Rochelle (via Synbird)
Personal data of 394 La Rochelle residents who booked civil-status appointments was exposed after an attacker exploited a flaw in Synbird, the town hall's third-party appointment-scheduling provider, which serves roughly 1,300 French communes.
Leak at MSP Givors Presqu'Île (via Weda)
Patient data held by the Givors Presqu'Île multidisciplinary health centre was exposed through the November 2025 cyberattack on its medical-software provider Weda, including identity, contact details and sensitive health data.
Leak at AG2R la Mondiale (via Itelis)
Disclosed in November 2025, a cyberattack on Itelis — the optical-care third-party network used by insurer AG2R la Mondiale — exposed beneficiaries' names, dates of birth, social security numbers, reimbursement records and vision-correction data for optical coverage handled between 2020 and early 2022.
Leak at Clinique du Millénaire (via Weda)
Clinique du Millénaire in Montpellier was exposed when its medical-records software vendor Weda was breached in November 2025, putting patient identity, contact details and health data at risk among the millions of records handled across Weda's ~23,000 affected practitioners.
Leak at French Dance Federation
In November 2025, the French Dance Federation (FFDanse) suffered a cyberattack on its extranet that damaged the server and exposed licence-holders' personal data, including names, dates of birth, contact details, licence numbers and hashed passwords; no medical or banking data was affected.
Leak at Itelis
In November 2025, Itelis — a French optical health-care network linked to AXA — disclosed a breach exposing roughly 1.6 million beneficiaries' identity and optical-reimbursement data, including names, dates of birth and social security numbers.
Leak at MSP du Pré Vicinal (via Weda)
MSP du Pré Vicinal, a French multidisciplinary health centre, had patient data exposed via the November 2025 cyberattack on its medical-software provider Weda, including names, postal and email addresses, phone numbers and health data.
Leak at ProxiServe
On 25 November 2025, a database belonging to French residential maintenance firm ProxiServe surfaced on a hacker forum, exposing personal and service data on 294,639 customers, including names, emails, postal addresses and details of home interventions.
Leak at APRS (via Itelis)
APRS members were exposed in the November 2025 breach of Itelis, AXA's third-party optical-care platform, after an attacker posed as a partner optician; leaked data included names, dates of birth, social security numbers, optical reimbursement records and vision-correction details.
Leak at Chatou town hall (via RDV360)
Personal data of residents who booked identity-document appointments through the RDV360 platform was exposed when the third-party provider was breached in late 2025, affecting Chatou town hall among roughly 1,300 French municipalities.
Leak at Quimper town hall (via RDV360)
In November 2025, the city of Quimper (France) was caught in a supply-chain breach of appointment-booking provider RDV360, exposing roughly 12,000 contact records (name, postal code, email, phone) of residents who booked ID-card or passport renewals since April 2024.
Leak at Saint-Aubin d'Aubigné town hall (via RDV360)
Saint-Aubin d'Aubigné town hall disclosed on 24 November 2025 that residents' contact details were exposed through its appointment-booking provider RDV360, one of ~1,300 French municipalities hit in a third-party breach of ID/passport booking data.
Leak at Malakoff Humanis (via Itelis)
In November 2025, optical-care platform Itelis was breached via the impersonation of a partner optician, exposing health and identity data of Malakoff Humanis (and AXA) members from optical reimbursement claims processed between 2020 and 2022.
Leak at Colis Privé
In November 2025, French parcel-delivery firm Colis Privé disclosed unauthorized access to part of its systems that exposed customer contact data — names, postal and email addresses and phone numbers. A threat actor advertised a dataset reportedly running to tens of millions of rows; no passwords or banking data were affected.
Leak at Michelin
In November 2025, the Cl0p extortion gang listed French tyre maker Michelin on its leak site, claiming to have stolen internal manufacturing, engineering, supply-chain, financial and HR files via the Oracle E-Business Suite zero-day (CVE-2025-61882).
Leak at Murfy
In November 2025, French home-appliance repair and refurbishment company Murfy disclosed a data breach exposing the personal data of around 294,000 customers — names, email and postal addresses, phone numbers and service-history details — but no banking data or passwords.
Data leak at Suzuki
Suzuki France disclosed that a cyberattack on one of its third-party partner systems exposed a customer file containing names, email addresses, postal addresses and phone numbers; no financial data or passwords were affected.
Leak at Alfortville town hall (via RDV360)
On 19 Nov 2025, Alfortville town hall notified residents that their contact details were exposed in a breach of its appointment-booking provider RDV360, part of a supply-chain attack hitting ~1,300 French municipalities and ~14M records.
Leak at Resana
On 18 November 2025, users of Resana — France's interministerial collaborative platform run by DINUM — were notified of a data exfiltration after attackers logged in with a compromised account. Up to roughly one million public agents were potentially exposed, triggering ransom emails to civil servants.
Data leak at Synbird
In November 2025, Synbird — the SaaS provider handling municipal appointment bookings for around 1,300 French communes — disclosed a breach in which an attacker abused a weakly-secured PDF export to exfiltrate residents' contact details and appointment information.
Leak at Eurofiber
In November 2025, Dutch fibre-network operator Eurofiber's French unit was breached via an SQL-injection flaw in its outdated GLPI ticketing system, exposing technical and credential data tied to more than 3,600 customer organisations, including major firms and public bodies.
Leak at Brest town hall (via RDV360)
Around 50,000 residents who booked ID-card or passport appointments in Brest had personal contact details exposed after a supply-chain breach of the RDV360 appointment-booking platform used by the town hall.
Leak at Pajemploi
In November 2025, Pajemploi — the Urssaf service used by French households to declare and pay childcare workers — disclosed a data theft affecting up to 1.2 million employees, exposing names, social security numbers, dates/places of birth, postal addresses and Pajemploi/accreditation numbers.
Under Armour data breach (2025)
In November 2025, the Everest ransomware group claimed to have stolen 343GB of data from apparel maker Under Armour. After no ransom was paid, customer data was leaked in January 2026, exposing roughly 72.7 million unique email addresses with names, dates of birth, genders, locations and purchase histories. This is a separate incident from the 2018 MyFitnessPal breach.
CodeStepByStep data breach (2025)
In November 2025, the online coding practice tool CodeStepByStep suffered a data breach that exposed 17k records which were subsequently published online. The following month, a further corpus of data was released bringing the total to 103k.
Data breachResolvedOperation Endgame 3.0 data breach (2025)
Between 10 and 13 November 2025, the latest phase of Operation Endgame was coordinated from Europol's headquarters in The Hague. The actions targeted one of the biggest infostealer Rhadamanthys, the Remote Access Trojan VenomRAT, and the botnet Elysium, all of which played a key role in…
Data breachResolvedData leak at Weda
On 12 November 2025, French medical-software publisher Weda disclosed a cyberattack in which compromised practitioner credentials (stolen by infostealer malware) gave attackers unauthorized access to its patient-record platform, potentially exposing sensitive medical data for tens of thousands of healthcare professionals.
Leak at French Cardiology Federation
Around 11 November 2025, the Fédération Française de Cardiologie disclosed that an unauthorized intrusion into its IT systems exposed members' personal data — including names, postal and email addresses, phone numbers and passwords. No banking or medical data was compromised.
International Kiteboarding Organization data breach (2025)
In November 2025, the International Kiteboarding Organization suffered a data breach that exposed 340k user records. The data was subsequently listed for sale on a hacking forum and included email addresses, names, usernames and in many cases, the user's city and country.
Data breachResolvedLeak at Oui Heberg
On 10 November 2025, French web-hosting and VPS provider OuiHeberg was reported to have leaked customer contact records — names, email addresses, phone numbers and postal addresses — following a security incident affecting its infrastructure.
Beckett Collectibles data breach (2025)
In November 2025, Beckett Collectibles experienced a data breach accompanied by website content defacement. The stolen data was later advertised for sale on a prominent hacking forum, with portions subsequently released publicly.
Data breachResolvedLeak at MYM
In November 2025, a database of around 5 million records from French adult-content subscription platform MYM was published on a cybercrime forum, exposing creators' and subscribers' names, emails, postal addresses, phone numbers, IP addresses, birthdates and MD5-hashed passwords; the data traces back to a 2021 compromise.
Zilvia.net data breach (2025)
In November 2025, data breached from the Zilvia.net Nissan 240SX Silvia and Z Fairlady car forum was leaked. The breach exposed 288k unique email addresses along with usernames, IP addresses and salted MD5 password hashes sourced from the vBulletin based platform.
Data breachResolvedUniversity of Pennsylvania data breach (2025)
In October 2025, the University of Pennsylvania was the victim of a data breach followed by a ransom demand, largely affecting its donor database. After the incident, the attackers sent inflammatory emails to some victims.
Data breachResolvedLeak at France Travail
In late October 2025, France Travail — France's public employment agency — disclosed a breach in which attackers used credentials harvested by infostealer malware to access job-seeker accounts and exfiltrate sensitive personal, identity and financial data; about 16,479 affected records were catalogued.
Leak at Poltronesofa
On 27 October 2025, Italian sofa and furniture retailer Poltronesofà suffered a ransomware attack that encrypted its servers and exposed personal data of thousands of customers, including names, postal addresses, emails, phone numbers and tax identification numbers; no banking data was affected.
MyVidster (2025) data breach (2025)
In October 2025, the data of almost 4M MyVidster users was posted to a public hacking forum. Separate to the 2015 breach, this incident exposed usernames, email addresses and in a small number of cases, profile photos.
Data breachResolvedLeak at French Shooting Federation (via ITAC)
An intrusion into the French Shooting Federation's ITAC information system between 18-20 October 2025 exposed personal data of its licensees — including licence numbers, civil status and contact details — with up to around 274,000 members potentially affected.
Substack data breach (2025)
In October 2025, the publishing platform Substack suffered a data breach that was subsequently circulated more widely in February 2026. The breach exposed 663k account holder records containing email addresses along with publicly visible profile information from Substack accounts, such as…
Data breachResolvedLeak at Regional Health Agencies of Île-de-France, Auvergne, Rhône-Alpes, Hauts-de-France, Pays de la Loire and Normandie
A September 2025 cyberattack on regional health-identity platforms used by several French Regional Health Agencies (ARS) exposed patient identity data; an attacker claimed roughly 35 million patient records across 130+ public hospitals, later offered for sale by the DumpSec group.
Leak at Haute-Comté intercommunal hospital centre
On 19 October 2025, the Centre Hospitalier Intercommunal de Haute-Comté in Pontarlier (France) was hit by a Cryptolocker ransomware attack that encrypted part of its data, forcing a full IT shutdown and a return to paper-based care; attackers demanded a 5 million euro ransom.
Leak at Mango
In October 2025, Spanish fashion retailer Mango disclosed that an external marketing service provider was breached, exposing customers' first name, country, postal code, email address and phone number; no passwords or banking data were affected.
Leak at Agence Régionale de Santé des Hauts-de-France
A cyberattack on the shared regional health platform (Prédice/GIP Inéa) hosting patient identity data from public hospitals in Hauts-de-France exposed records such as names, dates and places of birth, contact details and, in some cases, social security numbers; medical records were not affected.
Leak at Hauts-de-France high schools
Ransomware group Qilin attacked the IT systems of public high schools run by France's Hauts-de-France region in October 2025, paralysing some 80% of around 269 schools and claiming over 1 TB of stolen data including students' ID documents, CVs and academic transcripts.
Leak at France Travail
On 6 October 2025, France Travail — France's national public employment agency — was hit by one of several 2025 data leaks, with personal records of roughly 5,500 job seekers exposed, including names, France Travail IDs, registration categories, email addresses, RSA welfare status and CIR identifiers.
TISZA Világ data breach (2025)
In late October 2025, data breached from the Hungarian political party TISZA was published online before being extensively redistributed. Stemming from a compromise of the TISZA Világ service earlier in the month, the breach exposed 200k records of personal data including email addresses along with…
Leak at Discord
On 4 October 2025 Discord disclosed a breach of a third-party customer-support provider that exposed support-ticket data and roughly 70,000 government-ID photos (submitted for age-verification appeals), plus names, emails, IP addresses and partial billing details.
Canadian Tire data breach (2025)
In October 2025, retailer Canadian Tire was the victim of a data breach that exposed almost 42M records. The data contained 38M unique email addresses along with names, phone numbers and physical addresses.
Asahi Group Holdings Qilin ransomware (2025)
Qilin ransomware operators encrypted servers across Asahi's Japanese data centres, halting ordering, shipment, and production at 30 factories, leaking 27 GB of internal data, and exposing personal information of approximately 1.5 million customers, employees, and contacts.
Leak at France Travail
On 25 September 2025, a leak attributed to France Travail, France's public employment agency, exposed the personal data of about 9,971 job seekers, including their email addresses, names and the email address of their assigned advisor.
Leak at La Nef
In September 2025, French ethical cooperative bank La Nef notified shareholders that their email addresses were exposed after a cyberattack on third-party voting provider SLIB; only email addresses were affected, with no banking data, IDs or passwords compromised.
Leak at Inovie Labosud
On 23 September 2025, French medical-lab group Inovie Labosud disclosed a breach exposing administrative and medical data of an estimated 3.2 million patients after attackers used a third-party provider's stolen credentials.
Leak at Digital Charging Solutions
In September 2025, EV-charging billing provider Digital Charging Solutions disclosed that a contracted third-party service provider had accessed customer records without authorization, exposing names and email addresses of an initial single-digit number of affected users.
Leak at French Table Tennis Federation
On 19 September 2025, the French Table Tennis Federation (FFTT) disclosed a data breach in which an attacker used a compromised account to bulk-extract member records, exposing the personal data of as many as 254,000 licensees, though no banking or health data.
Leak at Clarins
French luxury skincare group Clarins confirmed in September 2025 that the Everest extortion gang had exfiltrated contact details of customers in France, the US and Canada; the actor claimed over 600,000 records, with no financial data affected.
Leak at Plex
On 9 September 2025, media-streaming software company Plex disclosed that an unauthorized third party had accessed one of its databases, exposing user emails, usernames, securely hashed passwords and authentication data, and forcing an account-wide password reset.
WIRED data breach (2025)
In December 2025, 2.3M records of WIRED magazine users allegedly obtained from parent company Condé Nast were published online. The most recent data dated back to the previous September and exposed email addresses and display names, as well as, for a small number of users, their name, phone number,…
Data breachResolvedLeak at Eklo
On 3 September 2025, a data leak was claimed affecting Eklo, a French budget and eco-friendly hotel chain. Details on the volume and exact categories of exposed customer data remain unverified.
Data leak at Syma Mobile
In September 2025, a database of 117,963 Syma Mobile customers — exposing names, dates of birth, postal and email addresses, phone numbers and ID-document details — was put up for sale on a dark-web forum alongside other French datasets.
Prosper data breach (2025)
In September 2025, Prosper announced that it had detected unauthorised access to their systems, which resulted in the exposure of customer and applicant information. The data breach impacted 17.6M unique email addresses, along with other customer information, including US Social Security numbers.
Data breachResolvedArtists&Clients data breach (2025)
In August 2025, the "marketplace that connects artists to prospective clients" Artists&Clients, suffered a data breach and subsequent ransom demand of US$50k.
Data breachResolvedJaguar Land Rover global production halt (Scattered Lapsus$ Hunters, 2025)
A cyberattack on Britain's biggest carmaker forced JLR to shut down its global IT network and halted vehicle production in the UK, China, Slovakia, India, and Brazil for five weeks — now considered the most economically damaging cyber incident in UK history.
Miljödata data breach (2025)
In August 2025, the Swedish system supplier Miljödata was the victim of a ransomware attack. Following the attack, data was subsequently published on the dark web and included 870k unique email addresses across various compromised files.
Leak at Auchan
In August 2025, French retailer Auchan disclosed a breach exposing personal data of several hundred thousand Waaoh loyalty-program customers — names, titles, postal and email addresses, phone numbers and loyalty card numbers; bank data and PINs were not affected.
Leak at France Link Interactive
On 28 July 2025, French web host FranceLink was hit by the Akira ransomware group, which encrypted about 93% of its servers and threatened to leak roughly 20GB of exfiltrated customer data.
Leak at Google
In August 2025, Google confirmed that a Salesforce CRM instance holding contact data for small-business Google Ads prospects was breached by ShinyHunters (UNC6040) via a vishing attack, exposing roughly 2.55 million records of business names, emails and phone numbers.
Leak at Partner Immo
On 13 August 2025, Partner Immo, a French provider of online property- and condominium-management software, was reported as the target of a ransomware/data-leak incident; the exact scope and exposed data were not publicly confirmed.
Leak at Alltricks
In August 2025, French online cycling and sports retailer Alltricks had its Sendinblue/Brevo email-marketing system compromised; attackers sent customers convincing phishing emails from the brand's own infrastructure, exposing names, email addresses and purchase history.
Leak at France Travail
On 12 August 2025, France Travail, France's public employment agency, disclosed unauthorized access to its employer-facing job portal that exposed the contact details of business users — names, email addresses, phone numbers and an internal technical identifier.
BreachForums (2025) data breach (2025)
In October 2025, a reincarnation of the hacking forum BreachForums, which had previously been shut down multiple times, was taken offline by a coalition of law enforcement agencies.
Data breachResolvedGiglio data breach (2025)
In August 2025, over 1M unique email addresses appeared in a breach allegedly obtained from Italian fashion designer Giglio. The data also included names, phone numbers and physical addresses. Giglio did not respond to repeated attempts to disclose the incident.
Data breachResolvedLeak at Optic 2000
In early August 2025, French optician chain Optic 2000 was hit by a cyberattack — confirmed on 30 July 2025 and affecting four stores around Paris — that exposed customer records including names, social security numbers, dates of birth, postal addresses, phone numbers and optician details.
Leak at Air France
In August 2025, Air France-KLM disclosed that attackers accessed customer data — names, contact details, Flying Blue loyalty numbers and status, and customer-service request subjects — via a compromised third-party customer-service platform.
Leak at Bouygues Telecom
On 6 August 2025, French telecom operator Bouygues Telecom disclosed a cyberattack that exposed personal data of 6.4 million customer accounts, including contact details, contractual data, civil status and IBANs (no card numbers or passwords).
Leak at Pandora
In August 2025, Danish jewelry maker Pandora disclosed a breach of a third-party CRM platform (Salesforce) in which attackers stole customer contact data — names, email addresses and birth dates — while stating no passwords or payment data were taken.
Pi-hole data breach (2025)
In July 2025, a vulnerability in the GiveWP WordPress plugin exposed the names and email addresses of approximately 30k donors to the Pi-hole network-wide ad blocking project. Pi-hole subsequently self-submitted the list of impacted donors to HIBP.
Data breachResolvedLeak at Centre d'études et de recherches sur les qualifications
On 26 July 2025, a database attributed to France's Céreq (Centre d'études et de recherches sur les qualifications) holding records on 210,607 people — surnames, first names, email addresses and phone numbers — was posted on the BreachForums leak forum.
Hello Cake data breach (2025)
In July 2025, the sexual healthcare product maker Hello Cake suffered a data breach. The data was subsequently posted on a public hacking forum and included 23k unique email addresses along with names, phone numbers, physical addresses, dates of birth and purchases.
Data breachResolvedLeak at Orange
On 25 July 2025, French telecom group Orange detected unauthorized access to one of its information systems; the Warlock ransomware group later claimed the attack and published about 4 GB of data, which Orange described as outdated or low-sensitivity.
Leak at France Travail
France Travail disclosed on 22 July 2025 that an intrusion via its Kairos platform exposed the personal data of around 340,000 job seekers, including names, postal and email addresses, phone numbers, France Travail IDs and jobseeker status; passwords and bank details were not affected.
Leak at Groupe 5àSec
The DragonForce ransomware group claimed a July 2025 attack on French dry-cleaning chain 5àSec, exfiltrating roughly 290 GB of data — SQL production and test databases spanning the group's France, Switzerland, Luxembourg, Spain and Portugal operations — and published it after the company declined to pay.
Allianz Life data breach (2025)
In July 2025, Allianz Life was the victim of a cyber attack which resulted in millions of records later being leaked online. Allianz attributed the attack to "a social engineering technique" which targeted data on Salesforce and resulted in the exposure of 1.1M unique email addresses, names,…
Data breachResolvedLeak at Centre National de la Fonction Publique Territoriale
In July 2025, France's CNFPT — the national training body for local-government staff — disclosed a targeted intrusion into its trainers' portal that exposed personal files of about 34,000 external instructors, including ID documents, bank details (RIB), contracts, diplomas and CVs.
Leak at Louis Vuitton
In July 2025, French luxury brand Louis Vuitton disclosed that an unauthorized third party had accessed customer data — names, contact details, postal addresses, dates of birth and purchase history — as part of a global breach affecting clients in France, South Korea and other markets; no payment data was exposed.
Data leak at Sorbonne Université
In mid-2025, Sorbonne Université (Paris) suffered a breach of its HR/payroll system that exposed personal data of roughly 32,000 current and former staff, including contact details, identity information and family members' names.
Data leak at Union Nationale du Sport Scolaire
Around 7.8 million profiles of current and former members of France's school sports federation UNSS were scraped from its OPUSS intranet by two teenagers using stolen credentials, exposing names, dates of birth, schools, contact details and more.
Canada Goose data breach (2025)
In February 2026, a data breach allegedly containing data relating to Canada Goose customers was published publicly. The data contained 920k records with 582k unique email addresses and included names, phone numbers, IP addresses, physical addresses and partial credit card data, specifically card…
Data breachResolvedC&M Software Pix heist (Brazil, 2025)
A junior developer at C&M Software — a Central Bank-authorized provider of Pix instant-payment connectivity — was paid roughly R$5,000 to hand over credentials. Attackers used the access to drain approximately R$800 million ($148 million) from reserve accounts at six Brazilian financial institutions in 2.5 hours.
TheSqua.re data breach (2025)
In June 2025, 107k unique customer email addresses were allegedly obtained from TheSqua.re, the "easiest way to find your next serviced apartment". The data also included names, phone numbers and cities which were subsequently posted to a popular hacking forum.
Data breachResolvedMaReads data breach (2025)
In June 2025, MaReads, the website for readers and writers of Thai-language fiction and comics suffered a data breach that exposed 74k records. The breach included usernames, email addresses, phone numbers and dates of birth. MaReads is aware of the breach.
Data breachResolvedLeak at Disneyland
In June 2025, the Anubis ransomware gang claimed a 64GB leak of ~39,000 confidential files from Disneyland Paris — engineering plans and behind-the-scenes photos/videos of park attractions — said to be stolen via a compromised third-party contractor.
Leak at Hôpital privé de la Loire
A cyberattack on Hôpital privé de la Loire (Ramsay Santé) in Saint-Étienne, France exposed personal data of up to 530,000 patients, including identity details, social-security numbers (NIR), ID documents and consultation records, after a hacker used stolen physician credentials.
Data Troll Stealer Logs data breach (2025)
In June 2025, headlines erupted over a "16 billion password" breach. In reality, the dataset was a compilation of publicly accessible stealer logs, mostly repurposed from older leaks, with only a small portion of genuinely new material.
Data breachResolvedVietnam Airlines data breach (2025)
In October 2025, data stolen from the Salesforce instances of multiple companies by a hacking group calling itself "Scattered LAPSUS$ Hunters" was publicly released.
Data breachResolvedCNPC USA ransomware attack (Rhysida, 2025)
CNPC USA was named on the Rhysida ransomware data-leak (extortion) site on 2025-06-16.
RansomwareUnknownJasper Products ransomware attack (Play, 2025)
Jasper Products was named on the Play ransomware data-leak (extortion) site on 2025-06-16.
RansomwareUnknownNF Stroth & Associates ransomware attack (Play, 2025)
NF Stroth & Associates was named on the Play ransomware data-leak (extortion) site on 2025-06-16.
RansomwareUnknownTBN Israel Hacked ransomware attack (Handala, 2025)
TBN Israel Hacked was named on the Handala ransomware data-leak (extortion) site on 2025-06-16.
RansomwareUnknownIsrael’s fuel supply system Data ransomware attack (Handala, 2025)
Israel’s fuel supply system Data was named on the Handala ransomware data-leak (extortion) site on 2025-06-15.
RansomwareUnknownS&H Express ransomware attack (Play, 2025)
S&H Express was named on the Play ransomware data-leak (extortion) site on 2025-06-15.
RansomwareUnknown099 ISP Hacked ransomware attack (Handala, 2025)
099 ISP Hacked was named on the Handala ransomware data-leak (extortion) site on 2025-06-14.
RansomwareUnknownAerodreams Hacked ransomware attack (Handala, 2025)
Aerodreams Hacked was named on the Handala ransomware data-leak (extortion) site on 2025-06-14.
RansomwareUnknownIsrael’s fuel supply system Hacked ransomware attack (Handala, 2025)
Israel’s fuel supply system Hacked was named on the Handala ransomware data-leak (extortion) site on 2025-06-14.
RansomwareUnknownIsrael’s fuel supply system Hacked ransomware attack (Handala, 2025)
Israel’s fuel supply system Hacked was named on the Handala ransomware data-leak (extortion) site on 2025-06-14.
RansomwareUnknownNPD Products ransomware attack (Play, 2025)
NPD Products was named on the Play ransomware data-leak (extortion) site on 2025-06-14.
RansomwareUnknownProject Partners ransomware attack (Play, 2025)
Project Partners was named on the Play ransomware data-leak (extortion) site on 2025-06-14.
RansomwareUnknownRollex ransomware attack (Play, 2025)
Rollex was named on the Play ransomware data-leak (extortion) site on 2025-06-14.
RansomwareUnknownY.G. New Idan Hacked ransomware attack (Handala, 2025)
Y.G. New Idan Hacked was named on the Handala ransomware data-leak (extortion) site on 2025-06-14.
RansomwareUnknownAjmanre.gov.ae ransomware attack (Flocker, 2025)
Ajmanre.gov.ae was named on the Flocker ransomware data-leak (extortion) site on 2025-06-12.
RansomwareUnknownalleray-labrouste ransomware attack (Incransom, 2025)
alleray-labrouste was named on the Incransom ransomware data-leak (extortion) site on 2025-06-12.
RansomwareUnknownAP Lettering ransomware attack (Spacebears, 2025)
AP Lettering was named on the Spacebears ransomware data-leak (extortion) site on 2025-06-11.
RansomwareUnknownMount Rogers Community Services ransomware attack (Incransom, 2025)
Mount Rogers Community Services was named on the Incransom ransomware data-leak (extortion) site on 2025-06-10.
RansomwareUnknownCatwatchful data breach (2025)
In June 2025, spyware maker Catwatchful suffered a data breach that exposed over 60k customer records. The breach was due to a SQL injection vulnerability that enabled email addresses and plain text passwords to be extracted from the system.
Data breachResolvedCommunity Choice Credit Union ransomware attack (Play, 2025)
Community Choice Credit Union was named on the Play ransomware data-leak (extortion) site on 2025-06-09.
RansomwareUnknownEUC Sjlland ransomware attack (Ransomhouse, 2025)
EUC Sjlland was named on the Ransomhouse ransomware data-leak (extortion) site on 2025-06-09.
RansomwareUnknownHomestead Gardens ransomware attack (Play, 2025)
Homestead Gardens was named on the Play ransomware data-leak (extortion) site on 2025-06-09.
RansomwareUnknownOmnicuris data breach (2025)
In June 2025, the Indian CME platform Omnicuris suffered a data breach that exposed approximately 200k records of healthcare professionals. The data included names, email addresses, phone numbers, geographic locations and other data attributes relating to professional expertise and training…
Data breachResolvedHudson River Housing ransomware attack (Rhysida, 2025)
Hudson River Housing was named on the Rhysida ransomware data-leak (extortion) site on 2025-06-07.
RansomwareUnknownwaiwhetu-medical-centre ransomware attack (Incransom, 2025)
waiwhetu-medical-centre was named on the Incransom ransomware data-leak (extortion) site on 2025-06-07.
RansomwareUnknownKittery Police Department ransomware attack (Incransom, 2025)
Kittery Police Department was named on the Incransom ransomware data-leak (extortion) site on 2025-06-06.
RansomwareUnknownMTTEXPERTISES.COM ransomware attack (Incransom, 2025)
MTTEXPERTISES.COM was named on the Incransom ransomware data-leak (extortion) site on 2025-06-06.
RansomwareUnknownNunez Dental ransomware attack (Incransom, 2025)
Nunez Dental was named on the Incransom ransomware data-leak (extortion) site on 2025-06-06.
RansomwareUnknownA*****e.gov.ae ransomware attack (Flocker, 2025)
A*****e.gov.ae was named on the Flocker ransomware data-leak (extortion) site on 2025-06-05.
RansomwareUnknownEbac ransomware attack (Play, 2025)
Ebac was named on the Play ransomware data-leak (extortion) site on 2025-06-05.
RansomwareUnknowniscamen ransomware attack (Incransom, 2025)
iscamen was named on the Incransom ransomware data-leak (extortion) site on 2025-06-05.
RansomwareUnknownLts.com.vn ransomware attack (Flocker, 2025)
Lts.com.vn was named on the Flocker ransomware data-leak (extortion) site on 2025-06-05.
RansomwareUnknownTriumph Construction ransomware attack (Play, 2025)
Triumph Construction was named on the Play ransomware data-leak (extortion) site on 2025-06-05.
RansomwareUnknowncemeteries.local ransomware attack (Incransom, 2025)
cemeteries.local was named on the Incransom ransomware data-leak (extortion) site on 2025-06-04.
RansomwareUnknownFunktel GmbH ransomware attack (Incransom, 2025)
Funktel GmbH was named on the Incransom ransomware data-leak (extortion) site on 2025-06-04.
RansomwareUnknownhttps://devimco.com/ ransomware attack (Metaencryptor, 2025)
https://devimco.com/ was named on the Metaencryptor ransomware data-leak (extortion) site on 2025-06-04.
RansomwareUnknownLeak at Cartier
In June 2025, luxury jeweller Cartier (Richemont) disclosed a data breach in which attackers accessed customer records — names, email addresses and country of residence — though no passwords, payment or banking data were exposed.
FLOE Internationa ransomware attack (Play, 2025)
FLOE Internationa was named on the Play ransomware data-leak (extortion) site on 2025-06-03.
RansomwareUnknownJericho Fire Department ransomware attack (Kairos, 2025)
Jericho Fire Department was named on the Kairos ransomware data-leak (extortion) site on 2025-06-03.
RansomwareUnknownLeak at Kaviari
On 3 June 2025, a customer database belonging to Kaviari, the Paris-based luxury caviar and premium seafood house, was reported leaked, exposing shoppers' names, contact details, dates of birth, account credentials and order histories.
Rochon ransomware attack (Play, 2025)
Rochon was named on the Play ransomware data-leak (extortion) site on 2025-06-03.
RansomwareUnknownSandhills Medical Foundation ransomware attack (Incransom, 2025)
Sandhills Medical Foundation was named on the Incransom ransomware data-leak (extortion) site on 2025-06-03.
RansomwareUnknownSorter Construction ransomware attack (Play, 2025)
Sorter Construction was named on the Play ransomware data-leak (extortion) site on 2025-06-03.
RansomwareUnknownMorocco ANCFCC land registry data leak
Weeks after the CNSS breach, the hacktivist Jabaroot leaked roughly 4 terabytes of data — millions of property certificates, title deeds, ID cards, passports, and banking documents — from Morocco's national land conservation agency ANCFCC.
Capital Trade ransomware attack (Play, 2025)
Capital Trade was named on the Play ransomware data-leak (extortion) site on 2025-06-02.
RansomwareUnknownhttp://www.kcac.com ransomware attack (BlackSuit, 2025)
http://www.kcac.com was named on the BlackSuit ransomware data-leak (extortion) site on 2025-06-02.
RansomwareUnknownUniversidad Técnica del Norte Ecuador ransomware attack (Incransom, 2025)
Universidad Técnica del Norte Ecuador was named on the Incransom ransomware data-leak (extortion) site on 2025-06-02.
RansomwareUnknownvaluestoreit ransomware attack (Incransom, 2025)
valuestoreit was named on the Incransom ransomware data-leak (extortion) site on 2025-06-02.
RansomwareUnknownVinda Group ransomware attack (Ransomhouse, 2025)
Vinda Group was named on the Ransomhouse ransomware data-leak (extortion) site on 2025-06-02.
RansomwareUnknownDcsdev.org ransomware attack (Flocker, 2025)
Dcsdev.org was named on the Flocker ransomware data-leak (extortion) site on 2025-06-01.
RansomwareUnknownsitro.com.au ransomware attack (Incransom, 2025)
sitro.com.au was named on the Incransom ransomware data-leak (extortion) site on 2025-05-31.
RansomwareUnknownTrustgrp.ae ransomware attack (Flocker, 2025)
Trustgrp.ae was named on the Flocker ransomware data-leak (extortion) site on 2025-05-31.
RansomwareUnknownAcorn Sales ransomware attack (Arcusmedia, 2025)
Acorn Sales was named on the Arcusmedia ransomware data-leak (extortion) site on 2025-05-30.
RansomwareUnknownAnchor Industries ransomware attack (Play, 2025)
Anchor Industries was named on the Play ransomware data-leak (extortion) site on 2025-05-30.
RansomwareUnknowngeruestba ransomware attack (LockBit, 2025)
geruestba was named on the LockBit ransomware data-leak (extortion) site on 2025-05-30.
RansomwareUnknownJordan Drug ransomware attack (Incransom, 2025)
Jordan Drug was named on the Incransom ransomware data-leak (extortion) site on 2025-05-30.
RansomwareUnknownM&H Electric Fabricators ransomware attack (Embargo, 2025)
M&H Electric Fabricators was named on the Embargo ransomware data-leak (extortion) site on 2025-05-30.
RansomwareUnknownmysfa.org ransomware attack (Incransom, 2025)
mysfa.org was named on the Incransom ransomware data-leak (extortion) site on 2025-05-30.
RansomwareUnknownSTANDBYTE ransomware attack (Arcusmedia, 2025)
STANDBYTE was named on the Arcusmedia ransomware data-leak (extortion) site on 2025-05-30.
RansomwareUnknownTri-Point Solutions ransomware attack (Play, 2025)
Tri-Point Solutions was named on the Play ransomware data-leak (extortion) site on 2025-05-30.
RansomwareUnknownUnigazJordan ransomware attack (Ransomblog_noname, 2025)
UnigazJordan was named on the Ransomblog_noname ransomware data-leak (extortion) site on 2025-05-30.
RansomwareUnknownW.E. Bowers ransomware attack (Play, 2025)
W.E. Bowers was named on the Play ransomware data-leak (extortion) site on 2025-05-30.
RansomwareUnknownhttp://metromont.com ransomware attack (BlackSuit, 2025)
http://metromont.com was named on the BlackSuit ransomware data-leak (extortion) site on 2025-05-29.
RansomwareUnknownhttp://www.innsofaurora.com ransomware attack (BlackSuit, 2025)
http://www.innsofaurora.com was named on the BlackSuit ransomware data-leak (extortion) site on 2025-05-29.
RansomwareUnknownMulia Raya ransomware attack (Ransomblog_noname, 2025)
Mulia Raya was named on the Ransomblog_noname ransomware data-leak (extortion) site on 2025-05-29.
RansomwareUnknownCator Ruma & Associates ransomware attack (Rhysida, 2025)
Cator Ruma & Associates was named on the Rhysida ransomware data-leak (extortion) site on 2025-05-28.
RansomwareUnknownCzech Ministry of Foreign Affairs APT31 cyber-espionage
The Czech government publicly attributed a years-long cyber-espionage campaign against an unclassified network of its Ministry of Foreign Affairs to APT31, a group linked to China's Ministry of State Security. The intrusion, active since at least 2022, targeted designated critical national infrastructure.
Eliel Cycling ransomware attack (Play, 2025)
Eliel Cycling was named on the Play ransomware data-leak (extortion) site on 2025-05-28.
RansomwareUnknownFujipoly Ltd ransomware attack (Spacebears, 2025)
Fujipoly Ltd was named on the Spacebears ransomware data-leak (extortion) site on 2025-05-28.
RansomwareUnknownKDV Label ransomware attack (Play, 2025)
KDV Label was named on the Play ransomware data-leak (extortion) site on 2025-05-28.
RansomwareUnknownl*s.com.vn ransomware attack (Flocker, 2025)
l*s.com.vn was named on the Flocker ransomware data-leak (extortion) site on 2025-05-28.
RansomwareUnknownCorantioquia ransomware attack (Hunters International, 2025)
Corantioquia was named on the Hunters International ransomware data-leak (extortion) site on 2025-05-27.
RansomwareUnknownEight8Ate Holdings, Inc ransomware attack (Hunters International, 2025)
Eight8Ate Holdings, Inc was named on the Hunters International ransomware data-leak (extortion) site on 2025-05-27.
RansomwareUnknownhttp://www.iptelecom.at ransomware attack (Ciphbit, 2025)
http://www.iptelecom.at was named on the Ciphbit ransomware data-leak (extortion) site on 2025-05-27.
RansomwareUnknownWAT Supplies ransomware attack (Play, 2025)
WAT Supplies was named on the Play ransomware data-leak (extortion) site on 2025-05-27.
RansomwareUnknownWrap & Send Services ransomware attack (Hunters International, 2025)
Wrap & Send Services was named on the Hunters International ransomware data-leak (extortion) site on 2025-05-27.
RansomwareUnknownallstarflooring.com ransomware attack (Embargo, 2025)
allstarflooring.com was named on the Embargo ransomware data-leak (extortion) site on 2025-05-26.
RansomwareUnknownAntea Luce ransomware attack (Arcusmedia, 2025)
Antea Luce was named on the Arcusmedia ransomware data-leak (extortion) site on 2025-05-26.
RansomwareUnknownLeak at Autosur
Autosur, a major French vehicle-inspection network, suffered a data breach exposing personal and vehicle records of millions of customers — names, emails, postal addresses, phone numbers, license plates and vehicle details — advertised for sale on a cybercrime forum.
Carrera Chevrolet ransomware attack (Rhysida, 2025)
Carrera Chevrolet was named on the Rhysida ransomware data-leak (extortion) site on 2025-05-26.
RansomwareUnknownFrederick's Machine & Tool Shop ransomware attack (Play, 2025)
Frederick's Machine & Tool Shop was named on the Play ransomware data-leak (extortion) site on 2025-05-26.
RansomwareUnknownMedia Links ransomware attack (Play, 2025)
Media Links was named on the Play ransomware data-leak (extortion) site on 2025-05-26.
RansomwareUnknownD****v.org ransomware attack (Flocker, 2025)
D****v.org was named on the Flocker ransomware data-leak (extortion) site on 2025-05-25.
RansomwareUnknownoxparkrec.org ransomware attack (Incransom, 2025)
oxparkrec.org was named on the Incransom ransomware data-leak (extortion) site on 2025-05-25.
RansomwareUnknownSeneca Gaming & Entertainment ransomware attack (Nitrogen, 2025)
Seneca Gaming & Entertainment was named on the Nitrogen ransomware data-leak (extortion) site on 2025-05-25.
RansomwareUnknownColoCrossing data breach (2025)
In May 2025, hosting provider ColoCrossing identified a data breach that impacted customers of their ColoCloud virtual server product. ColoCrossing advised the incident was isolated to their cloud/VPS platform and stemmed from a single sign-on vulnerability.
Data breachResolvedCoweta County School System ransomware attack (Nitrogen, 2025)
Coweta County School System was named on the Nitrogen ransomware data-leak (extortion) site on 2025-05-24.
RansomwareUnknownT******p.ae ransomware attack (Flocker, 2025)
T******p.ae was named on the Flocker ransomware data-leak (extortion) site on 2025-05-24.
RansomwareUnknownVernon Milling ransomware attack (Play, 2025)
Vernon Milling was named on the Play ransomware data-leak (extortion) site on 2025-05-24.
RansomwareUnknownAKJ Energiteknik ransomware attack (Play, 2025)
AKJ Energiteknik was named on the Play ransomware data-leak (extortion) site on 2025-05-23.
RansomwareUnknownOperation Endgame 2.0 data breach (2025)
In May 2025, a coalition of law enforcement agencies took down the criminal infrastructure behind the malware used to launch ransomware attacks in a new phase of "Operation Endgame".
Data breachResolvedSouth Atlantic Federal Credit Union ransomware attack (Play, 2025)
South Atlantic Federal Credit Union was named on the Play ransomware data-leak (extortion) site on 2025-05-23.
RansomwareUnknown4Motive ransomware attack (Spacebears, 2025)
4Motive was named on the Spacebears ransomware data-leak (extortion) site on 2025-05-22.
RansomwareUnknownCNHI LLC ransomware attack (Play, 2025)
CNHI LLC was named on the Play ransomware data-leak (extortion) site on 2025-05-22.
RansomwareUnknownCurewell Pharmacy & Surgicals ransomware attack (Spacebears, 2025)
Curewell Pharmacy & Surgicals was named on the Spacebears ransomware data-leak (extortion) site on 2025-05-22.
RansomwareUnknownGreater Seattle Concrete ransomware attack (Play, 2025)
Greater Seattle Concrete was named on the Play ransomware data-leak (extortion) site on 2025-05-22.
RansomwareUnknownpiercecountylibrary.org ransomware attack (Incransom, 2025)
piercecountylibrary.org was named on the Incransom ransomware data-leak (extortion) site on 2025-05-22.
RansomwareUnknownAttainX ransomware attack (Play, 2025)
AttainX was named on the Play ransomware data-leak (extortion) site on 2025-05-21.
RansomwareUnknownNeighborhood Development Services ransomware attack (Kairos, 2025)
Neighborhood Development Services was named on the Kairos ransomware data-leak (extortion) site on 2025-05-21.
RansomwareUnknownRivers Academy West London ransomware attack (Incransom, 2025)
Rivers Academy West London was named on the Incransom ransomware data-leak (extortion) site on 2025-05-21.
RansomwareUnknownDurham Arts Council ransomware attack (Kairos, 2025)
Durham Arts Council was named on the Kairos ransomware data-leak (extortion) site on 2025-05-20.
RansomwareUnknownFlorida Lung ransomware attack (Rhysida, 2025)
Florida Lung was named on the Rhysida ransomware data-leak (extortion) site on 2025-05-20.
RansomwareUnknownRuntec ransomware attack (Lynx, 2025)
Runtec was named on the Lynx ransomware data-leak (extortion) site on 2025-05-20.
RansomwareUnknownThe Vascular Experts ransomware attack (Incransom, 2025)
The Vascular Experts was named on the Incransom ransomware data-leak (extortion) site on 2025-05-20.
RansomwareUnknownTri State Electric ransomware attack (Ransomhouse, 2025)
Tri State Electric was named on the Ransomhouse ransomware data-leak (extortion) site on 2025-05-20.
RansomwareUnknownK & K Fence ransomware attack (Play, 2025)
K & K Fence was named on the Play ransomware data-leak (extortion) site on 2025-05-19.
RansomwareUnknownColegio de la Compania de Maria Vigo ransomware attack (Arcusmedia, 2025)
Colegio de la Compania de Maria Vigo was named on the Arcusmedia ransomware data-leak (extortion) site on 2025-05-18.
RansomwareUnknownFong Shann Printing Philippines ransomware attack (Arcusmedia, 2025)
Fong Shann Printing Philippines was named on the Arcusmedia ransomware data-leak (extortion) site on 2025-05-18.
RansomwareUnknownGrupo Boulevard ransomware attack (Arcusmedia, 2025)
Grupo Boulevard was named on the Arcusmedia ransomware data-leak (extortion) site on 2025-05-18.
RansomwareUnknownnull ransomware attack (Dragonforce, 2025)
null was named on the Dragonforce ransomware data-leak (extortion) site on 2025-05-18.
RansomwareUnknownRECI SYSTEMS ransomware attack (Arcusmedia, 2025)
RECI SYSTEMS was named on the Arcusmedia ransomware data-leak (extortion) site on 2025-05-18.
RansomwareUnknownRoad Development Corporation ransomware attack (Arcusmedia, 2025)
Road Development Corporation was named on the Arcusmedia ransomware data-leak (extortion) site on 2025-05-18.
RansomwareUnknownTermolar ransomware attack (Rhysida, 2025)
Termolar was named on the Rhysida ransomware data-leak (extortion) site on 2025-05-18.
RansomwareUnknowndiyar.com ransomware attack (Lynx, 2025)
diyar.com was named on the Lynx ransomware data-leak (extortion) site on 2025-05-17.
RansomwareUnknownGearhiser Peters Elliott & Cannon ransomware attack (Lynx, 2025)
Gearhiser Peters Elliott & Cannon was named on the Lynx ransomware data-leak (extortion) site on 2025-05-17.
RansomwareUnknownMaruichi Leavitt Pipe & Tube ransomware attack (Lynx, 2025)
Maruichi Leavitt Pipe & Tube was named on the Lynx ransomware data-leak (extortion) site on 2025-05-17.
RansomwareUnknownnissi-beach.com ransomware attack (Incransom, 2025)
nissi-beach.com was named on the Incransom ransomware data-leak (extortion) site on 2025-05-17.
RansomwareUnknownnpfy.org ransomware attack (Incransom, 2025)
npfy.org was named on the Incransom ransomware data-leak (extortion) site on 2025-05-17.
RansomwareUnknownros.eu ransomware attack (Incransom, 2025)
ros.eu was named on the Incransom ransomware data-leak (extortion) site on 2025-05-17.
RansomwareUnknownwww.davisdavisco.com ransomware attack (Incransom, 2025)
www.davisdavisco.com was named on the Incransom ransomware data-leak (extortion) site on 2025-05-17.
RansomwareUnknownalpha-steuer.de ransomware attack (Incransom, 2025)
alpha-steuer.de was named on the Incransom ransomware data-leak (extortion) site on 2025-05-16.
RansomwareUnknownCarney Badley Spellman ransomware attack (Play, 2025)
Carney Badley Spellman was named on the Play ransomware data-leak (extortion) site on 2025-05-16.
RansomwareUnknownccrcda.org ransomware attack (Incransom, 2025)
ccrcda.org was named on the Incransom ransomware data-leak (extortion) site on 2025-05-16.
RansomwareUnknownfinanzconsult-immobilien.de ransomware attack (Incransom, 2025)
finanzconsult-immobilien.de was named on the Incransom ransomware data-leak (extortion) site on 2025-05-16.
RansomwareUnknownsouth african airways (flysaa.com) ransomware attack (Incransom, 2025)
south african airways (flysaa.com) was named on the Incransom ransomware data-leak (extortion) site on 2025-05-16.
RansomwareUnknownTriple Jump ransomware attack (Ransomhouse, 2025)
Triple Jump was named on the Ransomhouse ransomware data-leak (extortion) site on 2025-05-16.
RansomwareUnknown[DISCLOSED]OeTTINGER Brauerei ransomware attack (Ransomhouse, 2025)
[DISCLOSED]OeTTINGER Brauerei was named on the Ransomhouse ransomware data-leak (extortion) site on 2025-05-15.
RansomwareUnknownGARDNER ORTHOPEDICS ransomware attack (Incransom, 2025)
GARDNER ORTHOPEDICS was named on the Incransom ransomware data-leak (extortion) site on 2025-05-15.
RansomwareUnknownhttp://www.gloucesterva.gov ransomware attack (BlackSuit, 2025)
http://www.gloucesterva.gov was named on the BlackSuit ransomware data-leak (extortion) site on 2025-05-15.
RansomwareUnknownGrafton Technologies ransomware attack (Play, 2025)
Grafton Technologies was named on the Play ransomware data-leak (extortion) site on 2025-05-14.
RansomwareUnknownKingsmen Creatives Ltd. ransomware attack (Embargo, 2025)
Kingsmen Creatives Ltd. was named on the Embargo ransomware data-leak (extortion) site on 2025-05-14.
RansomwareUnknownRedirecting... ransomware attack (Hellcat, 2025)
Redirecting... was named on the Hellcat ransomware data-leak (extortion) site on 2025-05-14.
RansomwareUnknownRegal Ideas ransomware attack (Play, 2025)
Regal Ideas was named on the Play ransomware data-leak (extortion) site on 2025-05-14.
RansomwareUnknownRoyal Chemical ransomware attack (Lynx, 2025)
Royal Chemical was named on the Lynx ransomware data-leak (extortion) site on 2025-05-14.
RansomwareUnknownSao Camilo Cachoeiro de Itapemirim ransomware attack (Rhysida, 2025)
Sao Camilo Cachoeiro de Itapemirim was named on the Rhysida ransomware data-leak (extortion) site on 2025-05-14.
RansomwareUnknownarchitekturbuero-heller.de ransomware attack (Dragonforce, 2025)
architekturbuero-heller.de was named on the Dragonforce ransomware data-leak (extortion) site on 2025-05-13.
RansomwareUnknownLeak at Dior
On 13 May 2025, luxury fashion house Christian Dior Couture (LVMH) began notifying customers — first in Asia — that an intrusion discovered on 7 May exposed names, contact details, purchase histories and marketing preferences; no bank or payment-card data was affected.
Dishaka ransomware attack (Play, 2025)
Dishaka was named on the Play ransomware data-leak (extortion) site on 2025-05-13.
RansomwareUnknownFirst Choice Courier & Messenger ransomware attack (Spacebears, 2025)
First Choice Courier & Messenger was named on the Spacebears ransomware data-leak (extortion) site on 2025-05-13.
RansomwareUnknownLooper Goodwine ransomware attack (Kairos, 2025)
Looper Goodwine was named on the Kairos ransomware data-leak (extortion) site on 2025-05-13.
RansomwareUnknownNedved Architekti ransomware attack (Spacebears, 2025)
Nedved Architekti was named on the Spacebears ransomware data-leak (extortion) site on 2025-05-13.
RansomwareUnknownOperative ransomware attack (Play, 2025)
Operative was named on the Play ransomware data-leak (extortion) site on 2025-05-13.
RansomwareUnknownOverhead Door of Nova Scotia ransomware attack (Play, 2025)
Overhead Door of Nova Scotia was named on the Play ransomware data-leak (extortion) site on 2025-05-13.
RansomwareUnknownLeak at Pulsy
Patient data managed by Pulsy, the regional e-health operator (GRADeS) for France's Grand Est region, was reported leaked on 13 May 2025, exposing identity details, contacts and sensitive health information including care pathways and hospitalisation records.
thaonlesvosges.fr ransomware attack (Dragonforce, 2025)
thaonlesvosges.fr was named on the Dragonforce ransomware data-leak (extortion) site on 2025-05-13.
RansomwareUnknownwww.colemanmaterials.com ransomware attack (Dragonforce, 2025)
www.colemanmaterials.com was named on the Dragonforce ransomware data-leak (extortion) site on 2025-05-13.
RansomwareUnknownaltara.com ransomware attack (Dragonforce, 2025)
altara.com was named on the Dragonforce ransomware data-leak (extortion) site on 2025-05-12.
RansomwareUnknownatlplasticsurgeon.com ransomware attack (Dragonforce, 2025)
atlplasticsurgeon.com was named on the Dragonforce ransomware data-leak (extortion) site on 2025-05-12.
RansomwareUnknownEIZO Rugged Solutions ransomware attack (Play, 2025)
EIZO Rugged Solutions was named on the Play ransomware data-leak (extortion) site on 2025-05-12.
RansomwareUnknowniacc.holdings ransomware attack (Dragonforce, 2025)
iacc.holdings was named on the Dragonforce ransomware data-leak (extortion) site on 2025-05-12.
RansomwareUnknownindustrialdynamics.com ransomware attack (Dragonforce, 2025)
industrialdynamics.com was named on the Dragonforce ransomware data-leak (extortion) site on 2025-05-12.
RansomwareUnknownjtalleycorp.com ransomware attack (Dragonforce, 2025)
jtalleycorp.com was named on the Dragonforce ransomware data-leak (extortion) site on 2025-05-12.
RansomwareUnknownJust Concrete & Masonry ransomware attack (Play, 2025)
Just Concrete & Masonry was named on the Play ransomware data-leak (extortion) site on 2025-05-12.
RansomwareUnknownnet-move.com ransomware attack (Dragonforce, 2025)
net-move.com was named on the Dragonforce ransomware data-leak (extortion) site on 2025-05-12.
RansomwareUnknownsouthernavionics.com ransomware attack (Dragonforce, 2025)
southernavionics.com was named on the Dragonforce ransomware data-leak (extortion) site on 2025-05-12.
RansomwareUnknownwww.condista.com ransomware attack (Dragonforce, 2025)
www.condista.com was named on the Dragonforce ransomware data-leak (extortion) site on 2025-05-12.
RansomwareUnknownwww.dermatologysolutions.com ransomware attack (Dragonforce, 2025)
www.dermatologysolutions.com was named on the Dragonforce ransomware data-leak (extortion) site on 2025-05-12.
RansomwareUnknownwww.philsmithauto.com ransomware attack (Dragonforce, 2025)
www.philsmithauto.com was named on the Dragonforce ransomware data-leak (extortion) site on 2025-05-12.
RansomwareUnknowndac-law.com ransomware attack (Dragonforce, 2025)
dac-law.com was named on the Dragonforce ransomware data-leak (extortion) site on 2025-05-11.
RansomwareUnknownkraftkisarna.se ransomware attack (Dragonforce, 2025)
kraftkisarna.se was named on the Dragonforce ransomware data-leak (extortion) site on 2025-05-11.
RansomwareUnknownmillercaggiano.com ransomware attack (Dragonforce, 2025)
millercaggiano.com was named on the Dragonforce ransomware data-leak (extortion) site on 2025-05-11.
RansomwareUnknownossman.co.uk ransomware attack (Dragonforce, 2025)
ossman.co.uk was named on the Dragonforce ransomware data-leak (extortion) site on 2025-05-11.
RansomwareUnknownpratthomes.com ransomware attack (Dragonforce, 2025)
pratthomes.com was named on the Dragonforce ransomware data-leak (extortion) site on 2025-05-11.
RansomwareUnknownpryor-morrow.com ransomware attack (Dragonforce, 2025)
pryor-morrow.com was named on the Dragonforce ransomware data-leak (extortion) site on 2025-05-11.
RansomwareUnknownstitaly.it ransomware attack (Dragonforce, 2025)
stitaly.it was named on the Dragonforce ransomware data-leak (extortion) site on 2025-05-11.
RansomwareUnknownwww.harrissteelco.com ransomware attack (Dragonforce, 2025)
www.harrissteelco.com was named on the Dragonforce ransomware data-leak (extortion) site on 2025-05-11.
RansomwareUnknownwww.irisid.com ransomware attack (Dragonforce, 2025)
www.irisid.com was named on the Dragonforce ransomware data-leak (extortion) site on 2025-05-11.
RansomwareUnknownwww.precisiontextiles-usa.com ransomware attack (Dragonforce, 2025)
www.precisiontextiles-usa.com was named on the Dragonforce ransomware data-leak (extortion) site on 2025-05-11.
RansomwareUnknownwww.setpointsystems.com ransomware attack (Dragonforce, 2025)
www.setpointsystems.com was named on the Dragonforce ransomware data-leak (extortion) site on 2025-05-11.
RansomwareUnknownwww.texlaenergy.com ransomware attack (Dragonforce, 2025)
www.texlaenergy.com was named on the Dragonforce ransomware data-leak (extortion) site on 2025-05-11.
RansomwareUnknownAmerican Eagle Logistics - Full Leak ransomware attack (Monti, 2025)
American Eagle Logistics - Full Leak was named on the Monti ransomware data-leak (extortion) site on 2025-05-10.
RansomwareUnknowncitrusmagic.com ransomware attack (Dragonforce, 2025)
citrusmagic.com was named on the Dragonforce ransomware data-leak (extortion) site on 2025-05-10.
RansomwareUnknownstatesmanbiz.com ransomware attack (Dragonforce, 2025)
statesmanbiz.com was named on the Dragonforce ransomware data-leak (extortion) site on 2025-05-10.
RansomwareUnknownVerrex ransomware attack (Play, 2025)
Verrex was named on the Play ransomware data-leak (extortion) site on 2025-05-10.
RansomwareUnknownwww.cityofgroveok.gov ransomware attack (Dragonforce, 2025)
www.cityofgroveok.gov was named on the Dragonforce ransomware data-leak (extortion) site on 2025-05-10.
RansomwareUnknownEMX Enterprises ransomware attack (Play, 2025)
EMX Enterprises was named on the Play ransomware data-leak (extortion) site on 2025-05-09.
RansomwareUnknownGistic Research ransomware attack (Play, 2025)
Gistic Research was named on the Play ransomware data-leak (extortion) site on 2025-05-09.
RansomwareUnknownhennessyfunds.com ransomware attack (LockBit, 2025)
hennessyfunds.com was named on the LockBit ransomware data-leak (extortion) site on 2025-05-09.
RansomwareUnknownMountain View Mushrooms ransomware attack (Rhysida, 2025)
Mountain View Mushrooms was named on the Rhysida ransomware data-leak (extortion) site on 2025-05-09.
RansomwareUnknownSweet Shop USA ransomware attack (Play, 2025)
Sweet Shop USA was named on the Play ransomware data-leak (extortion) site on 2025-05-09.
RansomwareUnknownUniTrak ransomware attack (Play, 2025)
UniTrak was named on the Play ransomware data-leak (extortion) site on 2025-05-08.
RansomwareUnknownvzlom7may.omg ransomware attack (LockBit, 2025)
vzlom7may.omg was named on the LockBit ransomware data-leak (extortion) site on 2025-05-08.
RansomwareUnknownAmtech Software ransomware attack (Monti, 2025)
Amtech Software was named on the Monti ransomware data-leak (extortion) site on 2025-05-07.
RansomwareUnknownGPF Lewis ransomware attack (Hunters International, 2025)
GPF Lewis was named on the Hunters International ransomware data-leak (extortion) site on 2025-05-07.
RansomwareUnknownLGM ransomware attack (Termite, 2025)
LGM was named on the Termite ransomware data-leak (extortion) site on 2025-05-07.
RansomwareUnknownSioux Chief ransomware attack (Hunters International, 2025)
Sioux Chief was named on the Hunters International ransomware data-leak (extortion) site on 2025-05-07.
RansomwareUnknownTransport Lutztulln ransomware attack (Orca, 2025)
Transport Lutztulln was named on the Orca ransomware data-leak (extortion) site on 2025-05-07.
RansomwareUnknownBreen Construction Services ransomware attack (Play, 2025)
Breen Construction Services was named on the Play ransomware data-leak (extortion) site on 2025-05-06.
RansomwareUnknownCommune de Jemeppe-sur-Sambre ransomware attack (Ransomhouse, 2025)
Commune de Jemeppe-sur-Sambre was named on the Ransomhouse ransomware data-leak (extortion) site on 2025-05-06.
RansomwareUnknownDowntown Travel ransomware attack (Play, 2025)
Downtown Travel was named on the Play ransomware data-leak (extortion) site on 2025-05-06.
RansomwareUnknownehlers-inc.com ransomware attack (LockBit, 2025)
ehlers-inc.com was named on the LockBit ransomware data-leak (extortion) site on 2025-05-06.
RansomwareUnknownMarine Technical Surveyors ransomware attack (Play, 2025)
Marine Technical Surveyors was named on the Play ransomware data-leak (extortion) site on 2025-05-06.
RansomwareUnknownMediprobe Research ransomware attack (Rhysida, 2025)
Mediprobe Research was named on the Rhysida ransomware data-leak (extortion) site on 2025-05-06.
RansomwareUnknownNovosit ransomware attack (Play, 2025)
Novosit was named on the Play ransomware data-leak (extortion) site on 2025-05-06.
RansomwareUnknownRand Technology ransomware attack (Play, 2025)
Rand Technology was named on the Play ransomware data-leak (extortion) site on 2025-05-06.
RansomwareUnknownSugar Lake Lodge ransomware attack (Play, 2025)
Sugar Lake Lodge was named on the Play ransomware data-leak (extortion) site on 2025-05-06.
RansomwareUnknownTechnical Die-Casting ransomware attack (Play, 2025)
Technical Die-Casting was named on the Play ransomware data-leak (extortion) site on 2025-05-06.
RansomwareUnknownTrybus ransomware attack (Play, 2025)
Trybus was named on the Play ransomware data-leak (extortion) site on 2025-05-06.
RansomwareUnknownUalabee data breach (2025)
In May 2025, the South American mobility services platform Ualabee had hundreds of thousands of records scraped from an interface on their platform. The data included 472k unique email addresses along with names, profile photos, dates of birth and phone numbers.
Data breachResolvedWebcor ransomware attack (Play, 2025)
Webcor was named on the Play ransomware data-leak (extortion) site on 2025-05-06.
RansomwareUnknownAlberta Construction Safety Association ransomware attack (Play, 2025)
Alberta Construction Safety Association was named on the Play ransomware data-leak (extortion) site on 2025-05-05.
RansomwareUnknownATI Systems ransomware attack (Play, 2025)
ATI Systems was named on the Play ransomware data-leak (extortion) site on 2025-05-05.
RansomwareUnknownHire Velocity (lan.hirevelocity.com) ransomware attack (Lynx, 2025)
Hire Velocity (lan.hirevelocity.com) was named on the Lynx ransomware data-leak (extortion) site on 2025-05-05.
RansomwareUnknownOeTTINGER Brauerei ransomware attack (Ransomhouse, 2025)
OeTTINGER Brauerei was named on the Ransomhouse ransomware data-leak (extortion) site on 2025-05-05.
RansomwareUnknownpbw- ransomware attack (LockBit, 2025)
pbw- was named on the LockBit ransomware data-leak (extortion) site on 2025-05-05.
RansomwareUnknownCabinC.com ransomware attack (Lynx, 2025)
CabinC.com was named on the Lynx ransomware data-leak (extortion) site on 2025-05-04.
RansomwareUnknownsoundtransit.org ransomware attack (Braincipher, 2025)
soundtransit.org was named on the Braincipher ransomware data-leak (extortion) site on 2025-05-04.
RansomwareUnknownvaledolobo.com ransomware attack (Braincipher, 2025)
valedolobo.com was named on the Braincipher ransomware data-leak (extortion) site on 2025-05-04.
RansomwareUnknownAmerican Eagle Logistics - Press Release ransomware attack (Monti, 2025)
American Eagle Logistics - Press Release was named on the Monti ransomware data-leak (extortion) site on 2025-05-03.
RansomwareUnknownddecor.com ransomware attack (Braincipher, 2025)
ddecor.com was named on the Braincipher ransomware data-leak (extortion) site on 2025-05-03.
RansomwareUnknownedisoft.es ransomware attack (Braincipher, 2025)
edisoft.es was named on the Braincipher ransomware data-leak (extortion) site on 2025-05-03.
RansomwareUnknowniycsa.com.co ransomware attack (Braincipher, 2025)
iycsa.com.co was named on the Braincipher ransomware data-leak (extortion) site on 2025-05-03.
RansomwareUnknownKalin Hobeltechnik ransomware attack (Rhysida, 2025)
Kalin Hobeltechnik was named on the Rhysida ransomware data-leak (extortion) site on 2025-05-03.
RansomwareUnknownruizre.es ransomware attack (Braincipher, 2025)
ruizre.es was named on the Braincipher ransomware data-leak (extortion) site on 2025-05-03.
RansomwareUnknownarc-com.com ransomware attack (LockBit, 2025)
arc-com.com was named on the LockBit ransomware data-leak (extortion) site on 2025-05-02.
RansomwareUnknownderichsukonertz.de ransomware attack (Lynx, 2025)
derichsukonertz.de was named on the Lynx ransomware data-leak (extortion) site on 2025-05-02.
RansomwareUnknown[DISCLOSED]Imedexsa ransomware attack (Ransomhouse, 2025)
[DISCLOSED]Imedexsa was named on the Ransomhouse ransomware data-leak (extortion) site on 2025-05-02.
RansomwareUnknownECOM America ransomware attack (Play, 2025)
ECOM America was named on the Play ransomware data-leak (extortion) site on 2025-05-02.
RansomwareUnknownGovernment of Peru ransomware attack (Rhysida, 2025)
Government of Peru was named on the Rhysida ransomware data-leak (extortion) site on 2025-05-02.
RansomwareUnknownkll-law.com ransomware attack (LockBit, 2025)
kll-law.com was named on the LockBit ransomware data-leak (extortion) site on 2025-05-02.
RansomwareUnknownpdcm.com ransomware attack (LockBit, 2025)
pdcm.com was named on the LockBit ransomware data-leak (extortion) site on 2025-05-02.
RansomwareUnknownruntec.co.jp ransomware attack (Lynx, 2025)
runtec.co.jp was named on the Lynx ransomware data-leak (extortion) site on 2025-05-02.
RansomwareUnknownSouthern Fidelity ransomware attack (Play, 2025)
Southern Fidelity was named on the Play ransomware data-leak (extortion) site on 2025-05-02.
RansomwareUnknownThe Seydel Companies ransomware attack (Play, 2025)
The Seydel Companies was named on the Play ransomware data-leak (extortion) site on 2025-05-02.
RansomwareUnknownCreams Cafe data breach (2025)
In May 2025, 160k records of customer data was allegedly obtained from Creams Cafe, "the UK's favourite dessert parlour". The data included email and physical addresses, names and phone numbers.
Data breachResolvedCustom Paper ransomware attack (Play, 2025)
Custom Paper was named on the Play ransomware data-leak (extortion) site on 2025-05-01.
RansomwareUnknownDefected Records ransomware attack (Play, 2025)
Defected Records was named on the Play ransomware data-leak (extortion) site on 2025-05-01.
RansomwareUnknownmaywdef ransomware attack (Lynx, 2025)
maywdef was named on the Lynx ransomware data-leak (extortion) site on 2025-05-01.
RansomwareUnknownStudioVaiani ransomware attack (Incransom, 2025)
StudioVaiani was named on the Incransom ransomware data-leak (extortion) site on 2025-05-01.
RansomwareUnknownThe Saint James Hospital Group ransomware attack (Incransom, 2025)
The Saint James Hospital Group was named on the Incransom ransomware data-leak (extortion) site on 2025-05-01.
RansomwareUnknownWDEF-TV ransomware attack (Lynx, 2025)
WDEF-TV was named on the Lynx ransomware data-leak (extortion) site on 2025-05-01.
RansomwareUnknownCoop UQAM ransomware attack (Rhysida, 2025)
Coop UQAM was named on the Rhysida ransomware data-leak (extortion) site on 2025-04-30.
RansomwareUnknownDigestive Specialists ransomware attack (Hunters International, 2025)
Digestive Specialists was named on the Hunters International ransomware data-leak (extortion) site on 2025-04-30.
RansomwareUnknownFCC ransomware attack (Hunters International, 2025)
FCC was named on the Hunters International ransomware data-leak (extortion) site on 2025-04-30.
RansomwareUnknownGorham Sand & Gravel ransomware attack (Play, 2025)
Gorham Sand & Gravel was named on the Play ransomware data-leak (extortion) site on 2025-04-30.
RansomwareUnknownMissouri Pipe Fittings ransomware attack (Play, 2025)
Missouri Pipe Fittings was named on the Play ransomware data-leak (extortion) site on 2025-04-30.
RansomwareUnknownNational Steel City ransomware attack (Play, 2025)
National Steel City was named on the Play ransomware data-leak (extortion) site on 2025-04-30.
RansomwareUnknownPenn Emblem (penn.local) ransomware attack (Lynx, 2025)
Penn Emblem (penn.local) was named on the Lynx ransomware data-leak (extortion) site on 2025-04-30.
RansomwareUnknownPermaCold Engineering ransomware attack (Play, 2025)
PermaCold Engineering was named on the Play ransomware data-leak (extortion) site on 2025-04-30.
RansomwareUnknownsouthernagllc.com ransomware attack (Lynx, 2025)
southernagllc.com was named on the Lynx ransomware data-leak (extortion) site on 2025-04-30.
RansomwareUnknownTelco Intercontinental ransomware attack (Hunters International, 2025)
Telco Intercontinental was named on the Hunters International ransomware data-leak (extortion) site on 2025-04-30.
RansomwareUnknownUshio ransomware attack (Termite, 2025)
Ushio was named on the Termite ransomware data-leak (extortion) site on 2025-04-30.
RansomwareUnknownBOLL Logistik ransomware attack (Play, 2025)
BOLL Logistik was named on the Play ransomware data-leak (extortion) site on 2025-04-29.
RansomwareUnknownCooper Global Chauffeured ransomware attack (Play, 2025)
Cooper Global Chauffeured was named on the Play ransomware data-leak (extortion) site on 2025-04-29.
RansomwareUnknownDavid Mills CPA, LLC ransomware attack (Lynx, 2025)
David Mills CPA, LLC was named on the Lynx ransomware data-leak (extortion) site on 2025-04-29.
RansomwareUnknownHaas & Associates ransomware attack (Play, 2025)
Haas & Associates was named on the Play ransomware data-leak (extortion) site on 2025-04-28.
RansomwareUnknownHpital Glengarry Memorial Hospital (clglen.local) ransomware attack (Incransom, 2025)
Hpital Glengarry Memorial Hospital (clglen.local) was named on the Incransom ransomware data-leak (extortion) site on 2025-04-28.
RansomwareUnknownLaBella Associates ransomware attack (Rhysida, 2025)
LaBella Associates was named on the Rhysida ransomware data-leak (extortion) site on 2025-04-28.
RansomwareUnknownMantel Machine Products ransomware attack (Play, 2025)
Mantel Machine Products was named on the Play ransomware data-leak (extortion) site on 2025-04-28.
RansomwareUnknownMinnesota Lawyers Mutual Insurance ransomware attack (Hunters International, 2025)
Minnesota Lawyers Mutual Insurance was named on the Hunters International ransomware data-leak (extortion) site on 2025-04-28.
RansomwareUnknownScientel Solutions ransomware attack (Play, 2025)
Scientel Solutions was named on the Play ransomware data-leak (extortion) site on 2025-04-28.
RansomwareUnknownCrawford Door Sales ransomware attack (Play, 2025)
Crawford Door Sales was named on the Play ransomware data-leak (extortion) site on 2025-04-27.
RansomwareUnknownFMT Consultants ransomware attack (Play, 2025)
FMT Consultants was named on the Play ransomware data-leak (extortion) site on 2025-04-27.
RansomwareUnknownGlobal Media Group ransomware attack (Nitrogen, 2025)
Global Media Group was named on the Nitrogen ransomware data-leak (extortion) site on 2025-04-26.
RansomwareUnknownM'AR De AR Hotels ransomware attack (Nitrogen, 2025)
M'AR De AR Hotels was named on the Nitrogen ransomware data-leak (extortion) site on 2025-04-26.
RansomwareUnknownMDB ransomware attack (Rhysida, 2025)
MDB was named on the Rhysida ransomware data-leak (extortion) site on 2025-04-26.
RansomwareUnknownStadtwerke Schwerte GmbH ransomware attack (Nitrogen, 2025)
Stadtwerke Schwerte GmbH was named on the Nitrogen ransomware data-leak (extortion) site on 2025-04-26.
RansomwareUnknownAKTO ransomware attack (Nitrogen, 2025)
AKTO was named on the Nitrogen ransomware data-leak (extortion) site on 2025-04-25.
RansomwareUnknowncorporateflight.com ransomware attack (Lynx, 2025)
corporateflight.com was named on the Lynx ransomware data-leak (extortion) site on 2025-04-25.
RansomwareUnknownfriscochamber.com ransomware attack (Lynx, 2025)
friscochamber.com was named on the Lynx ransomware data-leak (extortion) site on 2025-04-25.
RansomwareUnknowngreatplainstransport.com ransomware attack (Lynx, 2025)
greatplainstransport.com was named on the Lynx ransomware data-leak (extortion) site on 2025-04-25.
RansomwareUnknownimpactcanada.com ransomware attack (Lynx, 2025)
impactcanada.com was named on the Lynx ransomware data-leak (extortion) site on 2025-04-25.
RansomwareUnknownKasb Bank - K-Trade ransomware attack (Hunters International, 2025)
Kasb Bank - K-Trade was named on the Hunters International ransomware data-leak (extortion) site on 2025-04-25.
RansomwareUnknownKenworth Del Sur ransomware attack (Hunters International, 2025)
Kenworth Del Sur was named on the Hunters International ransomware data-leak (extortion) site on 2025-04-25.
RansomwareUnknownpay4freight.com ransomware attack (Lynx, 2025)
pay4freight.com was named on the Lynx ransomware data-leak (extortion) site on 2025-04-25.
RansomwareUnknownshgcpa.com ransomware attack (Lynx, 2025)
shgcpa.com was named on the Lynx ransomware data-leak (extortion) site on 2025-04-25.
RansomwareUnknownarkansasprimarycare.com ransomware attack (Incransom, 2025)
arkansasprimarycare.com was named on the Incransom ransomware data-leak (extortion) site on 2025-04-24.
RansomwareUnknownbuildingmaterialspecialties.com ransomware attack (Lynx, 2025)
buildingmaterialspecialties.com was named on the Lynx ransomware data-leak (extortion) site on 2025-04-24.
RansomwareUnknownLeak at Carrefour Mobile
In April 2025, Carrefour Mobile, the Belgian MVNO of the Carrefour retail group, suffered a data breach exposing personal data of about 64,000 customers, including names, contact details, home addresses, portal passwords and, for some, passport numbers.
Colorado Pulmonary Intensivists ransomware attack (Kairos, 2025)
Colorado Pulmonary Intensivists was named on the Kairos ransomware data-leak (extortion) site on 2025-04-24.
RansomwareUnknownend2endtechnologies ransomware attack (Lynx, 2025)
end2endtechnologies was named on the Lynx ransomware data-leak (extortion) site on 2025-04-24.
RansomwareUnknownhttps://fortunesociety.org/ ransomware attack (BlackSuit, 2025)
https://fortunesociety.org/ was named on the BlackSuit ransomware data-leak (extortion) site on 2025-04-24.
RansomwareUnknownhttps://www.pacmet.com ransomware attack (BlackSuit, 2025)
https://www.pacmet.com was named on the BlackSuit ransomware data-leak (extortion) site on 2025-04-24.
RansomwareUnknownVicarage Court Solicitors ransomware attack (Lynx, 2025)
Vicarage Court Solicitors was named on the Lynx ransomware data-leak (extortion) site on 2025-04-24.
RansomwareUnknownamethystgroup.co.uk ransomware attack (Lynx, 2025)
amethystgroup.co.uk was named on the Lynx ransomware data-leak (extortion) site on 2025-04-23.
RansomwareUnknownFarmo Res ransomware attack (Lynx, 2025)
Farmo Res was named on the Lynx ransomware data-leak (extortion) site on 2025-04-23.
RansomwareUnknowniaconnect ransomware attack (LockBit, 2025)
iaconnect was named on the LockBit ransomware data-leak (extortion) site on 2025-04-23.
RansomwareUnknownLantronix ransomware attack (Play, 2025)
Lantronix was named on the Play ransomware data-leak (extortion) site on 2025-04-23.
RansomwareUnknownlemi-group ransomware attack (Incransom, 2025)
lemi-group was named on the Incransom ransomware data-leak (extortion) site on 2025-04-23.
RansomwareUnknownMafi ransomware attack (Hunters International, 2025)
Mafi was named on the Hunters International ransomware data-leak (extortion) site on 2025-04-23.
RansomwareUnknownMilicic ransomware attack (Rhysida, 2025)
Milicic was named on the Rhysida ransomware data-leak (extortion) site on 2025-04-23.
RansomwareUnknownNESCTC ransomware attack (Play, 2025)
NESCTC was named on the Play ransomware data-leak (extortion) site on 2025-04-23.
RansomwareUnknownSpringer & Steinberg ransomware attack (Lynx, 2025)
Springer & Steinberg was named on the Lynx ransomware data-leak (extortion) site on 2025-04-23.
RansomwareUnknownSuburban Carting ransomware attack (Play, 2025)
Suburban Carting was named on the Play ransomware data-leak (extortion) site on 2025-04-23.
RansomwareUnknownThe Derby High School ransomware attack (Kairos, 2025)
The Derby High School was named on the Kairos ransomware data-leak (extortion) site on 2025-04-23.
RansomwareUnknownThe Human Bean ransomware attack (Play, 2025)
The Human Bean was named on the Play ransomware data-leak (extortion) site on 2025-04-23.
RansomwareUnknownAcos Favorit ransomware attack (Rhysida, 2025)
Acos Favorit was named on the Rhysida ransomware data-leak (extortion) site on 2025-04-22.
RansomwareUnknownAll Book Covers ransomware attack (Play, 2025)
All Book Covers was named on the Play ransomware data-leak (extortion) site on 2025-04-22.
RansomwareUnknownBacton Transport Services ransomware attack (Ransomhouse, 2025)
Bacton Transport Services was named on the Ransomhouse ransomware data-leak (extortion) site on 2025-04-22.
RansomwareUnknownLeak at Easy Cash
In April 2025, French second-hand retail chain Easy Cash disclosed a breach exposing the names, first names and dates of birth of around 92,000 customers, traced to a compromised in-store workstation.
franklin nursing home ransomware attack (Incransom, 2025)
franklin nursing home was named on the Incransom ransomware data-leak (extortion) site on 2025-04-22.
RansomwareUnknownIndependent Financial Services ransomware attack (Play, 2025)
Independent Financial Services was named on the Play ransomware data-leak (extortion) site on 2025-04-22.
RansomwareUnknownJet Ice ransomware attack (Play, 2025)
Jet Ice was named on the Play ransomware data-leak (extortion) site on 2025-04-22.
RansomwareUnknownR&N Manufacturing ransomware attack (Lynx, 2025)
R&N Manufacturing was named on the Lynx ransomware data-leak (extortion) site on 2025-04-22.
RansomwareUnknownC-Mec ransomware attack (Ransomhouse, 2025)
C-Mec was named on the Ransomhouse ransomware data-leak (extortion) site on 2025-04-21.
RansomwareUnknownMarks & Spencer DragonForce ransomware (Scattered Spider, 2025)
Social-engineering of a third-party service desk gave Scattered Spider a domain administrator, which they used to deploy DragonForce ransomware on M&S's VMware ESXi estate at Easter 2025 — knocking out contactless payments, Click & Collect, and online ordering for over six weeks.
Pharma Force ransomware attack (Hunters International, 2025)
Pharma Force was named on the Hunters International ransomware data-leak (extortion) site on 2025-04-21.
RansomwareUnknowntuttoperlufficio.eu ransomware attack (LockBit, 2025)
tuttoperlufficio.eu was named on the LockBit ransomware data-leak (extortion) site on 2025-04-21.
RansomwareUnknownZ****a.com ransomware attack (Flocker, 2025)
Z****a.com was named on the Flocker ransomware data-leak (extortion) site on 2025-04-19.
RansomwareUnknowndhsmithco.com ransomware attack (Lynx, 2025)
dhsmithco.com was named on the Lynx ransomware data-leak (extortion) site on 2025-04-18.
RansomwareUnknown[EVIDENCE PACK 2] Telecontrol ransomware attack (Ransomhouse, 2025)
[EVIDENCE PACK 2] Telecontrol was named on the Ransomhouse ransomware data-leak (extortion) site on 2025-04-18.
RansomwareUnknownLeak at Indigo
In April 2025, French parking operator Indigo disclosed a breach after attackers accessed its information systems and stole customer names, postal and email addresses, phone numbers and vehicle license plates; no banking data or passwords were affected.
The Tech Interactive ransomware attack (Moneymessage, 2025)
The Tech Interactive was named on the Moneymessage ransomware data-leak (extortion) site on 2025-04-18.
RansomwareUnknownd-line ransomware attack (Kairos, 2025)
d-line was named on the Kairos ransomware data-leak (extortion) site on 2025-04-17.
RansomwareUnknownEVERTECH INSTRUMENTAL CO., LTD ransomware attack (Spacebears, 2025)
EVERTECH INSTRUMENTAL CO., LTD was named on the Spacebears ransomware data-leak (extortion) site on 2025-04-17.
RansomwareUnknownFeldman & Lopez ransomware attack (Lynx, 2025)
Feldman & Lopez was named on the Lynx ransomware data-leak (extortion) site on 2025-04-17.
RansomwareUnknownHOPI ransomware attack (Hunters International, 2025)
HOPI was named on the Hunters International ransomware data-leak (extortion) site on 2025-04-17.
RansomwareUnknownHyalogic ransomware attack (Lynx, 2025)
Hyalogic was named on the Lynx ransomware data-leak (extortion) site on 2025-04-17.
RansomwareUnknownKoninklijke Ahold Delhaize N.V. ransomware attack (Incransom, 2025)
Koninklijke Ahold Delhaize N.V. was named on the Incransom ransomware data-leak (extortion) site on 2025-04-17.
RansomwareUnknownRed Chamber ransomware attack (Play, 2025)
Red Chamber was named on the Play ransomware data-leak (extortion) site on 2025-04-17.
RansomwareUnknownSally B Gold ransomware attack (Lynx, 2025)
Sally B Gold was named on the Lynx ransomware data-leak (extortion) site on 2025-04-17.
RansomwareUnknownVIÑUELAS ABOGADOS ransomware attack (Spacebears, 2025)
VIÑUELAS ABOGADOS was named on the Spacebears ransomware data-leak (extortion) site on 2025-04-17.
RansomwareUnknownaeamg.org.br ransomware attack (LockBit, 2025)
aeamg.org.br was named on the LockBit ransomware data-leak (extortion) site on 2025-04-16.
RansomwareUnknownaqhch.com.cn ransomware attack (LockBit, 2025)
aqhch.com.cn was named on the LockBit ransomware data-leak (extortion) site on 2025-04-16.
RansomwareUnknownende.bo ransomware attack (LockBit, 2025)
ende.bo was named on the LockBit ransomware data-leak (extortion) site on 2025-04-16.
RansomwareUnknowniblinfo.de ransomware attack (Incransom, 2025)
iblinfo.de was named on the Incransom ransomware data-leak (extortion) site on 2025-04-16.
RansomwareUnknownjackpotjunction.com ransomware attack (LockBit, 2025)
jackpotjunction.com was named on the LockBit ransomware data-leak (extortion) site on 2025-04-16.
RansomwareUnknownMcElwee Firm ransomware attack (Lynx, 2025)
McElwee Firm was named on the Lynx ransomware data-leak (extortion) site on 2025-04-16.
RansomwareUnknownsemex.com ransomware attack (Underground, 2025)
semex.com was named on the Underground ransomware data-leak (extortion) site on 2025-04-16.
RansomwareUnknownspscompanies.com ransomware attack (Lynx, 2025)
spscompanies.com was named on the Lynx ransomware data-leak (extortion) site on 2025-04-16.
RansomwareUnknowntoolsign.com ransomware attack (Lynx, 2025)
toolsign.com was named on the Lynx ransomware data-leak (extortion) site on 2025-04-16.
RansomwareUnknownLeak at Afflelou
In April 2025, French optical and hearing-aid retailer Alain Afflelou disclosed a breach caused by a vulnerability at a third-party CRM provider, exposing the personal and commercial data of thousands of customers and prospects.
Astra Products ransomware attack (Lynx, 2025)
Astra Products was named on the Lynx ransomware data-leak (extortion) site on 2025-04-15.
RansomwareUnknownDestination Toronto ransomware attack (Play, 2025)
Destination Toronto was named on the Play ransomware data-leak (extortion) site on 2025-04-15.
RansomwareUnknownLeak at Hertz
On 15 April 2025, car-rental company Hertz disclosed a data breach stemming from the late-2024 zero-day exploitation of Cleo's file-transfer software by the CL0P group, exposing customer names, contact details, dates of birth, driver's licences, credit-card and passport data.
James & Sons Fine Jewelers ransomware attack (Play, 2025)
James & Sons Fine Jewelers was named on the Play ransomware data-leak (extortion) site on 2025-04-15.
RansomwareUnknownLake HVAC ransomware attack (Lynx, 2025)
Lake HVAC was named on the Lynx ransomware data-leak (extortion) site on 2025-04-15.
RansomwareUnknownMerri-Makers ransomware attack (Play, 2025)
Merri-Makers was named on the Play ransomware data-leak (extortion) site on 2025-04-15.
RansomwareUnknownMiller Boskus Lack Architects ransomware attack (Play, 2025)
Miller Boskus Lack Architects was named on the Play ransomware data-leak (extortion) site on 2025-04-15.
RansomwareUnknownnevadareadymix.com ransomware attack (Lynx, 2025)
nevadareadymix.com was named on the Lynx ransomware data-leak (extortion) site on 2025-04-15.
RansomwareUnknownO'Brien & Ryan ransomware attack (Play, 2025)
O'Brien & Ryan was named on the Play ransomware data-leak (extortion) site on 2025-04-15.
RansomwareUnknownOregon Department of Environmental Quality ransomware attack (Rhysida, 2025)
Oregon Department of Environmental Quality was named on the Rhysida ransomware data-leak (extortion) site on 2025-04-15.
RansomwareUnknowntrocaire.edu ransomware attack (Incransom, 2025)
trocaire.edu was named on the Incransom ransomware data-leak (extortion) site on 2025-04-15.
RansomwareUnknownVoigt-Abernathy Company ransomware attack (Play, 2025)
Voigt-Abernathy Company was named on the Play ransomware data-leak (extortion) site on 2025-04-15.
RansomwareUnknownWaller ransomware attack (Play, 2025)
Waller was named on the Play ransomware data-leak (extortion) site on 2025-04-15.
RansomwareUnknownCalmont Group ransomware attack (Play, 2025)
Calmont Group was named on the Play ransomware data-leak (extortion) site on 2025-04-14.
RansomwareUnknownComport Technology Solutions ransomware attack (Play, 2025)
Comport Technology Solutions was named on the Play ransomware data-leak (extortion) site on 2025-04-14.
RansomwareUnknownCortez Resources ransomware attack (Play, 2025)
Cortez Resources was named on the Play ransomware data-leak (extortion) site on 2025-04-14.
RansomwareUnknownMENTAL HEALTH ransomware attack (Incransom, 2025)
MENTAL HEALTH was named on the Incransom ransomware data-leak (extortion) site on 2025-04-14.
RansomwareUnknownOrthopaedic Specialists of Connecticut ransomware attack (Incransom, 2025)
Orthopaedic Specialists of Connecticut was named on the Incransom ransomware data-leak (extortion) site on 2025-04-14.
RansomwareUnknownintelliloan.com ransomware attack (LockBit, 2025)
intelliloan.com was named on the LockBit ransomware data-leak (extortion) site on 2025-04-13.
RansomwareUnknownacimfunds.com ransomware attack (LockBit, 2025)
acimfunds.com was named on the LockBit ransomware data-leak (extortion) site on 2025-04-12.
RansomwareUnknownbilbie.com.au ransomware attack (Lynx, 2025)
bilbie.com.au was named on the Lynx ransomware data-leak (extortion) site on 2025-04-12.
RansomwareUnknownBjørklund ransomware attack (Termite, 2025)
Bjørklund was named on the Termite ransomware data-leak (extortion) site on 2025-04-12.
RansomwareUnknownChickenshed ransomware attack (Incransom, 2025)
Chickenshed was named on the Incransom ransomware data-leak (extortion) site on 2025-04-12.
RansomwareUnknownDimension Composite ransomware attack (Rhysida, 2025)
Dimension Composite was named on the Rhysida ransomware data-leak (extortion) site on 2025-04-12.
RansomwareUnknownOn IT ransomware attack (Termite, 2025)
On IT was named on the Termite ransomware data-leak (extortion) site on 2025-04-12.
RansomwareUnknownRestaurant Associates ransomware attack (Lynx, 2025)
Restaurant Associates was named on the Lynx ransomware data-leak (extortion) site on 2025-04-12.
RansomwareUnknownvisionproducts.llc ransomware attack (LockBit, 2025)
visionproducts.llc was named on the LockBit ransomware data-leak (extortion) site on 2025-04-12.
RansomwareUnknownC?l???t Group ransomware attack (Play, 2025)
C?l???t Group was named on the Play ransomware data-leak (extortion) site on 2025-04-11.
RansomwareUnknownCodinter ransomware attack (Play, 2025)
Codinter was named on the Play ransomware data-leak (extortion) site on 2025-04-11.
RansomwareUnknownColmar Industrial Supplies ransomware attack (Lynx, 2025)
Colmar Industrial Supplies was named on the Lynx ransomware data-leak (extortion) site on 2025-04-11.
RansomwareUnknownLeak at Harvest
Harvest, a French wealth-management software editor, was hit by a Run Some Wares ransomware double-extortion attack disclosed in April 2025; internal and client files were exfiltrated and published, reportedly exposing data on tens of thousands of individuals and thousands of companies.
hotelemc2.c ransomware attack (LockBit, 2025)
hotelemc2.c was named on the LockBit ransomware data-leak (extortion) site on 2025-04-11.
RansomwareUnknownImagineering Finishing Technologies ransomware attack (Incransom, 2025)
Imagineering Finishing Technologies was named on the Incransom ransomware data-leak (extortion) site on 2025-04-11.
RansomwareUnknownKER Custom Molders ransomware attack (Play, 2025)
KER Custom Molders was named on the Play ransomware data-leak (extortion) site on 2025-04-11.
RansomwareUnknownmbmdubai.com ransomware attack (Braincipher, 2025)
mbmdubai.com was named on the Braincipher ransomware data-leak (extortion) site on 2025-04-11.
RansomwareUnknownNew York Sports Club ransomware attack (Play, 2025)
New York Sports Club was named on the Play ransomware data-leak (extortion) site on 2025-04-11.
RansomwareUnknownNoyen Construction ransomware attack (Play, 2025)
Noyen Construction was named on the Play ransomware data-leak (extortion) site on 2025-04-11.
RansomwareUnknownPAC Strapping Products ransomware attack (Play, 2025)
PAC Strapping Products was named on the Play ransomware data-leak (extortion) site on 2025-04-11.
RansomwareUnknownSfrent.net ransomware attack (Play, 2025)
Sfrent.net was named on the Play ransomware data-leak (extortion) site on 2025-04-11.
RansomwareUnknownSynthient Credential Stuffing Threat Data data breach (2025)
During 2025, the threat-intelligence firm Synthient aggregated 2 billion unique email addresses disclosed in credential-stuffing lists found across multiple malicious internet sources.
Data breachResolvedSynthient Stealer Log Threat Data data breach (2025)
During 2025, Synthient aggregated billions of records of "threat data" from various internet sources. The data contained 183M unique email addresses alongside the websites they were entered into and the passwords used.
Data breachResolvedThe Study ransomware attack (Play, 2025)
The Study was named on the Play ransomware data-leak (extortion) site on 2025-04-11.
RansomwareUnknown3P Corporation ransomware attack (Spacebears, 2025)
3P Corporation was named on the Spacebears ransomware data-leak (extortion) site on 2025-04-10.
RansomwareUnknownBonick Landscaping ransomware attack (Play, 2025)
Bonick Landscaping was named on the Play ransomware data-leak (extortion) site on 2025-04-10.
RansomwareUnknownCane Creek Cycling Components ransomware attack (Play, 2025)
Cane Creek Cycling Components was named on the Play ransomware data-leak (extortion) site on 2025-04-10.
RansomwareUnknownchesterfieldtwp.org ransomware attack (Incransom, 2025)
chesterfieldtwp.org was named on the Incransom ransomware data-leak (extortion) site on 2025-04-10.
RansomwareUnknownfinetech.de ransomware attack (Incransom, 2025)
finetech.de was named on the Incransom ransomware data-leak (extortion) site on 2025-04-10.
RansomwareUnknowninspec-international.com ransomware attack (Incransom, 2025)
inspec-international.com was named on the Incransom ransomware data-leak (extortion) site on 2025-04-10.
RansomwareUnknownsilocaf.com ransomware attack (Incransom, 2025)
silocaf.com was named on the Incransom ransomware data-leak (extortion) site on 2025-04-10.
RansomwareUnknownccso2014.local(sheriffs) ransomware attack (Incransom, 2025)
ccso2014.local(sheriffs) was named on the Incransom ransomware data-leak (extortion) site on 2025-04-09.
RansomwareUnknowngramoll.com ransomware attack (Lynx, 2025)
gramoll.com was named on the Lynx ransomware data-leak (extortion) site on 2025-04-09.
RansomwareUnknownMorocco CNSS social security data leak
A hacktivist using the alias Jabaroot leaked more than 53,000 PDF files and CSV databases from Morocco's National Social Security Fund, exposing national ID numbers, salaries, and banking details for nearly 2 million employees across some 500,000 companies.
Coop57 ransomware attack (Incransom, 2025)
Coop57 was named on the Incransom ransomware data-leak (extortion) site on 2025-04-08.
RansomwareUnknowncrystal-d.com ransomware attack (LockBit, 2025)
crystal-d.com was named on the LockBit ransomware data-leak (extortion) site on 2025-04-08.
RansomwareUnknownhttps://www.thirdave.com ransomware attack (Metaencryptor, 2025)
https://www.thirdave.com was named on the Metaencryptor ransomware data-leak (extortion) site on 2025-04-08.
RansomwareUnknownphysiciansmedicalbilling.net ransomware attack (LockBit, 2025)
physiciansmedicalbilling.net was named on the LockBit ransomware data-leak (extortion) site on 2025-04-08.
RansomwareUnknownRFMS, Inc. ransomware attack (Kairos, 2025)
RFMS, Inc. was named on the Kairos ransomware data-leak (extortion) site on 2025-04-08.
RansomwareUnknownshengyusteel.com ransomware attack (Underground, 2025)
shengyusteel.com was named on the Underground ransomware data-leak (extortion) site on 2025-04-08.
RansomwareUnknownThiekon Constructie ransomware attack (Incransom, 2025)
Thiekon Constructie was named on the Incransom ransomware data-leak (extortion) site on 2025-04-08.
RansomwareUnknown[DISCLOSED]Cell C ransomware attack (Ransomhouse, 2025)
[DISCLOSED]Cell C was named on the Ransomhouse ransomware data-leak (extortion) site on 2025-04-07.
RansomwareUnknownGalesburg Area Chamber of Commerce ransomware attack (Kairos, 2025)
Galesburg Area Chamber of Commerce was named on the Kairos ransomware data-leak (extortion) site on 2025-04-07.
RansomwareUnknownIDS Infotech ransomware attack (Hunters International, 2025)
IDS Infotech was named on the Hunters International ransomware data-leak (extortion) site on 2025-04-07.
RansomwareUnknownTelecontrol ransomware attack (Ransomhouse, 2025)
Telecontrol was named on the Ransomhouse ransomware data-leak (extortion) site on 2025-04-07.
RansomwareUnknownasiapacificex.com ransomware attack (LockBit, 2025)
asiapacificex.com was named on the LockBit ransomware data-leak (extortion) site on 2025-04-06.
RansomwareUnknowngraphiquedefrance.com ransomware attack (LockBit, 2025)
graphiquedefrance.com was named on the LockBit ransomware data-leak (extortion) site on 2025-04-06.
RansomwareUnknownGroupe Delcourt ransomware attack (Hunters International, 2025)
Groupe Delcourt was named on the Hunters International ransomware data-leak (extortion) site on 2025-04-06.
RansomwareUnknowngrupotersa.com.mx ransomware attack (LockBit, 2025)
grupotersa.com.mx was named on the LockBit ransomware data-leak (extortion) site on 2025-04-06.
RansomwareUnknownHofmann Fördertechnik GmbH ransomware attack (Hunters International, 2025)
Hofmann Fördertechnik GmbH was named on the Hunters International ransomware data-leak (extortion) site on 2025-04-06.
RansomwareUnknownSwiss Capitals Group ransomware attack (Rhysida, 2025)
Swiss Capitals Group was named on the Rhysida ransomware data-leak (extortion) site on 2025-04-06.
RansomwareUnknownABITL Finishing ransomware attack (Play, 2025)
ABITL Finishing was named on the Play ransomware data-leak (extortion) site on 2025-04-05.
RansomwareUnknownBaltimore Steel Erectors ransomware attack (Play, 2025)
Baltimore Steel Erectors was named on the Play ransomware data-leak (extortion) site on 2025-04-05.
RansomwareUnknownBlackmon Mooring ransomware attack (Hunters International, 2025)
Blackmon Mooring was named on the Hunters International ransomware data-leak (extortion) site on 2025-04-05.
RansomwareUnknownCsm Engineering ransomware attack (Play, 2025)
Csm Engineering was named on the Play ransomware data-leak (extortion) site on 2025-04-05.
RansomwareUnknownHawk Technology ransomware attack (Play, 2025)
Hawk Technology was named on the Play ransomware data-leak (extortion) site on 2025-04-05.
RansomwareUnknownhttps://www.mmwec.org ransomware attack (BlackSuit, 2025)
https://www.mmwec.org was named on the BlackSuit ransomware data-leak (extortion) site on 2025-04-05.
RansomwareUnknownIndustrial Corona de México ransomware attack (Spacebears, 2025)
Industrial Corona de México was named on the Spacebears ransomware data-leak (extortion) site on 2025-04-05.
RansomwareUnknownL&S Mechanical (Reuploaded) ransomware attack (Spacebears, 2025)
L&S Mechanical (Reuploaded) was named on the Spacebears ransomware data-leak (extortion) site on 2025-04-05.
RansomwareUnknownNexia Poyiadjis IT ransomware attack (Hunters International, 2025)
Nexia Poyiadjis IT was named on the Hunters International ransomware data-leak (extortion) site on 2025-04-05.
RansomwareUnknownTEDOM ransomware attack (Hunters International, 2025)
TEDOM was named on the Hunters International ransomware data-leak (extortion) site on 2025-04-05.
RansomwareUnknownFraser Trebilcock ransomware attack (Play, 2025)
Fraser Trebilcock was named on the Play ransomware data-leak (extortion) site on 2025-04-04.
RansomwareUnknownNational Sign corp ransomware attack (Hunters International, 2025)
National Sign corp was named on the Hunters International ransomware data-leak (extortion) site on 2025-04-04.
RansomwareUnknownRoyal Glass ransomware attack (Play, 2025)
Royal Glass was named on the Play ransomware data-leak (extortion) site on 2025-04-04.
RansomwareUnknownSansone Group ransomware attack (Hunters International, 2025)
Sansone Group was named on the Hunters International ransomware data-leak (extortion) site on 2025-04-04.
RansomwareUnknownAlton Steel ransomware attack (Lynx, 2025)
Alton Steel was named on the Lynx ransomware data-leak (extortion) site on 2025-04-03.
RansomwareUnknownHop Industries ransomware attack (Play, 2025)
Hop Industries was named on the Play ransomware data-leak (extortion) site on 2025-04-03.
RansomwareUnknownLifebreath ransomware attack (Play, 2025)
Lifebreath was named on the Play ransomware data-leak (extortion) site on 2025-04-03.
RansomwareUnknownOTA Management ransomware attack (Play, 2025)
OTA Management was named on the Play ransomware data-leak (extortion) site on 2025-04-03.
RansomwareUnknownParvin-Clauss Sign Company ransomware attack (Play, 2025)
Parvin-Clauss Sign Company was named on the Play ransomware data-leak (extortion) site on 2025-04-03.
RansomwareUnknownRegionale Verkehrsbetriebe ransomware attack (Play, 2025)
Regionale Verkehrsbetriebe was named on the Play ransomware data-leak (extortion) site on 2025-04-03.
RansomwareUnknownA little gift of exclusive data for everyone ransomware attack (Daixin, 2025)
A little gift of exclusive data for everyone was named on the Daixin ransomware data-leak (extortion) site on 2025-04-02.
RansomwareUnknownClarity Ventures ransomware attack (Rhysida, 2025)
Clarity Ventures was named on the Rhysida ransomware data-leak (extortion) site on 2025-04-02.
RansomwareUnknowncrownlaboratories.com ransomware attack (Abyss, 2025)
crownlaboratories.com was named on the Abyss ransomware data-leak (extortion) site on 2025-04-02.
RansomwareUnknownFulfillment Plus ransomware attack (Play, 2025)
Fulfillment Plus was named on the Play ransomware data-leak (extortion) site on 2025-04-02.
RansomwareUnknownThe Hoff Brand SL Data Leak ransomware attack (Everest, 2025)
The Hoff Brand SL Data Leak was named on the Everest ransomware data-leak (extortion) site on 2025-04-02.
RansomwareUnknowndelta-life.com ransomware attack (RansomHub, 2025)
delta-life.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-04-01.
RansomwareUnknowneuroptec.com ransomware attack (RansomHub, 2025)
europtec.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-04-01.
RansomwareUnknownintellioan.com ransomware attack (RansomHub, 2025)
intellioan.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-04-01.
RansomwareUnknownLeak at Reporterre
A data leak disclosed on 1 April 2025 exposed personal contact details of people associated with Reporterre, the French independent environmental news outlet, including last names, first names, email addresses and postal addresses.
State's Attorney Office ransomware attack (Kairos, 2025)
State's Attorney Office was named on the Kairos ransomware data-leak (extortion) site on 2025-04-01.
RansomwareUnknownThe Loretto Hospital ransomware attack (Incransom, 2025)
The Loretto Hospital was named on the Incransom ransomware data-leak (extortion) site on 2025-04-01.
RansomwareUnknownCMC Technology Group ransomware attack (BianLian, 2025)
CMC Technology Group was named on the BianLian ransomware data-leak (extortion) site on 2025-03-31.
RansomwareUnknownMeridian Senior ransomware attack (BianLian, 2025)
Meridian Senior was named on the BianLian ransomware data-leak (extortion) site on 2025-03-31.
RansomwareUnknownSaunders and Saunders ransomware attack (BianLian, 2025)
Saunders and Saunders was named on the BianLian ransomware data-leak (extortion) site on 2025-03-31.
RansomwareUnknownSIRIUS S.R.L. ransomware attack (Nitrogen, 2025)
SIRIUS S.R.L. was named on the Nitrogen ransomware data-leak (extortion) site on 2025-03-31.
RansomwareUnknownSonrisas Dental Health ransomware attack (BianLian, 2025)
Sonrisas Dental Health was named on the BianLian ransomware data-leak (extortion) site on 2025-03-31.
RansomwareUnknowntest1234.com ransomware attack (LockBit, 2025)
test1234.com was named on the LockBit ransomware data-leak (extortion) site on 2025-03-31.
RansomwareUnknownSamsung Germany Customer Tickets data breach (2025)
In March 2025, data from Samsung Germany was compromised in a data breach of their logistics provider, Spectos. Allegedly due to credentials being obtained by malware running on a Spectos employee's machine, the breach included 216k unique email addresses along with names, physical addresses, items…
www.assisi.nl ransomware attack (RansomHub, 2025)
www.assisi.nl was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-30.
RansomwareUnknownAJF Inspections & Engineering () ransomware attack (Lynx, 2025)
AJF Inspections & Engineering () was named on the Lynx ransomware data-leak (extortion) site on 2025-03-29.
RansomwareUnknownAmatech ransomware attack (Lynx, 2025)
Amatech was named on the Lynx ransomware data-leak (extortion) site on 2025-03-29.
RansomwareUnknownbahnlog.com ransomware attack (Incransom, 2025)
bahnlog.com was named on the Incransom ransomware data-leak (extortion) site on 2025-03-29.
RansomwareUnknownCommercial Concrete Systems ransomware attack (Lynx, 2025)
Commercial Concrete Systems was named on the Lynx ransomware data-leak (extortion) site on 2025-03-29.
RansomwareUnknownForrest City School District ransomware attack (Rhysida, 2025)
Forrest City School District was named on the Rhysida ransomware data-leak (extortion) site on 2025-03-29.
RansomwareUnknownimportantsteps.com ransomware attack (Incransom, 2025)
importantsteps.com was named on the Incransom ransomware data-leak (extortion) site on 2025-03-29.
RansomwareUnknownMartin Mechanical (martin.local) ransomware attack (Lynx, 2025)
Martin Mechanical (martin.local) was named on the Lynx ransomware data-leak (extortion) site on 2025-03-29.
RansomwareUnknownPacific Residential Mortgage ransomware attack (Lynx, 2025)
Pacific Residential Mortgage was named on the Lynx ransomware data-leak (extortion) site on 2025-03-29.
RansomwareUnknownSenior Support Services ransomware attack (Rhysida, 2025)
Senior Support Services was named on the Rhysida ransomware data-leak (extortion) site on 2025-03-29.
RansomwareUnknownSolar Optimum ransomware attack (Lynx, 2025)
Solar Optimum was named on the Lynx ransomware data-leak (extortion) site on 2025-03-29.
RansomwareUnknownsolaroptimum.com ransomware attack (Lynx, 2025)
solaroptimum.com was named on the Lynx ransomware data-leak (extortion) site on 2025-03-29.
RansomwareUnknownamatechinc.com ransomware attack (Lynx, 2025)
amatechinc.com was named on the Lynx ransomware data-leak (extortion) site on 2025-03-28.
RansomwareUnknownaugustssons.se ransomware attack (Incransom, 2025)
augustssons.se was named on the Incransom ransomware data-leak (extortion) site on 2025-03-28.
RansomwareUnknownDirect Traffic Control ransomware attack (Lynx, 2025)
Direct Traffic Control was named on the Lynx ransomware data-leak (extortion) site on 2025-03-28.
RansomwareUnknownentandallergy.com ransomware attack (Abyss, 2025)
entandallergy.com was named on the Abyss ransomware data-leak (extortion) site on 2025-03-28.
RansomwareUnknownLeak at MAIF & BPCE
A ransomware attack on French wealth-management software vendor Harvest (Run Some Wares group, detected 27 Feb 2025) exposed personal and financial data of customers of insurer MAIF and banking group BPCE (Banque Populaire / Caisse d'Épargne) in a supply-chain breach.
phaus.us&phakr.com&phabodysystems.com ransomware attack (RansomHub, 2025)
phaus.us&phakr.com&phabodysystems.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-28.
RansomwareUnknownW*******w.com ransomware attack (Flocker, 2025)
W*******w.com was named on the Flocker ransomware data-leak (extortion) site on 2025-03-28.
RansomwareUnknownwww.bassi.it ransomware attack (RansomHub, 2025)
www.bassi.it was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-28.
RansomwareUnknownwww.solventacentroamerica.com ransomware attack (RansomHub, 2025)
www.solventacentroamerica.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-28.
RansomwareUnknownbrattenelectrictn.com ransomware attack (RansomHub, 2025)
brattenelectrictn.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-27.
RansomwareUnknownCity of Fort St. John (city.cityfsj.local) ransomware attack (Incransom, 2025)
City of Fort St. John (city.cityfsj.local) was named on the Incransom ransomware data-leak (extortion) site on 2025-03-27.
RansomwareUnknownconterra.com ransomware attack (RansomHub, 2025)
conterra.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-27.
RansomwareUnknownGerman Doner Kebab data breach (2025)
In March 2025, data allegedly sourced from German Doner Kebab was published on a popular hacking forum. The data included 162k unique email addresses alongside names, phone numbers and physical addresses. German Doner Kebab subsequently sent a disclosure notice to impacted individuals.
Data breachResolvedNEW JERSEY CPA ransomware attack (Ransomhouse, 2025)
NEW JERSEY CPA was named on the Ransomhouse ransomware data-leak (extortion) site on 2025-03-27.
RansomwareUnknownLeak at Oracle Cloud
In late March 2025, a threat actor known as 'rose87168' claimed to have stolen roughly 6 million authentication records from an Oracle Cloud SSO/LDAP endpoint, potentially affecting over 140,000 tenants; Oracle initially denied any breach before privately confirming a compromise to customers.
www.allmilmoe.com ransomware attack (RansomHub, 2025)
www.allmilmoe.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-27.
RansomwareUnknownwww.carolinaac.com ransomware attack (RansomHub, 2025)
www.carolinaac.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-27.
RansomwareUnknownwww.DSelectrical.com ransomware attack (RansomHub, 2025)
www.DSelectrical.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-27.
RansomwareUnknownwww.garbinc.com ransomware attack (RansomHub, 2025)
www.garbinc.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-27.
RansomwareUnknownwww.hongthongrice.com ransomware attack (RansomHub, 2025)
www.hongthongrice.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-27.
RansomwareUnknownwww.s3s.com ransomware attack (RansomHub, 2025)
www.s3s.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-27.
RansomwareUnknownwww.solidworld.it ransomware attack (RansomHub, 2025)
www.solidworld.it was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-27.
RansomwareUnknownLeak at Centrale Nantes
On 26 March 2025, internal data from Centrale Nantes, a French public engineering grande école, was reported leaked, including private reports and projects, user logins with password hashes, source code, and administrative documents.
Concord Orthopaedics Data Leak ransomware attack (Everest, 2025)
Concord Orthopaedics Data Leak was named on the Everest ransomware data-leak (extortion) site on 2025-03-26.
RansomwareUnknownGenie Healthcare Data Leak ransomware attack (Everest, 2025)
Genie Healthcare Data Leak was named on the Everest ransomware data-leak (extortion) site on 2025-03-26.
RansomwareUnknownTehetségKapu data breach (2025)
In March 2025, almost 55k records were breached from the Hungarian education office website TehetségKapu. The data was subsequently published to a popular hacking forum and included email addresses, names and usernames.
TriCity Family Services ransomware attack (Incransom, 2025)
TriCity Family Services was named on the Incransom ransomware data-leak (extortion) site on 2025-03-26.
RansomwareUnknownusCalibration ransomware attack (Play, 2025)
usCalibration was named on the Play ransomware data-leak (extortion) site on 2025-03-26.
RansomwareUnknownwww.afnigc.ca ransomware attack (RansomHub, 2025)
www.afnigc.ca was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-26.
RansomwareUnknownwww.argentosc.com ransomware attack (RansomHub, 2025)
www.argentosc.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-26.
RansomwareUnknownwww.cormidom.com.do ransomware attack (RansomHub, 2025)
www.cormidom.com.do was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-26.
RansomwareUnknownwww.creativelogisticservices.com ransomware attack (RansomHub, 2025)
www.creativelogisticservices.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-26.
RansomwareUnknownwww.fkm-elemente.de ransomware attack (RansomHub, 2025)
www.fkm-elemente.de was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-26.
RansomwareUnknownwww.lions-online.org ransomware attack (RansomHub, 2025)
www.lions-online.org was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-26.
RansomwareUnknownwww.mododoc.com ransomware attack (RansomHub, 2025)
www.mododoc.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-26.
RansomwareUnknownwww.ripplejunction.com ransomware attack (RansomHub, 2025)
www.ripplejunction.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-26.
RansomwareUnknownB&C Industries ransomware attack (Play, 2025)
B&C Industries was named on the Play ransomware data-leak (extortion) site on 2025-03-25.
RansomwareUnknownbioclimaservice.it ransomware attack (LockBit, 2025)
bioclimaservice.it was named on the LockBit ransomware data-leak (extortion) site on 2025-03-25.
RansomwareUnknownLeak at Cerballiance
In late March 2025, French medical-laboratory network Cerballiance disclosed a data breach traced to a February intrusion on an IT provider's server, exposing administrative and some health data of patients in the PACA region, including names, social security numbers and certain test reports.
cisd.org ransomware attack (RansomHub, 2025)
cisd.org was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-25.
RansomwareUnknownfepasa.com.ar ransomware attack (LockBit, 2025)
fepasa.com.ar was named on the LockBit ransomware data-leak (extortion) site on 2025-03-25.
RansomwareUnknownKimco Steel ransomware attack (Play, 2025)
Kimco Steel was named on the Play ransomware data-leak (extortion) site on 2025-03-25.
RansomwareUnknownmnm.hu ransomware attack (RansomHub, 2025)
mnm.hu was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-25.
RansomwareUnknownOkeene Elementary School ransomware attack (Rhysida, 2025)
Okeene Elementary School was named on the Rhysida ransomware data-leak (extortion) site on 2025-03-25.
RansomwareUnknownOMLTD.CO.JP ransomware attack (RansomHub, 2025)
OMLTD.CO.JP was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-25.
RansomwareUnknownossc.com.mx ransomware attack (LockBit, 2025)
ossc.com.mx was named on the LockBit ransomware data-leak (extortion) site on 2025-03-25.
RansomwareUnknowntechnicare.com ransomware attack (RansomHub, 2025)
technicare.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-25.
RansomwareUnknowntexascompressionservices.com ransomware attack (RansomHub, 2025)
texascompressionservices.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-25.
RansomwareUnknownTroy Hunt's Mailchimp List data breach (2025)
In March 2025, a phishing attack successfully gained access to Troy Hunt's Mailchimp account and automatically exported a list of people who had subscribed to the newsletter for his personal blog.
Data breachResolvedwww.rivaldt.com ransomware attack (RansomHub, 2025)
www.rivaldt.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-25.
RansomwareUnknownADDA data breach (2025)
In March 2025, data allegedly breached from the ADDA housing societies service was posted to a public hacking forum. The data contained over 1.8M unique email addresses along with names, phone numbers and MD5 password hashes.
Data breachResolvedallbiz.com ransomware attack (Incransom, 2025)
allbiz.com was named on the Incransom ransomware data-leak (extortion) site on 2025-03-24.
RansomwareUnknownLeak at Autosur & Diagnosur
In March 2025, French vehicle-inspection network Autosur (Diagnosur brand) disclosed a breach exposing data on roughly 10.7 million customers — names, postal and email addresses, phone numbers, and detailed vehicle records including registration plates and VINs — later offered for sale online.
Lupin Limited ransomware attack (Killsecurity, 2025)
Lupin Limited was named on the Killsecurity ransomware data-leak (extortion) site on 2025-03-24.
RansomwareUnknownTMT Clam Dredger ransomware attack (Incransom, 2025)
TMT Clam Dredger was named on the Incransom ransomware data-leak (extortion) site on 2025-03-24.
RansomwareUnknownwww.exemplar.com ransomware attack (RansomHub, 2025)
www.exemplar.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-24.
RansomwareUnknownabeyor.fr ransomware attack (Incransom, 2025)
abeyor.fr was named on the Incransom ransomware data-leak (extortion) site on 2025-03-23.
RansomwareUnknownGoshen Medical Center ransomware attack (BianLian, 2025)
Goshen Medical Center was named on the BianLian ransomware data-leak (extortion) site on 2025-03-23.
RansomwareUnknownPrecision Accounting Intl ransomware attack (Killsecurity, 2025)
Precision Accounting Intl was named on the Killsecurity ransomware data-leak (extortion) site on 2025-03-23.
RansomwareUnknownDoumen ransomware attack (Lynx, 2025)
Doumen was named on the Lynx ransomware data-leak (extortion) site on 2025-03-22.
RansomwareUnknownInnovative Surfaces ransomware attack (Killsecurity, 2025)
Innovative Surfaces was named on the Killsecurity ransomware data-leak (extortion) site on 2025-03-22.
RansomwareUnknownREOC San Antonio ransomware attack (Play, 2025)
REOC San Antonio was named on the Play ransomware data-leak (extortion) site on 2025-03-22.
RansomwareUnknownSPARSH Hospital ransomware attack (Killsecurity, 2025)
SPARSH Hospital was named on the Killsecurity ransomware data-leak (extortion) site on 2025-03-22.
RansomwareUnknownZaveta Custom Homes ransomware attack (Play, 2025)
Zaveta Custom Homes was named on the Play ransomware data-leak (extortion) site on 2025-03-22.
RansomwareUnknownCayman National Bank ransomware attack (Killsecurity, 2025)
Cayman National Bank was named on the Killsecurity ransomware data-leak (extortion) site on 2025-03-21.
RansomwareUnknownCuties AI data breach (2025)
In March 2026, the NSFW AI companion platform Cuties AI suffered a data breach that was subsequently published to a public hacking forum. The incident exposed 144k unique email addresses along with display names, avatars, prompts and descriptions used to generate AI adult images, as well as URLs to…
Data breachResolvedgbsn.com.br ransomware attack (RansomHub, 2025)
gbsn.com.br was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-21.
RansomwareUnknownhttps://www.orangeville.ca ransomware attack (BlackSuit, 2025)
https://www.orangeville.ca was named on the BlackSuit ransomware data-leak (extortion) site on 2025-03-21.
RansomwareUnknownOfficio Medical ransomware attack (Killsecurity, 2025)
Officio Medical was named on the Killsecurity ransomware data-leak (extortion) site on 2025-03-21.
RansomwareUnknownwww.abmenviro.ca ransomware attack (RansomHub, 2025)
www.abmenviro.ca was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-21.
RansomwareUnknownwww.accessfinanceonline.com ransomware attack (RansomHub, 2025)
www.accessfinanceonline.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-21.
RansomwareUnknownwww.ahmadiyya.ca ransomware attack (RansomHub, 2025)
www.ahmadiyya.ca was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-21.
RansomwareUnknownwww.allstarhealthcaresolutions.com ransomware attack (RansomHub, 2025)
www.allstarhealthcaresolutions.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-21.
RansomwareUnknownwww.avalonapparel.com ransomware attack (RansomHub, 2025)
www.avalonapparel.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-21.
RansomwareUnknownwww.broadmoormethodist.org ransomware attack (RansomHub, 2025)
www.broadmoormethodist.org was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-21.
RansomwareUnknownwww.core-1.com ransomware attack (RansomHub, 2025)
www.core-1.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-21.
RansomwareUnknownwww.elizajennings.org ransomware attack (RansomHub, 2025)
www.elizajennings.org was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-21.
RansomwareUnknownwww.engines.man.eu ransomware attack (RansomHub, 2025)
www.engines.man.eu was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-21.
RansomwareUnknownwww.esquirebrands.com ransomware attack (RansomHub, 2025)
www.esquirebrands.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-21.
RansomwareUnknownwww.gcsnet.com ransomware attack (RansomHub, 2025)
www.gcsnet.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-21.
RansomwareUnknownwww.gestionquintessence.com ransomware attack (RansomHub, 2025)
www.gestionquintessence.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-21.
RansomwareUnknownwww.mslglobalexp.com ransomware attack (RansomHub, 2025)
www.mslglobalexp.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-21.
RansomwareUnknownwww.njcalwe.com ransomware attack (RansomHub, 2025)
www.njcalwe.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-21.
RansomwareUnknownwww.oneupinnovations.com ransomware attack (RansomHub, 2025)
www.oneupinnovations.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-21.
RansomwareUnknownwww.parklandmanufacturing.com ransomware attack (RansomHub, 2025)
www.parklandmanufacturing.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-21.
RansomwareUnknownwww.scpautomation.com ransomware attack (RansomHub, 2025)
www.scpautomation.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-21.
RansomwareUnknownwww.sinkdirect.com ransomware attack (RansomHub, 2025)
www.sinkdirect.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-21.
RansomwareUnknownwww.solinst.com ransomware attack (RansomHub, 2025)
www.solinst.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-21.
RansomwareUnknownCargills Bank ransomware attack (Hunters International, 2025)
Cargills Bank was named on the Hunters International ransomware data-leak (extortion) site on 2025-03-20.
RansomwareUnknownLeak at Éclaireuses et Éclaireurs de France
On 20 March 2025, the French scouting and guiding association Éclaireuses et Éclaireurs de France had personal data on roughly 44,000 members exposed, including names, dates and places of birth, postal addresses, professions, emails and phone numbers.
Instituto de Ojos ransomware attack (Killsecurity, 2025)
Instituto de Ojos was named on the Killsecurity ransomware data-leak (extortion) site on 2025-03-20.
RansomwareUnknowninteriseworld.com ransomware attack (Killsecurity, 2025)
interiseworld.com was named on the Killsecurity ransomware data-leak (extortion) site on 2025-03-20.
RansomwareUnknownLeak at Intersport
In March 2025, French sporting-goods retailer Intersport had data on roughly 3.4 million customers stolen via a compromised FTP server and put up for sale on BreachForums, exposing names, contact details, addresses, PayPal references and transaction history (no banking credentials).
L&S Mechanical ransomware attack (Spacebears, 2025)
L&S Mechanical was named on the Spacebears ransomware data-leak (extortion) site on 2025-03-20.
RansomwareUnknownMegacentro ransomware attack (Hunters International, 2025)
Megacentro was named on the Hunters International ransomware data-leak (extortion) site on 2025-03-20.
RansomwareUnknownNewtown Friends School (newtownfriends.org) ransomware attack (FOG, 2025)
Newtown Friends School (newtownfriends.org) was named on the FOG ransomware data-leak (extortion) site on 2025-03-20.
RansomwareUnknownObra Play ransomware attack (Killsecurity, 2025)
Obra Play was named on the Killsecurity ransomware data-leak (extortion) site on 2025-03-20.
RansomwareUnknownWhittaker & Company ransomware attack (Spacebears, 2025)
Whittaker & Company was named on the Spacebears ransomware data-leak (extortion) site on 2025-03-20.
RansomwareUnknownwww.georgehay.co.uk ransomware attack (RansomHub, 2025)
www.georgehay.co.uk was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-20.
RansomwareUnknownwww.janvier-labs.com ransomware attack (RansomHub, 2025)
www.janvier-labs.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-20.
RansomwareUnknownyano.tokyo ransomware attack (Blackout, 2025)
yano.tokyo was named on the Blackout ransomware data-leak (extortion) site on 2025-03-20.
RansomwareUnknownalphaoil.ca ransomware attack (Incransom, 2025)
alphaoil.ca was named on the Incransom ransomware data-leak (extortion) site on 2025-03-19.
RansomwareUnknowncontrolledair.com ransomware attack (RansomHub, 2025)
controlledair.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-19.
RansomwareUnknownCoopertruni ransomware attack (Arcusmedia, 2025)
Coopertruni was named on the Arcusmedia ransomware data-leak (extortion) site on 2025-03-19.
RansomwareUnknownKiribati Government ransomware attack (Arcusmedia, 2025)
Kiribati Government was named on the Arcusmedia ransomware data-leak (extortion) site on 2025-03-19.
RansomwareUnknownnewhollandwood.com ransomware attack (Incransom, 2025)
newhollandwood.com was named on the Incransom ransomware data-leak (extortion) site on 2025-03-19.
RansomwareUnknownPalomino Petroleum ransomware attack (Lynx, 2025)
Palomino Petroleum was named on the Lynx ransomware data-leak (extortion) site on 2025-03-19.
RansomwareUnknownQ railing ransomware attack (Play, 2025)
Q railing was named on the Play ransomware data-leak (extortion) site on 2025-03-19.
RansomwareUnknownTHX Transport ransomware attack (Arcusmedia, 2025)
THX Transport was named on the Arcusmedia ransomware data-leak (extortion) site on 2025-03-19.
RansomwareUnknownwarmsworth.doncaster.sch.uk ransomware attack (Incransom, 2025)
warmsworth.doncaster.sch.uk was named on the Incransom ransomware data-leak (extortion) site on 2025-03-19.
RansomwareUnknown51talk.com ransomware attack (LockBit, 2025)
51talk.com was named on the LockBit ransomware data-leak (extortion) site on 2025-03-18.
RansomwareUnknownairtelligence.com ransomware attack (Incransom, 2025)
airtelligence.com was named on the Incransom ransomware data-leak (extortion) site on 2025-03-18.
RansomwareUnknownAMICIO ransomware attack (Lynx, 2025)
AMICIO was named on the Lynx ransomware data-leak (extortion) site on 2025-03-18.
RansomwareUnknownCD ransomware attack (Monti, 2025)
CD was named on the Monti ransomware data-leak (extortion) site on 2025-03-18.
RansomwareUnknownLeak at Direct Assurance
In March 2025, French direct insurer Direct Assurance (an AXA subsidiary) suffered a breach via its partner Run Assurance: attackers exploited a flaw in the data exchanges between the two firms to access customer personal data, raising identity-theft and phishing risks.
expertdata.com.au ransomware attack (Incransom, 2025)
expertdata.com.au was named on the Incransom ransomware data-leak (extortion) site on 2025-03-18.
RansomwareUnknowngaertnerhof-jeutter.de ransomware attack (Incransom, 2025)
gaertnerhof-jeutter.de was named on the Incransom ransomware data-leak (extortion) site on 2025-03-18.
RansomwareUnknownGloria Cales ransomware attack (Monti, 2025)
Gloria Cales was named on the Monti ransomware data-leak (extortion) site on 2025-03-18.
RansomwareUnknownHarcourts Prime Properties ransomware attack (Killsecurity, 2025)
Harcourts Prime Properties was named on the Killsecurity ransomware data-leak (extortion) site on 2025-03-18.
RansomwareUnknownTed Hosmer Enterprises ransomware attack (Rhysida, 2025)
Ted Hosmer Enterprises was named on the Rhysida ransomware data-leak (extortion) site on 2025-03-18.
RansomwareUnknownassaabloy.com\$14.4B\Sweden\229GB\<1% DISCLOSED ransomware attack (Cactus, 2025)
assaabloy.com\$14.4B\Sweden\229GB\<1% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-03-17.
RansomwareUnknownbaillie.com\$130.5M\USA\52GB\100% DISCLOSED ransomware attack (Cactus, 2025)
baillie.com\$130.5M\USA\52GB\100% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-03-17.
RansomwareUnknownbluedge.com\$104.5M\USA\994GB\100% DISCLOSED ransomware attack (Cactus, 2025)
bluedge.com\$104.5M\USA\994GB\100% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-03-17.
RansomwareUnknownCableVision ransomware attack (Hunters International, 2025)
CableVision was named on the Hunters International ransomware data-leak (extortion) site on 2025-03-17.
RansomwareUnknownccktech.com ransomware attack (RansomHub, 2025)
ccktech.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-17.
RansomwareUnknownkyb.com\$600.5M\USA\1.8TB\<1% DISCLOSED ransomware attack (Cactus, 2025)
kyb.com\$600.5M\USA\1.8TB\<1% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-03-17.
RansomwareUnknownoneill.com ransomware attack (RansomHub, 2025)
oneill.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-17.
RansomwareUnknownRAE (Real Academia Española) (rae.es) ransomware attack (FOG, 2025)
RAE (Real Academia Española) (rae.es) was named on the FOG ransomware data-leak (extortion) site on 2025-03-17.
RansomwareUnknownrocketstores.com\$738.9M\USA\3.2TB\100% DISCLOSED ransomware attack (Cactus, 2025)
rocketstores.com\$738.9M\USA\3.2TB\100% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-03-17.
RansomwareUnknowntempel.com\$628.7M\USA\111GB\100% DISCLOSED ransomware attack (Cactus, 2025)
tempel.com\$628.7M\USA\111GB\100% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-03-17.
RansomwareUnknownthermoid.com\$183.2M\USA\199GB\100% DISCLOSED ransomware attack (Cactus, 2025)
thermoid.com\$183.2M\USA\199GB\100% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-03-17.
RansomwareUnknownurban1.com\$460.3M\USA\2.5TB\100% DISCLOSED ransomware attack (Cactus, 2025)
urban1.com\$460.3M\USA\2.5TB\100% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-03-17.
RansomwareUnknownwww.baxterlaboratories.com ransomware attack (RansomHub, 2025)
www.baxterlaboratories.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-17.
RansomwareUnknownwww.jhayber.com ransomware attack (RansomHub, 2025)
www.jhayber.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-17.
RansomwareUnknownCourageous Home Care ransomware attack (Hunters International, 2025)
Courageous Home Care was named on the Hunters International ransomware data-leak (extortion) site on 2025-03-16.
RansomwareUnknownwww.ameda.com ransomware attack (RansomHub, 2025)
www.ameda.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-16.
RansomwareUnknownyeanshalle.de ransomware attack (Incransom, 2025)
yeanshalle.de was named on the Incransom ransomware data-leak (extortion) site on 2025-03-15.
RansomwareUnknownBancroft Wines ransomware attack (Incransom, 2025)
Bancroft Wines was named on the Incransom ransomware data-leak (extortion) site on 2025-03-14.
RansomwareUnknownCasale Del Giglio ransomware attack (Orca, 2025)
Casale Del Giglio was named on the Orca ransomware data-leak (extortion) site on 2025-03-14.
RansomwareUnknownFulcrum Lifting ransomware attack (Lynx, 2025)
Fulcrum Lifting was named on the Lynx ransomware data-leak (extortion) site on 2025-03-14.
RansomwareUnknownidcconstruction.com ransomware attack (RansomHub, 2025)
idcconstruction.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-14.
RansomwareUnknownIndiv Usa ransomware attack (Lynx, 2025)
Indiv Usa was named on the Lynx ransomware data-leak (extortion) site on 2025-03-14.
RansomwareUnknownjennyyoo.com ransomware attack (RansomHub, 2025)
jennyyoo.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-14.
RansomwareUnknownmdm-insurance.com ransomware attack (Abyss, 2025)
mdm-insurance.com was named on the Abyss ransomware data-leak (extortion) site on 2025-03-14.
RansomwareUnknownPerrigo Company ransomware attack (Termite, 2025)
Perrigo Company was named on the Termite ransomware data-leak (extortion) site on 2025-03-14.
RansomwareUnknownTryon ransomware attack (Lynx, 2025)
Tryon was named on the Lynx ransomware data-leak (extortion) site on 2025-03-14.
RansomwareUnknownBackes ransomware attack (Play, 2025)
Backes was named on the Play ransomware data-leak (extortion) site on 2025-03-13.
RansomwareUnknownBest Cheer Stone ransomware attack (Play, 2025)
Best Cheer Stone was named on the Play ransomware data-leak (extortion) site on 2025-03-13.
RansomwareUnknownchfindustries.com\$253.8M\USA\2.5TB\100% DISCLOSED ransomware attack (Cactus, 2025)
chfindustries.com\$253.8M\USA\2.5TB\100% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-03-13.
RansomwareUnknownCothron's Security Professionals ransomware attack (Rhysida, 2025)
Cothron's Security Professionals was named on the Rhysida ransomware data-leak (extortion) site on 2025-03-13.
RansomwareUnknowndtrglaw.com ransomware attack (RansomHub, 2025)
dtrglaw.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-13.
RansomwareUnknownfstlogistics.com ransomware attack (Lynx, 2025)
fstlogistics.com was named on the Lynx ransomware data-leak (extortion) site on 2025-03-13.
RansomwareUnknownHarrells.com ransomware attack (Lynx, 2025)
Harrells.com was named on the Lynx ransomware data-leak (extortion) site on 2025-03-13.
RansomwareUnknownLeak at Laforêt
In March 2025, rental-application files held by French real estate network Laforêt were exposed, leaking tenants' identity documents and bank account details (RIB) along with the rest of their dossiers.
muellersyste ransomware attack (LockBit, 2025)
muellersyste was named on the LockBit ransomware data-leak (extortion) site on 2025-03-13.
RansomwareUnknownrixos.com ransomware attack (Embargo, 2025)
rixos.com was named on the Embargo ransomware data-leak (extortion) site on 2025-03-13.
RansomwareUnknownSL Tennessee Information ransomware attack (Play, 2025)
SL Tennessee Information was named on the Play ransomware data-leak (extortion) site on 2025-03-13.
RansomwareUnknownUniversity Diagnostic Medical Imaging, PC (udmi.net) ransomware attack (FOG, 2025)
University Diagnostic Medical Imaging, PC (udmi.net) was named on the FOG ransomware data-leak (extortion) site on 2025-03-13.
RansomwareUnknownwww.raymond.in ransomware attack (RansomHub, 2025)
www.raymond.in was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-13.
RansomwareUnknownbaillie.com\$130.5M\USA\52GB\<1% DISCLOSED ransomware attack (Cactus, 2025)
baillie.com\$130.5M\USA\52GB\<1% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-03-12.
RansomwareUnknownEl Camino Real Academy (elcaminorealacademy) ransomware attack (FOG, 2025)
El Camino Real Academy (elcaminorealacademy) was named on the FOG ransomware data-leak (extortion) site on 2025-03-12.
RansomwareUnknownHYPERNOVA TELECOM ransomware attack (Arcusmedia, 2025)
HYPERNOVA TELECOM was named on the Arcusmedia ransomware data-leak (extortion) site on 2025-03-12.
RansomwareUnknownHYPONAMIRU ransomware attack (Arcusmedia, 2025)
HYPONAMIRU was named on the Arcusmedia ransomware data-leak (extortion) site on 2025-03-12.
RansomwareUnknownrocketstores.com\$738.9M\USA\3.2TB\<1% DISCLOSED ransomware attack (Cactus, 2025)
rocketstores.com\$738.9M\USA\3.2TB\<1% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-03-12.
RansomwareUnknowntempel.com\$628.7M\USA\111GB\<1% DISCLOSED ransomware attack (Cactus, 2025)
tempel.com\$628.7M\USA\111GB\<1% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-03-12.
RansomwareUnknownthermoid.com\$183.2M\USA\199GB\<1% DISCLOSED ransomware attack (Cactus, 2025)
thermoid.com\$183.2M\USA\199GB\<1% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-03-12.
RansomwareUnknownTUV India Pvt. Ltd. ransomware attack (Ransomhouse, 2025)
TUV India Pvt. Ltd. was named on the Ransomhouse ransomware data-leak (extortion) site on 2025-03-12.
RansomwareUnknownurban1.com\$460.3M\USA\2.5TB\<1% DISCLOSED ransomware attack (Cactus, 2025)
urban1.com\$460.3M\USA\2.5TB\<1% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-03-12.
RansomwareUnknownwww.visualisation.one ransomware attack (RansomHub, 2025)
www.visualisation.one was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-12.
RansomwareUnknownciscientific.com.au ransomware attack (Lynx, 2025)
ciscientific.com.au was named on the Lynx ransomware data-leak (extortion) site on 2025-03-11.
RansomwareUnknownEdesur Dominicana ransomware attack (Hunters International, 2025)
Edesur Dominicana was named on the Hunters International ransomware data-leak (extortion) site on 2025-03-11.
RansomwareUnknownEssex County OB/GYN Associates ransomware attack (Incransom, 2025)
Essex County OB/GYN Associates was named on the Incransom ransomware data-leak (extortion) site on 2025-03-11.
RansomwareUnknownLongue Vue Club ransomware attack (Lynx, 2025)
Longue Vue Club was named on the Lynx ransomware data-leak (extortion) site on 2025-03-11.
RansomwareUnknownquigleyeye.com\$33.6M\USA\3.4TB\100% DISCLOSED ransomware attack (Cactus, 2025)
quigleyeye.com\$33.6M\USA\3.4TB\100% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-03-11.
RansomwareUnknownResearch Electronics International ransomware attack (Nitrogen, 2025)
Research Electronics International was named on the Nitrogen ransomware data-leak (extortion) site on 2025-03-11.
RansomwareUnknownSkyward Specialty Insurance ransomware attack (Killsecurity, 2025)
Skyward Specialty Insurance was named on the Killsecurity ransomware data-leak (extortion) site on 2025-03-11.
RansomwareUnknownSpringfield Water and Sewer Commission ransomware attack (Lynx, 2025)
Springfield Water and Sewer Commission was named on the Lynx ransomware data-leak (extortion) site on 2025-03-11.
RansomwareUnknownTrymata ransomware attack (Killsecurity, 2025)
Trymata was named on the Killsecurity ransomware data-leak (extortion) site on 2025-03-11.
RansomwareUnknownWilkinson Rogers (wilkinsonrogers.com) ransomware attack (FOG, 2025)
Wilkinson Rogers (wilkinsonrogers.com) was named on the FOG ransomware data-leak (extortion) site on 2025-03-11.
RansomwareUnknownwmk-hvb.de ransomware attack (Incransom, 2025)
wmk-hvb.de was named on the Incransom ransomware data-leak (extortion) site on 2025-03-11.
RansomwareUnknownaiibeauty.com\$274.8M\USA\508GB\100% DISCLOSED ransomware attack (Cactus, 2025)
aiibeauty.com\$274.8M\USA\508GB\100% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-03-10.
RansomwareUnknownamalgamatedsugar.com\$764.8 M\USA\464GB\100% DISCLOSED ransomware attack (Cactus, 2025)
amalgamatedsugar.com\$764.8 M\USA\464GB\100% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-03-10.
RansomwareUnknowncaltrol.com\$296.3M\USA\224GB\100% DISCLOSED ransomware attack (Cactus, 2025)
caltrol.com\$296.3M\USA\224GB\100% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-03-10.
RansomwareUnknowndccsagroup.com&csahome.com ransomware attack (RansomHub, 2025)
dccsagroup.com&csahome.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-10.
RansomwareUnknown[DISCLOSED]Nationz Technologies Inc. ransomware attack (Ransomhouse, 2025)
[DISCLOSED]Nationz Technologies Inc. was named on the Ransomhouse ransomware data-leak (extortion) site on 2025-03-10.
RansomwareUnknownformanmills.com\$422.2M\USA\846GB\100% DISCLOSED ransomware attack (Cactus, 2025)
formanmills.com\$422.2M\USA\846GB\100% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-03-10.
RansomwareUnknownFred Salvucci ransomware attack (Kairos, 2025)
Fred Salvucci was named on the Kairos ransomware data-leak (extortion) site on 2025-03-10.
RansomwareUnknownMagnolia Manor (magnoliamanor.com) ransomware attack (FOG, 2025)
Magnolia Manor (magnoliamanor.com) was named on the FOG ransomware data-leak (extortion) site on 2025-03-10.
RansomwareUnknownpace-usa.com\$134.4M\USA\65GB\100% DISCLOSED ransomware attack (Cactus, 2025)
pace-usa.com\$134.4M\USA\65GB\100% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-03-10.
RansomwareUnknownsteelwarehouse.com\$570.3M\USA\679GB\100% DISCLOSED ransomware attack (Cactus, 2025)
steelwarehouse.com\$570.3M\USA\679GB\100% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-03-10.
RansomwareUnknownwww.hexosys.com ransomware attack (RansomHub, 2025)
www.hexosys.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-10.
RansomwareUnknownACTi Corporation ransomware attack (Lynx, 2025)
ACTi Corporation was named on the Lynx ransomware data-leak (extortion) site on 2025-03-09.
RansomwareUnknownbaldaufarchitekten.de ransomware attack (Incransom, 2025)
baldaufarchitekten.de was named on the Incransom ransomware data-leak (extortion) site on 2025-03-09.
RansomwareUnknownBerksBar.org ransomware attack (Incransom, 2025)
BerksBar.org was named on the Incransom ransomware data-leak (extortion) site on 2025-03-09.
RansomwareUnknownBritish virgin islands London Office ransomware attack (Rhysida, 2025)
British virgin islands London Office was named on the Rhysida ransomware data-leak (extortion) site on 2025-03-09.
RansomwareUnknownBuckley BalaWilson Mew ransomware attack (Play, 2025)
Buckley BalaWilson Mew was named on the Play ransomware data-leak (extortion) site on 2025-03-09.
RansomwareUnknownClawson Honda ransomware attack (Play, 2025)
Clawson Honda was named on the Play ransomware data-leak (extortion) site on 2025-03-09.
RansomwareUnknownCompound Solutions ransomware attack (Play, 2025)
Compound Solutions was named on the Play ransomware data-leak (extortion) site on 2025-03-09.
RansomwareUnknownDectron ransomware attack (Play, 2025)
Dectron was named on the Play ransomware data-leak (extortion) site on 2025-03-09.
RansomwareUnknownemperors.edu ransomware attack (Incransom, 2025)
emperors.edu was named on the Incransom ransomware data-leak (extortion) site on 2025-03-09.
RansomwareUnknownGevril ransomware attack (Play, 2025)
Gevril was named on the Play ransomware data-leak (extortion) site on 2025-03-09.
RansomwareUnknownGreenwood Village South GVS ransomware attack (Incransom, 2025)
Greenwood Village South GVS was named on the Incransom ransomware data-leak (extortion) site on 2025-03-09.
RansomwareUnknownHoliday Comfort ransomware attack (Play, 2025)
Holiday Comfort was named on the Play ransomware data-leak (extortion) site on 2025-03-09.
RansomwareUnknownInsider Technologies Limited ransomware attack (Embargo, 2025)
Insider Technologies Limited was named on the Embargo ransomware data-leak (extortion) site on 2025-03-09.
RansomwareUnknownJerue Companies ransomware attack (Play, 2025)
Jerue Companies was named on the Play ransomware data-leak (extortion) site on 2025-03-09.
RansomwareUnknownNor Arc ransomware attack (Play, 2025)
Nor Arc was named on the Play ransomware data-leak (extortion) site on 2025-03-09.
RansomwareUnknownPeak Season ransomware attack (Play, 2025)
Peak Season was named on the Play ransomware data-leak (extortion) site on 2025-03-09.
RansomwareUnknownSalemerode.com ransomware attack (Flocker, 2025)
Salemerode.com was named on the Flocker ransomware data-leak (extortion) site on 2025-03-09.
RansomwareUnknownState Bar of Texas (www.texasbar.com) ransomware attack (Incransom, 2025)
State Bar of Texas (www.texasbar.com) was named on the Incransom ransomware data-leak (extortion) site on 2025-03-09.
RansomwareUnknownSyma-System ransomware attack (Play, 2025)
Syma-System was named on the Play ransomware data-leak (extortion) site on 2025-03-09.
RansomwareUnknownT J Machine & Tool ransomware attack (Play, 2025)
T J Machine & Tool was named on the Play ransomware data-leak (extortion) site on 2025-03-09.
RansomwareUnknownwilliampevear.com ransomware attack (Incransom, 2025)
williampevear.com was named on the Incransom ransomware data-leak (extortion) site on 2025-03-09.
RansomwareUnknownwog-kaiserbaeder.de ransomware attack (Incransom, 2025)
wog-kaiserbaeder.de was named on the Incransom ransomware data-leak (extortion) site on 2025-03-09.
RansomwareUnknownYorke & Curtis ransomware attack (Play, 2025)
Yorke & Curtis was named on the Play ransomware data-leak (extortion) site on 2025-03-09.
RansomwareUnknownmitchellmcnutt.com ransomware attack (RansomHub, 2025)
mitchellmcnutt.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-08.
RansomwareUnknownTech NH ransomware attack (Lynx, 2025)
Tech NH was named on the Lynx ransomware data-leak (extortion) site on 2025-03-08.
RansomwareUnknownwww.dcarosolutions.com ransomware attack (RansomHub, 2025)
www.dcarosolutions.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-08.
RansomwareUnknownwww.jpwindustries.com ransomware attack (RansomHub, 2025)
www.jpwindustries.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-08.
RansomwareUnknownYale New Haven Health data breach (2025)
Suspicious network activity at Yale New Haven Health led to the largest U.S. healthcare data breach of 2025: 5.5 million patients had names, contact details, dates of birth, medical record numbers, and Social Security numbers stolen. The health system later agreed to an $18 million class-action settlement.
ACDC Express ransomware attack (Lynx, 2025)
ACDC Express was named on the Lynx ransomware data-leak (extortion) site on 2025-03-07.
RansomwareUnknownAllworx ransomware attack (BianLian, 2025)
Allworx was named on the BianLian ransomware data-leak (extortion) site on 2025-03-07.
RansomwareUnknownalphabaking.com\$421.9M\USA\1TB\100% DISCLOSED ransomware attack (Cactus, 2025)
alphabaking.com\$421.9M\USA\1TB\100% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-03-07.
RansomwareUnknownassociatedasset.com\$288M\USA\26GB\100% DISCLOSED ransomware attack (Cactus, 2025)
associatedasset.com\$288M\USA\26GB\100% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-03-07.
RansomwareUnknownbayvillage.org ransomware attack (RansomHub, 2025)
bayvillage.org was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-07.
RansomwareUnknowngrede.com\$814.7M\USA\524GB\100% DISCLOSED ransomware attack (Cactus, 2025)
grede.com\$814.7M\USA\524GB\100% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-03-07.
RansomwareUnknownIsland Realty ransomware attack (BianLian, 2025)
Island Realty was named on the BianLian ransomware data-leak (extortion) site on 2025-03-07.
RansomwareUnknownlofotenseafood.com ransomware attack (Lynx, 2025)
lofotenseafood.com was named on the Lynx ransomware data-leak (extortion) site on 2025-03-07.
RansomwareUnknownMinnesota Orthodontics ransomware attack (BianLian, 2025)
Minnesota Orthodontics was named on the BianLian ransomware data-leak (extortion) site on 2025-03-07.
RansomwareUnknownREYCOTEL ransomware attack (Arcusmedia, 2025)
REYCOTEL was named on the Arcusmedia ransomware data-leak (extortion) site on 2025-03-07.
RansomwareUnknownsrmg.com.au ransomware attack (RansomHub, 2025)
srmg.com.au was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-07.
RansomwareUnknowntotal-ps.com ransomware attack (RansomHub, 2025)
total-ps.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-07.
RansomwareUnknownwheats.com ransomware attack (RansomHub, 2025)
wheats.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-07.
RansomwareUnknownAdval Tech ransomware attack (Lynx, 2025)
Adval Tech was named on the Lynx ransomware data-leak (extortion) site on 2025-03-06.
RansomwareUnknownagi.net ransomware attack (Monti, 2025)
agi.net was named on the Monti ransomware data-leak (extortion) site on 2025-03-06.
RansomwareUnknownDynamic Closures ransomware attack (Lynx, 2025)
Dynamic Closures was named on the Lynx ransomware data-leak (extortion) site on 2025-03-06.
RansomwareUnknownelectrocraft.com\$190.1M\USA\477GB\100% DISCLOSED ransomware attack (Cactus, 2025)
electrocraft.com\$190.1M\USA\477GB\100% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-03-06.
RansomwareUnknownhickorylaw.com ransomware attack (RansomHub, 2025)
hickorylaw.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-06.
RansomwareUnknownholtcat.com\$1B\USA\868GB\100% DISCLOSED ransomware attack (Cactus, 2025)
holtcat.com\$1B\USA\868GB\100% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-03-06.
RansomwareUnknownlovesac.com ransomware attack (RansomHub, 2025)
lovesac.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-06.
RansomwareUnknownNaples Heritage Golf & Country Club ransomware attack (Incransom, 2025)
Naples Heritage Golf & Country Club was named on the Incransom ransomware data-leak (extortion) site on 2025-03-06.
RansomwareUnknownOberlin Cable Co-op (oberlin.net) ransomware attack (FOG, 2025)
Oberlin Cable Co-op (oberlin.net) was named on the FOG ransomware data-leak (extortion) site on 2025-03-06.
RansomwareUnknownstanleyconsultants.com\$190.5M\USA\388GB\100% DISCLOSED ransomware attack (Cactus, 2025)
stanleyconsultants.com\$190.5M\USA\388GB\100% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-03-06.
RansomwareUnknownTugwell Pump & Supply ransomware attack (Lynx, 2025)
Tugwell Pump & Supply was named on the Lynx ransomware data-leak (extortion) site on 2025-03-06.
RansomwareUnknownWJCC Public Schools (wjccschools.org) ransomware attack (FOG, 2025)
WJCC Public Schools (wjccschools.org) was named on the FOG ransomware data-leak (extortion) site on 2025-03-06.
RansomwareUnknownwww.centersheetmetal.com ransomware attack (RansomHub, 2025)
www.centersheetmetal.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-06.
RansomwareUnknownwww.convention.qc.ca ransomware attack (RansomHub, 2025)
www.convention.qc.ca was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-06.
RansomwareUnknownwww.hinton.ca ransomware attack (RansomHub, 2025)
www.hinton.ca was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-06.
RansomwareUnknownwww.portlandschools.org ransomware attack (RansomHub, 2025)
www.portlandschools.org was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-06.
RansomwareUnknownBest Collateral, Inc. ransomware attack (Rhysida, 2025)
Best Collateral, Inc. was named on the Rhysida ransomware data-leak (extortion) site on 2025-03-05.
RansomwareUnknownPervedant ransomware attack (Lynx, 2025)
Pervedant was named on the Lynx ransomware data-leak (extortion) site on 2025-03-05.
RansomwareUnknownSchmiedetechnik Plettenberg GmbH & Co KG ransomware attack (Lynx, 2025)
Schmiedetechnik Plettenberg GmbH & Co KG was named on the Lynx ransomware data-leak (extortion) site on 2025-03-05.
RansomwareUnknownSCOLARO FETTER GRIZANTI & McGOUGH, P.C. (scolaro.com) ransomware attack (FOG, 2025)
SCOLARO FETTER GRIZANTI & McGOUGH, P.C. (scolaro.com) was named on the FOG ransomware data-leak (extortion) site on 2025-03-05.
RansomwareUnknownThe 19 biggest gitlabs ransomware attack (FOG, 2025)
The 19 biggest gitlabs was named on the FOG ransomware data-leak (extortion) site on 2025-03-05.
RansomwareUnknownUSA Rice<br /> ransomware attack (Kairos, 2025)
USA Rice<br /> was named on the Kairos ransomware data-leak (extortion) site on 2025-03-05.
RansomwareUnknownData leak at UTwin
On 5 March 2025, French borrower-insurance broker UTwin notified clients that an intrusion into its IT system had temporarily exposed identity details, email addresses and phone numbers; the company said no banking, medical or contract data was affected.
www.black-star.fr ransomware attack (RansomHub, 2025)
www.black-star.fr was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-05.
RansomwareUnknownwww.cda.be ransomware attack (RansomHub, 2025)
www.cda.be was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-05.
RansomwareUnknownwww.japanrebuilt.jp ransomware attack (RansomHub, 2025)
www.japanrebuilt.jp was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-05.
RansomwareUnknownwww.sunsweet.com ransomware attack (RansomHub, 2025)
www.sunsweet.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-05.
RansomwareUnknown365labs - Security Corp ransomware attack (Monti, 2025)
365labs - Security Corp was named on the Monti ransomware data-leak (extortion) site on 2025-03-04.
RansomwareUnknownBrien, Inc. ransomware attack (BianLian, 2025)
Brien, Inc. was named on the BianLian ransomware data-leak (extortion) site on 2025-03-04.
RansomwareUnknownLeak at Côté Sushi
In March 2025, French sushi-delivery chain Côté Sushi had the personal data of roughly 1.1 million customers — names, dates of birth, emails and phone numbers — scraped from its loyalty/delivery database and offered for sale on a cybercrime forum.
dsrny.com ransomware attack (RansomHub, 2025)
dsrny.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-04.
RansomwareUnknownEwald Consulting ransomware attack (BianLian, 2025)
Ewald Consulting was named on the BianLian ransomware data-leak (extortion) site on 2025-03-04.
RansomwareUnknownGarner, P.C. ransomware attack (BianLian, 2025)
Garner, P.C. was named on the BianLian ransomware data-leak (extortion) site on 2025-03-04.
RansomwareUnknowngoencon.com ransomware attack (RansomHub, 2025)
goencon.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-04.
RansomwareUnknownGrupo Baston Aerossol (baston.com.br) ransomware attack (FOG, 2025)
Grupo Baston Aerossol (baston.com.br) was named on the FOG ransomware data-leak (extortion) site on 2025-03-04.
RansomwareUnknownKeystone Pacific Property Management LLC ransomware attack (BianLian, 2025)
Keystone Pacific Property Management LLC was named on the BianLian ransomware data-leak (extortion) site on 2025-03-04.
RansomwareUnknownLeak at La Poste
In March 2025, French postal operator La Poste disclosed a breach of its 'Élection du Timbre' platform exposing personal data of about 50,000 users — names, year of birth, email, phone and postal addresses — which was put up for sale online by an attacker.
Layfield and Borel CPA's L.L.C ransomware attack (BianLian, 2025)
Layfield and Borel CPA's L.L.C was named on the BianLian ransomware data-leak (extortion) site on 2025-03-04.
RansomwareUnknownLegal Aid Society of Salt Lake ransomware attack (BianLian, 2025)
Legal Aid Society of Salt Lake was named on the BianLian ransomware data-leak (extortion) site on 2025-03-04.
RansomwareUnknownPampili (pampili.com.br) ransomware attack (FOG, 2025)
Pampili (pampili.com.br) was named on the FOG ransomware data-leak (extortion) site on 2025-03-04.
RansomwareUnknownPhoenix ransomware attack (Monti, 2025)
Phoenix was named on the Monti ransomware data-leak (extortion) site on 2025-03-04.
RansomwareUnknownSeabank Group ransomware attack (Lynx, 2025)
Seabank Group was named on the Lynx ransomware data-leak (extortion) site on 2025-03-04.
RansomwareUnknownTata Technologies ransomware attack (Hunters International, 2025)
Tata Technologies was named on the Hunters International ransomware data-leak (extortion) site on 2025-03-04.
RansomwareUnknownWendy Wu Tours ransomware attack (Killsecurity, 2025)
Wendy Wu Tours was named on the Killsecurity ransomware data-leak (extortion) site on 2025-03-04.
RansomwareUnknownalmostfamousclothing.com\$183M\USA\375GB\100% DISCLOSED ransomware attack (Cactus, 2025)
almostfamousclothing.com\$183M\USA\375GB\100% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-03-03.
RansomwareUnknownandreyevengineering.com ransomware attack (RansomHub, 2025)
andreyevengineering.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-03.
RansomwareUnknownCentral McGowan (centralmcgowan.com) ransomware attack (FOG, 2025)
Central McGowan (centralmcgowan.com) was named on the FOG ransomware data-leak (extortion) site on 2025-03-03.
RansomwareUnknownceratec.com ransomware attack (Abyss, 2025)
ceratec.com was named on the Abyss ransomware data-leak (extortion) site on 2025-03-03.
RansomwareUnknowneverelgroup.com\$259M\Italy\440GB\100% DISCLOSED ransomware attack (Cactus, 2025)
everelgroup.com\$259M\Italy\440GB\100% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-03-03.
RansomwareUnknownfamilychc.com ransomware attack (RansomHub, 2025)
familychc.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-03.
RansomwareUnknownGrafitec ransomware attack (Arcusmedia, 2025)
Grafitec was named on the Arcusmedia ransomware data-leak (extortion) site on 2025-03-03.
RansomwareUnknownICO ransomware attack (Arcusmedia, 2025)
ICO was named on the Arcusmedia ransomware data-leak (extortion) site on 2025-03-03.
RansomwareUnknownItapeseg ransomware attack (Arcusmedia, 2025)
Itapeseg was named on the Arcusmedia ransomware data-leak (extortion) site on 2025-03-03.
RansomwareUnknownK**d.edu ransomware attack (Flocker, 2025)
K**d.edu was named on the Flocker ransomware data-leak (extortion) site on 2025-03-03.
RansomwareUnknownKlesk Metal Stamping Co (kleskmetalstamping.com) ransomware attack (FOG, 2025)
Klesk Metal Stamping Co (kleskmetalstamping.com) was named on the FOG ransomware data-leak (extortion) site on 2025-03-03.
RansomwareUnknownLa Unión ransomware attack (Lynx, 2025)
La Unión was named on the Lynx ransomware data-leak (extortion) site on 2025-03-03.
RansomwareUnknownLINKGROUP ransomware attack (Arcusmedia, 2025)
LINKGROUP was named on the Arcusmedia ransomware data-leak (extortion) site on 2025-03-03.
RansomwareUnknownlogic insectes ransomware attack (Arcusmedia, 2025)
logic insectes was named on the Arcusmedia ransomware data-leak (extortion) site on 2025-03-03.
RansomwareUnknownNew .Gov ? ransomware attack (Arcusmedia, 2025)
New .Gov ? was named on the Arcusmedia ransomware data-leak (extortion) site on 2025-03-03.
RansomwareUnknownOpenreso ransomware attack (Arcusmedia, 2025)
Openreso was named on the Arcusmedia ransomware data-leak (extortion) site on 2025-03-03.
RansomwareUnknownquigleyeye.com\$33.6M\USA\435GB\<1% DISCLOSED ransomware attack (Cactus, 2025)
quigleyeye.com\$33.6M\USA\435GB\<1% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-03-03.
RansomwareUnknownregulvar.com\$253.5M\Canada\3.6TB\100% DISCLOSED ransomware attack (Cactus, 2025)
regulvar.com\$253.5M\Canada\3.6TB\100% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-03-03.
RansomwareUnknownRJ IT Solutions ransomware attack (Arcusmedia, 2025)
RJ IT Solutions was named on the Arcusmedia ransomware data-leak (extortion) site on 2025-03-03.
RansomwareUnknownS********e.com ransomware attack (Flocker, 2025)
S********e.com was named on the Flocker ransomware data-leak (extortion) site on 2025-03-03.
RansomwareUnknownssmcoop.com\$22.5M\USA\26GB\100% DISCLOSED ransomware attack (Cactus, 2025)
ssmcoop.com\$22.5M\USA\26GB\100% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-03-03.
RansomwareUnknownsynaptic.co.tz ransomware attack (Arcusmedia, 2025)
synaptic.co.tz was named on the Arcusmedia ransomware data-leak (extortion) site on 2025-03-03.
RansomwareUnknownVitenas Cosmetic Surgery ransomware attack (Kairos, 2025)
Vitenas Cosmetic Surgery was named on the Kairos ransomware data-leak (extortion) site on 2025-03-03.
RansomwareUnknownbestbrands.com\$25.5M\USA\659GB\100% DISCLOSED ransomware attack (Cactus, 2025)
bestbrands.com\$25.5M\USA\659GB\100% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-03-02.
RansomwareUnknownbritannicahome.com\$20.6M\USA\2.8TB\100% DISCLOSED ransomware attack (Cactus, 2025)
britannicahome.com\$20.6M\USA\2.8TB\100% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-03-02.
RansomwareUnknownCouri Insurance Agency ransomware attack (Play, 2025)
Couri Insurance Agency was named on the Play ransomware data-leak (extortion) site on 2025-03-02.
RansomwareUnknownFM.GOB.AR ransomware attack (Monti, 2025)
FM.GOB.AR was named on the Monti ransomware data-leak (extortion) site on 2025-03-02.
RansomwareUnknownGanong Bros ransomware attack (Play, 2025)
Ganong Bros was named on the Play ransomware data-leak (extortion) site on 2025-03-02.
RansomwareUnknowngermancentre.sg ransomware attack (Incransom, 2025)
germancentre.sg was named on the Incransom ransomware data-leak (extortion) site on 2025-03-02.
RansomwareUnknowngruppocogesi.org ransomware attack (LockBit, 2025)
gruppocogesi.org was named on the LockBit ransomware data-leak (extortion) site on 2025-03-02.
RansomwareUnknownInternational Process Plants ransomware attack (Play, 2025)
International Process Plants was named on the Play ransomware data-leak (extortion) site on 2025-03-02.
RansomwareUnknownIT-IQ Botswana ransomware attack (Play, 2025)
IT-IQ Botswana was named on the Play ransomware data-leak (extortion) site on 2025-03-02.
RansomwareUnknownkinseysinc.com\$74.9M\USA\675GB\100% DISCLOSED ransomware attack (Cactus, 2025)
kinseysinc.com\$74.9M\USA\675GB\100% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-03-02.
RansomwareUnknownM&n Management ransomware attack (Play, 2025)
M&n Management was named on the Play ransomware data-leak (extortion) site on 2025-03-02.
RansomwareUnknownmidwayimporting.com\$43.7M\USA\915GB\100% DISCLOSED ransomware attack (Cactus, 2025)
midwayimporting.com\$43.7M\USA\915GB\100% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-03-02.
RansomwareUnknownnewhorizonsbaking.com\$163M\USA\455GB\100% DISCLOSED ransomware attack (Cactus, 2025)
newhorizonsbaking.com\$163M\USA\455GB\100% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-03-02.
RansomwareUnknownNorth American Fire Hose ransomware attack (Play, 2025)
North American Fire Hose was named on the Play ransomware data-leak (extortion) site on 2025-03-02.
RansomwareUnknownOptometrics ransomware attack (Play, 2025)
Optometrics was named on the Play ransomware data-leak (extortion) site on 2025-03-02.
RansomwareUnknownPre Con Industries ransomware attack (Play, 2025)
Pre Con Industries was named on the Play ransomware data-leak (extortion) site on 2025-03-02.
RansomwareUnknownrevitalash.com\$21.5M\USA\1.2TB\100% DISCLOSED ransomware attack (Cactus, 2025)
revitalash.com\$21.5M\USA\1.2TB\100% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-03-02.
RansomwareUnknownsteelerubber.com\$17.9M\USA\116GB\100% DISCLOSED ransomware attack (Cactus, 2025)
steelerubber.com\$17.9M\USA\116GB\100% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-03-02.
RansomwareUnknownuniekinc.com\$37.5M\USA\1.8TB\100% DISCLOSED ransomware attack (Cactus, 2025)
uniekinc.com\$37.5M\USA\1.8TB\100% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-03-02.
RansomwareUnknownWorkforce Group ransomware attack (Killsecurity, 2025)
Workforce Group was named on the Killsecurity ransomware data-leak (extortion) site on 2025-03-02.
RansomwareUnknownbreakawayconcretecutting.com ransomware attack (Incransom, 2025)
breakawayconcretecutting.com was named on the Incransom ransomware data-leak (extortion) site on 2025-03-01.
RansomwareUnknownNewton & Associates, Inc ransomware attack (Rhysida, 2025)
Newton & Associates, Inc was named on the Rhysida ransomware data-leak (extortion) site on 2025-03-01.
RansomwareUnknownassociatedasset.com\$288M\USA\26GB\<1% DISCLOSED ransomware attack (Cactus, 2025)
associatedasset.com\$288M\USA\26GB\<1% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-02-28.
RansomwareUnknownbranchgroup.com\$333M\USA\253GB\<1% DISCLOSED ransomware attack (Cactus, 2025)
branchgroup.com\$333M\USA\253GB\<1% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-02-28.
RansomwareUnknowncurtisint.com\$37.2M\Canada\676GB\100% DISCLOSED ransomware attack (Cactus, 2025)
curtisint.com\$37.2M\Canada\676GB\100% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-02-28.
RansomwareUnknownLeak at École Nationale de la Sécurité
Disclosed on 28 February 2025, a data breach at France's École Nationale de la Sécurité, a private-security and VTC training school, exposed the personal records of roughly 30,000 trainees, including national ID numbers, social security numbers, VTC licence numbers and contact details.
Leak at EDF DPIH
On 28 February 2025, a threat actor claimed to have stolen a database from EDF's hydraulic generation division (DPIH), exposing power-plant intervention and maintenance plans, security inspection results and maintenance staff IDs; EDF and researchers disputed the actor's nuclear claims.
electrocraft.com\$190.1M\USA\477GB\<1% DISCLOSED ransomware attack (Cactus, 2025)
electrocraft.com\$190.1M\USA\477GB\<1% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-02-28.
RansomwareUnknownEngineering Mechanics ransomware attack (Lynx, 2025)
Engineering Mechanics was named on the Lynx ransomware data-leak (extortion) site on 2025-02-28.
RansomwareUnknowngrede.com\$814.7M\USA\524gb\<1% DISCLOSED ransomware attack (Cactus, 2025)
grede.com\$814.7M\USA\524gb\<1% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-02-28.
RansomwareUnknownInversiones Clinica Del Meta SA ransomware attack (Ransomblog_noname, 2025)
Inversiones Clinica Del Meta SA was named on the Ransomblog_noname ransomware data-leak (extortion) site on 2025-02-28.
RansomwareUnknownpace-usa.com\$134.4M\USA\65gb\<1% DISCLOSED ransomware attack (Cactus, 2025)
pace-usa.com\$134.4M\USA\65gb\<1% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-02-28.
RansomwareUnknownstanleyconsultants.com\$190.5M\USA\388GB\<1% DISCLOSED ransomware attack (Cactus, 2025)
stanleyconsultants.com\$190.5M\USA\388GB\<1% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-02-28.
RansomwareUnknownsteelwarehouse.com\$570.3M\USA\679gb\<1% DISCLOSED ransomware attack (Cactus, 2025)
steelwarehouse.com\$570.3M\USA\679gb\<1% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-02-28.
RansomwareUnknownsublettecountywy.gov ransomware attack (Incransom, 2025)
sublettecountywy.gov was named on the Incransom ransomware data-leak (extortion) site on 2025-02-28.
RansomwareUnknownuniquehd.com\$13.7M\USA\429GB\100% DISCLOSED ransomware attack (Cactus, 2025)
uniquehd.com\$13.7M\USA\429GB\100% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-02-28.
RansomwareUnknownwww.casinoessentials.com ransomware attack (RansomHub, 2025)
www.casinoessentials.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-28.
RansomwareUnknownwww.journeyoilfield.net ransomware attack (RansomHub, 2025)
www.journeyoilfield.net was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-28.
RansomwareUnknownData leak at Zephir
On 28 February 2025, a data leak attributed to Zephir (France) exposed personal records of roughly 67,000 people, including names, email addresses, phone numbers and bank account details (IBAN).
Biogena GmbH & Co KG ransomware attack (Lynx, 2025)
Biogena GmbH & Co KG was named on the Lynx ransomware data-leak (extortion) site on 2025-02-27.
RansomwareUnknownjtu.com.br ransomware attack (LockBit, 2025)
jtu.com.br was named on the LockBit ransomware data-leak (extortion) site on 2025-02-27.
RansomwareUnknownteamwass.com ransomware attack (RansomHub, 2025)
teamwass.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-27.
RansomwareUnknownwww.nasonptc.com ransomware attack (RansomHub, 2025)
www.nasonptc.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-27.
RansomwareUnknownwww.townofbourne.com ransomware attack (RansomHub, 2025)
www.townofbourne.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-27.
RansomwareUnknown3cBSI ransomware attack (Play, 2025)
3cBSI was named on the Play ransomware data-leak (extortion) site on 2025-02-26.
RansomwareUnknownalphabaking.com\$421.9M\USA\1TB\<1% DISCLOSED ransomware attack (Cactus, 2025)
alphabaking.com\$421.9M\USA\1TB\<1% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-02-26.
RansomwareUnknownArcandco ransomware attack (Termite, 2025)
Arcandco was named on the Termite ransomware data-leak (extortion) site on 2025-02-26.
RansomwareUnknowncaltrol.com\$296.3M\USA\224gb\<1% DISCLOSED ransomware attack (Cactus, 2025)
caltrol.com\$296.3M\USA\224gb\<1% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-02-26.
RansomwareUnknownFinck Cigar ransomware attack (Play, 2025)
Finck Cigar was named on the Play ransomware data-leak (extortion) site on 2025-02-26.
RansomwareUnknownGenea ransomware attack (Termite, 2025)
Genea was named on the Termite ransomware data-leak (extortion) site on 2025-02-26.
RansomwareUnknownGitlabs: Synelixis Solutions, INGV, VMO Holdings ransomware attack (FOG, 2025)
Gitlabs: Synelixis Solutions, INGV, VMO Holdings was named on the FOG ransomware data-leak (extortion) site on 2025-02-26.
RansomwareUnknownholtcat.com\$1B\USA\868GB\<1% DISCLOSED ransomware attack (Cactus, 2025)
holtcat.com\$1B\USA\868GB\<1% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-02-26.
RansomwareUnknownITU AbsorbTech ransomware attack (Lynx, 2025)
ITU AbsorbTech was named on the Lynx ransomware data-leak (extortion) site on 2025-02-26.
RansomwareUnknownKendall Auto Group ransomware attack (Hunters International, 2025)
Kendall Auto Group was named on the Hunters International ransomware data-leak (extortion) site on 2025-02-26.
RansomwareUnknownLondon Belgravia ransomware attack (Termite, 2025)
London Belgravia was named on the Termite ransomware data-leak (extortion) site on 2025-02-26.
RansomwareUnknownMuller Insurance ransomware attack (Play, 2025)
Muller Insurance was named on the Play ransomware data-leak (extortion) site on 2025-02-26.
RansomwareUnknownNational Legal Service ransomware attack (Termite, 2025)
National Legal Service was named on the Termite ransomware data-leak (extortion) site on 2025-02-26.
RansomwareUnknownNationz Technologies Inc. ransomware attack (Ransomhouse, 2025)
Nationz Technologies Inc. was named on the Ransomhouse ransomware data-leak (extortion) site on 2025-02-26.
RansomwareUnknownNichino Ryokka Co Ltd ransomware attack (Hunters International, 2025)
Nichino Ryokka Co Ltd was named on the Hunters International ransomware data-leak (extortion) site on 2025-02-26.
RansomwareUnknownLeak at Nord Emploi
On 26 February 2025, Nord Emploi — the Nord department's RSA return-to-employment support platform — was hit by a data leak exposing personal and social-support records of roughly 200,000 benefit recipients, including identity, contact, CAF/RSA and detailed welfare-accompaniment data.
Omni United ransomware attack (Hunters International, 2025)
Omni United was named on the Hunters International ransomware data-leak (extortion) site on 2025-02-26.
RansomwareUnknownpowelltool.com ransomware attack (Lynx, 2025)
powelltool.com was named on the Lynx ransomware data-leak (extortion) site on 2025-02-26.
RansomwareUnknownRooks Rider Solicitors ransomware attack (Termite, 2025)
Rooks Rider Solicitors was named on the Termite ransomware data-leak (extortion) site on 2025-02-26.
RansomwareUnknownStory Environmental ransomware attack (Play, 2025)
Story Environmental was named on the Play ransomware data-leak (extortion) site on 2025-02-26.
RansomwareUnknownVermeer Mexico ransomware attack (Hunters International, 2025)
Vermeer Mexico was named on the Hunters International ransomware data-leak (extortion) site on 2025-02-26.
RansomwareUnknownwww.amerasphalt.com ransomware attack (RansomHub, 2025)
www.amerasphalt.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-26.
RansomwareUnknownwww.cmsg.cl ransomware attack (RansomHub, 2025)
www.cmsg.cl was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-26.
RansomwareUnknownwww.emeryair.net ransomware attack (RansomHub, 2025)
www.emeryair.net was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-26.
RansomwareUnknownwww.envirolabsinc.com ransomware attack (RansomHub, 2025)
www.envirolabsinc.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-26.
RansomwareUnknownwww.kppm.com ransomware attack (RansomHub, 2025)
www.kppm.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-26.
RansomwareUnknownwww.newburghhealthcarecenter.com ransomware attack (RansomHub, 2025)
www.newburghhealthcarecenter.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-26.
RansomwareUnknownwww.obrienavocats.qc.ca ransomware attack (RansomHub, 2025)
www.obrienavocats.qc.ca was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-26.
RansomwareUnknownacmefan.com ransomware attack (Lynx, 2025)
acmefan.com was named on the Lynx ransomware data-leak (extortion) site on 2025-02-25.
RansomwareUnknownALCOTT HR GROUP ransomware attack (Play, 2025)
ALCOTT HR GROUP was named on the Play ransomware data-leak (extortion) site on 2025-02-25.
RansomwareUnknownbluedge.com\$104.5M\USA\994GB\<1% DISCLOSED ransomware attack (Cactus, 2025)
bluedge.com\$104.5M\USA\994GB\<1% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-02-25.
RansomwareUnknownConvert Solar ransomware attack (Play, 2025)
Convert Solar was named on the Play ransomware data-leak (extortion) site on 2025-02-25.
RansomwareUnknownessenzamovies.com.br ransomware attack (LockBit, 2025)
essenzamovies.com.br was named on the LockBit ransomware data-leak (extortion) site on 2025-02-25.
RansomwareUnknownFairhaven Shipyard Companies ransomware attack (Play, 2025)
Fairhaven Shipyard Companies was named on the Play ransomware data-leak (extortion) site on 2025-02-25.
RansomwareUnknownFirst Federal Savings & Loan ransomware attack (Play, 2025)
First Federal Savings & Loan was named on the Play ransomware data-leak (extortion) site on 2025-02-25.
RansomwareUnknownGANRO ransomware attack (Lynx, 2025)
GANRO was named on the Lynx ransomware data-leak (extortion) site on 2025-02-25.
RansomwareUnknownhgmlegal.com ransomware attack (RansomHub, 2025)
hgmlegal.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-25.
RansomwareUnknownlifting.com\$135.8M\USA\1.4TB\<1% DISCLOSED ransomware attack (Cactus, 2025)
lifting.com\$135.8M\USA\1.4TB\<1% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-02-25.
RansomwareUnknownmegamtls.com ransomware attack (Incransom, 2025)
megamtls.com was named on the Incransom ransomware data-leak (extortion) site on 2025-02-25.
RansomwareUnknownneatem.fr | Update! ransomware attack (Braincipher, 2025)
neatem.fr | Update! was named on the Braincipher ransomware data-leak (extortion) site on 2025-02-25.
RansomwareUnknownossc.mx ransomware attack (LockBit, 2025)
ossc.mx was named on the LockBit ransomware data-leak (extortion) site on 2025-02-25.
RansomwareUnknownpacresmortgage.com ransomware attack (Lynx, 2025)
pacresmortgage.com was named on the Lynx ransomware data-leak (extortion) site on 2025-02-25.
RansomwareUnknownPPS Services Group ransomware attack (Lynx, 2025)
PPS Services Group was named on the Lynx ransomware data-leak (extortion) site on 2025-02-25.
RansomwareUnknownRadco Industries ransomware attack (Play, 2025)
Radco Industries was named on the Play ransomware data-leak (extortion) site on 2025-02-25.
RansomwareUnknownSouth Georgia Accounting Services ransomware attack (Spacebears, 2025)
South Georgia Accounting Services was named on the Spacebears ransomware data-leak (extortion) site on 2025-02-25.
RansomwareUnknowntequaly.com ransomware attack (Embargo, 2025)
tequaly.com was named on the Embargo ransomware data-leak (extortion) site on 2025-02-25.
RansomwareUnknownunila.edu.mx ransomware attack (LockBit, 2025)
unila.edu.mx was named on the LockBit ransomware data-leak (extortion) site on 2025-02-25.
RansomwareUnknownVvf Ilinois Services ransomware attack (Lynx, 2025)
Vvf Ilinois Services was named on the Lynx ransomware data-leak (extortion) site on 2025-02-25.
RansomwareUnknownwelcompanies.com ransomware attack (RansomHub, 2025)
welcompanies.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-25.
RansomwareUnknownwww.ateliermonarque.com ransomware attack (RansomHub, 2025)
www.ateliermonarque.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-25.
RansomwareUnknownwww.avalon-hotel.com ransomware attack (RansomHub, 2025)
www.avalon-hotel.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-25.
RansomwareUnknownwww.bwdtechnology.com ransomware attack (RansomHub, 2025)
www.bwdtechnology.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-25.
RansomwareUnknownwww.confabca.com ransomware attack (RansomHub, 2025)
www.confabca.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-25.
RansomwareUnknownwww.rgb.com ransomware attack (RansomHub, 2025)
www.rgb.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-25.
RansomwareUnknownwww.wpisd.com ransomware attack (RansomHub, 2025)
www.wpisd.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-25.
RansomwareUnknownXepa Soul ransomware attack (Lynx, 2025)
Xepa Soul was named on the Lynx ransomware data-leak (extortion) site on 2025-02-25.
RansomwareUnknownaiibeauty.com\$274.8M\USA\508GB\<1% DISCLOSED ransomware attack (Cactus, 2025)
aiibeauty.com\$274.8M\USA\508GB\<1% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-02-24.
RansomwareUnknownamalgamatedsugar.com\$764.8 M\USA\464gb\<1% DISCLOSED ransomware attack (Cactus, 2025)
amalgamatedsugar.com\$764.8 M\USA\464gb\<1% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-02-24.
RansomwareUnknownchfindustries.com\$253.8M\USA\2.5TB\<1% DISCLOSED ransomware attack (Cactus, 2025)
chfindustries.com\$253.8M\USA\2.5TB\<1% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-02-24.
RansomwareUnknowncompactmould.com ransomware attack (RansomHub, 2025)
compactmould.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-24.
RansomwareUnknowndenbyco.co.uk ransomware attack (RansomHub, 2025)
denbyco.co.uk was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-24.
RansomwareUnknown[DISCLOSED] Aishu, Eshoo ransomware attack (Ransomhouse, 2025)
[DISCLOSED] Aishu, Eshoo was named on the Ransomhouse ransomware data-leak (extortion) site on 2025-02-24.
RansomwareUnknowneverelgroup.com\$259M\Italy\440GB\<1% DISCLOSED ransomware attack (Cactus, 2025)
everelgroup.com\$259M\Italy\440GB\<1% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-02-24.
RansomwareUnknown[EVIDENCE] Aishu, Eshoo ransomware attack (Ransomhouse, 2025)
[EVIDENCE] Aishu, Eshoo was named on the Ransomhouse ransomware data-leak (extortion) site on 2025-02-24.
RansomwareUnknownFireplace Warehouse ransomware attack (Kairos, 2025)
Fireplace Warehouse was named on the Kairos ransomware data-leak (extortion) site on 2025-02-24.
RansomwareUnknownformanmills.com\$422.2M\USA\846gb\<1% DISCLOSED ransomware attack (Cactus, 2025)
formanmills.com\$422.2M\USA\846gb\<1% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-02-24.
RansomwareUnknownGeokon ransomware attack (Lynx, 2025)
Geokon was named on the Lynx ransomware data-leak (extortion) site on 2025-02-24.
RansomwareUnknownIDEA Expertises ransomware attack (Lynx, 2025)
IDEA Expertises was named on the Lynx ransomware data-leak (extortion) site on 2025-02-24.
RansomwareUnknownOrange Romania data breach (2025)
In February 2025, the Romanian arm of telecommunications company Orange suffered a data breach which was subsequently published to a popular hacking forum.
Planet One ransomware attack (Lynx, 2025)
Planet One was named on the Lynx ransomware data-leak (extortion) site on 2025-02-24.
RansomwareUnknownregulvar.com\$253.5M\Canada\3.6TB\<1% DISCLOSED ransomware attack (Cactus, 2025)
regulvar.com\$253.5M\Canada\3.6TB\<1% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-02-24.
RansomwareUnknownStürmer Maschinen ransomware attack (Lynx, 2025)
Stürmer Maschinen was named on the Lynx ransomware data-leak (extortion) site on 2025-02-24.
RansomwareUnknownBluAgent Technologies, Inc ransomware attack (Killsecurity, 2025)
BluAgent Technologies, Inc was named on the Killsecurity ransomware data-leak (extortion) site on 2025-02-23.
RansomwareUnknownG& ransomware attack (Killsecurity, 2025)
G& was named on the Killsecurity ransomware data-leak (extortion) site on 2025-02-23.
RansomwareUnknownGitlabs: Naphix, WDNA, Bayteq ransomware attack (FOG, 2025)
Gitlabs: Naphix, WDNA, Bayteq was named on the FOG ransomware data-leak (extortion) site on 2025-02-23.
RansomwareUnknownNovi Community School District ransomware attack (Killsecurity, 2025)
Novi Community School District was named on the Killsecurity ransomware data-leak (extortion) site on 2025-02-23.
RansomwareUnknownondaralogistica.com ransomware attack (RansomHub, 2025)
ondaralogistica.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-23.
RansomwareUnknownShaghalni ransomware attack (Killsecurity, 2025)
Shaghalni was named on the Killsecurity ransomware data-leak (extortion) site on 2025-02-23.
RansomwareUnknownwww.famcomachine.com ransomware attack (RansomHub, 2025)
www.famcomachine.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-23.
RansomwareUnknownalleghenybradford.com ransomware attack (RansomHub, 2025)
alleghenybradford.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-22.
RansomwareUnknownCCOO Servicios ransomware attack (Hunters International, 2025)
CCOO Servicios was named on the Hunters International ransomware data-leak (extortion) site on 2025-02-22.
RansomwareUnknownevergreenpnw.com ransomware attack (Incransom, 2025)
evergreenpnw.com was named on the Incransom ransomware data-leak (extortion) site on 2025-02-22.
RansomwareUnknownExcel Security ransomware attack (Lynx, 2025)
Excel Security was named on the Lynx ransomware data-leak (extortion) site on 2025-02-22.
RansomwareUnknownPeter Glenn Ski Sport ransomware attack (Rhysida, 2025)
Peter Glenn Ski Sport was named on the Rhysida ransomware data-leak (extortion) site on 2025-02-22.
RansomwareUnknownSPEED Co ransomware attack (Hunters International, 2025)
SPEED Co was named on the Hunters International ransomware data-leak (extortion) site on 2025-02-22.
RansomwareUnknownteamsters175.org ransomware attack (Incransom, 2025)
teamsters175.org was named on the Incransom ransomware data-leak (extortion) site on 2025-02-22.
RansomwareUnknownBybit cold wallet heist
Lazarus operators substituted the implementation contract during a routine Safe multisig transaction, draining ~$1.5 billion in ETH and staked-ETH derivatives from Bybit's Ethereum cold wallet — the largest single cryptocurrency theft in history.
Leak at French Football Federation
In February 2025 the French Football Federation (FFF) suffered a data breach via a compromised account on its licensee-management platform; at least ~43,000 users had personal data exposed, including names, contact details, and copies of ID documents.
guadeloupeformation.com ransomware attack (RansomHub, 2025)
guadeloupeformation.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-21.
RansomwareUnknownheadcount.com ransomware attack (RansomHub, 2025)
headcount.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-21.
RansomwareUnknownjindalgroup.com ransomware attack (RansomHub, 2025)
jindalgroup.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-21.
RansomwareUnknown(kc2) geokon.com ransomware attack (Lynx, 2025)
(kc2) geokon.com was named on the Lynx ransomware data-leak (extortion) site on 2025-02-21.
RansomwareUnknownplanetone-asia.com ransomware attack (Lynx, 2025)
planetone-asia.com was named on the Lynx ransomware data-leak (extortion) site on 2025-02-21.
RansomwareUnknownstatesideseattle.com ransomware attack (Incransom, 2025)
statesideseattle.com was named on the Incransom ransomware data-leak (extortion) site on 2025-02-21.
RansomwareUnknownwww.elecgalapagos.com.ec ransomware attack (RansomHub, 2025)
www.elecgalapagos.com.ec was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-21.
RansomwareUnknownwww.electro-fusion.com ransomware attack (RansomHub, 2025)
www.electro-fusion.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-21.
RansomwareUnknownwww.fla-esq.com ransomware attack (RansomHub, 2025)
www.fla-esq.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-21.
RansomwareUnknownwww.midwestvascular.net ransomware attack (RansomHub, 2025)
www.midwestvascular.net was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-21.
RansomwareUnknownwww.nola-law.com ransomware attack (RansomHub, 2025)
www.nola-law.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-21.
RansomwareUnknownwww.saracenproperties.com ransomware attack (RansomHub, 2025)
www.saracenproperties.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-21.
RansomwareUnknownwww.witheyaddison.com ransomware attack (RansomHub, 2025)
www.witheyaddison.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-21.
RansomwareUnknowncaliforniaclingpeaches.com ransomware attack (Incransom, 2025)
californiaclingpeaches.com was named on the Incransom ransomware data-leak (extortion) site on 2025-02-20.
RansomwareUnknowneaglepost.com ransomware attack (RansomHub, 2025)
eaglepost.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-20.
RansomwareUnknownehdd.com ransomware attack (Incransom, 2025)
ehdd.com was named on the Incransom ransomware data-leak (extortion) site on 2025-02-20.
RansomwareUnknownFortune Electric Co Ltd ransomware attack (Lynx, 2025)
Fortune Electric Co Ltd was named on the Lynx ransomware data-leak (extortion) site on 2025-02-20.
RansomwareUnknowngilcar.co ransomware attack (RansomHub, 2025)
gilcar.co was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-20.
RansomwareUnknownLigentia ransomware attack (Termite, 2025)
Ligentia was named on the Termite ransomware data-leak (extortion) site on 2025-02-20.
RansomwareUnknownMedical File ransomware attack (Killsecurity, 2025)
Medical File was named on the Killsecurity ransomware data-leak (extortion) site on 2025-02-20.
RansomwareUnknownnewhorizonsbaking.com\$163M\USA\455GB\<1% DISCLOSED ransomware attack (Cactus, 2025)
newhorizonsbaking.com\$163M\USA\455GB\<1% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-02-20.
RansomwareUnknownwww.okddsi.net ransomware attack (RansomHub, 2025)
www.okddsi.net was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-20.
RansomwareUnknownwww.phdental.com ransomware attack (RansomHub, 2025)
www.phdental.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-20.
RansomwareUnknownwww.pransystems.com ransomware attack (RansomHub, 2025)
www.pransystems.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-20.
RansomwareUnknownwww.riverdale.edu ransomware attack (RansomHub, 2025)
www.riverdale.edu was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-20.
RansomwareUnknownAlabama Ophthalmology Associates ransomware attack (BianLian, 2025)
Alabama Ophthalmology Associates was named on the BianLian ransomware data-leak (extortion) site on 2025-02-19.
RansomwareUnknownBeniPlus ransomware attack (Killsecurity, 2025)
BeniPlus was named on the Killsecurity ransomware data-leak (extortion) site on 2025-02-19.
RansomwareUnknownBrolly ransomware attack (Killsecurity, 2025)
Brolly was named on the Killsecurity ransomware data-leak (extortion) site on 2025-02-19.
RansomwareUnknownDR.Claims FL LLC ransomware attack (Killsecurity, 2025)
DR.Claims FL LLC was named on the Killsecurity ransomware data-leak (extortion) site on 2025-02-19.
RansomwareUnknownEservices.gov.zm ransomware attack (Flocker, 2025)
Eservices.gov.zm was named on the Flocker ransomware data-leak (extortion) site on 2025-02-19.
RansomwareUnknownEzyLegal ransomware attack (Killsecurity, 2025)
EzyLegal was named on the Killsecurity ransomware data-leak (extortion) site on 2025-02-19.
RansomwareUnknownGitlabs: Next TI, VISEO, Hochschule Trier ransomware attack (FOG, 2025)
Gitlabs: Next TI, VISEO, Hochschule Trier was named on the FOG ransomware data-leak (extortion) site on 2025-02-19.
RansomwareUnknownHaggin Oaks Golf (hagginoaks.com) ransomware attack (FOG, 2025)
Haggin Oaks Golf (hagginoaks.com) was named on the FOG ransomware data-leak (extortion) site on 2025-02-19.
RansomwareUnknownhaleycomfort.com ransomware attack (RansomHub, 2025)
haleycomfort.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-19.
RansomwareUnknownHelp Me Grow Yolo ransomware attack (Killsecurity, 2025)
Help Me Grow Yolo was named on the Killsecurity ransomware data-leak (extortion) site on 2025-02-19.
RansomwareUnknownNimuSoft ransomware attack (Killsecurity, 2025)
NimuSoft was named on the Killsecurity ransomware data-leak (extortion) site on 2025-02-19.
RansomwareUnknownPulmonary Physicians of South Florida Clinics | Data security breach! ransomware attack (Braincipher, 2025)
Pulmonary Physicians of South Florida Clinics | Data security breach! was named on the Braincipher ransomware data-leak (extortion) site on 2025-02-19.
RansomwareUnknownRanhill Bersekutu ransomware attack (Lynx, 2025)
Ranhill Bersekutu was named on the Lynx ransomware data-leak (extortion) site on 2025-02-19.
RansomwareUnknownRevi ransomware attack (Killsecurity, 2025)
Revi was named on the Killsecurity ransomware data-leak (extortion) site on 2025-02-19.
RansomwareUnknownData leak at Vienne Departmental Fire and Rescue Service
On 19 February 2025, the Vienne Departmental Fire and Rescue Service (SDIS 86) in France suffered a website compromise that exposed an internal database, including user logins, hashed passwords and email addresses, along with sensitive station and emergency-intervention information.
Supreme Administrative Court of Bulgaria ransomware attack (Ransomhouse, 2025)
Supreme Administrative Court of Bulgaria was named on the Ransomhouse ransomware data-leak (extortion) site on 2025-02-19.
RansomwareUnknownAfa Systems Ltd. ransomware attack (Underground, 2025)
Afa Systems Ltd. was named on the Underground ransomware data-leak (extortion) site on 2025-02-18.
RansomwareUnknownbestbrands.com\$25.5M\USA\659GB\<1% DISCLOSED ransomware attack (Cactus, 2025)
bestbrands.com\$25.5M\USA\659GB\<1% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-02-18.
RansomwareUnknownboostheat.com ransomware attack (Bashe, 2025)
boostheat.com was named on the Bashe ransomware data-leak (extortion) site on 2025-02-18.
RansomwareUnknownBuanderie Centrale de Montreal ransomware attack (Rhysida, 2025)
Buanderie Centrale de Montreal was named on the Rhysida ransomware data-leak (extortion) site on 2025-02-18.
RansomwareUnknownlavi.co.il ransomware attack (Incransom, 2025)
lavi.co.il was named on the Incransom ransomware data-leak (extortion) site on 2025-02-18.
RansomwareUnknownmidwayimporting.com\$43.7M\USA\915GB\<1% DISCLOSED ransomware attack (Cactus, 2025)
midwayimporting.com\$43.7M\USA\915GB\<1% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-02-18.
RansomwareUnknownpyasolutions.com ransomware attack (Incransom, 2025)
pyasolutions.com was named on the Incransom ransomware data-leak (extortion) site on 2025-02-18.
RansomwareUnknownranhillbersekutu.com.my ransomware attack (Lynx, 2025)
ranhillbersekutu.com.my was named on the Lynx ransomware data-leak (extortion) site on 2025-02-18.
RansomwareUnknownrevitalash.com\$21.5M\USA\1.2TB\<1% DISCLOSED ransomware attack (Cactus, 2025)
revitalash.com\$21.5M\USA\1.2TB\<1% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-02-18.
RansomwareUnknownuniekinc.com\$37.5M\USA\1.8TB\<1% DISCLOSED ransomware attack (Cactus, 2025)
uniekinc.com\$37.5M\USA\1.8TB\<1% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-02-18.
RansomwareUnknownwww.alphamedctr.com ransomware attack (RansomHub, 2025)
www.alphamedctr.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-18.
RansomwareUnknownwww.ccttechnologies.com ransomware attack (RansomHub, 2025)
www.ccttechnologies.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-18.
RansomwareUnknownwww.copleystoughton.com ransomware attack (RansomHub, 2025)
www.copleystoughton.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-18.
RansomwareUnknownwww.macmed.com ransomware attack (RansomHub, 2025)
www.macmed.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-18.
RansomwareUnknownwww.mwmechanicalinc.com ransomware attack (RansomHub, 2025)
www.mwmechanicalinc.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-18.
RansomwareUnknownAllied Tenesis ransomware attack (Lynx, 2025)
Allied Tenesis was named on the Lynx ransomware data-leak (extortion) site on 2025-02-17.
RansomwareUnknownalmostfamousclothing.com\$183M\USA\375GB\<1% DISCLOSED ransomware attack (Cactus, 2025)
almostfamousclothing.com\$183M\USA\375GB\<1% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-02-17.
RansomwareUnknownAutoschade Pippel ransomware attack (Lynx, 2025)
Autoschade Pippel was named on the Lynx ransomware data-leak (extortion) site on 2025-02-17.
RansomwareUnknownbisindustries.com ransomware attack (RansomHub, 2025)
bisindustries.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-17.
RansomwareUnknownBulldog Oilfield Services ransomware attack (Play, 2025)
Bulldog Oilfield Services was named on the Play ransomware data-leak (extortion) site on 2025-02-17.
RansomwareUnknownBushmans ransomware attack (Play, 2025)
Bushmans was named on the Play ransomware data-leak (extortion) site on 2025-02-17.
RansomwareUnknownCirion Technologies ransomware attack (Braincipher, 2025)
Cirion Technologies was named on the Braincipher ransomware data-leak (extortion) site on 2025-02-17.
RansomwareUnknownCuna Supply ransomware attack (Play, 2025)
Cuna Supply was named on the Play ransomware data-leak (extortion) site on 2025-02-17.
RansomwareUnknownDane Court Grammar School ransomware attack (Kairos, 2025)
Dane Court Grammar School was named on the Kairos ransomware data-leak (extortion) site on 2025-02-17.
RansomwareUnknownGreencastle-Antrim Senior High School (gcasd.org) ransomware attack (FOG, 2025)
Greencastle-Antrim Senior High School (gcasd.org) was named on the FOG ransomware data-leak (extortion) site on 2025-02-17.
RansomwareUnknownhamton ransomware attack (Lynx, 2025)
hamton was named on the Lynx ransomware data-leak (extortion) site on 2025-02-17.
RansomwareUnknownHisingstads Bleck ransomware attack (Lynx, 2025)
Hisingstads Bleck was named on the Lynx ransomware data-leak (extortion) site on 2025-02-17.
RansomwareUnknownHRS_IDEA_Expertises ransomware attack (Lynx, 2025)
HRS_IDEA_Expertises was named on the Lynx ransomware data-leak (extortion) site on 2025-02-17.
RansomwareUnknownhttps://www.dapope.com/ ransomware attack (BlackSuit, 2025)
https://www.dapope.com/ was named on the BlackSuit ransomware data-leak (extortion) site on 2025-02-17.
RansomwareUnknownInland Empire Distribution Systems, Inc. ransomware attack (Play, 2025)
Inland Empire Distribution Systems, Inc. was named on the Play ransomware data-leak (extortion) site on 2025-02-17.
RansomwareUnknownkinseysinc.com\$74.9M\USA\675GB\<1% DISCLOSED ransomware attack (Cactus, 2025)
kinseysinc.com\$74.9M\USA\675GB\<1% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-02-17.
RansomwareUnknownLeadership Strategies ransomware attack (Lynx, 2025)
Leadership Strategies was named on the Lynx ransomware data-leak (extortion) site on 2025-02-17.
RansomwareUnknownlekiaviation.com ransomware attack (RansomHub, 2025)
lekiaviation.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-17.
RansomwareUnknownLINTEC & LINNHOFF Holdings ransomware attack (Lynx, 2025)
LINTEC & LINNHOFF Holdings was named on the Lynx ransomware data-leak (extortion) site on 2025-02-17.
RansomwareUnknownmgainnovation.com\$30.9M\USA\215GB\100% DISCLOSED ransomware attack (Cactus, 2025)
mgainnovation.com\$30.9M\USA\215GB\100% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-02-17.
RansomwareUnknownmyhscu.com ransomware attack (Embargo, 2025)
myhscu.com was named on the Embargo ransomware data-leak (extortion) site on 2025-02-17.
RansomwareUnknownneatem.fr ransomware attack (Braincipher, 2025)
neatem.fr was named on the Braincipher ransomware data-leak (extortion) site on 2025-02-17.
RansomwareUnknownnorthernresponse.com\$17.4M\Canada\366GB\100% DISCLOSED ransomware attack (Cactus, 2025)
northernresponse.com\$17.4M\Canada\366GB\100% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-02-17.
RansomwareUnknownOxford Companies ransomware attack (Play, 2025)
Oxford Companies was named on the Play ransomware data-leak (extortion) site on 2025-02-17.
RansomwareUnknownPedensia Graphics Distribution ransomware attack (Lynx, 2025)
Pedensia Graphics Distribution was named on the Lynx ransomware data-leak (extortion) site on 2025-02-17.
RansomwareUnknownPersante Health Care ransomware attack (Incransom, 2025)
Persante Health Care was named on the Incransom ransomware data-leak (extortion) site on 2025-02-17.
RansomwareUnknownRheinischer Sch ransomware attack (Play, 2025)
Rheinischer Sch was named on the Play ransomware data-leak (extortion) site on 2025-02-17.
RansomwareUnknownsavoiesfoods.com\$18.2M\USA\95GB\100% DISCLOSED ransomware attack (Cactus, 2025)
savoiesfoods.com\$18.2M\USA\95GB\100% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-02-17.
RansomwareUnknownData leak at Sport Découverte
On 17 February 2025, French sports-experience e-commerce retailer Sport Découverte (sport-decouverte.com) was reported breached, with a database of roughly 488,000 customer accounts — names, dates of birth, phone numbers and email addresses — exposed.
ssmcoop.com\$22.5M\USA\26GB\<1% DISCLOSED ransomware attack (Cactus, 2025)
ssmcoop.com\$22.5M\USA\26GB\<1% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-02-17.
RansomwareUnknownStage 3 Separation ransomware attack (Play, 2025)
Stage 3 Separation was named on the Play ransomware data-leak (extortion) site on 2025-02-17.
RansomwareUnknownStartek Peglar & Calcagni ransomware attack (Play, 2025)
Startek Peglar & Calcagni was named on the Play ransomware data-leak (extortion) site on 2025-02-17.
RansomwareUnknownsteelerubber.com\$17.9M\USA\116GB\<1% DISCLOSED ransomware attack (Cactus, 2025)
steelerubber.com\$17.9M\USA\116GB\<1% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-02-17.
RansomwareUnknownSwissmem ransomware attack (Hunters International, 2025)
Swissmem was named on the Hunters International ransomware data-leak (extortion) site on 2025-02-17.
RansomwareUnknownteamwass.com\$676.3M\USA\451GB\<1% DISCLOSED ransomware attack (Cactus, 2025)
teamwass.com\$676.3M\USA\451GB\<1% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-02-17.
RansomwareUnknownThe Townsley Law Firm Information ransomware attack (Play, 2025)
The Townsley Law Firm Information was named on the Play ransomware data-leak (extortion) site on 2025-02-17.
RansomwareUnknownToi Toi USA ransomware attack (Kairos, 2025)
Toi Toi USA was named on the Kairos ransomware data-leak (extortion) site on 2025-02-17.
RansomwareUnknownTranskid ransomware attack (Play, 2025)
Transkid was named on the Play ransomware data-leak (extortion) site on 2025-02-17.
RansomwareUnknownWeed Man Canada ransomware attack (Play, 2025)
Weed Man Canada was named on the Play ransomware data-leak (extortion) site on 2025-02-17.
RansomwareUnknownWinbas ransomware attack (Lynx, 2025)
Winbas was named on the Lynx ransomware data-leak (extortion) site on 2025-02-17.
RansomwareUnknownwww.macter.com ransomware attack (RansomHub, 2025)
www.macter.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-17.
RansomwareUnknownWylie Steel Fabricators ransomware attack (Play, 2025)
Wylie Steel Fabricators was named on the Play ransomware data-leak (extortion) site on 2025-02-17.
RansomwareUnknownA*u.edu.au ransomware attack (Flocker, 2025)
A*u.edu.au was named on the Flocker ransomware data-leak (extortion) site on 2025-02-16.
RansomwareUnknownannegrady.org ransomware attack (Embargo, 2025)
annegrady.org was named on the Embargo ransomware data-leak (extortion) site on 2025-02-16.
RansomwareUnknownGitlabs: Acqua development, QBurst, Pamyra.de ransomware attack (FOG, 2025)
Gitlabs: Acqua development, QBurst, Pamyra.de was named on the FOG ransomware data-leak (extortion) site on 2025-02-16.
RansomwareUnknownGpstech2007.com ransomware attack (Flocker, 2025)
Gpstech2007.com was named on the Flocker ransomware data-leak (extortion) site on 2025-02-16.
RansomwareUnknownMervis.info ransomware attack (Flocker, 2025)
Mervis.info was named on the Flocker ransomware data-leak (extortion) site on 2025-02-16.
RansomwareUnknownRealtime.tw ransomware attack (Flocker, 2025)
Realtime.tw was named on the Flocker ransomware data-leak (extortion) site on 2025-02-16.
RansomwareUnknownALIEN TXTBASE Stealer Logs data breach (2025)
In February 2025, 23 billion rows of stealer logs were obtained from a Telegram channel known as ALIEN TXTBASE. The data contained 284M unique email addresses alongside the websites they were entered into and the passwords used.
Data breachResolvedCity of McKinney ransomware attack (Incransom, 2025)
City of McKinney was named on the Incransom ransomware data-leak (extortion) site on 2025-02-15.
RansomwareUnknownEmpire Home Center ransomware attack (Lynx, 2025)
Empire Home Center was named on the Lynx ransomware data-leak (extortion) site on 2025-02-15.
RansomwareUnknownhalex.com ransomware attack (Abyss, 2025)
halex.com was named on the Abyss ransomware data-leak (extortion) site on 2025-02-15.
RansomwareUnknown(M)Empire-home-center ransomware attack (Lynx, 2025)
(M)Empire-home-center was named on the Lynx ransomware data-leak (extortion) site on 2025-02-15.
RansomwareUnknownNortheast Delta Human Services Authority ransomware attack (Incransom, 2025)
Northeast Delta Human Services Authority was named on the Incransom ransomware data-leak (extortion) site on 2025-02-15.
RansomwareUnknownsaulttribe.com/kewadin.com ransomware attack (RansomHub, 2025)
saulttribe.com/kewadin.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-15.
RansomwareUnknownwww.310tempering.com ransomware attack (RansomHub, 2025)
www.310tempering.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-15.
RansomwareUnknownwww.cityoftarrant.com ransomware attack (RansomHub, 2025)
www.cityoftarrant.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-15.
RansomwareUnknownwww.colacouronnelocations.com ransomware attack (RansomHub, 2025)
www.colacouronnelocations.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-15.
RansomwareUnknownwww.imgenterprises.com ransomware attack (RansomHub, 2025)
www.imgenterprises.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-15.
RansomwareUnknownwww.naga.ae ransomware attack (RansomHub, 2025)
www.naga.ae was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-15.
RansomwareUnknownwww.rowetactical.com ransomware attack (RansomHub, 2025)
www.rowetactical.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-15.
RansomwareUnknownwww.solardatasystems.com ransomware attack (RansomHub, 2025)
www.solardatasystems.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-15.
RansomwareUnknownwww.transcend-info.com ransomware attack (RansomHub, 2025)
www.transcend-info.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-15.
RansomwareUnknownAdpost data breach (2025)
In February 2025, data obtained from an earlier Adpost breach surfaced. The dataset contained 3.3M records including email addresses, usernames, and display names. Adpost later published a disclosure notice and advised they'd forced a credential refresh, among other actions.
Data breachResolvedbrockbanks.co.uk ransomware attack (RansomHub, 2025)
brockbanks.co.uk was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-14.
RansomwareUnknownCocospy data breach (2025)
In February 2025, the spyware service Cocospy suffered a data breach along with sibling spyware service, Spyic. The Cocospy breach alone exposed almost 1.8M customer email addresses which were provided to HIBP, and reportedly also enabled unauthorised access to captured messages, photos, call logs,…
Data breachResolvedHeritage South Credit Union ransomware attack (Embargo, 2025)
Heritage South Credit Union was named on the Embargo ransomware data-leak (extortion) site on 2025-02-14.
RansomwareUnknownSpyic data breach (2025)
In February 2025, the spyware service Spyic suffered a data breach along with sibling spyware service, Cocospy. The Spyic breach alone exposed almost 876k customer email addresses which were provided to HIBP, and reportedly also enabled unauthorised access to captured messages, photos, call logs,…
Data breachResolvedThe Agency ransomware attack (Rhysida, 2025)
The Agency was named on the Rhysida ransomware data-leak (extortion) site on 2025-02-14.
RansomwareUnknownwww.calspa.it ransomware attack (RansomHub, 2025)
www.calspa.it was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-14.
RansomwareUnknownAspire Rural Health System ransomware attack (BianLian, 2025)
Aspire Rural Health System was named on the BianLian ransomware data-leak (extortion) site on 2025-02-13.
RansomwareUnknownBall, LLP ransomware attack (BianLian, 2025)
Ball, LLP was named on the BianLian ransomware data-leak (extortion) site on 2025-02-13.
RansomwareUnknownBorel CPA's L.L.C ransomware attack (BianLian, 2025)
Borel CPA's L.L.C was named on the BianLian ransomware data-leak (extortion) site on 2025-02-13.
RansomwareUnknownDain, Torpy, Le Ray, Wiest and Garner, P.C. ransomware attack (BianLian, 2025)
Dain, Torpy, Le Ray, Wiest and Garner, P.C. was named on the BianLian ransomware data-leak (extortion) site on 2025-02-13.
RansomwareUnknownenventuregt.com ransomware attack (RansomHub, 2025)
enventuregt.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-13.
RansomwareUnknownFinancial Services of America, Inc. ransomware attack (BianLian, 2025)
Financial Services of America, Inc. was named on the BianLian ransomware data-leak (extortion) site on 2025-02-13.
RansomwareUnknownGitlabs: Omydoo, Ayomi, ADULLACT ransomware attack (FOG, 2025)
Gitlabs: Omydoo, Ayomi, ADULLACT was named on the FOG ransomware data-leak (extortion) site on 2025-02-13.
RansomwareUnknownleonardo.com ransomware attack (Threeam, 2025)
leonardo.com was named on the Threeam ransomware data-leak (extortion) site on 2025-02-13.
RansomwareUnknownMozo Grau (mozo-grau.com) ransomware attack (FOG, 2025)
Mozo Grau (mozo-grau.com) was named on the FOG ransomware data-leak (extortion) site on 2025-02-13.
RansomwareUnknownLeak at Mutuelle des Motards
In February 2025, French motorcycle insurer Mutuelle des Motards suffered a breach of a marketing contact database, exposing names, email addresses, phone numbers and postal codes of more than 1.3 million members.
Nash Brothers Construction ransomware attack (BianLian, 2025)
Nash Brothers Construction was named on the BianLian ransomware data-leak (extortion) site on 2025-02-13.
RansomwareUnknownNippon Steel USA ransomware attack (BianLian, 2025)
Nippon Steel USA was named on the BianLian ransomware data-leak (extortion) site on 2025-02-13.
RansomwareUnknownR Molds Inc ransomware attack (BianLian, 2025)
R Molds Inc was named on the BianLian ransomware data-leak (extortion) site on 2025-02-13.
RansomwareUnknownShields Facilities Maintenance ransomware attack (Play, 2025)
Shields Facilities Maintenance was named on the Play ransomware data-leak (extortion) site on 2025-02-13.
RansomwareUnknownsnoqualmietribe.us ransomware attack (RansomHub, 2025)
snoqualmietribe.us was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-13.
RansomwareUnknownalderconstruction.com ransomware attack (RansomHub, 2025)
alderconstruction.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-12.
RansomwareUnknownaskgs.ma ransomware attack (RansomHub, 2025)
askgs.ma was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-12.
RansomwareUnknownbergconst.com ransomware attack (RansomHub, 2025)
bergconst.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-12.
RansomwareUnknownbritannicahome.com\$20.6M\USA\2.8TB\<1% DISCLOSED ransomware attack (Cactus, 2025)
britannicahome.com\$20.6M\USA\2.8TB\<1% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-02-12.
RansomwareUnknownburdickpainting.com ransomware attack (RansomHub, 2025)
burdickpainting.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-12.
RansomwareUnknownLeak at Caisse des dépôts et des consignations
In February 2025, France's Caisse des dépôts disclosed that attackers used stolen login credentials to access the Ircantec pension platform and steal the personal data of about 70,000 public-sector contract workers, hospital practitioners and roughly 1,000 local elected officials.
Leak at Chronopost
Chronopost, the French express parcel carrier, confirmed in February 2025 that an intrusion detected on 29 January 2025 exposed personal data of around 210,000 customers, including names, postal addresses, phone numbers and delivery signatures.
columbiacabinets.com ransomware attack (RansomHub, 2025)
columbiacabinets.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-12.
RansomwareUnknowncurtisint.com\$37.2M\Canada\676GB\<1% DISCLOSED ransomware attack (Cactus, 2025)
curtisint.com\$37.2M\Canada\676GB\<1% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-02-12.
RansomwareUnknownE*******s.gov.zm ransomware attack (Flocker, 2025)
E*******s.gov.zm was named on the Flocker ransomware data-leak (extortion) site on 2025-02-12.
RansomwareUnknownekvallbyrne.com ransomware attack (RansomHub, 2025)
ekvallbyrne.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-12.
RansomwareUnknownGitlabs: INGV, Spacemanic, Squeezer-software ransomware attack (FOG, 2025)
Gitlabs: INGV, Spacemanic, Squeezer-software was named on the FOG ransomware data-leak (extortion) site on 2025-02-12.
RansomwareUnknownHess (hess-gmbh.de) ransomware attack (FOG, 2025)
Hess (hess-gmbh.de) was named on the FOG ransomware data-leak (extortion) site on 2025-02-12.
RansomwareUnknownhttp://thermaseal.net ransomware attack (Ciphbit, 2025)
http://thermaseal.net was named on the Ciphbit ransomware data-leak (extortion) site on 2025-02-12.
RansomwareUnknownkrmcustomhomes.com ransomware attack (RansomHub, 2025)
krmcustomhomes.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-12.
RansomwareUnknownladeralending.com ransomware attack (RansomHub, 2025)
laderalending.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-12.
RansomwareUnknownMICRO MANUFACTRING ransomware attack (Ransomblog_noname, 2025)
MICRO MANUFACTRING was named on the Ransomblog_noname ransomware data-leak (extortion) site on 2025-02-12.
RansomwareUnknownminnesotaexteriors.com ransomware attack (RansomHub, 2025)
minnesotaexteriors.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-12.
RansomwareUnknownObex Medical ransomware attack (Killsecurity, 2025)
Obex Medical was named on the Killsecurity ransomware data-leak (extortion) site on 2025-02-12.
RansomwareUnknownOmni Fiber LLC ransomware attack (Monti, 2025)
Omni Fiber LLC was named on the Monti ransomware data-leak (extortion) site on 2025-02-12.
RansomwareUnknownrogerspetro.com ransomware attack (RansomHub, 2025)
rogerspetro.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-12.
RansomwareUnknownslchc.edu ransomware attack (RansomHub, 2025)
slchc.edu was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-12.
RansomwareUnknownSocietatea Energetica Electrica S.A. ransomware attack (Lynx, 2025)
Societatea Energetica Electrica S.A. was named on the Lynx ransomware data-leak (extortion) site on 2025-02-12.
RansomwareUnknownsteveallcorn.remax.com ransomware attack (RansomHub, 2025)
steveallcorn.remax.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-12.
RansomwareUnknownSTIIIZY Full Data Leak ransomware attack (Everest, 2025)
STIIIZY Full Data Leak was named on the Everest ransomware data-leak (extortion) site on 2025-02-12.
RansomwareUnknownsundanceliving.com ransomware attack (RansomHub, 2025)
sundanceliving.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-12.
RansomwareUnknownThe Brown & Hurley Group ransomware attack (Lynx, 2025)
The Brown & Hurley Group was named on the Lynx ransomware data-leak (extortion) site on 2025-02-12.
RansomwareUnknownthejdkgroup.com ransomware attack (RansomHub, 2025)
thejdkgroup.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-12.
RansomwareUnknowntwncomm.com ransomware attack (RansomHub, 2025)
twncomm.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-12.
RansomwareUnknownuniquehd.com\$13.7M\USA\429GB\<1% DISCLOSED ransomware attack (Cactus, 2025)
uniquehd.com\$13.7M\USA\429GB\<1% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-02-12.
RansomwareUnknownweathersa.co.za ransomware attack (RansomHub, 2025)
weathersa.co.za was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-12.
RansomwareUnknownAurora Public Schools (aurorak12.org) ransomware attack (FOG, 2025)
Aurora Public Schools (aurorak12.org) was named on the FOG ransomware data-leak (extortion) site on 2025-02-11.
RansomwareUnknownBaltimore Country Club ransomware attack (Play, 2025)
Baltimore Country Club was named on the Play ransomware data-leak (extortion) site on 2025-02-11.
RansomwareUnknownCESI ransomware attack (Termite, 2025)
CESI was named on the Termite ransomware data-leak (extortion) site on 2025-02-11.
RansomwareUnknownCold Storage Manufacturing ransomware attack (Play, 2025)
Cold Storage Manufacturing was named on the Play ransomware data-leak (extortion) site on 2025-02-11.
RansomwareUnknownEAC Consulting ransomware attack (Play, 2025)
EAC Consulting was named on the Play ransomware data-leak (extortion) site on 2025-02-11.
RansomwareUnknownFastighetsservice AB ransomware attack (Play, 2025)
Fastighetsservice AB was named on the Play ransomware data-leak (extortion) site on 2025-02-11.
RansomwareUnknownHammond Trucking & Excavation ransomware attack (Rhysida, 2025)
Hammond Trucking & Excavation was named on the Rhysida ransomware data-leak (extortion) site on 2025-02-11.
RansomwareUnknownJildor Shoes ransomware attack (Play, 2025)
Jildor Shoes was named on the Play ransomware data-leak (extortion) site on 2025-02-11.
RansomwareUnknownKensington Glass Arts ransomware attack (Play, 2025)
Kensington Glass Arts was named on the Play ransomware data-leak (extortion) site on 2025-02-11.
RansomwareUnknownLeak at King Jouet
In February 2025, French toy retailer King Jouet was hit by a breach of its online order-tracking interface; a hacker claimed 4.3 million records, but the company said fewer than 25,000 customers across two stores had names, contact details and order information exposed.
Lexipol data breach (2025)
In February 2025, the public safety policy management systems company Lexipol suffered a data breach. Attributed to the self-proclaimed "Puppygirl Hacker Polycule", the breach exposed an extensive number of documents and user records which were subsequently published publicly.
Data breachResolvedLogix Corporate Solutions ransomware attack (Killsecurity, 2025)
Logix Corporate Solutions was named on the Killsecurity ransomware data-leak (extortion) site on 2025-02-11.
RansomwareUnknownMainline Information Systems ransomware attack (Play, 2025)
Mainline Information Systems was named on the Play ransomware data-leak (extortion) site on 2025-02-11.
RansomwareUnknownMonroe Transportation Services Inc ransomware attack (Play, 2025)
Monroe Transportation Services Inc was named on the Play ransomware data-leak (extortion) site on 2025-02-11.
RansomwareUnknownNeaton Auto Products Manufacturing ransomware attack (Play, 2025)
Neaton Auto Products Manufacturing was named on the Play ransomware data-leak (extortion) site on 2025-02-11.
RansomwareUnknownprimesourcestaffing.com ransomware attack (RansomHub, 2025)
primesourcestaffing.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-11.
RansomwareUnknownROCK SOLID Stabilization & Reclamation ransomware attack (Play, 2025)
ROCK SOLID Stabilization & Reclamation was named on the Play ransomware data-leak (extortion) site on 2025-02-11.
RansomwareUnknownRogers ransomware attack (Hunters International, 2025)
Rogers was named on the Hunters International ransomware data-leak (extortion) site on 2025-02-11.
RansomwareUnknownSaint George's College (saintgeorge.cl) ransomware attack (FOG, 2025)
Saint George's College (saintgeorge.cl) was named on the FOG ransomware data-leak (extortion) site on 2025-02-11.
RansomwareUnknownsehma.com ransomware attack (Threeam, 2025)
sehma.com was named on the Threeam ransomware data-leak (extortion) site on 2025-02-11.
RansomwareUnknownShinn Fu Company of America ransomware attack (Play, 2025)
Shinn Fu Company of America was named on the Play ransomware data-leak (extortion) site on 2025-02-11.
RansomwareUnknownsole technology ransomware attack (Monti, 2025)
sole technology was named on the Monti ransomware data-leak (extortion) site on 2025-02-11.
RansomwareUnknownThe Children's Center Of Hamden ransomware attack (Incransom, 2025)
The Children's Center Of Hamden was named on the Incransom ransomware data-leak (extortion) site on 2025-02-11.
RansomwareUnknownThe University of Notre Dame Australia (nd.edu.au) ransomware attack (FOG, 2025)
The University of Notre Dame Australia (nd.edu.au) was named on the FOG ransomware data-leak (extortion) site on 2025-02-11.
RansomwareUnknownTie Down Engineering ransomware attack (Play, 2025)
Tie Down Engineering was named on the Play ransomware data-leak (extortion) site on 2025-02-11.
RansomwareUnknownTMC ransomware attack (Killsecurity, 2025)
TMC was named on the Killsecurity ransomware data-leak (extortion) site on 2025-02-11.
RansomwareUnknownabcapital.com.ph ransomware attack (LockBit, 2025)
abcapital.com.ph was named on the LockBit ransomware data-leak (extortion) site on 2025-02-10.
RansomwareUnknownAlbright Institute ransomware attack (Killsecurity, 2025)
Albright Institute was named on the Killsecurity ransomware data-leak (extortion) site on 2025-02-10.
RansomwareUnknownASRAM Medical College and Hospita ransomware attack (Killsecurity, 2025)
ASRAM Medical College and Hospita was named on the Killsecurity ransomware data-leak (extortion) site on 2025-02-10.
RansomwareUnknownAtlas Commodities ransomware attack (Lynx, 2025)
Atlas Commodities was named on the Lynx ransomware data-leak (extortion) site on 2025-02-10.
RansomwareUnknownbazcooil.com ransomware attack (RansomHub, 2025)
bazcooil.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-10.
RansomwareUnknownCapital Cell Global (CCG) ransomware attack (Killsecurity, 2025)
Capital Cell Global (CCG) was named on the Killsecurity ransomware data-leak (extortion) site on 2025-02-10.
RansomwareUnknownD-7 Roofing ransomware attack (BianLian, 2025)
D-7 Roofing was named on the BianLian ransomware data-leak (extortion) site on 2025-02-10.
RansomwareUnknownEnfin ransomware attack (Killsecurity, 2025)
Enfin was named on the Killsecurity ransomware data-leak (extortion) site on 2025-02-10.
RansomwareUnknownkaplanstahler.com ransomware attack (RansomHub, 2025)
kaplanstahler.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-10.
RansomwareUnknownkomline.com ransomware attack (RansomHub, 2025)
komline.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-10.
RansomwareUnknownLexington Electric ransomware attack (Lynx, 2025)
Lexington Electric was named on the Lynx ransomware data-leak (extortion) site on 2025-02-10.
RansomwareUnknownMarshall Motor Holdings ransomware attack (Lynx, 2025)
Marshall Motor Holdings was named on the Lynx ransomware data-leak (extortion) site on 2025-02-10.
RansomwareUnknownome.tv | SOLD ransomware attack (Bashe, 2025)
ome.tv | SOLD was named on the Bashe ransomware data-leak (extortion) site on 2025-02-10.
RansomwareUnknownRecievership Specialists ransomware attack (BianLian, 2025)
Recievership Specialists was named on the BianLian ransomware data-leak (extortion) site on 2025-02-10.
RansomwareUnknownsdfab.com ransomware attack (RansomHub, 2025)
sdfab.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-10.
RansomwareUnknownWhoHire ransomware attack (Killsecurity, 2025)
WhoHire was named on the Killsecurity ransomware data-leak (extortion) site on 2025-02-10.
RansomwareUnknownwww.jsp.com ransomware attack (RansomHub, 2025)
www.jsp.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-10.
RansomwareUnknownGitlabs: Universitatea Politehnica din Bucuresti, Maxvy Technologies Pvt, iRidge Inc. ransomware attack (FOG, 2025)
Gitlabs: Universitatea Politehnica din Bucuresti, Maxvy Technologies Pvt, iRidge Inc. was named on the FOG ransomware data-leak (extortion) site on 2025-02-09.
RansomwareUnknownHandala New Telegram Channel ransomware attack (Handala, 2025)
Handala New Telegram Channel was named on the Handala ransomware data-leak (extortion) site on 2025-02-09.
RansomwareUnknownHpisd.org ransomware attack (RansomHub, 2025)
Hpisd.org was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-09.
RansomwareUnknownIsrael Police Hacked ransomware attack (Handala, 2025)
Israel Police Hacked was named on the Handala ransomware data-leak (extortion) site on 2025-02-09.
RansomwareUnknownLeading Edge Specialized Dentistry ransomware attack (Rhysida, 2025)
Leading Edge Specialized Dentistry was named on the Rhysida ransomware data-leak (extortion) site on 2025-02-09.
RansomwareUnknownwwcsd.net ransomware attack (RansomHub, 2025)
wwcsd.net was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-09.
RansomwareUnknownG*********7.com ransomware attack (Flocker, 2025)
G*********7.com was named on the Flocker ransomware data-leak (extortion) site on 2025-02-08.
RansomwareUnknownM****s.info ransomware attack (Flocker, 2025)
M****s.info was named on the Flocker ransomware data-leak (extortion) site on 2025-02-08.
RansomwareUnknownR******e.tw ransomware attack (Flocker, 2025)
R******e.tw was named on the Flocker ransomware data-leak (extortion) site on 2025-02-08.
RansomwareUnknownSAKAI SOUKEN Co. ransomware attack (Hunters International, 2025)
SAKAI SOUKEN Co. was named on the Hunters International ransomware data-leak (extortion) site on 2025-02-08.
RansomwareUnknownGitlabs: Chalmers tekniska högskola, Fligno, 3SS ransomware attack (FOG, 2025)
Gitlabs: Chalmers tekniska högskola, Fligno, 3SS was named on the FOG ransomware data-leak (extortion) site on 2025-02-07.
RansomwareUnknownsautech.edu ransomware attack (RansomHub, 2025)
sautech.edu was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-07.
RansomwareUnknownteamues.com ransomware attack (RansomHub, 2025)
teamues.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-07.
RansomwareUnknownLeak at Espace-Recettes.fr Vorwerk
In early February 2025, Vorwerk's Thermomix recipe community Espace-Recettes.fr (Rezeptwelt) was breached via a compromised third-party server, exposing names, postal addresses, emails, phone numbers, dates of birth and cooking preferences of roughly 3.3 million users across several countries.
Gitlabs: eConceptions, Top Systems, DIEM ransomware attack (FOG, 2025)
Gitlabs: eConceptions, Top Systems, DIEM was named on the FOG ransomware data-leak (extortion) site on 2025-02-06.
RansomwareUnknownnorthernresponse.com\$17.4M\Canada\366GB\<1% DISCLOSED ransomware attack (Cactus, 2025)
northernresponse.com\$17.4M\Canada\366GB\<1% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-02-06.
RansomwareUnknownRobertshaw ransomware attack (Hunters International, 2025)
Robertshaw was named on the Hunters International ransomware data-leak (extortion) site on 2025-02-06.
RansomwareUnknownsavoiesfoods.com\$18.2M\USA\95GB\<1% DISCLOSED ransomware attack (Cactus, 2025)
savoiesfoods.com\$18.2M\USA\95GB\<1% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-02-06.
RansomwareUnknownSmithDunn&Co ransomware attack (Spacebears, 2025)
SmithDunn&Co was named on the Spacebears ransomware data-leak (extortion) site on 2025-02-06.
RansomwareUnknownzsattorneys.com ransomware attack (RansomHub, 2025)
zsattorneys.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-06.
RansomwareUnknownA2b-cargo.com ransomware attack (Flocker, 2025)
A2b-cargo.com was named on the Flocker ransomware data-leak (extortion) site on 2025-02-05.
RansomwareUnknownBanfi Vintners ransomware attack (Lynx, 2025)
Banfi Vintners was named on the Lynx ransomware data-leak (extortion) site on 2025-02-05.
RansomwareUnknowncorehandf.com ransomware attack (Threeam, 2025)
corehandf.com was named on the Threeam ransomware data-leak (extortion) site on 2025-02-05.
RansomwareUnknownDash Business ransomware attack (BianLian, 2025)
Dash Business was named on the BianLian ransomware data-leak (extortion) site on 2025-02-05.
RansomwareUnknownHall Chadwick ransomware attack (BianLian, 2025)
Hall Chadwick was named on the BianLian ransomware data-leak (extortion) site on 2025-02-05.
RansomwareUnknownIndia car owners ransomware attack (Bashe, 2025)
India car owners was named on the Bashe ransomware data-leak (extortion) site on 2025-02-05.
RansomwareUnknownMid-State Machine & Fabricating Corp ransomware attack (Play, 2025)
Mid-State Machine & Fabricating Corp was named on the Play ransomware data-leak (extortion) site on 2025-02-05.
RansomwareUnknownNESCTC Security Services ransomware attack (BianLian, 2025)
NESCTC Security Services was named on the BianLian ransomware data-leak (extortion) site on 2025-02-05.
RansomwareUnknownOFW Law ransomware attack (BianLian, 2025)
OFW Law was named on the BianLian ransomware data-leak (extortion) site on 2025-02-05.
RansomwareUnknownShinsung Delta Tech ransomware attack (Lynx, 2025)
Shinsung Delta Tech was named on the Lynx ransomware data-leak (extortion) site on 2025-02-05.
RansomwareUnknownSt Clair Orthopaedics and Sports Medicine P.C. ransomware attack (BianLian, 2025)
St Clair Orthopaedics and Sports Medicine P.C. was named on the BianLian ransomware data-leak (extortion) site on 2025-02-05.
RansomwareUnknownToshapp.com ransomware attack (Flocker, 2025)
Toshapp.com was named on the Flocker ransomware data-leak (extortion) site on 2025-02-05.
RansomwareUnknownalojaimi.com ransomware attack (RansomHub, 2025)
alojaimi.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-04.
RansomwareUnknownC and R Molds Inc ransomware attack (BianLian, 2025)
C and R Molds Inc was named on the BianLian ransomware data-leak (extortion) site on 2025-02-04.
RansomwareUnknownC2S Technologies Inc. ransomware attack (Everest, 2025)
C2S Technologies Inc. was named on the Everest ransomware data-leak (extortion) site on 2025-02-04.
RansomwareUnknowncapstoneins.ca ransomware attack (RansomHub, 2025)
capstoneins.ca was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-04.
RansomwareUnknownCasper's Truck Equipment ransomware attack (Kairos, 2025)
Casper's Truck Equipment was named on the Kairos ransomware data-leak (extortion) site on 2025-02-04.
RansomwareUnknownclarkfreightways.com ransomware attack (RansomHub, 2025)
clarkfreightways.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-04.
RansomwareUnknowncoel.com.mx ransomware attack (Bashe, 2025)
coel.com.mx was named on the Bashe ransomware data-leak (extortion) site on 2025-02-04.
RansomwareUnknownCommercial Solutions ransomware attack (BianLian, 2025)
Commercial Solutions was named on the BianLian ransomware data-leak (extortion) site on 2025-02-04.
RansomwareUnknowncornwelltools.com\$218.7M\USA\4.6TB\<1% DISCLOSED ransomware attack (Cactus, 2025)
cornwelltools.com\$218.7M\USA\4.6TB\<1% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-02-04.
RansomwareUnknownescada.com ransomware attack (RansomHub, 2025)
escada.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-04.
RansomwareUnknowngaheritagefcu.org ransomware attack (RansomHub, 2025)
gaheritagefcu.org was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-04.
RansomwareUnknownGitlabs: hemio.de, SOLEIL, Devlion ransomware attack (FOG, 2025)
Gitlabs: hemio.de, SOLEIL, Devlion was named on the FOG ransomware data-leak (extortion) site on 2025-02-04.
RansomwareUnknownheartlandrvs.com ransomware attack (RansomHub, 2025)
heartlandrvs.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-04.
RansomwareUnknownITSS ransomware attack (Everest, 2025)
ITSS was named on the Everest ransomware data-leak (extortion) site on 2025-02-04.
RansomwareUnknownMedical Reports ransomware attack (Kairos, 2025)
Medical Reports was named on the Kairos ransomware data-leak (extortion) site on 2025-02-04.
RansomwareUnknownmgainnovation.com\$30.9M\USA\215GB\<1% DISCLOSED ransomware attack (Cactus, 2025)
mgainnovation.com\$30.9M\USA\215GB\<1% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-02-04.
RansomwareUnknownmistralsolutions.com ransomware attack (Bashe, 2025)
mistralsolutions.com was named on the Bashe ransomware data-leak (extortion) site on 2025-02-04.
RansomwareUnknownrashtiandrashti.com\$19.1M\USA\786GB\<1% DISCLOSED ransomware attack (Cactus, 2025)
rashtiandrashti.com\$19.1M\USA\786GB\<1% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-02-04.
RansomwareUnknownsportadmin.se ransomware attack (RansomHub, 2025)
sportadmin.se was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-04.
RansomwareUnknownTown Counsel Law & Litigation ransomware attack (Rhysida, 2025)
Town Counsel Law & Litigation was named on the Rhysida ransomware data-leak (extortion) site on 2025-02-04.
RansomwareUnknownwww.aswgr.com ransomware attack (RansomHub, 2025)
www.aswgr.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-04.
RansomwareUnknownwww.aymcdonald.com ransomware attack (RansomHub, 2025)
www.aymcdonald.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-04.
RansomwareUnknownDaniel Island Club ransomware attack (Play, 2025)
Daniel Island Club was named on the Play ransomware data-leak (extortion) site on 2025-02-03.
RansomwareUnknownDickerson & Nieman Realtors ransomware attack (Play, 2025)
Dickerson & Nieman Realtors was named on the Play ransomware data-leak (extortion) site on 2025-02-03.
RansomwareUnknownDPC Development ransomware attack (Play, 2025)
DPC Development was named on the Play ransomware data-leak (extortion) site on 2025-02-03.
RansomwareUnknown[EVIDANCE] AIshu, Eshoo ransomware attack (Ransomhouse, 2025)
[EVIDANCE] AIshu, Eshoo was named on the Ransomhouse ransomware data-leak (extortion) site on 2025-02-03.
RansomwareUnknownEvidn Data Leak ransomware attack (Everest, 2025)
Evidn Data Leak was named on the Everest ransomware data-leak (extortion) site on 2025-02-03.
RansomwareUnknownGitlabs: Bolin Centre for Climate Research, X-lab group, Madia ransomware attack (FOG, 2025)
Gitlabs: Bolin Centre for Climate Research, X-lab group, Madia was named on the FOG ransomware data-leak (extortion) site on 2025-02-03.
RansomwareUnknowngruppozaccaria.it ransomware attack (LockBit, 2025)
gruppozaccaria.it was named on the LockBit ransomware data-leak (extortion) site on 2025-02-03.
RansomwareUnknownKaradeniz Holding (karadenizholding.com) ransomware attack (FOG, 2025)
Karadeniz Holding (karadenizholding.com) was named on the FOG ransomware data-leak (extortion) site on 2025-02-03.
RansomwareUnknownKWS ransomware attack (Play, 2025)
KWS was named on the Play ransomware data-leak (extortion) site on 2025-02-03.
RansomwareUnknownome.tv ransomware attack (Bashe, 2025)
ome.tv was named on the Bashe ransomware data-leak (extortion) site on 2025-02-03.
RansomwareUnknownPineland community service board ransomware attack (Spacebears, 2025)
Pineland community service board was named on the Spacebears ransomware data-leak (extortion) site on 2025-02-03.
RansomwareUnknownPonte16 Hotel & ransomware attack (Killsecurity, 2025)
Ponte16 Hotel & was named on the Killsecurity ransomware data-leak (extortion) site on 2025-02-03.
RansomwareUnknownQGS Development ransomware attack (Play, 2025)
QGS Development was named on the Play ransomware data-leak (extortion) site on 2025-02-03.
RansomwareUnknownrealtaxcanada.com ransomware attack (Bashe, 2025)
realtaxcanada.com was named on the Bashe ransomware data-leak (extortion) site on 2025-02-03.
RansomwareUnknownSheridan Nurseries ransomware attack (Play, 2025)
Sheridan Nurseries was named on the Play ransomware data-leak (extortion) site on 2025-02-03.
RansomwareUnknownsmithmidland.com ransomware attack (RansomHub, 2025)
smithmidland.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-03.
RansomwareUnknownThe Hill Brush ransomware attack (Play, 2025)
The Hill Brush was named on the Play ransomware data-leak (extortion) site on 2025-02-03.
RansomwareUnknownWoodway USA ransomware attack (Play, 2025)
Woodway USA was named on the Play ransomware data-leak (extortion) site on 2025-02-03.
RansomwareUnknownwww.origene.com ransomware attack (RansomHub, 2025)
www.origene.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-03.
RansomwareUnknownwww.wongfleming.com ransomware attack (RansomHub, 2025)
www.wongfleming.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-03.
RansomwareUnknownAyres Law Firm ransomware attack (BianLian, 2025)
Ayres Law Firm was named on the BianLian ransomware data-leak (extortion) site on 2025-02-02.
RansomwareUnknownCivic Committee ransomware attack (BianLian, 2025)
Civic Committee was named on the BianLian ransomware data-leak (extortion) site on 2025-02-02.
RansomwareUnknownFour Eye Clinics ransomware attack (Abyss, 2025)
Four Eye Clinics was named on the Abyss ransomware data-leak (extortion) site on 2025-02-02.
RansomwareUnknownGrowth Acceleration Partners ransomware attack (BianLian, 2025)
Growth Acceleration Partners was named on the BianLian ransomware data-leak (extortion) site on 2025-02-02.
RansomwareUnknownjpcgroupinc.com ransomware attack (Abyss, 2025)
jpcgroupinc.com was named on the Abyss ransomware data-leak (extortion) site on 2025-02-02.
RansomwareUnknownTosaf Hacked ransomware attack (Handala, 2025)
Tosaf Hacked was named on the Handala ransomware data-leak (extortion) site on 2025-02-02.
RansomwareUnknownusuhs.edu ransomware attack (LockBit, 2025)
usuhs.edu was named on the LockBit ransomware data-leak (extortion) site on 2025-02-02.
RansomwareUnknownCAMRIDGEPORT ransomware attack (Spacebears, 2025)
CAMRIDGEPORT was named on the Spacebears ransomware data-leak (extortion) site on 2025-02-01.
RansomwareUnknownEascon ransomware attack (Arcusmedia, 2025)
Eascon was named on the Arcusmedia ransomware data-leak (extortion) site on 2025-02-01.
RansomwareUnknownFalcon Gaming ransomware attack (Arcusmedia, 2025)
Falcon Gaming was named on the Arcusmedia ransomware data-leak (extortion) site on 2025-02-01.
RansomwareUnknownGATTELLI SpA ransomware attack (Arcusmedia, 2025)
GATTELLI SpA was named on the Arcusmedia ransomware data-leak (extortion) site on 2025-02-01.
RansomwareUnknownGitlabs: PT. ITPRENEUR INDONESIA TECHNOLOGY, GFZ Helmholtz Centre for Geosciences, LUA Cof ransomware attack (FOG, 2025)
Gitlabs: PT. ITPRENEUR INDONESIA TECHNOLOGY, GFZ Helmholtz Centre for Geosciences, LUA Cof was named on the FOG ransomware data-leak (extortion) site on 2025-02-01.
RansomwareUnknownMy New Jersey Dentist ransomware attack (Rhysida, 2025)
My New Jersey Dentist was named on the Rhysida ransomware data-leak (extortion) site on 2025-02-01.
RansomwareUnknownNano Health ransomware attack (Killsecurity, 2025)
Nano Health was named on the Killsecurity ransomware data-leak (extortion) site on 2025-02-01.
RansomwareUnknownTechnico ransomware attack (Arcusmedia, 2025)
Technico was named on the Arcusmedia ransomware data-leak (extortion) site on 2025-02-01.
RansomwareUnknownUtilissimo Transportes ransomware attack (Arcusmedia, 2025)
Utilissimo Transportes was named on the Arcusmedia ransomware data-leak (extortion) site on 2025-02-01.
RansomwareUnknownWireless Solutions (Morris.Domain) ransomware attack (Lynx, 2025)
Wireless Solutions (Morris.Domain) was named on the Lynx ransomware data-leak (extortion) site on 2025-02-01.
RansomwareUnknownZamzow's ransomware attack (Lynx, 2025)
Zamzow's was named on the Lynx ransomware data-leak (extortion) site on 2025-02-01.
RansomwareUnknownA**-****o.com ransomware attack (Flocker, 2025)
A**-****o.com was named on the Flocker ransomware data-leak (extortion) site on 2025-01-31.
RansomwareUnknownBH Aircraft Company, Inc. ransomware attack (Rhysida, 2025)
BH Aircraft Company, Inc. was named on the Rhysida ransomware data-leak (extortion) site on 2025-01-31.
RansomwareUnknownBusiness Registration Service data breach
Attackers exfiltrated Kenya's national company-registry data from the Business Registration Service — including ownership and beneficial-owner records touching President Ruto and the Kenyatta family's firms — and offered it for sale on the dark web.
Pembina Trails School Division ransomware attack (Rhysida, 2025)
Pembina Trails School Division was named on the Rhysida ransomware data-leak (extortion) site on 2025-01-31.
RansomwareUnknownT*****p.com ransomware attack (Flocker, 2025)
T*****p.com was named on the Flocker ransomware data-leak (extortion) site on 2025-01-31.
RansomwareUnknownEngine Power Source ransomware attack (Lynx, 2025)
Engine Power Source was named on the Lynx ransomware data-leak (extortion) site on 2025-01-30.
RansomwareUnknownFENSTERMAKER ransomware attack (Monti, 2025)
FENSTERMAKER was named on the Monti ransomware data-leak (extortion) site on 2025-01-30.
RansomwareUnknownGitlabs: Prasaga, HE2B, Kombinat ransomware attack (FOG, 2025)
Gitlabs: Prasaga, HE2B, Kombinat was named on the FOG ransomware data-leak (extortion) site on 2025-01-30.
RansomwareUnknownGitlabs: Professional Computer, X-Pans, Propulsion Academy AG ransomware attack (FOG, 2025)
Gitlabs: Professional Computer, X-Pans, Propulsion Academy AG was named on the FOG ransomware data-leak (extortion) site on 2025-01-30.
RansomwareUnknownibericar ransomware attack (Monti, 2025)
ibericar was named on the Monti ransomware data-leak (extortion) site on 2025-01-30.
RansomwareUnknownicicibank.com | SOLD ransomware attack (Bashe, 2025)
icicibank.com | SOLD was named on the Bashe ransomware data-leak (extortion) site on 2025-01-30.
RansomwareUnknownJalaram Produce ransomware attack (Lynx, 2025)
Jalaram Produce was named on the Lynx ransomware data-leak (extortion) site on 2025-01-30.
RansomwareUnknownjayaapparelgroup.com\$60.6M\USA\824GB\<1% DISCLOSED ransomware attack (Cactus, 2025)
jayaapparelgroup.com\$60.6M\USA\824GB\<1% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-01-30.
RansomwareUnknownjohnpaulrichard.com\$60M\USA\985GB\<1% DISCLOSED ransomware attack (Cactus, 2025)
johnpaulrichard.com\$60M\USA\985GB\<1% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-01-30.
RansomwareUnknownKPI Engineering ransomware attack (Lynx, 2025)
KPI Engineering was named on the Lynx ransomware data-leak (extortion) site on 2025-01-30.
RansomwareUnknownmalindoair.com | SOLD ransomware attack (Bashe, 2025)
malindoair.com | SOLD was named on the Bashe ransomware data-leak (extortion) site on 2025-01-30.
RansomwareUnknownnenok.de ransomware attack (Monti, 2025)
nenok.de was named on the Monti ransomware data-leak (extortion) site on 2025-01-30.
RansomwareUnknownNight Hawk ransomware attack (Play, 2025)
Night Hawk was named on the Play ransomware data-leak (extortion) site on 2025-01-30.
RansomwareUnknownpayahmedabadechallan.org ransomware attack (Killsecurity, 2025)
payahmedabadechallan.org was named on the Killsecurity ransomware data-leak (extortion) site on 2025-01-30.
RansomwareUnknownScott Engineering ransomware attack (Lynx, 2025)
Scott Engineering was named on the Lynx ransomware data-leak (extortion) site on 2025-01-30.
RansomwareUnknownSilverado Contractors ransomware attack (Lynx, 2025)
Silverado Contractors was named on the Lynx ransomware data-leak (extortion) site on 2025-01-30.
RansomwareUnknownsoitinlaine.fi ransomware attack (Threeam, 2025)
soitinlaine.fi was named on the Threeam ransomware data-leak (extortion) site on 2025-01-30.
RansomwareUnknownsunrise-soya.com\$42.2M\Canada\504GB\<1% DISCLOSED ransomware attack (Cactus, 2025)
sunrise-soya.com\$42.2M\Canada\504GB\<1% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-01-30.
RansomwareUnknownThermomix Recipe World Forum data breach (2025)
In January 2025, the Rezeptwelt (German for "recipe world") forum for Thermomix owners suffered a data breach. The incident exposed 3.1M registered users' details including names, email and physical addresses, phone numbers, dates of birth and bios (usually cooking related).
Tri-Sen Systems ransomware attack (Lynx, 2025)
Tri-Sen Systems was named on the Lynx ransomware data-leak (extortion) site on 2025-01-30.
RansomwareUnknownttucorp.com\$27.6M\USA\1TB\<1% DISCLOSED ransomware attack (Cactus, 2025)
ttucorp.com\$27.6M\USA\1TB\<1% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-01-30.
RansomwareUnknownvsstransportationgroup.com\$54.5M\USA\522GB\<1% DISCLOSED ransomware attack (Cactus, 2025)
vsstransportationgroup.com\$54.5M\USA\522GB\<1% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-01-30.
RansomwareUnknownZschimmer and Schwarz ransomware attack (Termite, 2025)
Zschimmer and Schwarz was named on the Termite ransomware data-leak (extortion) site on 2025-01-30.
RansomwareUnknownair europa ransomware attack (Incransom, 2025)
air europa was named on the Incransom ransomware data-leak (extortion) site on 2025-01-29.
RansomwareUnknownalkodistributors.com\$33.5M\USA\345GB\<1% DISCLOSED ransomware attack (Cactus, 2025)
alkodistributors.com\$33.5M\USA\345GB\<1% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-01-29.
RansomwareUnknownbiagibros.com\$273M\USA\820GB\<1% DISCLOSED ransomware attack (Cactus, 2025)
biagibros.com\$273M\USA\820GB\<1% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-01-29.
RansomwareUnknownBoldon James ransomware attack (Incransom, 2025)
Boldon James was named on the Incransom ransomware data-leak (extortion) site on 2025-01-29.
RansomwareUnknownBoutin Jones (boutindentino.com) ransomware attack (FOG, 2025)
Boutin Jones (boutindentino.com) was named on the FOG ransomware data-leak (extortion) site on 2025-01-29.
RansomwareUnknownBy design ransomware attack (Play, 2025)
By design was named on the Play ransomware data-leak (extortion) site on 2025-01-29.
RansomwareUnknownCahoon Farms ransomware attack (Play, 2025)
Cahoon Farms was named on the Play ransomware data-leak (extortion) site on 2025-01-29.
RansomwareUnknownCimarron Telephone Company ransomware attack (Play, 2025)
Cimarron Telephone Company was named on the Play ransomware data-leak (extortion) site on 2025-01-29.
RansomwareUnknownCity Of Beloit ransomware attack (Incransom, 2025)
City Of Beloit was named on the Incransom ransomware data-leak (extortion) site on 2025-01-29.
RansomwareUnknownCommercial & Residential Management Group ransomware attack (Play, 2025)
Commercial & Residential Management Group was named on the Play ransomware data-leak (extortion) site on 2025-01-29.
RansomwareUnknowndaVinci ransomware attack (Play, 2025)
daVinci was named on the Play ransomware data-leak (extortion) site on 2025-01-29.
RansomwareUnknownDEL Packaging ransomware attack (Kairos, 2025)
DEL Packaging was named on the Kairos ransomware data-leak (extortion) site on 2025-01-29.
RansomwareUnknownDelta Screen & Filtration () ransomware attack (Lynx, 2025)
Delta Screen & Filtration () was named on the Lynx ransomware data-leak (extortion) site on 2025-01-29.
RansomwareUnknownHeart to Heart Hospice ransomware attack (Incransom, 2025)
Heart to Heart Hospice was named on the Incransom ransomware data-leak (extortion) site on 2025-01-29.
RansomwareUnknownIsrael Ministry of National Security Hacked ransomware attack (Handala, 2025)
Israel Ministry of National Security Hacked was named on the Handala ransomware data-leak (extortion) site on 2025-01-29.
RansomwareUnknownJohnston ransomware attack (Play, 2025)
Johnston was named on the Play ransomware data-leak (extortion) site on 2025-01-29.
RansomwareUnknownMarshall & Bruce Printing ransomware attack (Play, 2025)
Marshall & Bruce Printing was named on the Play ransomware data-leak (extortion) site on 2025-01-29.
RansomwareUnknownMenominee Tribal Clinic ransomware attack (Incransom, 2025)
Menominee Tribal Clinic was named on the Incransom ransomware data-leak (extortion) site on 2025-01-29.
RansomwareUnknownmidwaymetals.com.vn ransomware attack (RansomHub, 2025)
midwaymetals.com.vn was named on the RansomHub ransomware data-leak (extortion) site on 2025-01-29.
RansomwareUnknownMission Locale Montpellier ransomware attack (Incransom, 2025)
Mission Locale Montpellier was named on the Incransom ransomware data-leak (extortion) site on 2025-01-29.
RansomwareUnknownPlymouth Foam ransomware attack (Play, 2025)
Plymouth Foam was named on the Play ransomware data-leak (extortion) site on 2025-01-29.
RansomwareUnknownRossi Real Estate (ROSSIDG.LOCAL) ransomware attack (Lynx, 2025)
Rossi Real Estate (ROSSIDG.LOCAL) was named on the Lynx ransomware data-leak (extortion) site on 2025-01-29.
RansomwareUnknownSCV Med Group ransomware attack (Monti, 2025)
SCV Med Group was named on the Monti ransomware data-leak (extortion) site on 2025-01-29.
RansomwareUnknownStrategic Materials ransomware attack (Lynx, 2025)
Strategic Materials was named on the Lynx ransomware data-leak (extortion) site on 2025-01-29.
RansomwareUnknownThe Wendt Agency ransomware attack (Lynx, 2025)
The Wendt Agency was named on the Lynx ransomware data-leak (extortion) site on 2025-01-29.
RansomwareUnknowntnlottery.com ransomware attack (Incransom, 2025)
tnlottery.com was named on the Incransom ransomware data-leak (extortion) site on 2025-01-29.
RansomwareUnknownTRIVAD ransomware attack (Play, 2025)
TRIVAD was named on the Play ransomware data-leak (extortion) site on 2025-01-29.
RansomwareUnknownTurning Leaf (TURNINGLEAF.local) ransomware attack (Incransom, 2025)
Turning Leaf (TURNINGLEAF.local) was named on the Incransom ransomware data-leak (extortion) site on 2025-01-29.
RansomwareUnknownW*****e.com ransomware attack (Flocker, 2025)
W*****e.com was named on the Flocker ransomware data-leak (extortion) site on 2025-01-29.
RansomwareUnknownWallin & Klarich ransomware attack (Play, 2025)
Wallin & Klarich was named on the Play ransomware data-leak (extortion) site on 2025-01-29.
RansomwareUnknownAcoustiblok ransomware attack (Monti, 2025)
Acoustiblok was named on the Monti ransomware data-leak (extortion) site on 2025-01-28.
RansomwareUnknownBBLAWFIRM ransomware attack (Monti, 2025)
BBLAWFIRM was named on the Monti ransomware data-leak (extortion) site on 2025-01-28.
RansomwareUnknownbroward.edu ransomware attack (Incransom, 2025)
broward.edu was named on the Incransom ransomware data-leak (extortion) site on 2025-01-28.
RansomwareUnknownCarthage Police Department ransomware attack (Rhysida, 2025)
Carthage Police Department was named on the Rhysida ransomware data-leak (extortion) site on 2025-01-28.
RansomwareUnknowncnnindonesia.com ransomware attack (Incransom, 2025)
cnnindonesia.com was named on the Incransom ransomware data-leak (extortion) site on 2025-01-28.
RansomwareUnknownlnetwork ransomware attack (Monti, 2025)
lnetwork was named on the Monti ransomware data-leak (extortion) site on 2025-01-28.
RansomwareUnknownmetalurgica roma ransomware attack (Monti, 2025)
metalurgica roma was named on the Monti ransomware data-leak (extortion) site on 2025-01-28.
RansomwareUnknownsce.org.sg ransomware attack (Lynx, 2025)
sce.org.sg was named on the Lynx ransomware data-leak (extortion) site on 2025-01-28.
RansomwareUnknownwww.healthcarewithinreach.org ransomware attack (RansomHub, 2025)
www.healthcarewithinreach.org was named on the RansomHub ransomware data-leak (extortion) site on 2025-01-28.
RansomwareUnknownLeak at AIDES
On 27 January 2025, French HIV/hepatitis-prevention charity AIDES disclosed a breach of a secured file-sharing server, exposing supporters' identity, contact and banking details (IBAN) and, for some, health-related information.
AIshu, Eshoo ransomware attack (Ransomhouse, 2025)
AIshu, Eshoo was named on the Ransomhouse ransomware data-leak (extortion) site on 2025-01-27.
RansomwareUnknownAlo Center (hq.aloteknik.se) ransomware attack (Lynx, 2025)
Alo Center (hq.aloteknik.se) was named on the Lynx ransomware data-leak (extortion) site on 2025-01-27.
RansomwareUnknownhttps://leehartman.com ransomware attack (Metaencryptor, 2025)
https://leehartman.com was named on the Metaencryptor ransomware data-leak (extortion) site on 2025-01-27.
RansomwareUnknownInternational AIDS Vaccine Initiative (iavi.org) ransomware attack (Incransom, 2025)
International AIDS Vaccine Initiative (iavi.org) was named on the Incransom ransomware data-leak (extortion) site on 2025-01-27.
RansomwareUnknownlhps.org ransomware attack (Incransom, 2025)
lhps.org was named on the Incransom ransomware data-leak (extortion) site on 2025-01-27.
RansomwareUnknownPrinston Pharmaceutical (huahaius.com) ransomware attack (Incransom, 2025)
Prinston Pharmaceutical (huahaius.com) was named on the Incransom ransomware data-leak (extortion) site on 2025-01-27.
RansomwareUnknownWeeks, Brucker & Coleman, Ltd | Legal Services ransomware attack (Everest, 2025)
Weeks, Brucker & Coleman, Ltd | Legal Services was named on the Everest ransomware data-leak (extortion) site on 2025-01-27.
RansomwareUnknownLet’s Secure Insurance ransomware attack (Killsecurity, 2025)
Let’s Secure Insurance was named on the Killsecurity ransomware data-leak (extortion) site on 2025-01-26.
RansomwareUnknownMetro Wire & Cable ransomware attack (Spacebears, 2025)
Metro Wire & Cable was named on the Spacebears ransomware data-leak (extortion) site on 2025-01-26.
RansomwareUnknownDataSociete ransomware attack (Killsecurity, 2025)
DataSociete was named on the Killsecurity ransomware data-leak (extortion) site on 2025-01-25.
RansomwareUnknownenvirosep.com ransomware attack (Abyss, 2025)
envirosep.com was named on the Abyss ransomware data-leak (extortion) site on 2025-01-25.
RansomwareUnknownKeepz ransomware attack (Killsecurity, 2025)
Keepz was named on the Killsecurity ransomware data-leak (extortion) site on 2025-01-25.
RansomwareUnknownArrow Motor Auctions ransomware attack (Spacebears, 2025)
Arrow Motor Auctions was named on the Spacebears ransomware data-leak (extortion) site on 2025-01-24.
RansomwareUnknownDe La Salle High School (dlshs.org) ransomware attack (FOG, 2025)
De La Salle High School (dlshs.org) was named on the FOG ransomware data-leak (extortion) site on 2025-01-24.
RansomwareUnknownDoxbin Scrape data breach (2025)
In January 2025, 435k email addresses were scraped from the "doxing" service Doxbin. Posts to the service are usually intended to disclose the personal information of non-consensually third parties.
Data breachResolvedLeak at E.Leclerc
In January 2025, E.Leclerc's Prime énergie (energy-rebate) platform was hit by fraudulent account access, exposing customers' names, email addresses, login credentials, file numbers, rebate amounts and service descriptions; the breach was disclosed to affected users on 24 January 2025.
ELTEK Group (eltekgroup.com) ransomware attack (FOG, 2025)
ELTEK Group (eltekgroup.com) was named on the FOG ransomware data-leak (extortion) site on 2025-01-24.
RansomwareUnknownLeak at French Mountaineering and Climbing Federation
In late January 2025, the French Mountaineering and Climbing Federation (FFME) disclosed a breach exposing a dataset of 808,881 member accounts, including names, postal and email addresses, member IDs, dates of birth and phone numbers.
icicibank.com ransomware attack (Bashe, 2025)
icicibank.com was named on the Bashe ransomware data-leak (extortion) site on 2025-01-24.
RansomwareUnknownKooijman Vianen (kooijmanvianen.nl) ransomware attack (FOG, 2025)
Kooijman Vianen (kooijmanvianen.nl) was named on the FOG ransomware data-leak (extortion) site on 2025-01-24.
RansomwareUnknownORU Mabee Center ransomware attack (Rhysida, 2025)
ORU Mabee Center was named on the Rhysida ransomware data-leak (extortion) site on 2025-01-24.
RansomwareUnknownPrimoTicketing ransomware attack (Killsecurity, 2025)
PrimoTicketing was named on the Killsecurity ransomware data-leak (extortion) site on 2025-01-24.
RansomwareUnknownPunjab.gov.pk ransomware attack (Flocker, 2025)
Punjab.gov.pk was named on the Flocker ransomware data-leak (extortion) site on 2025-01-24.
RansomwareUnknowntopackt.com ransomware attack (LockBit, 2025)
topackt.com was named on the LockBit ransomware data-leak (extortion) site on 2025-01-24.
RansomwareUnknownwww.pcm.com.mx ransomware attack (RansomHub, 2025)
www.pcm.com.mx was named on the RansomHub ransomware data-leak (extortion) site on 2025-01-24.
RansomwareUnknownarchaeologicalresearchservices.com ransomware attack (RansomHub, 2025)
archaeologicalresearchservices.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-01-23.
RansomwareUnknownCyrious Software ransomware attack (BianLian, 2025)
Cyrious Software was named on the BianLian ransomware data-leak (extortion) site on 2025-01-23.
RansomwareUnknownMedical Associates of Brevard ransomware attack (BianLian, 2025)
Medical Associates of Brevard was named on the BianLian ransomware data-leak (extortion) site on 2025-01-23.
RansomwareUnknownPINELAND BHDD COMMUNITY SERVICES ransomware attack (Spacebears, 2025)
PINELAND BHDD COMMUNITY SERVICES was named on the Spacebears ransomware data-leak (extortion) site on 2025-01-23.
RansomwareUnknownreesndt.ca ransomware attack (Eldorado, 2025)
reesndt.ca was named on the Eldorado ransomware data-leak (extortion) site on 2025-01-23.
RansomwareUnknownsamsill.com ransomware attack (RansomHub, 2025)
samsill.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-01-23.
RansomwareUnknownstarkaerospace.com ransomware attack (Incransom, 2025)
starkaerospace.com was named on the Incransom ransomware data-leak (extortion) site on 2025-01-23.
RansomwareUnknownwww.missionbank.bank ransomware attack (RansomHub, 2025)
www.missionbank.bank was named on the RansomHub ransomware data-leak (extortion) site on 2025-01-23.
RansomwareUnknownChristian Community Aid ransomware attack (Spacebears, 2025)
Christian Community Aid was named on the Spacebears ransomware data-leak (extortion) site on 2025-01-22.
RansomwareUnknownGossett Motor Cars ransomware attack (Lynx, 2025)
Gossett Motor Cars was named on the Lynx ransomware data-leak (extortion) site on 2025-01-22.
RansomwareUnknownilemgroup.com ransomware attack (RansomHub, 2025)
ilemgroup.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-01-22.
RansomwareUnknownJacobs & Thompson ransomware attack (Lynx, 2025)
Jacobs & Thompson was named on the Lynx ransomware data-leak (extortion) site on 2025-01-22.
RansomwareUnknownMintz Law Firm, LLC ransomware attack (Lynx, 2025)
Mintz Law Firm, LLC was named on the Lynx ransomware data-leak (extortion) site on 2025-01-22.
RansomwareUnknownOmni Fiber LLC - Press Release ransomware attack (Monti, 2025)
Omni Fiber LLC - Press Release was named on the Monti ransomware data-leak (extortion) site on 2025-01-22.
RansomwareUnknownSANTA MARIA LABORATORIO ransomware attack (Spacebears, 2025)
SANTA MARIA LABORATORIO was named on the Spacebears ransomware data-leak (extortion) site on 2025-01-22.
RansomwareUnknownsdkgroup.com ransomware attack (RansomHub, 2025)
sdkgroup.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-01-22.
RansomwareUnknownwww.americanstandard-us.com ransomware attack (RansomHub, 2025)
www.americanstandard-us.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-01-22.
RansomwareUnknownwww.grohe.com ransomware attack (RansomHub, 2025)
www.grohe.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-01-22.
RansomwareUnknownwww.manpower.com ransomware attack (RansomHub, 2025)
www.manpower.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-01-22.
RansomwareUnknownwww.reesndt.com ransomware attack (Eldorado, 2025)
www.reesndt.com was named on the Eldorado ransomware data-leak (extortion) site on 2025-01-22.
RansomwareUnknownBethany Hospital ransomware attack (Spacebears, 2025)
Bethany Hospital was named on the Spacebears ransomware data-leak (extortion) site on 2025-01-21.
RansomwareUnknownboardman-hamilton.com ransomware attack (RansomHub, 2025)
boardman-hamilton.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-01-21.
RansomwareUnknownFAAB Invest Advisors Private Limited ransomware attack (Killsecurity, 2025)
FAAB Invest Advisors Private Limited was named on the Killsecurity ransomware data-leak (extortion) site on 2025-01-21.
RansomwareUnknownInaya Clinique ransomware attack (Spacebears, 2025)
Inaya Clinique was named on the Spacebears ransomware data-leak (extortion) site on 2025-01-21.
RansomwareUnknownmalindoair.com ransomware attack (Bashe, 2025)
malindoair.com was named on the Bashe ransomware data-leak (extortion) site on 2025-01-21.
RansomwareUnknownMarukai ransomware attack (Lynx, 2025)
Marukai was named on the Lynx ransomware data-leak (extortion) site on 2025-01-21.
RansomwareUnknownmiedemaproduce.com ransomware attack (RansomHub, 2025)
miedemaproduce.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-01-21.
RansomwareUnknownNimbus Facility Services ransomware attack (Killsecurity, 2025)
Nimbus Facility Services was named on the Killsecurity ransomware data-leak (extortion) site on 2025-01-21.
RansomwareUnknownprecisionmechsd.com ransomware attack (RansomHub, 2025)
precisionmechsd.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-01-21.
RansomwareUnknownRETAL Baltic Films ransomware attack (Incransom, 2025)
RETAL Baltic Films was named on the Incransom ransomware data-leak (extortion) site on 2025-01-21.
RansomwareUnknownSolaris-pharma.com leakage ransomware attack (Everest, 2025)
Solaris-pharma.com leakage was named on the Everest ransomware data-leak (extortion) site on 2025-01-21.
RansomwareUnknownsupremegroup.co.in ransomware attack (RansomHub, 2025)
supremegroup.co.in was named on the RansomHub ransomware data-leak (extortion) site on 2025-01-21.
RansomwareUnknownwhychoosebw.com ransomware attack (RansomHub, 2025)
whychoosebw.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-01-21.
RansomwareUnknownAngotti & Reilly ransomware attack (Lynx, 2025)
Angotti & Reilly was named on the Lynx ransomware data-leak (extortion) site on 2025-01-20.
RansomwareUnknownClutch Industries ransomware attack (Lynx, 2025)
Clutch Industries was named on the Lynx ransomware data-leak (extortion) site on 2025-01-20.
RansomwareUnknownLeak at French Archery Federation (via ITAC)
On 20 January 2025 the French Archery Federation (FFTA) disclosed a breach stemming from a flaw at its shared license-management provider; a dataset of 625,434 accounts (names, dates of birth, postal addresses, phones, emails, profile photos) was offered for sale online.
fol-23.fr ransomware attack (Bashe, 2025)
fol-23.fr was named on the Bashe ransomware data-leak (extortion) site on 2025-01-20.
RansomwareUnknownKinseth Hospitality Companies ransomware attack (Lynx, 2025)
Kinseth Hospitality Companies was named on the Lynx ransomware data-leak (extortion) site on 2025-01-20.
RansomwareUnknownP****b.gov.pk ransomware attack (Flocker, 2025)
P****b.gov.pk was named on the Flocker ransomware data-leak (extortion) site on 2025-01-20.
RansomwareUnknownPetroVietnam Exploration Production Corporation ransomware attack (Hunters International, 2025)
PetroVietnam Exploration Production Corporation was named on the Hunters International ransomware data-leak (extortion) site on 2025-01-20.
RansomwareUnknownSentinel Systems ransomware attack (Lynx, 2025)
Sentinel Systems was named on the Lynx ransomware data-leak (extortion) site on 2025-01-20.
RansomwareUnknownThe Urswick School ransomware attack (Kairos, 2025)
The Urswick School was named on the Kairos ransomware data-leak (extortion) site on 2025-01-20.
RansomwareUnknownZuk Group Hacked ransomware attack (Handala, 2025)
Zuk Group Hacked was named on the Handala ransomware data-leak (extortion) site on 2025-01-20.
RansomwareUnknownTG3 Electronics ransomware attack (Rhysida, 2025)
TG3 Electronics was named on the Rhysida ransomware data-leak (extortion) site on 2025-01-19.
RansomwareUnknownKassin & Carrow ransomware attack (Lynx, 2025)
Kassin & Carrow was named on the Lynx ransomware data-leak (extortion) site on 2025-01-18.
RansomwareUnknownMarina Family Medical ransomware attack (Moneymessage, 2025)
Marina Family Medical was named on the Moneymessage ransomware data-leak (extortion) site on 2025-01-18.
RansomwareUnknownMassDevelopment ransomware attack (BianLian, 2025)
MassDevelopment was named on the BianLian ransomware data-leak (extortion) site on 2025-01-18.
RansomwareUnknownbetclic.com ransomware attack (Bashe, 2025)
betclic.com was named on the Bashe ransomware data-leak (extortion) site on 2025-01-17.
RansomwareUnknownKilgore College (kilgore.edu) ransomware attack (Incransom, 2025)
Kilgore College (kilgore.edu) was named on the Incransom ransomware data-leak (extortion) site on 2025-01-17.
RansomwareUnknownNightingale Hammerson ransomware attack (Kairos, 2025)
Nightingale Hammerson was named on the Kairos ransomware data-leak (extortion) site on 2025-01-17.
RansomwareUnknownpeponline.org ransomware attack (Incransom, 2025)
peponline.org was named on the Incransom ransomware data-leak (extortion) site on 2025-01-17.
RansomwareUnknownRegina Coeli Convent ransomware attack (Incransom, 2025)
Regina Coeli Convent was named on the Incransom ransomware data-leak (extortion) site on 2025-01-17.
RansomwareUnknownTaylor Regional Hospital (thcg.local) ransomware attack (Incransom, 2025)
Taylor Regional Hospital (thcg.local) was named on the Incransom ransomware data-leak (extortion) site on 2025-01-17.
RansomwareUnknownWashington Gastroenterology (DHSWA.NET) ransomware attack (Incransom, 2025)
Washington Gastroenterology (DHSWA.NET) was named on the Incransom ransomware data-leak (extortion) site on 2025-01-17.
RansomwareUnknownAccess Capital Partners SA ransomware attack (Lynx, 2025)
Access Capital Partners SA was named on the Lynx ransomware data-leak (extortion) site on 2025-01-16.
RansomwareUnknownanupalanonline.com ransomware attack (Killsecurity, 2025)
anupalanonline.com was named on the Killsecurity ransomware data-leak (extortion) site on 2025-01-16.
RansomwareUnknownbsegroup.it ransomware attack (RansomHub, 2025)
bsegroup.it was named on the RansomHub ransomware data-leak (extortion) site on 2025-01-16.
RansomwareUnknownFish Nelson and Holden ransomware attack (BianLian, 2025)
Fish Nelson and Holden was named on the BianLian ransomware data-leak (extortion) site on 2025-01-16.
RansomwareUnknownFrame & Optic data breach (2025)
In January 2025, the eyewear seller Frame & Optic suffered a data breach. The incident exposed almost 16k unique email addresses along with names, phone numbers and geolocation data including country, state and postcode.
Data breachResolvedReal Tax ransomware attack (Kairos, 2025)
Real Tax was named on the Kairos ransomware data-leak (extortion) site on 2025-01-16.
RansomwareUnknownSolaris Pharma proof ransomware attack (Everest, 2025)
Solaris Pharma proof was named on the Everest ransomware data-leak (extortion) site on 2025-01-16.
RansomwareUnknownThe Hoff Brand SL ransomware attack (Everest, 2025)
The Hoff Brand SL was named on the Everest ransomware data-leak (extortion) site on 2025-01-16.
RansomwareUnknownVolt Infrastructure ransomware attack (Everest, 2025)
Volt Infrastructure was named on the Everest ransomware data-leak (extortion) site on 2025-01-16.
RansomwareUnknownWoodlake ransomware attack (Everest, 2025)
Woodlake was named on the Everest ransomware data-leak (extortion) site on 2025-01-16.
RansomwareUnknownwww.liteputer.com.tw ransomware attack (RansomHub, 2025)
www.liteputer.com.tw was named on the RansomHub ransomware data-leak (extortion) site on 2025-01-16.
RansomwareUnknownwww.solariumrevestimentos.com.br ransomware attack (RansomHub, 2025)
www.solariumrevestimentos.com.br was named on the RansomHub ransomware data-leak (extortion) site on 2025-01-16.
RansomwareUnknownA*****Y.com ransomware attack (Flocker, 2025)
A*****Y.com was named on the Flocker ransomware data-leak (extortion) site on 2025-01-15.
RansomwareUnknownAKConstructors.com ransomware attack (RansomHub, 2025)
AKConstructors.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-01-15.
RansomwareUnknownanwsd.org ransomware attack (Threeam, 2025)
anwsd.org was named on the Threeam ransomware data-leak (extortion) site on 2025-01-15.
RansomwareUnknownCombined Pool and Spa ransomware attack (Kairos, 2025)
Combined Pool and Spa was named on the Kairos ransomware data-leak (extortion) site on 2025-01-15.
RansomwareUnknowncommunisis.com & paragon.world ransomware attack (Lynx, 2025)
communisis.com & paragon.world was named on the Lynx ransomware data-leak (extortion) site on 2025-01-15.
RansomwareUnknownfplfood.com\$675M\USA\21GB\<1% DISCLOSED ransomware attack (Cactus, 2025)
fplfood.com\$675M\USA\21GB\<1% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-01-15.
RansomwareUnknownFSOCIETY X FUNKSEC ransomware attack (Flocker, 2025)
FSOCIETY X FUNKSEC was named on the Flocker ransomware data-leak (extortion) site on 2025-01-15.
RansomwareUnknownJ.G. Electrical Installations ransomware attack (Kairos, 2025)
J.G. Electrical Installations was named on the Kairos ransomware data-leak (extortion) site on 2025-01-15.
RansomwareUnknownLowe Engineers ransomware attack (Lynx, 2025)
Lowe Engineers was named on the Lynx ransomware data-leak (extortion) site on 2025-01-15.
RansomwareUnknownoptiline.com\$127.3M\USA\947GB\<1% DISCLOSED ransomware attack (Cactus, 2025)
optiline.com\$127.3M\USA\947GB\<1% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-01-15.
RansomwareUnknownpnp.co.za ransomware attack (Bashe, 2025)
pnp.co.za was named on the Bashe ransomware data-leak (extortion) site on 2025-01-15.
RansomwareUnknownWoodport Doors ransomware attack (Lynx, 2025)
Woodport Doors was named on the Lynx ransomware data-leak (extortion) site on 2025-01-15.
RansomwareUnknownwww.eurocert.pl ransomware attack (RansomHub, 2025)
www.eurocert.pl was named on the RansomHub ransomware data-leak (extortion) site on 2025-01-15.
RansomwareUnknownButtery (butterycompany.com) ransomware attack (FOG, 2025)
Buttery (butterycompany.com) was named on the FOG ransomware data-leak (extortion) site on 2025-01-14.
RansomwareUnknownDouglas County, GA (DDCWSA.COM) ransomware attack (Lynx, 2025)
Douglas County, GA (DDCWSA.COM) was named on the Lynx ransomware data-leak (extortion) site on 2025-01-14.
RansomwareUnknownFarmacia Cofar ransomware attack (Killsecurity, 2025)
Farmacia Cofar was named on the Killsecurity ransomware data-leak (extortion) site on 2025-01-14.
RansomwareUnknownLeak at French Strength Federation
In January 2025, the Fédération Française de Force (FFForce) had personal data of 64,512 members exposed via a compromised shared sports-licensing IT provider; records (names, dates of birth, emails, postal addresses, phone numbers) were later sold on BreachForums.
Leak at French Roller Skateboard Federation
In January 2025, the Fédération Française de Roller et Skateboard had the personal data of roughly 577,000 members exposed after a shared sports-federation IT provider was compromised; names, dates of birth, email/postal addresses and phone numbers were leaked.
Intelservice.com ransomware attack (RansomHub, 2025)
Intelservice.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-01-14.
RansomwareUnknownLeak at Kiabi
In January 2025, French clothing retailer Kiabi disclosed a credential-stuffing attack on its secondhand site (secondemain.kiabi.com) that exposed the names, dates of birth, contact details and IBANs of about 20,000 customers.
pittman-construction.com ransomware attack (LockBit, 2025)
pittman-construction.com was named on the LockBit ransomware data-leak (extortion) site on 2025-01-14.
RansomwareUnknownQualiTech (qualitech.com) ransomware attack (Lynx, 2025)
QualiTech (qualitech.com) was named on the Lynx ransomware data-leak (extortion) site on 2025-01-14.
RansomwareUnknownSciTech Services, Inc. ransomware attack (FOG, 2025)
SciTech Services, Inc. was named on the FOG ransomware data-leak (extortion) site on 2025-01-14.
RansomwareUnknownSharm Reef Hotel ransomware attack (Spacebears, 2025)
Sharm Reef Hotel was named on the Spacebears ransomware data-leak (extortion) site on 2025-01-14.
RansomwareUnknownSolaris Pharma ransomware attack (Everest, 2025)
Solaris Pharma was named on the Everest ransomware data-leak (extortion) site on 2025-01-14.
RansomwareUnknownSpectrum ransomware attack (Incransom, 2025)
Spectrum was named on the Incransom ransomware data-leak (extortion) site on 2025-01-14.
RansomwareUnknownThe Chicano Federation ransomware attack (Rhysida, 2025)
The Chicano Federation was named on the Rhysida ransomware data-leak (extortion) site on 2025-01-14.
RansomwareUnknownThe University of Oklahoma (ou.edu) ransomware attack (FOG, 2025)
The University of Oklahoma (ou.edu) was named on the FOG ransomware data-leak (extortion) site on 2025-01-14.
RansomwareUnknownudb.net ransomware attack (RansomHub, 2025)
udb.net was named on the RansomHub ransomware data-leak (extortion) site on 2025-01-14.
RansomwareUnknownWPD.WOODPORTDOORS.COM ransomware attack (Lynx, 2025)
WPD.WOODPORTDOORS.COM was named on the Lynx ransomware data-leak (extortion) site on 2025-01-14.
RansomwareUnknownadveo.com\$740.7M\France\1.1TB\100% DISCLOSED ransomware attack (Cactus, 2025)
adveo.com\$740.7M\France\1.1TB\100% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-01-13.
RansomwareUnknownatpformosa.gob.ar ransomware attack (LockBit, 2025)
atpformosa.gob.ar was named on the LockBit ransomware data-leak (extortion) site on 2025-01-13.
RansomwareUnknownBiomedical Caledonia Medical Laboratory (calmedlab.local) ransomware attack (Incransom, 2025)
Biomedical Caledonia Medical Laboratory (calmedlab.local) was named on the Incransom ransomware data-leak (extortion) site on 2025-01-13.
RansomwareUnknownBrowdy (bl.local) ransomware attack (Lynx, 2025)
Browdy (bl.local) was named on the Lynx ransomware data-leak (extortion) site on 2025-01-13.
RansomwareUnknowncandelasyasociados.es ransomware attack (LockBit, 2025)
candelasyasociados.es was named on the LockBit ransomware data-leak (extortion) site on 2025-01-13.
RansomwareUnknownConad (conad.lan) ransomware attack (Lynx, 2025)
Conad (conad.lan) was named on the Lynx ransomware data-leak (extortion) site on 2025-01-13.
RansomwareUnknownDelap & Waller ransomware attack (Lynx, 2025)
Delap & Waller was named on the Lynx ransomware data-leak (extortion) site on 2025-01-13.
RansomwareUnknownFindhelp Information Services ransomware attack (Incransom, 2025)
Findhelp Information Services was named on the Incransom ransomware data-leak (extortion) site on 2025-01-13.
RansomwareUnknowngelco-s-a.com.br ransomware attack (LockBit, 2025)
gelco-s-a.com.br was named on the LockBit ransomware data-leak (extortion) site on 2025-01-13.
RansomwareUnknownhealthcarewithinreach.org ransomware attack (RansomHub, 2025)
healthcarewithinreach.org was named on the RansomHub ransomware data-leak (extortion) site on 2025-01-13.
RansomwareUnknownImperial Valley Respite (ivrespite.com) ransomware attack (Incransom, 2025)
Imperial Valley Respite (ivrespite.com) was named on the Incransom ransomware data-leak (extortion) site on 2025-01-13.
RansomwareUnknownlamejor.com.co ransomware attack (LockBit, 2025)
lamejor.com.co was named on the LockBit ransomware data-leak (extortion) site on 2025-01-13.
RansomwareUnknownmi.edu ransomware attack (RansomHub, 2025)
mi.edu was named on the RansomHub ransomware data-leak (extortion) site on 2025-01-13.
RansomwareUnknownNash Brothers Construction (nashdom.local) ransomware attack (Lynx, 2025)
Nash Brothers Construction (nashdom.local) was named on the Lynx ransomware data-leak (extortion) site on 2025-01-13.
RansomwareUnknownnicatel.com.uy ransomware attack (LockBit, 2025)
nicatel.com.uy was named on the LockBit ransomware data-leak (extortion) site on 2025-01-13.
RansomwareUnknownNovati Constructions ransomware attack (Lynx, 2025)
Novati Constructions was named on the Lynx ransomware data-leak (extortion) site on 2025-01-13.
RansomwareUnknownOnecare ransomware attack (Incransom, 2025)
Onecare was named on the Incransom ransomware data-leak (extortion) site on 2025-01-13.
RansomwareUnknownoyolasvegas.com ransomware attack (LockBit, 2025)
oyolasvegas.com was named on the LockBit ransomware data-leak (extortion) site on 2025-01-13.
RansomwareUnknownPHG CPAs (bushman.biz) ransomware attack (Lynx, 2025)
PHG CPAs (bushman.biz) was named on the Lynx ransomware data-leak (extortion) site on 2025-01-13.
RansomwareUnknownRiverina Medical ransomware attack (Incransom, 2025)
Riverina Medical was named on the Incransom ransomware data-leak (extortion) site on 2025-01-13.
RansomwareUnknownSERGAS Group ransomware attack (Lynx, 2025)
SERGAS Group was named on the Lynx ransomware data-leak (extortion) site on 2025-01-13.
RansomwareUnknownStealer Logs, Jan 2025 data breach (2025)
In January 2025, stealer logs with 71M email addresses were added to HIBP. Consisting of email address, password and the website the credentials were entered against, this breach marks the launch of a new HIBP feature enabling the retrieval of the specific websites the logs were collected against.
Data breachResolvedtelering.de ransomware attack (LockBit, 2025)
telering.de was named on the LockBit ransomware data-leak (extortion) site on 2025-01-13.
RansomwareUnknownviacaojacarei.com.br ransomware attack (LockBit, 2025)
viacaojacarei.com.br was named on the LockBit ransomware data-leak (extortion) site on 2025-01-13.
RansomwareUnknownWelcomehallmission.com ransomware attack (Everest, 2025)
Welcomehallmission.com was named on the Everest ransomware data-leak (extortion) site on 2025-01-13.
RansomwareUnknownLandAirSea data breach (2025)
In January 2025, the GPS tracking service LandAirSea suffered a data breach that exposed 337k unique customer email addresses alongside names, usernames and password hashes.
Data breachResolvedArun Estates ransomware attack (Black Basta, 2025)
Arun Estates was named on the Black Basta ransomware data-leak (extortion) site on 2025-01-11.
RansomwareUnknownAstaphans ransomware attack (Lynx, 2025)
Astaphans was named on the Lynx ransomware data-leak (extortion) site on 2025-01-11.
RansomwareUnknownAvril Supermarché Santé ransomware attack (Black Basta, 2025)
Avril Supermarché Santé was named on the Black Basta ransomware data-leak (extortion) site on 2025-01-11.
RansomwareUnknownBarber Specialties ransomware attack (Hunters International, 2025)
Barber Specialties was named on the Hunters International ransomware data-leak (extortion) site on 2025-01-11.
RansomwareUnknownBnext.nl ransomware attack (Black Basta, 2025)
Bnext.nl was named on the Black Basta ransomware data-leak (extortion) site on 2025-01-11.
RansomwareUnknownBrachot ransomware attack (Black Basta, 2025)
Brachot was named on the Black Basta ransomware data-leak (extortion) site on 2025-01-11.
RansomwareUnknownCOROB ransomware attack (Hunters International, 2025)
COROB was named on the Hunters International ransomware data-leak (extortion) site on 2025-01-11.
RansomwareUnknownCostex ransomware attack (Hunters International, 2025)
Costex was named on the Hunters International ransomware data-leak (extortion) site on 2025-01-11.
RansomwareUnknownGranby Industries ransomware attack (Black Basta, 2025)
Granby Industries was named on the Black Basta ransomware data-leak (extortion) site on 2025-01-11.
RansomwareUnknownJim Thompson ransomware attack (Lynx, 2025)
Jim Thompson was named on the Lynx ransomware data-leak (extortion) site on 2025-01-11.
RansomwareUnknownMortgage Investors Group (MIG) ransomware attack (Black Basta, 2025)
Mortgage Investors Group (MIG) was named on the Black Basta ransomware data-leak (extortion) site on 2025-01-11.
RansomwareUnknownPatriarche Office of Architecture ransomware attack (Hunters International, 2025)
Patriarche Office of Architecture was named on the Hunters International ransomware data-leak (extortion) site on 2025-01-11.
RansomwareUnknownPlasma-Therm ransomware attack (Black Basta, 2025)
Plasma-Therm was named on the Black Basta ransomware data-leak (extortion) site on 2025-01-11.
RansomwareUnknownRocSearch ransomware attack (Hunters International, 2025)
RocSearch was named on the Hunters International ransomware data-leak (extortion) site on 2025-01-11.
RansomwareUnknownSchuff Steel Company ransomware attack (Black Basta, 2025)
Schuff Steel Company was named on the Black Basta ransomware data-leak (extortion) site on 2025-01-11.
RansomwareUnknownT. Hasegawa USA ransomware attack (Hunters International, 2025)
T. Hasegawa USA was named on the Hunters International ransomware data-leak (extortion) site on 2025-01-11.
RansomwareUnknownUnisource Information Services ransomware attack (Hunters International, 2025)
Unisource Information Services was named on the Hunters International ransomware data-leak (extortion) site on 2025-01-11.
RansomwareUnknownamerplumb.com ransomware attack (RansomHub, 2025)
amerplumb.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-01-10.
RansomwareUnknownEvidn ransomware attack (Everest, 2025)
Evidn was named on the Everest ransomware data-leak (extortion) site on 2025-01-10.
RansomwareUnknownmassdevelopment.com\$24.6M\USA\1.2TB\100% DISCLOSED ransomware attack (Cactus, 2025)
massdevelopment.com\$24.6M\USA\1.2TB\100% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-01-10.
RansomwareUnknownOmniRide (omniride.com) ransomware attack (FOG, 2025)
OmniRide (omniride.com) was named on the FOG ransomware data-leak (extortion) site on 2025-01-10.
RansomwareUnknownProtected: Title Hidden ransomware attack (Everest, 2025)
Protected: Title Hidden was named on the Everest ransomware data-leak (extortion) site on 2025-01-10.
RansomwareUnknownptcky.com\$5M\USA\902GB\100% DISCLOSED ransomware attack (Cactus, 2025)
ptcky.com\$5M\USA\902GB\100% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-01-10.
RansomwareUnknownQualinet ransomware attack (Rhysida, 2025)
Qualinet was named on the Rhysida ransomware data-leak (extortion) site on 2025-01-10.
RansomwareUnknownwww.wisesocon.com ransomware attack (RansomHub, 2025)
www.wisesocon.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-01-10.
RansomwareUnknownxtremmedia.com ransomware attack (RansomHub, 2025)
xtremmedia.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-01-10.
RansomwareUnknownalansarioman.com ransomware attack (Embargo, 2025)
alansarioman.com was named on the Embargo ransomware data-leak (extortion) site on 2025-01-09.
RansomwareUnknownawimc.com\$102.7M\USA\440GB\100% DISCLOSED ransomware attack (Cactus, 2025)
awimc.com\$102.7M\USA\440GB\100% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-01-09.
RansomwareUnknownazpay.me | SOLD ransomware attack (Bashe, 2025)
azpay.me | SOLD was named on the Bashe ransomware data-leak (extortion) site on 2025-01-09.
RansomwareUnknowncastlehillha.co.uk ransomware attack (RansomHub, 2025)
castlehillha.co.uk was named on the RansomHub ransomware data-leak (extortion) site on 2025-01-09.
RansomwareUnknownCO-VER Power Technology SpA Data Leak ransomware attack (Everest, 2025)
CO-VER Power Technology SpA Data Leak was named on the Everest ransomware data-leak (extortion) site on 2025-01-09.
RansomwareUnknowndepewgillen.com ransomware attack (Incransom, 2025)
depewgillen.com was named on the Incransom ransomware data-leak (extortion) site on 2025-01-09.
RansomwareUnknowndrive-lines.com ransomware attack (RansomHub, 2025)
drive-lines.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-01-09.
RansomwareUnknownevasair.com ransomware attack (Eldorado, 2025)
evasair.com was named on the Eldorado ransomware data-leak (extortion) site on 2025-01-09.
RansomwareUnknownFukoku Co. Ltd. ransomware attack (Spacebears, 2025)
Fukoku Co. Ltd. was named on the Spacebears ransomware data-leak (extortion) site on 2025-01-09.
RansomwareUnknownhapsch.de ransomware attack (Threeam, 2025)
hapsch.de was named on the Threeam ransomware data-leak (extortion) site on 2025-01-09.
RansomwareUnknownIzmocars Data Leak ransomware attack (Everest, 2025)
Izmocars Data Leak was named on the Everest ransomware data-leak (extortion) site on 2025-01-09.
RansomwareUnknownMyhealthcarebilling Data Leak ransomware attack (Everest, 2025)
Myhealthcarebilling Data Leak was named on the Everest ransomware data-leak (extortion) site on 2025-01-09.
RansomwareUnknownSarah Car Care Data Leak ransomware attack (Everest, 2025)
Sarah Car Care Data Leak was named on the Everest ransomware data-leak (extortion) site on 2025-01-09.
RansomwareUnknownTelefónica Hellcat infostealer-to-Jira breach (Spain, 2025)
Infostealer malware on the endpoints of 15+ Telefónica employees gave the Hellcat ransomware group credentials into the company's internal Jira ticketing system. Social-engineering escalated the access to SSH. The group did not extort — it publicly published 2.3 GB including 24,000 employee emails, 470,000 internal Jira tickets, and 5,000 internal documents.
www.excelresourcing.co.uk ransomware attack (RansomHub, 2025)
www.excelresourcing.co.uk was named on the RansomHub ransomware data-leak (extortion) site on 2025-01-09.
RansomwareUnknownwww.fairhallzhang.com ransomware attack (RansomHub, 2025)
www.fairhallzhang.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-01-09.
RansomwareUnknownwww.leaguecenter.org ransomware attack (RansomHub, 2025)
www.leaguecenter.org was named on the RansomHub ransomware data-leak (extortion) site on 2025-01-09.
RansomwareUnknownwww.mie.com.my ransomware attack (RansomHub, 2025)
www.mie.com.my was named on the RansomHub ransomware data-leak (extortion) site on 2025-01-09.
RansomwareUnknownwww.primalwear.com ransomware attack (RansomHub, 2025)
www.primalwear.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-01-09.
RansomwareUnknownwww.rotaryeng.co.th ransomware attack (RansomHub, 2025)
www.rotaryeng.co.th was named on the RansomHub ransomware data-leak (extortion) site on 2025-01-09.
RansomwareUnknownwww.temotekstil.com.tr ransomware attack (RansomHub, 2025)
www.temotekstil.com.tr was named on the RansomHub ransomware data-leak (extortion) site on 2025-01-09.
RansomwareUnknownacquafertil.com.br ransomware attack (RansomHub, 2025)
acquafertil.com.br was named on the RansomHub ransomware data-leak (extortion) site on 2025-01-08.
RansomwareUnknownbendixengineering ransomware attack (Ransomblog_noname, 2025)
bendixengineering was named on the Ransomblog_noname ransomware data-leak (extortion) site on 2025-01-08.
RansomwareUnknownfwmep.edu ransomware attack (Incransom, 2025)
fwmep.edu was named on the Incransom ransomware data-leak (extortion) site on 2025-01-08.
RansomwareUnknownGeneral Digital ransomware attack (Spacebears, 2025)
General Digital was named on the Spacebears ransomware data-leak (extortion) site on 2025-01-08.
RansomwareUnknownGeneral Digital CRM ransomware attack (Spacebears, 2025)
General Digital CRM was named on the Spacebears ransomware data-leak (extortion) site on 2025-01-08.
RansomwareUnknownHuntington Hotel Group ransomware attack (Termite, 2025)
Huntington Hotel Group was named on the Termite ransomware data-leak (extortion) site on 2025-01-08.
RansomwareUnknownkingpower.com ransomware attack (Abyss, 2025)
kingpower.com was named on the Abyss ransomware data-leak (extortion) site on 2025-01-08.
RansomwareUnknownsahpetrol.com.tr ransomware attack (RansomHub, 2025)
sahpetrol.com.tr was named on the RansomHub ransomware data-leak (extortion) site on 2025-01-08.
RansomwareUnknownScholastic data breach (2025)
In January 2025, a data breach of the publishing company Scholastic surfaced. The breach contained 4.2M unique email addresses with many of the records also including name, phone number and physical address.
Data breachResolvedastaphans.com ransomware attack (Lynx, 2025)
astaphans.com was named on the Lynx ransomware data-leak (extortion) site on 2025-01-07.
RansomwareUnknownjimthompson.com ransomware attack (Lynx, 2025)
jimthompson.com was named on the Lynx ransomware data-leak (extortion) site on 2025-01-07.
RansomwareUnknownSaint-Bar (saintbar.be) ransomware attack (FOG, 2025)
Saint-Bar (saintbar.be) was named on the FOG ransomware data-leak (extortion) site on 2025-01-07.
RansomwareUnknownSunflower Medical Group ransomware attack (Rhysida, 2025)
Sunflower Medical Group was named on the Rhysida ransomware data-leak (extortion) site on 2025-01-07.
RansomwareUnknownu0 Excel Transportation ransomware attack (Lynx, 2025)
u0 Excel Transportation was named on the Lynx ransomware data-leak (extortion) site on 2025-01-07.
RansomwareUnknownmolars.co.ke ransomware attack (RansomHub, 2025)
molars.co.ke was named on the RansomHub ransomware data-leak (extortion) site on 2025-01-06.
RansomwareUnknownyoniot.cn ransomware attack (Darkvault, 2025)
yoniot.cn was named on the Darkvault ransomware data-leak (extortion) site on 2025-01-06.
RansomwareUnknownakantha.fr ransomware attack (Eldorado, 2025)
akantha.fr was named on the Eldorado ransomware data-leak (extortion) site on 2025-01-05.
RansomwareUnknownCar Care Plan - Turkey ransomware attack (Hellcat, 2025)
Car Care Plan - Turkey was named on the Hellcat ransomware data-leak (extortion) site on 2025-01-05.
RansomwareUnknownHunter Taubman Fischer & Li ransomware attack (Lynx, 2025)
Hunter Taubman Fischer & Li was named on the Lynx ransomware data-leak (extortion) site on 2025-01-05.
RansomwareUnknownaliorbank.pl ransomware attack (Bashe, 2025)
aliorbank.pl was named on the Bashe ransomware data-leak (extortion) site on 2025-01-04.
RansomwareUnknownassurified.com ransomware attack (Bashe, 2025)
assurified.com was named on the Bashe ransomware data-leak (extortion) site on 2025-01-04.
RansomwareUnknownbaldinger-ag.ch ransomware attack (Bashe, 2025)
baldinger-ag.ch was named on the Bashe ransomware data-leak (extortion) site on 2025-01-04.
RansomwareUnknownbigalsfoodservice.co.uk ransomware attack (Bashe, 2025)
bigalsfoodservice.co.uk was named on the Bashe ransomware data-leak (extortion) site on 2025-01-04.
RansomwareUnknownbms.com ransomware attack (Bashe, 2025)
bms.com was named on the Bashe ransomware data-leak (extortion) site on 2025-01-04.
RansomwareUnknowncertifiedinfosec.com ransomware attack (Bashe, 2025)
certifiedinfosec.com was named on the Bashe ransomware data-leak (extortion) site on 2025-01-04.
RansomwareUnknowncredio.eu ransomware attack (Bashe, 2025)
credio.eu was named on the Bashe ransomware data-leak (extortion) site on 2025-01-04.
RansomwareUnknowndatascan.com ransomware attack (Eldorado, 2025)
datascan.com was named on the Eldorado ransomware data-leak (extortion) site on 2025-01-04.
RansomwareUnknownfpj.com.py PART1 ransomware attack (Bashe, 2025)
fpj.com.py PART1 was named on the Bashe ransomware data-leak (extortion) site on 2025-01-04.
RansomwareUnknownfpj.com.py PART2 ransomware attack (Bashe, 2025)
fpj.com.py PART2 was named on the Bashe ransomware data-leak (extortion) site on 2025-01-04.
RansomwareUnknownfpj.com.py PART3 ransomware attack (Bashe, 2025)
fpj.com.py PART3 was named on the Bashe ransomware data-leak (extortion) site on 2025-01-04.
RansomwareUnknowngannons.co.uk ransomware attack (Bashe, 2025)
gannons.co.uk was named on the Bashe ransomware data-leak (extortion) site on 2025-01-04.
RansomwareUnknownhasa-arg.com ransomware attack (Eldorado, 2025)
hasa-arg.com was named on the Eldorado ransomware data-leak (extortion) site on 2025-01-04.
RansomwareUnknownlamaisonducitron.com ransomware attack (Bashe, 2025)
lamaisonducitron.com was named on the Bashe ransomware data-leak (extortion) site on 2025-01-04.
RansomwareUnknownlegilog.fr ransomware attack (Bashe, 2025)
legilog.fr was named on the Bashe ransomware data-leak (extortion) site on 2025-01-04.
RansomwareUnknownminerasancristobal.com ransomware attack (Bashe, 2025)
minerasancristobal.com was named on the Bashe ransomware data-leak (extortion) site on 2025-01-04.
RansomwareUnknownMontreal North ransomware attack (Rhysida, 2025)
Montreal North was named on the Rhysida ransomware data-leak (extortion) site on 2025-01-04.
RansomwareUnknownnetromsoftware.ro ransomware attack (Bashe, 2025)
netromsoftware.ro was named on the Bashe ransomware data-leak (extortion) site on 2025-01-04.
RansomwareUnknownnorthernsafety.com ransomware attack (Bashe, 2025)
northernsafety.com was named on the Bashe ransomware data-leak (extortion) site on 2025-01-04.
RansomwareUnknownperucontrols.com ransomware attack (Eldorado, 2025)
perucontrols.com was named on the Eldorado ransomware data-leak (extortion) site on 2025-01-04.
RansomwareUnknownpindrophearing.co.uk ransomware attack (Bashe, 2025)
pindrophearing.co.uk was named on the Bashe ransomware data-leak (extortion) site on 2025-01-04.
RansomwareUnknownpolleninformation.at ransomware attack (Bashe, 2025)
polleninformation.at was named on the Bashe ransomware data-leak (extortion) site on 2025-01-04.
RansomwareUnknownprixet.com ransomware attack (Bashe, 2025)
prixet.com was named on the Bashe ransomware data-leak (extortion) site on 2025-01-04.
RansomwareUnknownprotectasecurity.pe ransomware attack (Bashe, 2025)
protectasecurity.pe was named on the Bashe ransomware data-leak (extortion) site on 2025-01-04.
RansomwareUnknownsansirostadium.com ransomware attack (Bashe, 2025)
sansirostadium.com was named on the Bashe ransomware data-leak (extortion) site on 2025-01-04.
RansomwareUnknownscopeset.de ransomware attack (Bashe, 2025)
scopeset.de was named on the Bashe ransomware data-leak (extortion) site on 2025-01-04.
RansomwareUnknownsella.eng.br ransomware attack (Bashe, 2025)
sella.eng.br was named on the Bashe ransomware data-leak (extortion) site on 2025-01-04.
RansomwareUnknownservicepower.com ransomware attack (Bashe, 2025)
servicepower.com was named on the Bashe ransomware data-leak (extortion) site on 2025-01-04.
RansomwareUnknownsfr.fr ransomware attack (Bashe, 2025)
sfr.fr was named on the Bashe ransomware data-leak (extortion) site on 2025-01-04.
RansomwareUnknownsiapenet.gov.br ransomware attack (Bashe, 2025)
siapenet.gov.br was named on the Bashe ransomware data-leak (extortion) site on 2025-01-04.
RansomwareUnknowntalonsolutions.co.uk ransomware attack (Bashe, 2025)
talonsolutions.co.uk was named on the Bashe ransomware data-leak (extortion) site on 2025-01-04.
RansomwareUnknowntrifecta.com ransomware attack (Bashe, 2025)
trifecta.com was named on the Bashe ransomware data-leak (extortion) site on 2025-01-04.
RansomwareUnknowntrinitesolutions.com ransomware attack (Bashe, 2025)
trinitesolutions.com was named on the Bashe ransomware data-leak (extortion) site on 2025-01-04.
RansomwareUnknownAmourgis & Associates ransomware attack (Lynx, 2025)
Amourgis & Associates was named on the Lynx ransomware data-leak (extortion) site on 2025-01-03.
RansomwareUnknownNikki-Universal Co Ltd ransomware attack (Hunters International, 2025)
Nikki-Universal Co Ltd was named on the Hunters International ransomware data-leak (extortion) site on 2025-01-03.
RansomwareUnknownwww.alliancemat.com ransomware attack (RansomHub, 2025)
www.alliancemat.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-01-03.
RansomwareUnknownwww.geedingconstruction.com ransomware attack (RansomHub, 2025)
www.geedingconstruction.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-01-03.
RansomwareUnknownconfluxhr.com ransomware attack (Darkvault, 2025)
confluxhr.com was named on the Darkvault ransomware data-leak (extortion) site on 2025-01-02.
RansomwareUnknowngroupegm.com ransomware attack (RansomHub, 2025)
groupegm.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-01-02.
RansomwareUnknownCM Buck & Associates ransomware attack (Lynx, 2025)
CM Buck & Associates was named on the Lynx ransomware data-leak (extortion) site on 2025-01-01.
RansomwareUnknownhttp://www.kitevuc.com ransomware attack (Ciphbit, 2025)
http://www.kitevuc.com was named on the Ciphbit ransomware data-leak (extortion) site on 2025-01-01.
RansomwareUnknownlianbeng.sg ransomware attack (RansomHub, 2025)
lianbeng.sg was named on the RansomHub ransomware data-leak (extortion) site on 2025-01-01.
RansomwareUnknownregencymedia ransomware attack (LockBit, 2025)
regencymedia was named on the LockBit ransomware data-leak (extortion) site on 2025-01-01.
RansomwareUnknown
2024
142 incidentsLeak at Cogitis
On 31 December 2024, the DragonForce ransomware gang listed Cogitis — a French inter-municipal IT syndicate serving local authorities — on its leak site, claiming around 81 GB of exfiltrated data including internal files and personal data tied to the public bodies it supports.
Leak at Atos
On 28 December 2024, the Space Bears ransomware group claimed to have compromised an Atos database; the French IT giant investigated and concluded its own systems were not breached, attributing the leaked Atos-related data to a compromised external third-party infrastructure.
Leak at Arsoé
A ransomware attack disclosed in late December 2024 crippled Arsoé de Soual, the agricultural IT provider hosting livestock-management software for ~30,000 farmers across some 22 French departments; systems were encrypted and a ransom demanded, with no data exfiltration detected.
Data leak at Volkswagen
A misconfigured Amazon cloud storage system run by Volkswagen software subsidiary Cariad exposed data on about 800,000 EV owners across VW, Audi, Seat and Skoda, including contact details and precise vehicle location data for roughly 466,000 cars.
Movistar Peru data leak
A database containing roughly 22 million records on Movistar Peru customers — DNI numbers, names, birth dates, and addresses collected between 2016 and 2018 — circulated freely on hacking forums over the December holiday break.
Leak at Peugeot
In December 2024, the ransomware-as-a-service group Cicada 3301 claimed to have stolen 40 GB of data from Peugeot dealerships (mainly in Lot-et-Garonne, France), including customer ID documents, VINs and vehicle inventory data, threatening to publish it by 6 January 2025.
Leak at Cyberhaven
On 25 Dec 2024, data-security firm Cyberhaven's Chrome extension was hijacked via a phishing attack and pushed a malicious update that exfiltrated cookies and session tokens from roughly 400,000 users over a 24-hour window.
Speedio data breach (2024)
In December 2024, data alleged to have been taken from the Brazilian lead generation platform Speedio was posted for sale to a popular hacking forum. The data was allegedly obtained from an unsecured Elasticsearch instance and contained over 62M records of largely public business information…
Leak at Electro Dépôt
Customer data attributed to French electronics retailer Electro Dépôt surfaced as one of at least 17 French breaches consolidated on an open database, exposing names, contact details, IP addresses and partial payment data.
Leak at Go Sport
In December 2024, French sporting-goods retailer Go Sport was named in dark-web claims of a customer data leak; the alleged fresh breach was debunked, with the data tracing back to a 'go-sport.com' file in an earlier compilation of past French breaches.
Data leak at Sport 2000
Customer database of French sporting-goods retailer Sport 2000 — covering roughly 4.3 million people — was stolen and circulated on hacking forums and the dark web, exposing names, contact details, dates of birth and purchase history.
Data leak at Wakanim
Wakanim user data surfaced in a misconfigured, publicly accessible ElasticSearch server hoarding ~95 million records from 17 past French breaches, exposing names, emails, postal and IP addresses and phone numbers.
BitView data breach (2024)
In December 2024, the video sharing Community BitView suffered a data breach that exposed 63k customer records. Attributed to a backup taken by a previous administrator earlier in the year, the breach exposed email and IP addresses, bcrypt password hashes, usernames, bios, private messages, video…
Data breachResolvedData leak at Top Achat
On 12 December 2024, French PC-hardware e-tailer Top Achat (LDLC group) disclosed a breach exposing customer names, email and postal addresses; no passwords or payment data were affected. The intrusion was linked to an earlier compromise at parent company LDLC.
Young Living Essential Oils data breach (2024)
In December 2024, data claimed to be breached from the multi-level marketing company Young Living Essential Oils was posted to a popular hacking forum. The data contained 1.1M unique email addresses alongside names, the country of the account and in many cases, their date of birth.
Data breachResolvedLeak at LDLC
On 10 December 2024, French high-tech e-commerce retailer LDLC disclosed a data breach exposing personal data (names, email addresses, phone numbers) of both its online and in-store customers — potentially several million people — though it stated no financial or sensitive data was affected.
Electrica Group Lynx ransomware attack
The Lynx ransomware gang breached Electrica Group, one of Romania's largest electricity suppliers serving 3.8 million users, disrupting customer-facing services while SCADA and other critical grid systems were isolated and kept running.
Leak at Deloitte
On 4 December 2024, the Brain Cipher ransomware group publicly claimed to have stolen over 1 TB of data from Deloitte UK; Deloitte said the allegations related to a single client's system outside its own network and that no Deloitte systems were impacted.
Leak at Guy Demarle
French bakeware and kitchenware brand Guy Demarle disclosed in December 2024 that a cyberattack had copied part of its customer database, exposing names, postal addresses, email addresses and phone numbers; passwords and banking data were not affected.
Leak at Norauto
On 2 December 2024, French automotive retailer Norauto disclosed a cyberattack on its vehicle-rental service that exposed personal data of about 78,000 customers, including names, contact details and, in some cases, ID-document numbers; the dataset was put up for sale on BreachForums.
RECOPE RansomHub ransomware attack
RansomHub ransomware forced Costa Rica's state oil refiner RECOPE to switch its entire fuel-distribution network to manual operations, triggering the first real-world deployment of the U.S. State Department's FALCON cyber-response program.
Data leak at Ze Camping
On 27 November 2024, a database from French camping-holiday booking platform Ze Camping (ze-camping.fr) covering 2014-2024 was advertised for sale on a darknet forum, exposing some 1.6 million records including names, logins, hashed passwords, dates of birth, phone numbers and postal addresses.
Leak at JVS
On 26 November 2024, a dataset of user-account records tied to JVS-Mairistem — a leading French software vendor for municipalities and local authorities — was reported leaked, exposing names, email addresses, logins, phone numbers and the associated local authority.
Data leak at SFR
On 24 November 2024, a threat actor advertised a leak of personal data on 3.6 million customers of French telecom operator SFR — names, postal and email addresses, dates of birth and phone numbers — plus 150,000 IBANs offered for separate sale on the dark web.
Leak at Banque de France
On 23 November 2024, the threat actor Near2tlg advertised data allegedly stolen from France's central bank; the Banque de France denied any compromise of its secure systems, acknowledging only brief unauthorized access to an HR extranet with no sensitive data exposed.
Senior Dating data breach (2024)
In 2024, the 40+ dating website Senior Dating suffered a data breach. Attributed to an exposed Firebase database, the breach included extensive personal information on 766k users of the service including email addresses, photos, genders, links to Facebook accounts, dates of birth and precise…
Data breachResolvedLeak at Companie de Transport Strasbourgeoise
In November 2024, the Compagnie des Transports Strasbourgeois (CTS) — Strasbourg's public transport operator — detected fraudulent logins to about 100 of its roughly 350,000 customer accounts via a credential-stuffing attack reusing passwords stolen in unrelated breaches.
Leak at Chambres d'agriculture
In November 2024, the Chambres d'agriculture d'Occitanie — France's regional public chambers of agriculture — were hit by a malware/ransomware-type cyberattack that spread across their interconnected national network and rendered the workstations of roughly 1,000 regional staff unusable.
Yonéma data breach (2024)
In November 2024, data from the Senegalese payment platform Yonéma was posted to a popular hacking forum. The data included 36k unique email addresses alongside phone numbers, names and what appears to be encrypted passwords and dates of birth.
Data breachResolvedLeak at Auchan
On 19 November 2024, French retailer Auchan disclosed a breach of its loyalty programme exposing the personal data of more than 500,000 customers — names, contact details, dates of birth, family composition and loyalty-card/balance information; no bank data or passwords were affected.
Leak at Direct Assurance
In November 2024, French online insurer Direct Assurance was breached via a compromised employee account, exposing personal data of roughly 15,000 clients and prospects — including the IBAN/RIB banking details of about 5,800 of them — later offered for sale online.
Leak at Mediboard
On 19 Nov 2024 a threat actor put the records of ~758,912 patients of French healthcare provider Aléo Santé — extracted via a compromised privileged account on the Mediboard patient-record platform — up for sale on BreachForums, exposing identities, contact details and sensitive medical data.
FlipaClip data breach (2024)
In November 2024, the animation app FlipaClip suffered a data breach that exposed almost 900k records due to an exposed Firebase server. The impacted data included name, email address, country and date of birth. FlipaClip advised the issue has since been rectified.
Data breachResolvedLeak at Le Point
On 18 November 2024, French news magazine Le Point disclosed a breach traced to a compromised subscriber-management subcontractor, exposing the names, postal/email addresses and phone numbers of an estimated 900,000 current and former readers.
The Real World data breach (2024)
In November 2024, the online course founded by Andrew Tate known as "The Real World" (previously "Hustler's University" suffered a data breach that exposed almost 325k users of the platform. The impacted data was limited to usernames, email addresses and chat logs.
Data breachResolvedLeak at Huttopia
On 14 November 2024, a data leak affecting Huttopia, the French eco-tourism and glamping operator, exposed customer records including last names, first names and email addresses.
PoinCampus data breach (2024)
In November 2024, the South Korean education platform PoinCampus suffered a data breach which was later published to a popular hacking forum. The data included 89k unique email addresses, names and a small number of phone numbers and dates of birth.
Data breachResolvedLeak at Molotov
Around 13 November 2024, French streaming TV service Molotov disclosed a data breach exposing roughly 10.8 million email addresses, along with the names and dates of birth of users who had supplied them; no passwords or banking data were affected.
Leak at Picard
On 12 November 2024, French frozen-food retailer Picard disclosed a credential-stuffing attack that compromised the loyalty accounts of around 45,000 customers, exposing personal and loyalty-programme data; no banking data was affected and the company notified the CNIL.
Tibber data breach (2024)
In November 2024, the German electricity provider Tibber suffered a data breach that exposed the personal information of 50k customers. The data included names, email addresses, geographic locations (city and postcode) and total spend on purchases.
Data breachResolved1win data breach (2024)
In November 2024, the online betting platform 1win suffered a data breach that exposed 96M users. The exposed data included email and IP addresses, phone numbers, dates of birth, country and SHA-256 password hashes.
Data breachResolvedRENIEC Peru citizen data leak
A threat actor advertised a database said to hold around 37 million records from Peru's national identity registry RENIEC, including DNI numbers, names, birth data, and addresses; RENIEC disputed that its systems were breached.
Interbank Peru data breach
After a two-week extortion negotiation collapsed, a threat actor known as kzoldyck leaked 3.7 TB of data on roughly 3 million Interbank customers, including names, DNI numbers, card data, and plaintext credentials.
SuperDraft data breach (2024)
In October 2024, the fantasy sports platform SuperDraft suffered a data breach that exposed over 300k customer records. The breach contained 24GB of data including email addresses, usernames, purchases, latitudes and longitudes, dates of birth and bcrypt password hashes.
Data breachResolvedLeak at Free
In late October 2024, French ISP Free (Iliad group) disclosed a breach after attackers accessed an internal management tool, exposing subscriber identity and contact data plus around 5.1 million IBANs; the stolen data was later auctioned and sold online.
Leak at Ornikar
In late October 2024, French online driving school Ornikar disclosed a breach after an attacker offered a database of up to 4.2 million customer accounts for sale, exposing names, dates of birth, email and postal addresses, and phone numbers; bank data and passwords were unaffected.
Hot Topic data breach (2024)
In October 2024, retailer Hot Topic suffered a data breach that exposed 57 million unique email addresses. The impacted data also included physical addresses, phone numbers, purchases, genders, dates of birth and partial credit data containing card type, expiry and last 4 digits.
Earth 2 data breach (2024)
In October 2024, 421k unique email addresses from the virtual earth game Earth 2 were derived from embedded Gravatar images. Appearing alongside player usernames, the root cause was related to how Gravatar presents links to avatars as MD5 hashes within consuming services, a feature Earth 2 advised…
Data breachResolvedFinsure data breach (2024)
In October 2024, almost 300k unique email addresses from Australian mortgage broking group Finsure were obtained from the ActivePipe real estate marketing platform. The impacted data also included names, phone numbers and physical addresses.
Flat Earth Sun, Moon and Zodiac App data breach (2024)
In October 2024, the flat earth sun, moon and zodiac app created by Flat Earth Dave was found to be leaking extensive personal information of its users.
Data breachResolvedThe Club Penguin Experience data breach (2024)
In October 2024, The Club Penguin Experience (TCPE) suffered a data breach. The incident exposed over 6k subscribers' email addresses alongside usernames, age groups, passwords stored as bcrypt hashes and in some cases, plain text password hints.
Data breachResolvedSalt Typhoon US telecom espionage campaign (2024)
China-linked Salt Typhoon infiltrated at least nine U.S. telecom providers — Verizon, AT&T, T-Mobile, Spectrum, Lumen, Consolidated, Windstream — including the CALEA lawful-intercept systems used for court-authorised wiretaps. Metadata for over a million users was exposed; the U.S. Treasury sanctioned a linked PRC contractor.
Switch data breach (2024)
In October 2024, the Hungarian IT headhunting service Switch inadvertently exposed thousands of customer records via a public GitHub repository. The exposed data contained job applications with names, email addresses and in some cases, commentary on the applicant.
Leak at Meilleurtaux
In late September 2024, French credit and insurance broker Meilleurtaux disclosed that an external attack on its IT systems had exposed sensitive personal data of customers, including names, contact details, dates of birth, family situation, income and employment status.
digiDirect data breach (2024)
In September 2024, a data breach sourced from the Australian retailer digiDirect was published to a popular hacking forum. The breach exposed over 300k rows of data including email and physical address, name, phone number and date of birth.
Internet Archive data breach (2024)
In September 2024, the Internet Archive's authentication database — 31 million records with emails, screen names, and bcrypt password hashes — was stolen, followed by a website defacement and a wave of DDoS attacks.
French Citizens data breach (2024)
In September 2024, over 90M rows of data on French Citizens was found left exposed in a publicly facing database. Compiled from various data breaches, the corpus contained 28M unique email addresses with the various source breaches each exposing different fields including name, physical and IP…
Data breachResolvedLeak at RED by SFR
In September 2024, RED by SFR — the low-cost mobile brand of French telecom SFR — disclosed a breach affecting several tens of thousands of recent customers, exposing names, contact details, IBANs, and SIM/handset identifiers after attackers accessed an order-management tool.
Muah.AI data breach (2024)
In September 2024, the "AI girlfriend" website Muah.AI suffered a data breach. The breach exposed 1.9M email addresses alongside prompts to generate AI-based images. Many of the prompts were highly sexual in nature, with many also describing child exploitation scenarios.
Data breachResolvedLeak at Assurance retraite
On 13 September 2024, France's Assurance retraite (Cnav) disclosed a breach of its PPAS social-action partner portal, exposing data on about 370,000 pension beneficiaries including names, addresses, social security numbers and approximate income.
Leak at Cybertek
On 12 September 2024, French computer-hardware retailer Cybertek disclosed a customer data breach stemming from a compromised shared IT provider, exposing names, email and postal addresses and phone numbers; passwords and payment data were not affected.
Instituto Nacional de Deportes de Chile data breach (2024)
In September 2024, the Instituto Nacional de Deportes de Chile (Chile's National Sports Institute) suffered a data breach. The incident exposed 1.7M rows of data with 320k unique email addresses alongside names, dates of birth, genders and bcrypt password hashes.
Data breachResolvedLeak at Cultura
On 10 September 2024, French cultural-goods retailer Cultura disclosed that a breach at a shared third-party IT provider exposed the personal data of about 1.5 million customers, including names, contact details and order history; passwords and bank data were not affected.
Leak at Boulanger
On the night of 6-7 September 2024, French electronics retailer Boulanger suffered a data breach traced to a shared third-party delivery/IT provider, exposing the names, postal and email addresses and phone numbers of several hundred thousand customers; no banking data was affected.
Halliburton RansomHub attack (2024)
RansomHub gained access to Halliburton's systems, prompting the oil-services giant to take infrastructure offline. The incident delayed invoicing and purchase orders, and Halliburton booked a $35 million loss in its SEC filings.
MC2 Data data breach (2024)
In August 2024, data aggregator MC2 Data left a database publicly accessible without a password which was subsequently discovered by a security researcher. The breach exposed the personal information of 2.1M subscribers to the service which was marketed under a series of different brand names.
Data breachResolvedNational Public Data SSN breach
A breach of data broker National Public Data (Jerico Pictures) exposed a database of roughly 2.9 billion records containing names, Social Security numbers, dates of birth, and addresses scraped from public and non-public sources, triggering a wave of lawsuits and the company's bankruptcy.
Explore Talent (August 2024) data breach (2024)
In August 2024, a slew of security vulnerabilities were identified with a conglomerate of online services which included the talent network Explore Talent. A vulnerable API exposed the personal records of 11.4M users of the service of which 8.9M unique email addresses were provided to HIBP.
Data breachResolvedschenkYOU data breach (2024)
In September 2024, data from the online German gift store schenkYOU was put up for sale on a popular hacking forum. Obtained the month before, the data included 237k unique email addresses alongside names, dates of birth and salted SHA-256 password hashes.
Tracki data breach (2024)
In August 2024, a slew of security vulnerabilities were identified with a conglomerate of online services which included the GPS tracking service Tracki. Multiple vulnerabilities exposed the personal records of 372k users of the service including names and email addresses.
Data breachResolvedStar Health insurance breach and senior-official extortion (India, 2024)
A hacker using the alias xenZen exposed personal and medical data on 31.2 million Star Health customers via Telegram bots, alongside 5.76 million claims records. The leak escalated into a public extortion drama implicating a senior Star Health official.
Chris Leong data breach (2024)
In August 2024, the website of Master Chris Leong "a leading Tit Tar practitioner in Malaysia" suffered a data breach. The incident exposed 27k unique email addresses along with names, physical addresses, dates of birth, genders, nationalities and in many cases, links to Facebook profiles.
Data breachResolvedNot SOCRadar data breach (2024)
In August 2024, over 332M rows of email addresses were posted to a popular hacking forum. The post alleged the addresses were scraped from cybersecurity firm SOCRadar, however an investigation on their behalf concluded that "the actor merely utilised functionalities inherent in the platform's…
Data breachResolvedUbook data breach (2024)
In July 2024, 700k unique email addresses from the audiobook platform Ubook were posted to a popular hacking forum. Allegedly scraped from the service, the data appears to be sourced from the Ubook Exchange (UBX) and also includes names, genders, dates of birth and links to profile photos.
Data breachResolvedStealer Logs Posted to Telegram data breach (2024)
In July 2024, info stealer logs with 26M unique email addresses were collated from malicious Telegram channels. The data contained 22GB of logs consisting of email addresses, passwords and the websites they were used on, all obtained by malware running on infected machines.
Data breachResolvedAT&T Snowflake call-records breach
AT&T disclosed that attackers used credentials stolen by infostealers to authenticate into its Snowflake cloud-data-warehouse tenant — which lacked MFA — and exfiltrated call and text metadata covering nearly all 110 million AT&T wireless customers.
The Heritage Foundation data breach (2024)
In July 2024, hacktivists published almost 2GB of data taken from The Heritage Foundation and their media arm, The Daily Signal. The data contained 72k unique email addresses, primarily used for commenting on articles (along with names, IP addresses and the comments left) and by content…
Data breachResolvedMSI data breach (2024)
In July 2024, MSI inadvertently exposed hundreds of thousands of customer records related to RMA claims that were subsequently found to be publicly accessible. The data included 250k unique email addresses alongside names, phone numbers, physical addresses and warranty claims.
Data breachResolvedLuLu data breach (2024)
In July 2024, the Emirati-based LuLu retail store suffered a data breach. The impacted data included 190k email addresses and associated phone numbers which were subsequently shared on a popular hacking forum.
Data breachResolvedAnimeLeague data breach (2024)
In July 2024, AnimeLeague disclosed a data breach of their services. The data was posted for sale on a popular hacking forum and included 2 databases covering both event registration records and a dump of the phpBB bulletin board.
Data breachResolvedFNTECH data breach (2024)
In July 2024, the events management platform FNTECH suffered a data breach that exposed 10k unique email addresses. The data contained registrants from various events, including participants of the Roblox Developer Conference registration list. The data also included names and IP addresses.
Data breachResolvedHusky Owners data breach (2024)
In July 2024, the Husky Owners forum website was defaced and linked to a breach of user data containing 16k records. The exposed data included usernames, email addresses, dates of birth and time zones.
Data breachResolvedLadies.com data breach (2024)
In 2024, the lesbian dating website ladies.com suffered a data breach. Attributed to an exposed Firebase database, the breach included extensive personal information on 119k users of the service including email addresses, photos, sexual orientation, genders, dates of birth and precise latitude and…
Data breachResolvedCentral Tickets data breach (2024)
In September 2024, data from the ticketing service Central Tickets was publicly posted to a hacking forum. The data suggests the breach occurred several months earlier and exposed 723k unique email addresses alongside names, phone numbers, IP addresses, purchases and passwords stored as unsalted…
Otelier data breach (2024)
In July 2024, a threat actor gained access to the hotel management platform Otelier and retrieved customer data from well-known hotel brands including Marriott, Hilton, and Hyatt.
Data breachResolvedShoe Zone data breach (2024)
In June 2024, the UK footwear chain Shoe Zone disclosed a data breach that was subsequently posted for sale on a popular hacking forum. The data included over 100k orders containing names, addresses, partial credit card numbers (card type and last 4 digits), and 46k unique email addresses.
Data breachResolvedBudTrader data breach (2024)
In July 2024, a data breach of the now defunct cannabis social platform BudTrader was posted for sale on a hacking forum. Dating back to the previous month, the breach of the website exposed 2.7M email addresses, usernames and WordPress password hashes.
Data breachResolvedSpyX data breach (2024)
In June 2024, spyware maker SpyX suffered a data breach that exposed almost 2M unique email addresses. The breach also exposed IP addresses, countries of residence, device information and 6-digit PINs in the password field.
Data breachResolvedZacks (2024) data breach (2024)
In June 2024, the investment research company Zacks was allegedly breached, and data was later published to a popular hacking forum. This comes after a separate Zacks data breach confirmed by the organisation in 2023 with the subsequent breach disclosing millions of additional records representing…
Data breachResolvedIndonesia National Data Centre (PDNS) ransomware attack
The Brain Cipher ransomware group encrypted Indonesia's Temporary National Data Centre (PDNS 2), disrupting 282 government services across more than 200 agencies and demanding an $8 million ransom the government refused to pay.
Z-lib data breach (2024)
In June 2024, almost 10M user records from Z-lib were discovered exposed online. Now defunct, Z-lib was a malicious clone of Z-Library, a well-known shadow online platform for pirating books and academic papers.
Data breachResolvedCDK Global BlackSuit ransomware (2024)
BlackSuit operators encrypted CDK Global's dealer-management platform, knocking ~15,000 North American car dealerships offline for nearly two weeks. A second attack hit on day two of recovery. Industry losses estimated at over $1 billion; CDK reportedly paid a $25 million ransom.
mSpy (2024) data breach (2024)
In June 2024, a huge trove of data from spyware maker mSpy was obtained by hacktivists and published online. Comprising of 142GB of user data and support tickets along with 176GB of more than half a million attachments, the data contained 2.4M unique email addresses, IP addresses names and photos.
Data breachResolvedKADOKAWA / Niconico BlackSuit ransomware (2024)
Phishing access let BlackSuit (Russian-linked) encrypt KADOKAWA's infrastructure and the Niconico video-sharing platform, taking services offline for two months. KADOKAWA paid ~$2.9M in cryptocurrency — and BlackSuit leaked the stolen 1.5 TB anyway.
Advance Auto Parts data breach (2024)
In June 2024, Advance Auto Parts confirmed they had suffered a data breach which was posted for sale to a popular hacking forum. Linked to unauthorised access to Snowflake cloud services, the breach exposed a large number of records related to both customers and employees.
Spytech data breach (2024)
In July 2024, spyware maker Spytech suffered a data breach that exposed data collected as recently as the previous month. Designed to "invisibly record everything users do", the breach exposed information related to both purchasers and targets of the product.
Data breachResolvedRobinsons Malls data breach (2024)
In June 2024, the Philippines' largest shopping-mall operators Robinsons Malls suffered a data breach stemming from their mobile app. The incident exposed 195k unique email addresses along with names, phone numbers, dates of birth, genders and the user's city and province.
Data breachResolvedTicketek data breach (2024)
In May 2024, the Australian event ticketing company Ticketek reported a data breach linked to a third party cloud-based platform. The following month, the data appeared for sale on a popular hacking forum and was later linked to a series of breaches of the Snowflake cloud storage service.
Operation Endgame data breach (2024)
In May 2024, a coalition of international law enforcement agencies took down a series of botnets in a campaign they coined "Operation Endgame". Data seized in the operation included impacted email addresses and passwords which were provided to HIBP to help victims learn of their exposure.
Data breachResolvedSnowflake customer-account credential-stuffing campaign (UNC5537, 2024)
A threat cluster tracked as UNC5537 / ShinyHunters used credentials harvested by infostealer malware to log into ~160 Snowflake customer tenants that lacked MFA. Victims included AT&T, Ticketmaster, Santander, LendingTree, Advance Auto Parts, Neiman Marcus, and Bausch Health. Ticketmaster alone exposed data for ~560 million users.
Combolists Posted to Telegram data breach (2024)
In May 2024, 2B rows of data with 361M unique email addresses were collated from malicious Telegram channels. The data contained 122GB across 1.7k files with email addresses, usernames, passwords and in many cases, the website they were entered into.
Data breachResolvedpcTattletale data breach (2024)
In May 2024, the spyware service pcTattletale suffered a data breach that defaced the website and posted tens of gigabytes of data to the homepage, allegedly due to pcTattletale not responding to a previous security vulnerability report.
Data breachResolvedBSNL telecom data breach
A threat actor advertised roughly 278 GB of data stolen from India's state-owned telecom BSNL — including IMSI numbers, SIM details, home location register data, and security keys — exposing millions of subscribers to SIM-cloning and fraud, in the carrier's second breach in six months.
MediSecure ransomware attack
A ransomware attack on Australian e-prescription provider MediSecure exposed the personal and health data of roughly 12.9 million Australians — one of the country's largest breaches — and pushed the company into administration and liquidation.
Ascension Health ransomware attack
Black Basta ransomware crippled Ascension, one of the largest U.S. health systems, after an employee downloaded a malicious file. The attack forced 140 hospitals onto manual operations for weeks, diverted ambulances, and ultimately exposed the data of nearly 5.6 million patients.
City of Helsinki Education Division breach
An attacker exploited an unpatched vulnerability in a remote access server to breach the City of Helsinki's Education Division, exposing personal data of tens of thousands of students, guardians, and staff, plus sensitive welfare records.
The Post Millennial data breach (2024)
In May 2024, the conservative news website The Post Millennial suffered a data breach. The breach resulted in the defacement of the website and links posted to 3 different corpuses of data including hundreds of writers and editors (IP, physical address and email exposed), tens of thousands of…
Data breachResolvedData leak at Ticketmaster
In 2024, ticketing giant Ticketmaster (Live Nation) suffered a breach of a third-party Snowflake cloud database; data on up to 560 million customers — names, contact details, order history and partial payment-card data — was stolen and offered for sale by ShinyHunters.
Piping Rock data breach (2024)
In April 2024, 2.1M email addresses from the online health products store Piping Rock were publicly posted to a popular hacking forum. The data also included names, phone numbers and physical addresses.
Data breachResolvedTappware data breach (2024)
In April 2024, a substantial volume of data was taken from the Bangladeshi IT services provider Tappware and published to a popular hacking forum. Comprising of 95k unique email addresses, the data also included extensive labour information on local citizens including names, physical addresses, job…
Data breachResolvedT2 data breach (2024)
In April 2024, 95k records from the T2 tea store were posted to a popular hacking forum. Data included email and physical addresses, names, phone numbers, dates of birth, purchases and passwords stored as scrypt hashes.
Data breachResolvedLeak at Le Slip Français
In April 2024, French apparel brand Le Slip Français disclosed a customer data breach exposing names, phone numbers, postal and email addresses and order numbers; roughly 1.5 million email addresses and close to 700,000 full customer profiles were affected. No passwords or payment data were involved.
MovieBoxPro data breach (2024)
In April 2024, over 6M records from the streaming service MovieBoxPro were scraped from a vulnerable API. Of questionable legality, the service provided no contact information to disclose the incident, although reportedly the vulnerability was rectified after being mass enumerated.
Data breachResolvedNeiman Marcus data breach (2024)
In 2024, the luxury retailer Neiman Marcus had data stolen from its Snowflake cloud environment via stolen credentials. The company reported about 64,000 individuals to regulators, but the leaked dataset exposed roughly 31 million unique email addresses along with names, contact details and gift-card numbers.
Salvadoran Citizens data breach (2024)
In April 2024, nearly 6 million records of Salvadoran citizens were published to a popular hacking forum. The data included names, dates of birth, phone numbers, physical addresses and nearly 1M unique email addresses. Further, over 5M corresponding profile photos were also included in the breach.
Data breachResolvedPandabuy data breach (2024)
In March 2024, 1.3M unique email addresses from the online store for purchasing goods from China, Pandabuy, were posted to a popular hacking forum. The data also included IP and physical addresses, names, phone numbers and order enquiries.
Data breachResolvedXZ Utils backdoor (CVE-2024-3094)
A multi-year social-engineering campaign by a maintainer persona named 'Jia Tan' planted a hidden SSH backdoor in the XZ Utils compression library (liblzma) versions 5.6.0 and 5.6.1, scoring CVSS 10.0 — caught by chance days before it could reach stable Linux releases worldwide.
Lookiero data breach (2024)
In August 2024, a data breach from the online styling service Lookiero was posted to a popular hacking forum. Dating back to March 2024, the data included 5M unique email addresses, with many of the records also including name, phone number and physical address.
Data breachResolvedboAt data breach (2024)
In March 2024, the Indian audio and wearables brand boAt suffered a data breach that exposed 7.5M customer records. The data included physical and email address, names and phone numbers, all of which were subsequently published to a popular clear web hacking forum.
Data breachResolvedKaspersky Club data breach (2024)
In March 2024, the independent fan forum Kaspersky Club suffered a data breach. The incident exposed 56k unique email addresses alongside usernames, IP addresses and passwords stored as either MD5 or bcrypt hashes.
England Cricket data breach (2024)
In March 2024, English Cricket's icoachcricket website suffered a data breach that exposed over 40k records. The data included email addresses and passwords stored as either bcrypt hashes, salted MD5 hashes or both.
Nigeria NIN national-ID data exposure
Unauthorized websites such as XpressVerify and AnyVerify were caught selling Nigerians' National Identification Numbers, Bank Verification Numbers, passports, and other personal data for as little as ₦100 — exploiting improperly governed API access to the NIMC identity database.
Leak at France Travail
On 8 March 2024, France's national employment agency France Travail disclosed a data breach exposing the personal data of up to 43 million jobseekers registered over the previous 20 years, including names, dates of birth, social security numbers and contact details.
HuntStand data breach (2024)
In March 2024, millions of records scraped from the hunting and land management service HuntStand were publicly posted to a popular hacking forum. The data included 2.8M unique email addresses with many records also containing name, date of birth and country.
Data breachResolvedGiant Tiger data breach (2024)
In March 2024, Canadian discount store Giant Tiger suffered a data breach that exposed 2.8M customer records. Attributed to a vendor of the retailer, the breach included physical and email addresses, names and phone numbers.
Data breachResolvedWoTLabs data breach (2024)
In March 2024, WoTLabs (World of Tanks Statistics and Resources) suffered a data breach and website defacement attributed to "chromebook breachers". The breach exposed 22k forum members' personal data including email and IP addresses, usernames, dates of birth and time zones.
Data breachResolvedFair Vote Canada data breach (2024)
In March 2024, the Canadian national citizens' campaign for proportional representation Fair Vote Canada suffered a data breach. The incident was attributed to "a well-meaning volunteer" who inadvertently exposed data from 2020 which included 134k unique email addresses, names, physical addresses,…
Leak at LDLC
In early March 2024, French electronics retailer LDLC confirmed a data breach affecting roughly 1.5 million in-store customers, exposing names, postal addresses, email addresses and phone numbers, though no banking or sensitive data.
Life360 data breach (2024)
In July 2024, data scraped from a misconfigured Life360 API was posted online after being obtained several months earlier. The records included 443k unique email addresses and in most cases, corresponding names and phone numbers (some records were null or obfuscated).
Data breachResolvedMr. Green Gaming data breach (2024)
In March 2024, the online games community Mr. Green Gaming suffered a data breach that exposed 27k user records. Acknowledged on their Discord server, the incident exposed email and IP addresses, usernames, geographic locations and dates of birth.
Data breachResolvedDemandScience by Pure Incubation data breach (2024)
In early 2024, a large corpus of data from DemandScience (a company owned by Pure Incubation), appeared for sale on a popular hacking forum. Later attributed to a leak from a decommissioned legacy system, the breach contained extensive data that was largely business contact information aggregated…
Data breachResolvedCutout.Pro data breach (2024)
In February 2024, the AI-powered visual design platform Cutout.Pro suffered a data breach that exposed 20M records. The data included email and IP addresses, names and salted MD5 password hashes which were subsequently broadly distributed on a popular hacking forum and Telegram channels.
Data breachResolvedSpyzie data breach (2024)
In February 2025, the spyware service Spyzie suffered a data breach along with sibling spyware services, Spyic and Cocospy. The Spyzie breach alone exposed almost 519k customer email addresses which were provided to HIBP, and reportedly also enabled unauthorised access to captured messages, photos,…
Data breachResolvedChange Healthcare ransomware (ALPHV/BlackCat)
ALPHV/BlackCat compromised Change Healthcare via Citrix portal lacking MFA, paralyzed U.S. prescription claims for weeks, and exfiltrated data on an estimated 100 million people.
Tangerine data breach (2024)
In February 2024, the Australian Telco Tangerine suffered a data breach that exposed over 200k customer records. Attributed to a legacy customer database, the data included physical and email addresses, names, phone numbers and dates of birth.
Doxbin (TOoDA) data breach (2024)
In February 2025, the "doxing" website Doxbin was compromised by a group calling themselves "TOoDA" and the data dumped publicly. Included in the breach were 336k unique email addresses alongside usernames.
Data breachResolvedRomanian hospitals ransomware wave
A Backmydata (Phobos-family) ransomware attack on the shared Hipocrate hospital information system encrypted data at 25 Romanian hospitals and forced about 75 more offline, pushing more than 100 facilities back to paper records.
Leak at Almerys, Viamedis
In early February 2024, French third-party health-payment operators Viamedis and Almerys disclosed breaches exposing data on about 33 million people — names, dates of birth, social security numbers and health-insurer details — in one of France's largest ever data breaches.
SurveyLama data breach (2024)
In February 2024, the paid survey website SurveyLama suffered a data breach that exposed 4.4M customer email addresses. The incident also exposed names, physical and IP addresses, phone numbers, dates of birth and passwords stored as either salted SHA-1, bcrypt or argon2 hashes.
Data breachResolvedSpoutible data breach (2024)
In January 2024, Spoutible had 207k records scraped from a misconfigured API that inadvertently returned excessive personal information. The data included names, usernames, email and IP addresses, phone numbers (where provided to the platform), genders and bcrypt password hashes.
Data breachResolvedSchneider Electric Sustainability Business Cactus ransomware (2024)
Cactus ransomware operators hit Schneider Electric's Sustainability Business division, taking the Resource Advisor consulting platform offline and exfiltrating approximately 1.5 TB of data — including passport scans and signed NDAs from customers like Hilton, PepsiCo, and Walmart.
Trello data breach (2024)
In January 2024, data was scraped from Trello and posted for sale on a popular hacking forum. Containing over 15M email addresses, names and usernames, the data was obtained by enumerating a publicly accessible resource using email addresses from previous breach corpuses.
Data breachResolved
2023
82 incidentsHathway data breach (2023)
In December 2023, hundreds of gigabytes of data allegedly taken from Indian ISP and digital TV provider Hathway appeared on a popular hacking website. The incident exposed extensive personal information including 4.7M unique email addresses along with names, physical and IP addresses, phone…
Data breachResolvedGLAMIRA data breach (2023)
In late 2023, the online jewellery store GLAMIRA suffered a data breach they attributed to "an unauthorised individual [who] briefly accessed one of our servers". The data was subsequently published on a popular hacking forum and included 875k email addresses, names, phone numbers and purchases.
Data breachResolvedInflateVids data breach (2023)
In December 2023, the inflatable and balloon fetish videos website InflateVids suffered a data breach. The incident exposed over 13k unique email addresses alongside usernames, IP addresses, genders and SHA-1 password hashes.
Data breachResolvedKyivstar wiper attack
Russia's Sandworm group destroyed thousands of virtual servers and workstations at Kyivstar, Ukraine's largest mobile operator, knocking out service for some 24 million subscribers and disrupting air-raid alerts, banking and payments in the most damaging cyberattack on Ukrainian telecoms since the 2022 invasion.
Westpole LockBit ransomware — Italian PA outage (2023)
LockBit 3.0 encrypted the data centres of Italian cloud provider Westpole, taking down PA Digitale's Urbi platform — which serves 1,300 Italian public administrations including 540 municipalities, the Quirinale presidency, ISTAT, the Bank of Italy, and the Ministry of Environment. Payroll, citizen services, and local-government workflows were degraded for weeks.
Welhof data breach (2023)
In late 2023, the Dutch appliance store Welhof suffered a data breach. The incident exposed over 100k unique email addresses along with names, physical addresses and the value of purchases made.
Data breachResolvedALAB Laboratoria ransomware data leak
The RA World ransomware gang breached Poland's nationwide ALAB Laboratoria medical-lab network, stealing patient test results and PESEL identity numbers. ALAB refused to pay, and the criminals published sensitive medical data on tens of thousands of patients in what became Poland's largest medical data breach.
Zadig & Voltaire data breach (2023)
In June 2024, a data brach sourced from French fashion brand Zadig & Voltaire was publicly posted to a popular hacking forum. The data included names, email and physical addresses, phone numbers and genders.
Data breachResolvedKitchenPal data breach (2023)
In November 2023, the kitchen management application KitchenPal suffered a data breach that exposed 146k lines of data. When contacted about the incident, KitchenPal advised the corpus of data came from a staging environment, although acknowledged it contained a small number of users for debugging…
Data breachResolvedBlooms Today data breach (2023)
In April 2024, 15M records from the online florist Blooms Today were listed for sale on a popular hacking forum. The most recent data in the breach corpus was from November 2023 and appeared alongside 3.2M unique email addresses, names, phone numbers physical addresses and partial credit card data…
Data breachResolvedICBC Financial Services LockBit ransomware (2023)
LockBit ransomware disrupted the U.S. broker-dealer arm of the world's largest bank, ICBC, jamming settlement of over $9 billion in U.S. Treasury trades. Bank staff sent critical settlement details by USB stick via a messenger across Manhattan. $62 billion of Treasuries failed to deliver in one day.
Chess data breach (2023)
In November 2023, over 800k user records were scraped from the Chess website and posted to a popular hacking forum. The data included email address, name, username and the geographic location of the user. A further 446k scraped records were later provided and added to HIBP.
Data breachResolvedLinkedIn Scraped and Faked Data (2023) data breach (2023)
In November 2023, a post to a popular hacking forum alleged that millions of LinkedIn records had been scraped and leaked. On investigation, the data turned out to be a combination of legitimate data scraped from LinkedIn and email addresses constructed from impacted individuals' names.
Data breachResolvedBritish Library Rhysida ransomware (2023)
Rhysida ransomware operators destroyed servers, demanded ~£600,000, and leaked 600 GB of internal data when the British Library refused to pay. The main catalogue did not return online — read-only — until January 2024. Recovery is consuming 40% of the Library's financial reserves.
Boeing LockBit ransomware via Citrix Bleed (2023)
LockBit operators exploited the Citrix Bleed vulnerability (CVE-2023-4966) to enter Boeing's parts and distribution business. Boeing did not pay; LockBit leaked roughly 45 GB of data, including Citrix logs, email backups, supplier lists, and 2020 pricing data.
Okta support case-management system breach
A threat actor used a stolen service-account credential — exposed via an employee's personal Google account — to access Okta's customer support case-management system, reading HAR files that contained session tokens and enabling session-hijacking against customers including 1Password, BeyondTrust and Cloudflare.
Toumei data breach (2023)
In October 2023, the Japanese consultancy firm Toumei suffered a data breach. The breach exposed over 100M lines and 10GB of data including 77k unique email addresses along with names, phone numbers and physical addresses.
23andMe credential-stuffing breach
Attackers used credentials reused from prior breaches to access 23andMe accounts, then leveraged the 'DNA Relatives' feature to scrape ancestry and genetic profile data on 6.9 million users from compromised relatives' connections.
Bangladesh Smart NID Telegram data leak
A Telegram bot offered up the names, photos, parents' names, phone numbers and addresses of Bangladeshi voters on demand from a 10-digit NID number, leaked through one of 174 organisations with access to the Election Commission's National ID server.
Facebook Marketplace data breach (2023)
In February 2024, 200k Facebook Marketplace records allegedly obtained from a Meta contractor in October 2023 were posted to a popular hacking forum. The data contained 77k unique email addresses alongside names, phone numbers, Facebook profile IDs and geographic locations.
Data breachResolvedShadow data breach (2023)
In September 2023, the cloud gaming provider Shadow suffered a data breach that exposed over half a million customer records. The data included email and physical addresses, names and dates of birth.
Data breachResolvedPhilHealth Medusa ransomware attack
The Medusa ransomware gang breached the Philippine Health Insurance Corporation, exfiltrating around 750 GB of sensitive member and medical data and demanding a $300,000 ransom; the government refused to pay and the data was leaked.
Hong Kong Consumer Council ransomware attack
A ransomware attack crippled roughly 80% of the Hong Kong Consumer Council's computer systems, with attackers exfiltrating about 65GB of data and demanding a US$500,000 ransom that the watchdog refused to pay.
Naz.API data breach (2023)
In September 2023, over 100GB of stealer logs and credential stuffing lists titled "Naz.API" was posted to a popular hacking forum. The incident contained a combination of email address and plain text password pairs alongside the service they were entered into, and standalone credential pairs…
Data breachResolvedIFX Networks supply-chain ransomware attack
A ransomware attack on regional cloud provider IFX Networks cascaded into more than 50 Colombian state and private entities — including the Ministry of Health, the Judiciary, and the Superintendency of Industry and Commerce — and affected 762 organisations across Latin America.
Lanka Government Cloud ransomware attack
A ransomware attack on Sri Lanka's Lanka Government Cloud encrypted around 5,000 gov.lk email accounts — including the Cabinet Office — and, because backups were also encrypted, permanently destroyed roughly three months of government email.
MGM Resorts ransomware (Scattered Spider + ALPHV)
Scattered Spider vished an MGM IT-desk agent, gained Okta admin, and let ALPHV detonate ransomware. Casinos went offline for ten days; the loss to MGM exceeded $100 million.
Sphero data breach (2023)
In September 2023, over 1M rows of data from the educational robots company Sphero was posted to a popular hacking forum. The data contained 832k unique email addresses alongside names, usernames, dates of birth and geographic locations.
Data breachResolvedMarket Moveis data breach (2023)
In August 2023, the Portuguese home decor company Market Moveis suffered a data breach that impacted 28k records. The exposed records were limited to names and email addresses.
Qakbot data breach (2023)
In August 2023, the US Justice Department announced a multinational operation involving actions in the United States, France, Germany, the Netherlands, and the United Kingdom to disrupt the botnet and malware known as Qakbot and take down its infrastructure.
Data breachResolvedCaesars Entertainment Scattered Spider ransom payment (2023)
Scattered Spider impersonated a Caesars employee on a call to a third-party IT support vendor and convinced the vendor to grant Okta credentials, then exfiltrated customer loyalty data including SSNs and driver's licences. Caesars paid roughly $15 million ransom; the FBI later froze a substantial portion of the funds with Chainalysis assistance.
PlayCyberGames data breach (2023)
In August 2023, PlayCyberGames which "allows users to play any games with LAN function or games using IP address" suffered a data breach which exposed 3.7M customer records. The data included email addresses, usernames and MD5 password hashes with a constant value in the "salt" field.
Data breachResolvedUK Electoral Commission data breach
Chinese state-linked hackers exploited unpatched Microsoft Exchange ProxyShell flaws to dwell undetected in the UK Electoral Commission's systems for over a year, accessing electoral-register data on roughly 40 million voters.
MagicDuel data breach (2023)
In August 2023, the MagicDuel Adventure website suffered a data breach that exposed 138k user records. The data included player names, email and IP addresses and bcrypt password hashes.
Data breachResolvedNorwegian government Ivanti zero-day breach
Attackers exploited an Ivanti Endpoint Manager Mobile zero-day (CVE-2023-35078, CVSS 10.0) to breach a shared ICT platform used by 12 Norwegian government ministries, with exploitation traced back to at least April 2023.
eCitizen Anonymous Sudan DDoS attack
The pro-Russian hacktivist group Anonymous Sudan flooded Kenya's eCitizen government portal with DDoS traffic, knocking out access to roughly 5,000 public services and disrupting M-Pesa, electricity tokens and visa processing for days.
Manipulated Caiman data breach (2023)
In July 2023, Perception Point reported on a phishing operation dubbed "Manipulated Caiman". Targeting primarily the citizens of Mexico, the campaign attempted to gain access to victims' bank accounts via spear phishing attacks using malicious attachments.
Data breachResolvedRightbiz data breach (2023)
In June 2023, data belonging to the "UK's No.1 Business Marketplace" Rightbiz appeared on a popular hacking forum. Comprising of more than 18M rows of data, the breach included 65k unique email addresses along with names, phone numbers and physical address.
Bangladesh government citizen data leak
A misconfigured Bangladeshi government birth-and-death registration website exposed the names, addresses, phone numbers and national ID numbers of more than 50 million citizens, discovered accidentally via a Google search.
Fédération Francaise de Rugby data breach (2023)
In June 2023, the Fédération Francaise de Rugby (French Rugby Federation) suffered a data breach and attempted ransom. The breach exposed 282k unique email addresses along with names, dates of birth and phone numbers.
Dymocks data breach (2023)
In September 2023, the Australian book retailer Dymocks announced a data breach. The data dated back to June 2023 and contained 1.2M records with 836k unique email addresses. The breach also exposed names, dates of birth, genders, phone numbers and physical addresses.
BreachForums Clone data breach (2023)
In June 2023, a clone of the previously shuttered popular hacking forum "BreachForums" suffered a data breach that exposed over 4k records. The breach was due to an exposed backup of the MyBB database which included email and IP addresses, usernames and Argon2 password hashes.
Data breachResolvede-Devlet (e-Government Gateway) data breach
Turkey's central e-Government portal was harvested for the records of an estimated 85 million citizens and residents, with ID numbers, addresses, phone numbers, family links, health and financial data sold online and updated in near real time.
JD Group data breach (2023)
In May 2023, the South African retailer JD Group announced a data breach affecting a number of their online assets including Bradlows, Everyshop, HiFi Corp, Incredible (Connection), Rochester, Russells, and Sleepmasters.
MOVEit Transfer mass exploitation (Cl0p)
Cl0p exploited CVE-2023-34362 in Progress Software's MOVEit Transfer to mass-extort over 2,700 organizations, including the BBC, British Airways, and the U.S. Department of Energy.
Greek school-exam system DDoS attack
A massive multi-day DDoS attack on Greece's 'Subject Bank' (Trapeza Thematon) high-school exam platform disrupted nationwide exams with up to 280,000 connections per second and 165 million hits from 114 countries, the largest attack on a Greek public body.
Polish Credentials data breach (2023)
In May 2023, a credential stuffing list of 6.3M Polish email address and password pairs appeared on a local forum. Likely obtained by malware running on victims' machines, each record included an email address and plain text password alongside the website the credentials were used on.
Data breachResolvedXplain ransomware attack and Swiss federal data leak
The Play ransomware gang breached Swiss IT supplier Xplain and leaked around 65,000 documents on the darknet, including sensitive Federal Administration files from the justice, police, and defence departments.
Xplain Play ransomware and Swiss federal documents leak (2023)
Play ransomware breached Swiss IT services provider Xplain, exfiltrating 1.3 million files. Approximately 65,000 documents belonging to the Swiss Federal Administration — including classified content, personal data, and readable passwords — were published on Play's dark-web leak site in June 2023.
Microsoft Storm-0558 signing-key theft and US government email access (2023)
China-based Storm-0558 forged authentication tokens using a stolen Microsoft consumer signing key and read email at approximately 25 organisations — including the US State Department, the Department of Commerce, and the U.S. Ambassador to China. The 'cascade of errors' that enabled it became a defining case for cloud-provider key custody.
Danish energy sector attacks (SektorCERT)
In May 2023, coordinated waves of attacks exploited Zyxel firewall vulnerabilities to breach 22 Danish energy companies, forcing some operators into island mode in what SektorCERT called Denmark's largest critical-infrastructure cyber incident to date.
Bank Syariah Indonesia (BSI) ransomware attack
The LockBit ransomware gang crippled Indonesia's largest Islamic bank for days, then leaked 1.5 TB of data covering some 15 million customers and employees after a $20 million ransom went unpaid.
Le Coq Sportif Columbia data breach (2023)
In January 2025, a data breach from the Columbian website for Le Coq Sportif was posted to a popular hacking forum. The data included almost 80k unique email addresses with the breach dating back to May 2023.
Data breachResolvedJobzone data breach (2023)
In April 2023, data from the Israeli jobs website Jobzone was posted online. The data included 30k records of email addresses, names, social security numbers, genders, dates of birth, fathers' names and physical addresses.
RentoMojo data breach (2023)
In April 2023, the Indian rental service RentoMojo suffered a data breach. The breach exposed over 2M unique email addresses along with names, phone, passport and Aadhaar numbers, genders, dates of birth, purchases and bcrypt password hashes.
Data breachResolvedGenesis Market data breach (2023)
In April 2023, the stolen identity marketplace Genesis Market was shut down by the FBI and a coalition of law enforcement agencies across the globe in "Operation Cookie Monster".
Data breachResolved9Near Thailand 55-million citizen data extortion
A hacker using the alias '9Near' threatened to leak the personal data of 55 million Thais, allegedly sourced via the government's Mor Prom health app; an army sergeant was later identified and surrendered.
Capita ransomware attack
A Black Basta ransomware intrusion into UK outsourcing giant Capita exposed pension and personal data on roughly 6.6 million people, drew a £14 million ICO fine, and cost the company over £25 million.
Tigo data breach (2023)
In Mid-2023, 300GB of data containing over 100M records from the Chinese video chat platform "Tigo" dating back to March that year was discovered. The data contained over 700k unique names, usernames, email and IP addresses, genders, profile photos and private messages.
Data breachResolved3CX supply-chain attack (DPRK)
North Korea-linked actors trojanized the 3CXDesktopApp softphone client, distributing the SmoothOperator malware through a legitimately-signed update to a customer base of over 600,000 organizations — the first documented cascading software supply-chain compromise, itself enabled by a prior breach of trading software X_TRADER.
Ferrari ransom-driven data breach
Ferrari disclosed that a threat actor had breached its systems and demanded a ransom over stolen client contact data — names, addresses, emails and phone numbers — which the luxury carmaker refused to pay.
Latitude Financial Services data breach
Australian consumer-credit lender Latitude Financial disclosed that attackers had exfiltrated 14 million records — including 7.9 million driver's licence numbers and 53,000 passport numbers — via credentials stolen from a service provider.
MediaWorks data breach (2023)
In March 2024, millions of rows of data from the New Zealand media company MediaWorks was publicly posted to a popular hacking forum. The incident exposed 163k unique email addresses provided by visitors who filled out online competitions and included names, physical addresses, phone numbers, dates…
DC Health Link data breach (2023)
In March 2023, DC Health Link discovered a data breach that was later publicly posted to a popular data breach forum. The impacted data included 48k unique email addresses alongside names, genders, dates of birth, home addresses, phone numbers and social security numbers.and "IntelBroker".
Data breachResolvedCityJerks data breach (2023)
In early 2023, the "mutual masturbation" website CityJerks suffered a data breach that exposed 177k unique email addresses. The breach also included data from the TruckerSucker "dating app for REAL TRUCKERS and REAL MEN" with the combined corpus of data also exposing usernames, IP addresses, dates…
Data breachResolvedTheGradCafe data breach (2023)
In February 2023, the grad school admissions search website TheGradCafe suffered a data breach that disclosed the personal records of 310k users. The data included email addresses, names and usernames, genders, geographic locations and passwords stored as bcrypt hashes.
Data breachResolvedPhished Data via CERT Poland data breach (2023)
In August 2023, CERT Poland observed a phishing campaign that collected credentials from 68k victims. The campaign collected email addresses and passwords via a phishing email masquerading as a purchase order confirmation.
Data breachResolvedHDB Financial Services data breach (2023)
In March 2023, the Indian non-bank lending unit HDB Financial Services suffered a data breach that disclosed over 70M customer records. Containing 1.6M unique email addresses, the breach also disclosed names, dates of birth, phone numbers, genders, post codes and loan information belonging to the…
Data breachResolvedFlutterwave unauthorized-transfer incidents
Nigeria's largest fintech suffered a series of unauthorized-transfer incidents in 2023, including a ₦2.9 billion ($4.2M) diversion across 28 accounts and a later ₦19 billion ($24M) loss via abused POS-merchant access, prompting Mareva injunctions to freeze thousands of beneficiary accounts.
The Kodi Foundation data breach (2023)
In February 2023, The Kodi Foundation suffered a data breach that exposed more than 400k user records. Attributed to an account belonging to "a trusted but currently inactive member of the forum admin team", the breach involved the administrator account creating a database backup that was…
Data breachResolvedIndigo Books LockBit ransomware
LockBit affiliates encrypted Canada's largest bookseller, taking the website and in-store payment systems offline for weeks. Indigo publicly refused the ransom; LockBit published employee personal data.
Convex data breach (2023)
In February 2023, the Russian telecommunications provider Convex was hacked by "Anonymous" who subsequently released 128GB of data publicly, alleging it revealed illegal government surveillance. The leaked data contained 150k unique email, IP and physical addresses, names and phone numbers.
Terravision data breach (2023)
In February 2023, the European airport transfers service Terravision suffered a data breach. The breach exposed over 2M records of customer data including names, phone numbers, email addresses, salted password hashes and in some cases, date of birth and country of origin.
Data breachResolvediRent Taiwan customer data exposure
An unsecured, password-free cloud database belonging to Hotai Motor's iRent car-sharing service exposed roughly 4.2 terabytes of data on more than 400,000 customers, including driver's-license photos, selfies, and partial payment-card details.
Eye4Fraud data breach (2023)
In February 2023, data alleged to have been taken from the fraud protection service Eye4Fraud was listed for sale on a popular hacking forum. Spanning tens of millions of rows with 16M unique email addresses, the data was spread across 147 tables totalling 65GB and included both direct users of the…
Data breachResolvedDuolingo data breach (2023)
In August 2023, 2.6M records of data scraped from Duolingo were broadly distributed on a popular hacking forum. Obtained by enumerating a vulnerable API, the data had earlier appeared for sale in January 2023 and contained email addresses, names, the languages being learned, XP (experience points),…
Data breachResolvedSchool District 42 data breach (2023)
In January 2023, Pitt Meadows School District 42 in British Columbia suffered a data breach. The incident exposed the names and email addresses of approximately 19k students and staff which were consequently redistributed on a popular hacking forum.
Planet Ice data breach (2023)
In January 2023, the UK-based ice skating rink booking service Planet Ice suffered a data breach. The incident exposed the personal data of 240k people including email and physical addresses, phone numbers, genders, dates of birth and passwords stored as MD5 hashes.
Royal Mail LockBit ransomware
LockBit affiliates encrypted Royal Mail's international export systems, halting all overseas postal services from the U.K. for six weeks. Royal Mail publicly refused the £65.7M ransom demand; LockBit progressively leaked exfiltrated data.
Zurich data breach (2023)
In January 2023, the Japanese arm of Zurich insurance suffered a data breach that exposed 2.6M customer records with over 756k unique email addresses. The data was subsequently posted to a popular hacking forum and also included names, genders, dates of birth and details of insured vehicles.
Autotrader data breach (2023)
In January 2023, 1.4M records from the Autotrader online vehicle marketplace appeared on a popular hacking forum. Autotrader stated that the "data in question relates to aged listing data that was generally publicly available on our site at the time and open to automated collection methods".
Data breachResolvediD Tech data breach (2023)
In February 2023, the tech camps for kids service iD Tech had almost 1M records posted to a popular hacking forum. The data included 415k unique email addresses, names, dates of birth and plain text passwords which appear to have been breached in the previous month.
Data breachResolved
2022
99 incidentsRailYatri data breach (2022)
In December 2022, India’s government-approved online travel agency RailYatri suffered a data breach. The incident impacted over 31M customers and exposed 23M unique email addresses. Also impacted were names, genders, phone numbers and tickets purchased, including travel information and fares.
SickKids hospital ransomware attack
Toronto's Hospital for Sick Children was hit by a ransomware attack over the December 2022 holidays that delayed lab and imaging results; in a rare move, the LockBit gang apologized, blamed a rogue affiliate, and released a free decryptor.
Gemini data breach (2022)
In late 2022, a hacker posted a data set to a public hacking forum which they alleged was sourced from the Gemini crypto exchange, a claim that was later proven to be false as the data was traced back to an incident at a third-party vendor.
Data breachResolvedEPM BlackCat ransomware attack
The BlackCat/ALPHV ransomware gang crippled Colombia's largest public utility, Empresas Públicas de Medellín, forcing 4,000 staff to work offline and disrupting electricity, water, and gas billing across 123 municipalities.
SevenRooms data breach (2022)
In December 2022, over 400GB of data belonging to restaurant customer management platform SevenRooms was posted for sale to a popular hacking forum. The data included 1.2M unique email addresses alongside names and purchases.
Data breachResolvedActivision data breach (2022)
In December 2022, attackers socially engineered an Activision HR employee into disclosing information which led to the breach of almost 20k employee records. The data contained 16k unique email addresses along with names, phone numbers, job titles and the office location of the employee.
Data breachResolvedGunAuction.com data breach (2022)
In December 2022, the online firearms auction website GunAuction.com suffered a data breach which was later discovered left unprotected on the hacker's server.
Data breachResolvedCoinTracker data breach (2022)
In December 2022, the Crypto & NFT taxes service CoinTracker reported a data breach that impacted over 1.5M of their customers. The company later attributed the breach to a compromise SendGrid in an attack that targeted multiple customers of the email provider.
Data breachResolvedBreachForums data breach (2022)
In November 2022, the well-known hacking forum "BreachForums" was itself, breached. Later the following year, the operator of the website was arrested and the site seized by law enforcement agencies.
Data breachResolvedKeralty / Sanitas RansomHouse ransomware attack
The RansomHouse gang struck Colombian healthcare giant Keralty and its EPS Sanitas and Colsanitas subsidiaries, claiming 3 TB of stolen data and crippling appointment scheduling for a network serving more than 6 million patients.
Movie Forums data breach (2022)
In December 2022, the Movie Forums website suffered a data breach that affected 40k users. The breach exposed email and IP addresses, usernames, dates of birth and passwords stored as easily crackable salted MD5 hashes. The data was subsequently posted a popular clear web hacking forum.
Data breachResolvedAIIMS Delhi ransomware
Ransomware encrypted the All India Institute of Medical Sciences in New Delhi — India's most prestigious public hospital — taking patient registration and clinical records offline for two weeks during peak winter patient load.
Avito data breach (2022)
In November 2022, the Moroccan e-commerce service Avito suffered a data breach that exposed the personal information of 2.7M customers. The data included name, email, phone, IP address and geographic location.
Data breachResolvedWashington State Food Worker Card data breach (2022)
In June 2023, the Tacoma-Pierce County Health Department announced a data breach of their Washington State Food Worker Card online training system. The breach was published to a popular hacking forum the year before and dated back to a 2018 database backup.
Data breachResolvedAbandonia (2022) data breach (2022)
In November 2022, the gaming website dedicated to classic DOS games Abandonia suffered a data breach resulting in the exposure of 920k unique user records. This breach was in addition to another one 7 years earlier in 2015.
Data breachResolvedAirAsia ransomware attack (Daixin Team)
The Daixin Team ransomware gang breached AirAsia, stealing and leaking personal data on roughly 5 million unique passengers and all of the airline's employees, after the carrier reportedly declined to negotiate a ransom.
DSB Danish railways shutdown (Supeo supply-chain)
A cyberattack on subcontractor Supeo forced it to shut down its servers, disabling a mobile app train drivers rely on for operational data and halting all DSB trains across Denmark for several hours — a textbook supply-chain disruption of critical transport.
MyPertamina data breach (2022)
In November 2022, the Indonesian oil and gas company Pertamina suffered a data breach of their MyPertamina service. The incident exposed 44M records with 6M unique email addresses along with names, dates of birth, genders, physical addresses and purchases.
RealDudesInc data breach (2022)
In October 2022, the GTA mod menu provider RealDudesInc suffered a data breach that exposed over 100k email addresses (many of which are temporary guest account addresses). The breach also included usernames and bcrypt password hashes.
Data breachResolvedMedibank ransomware (REvil-affiliated)
Russian-speaking attackers exfiltrated full health-claim records on 9.7 million current and former Medibank customers, then released them in tranches on the dark web after the Australian insurer refused to pay.
Doomworld data breach (2022)
In October 2022, the Doomworld fourm suffered a data breach that exposed 34k member records. The data included email and IP addresses, usernames and bcrypt password hashes.
Data breachResolvedLocally data breach (2022)
In October 2022, "The Industry's Leading Online-to-Offline Shopping Solution" Locally suffered a data breach. Whilst Locally acknowledged the breach privately, it's unknown whether impacted customers were subsequently notified of the incident which exposed over 362k names, phone numbers, email and…
Data breachResolvedClickASnap data breach (2022)
In September 2022, the online photo sharing platform ClickASnap suffered a data breach. The incident exposed almost 3.3M personal records including email addresses, usernames and passwords stored as SHA-512 hashes.
Data breachResolvedTraderie data breach (2022)
In September 2022, the in-game trading marketplace Traderie suffered a data breach that exposed almost 400k records (this preceded a subsequent breach the following year). The incident exposed email and IP addresses, usernames and links to social media profiles.
Data breachResolvedChilean Joint Chiefs of Staff (EMCO) Guacamaya leak
The hacktivist group Guacamaya breached the Chilean armed forces' Estado Mayor Conjunto, exfiltrating over 400,000 emails from 162 military accounts spanning a decade and exposing sensitive national-defense intelligence and operational documents.
Optus customer data breach
An unauthenticated API endpoint exposed personal data of 9.8 million current and former Optus customers — names, dates of birth, passport and driver's licence numbers — to a single anonymous attacker.
Online Trade (Онлайн Трейд) data breach (2022)
In September 2022, the Russian e-commerce website Online Trade (Онлайн Трейд) suffered a data breach that exposed 3.8M customer records. The data included email and IP addresses, names, phone numbers, dates of birth and MD5 password hashes.
Rockstar Games GTA VI leak (Lapsus$)
A teenage Lapsus$ member breached Rockstar Games' internal Slack and developer systems via social engineering, then leaked roughly 90 in-development clips of the unreleased Grand Theft Auto VI — one of the largest leaks in video-game history.
Uber Lapsus$ social-engineering breach
An 18-year-old affiliated with Lapsus$ socially engineered an Uber contractor, defeated MFA through an hour-long push-bombing campaign, then found hardcoded admin credentials on an internal share that unlocked Uber's AWS, G-Suite, Slack, and HackerOne dashboards.
Get Revenge On Your Ex data breach (2022)
In September 2022, the revenge website Get Revenge On Your Ex suffered a data breach that exposed almost 80k unique email addresses. The data spanned both customers and victims including names, IP and physical addresses, phone numbers, purchase histories and plain text passwords.
Data breachResolvedAPK.TW data breach (2022)
In September 2022, the Taiwanese Android forum APK.TW suffered a data breach that was later redistributed as part of a larger corpus of data. The breach exposed 2.5M unique email addresses along with IP addresses, usernames and salted MD5 password hashes.
Data breachResolvedMisattributed Flipkart Data data breach (2022)
In September 2022, over 500k customer records alleged to have been sourced from the Indian e-commerce service Flipkart appeared on a popular hacking forum.
Data breachResolvedWakanim data breach (2022)
In August 2022, the European streaming service Wakanim suffered a data breach which was subsequently advertised and sold on a popular hacking forum. The breach exposed 6.7M customer records including email, IP and physical addresses, names and usernames.
Data breachResolvedTAP Air Portugal ransomware breach
The Ragnar Locker ransomware gang breached Portugal's flag carrier, exfiltrating and later publishing 581 GB of data on roughly 1.5 million customers, exposing names, dates of birth, addresses and contact details for over 5 million email accounts.
SERNAC government ransomware attack
Ransomware encrypted the Microsoft and VMware ESXi servers of Chile's National Consumer Service (SERNAC), disrupting its systems and online services and prompting the government CSIRT to issue a state-wide cybersecurity alert.
Brand New Tube data breach (2022)
In August 2022, the streaming website Brand New Tube suffered a data breach that exposed the personal information of almost 350k subscribers. The impacted data included email and IP addresses, usernames, genders, passwords stored as unsalted SHA-1 hashes and private messages.
Data breachResolvedLatest Pilot Jobs data breach (2022)
In August 2022, the Latest Pilot Jobs website suffered a data breach that later appeared on a popular hacking forum before being redistributed as part of a larger corpus of data. The data included 119k unique email addresses along with names, usernames and unsalted MD5 password hashes.
Data breachResolvedGGCorp data breach (2022)
In August 2022, the MMORPG website GGCorp suffered a data breach that exposed almost 2.4M unique email addresses. The data also included IP addresses, usernames and MD5 password hashes.
Data breachResolvediMenu360 data breach (2022)
In approximately late 2022, 3.4M customer records from iMenu360 ("The world's #1 most trusted online ordering platform") were exposed. The data appeared to be from ordering systems using the platform and contained email and physical addresses, latitudes and longitudes, names and phone numbers.
Data breachResolvedLastPass two-stage breach and customer vault theft (2022)
An August 2022 source-code theft from one LastPass developer's laptop chained into a November 2022 compromise of a DevOps engineer's personal computer — yielding access to backups of customer password vaults. Federal investigators later linked LastPass-stolen vaults to a $150 million crypto heist.
Shitexpress data breach (2022)
In August 2022, the online faeces delivery service Shitexpress suffered a data breach that exposed 24k unique email addresses. The addresses spanned invoices, gift cards, promotions and PayPal records.
Data breachResolvedAdvanced / NHS 111 ransomware attack
A LockBit 3.0 ransomware attack on NHS software supplier Advanced took down the NHS 111 triage service and forced clinicians back to pen and paper, exposing data on tens of thousands of patients and drawing a £3.07 million ICO fine.
DoorDash data breach (2022)
In August 2022, the food ordering and delivery service DoorDash disclosed a data breach that impacted a portion of their customers. DoorDash attributed the breach to an unnamed "third-party vendor" they stated was the victim of a phishing campaign.
Data breachResolvedContinental AG LockBit ransomware (Germany, 2022)
LockBit operators infiltrated parts of German auto-parts giant Continental AG's IT systems in August 2022. Containment was initially declared, but in November the group put 40 terabytes of stolen Continental data on its dark-web leak site, offered for sale or destruction for $50 million.
Greek Predatorgate surveillance scandal
Greece's 'Predatorgate' wiretapping scandal exposed the use of Intellexa/Cytrox's Predator spyware and parallel legal surveillance against journalists, politicians and officials, toppling intelligence chiefs and ending in landmark 2026 convictions.
Didi Global data security enforcement case
China's cyberspace regulator fined ride-hailing giant Didi Global RMB 8.026 billion (about $1.2 billion) after a year-long review found 16 violations of the Cybersecurity Law, Data Security Law and Personal Information Protection Law, including the illegal collection of facial-recognition, location and clipboard data from hundreds of millions of riders and drivers.
Exvagos data breach (2022)
In July 2022, the direct download website Exvagos suffered a data breach that was later redistributed as part of a larger corpus of data. The breach exposed 2.1M unique email addresses along with IP addresses, usernames, dates of birth and MD5 password hashes.
Data breachResolvedHjedd data breach (2022)
In July 2022, the Chinese adult website Hjedd was found to be leaking more than 13M customer records which subsequently appeared on a popular hacking forum. The exposed data included email and IP addresses, usernames and passwords stored as bcrypt hashes.
Data breachResolvedAlbania HomeLand Justice destructive wiper (Iran MOIS, 2022)
Iran's Ministry of Intelligence and Security, operating as 'HomeLand Justice', spent 14 months dwelling in Albanian government networks before launching ransomware-style file encryption and disk-wiping malware. Albania suspended online public services and became the first country in history to sever diplomatic ties with another state over a cyberattack.
Vietnam 30-million student records sale
A hacker using the alias 'meli0das' put the records of more than 30 million Vietnamese students and staff up for sale on a hacking forum for $3,500 in Monero, allegedly sourced from a major education platform.
OGUsers (2022 breach) data breach (2022)
In July 2022, the account hijacking and SIM swapping forum OGusers suffered a data breach, the fifth since December 2018. The breach contained usernames, email and IP addresses and passwords stored as argon2 hashes. A total of 529k unique email addresses appeared in the breach.
Data breachResolvedWeee data breach (2022)
In February 2023, data belonging to the Asian and Hispanic food delivery service Weee appeared on a popular hacking forum. Dating back to mid-2022, the data included 1.1M unique email addresses from 11M rows of orders containing names, phone numbers and delivery instructions.
Data breachResolvedVultr data breach (2022)
In March 2023, the "AI-first global cloud platform" Vultr disclosed a security incident at a third-party vendor. Dating back to the previous year, the incident was attributed to the ActiveCampaign email marketing service provider and resulted in the exposure of 188k unique email addresses.
Data breachResolvedLa Poste Mobile data breach (2022)
In July 2022, the French telecommunications company La Poste Mobile was the target of an attack by the LockBit ransomware which resulted in company data being published publicly.
Shanghai National Police database leak
An exposed Shanghai Public Security Bureau database left a hacker known as 'ChinaDan' offering 23 terabytes of data on roughly 1 billion Chinese residents — names, national ID numbers, phone numbers, addresses and police case records — for 10 bitcoin, in what is widely regarded as the largest government data breach in Chinese history.
Adopt Me Trading Values data breach (2022)
In July 2022, the Adopt Me Trading Values website for assessing the value of pet trades within the "Adopt Me!" Roblox game suffered a data breach that was later redistributed as part of a larger corpus of data.
Data breachResolvedIranian steel plants cyber-sabotage
Predatory Sparrow compromised industrial control systems at three major Iranian steelmakers, halting production and — in CCTV footage the group released — causing a machine at Khouzestan Steel to spew molten metal and fire across the factory floor.
Altenen data breach (2022)
In June 2022, the malicious "carding" (referring to credit card fraud) website Altenen suffered a data breach that was later redistributed as part of a larger corpus of data. The data included 1.3M unique email addresses, usernames, bcrypt password hashes and cryptocurrency wallet addresses.
Data breachResolvedDisk Union data breach (2022)
In June 2022, the Japanese record chain store Disk Union suffered a data breach. The incident exposed 690k unique email addresses along with names, post codes, phone numbers and plain text passwords.
Data breachResolvedMemeChat data breach (2022)
In mid-2022, "the ultimate hub of memes" MemeChat suffered a data breach that exposed 7.4M records. Alleged to be due to a misconfigured Elasticsearch instance, the data contained 4.3M unique email addresses alongside usernames.
Data breachResolvedTNAFlix data breach (2022)
In June 2022, the adult website TNAFlix suffered a data breach that was later redistributed as part of a larger corpus of data. The data included 1.4M records of email and IP addresses, usernames and plain text passwords.
Data breachResolvedCCSS Hive ransomware attack
The Hive ransomware group crippled Costa Rica's national public-health insurer, the CCSS, encrypting more than 800 servers, forcing hospitals back to paper, and cancelling tens of thousands of medical appointments.
WiredBucks data breach (2022)
In May 2022, the now defunct social media influencer platform WiredBucks suffered a data breach that was later redistributed as part of a larger corpus of data.
Data breachResolvedCarinthia state government BlackCat ransomware attack
The BlackCat/ALPHV ransomware gang encrypted around 3,000 computers of Austria's Carinthia state government and demanded $5 million, halting passport issuance, traffic-fine processing and COVID-19 contact tracing for weeks. The state refused to pay and rebuilt from backups.
QuestionPro data breach (2022)
In May 2022, the survey website QuestionPro was the target of an extortion attempt relating to an alleged data breach. Over 100GB of data containing 22M unique email addresses (some of which appear to be generated by the platform), are alleged to have been extracted from the service along with IP…
Data breachResolvedAmart Furniture data breach (2022)
In May 2022, the Australian retailer Amart Furniture advised that their warranty claims database hosted on Amazon Web Services had been the target of a cyber attack.
Mangatoon data breach (2022)
In May 2022, the Hong Kong based Manga service Mangatoon suffered a data breach that exposed 23M subscriber records. The breach exposed names, email addresses, genders, social media account identities, auth tokens from social logins and passwords stored as salted MD5 hashes.
Data breachResolvedBlackBerry Fans data breach (2022)
In May 2022, the Chinese BlackBerry enthusiasts website BlackBerry Fans suffered a data breach that exposed 174k member records. The impacted data included usernames, email and IP addresses and passwords stored as salted MD5 hashes.
Data breachResolvedGemotest medical laboratory data breach
A database from Russian medical-testing chain Gemotest was offered on a hacking forum, with sellers claiming data on 31 million clients — names, passport and insurance numbers, dates of birth, addresses, phone numbers and email addresses. Have I Been Pwned later indexed about 6.3 million unique email addresses from the leak.
Fanpass data breach (2022)
In April 2022, the UK based website for buying and selling soccer tickets Fanpass suffered a data breach which exposed 112k customer records. Impacted data includes names, phone numbers, physical addresses, purchase histories and salted password hashes.
PaySystem.tech data breach (2022)
In mid-2022, data alleged to have been sourced from the Russian payment provider PaySystem.tech appeared in hacking circles where it was made publicly available for download.
Data breachResolvedConti ransomware attack on the Government of Costa Rica
Conti encrypted 27 Costa Rican government institutions including the Ministry of Finance, paralyzing tax collection and customs for months. President Chaves declared a national emergency — the first cyber-incident state of emergency in history.
E-Pal data breach (2022)
In October 2022, the service dedicated to finding friends on Discord known as E-Pal disclosed a data breach. The compromised data included over 100k unique email addresses and usernames spanning approximately 1M orders. The data was subsequently distributed via a popular hacking forum.
Data breachResolvedPayHere data breach (2022)
In late March 2022, the Sri Lankan payment gateway PayHere suffered a data breach that exposed more than 65GB of payment records including over 1.5M unique email addresses.
Data breachResolvedRonin Bridge heist
Lazarus operators compromised five of nine Ronin validator nodes and forged withdrawal signatures, draining 173,600 ETH and 25.5 million USDC (~$625M) — the largest cryptocurrency theft on record at the time.
Okta Lapsus$ third-party support breach
The Lapsus$ extortion group compromised a laptop belonging to a support engineer at Okta subprocessor Sitel, gaining a 25-minute window of access in January 2022 that touched two customer tenants. The breach only became public when Lapsus$ posted screenshots in March.
Hellenic Post (ELTA) ransomware attack
A ransomware attack attributed to the Vice Society gang paralysed Greece's national postal operator ELTA for roughly eight days, halting financial services and pension payments, with data later leaked and a €2.99 million GDPR fine in 2024.
TransUnion South Africa breach (South Africa, 2022)
Threat actor N4ughtySecTU breached TransUnion South Africa using a client account secured with the password 'Password', then demanded a $15 million ransom. TransUnion confirmed millions of consumers' personal data were compromised.
Viva Air data breach (2022)
In March 2022, the now defunct Colombian airline Viva Air suffered a data breach and subsequent ransomware attack. Among a trove of other ransomed data, the incident exposed a log of 2.6M transactions with 932k unique email addresses, physical and IP addresses, names, phone numbers and partial…
Data breachResolvedCDEK data breach (2022)
In early 2022, a collective known as IT Army whose stated goal is to "completely de-anonymise most Russian users by leaking hundreds of gigabytes of databases" published over 30GB of data allegedly sourced from Russian courier service CDEK.
Mercado Libre source-code and user-data breach
The Lapsus$ extortion group accessed part of Mercado Libre's source code and the data of around 300,000 users, claiming to have reached 24,000 internal repositories of the Latin American e-commerce and fintech giant.
Rompetrol Hive ransomware attack
The Hive ransomware gang hit Rompetrol, operator of Romania's largest oil refinery Petromidia, demanding a $2 million ransom and knocking out the Fill&Go payment service and corporate websites while refinery operations continued.
CraftRise data breach (2022)
In May 2023, news broke of a data breach of the Turkish Minecraft server known as CraftRise. The data of over 2.5M users was subsequently shared on a popular hacking forum and included email addresses, usernames, geographic locations and plain text passwords.
Yandex.Eda customer data leak
Yandex's food-delivery service Yandex.Eda leaked the names, phone numbers, addresses, intercom codes and order details of more than 58,000 customers, which were later mapped onto an interactive public website. Russian regulator Roskomnadzor opened a case and a Moscow court fined the company 60,000 rubles.
Explore Talent (July 2024) data breach (2022)
In July 2024, a data breach attributed to Explore Talent was publicly posted to a popular hacking forum. Containing 5.7M rows with 5.4M unique email addresses, the incident has been described by various sources as occurring between early 2022 to 2023 and also contains names, phone numbers and…
Data breachResolvedToyota Kojima Industries supply-chain cyberattack (2022)
An attack on Toyota plastics-and-electronics supplier Kojima Industries paralysed one server enough to halt production at all 14 of Toyota's Japanese plants — about 13,000 vehicles of daily output — making the case the canonical example of just-in-time manufacturing's cyber-fragility.
Viasat KA-SAT AcidRain wiper
One hour before Russia's invasion of Ukraine, Sandworm operators deployed the AcidRain wiper against Viasat KA-SAT satellite modems, bricking ~30,000 European terminals and 5,800 German wind turbines and disabling Ukrainian military command-and-control.
NVIDIA data breach (2022)
In February 2022, microchip company NVIDIA suffered a data breach that exposed employee credentials and proprietary code. Impacted data included over 70k employee email addresses and NTLM password hashes, many of which were subsequently cracked and circulated within the hacking community.
Data breachResolvedA1 Hrvatska data breach
Croatian mobile carrier A1 Hrvatska disclosed unauthorized access to a customer database exposing the names, personal identification numbers, addresses and phone numbers of roughly 200,000 subscribers — about 10% of its customer base.
GiveSendGo data breach (2022)
In February 2022, the Christian fundraising service GiveSendGo suffered a data breach which exposed the personal data of 90k donors to the Canadian "Freedom Convoy" protest against vaccine mandates.
Data breachResolvedVodafone Portugal network sabotage
A deliberate cyberattack on Vodafone Portugal knocked out 4G/5G mobile data, fixed voice, SMS and television for millions of customers nationwide, disrupting emergency, hospital and ATM services for days.
Swissport ransomware attack
The BlackCat (ALPHV) ransomware gang struck aviation ground-handling giant Swissport, delaying flights at Zurich Airport and stealing 1.6 TB of data that was later leaked online.
Leaked Reality data breach (2022)
In January 2022, the now defunct uncensored video website Leaked Reality suffered a data breach that exposed 115k unique email addresses. The data also included usernames, IP addresses and passwords stored as either MD5 or phpass hashes.
Data breachResolvedMacGeneration data breach (2022)
In January 2022, the French Apple news website MacGeneration suffered a data breach. The incident exposed over 100k usernames, email addresses and passwords stored as salted SHA-512 hashes. After discovering the incident, MacGeneration self-submitted data to HIBP.
Data breachResolvedSundry Files data breach (2022)
In January 2022, the now defunct file upload service Sundry Files suffered a data breach that exposed 274k unique email addresses. The data also included usernames, IP addresses and passwords stored as salted SHA-256 hashes.
Data breachResolvedWhisperGate wiper attack
On the eve of Russia's invasion, a destructive wiper disguised as ransomware corrupted master boot records and files across dozens of Ukrainian government, IT and non-profit organisations, defacing official websites and signalling the cyber dimension of the coming war.
Doxbin data breach (2022)
In January 2022, the "doxing" website designed to disclose the personal information of targeted individuals ("doxes") Doxbin suffered a data breach. The breach was subsequently leaked online and included over 370k unique email addresses across user accounts and doxes.
Data breachResolvedImpresa media group ransomware attack
The Lapsus$ group seized the Amazon Web Services account of Impresa, Portugal's largest media conglomerate, knocking the Expresso newspaper and SIC television channels offline, defacing their websites and hijacking Expresso's verified Twitter account in what authorities called the country's largest ransomware attack.
Twitter data breach (2022)
In January 2022, a vulnerability in Twitter's platform allowed an attacker to build a database of the email addresses and phone numbers of millions of users of the social platform.
Data breachResolved
2021
122 incidentsAmedia ransomware attack
A ransomware attack encrypted the central systems of Amedia, Norway's largest local-newspaper group, halting presses and disrupting subscription and advertising systems for more than 70 titles serving around 2 million readers. Amedia refused to pay.
Carding Mafia (December 2021) data breach (2021)
In December 2021, the Carding Mafia forum suffered a data breach that exposed over 300k members' email addresses. Dedicated to the theft and trading of stolen credit cards, the forum breach also exposed usernames, IP addresses and passwords stored as salted MD5 hashes.
Data breachResolvedFlexBooker data breach (2021)
In December 2021, the online booking service FlexBooker suffered a data breach that exposed 3.7 million accounts. The data included email addresses, names, phone numbers and for a small number of accounts, password hashes and partial credit card data.
Data breachResolvedLog4Shell (Apache Log4j CVE-2021-44228)
A trivially exploitable remote code execution flaw in Apache Log4j 2, the ubiquitous Java logging library, scored a maximum CVSS 10.0 and exposed hundreds of millions of devices and applications worldwide to instant takeover via a single crafted log string.
RedLine Stealer data breach (2021)
In December 2021, logs from the RedLine Stealer malware were left publicly exposed and were then obtained by security researcher Bob Diachenko. The data included 441 thousand unique email addresses, usernames and plain text passwords.
Data breachResolvedAditya Birla Fashion and Retail data breach (2021)
In December 2021, Indian retailer Aditya Birla Fashion and Retail Ltd was breached and ransomed. The ransom demand was allegedly rejected and data containing 5.4M unique email addresses was subsequently dumped publicly on a popular hacking forum the next month.
Data breachResolvedBDO Unibank 'Mark Nagoyo' account-takeover fraud
Over 700 customers of the Philippines' largest bank, BDO Unibank, lost money through unauthorized online transfers routed to UnionBank accounts under the alias 'Mark Nagoyo'; five suspects were later arrested and BDO reimbursed victims.
Travelio data breach (2021)
In November 2021, the Indonesian real estate website Travelio suffered a data breach that exposed over 470k customer accounts. The data included email addresses, names, password hashes, phone numbers and for some accounts, dates of birth, physical address and Facebook auth tokens.
Data breachResolvedZAP-Hosting data breach (2021)
In November 2021, web host ZAP-Hosting suffered a data breach that exposed over 60GB of data containing 746k unique email addresses. The breach also contained support chat logs, IP addresses, names, purchases, physical addresses and phone numbers.
Data breachResolvedStripchat data breach (2021)
In November 2021, the live sex cams and adult chat website Stripchat left several databases exposed and unsecured. In June the following year, over 10M Stripchat records appeared on a popular hacking forum. The exposed data included usernames, email addresses and IP addresses.
Data breachResolvedRobinhood data breach (2021)
In November 2021, the online trading platform Robinhood suffered a data breach after a customer service representative was socially engineered. The incident exposed over 5M customer email addresses and 2M customer names.
Data breachResolvedBTC-Alpha data breach (2021)
In November 2021, the crypto exchange platform BTC-Alpha suffered a ransomware attack data breach after which customer data was publicly dumped. The impacted data included 362k email and IP addresses, usernames and passwords stored as PBKDF2 hashes.
Data breachResolvedNewfoundland and Labrador health-system cyberattack
A Hive ransomware attack on Newfoundland and Labrador's health-care network crippled IT systems across the province, forcing the cancellation of thousands of appointments and procedures in what officials called the worst cyberattack in Canadian history.
Atraf / Cyberserve breach by Black Shadow
The Iran-linked Black Shadow group breached Israeli hosting provider Cyberserve, then leaked the full database of LGBTQ dating app Atraf — including users' locations and HIV status — after a $1 million ransom went unpaid.
CyberServe data breach (2021)
In October 2021, the Israeli hosting provider CyberServe was breached and ransomed before having a substantial amount of their customer data leaked publicly by a group known as "Black Shadow". Amongst the data was the LGBTQ dating site Atraf and the Machon Mor medical institute.
JukinMedia data breach (2021)
In October 2021, the "global leader in user-generated entertainment" Jukin Media suffered a data breach. The breach exposed 13GB of code, configuration and data consisting of 314k unique email addresses along with names, phone numbers, IP addresses and bcrypt password hashes.
Data breachResolvedIran nationwide fuel-distribution cyberattack
A cyberattack attributed to Predatory Sparrow disabled the system behind Iran's subsidized-fuel cards, knocking out payment at all 4,300 of the country's gas stations and hijacking highway billboards to taunt Supreme Leader Khamenei.
Animeify data breach (2021)
In October 2021, the now defunct Arabic language Anime website Animeify suffered a data breach that was later redistributed as part of a larger corpus of data. The data included 808k unique email addresses along with names, usernames, genders and plain text passwords.
Data breachResolvedCentara Hotels & Resorts data breach
The Desorden Group stole roughly 400GB of guest data spanning 2003-2021 from Thai luxury hotel chain Centara, demanding a $900,000 ransom that the company refused to pay.
Argentina RENAPER national ID database breach (2021)
An attacker used a compromised government VPN account to query Argentina's RENAPER national ID database for all 45 million Argentines. Photos and ID details for the president, soccer star Lionel Messi, and other public figures were posted to Twitter as proof. The data went on sale on a dark-web forum.
Hillel Yaffe Medical Center ransomware attack
DeepBlueMagic ransomware paralysed Israel's Hillel Yaffe Medical Center, locking every hospital computer system. As a government-owned hospital barred from paying ransom, it ran on paper and alternative systems for weeks, taking roughly two months to fully recover.
RENAPER national ID database breach
A hacker accessed Argentina's RENAPER national identity registry through a stolen government VPN credential, obtaining ID-card data and photographs on the country's entire population of roughly 45 million citizens.
CoinMarketCap data breach (2021)
During October 2021, 3.1 million email addresses with accounts on the cryptocurrency market capitalisation website CoinMarketCap were discovered being traded on hacking forums.
Data breachResolvedBanco Pichincha ransomware attack
A ransomware intrusion using a Cobalt Strike beacon forced Ecuador's largest private bank, Banco Pichincha, to take ATMs, online banking, and its mobile app offline for several days.
ActMobile data breach (2021)
In October 2021, security researcher Bob Diachenko discovered an exposed database he attributed to ActMobile, the operators of Dash VPN and FreeVPN. The exposed data included 1.6 million unique email addresses along with IP addresses and password hashes, all of which were subsequently leaked on a…
Data breachResolvedTwitch source-code and creator-payout leak
A server misconfiguration exposed Twitch's entire Git repository to an anonymous attacker, who leaked 125 GB of data — the full source code with commit history, internal tools, and three years of creator payout figures — as a torrent on 4chan.
Protemps data breach (2021)
In October 2021, the Singaporean recruitment website Protemps suffered a data breach that exposed almost 50,000 unique email addresses. The impacted data includes names, email and physical addresses, phone numbers, passport numbers and passwords stored as unsalted MD5 hashes, among troves of other…
Fantasy Football Hub data breach (2021)
In October 2021, the fantasy premier league (soccer) website Fantasy Football Hub suffered a data breach that exposed 66 thousand unique email addresses. The data included names, usernames, IP addresses, transactions and passwords stored as WordPress MD5 hashes.
Fitmart data breach (2021)
In October 2021, data from the German fitness supplies store Fitmart was obtained and later redistributed online. The data included 214k unique email addresses accompanied by plain text passwords, allegedly "dehashed" from the original stored version.
Thailand 106-million traveller database exposure
An unsecured Elasticsearch database left the passport numbers, visa data and arrival-card details of more than 106 million foreign visitors to Thailand openly accessible on the internet.
Epik data breach (2021)
In September 2021, the domain registrar and web host Epik suffered a significant data breach, allegedly in retaliation for hosting alt-right websites. The breach exposed a huge volume of data not just of Epik customers, but also scraped WHOIS records belonging to individuals and organisations who…
Data breachResolvedRepublican Party of Texas data breach (2021)
In September 2021, the Republican Party of Texas was hacked by a group claiming to be "Anonymous" in retaliation for the state's controversial abortion ban. The September defacement was followed by a leak of data and documents which included material from the hosting provider Epik.
Data breachResolvedDennis Kirk data breach (2021)
In October 2024, almost 20GB of data containing 1.3M unique email addresses from motorcycle supplies store Dennis Kirk was circulated. Dating back to September 2021, the data also contained purchases from the online store along with customer names, phone numbers and postcodes.
Data breachResolvedDatPiff data breach (2021)
In late 2021, email address and plain text password pairs from the rap mixtape website DatPiff appeared for sale on a popular hacking forum. The data allegedly dated back to an earlier breach and in total, contained almost 7.5M email addresses and cracked password pairs.
Data breachResolvedAT&T data breach (2021)
A dataset dating to August 2021 — names, addresses, phone numbers, and encrypted SSNs and dates of birth — resurfaced in March 2024 and was leaked for free, with AT&T eventually confirming ~73 million current and former customers were affected.
Imavex data breach (2021)
In August 2021, the website development company Imavex suffered a data breach that exposed 878 thousand unique email addresses. The data included user records containing names, usernames and password material with some records also containing genders and partial credit card data, including the last…
Data breachResolvedPublic Business Data data breach (2021)
In approximately August 2021, hundreds of gigabytes of business data collated from public sources was obtained and later published to a popular hacking forum.
Data breachResolvedMoorfields Eye Hospital Dubai ransomware attack
The AvosLocker ransomware gang attacked the Dubai branch of NHS-affiliated Moorfields Eye Hospital, exfiltrating roughly 60 GB of patient and staff data including ID cards, insurance claims and internal records, then dumping it online.
Have Fun Teaching data breach (2021)
In August 2021, the teaching resources website Have Fun Teaching suffered a data breach that leaked 80k WooCommerce transactions which were later posted to a popular hacking forum.
Data breachResolvedT-Mobile US data breach (Binns)
A 21-year-old American living in Turkey, John Binns, claimed to have hacked T-Mobile via an exposed GGSN router and exfiltrated personal data on 76.6 million current, former, and prospective customers.
Pakistan FBR data centre breach
Attackers compromised the data centre of Pakistan's Federal Board of Revenue by exploiting a pirated copy of Microsoft Hyper-V, taking down all tax-authority websites and putting network access for 360 virtual machines up for sale on a Russian dark-web forum.
Misattributed Habib's Data data breach (2021)
In August 2021, an allegation was made that the Brazilian fast food company "Habib's" had suffered a data breach that was later redistributed as part of a larger corpus of data.
Lazio Region ransomware attack
A RansomEXX ransomware attack encrypted the datacenter of Italy's Lazio Region, knocking the COVID-19 vaccination booking portal offline for days and triggering a domestic terrorism investigation.
Open Subtitles data breach (2021)
In August 2021, the subtitling website Open Subtitles suffered a data breach and subsequent ransom demand. The breach exposed almost 7M subscribers' personal data including email and IP addresses, usernames, the country of the user and passwords stored as unsalted MD5 hashes.
Data breachResolvedAndroidLista data breach (2021)
In July 2021, the Android applications and games review site AndroidLista suffered a data breach. The incident exposed 6.6M user records containing email addresses, names, usernames and passwords stored as salted SHA-1 hashes, all of which were subsequently posted to a popular hacking forum.
Data breachResolvedTransnet 'Death Kitty' ransomware (South Africa, 2021)
A ransomware attack on South Africa's state-owned logistics firm Transnet shut down operations at Durban, Ngqura, Port Elizabeth and Cape Town container terminals, forcing the operator to declare force majeure. Durban — 60% of Southern Africa's containerised trade — reverted to paper-based clearance for cargo for a week.
Saudi Aramco 2021 contractor data extortion
A threat actor calling itself ZeroX exfiltrated 1 TB of Saudi Aramco data through a third-party contractor and demanded a $50 million ransom, posting samples on a hacking forum behind a 662-hour countdown.
Pegasus spyware surveillance of Hungarian journalists
Hungary's national security service used NSO Group's Pegasus spyware to covertly hack the phones of investigative journalists, lawyers, and government critics, with more than 300 Hungarian numbers appearing on a leaked target list.
Guntrader data breach (2021)
In July 2021, the United Kingdom based website Guntrader suffered a data breach that exposed 112k unique email addresses. Extensive personal information was also exposed including names, phone numbers, geolocation data, IP addresses and various physical address attributes (cities for all users,…
CNT Ecuador RansomEXX attack
The RansomEXX gang hit Ecuador's state-run telecom CNT, disrupting its payment portal and call centers and claiming to have stolen more than 190 GB of corporate and customer data.
Iranian Railways 'MeteorExpress' wiper attack
A previously unseen wiper named Meteor crippled Iran's national railway network, wiping computers across stations, halting and delaying hundreds of trains, and defacing departure boards with a number for travelers to call: the office of Supreme Leader Khamenei.
Qraved data breach (2021)
In July 2021, the Indonesian restaurant website Qraved suffered a data breach that was later redistributed as part of a larger corpus of data. The breach exposed almost 1M unique email addresses along with names, phone numbers, dates of birth and passwords stored as MD5 hashes.
Data breachResolvedComparis ransomware attack
Swiss price-comparison portal Comparis was knocked offline by ransomware and faced a roughly $400,000 demand; investigators later found attackers had accessed some internal customer data.
Jam Tangan data breach (2021)
In July 2021, the online Indonesian watch store, Jam Tangan (AKA Machtwatch), suffered a data breach that exposed over 400k customer records which were subsequently posted to a popular hacking forum.
Data breachResolvedCoop Sweden Kaseya supply-chain shutdown
REvil's ransomware attack on Kaseya VSA cascaded through an MSP to Coop Sweden's checkout systems, forcing the supermarket cooperative to close around 800 stores nationwide for days.
Kaseya VSA supply-chain ransomware (REvil)
REvil affiliates exploited a SQL injection zero-day in Kaseya's VSA remote-management platform to push ransomware to ~60 MSPs and through them to ~1,500 downstream organisations. The largest supply-chain ransomware attack on record.
ECCIE data breach (2021)
In January 2021, the adult escort forum ECCIE suffered a data breach which was later posted to a popular hacking forum. The data included 536k user records with email and IP addresses, usernames, dates of birth and salted MD5 password hashes.
Data breachResolvedShort Édition data breach (2021)
In June 2021, the French publishing house of short literature Short Édition suffered a data breach that exposed 505k records. Impacted data included email and physical addresses, names, usernames, phone numbers, dates of birth, genders and passwords stored as either salted SHA-1 or salted SHA-512…
Data breachResolvedHeatGames data breach (2021)
In June 2021, the (now defunct) gaming website HeatGames suffered a data breach that was later redistributed as part of a larger corpus of data. The breach exposed almost 650k unique email addresses along with IP addresses, country and salted MD5 password hashes.
Data breachResolvedPhoenix data breach (2021)
In mid-2021, the "vintage messaging reborn" service Phoenix suffered a data breach that exposed 75k unique email addresses. The breach also exposed IP addresses, usernames and passwords.
Data breachResolvedSTART data breach (2021)
In August 2022, news broke of an attack against the Russian streaming service "START". The incident led to the exposure of 44M records containing 7.4M unique email addresses. The impacted data also included the subscriber's country and password hash.
Data breachResolvedJBS Foods REvil ransomware
REvil affiliates encrypted the world's largest meat processor, shutting down beef and pork plants across the U.S., Canada, and Australia. JBS paid an $11 million ransom — one of the largest publicly-confirmed ransomware payments at the time.
IndiaMART data breach (2021)
In August 2021, 38 million records from Indian e-commerce company IndiaMART were found being traded on a popular hacking forum. Dated several months earlier, the data included over 20 million unique email addresses alongside names, phone numbers and physical addresses.
Data breachResolvedParagon Cheats data breach (2021)
In May 2021, the Grand Theft Auto Online cheats website Paragon Cheats suffered a data breach that lead to the shutdown of the service. The breach exposed 188k customer records including usernames, email and IP addresses.
Data breachResolvedAir India SITA passenger data breach
A supply-chain compromise of aviation IT provider SITA exposed roughly 4.5 million Air India passengers' names, passport details, ticket data, frequent-flyer numbers, and payment card information collected over nearly a decade of bookings.
CTARS data breach (2021)
In May 2022, the client management system for the Australian government's NDIS (National Disability Insurance Scheme) suffered a data breach which was subsequently posted to an online hacking forum.
BPJS Kesehatan data leak
Personal data on an estimated 279 million Indonesians — more than the country's living population — was scraped from the national health-insurance agency BPJS Kesehatan and offered for sale on the RaidForums hacking forum.
Waikato District Health Board ransomware attack
A Zeppelin ransomware attack crippled New Zealand's Waikato District Health Board, taking down clinical systems and phone lines across five hospitals for weeks, postponing surgeries, and leaking patient and staff data on the dark web.
HSE Ireland ransomware (Conti)
Conti ransomware paralysed Ireland's Health Service Executive, forcing cancellation of outpatient appointments nationwide for weeks. Conti released the decryptor for free; recovery still cost an estimated €100M+.
HSE Ireland Conti ransomware national healthcare shutdown (2021)
Conti operators tricked an HSE user into downloading a booby-trapped Excel attachment; the resulting ransomware forced the Health Service Executive to shut down all of Ireland's healthcare IT systems and exfiltrated 700 GB including COVID-19 vaccination PHI. Recovery cost exceeded €100 million.
Colonial Pipeline ransomware (DarkSide)
A reused VPN password let DarkSide encrypt Colonial Pipeline's billing systems. The operator shut down 5,500 miles of fuel pipeline for six days, paid $4.4M, and triggered a federal emergency.
SirHurt data breach (2021)
In April 2021, the the Roblox cheats website SirHurt suffered a data breach that exposed over 90k customer records. The exposed data included email and IP addresses, usernames and passwords stored as MD5 hashes.
Data breachResolvedAtmeltomo data breach (2021)
In April 2021, "Japan's largest e-mail friend search site" Atmeltomo suffered a data breach that was later sold on a popular hacking forum. The breach exposed 1.3M records with 580k unique email addresses along with usernames, IP addresses and unsalted MD5 password hashes.
Data breachResolvedOGUsers (2021 breach) data breach (2021)
In April 2021, the account hijacking and SIM swapping forum OGusers suffered a data breach, the fourth since December 2018. The breach was subsequently sold on a rival hacking forum and contained usernames, email and IP addresses and passwords stored as either salted MD5 or argon2 hashes.
Data breachResolvedLinkedIn Scraped Data (2021) data breach (2021)
During the first half of 2021, LinkedIn was targeted by attackers who scraped data from hundreds of millions of public profiles and later sold them online.
Data breachResolvedPhone House España data breach (2021)
In April 2021, the Spanish retailer Phone House allegedly suffered a ransomware attack that also exposed significant volumes of customer data. Attributed to the Babuk ransomware, a collection of data alleged to be a subset of a larger corpus was posted to a dark web site and contained 5.2M email…
Phone House Spain ransomware breach
The Babuk ransomware gang breached Spanish mobile retailer The Phone House and leaked roughly 100 GB of customer data — names, ID numbers, bank details and contact information on up to 3 million people — after the company refused to pay.
Upstox data breach (2021)
In April 2021, Indian brokerage firm Upstox suffered a data breach. The incident exposed extensive personal information on over 100k customers including names, genders, dates of birth, physical addresses, banking information and passwords stored as bcrypt hashes.
Data breachResolvedSlideTeam data breach (2021)
In April 2021, the "world’s largest collection of pre-designed presentation slides" SlideTeam had 1.4M records breached and later published to a popular hacking forum the following year.
Data breachResolvedFacebook 533M scraped records leak
Data on 533 million Facebook users from 106 countries — including phone numbers, Facebook IDs, full names, locations, birthdates, and some email addresses — was posted free on a low-level hacking forum. The data had been scraped via a contact-importer flaw Facebook patched in 2019.
MobiKwik data breach
An 8.2TB trove tied to Indian fintech MobiKwik — reportedly covering up to 99 million users with KYC documents, Aadhaar and card details — was advertised for sale on a dark-web forum, in a breach the company repeatedly denied.
KinoKong data breach (2021)
In March 2021, the Russian online streaming service KinoKong suffered a data breach that was later redistributed as part of a larger corpus of data. The breach exposed over 800k unique email addresses along with names, usernames, IP addresses and MD5 password hashes.
Data breachResolvedDomino's India data breach (2021)
In April 2021, 13TB of compromised Domino's India appeared for sale on a hacking forum after which the company acknowledged a major data breach they dated back to March. The compromised data included 22.5 million unique email addresses, names, phone numbers, order histories and physical addresses.
MangaDex data breach (2021)
In March 2021, the manga fan site MangaDex suffered a data breach that resulted in the exposure of almost 3 million subscribers. The data included email and IP addresses, usernames and passwords stored as bcrypt hashes. The data was subsequently circulated within hacking groups.
Data breachResolvedParkMobile data breach (2021)
In March 2021, the mobile parking app service ParkMobile suffered a data breach which exposed 21 million customers' personal data. The impacted data included email addresses, names, phone numbers, vehicle licence plates and passwords stored as bcrypt hashes.
Data breachResolvedAir Europa payment-data breach
Spanish airline Air Europa exposed contact and full payment-card data — including CVV codes — on roughly 489,000 customers across 1.5 million records, and was fined €600,000 by the AEPD for weak security and a 41-day notification delay.
Carding Mafia (March 2021) data breach (2021)
In March 2021, the Carding Mafia forum suffered a data breach that exposed almost 300k members' email addresses. Dedicated to the theft and trading of stolen credit cards, the forum breach also exposed usernames, IP addresses and passwords stored as salted MD5 hashes.
Data breachResolvedLuxottica data breach (2021)
In March 2021, the world's largest eyewear company Luxoticca suffered a data breach via one of their partners that exposed the personal information of more than 70M people.
IDC Games data breach (2021)
In March 2021, 4 million records sourced from IDC Games were shared on a public hacking forum. The data included usernames, email addresses and passwords stored as salted MD5 hashes.
Data breachResolvedDescomplica data breach (2021)
In March 2021, the Brazilian EdTech company Descomplica suffered a data breach which was subsequently posted to a popular hacking forum. The data included almost 5 million email addresses, names, the first 6 and last 4 digits and the expiry date of credit cards, purchase histories and password…
Liker data breach (2021)
In March 2021, the self-proclaimed "kinder, smarter social network" Liker suffered a data breach, allegedly in retaliation for the Gab data breach and scraping of data from Parler.
Data breachResolvedWeLeakInfo data breach (2021)
In March 2021, the Stripe account of the now-defunct WeLeakInfo service was taken over by "pompompurin" after acquiring an expired domain name with an email address used to manage the account.
Data breachResolvedMicrosoft Exchange ProxyLogon (Hafnium)
China-linked group Hafnium chained four Exchange Server zero-days (ProxyLogon) to plant web shells and steal email; after Microsoft's emergency patch, mass exploitation by multiple groups compromised an estimated 60,000+ organisations worldwide.
Malaysia Airlines Enrich frequent-flyer data breach
Malaysia Airlines disclosed a nine-year data security incident at a third-party IT provider running its Enrich loyalty programme, exposing member names, contact details, dates of birth and frequent-flyer data.
Gab data breach (2021)
In February 2021, the alt-tech social network service Gab suffered a data breach. The incident exposed almost 70GB of data including 4M user accounts, a small number of private chat logs and a list of public groups and public posts made to the service.
Data breachResolvedSuperVPN & GeckoVPN data breach (2021)
In February 2021, a series of "free" VPN services were breached including SuperVPN and GeckoVPN, exposing over 20M records. The data appeared together in a single file with a small number of records also included from FlashVPN, suggesting that all three brands may share the same platform.
Data breachResolvedTicketcounter data breach and extortion
A Dutch e-ticketing platform left a database backup exposed on an unsecured Azure server; an attacker downloaded the data on 1.9 million people and demanded 7 bitcoin (~$337,000) not to leak it.
Gemplex data breach (2021)
In February 2021, the Indian streaming platform Gemplex suffered a data breach that exposed 4.6M user accounts. The impacted data included device information, names, phone numbers, email addresses and bcrypt password hashes.
Data breachResolvedNurseryCam data breach (2021)
In February 2021, a series of egregiously bad security flaws were identified in the NurseryCam system designed for parents to remotely monitor their children whilst attending nursery. The flaws led to the exposure of over 10k parent records before the service was shut down.
Yandex mail insider breach
Yandex disclosed that one of three administrators with privileged access to its email service had been selling unauthorized access to user mailboxes, compromising 4,887 inboxes before the company's internal security team detected the abuse during a routine review.
CD Projekt Red HelloKitty ransomware and source-code theft (2021)
HelloKitty ransomware encrypted CD Projekt Red devices and exfiltrated source code for Cyberpunk 2077, The Witcher 3, Gwent, and an unreleased version of The Witcher 3. CDPR refused to pay; the data was auctioned and reportedly sold to a private buyer.
Sri Lanka LK Domain Registry hijack (Google.lk)
Hacktivists hijacked Sri Lanka's national domain registry and redirected around ten high-profile .lk domains — including Google.lk and Oracle.lk — to a political propaganda page, exploiting admin credentials that had been exposed on the dark web since 2012.
CityBee data breach (2021)
In February 2021, the Lithuanian car-sharing service CityBee announced they'd suffered a data breach that exposed 110k customers' personal information. The breach exposed names, email addresses, government issued IDs and passwords stored as unsalted SHA-1 hashes.
Data breachResolvedKomplettFritid data breach (2021)
In January 2023, the online Norwegian store KomplettFritid was reported as having had a data breach dating back to February 2021. The incident exposed 140k customer records including physical, email and IP addresses, names, phone numbers and passwords.
Raychat data breach (2021)
In January 2021, the now defunct Iranian social media platform Raychat suffered a data breach that exposed 939 thousand unique email addresses. The data included names, IP addresses, browser user agent strings and passwords stored as bcrypt hashes. The data was provided to HIBP by dehashed.com.
Data breachResolvedDucks Unlimited data breach (2021)
In mid-2021, Risk Based Security reported on a database sourced from Ducks Unlimited being traded online. The data dated back to January 2021 and contained 1.3M unique email addresses across both a membership list and a list of website users.
Data breachResolvedBookchor data breach (2021)
In January 2021, the Indian book trading website Bookchor suffered a data breach that exposed half a million customer records. The exposed data included email and IP addresses, names, genders, dates of birth, phone numbers and passwords stored as unsalted MD5 hashes.
Data breachResolvedEmotet data breach (2021)
In January 2021, the FBI in partnership with the Dutch NHTCU, German BKA and other international law enforcement agencies brought down the world's most dangerous malware: Emotet.
Data breachResolvedUnverified Data Source data breach (2021)
In January 2021, over 11M unique email addresses were discovered by Night Lion Security alongside an extensive amount of personal information including names, physical and IP addresses, phone numbers and dates of birth.
Data breachResolvedGGD COVID-19 health data sale
Insiders at the Dutch municipal health service GGD stole personal data — including BSN national ID numbers — from the CoronIT and HPzone COVID-19 systems and sold it on Telegram, Snapchat and Wickr for €30-€60 per person.
Brazil 223-million mega-leak
The largest personal-data leak in Brazilian history: databases on roughly 223 million people — including names, CPF tax IDs, facial images, salaries and credit scores — surfaced for sale on a dark-web forum, with suspicion pointing at credit-bureau data.
Oxfam data breach (2021)
In January 2021, Oxfam Australia was the victim of a data breach which exposed 1.8M unique email addresses of supporters of the charity. The data was put up for sale on a popular hacking forum and also included names, phone numbers, addresses, genders and dates of birth.
Daily Quiz data breach (2021)
In January 2021, the quiz website Daily Quiz suffered a data breach that exposed over 8 million unique email addresses. The data also included usernames, IP addresses and passwords stored in plain text.
Data breachResolvedBourse des Vols data breach (2021)
In January 2021, the French travel company Bourse des Vols suffered a data breach that exposed 1.46M unique email addresses across more than 1.2k .sql files and over 9GB of data.
Data breachResolvedDate Hot Brunettes data breach (2021)
In January 2021, the now defunct website Date Hot Brunettes which provided a service to "Date Neglected Women Who Can Keep a Secret", suffered a data breach. The incident exposed 1.5M unique email addresses along with IP addresses, usernames, user-entered bios and MD5 password hashes.
Data breachResolvedGuns.com data breach (2021)
In January 2021, the firearms website guns.com suffered a data breach. The breach exposed 376k unique email addresses along with names, phone numbers, physical addresses, gun purchases, partial credit card data, dates of birth and passwords stored as bcrypt hashes.
Data breachResolvedWedMeGood data breach (2021)
In January 2021, the Indian wedding planning platform WedMeGood suffered a data breach that exposed 1.3 million customers. The breach exposed 41.5GB of data including email and physical addresses, names, genders, phone numbers and password hashes. The data was provided to HIBP by dehashed.com.
Data breachResolvedDevil-Torrents.pl data breach (2021)
In early 2021, the Polish torrents website Devil-Torrents.pl suffered a data breach. A subset of the data including 63k unique email addresses and cracked passwords were subsequently socialised on a popular data breach sharing service.
Ho. Mobile SIM data breach
The customer database of Ho. Mobile, Vodafone Italy's budget operator, was stolen and offered for sale on the dark web — exposing the personal and SIM data of about 2.5 million Italian subscribers and prompting a mass SIM replacement.
Adecco data breach (2021)
In March 2021, news broke of a massive data breach impacting millions of Adecco customers in South America which was subsequently sold on a popular hacking forum.
Data breachResolvedTwitter (200M) data breach (2021)
In early 2023, over 200M records scraped from Twitter appeared on a popular hacking forum. The data was obtained sometime in 2021 by abusing an API that enabled email addresses to be resolved to Twitter profiles.
Windows93 / Myspace93 data breach (2021)
In January 2021, the parody site Windows93 suffered a data breach of the Myspace93 sub-site after a beta application was exploited to download server files.
Data breachResolved
2020
123 incidentsFinnish Parliament espionage hack
A state-sponsored cyber-espionage operation attributed to China's APT31 breached the internal IT systems of the Finnish Parliament in 2020, compromising email accounts belonging to members of parliament.
Reserve Bank of New Zealand Accellion FTA breach
Attackers exploited a zero-day in the legacy Accellion File Transfer Appliance to breach New Zealand's central bank, accessing commercially and personally sensitive files; the cleanup cost the Reserve Bank around NZ$3.5 million.
MEO data breach (2020)
In early 2023, a corpus of data sourced from the New Zealand based face mask company MEO was discovered. Dating back to December 2020, the data contained over 8k customer records including names, addresses, phone numbers and passwords stored as MD5 Wordpress hashes.
Data breachResolvedUniversity of California data breach (2020)
In December 2020, the University of California suffered a data breach due to vulnerability in in a third-party provider, Accellion. The breach exposed extensive personal data on both students and staff including 547 thousand unique email addresses, names, dates of birth, genders, social security…
Data breachResolvedNetGalley data breach (2020)
In December 2020, the book promotion site NetGalley suffered a data breach. The incident exposed 1.4 million unique email addresses alongside names, usernames, physical and IP addresses, phone numbers, dates of birth and passwords stored as salted SHA-1 hashes.
Data breachResolvedMMG Fusion data breach (2020)
In December 2020, the dental practice management service MMG Fusion was the victim of a data breach which exposed 2.6M unique email addresses. The data also included patient appointments, names, phone numbers, dates of birth, genders and physical addresses.
Data breachResolvedDriveSure data breach (2020)
In December 2020, the car dealership service provider DriveSure suffered a data breach. The incident resulted in 26GB of data being downloaded and later shared on a hacking forum. Impacted personal information included 3.6 million unique email addresses, names, phone numbers and physical addresses.
Data breachResolvedRoblox Developer Conference (2023) data breach (2020)
In July 2023, a list of alleged attendees from the 2017-2020 Roblox Developers Conferences was circulated on a forum. The data contained 4k unique email addresses along with names, usernames, dates of birth, phone numbers, physical and IP addresses and T-shirt sizes
Data breachResolvedTravel Oklahoma data breach (2020)
In December 2020, the Oklahoma state Tourism and Recreation Department suffered a data breach. The incident exposed 637k email addresses across a variety of tables including age ranges against brochure orders and dates of birth against contest entries.
Data breachResolvedPeople's Energy data breach (2020)
In December 2020, the UK power company People's Energy suffered a data breach. The breach exposed almost 7GB of files containing 359k unique email addresses along with names, phones numbers, physical addresses and dates of birth.
SolarWinds SUNBURST supply-chain compromise (Cozy Bear)
Russian SVR operators trojanized SolarWinds Orion build infrastructure, distributing a backdoored update to 18,000 customers including the U.S. Treasury, Commerce, DHS, State, and Energy departments. The defining state cyberespionage operation of the decade.
Capital Economics data breach (2020)
In December 2020, the economic research company Capital Economics suffered a data breach that exposed 263k customer records. The exposed data included email and physical addresses, names, phone numbers, job titles and the employer of impacted customers.
Data breachResolvedGamingMonk data breach (2020)
In December 2020, India's "largest esports community" GamingMonk (since acquired by and redirected to MPL Esports), suffered a data breach. The incident exposed 655k unique email addresses along with names, usernames, phone numbers, dates of birth and bcrypt password hashes.
Data breachResolvedShirbit insurance breach by Black Shadow
The Black Shadow group breached Israeli insurer Shirbit, stealing ID cards, passports, financial and medical documents, and demanded a bitcoin ransom that escalated toward $1 million. When Shirbit refused, the attackers leaked customer data in stages.
Cit0day data breach (2020)
In November 2020, a collection of more than 23,000 allegedly breached websites known as Cit0day were made available for download on several hacking forums.
Brazil Superior Court (STJ) RansomExx attack
The RansomExx gang encrypted more than 1,000 servers at Brazil's Superior Tribunal de Justiça, paralysing the country's second-highest court for over a week in the most severe cyberattack ever against a Brazilian public institution.
Wongnai data breach (2020)
In October 2020, 17 previously undisclosed data breaches appeared for sale including the Thai restaurant, hotel and attraction finding service, Wongnai.
Data breachResolvedVastaamo psychotherapy data breach and patient extortion (Finland, 2020)
Records on approximately 33,000 patients of Finnish psychotherapy provider Vastaamo were stolen in 2018 from an unencrypted database with no root password. After failed company-extortion in October 2020, the attacker sent ransom demands to ~30,000 patients directly. Founder later acquitted; Aleksanteri Kivimäki convicted and sentenced to 6 years 3 months.
Playbook data breach (2020)
In September 2021, a publicly accessible PostgresSQL database belonging to the Playbook service was identified. Run by VC firm Plug and Play Ventures, the database had been exposed since October 2020 and contained more than 50 thousand unique email addresses along with names, phone numbers, job…
Data breachResolvedbigbasket data breach (2020)
In October 2020, the Indian grocery platform bigbasket suffered a data breach that exposed over 20 million customer records. The data was originally sold before being leaked publicly in April the following year and included email, IP and physical addresses, names, phones numbers, dates of birth…
Thingiverse data breach (2020)
In October 2021, a database backup taken from the 3D model sharing service Thingiverse began extensively circulating within the hacking community. Dating back to October 2020, the 36GB file contained 228 thousand unique email addresses, mostly alongside comments left on 3D models.
Data breachResolvedAnimal Jam data breach (2020)
In October 2020, the online game for kids Animal Jam suffered a data breach which was subsequently shared through online hacking communities the following month. The data contained 46 million user accounts with over 7 million unique email addresses.
Data breachResolvedFamm data breach (2020)
In late 2020, the Japanese family photos website Famm suffered a data breach that subsequently exposed 1.3M customer records, including 535k unique email addresses. Impacted data also included names, dates of birth, genders and passwords stored as SHA-256 hashes.
LimeVPN data breach (2020)
In October 2020, the VPN provider LimeVPN suffered a data breach that exposed the personal information of tens of thousands of customers. The data included email, IP and physical addresses, names, phone numbers, purchase histories and passwords stored as salted MD5 hashes.
Data breachResolvedPixlr data breach (2020)
In October 2020, the online photo editing application Pixlr suffered a data breach exposing 1.9 million subscribers. Impacted data included names, email addresses, social media profiles, the country signed up from and passwords stored as SHA-512 hashes. The data was provided to HIBP by dehashed.com.
Data breachResolvedChowbus data breach (2020)
In October 2020, the Asian food delivery app Chowbus suffered a data breach which led to over 800,000 records being emailed to customers. The email contained a link to a CSV file with customer data including physical addresses, names, phone numbers and over 444,000 unique email addresses.
Data breachResolvedGravatar data scraping (2020)
In October 2020, a researcher disclosed that Gravatar's profile API could be enumerated without rate limiting. 167 million names, usernames, and email-hash records were scraped, and 114 million of the MD5 hashes were cracked to reveal email addresses.
Software AG Clop ransomware attack
The Clop ransomware gang breached German enterprise-software giant Software AG, demanded a $23 million ransom, forced internal systems offline, and leaked over a terabyte of stolen company and employee data after negotiations failed.
GeniusU data breach (2020)
In November 2020, a collection of data breaches were made public including the "Entrepreneur Success Platform", GeniusU. Dating back to the previous month, the data included 1.3M names, email and IP addresses, genders, links to social media profiles and passwords stored as bcrypt hashes.
Data breachResolvedNitro data breach (2020)
In September 2020, the Nitro PDF service suffered a massive data breach which exposed over 70 million unique email addresses. The breach also exposed names, bcrypt password hashes and the titles of converted documents. The data was provided to HIBP by dehashed.com.
Eskimi data breach (2020)
In late 2020, the AdTech platform Eskimi suffered a data breach that exposed 26M records with 1.2M unique email addresses. The data included usernames, dates of birth, genders and passwords stored as unsalted MD5 hashes.
Data breachResolvedMagyar Telekom and Hungarian banks DDoS attack
A multi-wave distributed denial-of-service attack with traffic ten times the normal volume briefly disrupted Hungarian banking and telecom services, in what Magyar Telekom called one of the largest cyberattacks ever seen in Hungary.
RaidForums data breach (2020)
In May 2023, 478k user records from the now defunct hacking forum known as "RaidForums" was posted to another hacking forum. The data dated back to September 2020 and included email addresses, usernames, dates of birth, IP addresses and passwords stored as Argon2 hashes.
Data breachResolvedGames Box data breach (2020)
In September 2020, now defunct website Games Box suffered a data breach that was later redistributed as part of a larger corpus of data. The impacted data included 1.4M email addresses alongside usernames, genders, ages and passwords stored as either a hash or plain text.
Data breachResolvedHorse Isle data breach (2020)
In June 2020 then again in September that same year, Horse Isle "The Secrent Land of Horses" suffered a data breach. The incident exposed 28k unique email addresses along with names, usernames, IP addresses, genders, purchases and plain text passwords.
Data breachResolvedRedDoorz data breach
A misconfigured cloud database exposed the records of about 5.9 million RedDoorz hotel-booking customers, making it Singapore's largest data breach at the time and drawing a record-context PDPC fine against operator Commeasure.
ShopBack data breach (2020)
In September 2020, the cashback reward program ShopBack suffered a data breach. The incident exposed over 20 million unique email addresses along with names, phone numbers, country of residence and passwords stored as salted SHA-1 hashes. The data was provided to HIBP by dehashed.com.
Data breachResolvedShopper+ data breach (2020)
In March 2023, "Canada's online shopping mall" Shopper+ disclosed a data breach discovered on a public hacking forum. The breach dated back to September 2020 and included 878k customer records with email and physical addresses, names, phone numbers and in some cases, genders and dates of birth.
K-Electric NetWalker ransomware attack
NetWalker ransomware crippled the billing and online systems of Karachi's sole electricity supplier and demanded a $3.85 million ransom that would double to $7.7 million; when K-Electric refused, the gang dumped an 8.5 GB archive of stolen data online.
Service NSW data breach
A phishing campaign compromised 47 Service NSW staff email accounts, exposing 738 GB of data and roughly 3.8 million documents; about 104,000 customers had personal information including driver's licences and birth certificates stolen.
BancoEstado REvil ransomware attack
REvil (Sodinokibi) ransomware encrypted roughly 14,000 workstations at BancoEstado, one of Chile's largest banks, forcing it to close all branches nationwide for a day while ATMs, online banking, and customer funds were kept unaffected by network segmentation.
RedDoorz data breach (2020)
In September 2020, the hotel management & booking platform RedDoorz suffered a data breach that exposed over 5.8M user accounts. The breached data included names, email addresses, phone numbers, genders, dates of birth and passwords stored as bcrypt hashes.
Data breachResolvedStorting (Norwegian Parliament) email breach
Russia-linked APT28 (Fancy Bear) brute-forced and accessed email accounts of Norwegian members of parliament and staff in August 2020, exfiltrating data in an operation Norway publicly attributed to the GRU.
Hopamedia data breach (2020)
In 2024, data relating to an unknown service referred to as "Hopamedia" and dating back to 2020 appeared in a publicly exposed database. The data included almost 24M records of email address, name, phone number, the country of the individual and their telecommunications carrier.
Data breachResolvedLivpure data breach (2020)
In August 2020, the Indian retailer Livpure suffered a data breach which exposed over 1 million customer purchases with 270 thousand unique email addresses. The data also included names, phone numbers, physical addresses and details of purchased items.
Data breachResolvedDirección Nacional de Migraciones Netwalker ransomware attack
Netwalker ransomware encrypted the systems of Argentina's national immigration agency, halting all border crossings for about four hours and prompting a $4 million ransom demand that the government refused to pay.
Gunnebo security blueprints leak
Attackers breached Swedish physical-security firm Gunnebo, stole 19 GB of data, and after the company refused to pay, leaked bank-vault floor plans, alarm schematics, and security arrangements for high-value clients including a Swedish parliament building.
NZX stock exchange DDoS attacks
A sustained volumetric DDoS campaign knocked New Zealand's stock exchange offline for parts of five consecutive trading days, halting trading because the exchange could not publish market announcements, and drawing a sharp regulatory rebuke.
Experian (South Africa) data breach (2020)
In August 2020, Experian South Africa suffered a data breach which exposed the personal information of tens of millions of individuals. Only 1.3M of the records contained email addresses, whilst most contained government issued identity numbers, names, addresses, occupations and employers, amongst…
Data breachResolvedExperian South Africa data breach (South Africa, 2020)
A fraudster posing as a legitimate Experian client obtained the personal data of 24 million South Africans and 793,749 businesses in what became one of the largest data breaches in South African history.
Unico Campania data breach (2020)
In August 2020, the Neapolitan public transport website Unico Campania was hacked and the data extensively circulated. The breach contained 166k user records with email addresses and plain text passwords.
Bonobos data breach (2020)
In August 2020, the clothing store Bonobos suffered a data breach that exposed almost 70GB of data containing 2.8 million unique email addresses. The breach also exposed names, physical and IP addresses, phone numbers, order histories and passwords stored as salted SHA-512 hashes, including…
Data breachResolvedJefit data breach (2020)
In August 2020, the workout tracking app Jefit suffered a data breach. The data was subsequently sold within the hacking community and included over 9 million email and IP addresses, usernames and passwords stored as either vBulletin or argon2 hashes.
Data breachResolvedShockGore data breach (2020)
In August 2020, the website for sharing graphic videos and images of gore and animal cruelty suffered a data breach. The breach exposed 74k unique email addresses alongside usernames, IP addresses, genders and unsalted SHA-1 password hashes.
Data breachResolvedLazada RedMart data breach (2020)
In October 2020, news broke of Lazada RedMart data breach containing records as recent as July 2020 and being sold via an online marketplace. In all, the data contained 1.1 million customer email addresses alongside names, phone numbers, physical addresses, partial credit card numbers and passwords…
Garmin WastedLocker ransomware (Evil Corp)
Evil Corp deployed the WastedLocker ransomware against Garmin, taking flyGarmin aviation services, Garmin Connect, and inReach satellite messaging offline for five days. Garmin paid an estimated $10M ransom despite OFAC sanctions on Evil Corp.
Utah Gun Exchange data breach (2020)
In July 2020, the Utah Gun Exchange website suffered a data breach which included several other associated websites. In total, 235k unique email addresses were exposed before being traded online alongside names, usernames, genders, IP addresses and password hashes.
Data breachResolvedTwitter Bitcoin scam and admin-tool compromise
Attackers used phone spear-phishing against Twitter employees to reach an internal admin 'agent' tool, hijacked 130 high-profile accounts including Obama, Musk, Bezos, and Apple, and posted a Bitcoin-doubling scam that netted roughly $118,000.
WiziShop data breach (2020)
In July 2020, the French e-commerce platform WiziShop suffered a data breach. The breach exposed 18GB worth of data including names, phone numbers, dates of birth, physical and IP addresses, SHA-1 password hashes and almost 3 million unique email addresses.
StreamCraft data breach (2020)
In July 2020, the Russian Minecraft service StreamCraft suffered a data breach that was later redistributed as part of a larger corpus of data. The data included 1.8M records of usernames, email and IP addresses and passwords stored as either MD5 or bcrypt hashes.
Data breachResolvedDrizly data breach (2020)
In approximately July 2020, the US-based online alcohol delivery service Drizly suffered a data breach. The data was sold online before being extensively redistributed and contained 2.5 million unique email addresses alongside names, physical and IP addresses, phone numbers, dates of birth and…
Data breachResolvedOrderSnapp data breach (2020)
In June 2020, the restaurant solutions provider OrderSnapp suffered a data breach which exposed 1.3M unique email addresses. Impacted data also included names, phone numbers, dates of birth and passwords stored as bcrypt hashes. The data was provided to HIBP by dehashed.com.
Data breachResolvedWattpad data breach (2020)
In mid-2020, the user-generated stories platform Wattpad suffered a breach exposing roughly 268.8 million records, including names, email addresses, dates of birth, and bcrypt-hashed passwords. The database was first sold privately, then leaked for free on a hacking forum.
Dave data breach (2020)
In June 2020, the digital banking app Dave suffered a data breach which exposed 7.5 million rows of data and subsequently appeared for public download on a hacking forum.
Data breachResolvedProctorU data breach (2020)
In June 2020, the online exam service ProctorU suffered a data breach which was subsequently shared extensively across online hacking communities. The breach contained 444k user records including names, email and physical addresses, phones numbers and passwords stored as bcrypt hashes.
Data breachResolvedHavenly data breach (2020)
In June 2020, the interior design website Havenly suffered a data breach which impacted almost 1.4 million members of the service. The exposed data included email addresses, names, phone numbers, geographic locations and passwords stored as SHA-1 hashes, all of which was subsequently shared…
Data breachResolvedLedger data breach (2020)
In June 2020, the hardware crypto wallet manufacturer Ledger suffered a data breach that exposed over 1 million email addresses. The data was initially sold before being dumped publicly in December 2020 and included names, physical addresses and phone numbers.
Data breachResolvedKreditplus data breach (2020)
In June 2020, the Indonesian credit service Kreditplus suffered a data breach which exposed 896k records containing 769k unique email addresses. The breach exposed extensive personal information including names, family makeup, information on spouses, income and expenses, religions and employment…
Data breachResolvedSwvl data breach (2020)
In June 2020, the Egyptian bus operator Swvl suffered a data breach which impacted over 4 million members of the service. The exposed data included names, email addresses, phone numbers, profile photos, partial credit card data (type and last 4 digits) and passwords stored as bcrypt hashes, all of…
Data breachResolvedAppen data breach (2020)
In June 2020, the AI training data company Appen suffered a data breach exposing the details of almost 5.9 million users which were subsequently sold online. Included in the breach were names, email addresses and passwords stored as bcrypt hashes.
Data breachResolvedPromo data breach (2020)
In July 2020, the self-proclaimed "World's #1 Marketing Video Maker" Promo suffered a data breach which was then shared extensively on a hacking forum. The incident exposed 22 million records containing almost 15 million unique email addresses alongside IP addresses, genders, names and salted…
Data breachResolvedScentbird data breach (2020)
In June 2020, the online fragrance service Scentbird suffered a data breach that exposed the personal information of over 5.8 million customers. Personal information including names, email addresses, genders, dates of birth, passwords stored as bcrypt hashes and indicators of password strength were…
Data breachResolvedVakinha data breach (2020)
In June 2020, the Brazilian fund raising service Vakinha suffered a data breach which impacted almost 4.8 million members. The exposed data included email addresses, names, phone numbers, geographic locations and passwords stored as bcrypt hashes, all of which was subsequently shared extensively…
yotepresto.com data breach (2020)
In June 2020, the Mexican lending platform yotepresto.com suffered a data breach. Over 1.4 million customers were impacted by the breach which disclosed email and IP addresses, usernames and passwords stored as bcrypt hashes. The data was provided to HIBP by dehashed.com.
Data breachResolvedNot Acxiom data breach (2020)
In 2020, a corpus of data containing almost a quarter of a billion records spanning over 400 different fields was misattributed to database marketing company Acxiom and subsequently circulated within the hacking community.
Data breachResolvedSitePoint data breach (2020)
In June 2020, the web development site SitePoint suffered a data breach that exposed over 1M customer records. Impacted data included email and IP addresses, names, usernames, bios and passwords stored as bcrypt hashes.
Data breachResolvedDunzo data breach (2020)
In approximately June 2019, the Indian delivery service Dunzo suffered a data breach. Exposing 3.5 million unique email addresses, the Dunzo breach also included names, phone numbers and IP addresses which were all broadly distributed online via a hacking forum.
LiveAuctioneers data breach (2020)
In June 2020, the online antiques marketplace LiveAuctioneers suffered a data breach which was subsequently sold online then extensively redistributed in the hacking community.
Data breachResolvedAcuity data breach (2020)
In mid-2020, a 437GB corpus of data attributed to an entity named "Acuity" was created and later extensively distributed. However, the source could not be confidently verified as any known companies named Acuity.
Data breachResolvedMashable data breach (2020)
In approximately mid-2020, Mashable suffered a data breach that subsequently turned up publicly in November 2020. The data included 1.4 million unique email addresses along with names, genders, expired auth tokens, physical locations, links to social media profiles and days and months of birth.
Data breachResolvedPreen.Me data breach (2020)
In May 2020, social media marketing company Preen.Me was the target of a ransom attack that resulted in hundreds of thousands of records being publicly posted. Over 236k unique email addresses were exposed in the attack alongside names, usernames and links to social media profiles.
Data breachResolvedNulled.ch data breach (2020)
In May 2020, the hacking forum Nulled.ch was breached and the data published to a rival hacking forum. Over 43k records were compromised and included IP and email addresses, usernames and passwords stored as salted MD5 hashes alongside the private message history of the website's admin.
Zacks data breach (2020)
In December 2022, the investment research company Zacks announced a data breach. The following month, reports emerged of the incident impacting 820k customers. However, in June 2023, a corpus of data with almost 9M Zacks customers appeared before being broadly circulated on a popular hacking forum.
Data breachResolvedMinted data breach (2020)
In May 2020, the online marketplace for independent artists Minted suffered a data breach that exposed 4.4M unique customer records subsequently sold on a dark web marketplace. Exposed data also included names, physical addresses, phone numbers and passwords stored as bcrypt hashes.
Data breachResolvedStalker Online data breach (2020)
In May 2020, over 1.3M records from the MMO game Stalker Online were breached. The data included email and IP addresses, usernames and hashed passwords.
Data breachResolvedTokopedia data breach (2020)
In April 2020, Indonesia's largest online store Tokopedia was breached and roughly 91 million user records — names, emails, hashed passwords, and dates of birth — were put up for sale on dark-web forums.
Aptoide data breach (2020)
In April 2020, the independent Android app store Aptoide suffered a data breach. The incident resulted in the exposure of 20M customer records which were subsequently shared online via a popular hacking forum.
Data breachResolvedVianet data breach (2020)
In April 2020, the Nepalese internet service provider Vianet suffered a data breach. The attack on the ISP led to the exposure of 177k customer records including 94k unique email addresses. Also exposed were names, phone numbers and physical addresses.
Data breachResolvedHomeRefill data breach (2020)
In April 2020, now defunct Brazilian e-commerce platform HomeRefill suffered a data breach that was later redistributed as part of a larger corpus of data. The data included 187k unique email addresses along with names, phone numbers, dates of birth and salted password hashes.
OGUsers (2020 breach) data breach (2020)
In April 2020, the account hijacking and SIM swapping forum OGUsers suffered their second data breach in less than a year. As with the previous breach, the exposed data included email and IP addresses, usernames, private messages and passwords stored as salted MD5 hashes.
Data breachResolvedTeespring data breach (2020)
In April 2020, the custom printed apparel website Teespring suffered a data breach that exposed 8.2 million customer records. The data included email addresses, names, geographic locations and social media IDs.
Zoom credential-stuffing and zoombombing wave
As pandemic lockdowns drove Zoom usage to record highs, over 500,000 Zoom account credentials harvested via credential stuffing were sold or given away on the dark web, while open meetings were hijacked in a wave of disruptive 'zoombombing' incidents.
집꾸미기 data breach (2020)
In March 2020, the Korean interior decoration website ???? (Decorating the House) suffered a data breach which impacted almost 1.3 million members. Served via the URL ggumim.co.kr, the exposed data included email addresses, names, usernames and phone numbers, all of which was subsequently shared…
Glofox data breach (2020)
In March 2020, the Irish gym management software company Glofox suffered a data breach which exposed 2.3M membership records. The data included email addresses, names, phone numbers, genders, dates of birth and passwords stored as unsalted MD5 hashes.
Data breachResolvedChatbooks data breach (2020)
In March 2020, the photo print service Chatbooks suffered a data breach which was subsequently put up for sale on a dark web marketplace. The breach contained 15 million user records with 2.5 million unique email addresses alongside names, phone numbers, social media profiles and salted SHA-512…
Data breachResolvedJames data breach (2020)
In June 2020, 14 previously undisclosed data breaches appeared for sale including the Brazilian delivery service, "James". The breach occurred in March 2020 and exposed 1.5M unique email addresses, customer locations expressed in longitude and latitude and passwords stored as bcrypt hashes.
123RF data breach (2020)
In March 2020, the stock photo site 123RF suffered a data breach which impacted over 8 million subscribers and was subsequently sold online. The breach included email, IP and physical addresses, names, phone numbers and passwords stored as MD5 hashes. The data was provided to HIBP by dehashed.com.
Data breachResolvedSina Weibo data leak
Personal data on 538 million Sina Weibo accounts — including the phone numbers of 172 million users — was offered for sale on the dark web for about $250, in a leak Weibo attributed to address-book matching abuse dating back to 2018. China's industry ministry summoned the company over its handling of personal data.
Brno University Hospital ransomware attack
A ransomware attack forced Brno University Hospital — one of Czechia's largest hospitals and a major COVID-19 testing centre — to shut down its entire IT network, cancel surgeries, and divert acute patients at the height of the early pandemic.
Lead Hunter data breach (2020)
In March 2020, a massive trove of personal information referred to as "Lead Hunter" was provided to HIBP after being found left exposed on a publicly facing Elasticsearch server.
Data breachResolvedCatho data breach (2020)
In approximately March 2020, the Brazilian recruitment website Catho was compromised and subsequently appeared alongside 20 other breached websites listed for sale on a dark web marketplace. The breach included almost 11 million records with 1.2 million unique email addresses.
Tamodo data breach (2020)
In February 2020, the affiliate marketing network Tamodo suffered a data breach which was subsequently shared on a popular hacking forum. The incident exposed almost 500k accounts including names, email addresses, dates of birth and passwords stored as bcrypt hashes.
Data breachResolvedAnimeGame data breach (2020)
In February 2020, the gaming website AnimeGame suffered a data breach. The incident affected 1.4M subscribers and exposed email addresses, usernames and passwords stored as salted MD5 hashes. The data was subsequently shared on a popular hacking forum and was provided to HIBP by dehashed.com.
Data breachResolvedTrueFire data breach (2020)
In February 2020, the guitar tuition website TrueFire suffered a data breach which impacted 600k members. The breach exposed extensive personal information including names, email and physical addresses, account balances and unsalted MD5 password hashes. The data was provided to HIBP by dehashed.com.
Data breachResolvedCovve data breach (2020)
In February 2020, a massive trove of personal information referred to as "db8151dd" was provided to HIBP after being found left exposed on a publicly facing Elasticsearch server.
Data breachResolvedSlickwraps data breach (2020)
In February 2020, the online store for consumer electronics wraps Slickwraps suffered a data breach. The incident resulted in the exposure of 858k unique email addresses across customer records and newsletter subscribers.
Data breachResolvedINA Group ransomware attack
Clop ransomware encrypted backend servers at INA Group, Croatia's largest oil company and petrol-station chain, knocking out invoicing, loyalty cards, e-vignettes, mobile vouchers and utility-bill payments while fuel sales continued.
Straffic data breach (2020)
In February 2020, Israeli marketing company Straffic exposed a database with 140GB of personal data. The publicly accessible Elasticsearch database contained over 300M rows with 49M unique email addresses. Exposed data also included names, phone numbers, physical addresses and genders.
Data breachResolvedHome Chef data breach (2020)
In early 2020, the food delivery service Home Chef suffered a data breach which was subsequently sold online. The breach exposed the personal information of almost 9 million customers including names, IP addresses, post codes, the last 4 digits of credit card numbers and passwords stored as bcrypt…
Data breachResolvedBhinneka data breach (2020)
In early 2020, the Indonesian consumer electronics website Bhinneka suffered a data breach that exposed almost 1.3M customer records. The data included email and physical addresses, names, genders, dates of birth, phone numbers and salted password hashes.
Data breachResolvedWishbone (2020) data breach (2020)
In January 2020, the mobile app to "compare anything" Wishbone suffered another data breach which followed their breach from 2016. An extensive amount of personal information including almost 10M unique email addresses alongside names, phone numbers geographic locations and other personal…
Data breachResolvedMeetMindful data breach (2020)
In early 2020, the online dating service MeetMindful suffered a data breach that exposed 1.4 million unique customer email addresses. Included in the data was an extensive array of personal information used to find romantic matches including physical attributes, use of alcohol, drugs and…
Data breachResolvedUlmon data breach (2020)
In January 2020, the travel app creator Ulmon suffered a data breach. The service had almost 1.3M records with 777k unique email addresses, names, passwords stored as bcrypt hashes and in some cases, social media profile IDs, telephone numbers and bios.
Data breachResolvedMathway data breach (2020)
In January 2020, the math solving website Mathway suffered a data breach that exposed over 25M records. The data was subsequently sold on a dark web marketplace and included names, Google and Facebook IDs, email addresses and salted password hashes.
Data breachResolvedPicanol Group ransomware production halt (Belgium, 2020)
A ransomware attack paralysed weaving-machine manufacturer Picanol's plants in Ieper (Belgium), Romania, and China, halting production for ~2,300 employees for over a week. Trading in Picanol shares was suspended during the disruption.
Zoosk (2020) data breach (2020)
In January 2020, the online dating service Zoosk suffered a data breach which was subsequently shared extensively across online hacking communities. The breach contained 24 million unique email addresses alongside extensive personal information including genders, sexualities, dates of birth,…
Data breachResolvedMobiFriends data breach (2020)
In January 2020, the Barcelona-based dating app MobiFriends suffered a data breach that exposed 3.5 million unique email addresses. The data also included usernames, genders, dates of birth and MD5 password hashes.
Data breachResolvedAustrian Foreign Ministry state-sponsored cyberattack
A sophisticated, weeks-long intrusion hit Austria's Foreign Ministry over the 2020 New Year, attributed by Austrian media to the Russia-linked Turla APT. The ministry, which runs around 100 diplomatic missions, fought a prolonged espionage operation before declaring its systems cleaned.
HTC Mania data breach (2020)
In January 2020, the Spanish mobile phone forum HTC Mania suffered a data breach of the vBulletin based site. The incident exposed 1.5M member email addresses, usernames, IP addresses, dates of birth and salted MD5 password hashes and password histories.
Data breachResolvedPampling data breach (2020)
In January 2020, the online clothing retailer Pampling suffered a data breach that exposed 383k unique customer email addresses. The data was later shared on a popular hacking forum and also included names, usernames and unsalted MD5 password hashes.
Data breachResolvedVirgin Mobile Polska data breach
An unauthorised party exploited a flaw in Virgin Mobile Polska's prepaid-registration application to access the personal data of over 114,000 subscribers, including PESEL identity numbers and ID-card details. Poland's data-protection authority fined the operator nearly PLN 2 million for inadequate security testing.
Filmai.in data breach (2020)
In approximately 2019 or 2020, the Lithuanian movie streaming service Filmai.in suffered a data breach exposing 645k email addresses, usernames and plain text passwords.
Nameless Malware data breach (2020)
In January 2021, NordLocker provided HIBP 1.1 million email addresses collected by nameless malware. The malware campaign ran between 2018 and 2020 and infected 3.25 million computers, stealing files, credentials and taking screenshots and photos using the computer's webcam.
Data breachResolved
2019
95 incidentsTravelex Sodinokibi ransomware and collapse (2019–2020)
REvil/Sodinokibi operators detonated against Travelex on New Year's Eve 2019 after dwelling in the network for six months via an unpatched Pulse Secure VPN. Travelex paid $2.3 million; parent Finablr failed; PwC put Travelex into administration with the loss of over 1,300 jobs.
Sonicbids data breach (2019)
In December 2019, the booking website Sonicbids suffered a data breach which they attributed to "a data privacy event involving our third-party cloud hosting services". The breach contained 752k user records including names and usernames, email addresses and passwords stored as PBKDF2 hashes.
Data breachResolvedBtoBet data breach (2019)
In December 2019, a large collection of data from Nigerian gambling company Surebet247 was sent to HIBP. Alongside the Surebet247, database backups from gambling sites BetAlfa, BetWay, BongoBongo and TopBet was also included.
Data breachResolvedMaastricht University Clop ransomware (Netherlands, 2019)
TA505 used Clop ransomware to encrypt 267 Maastricht University servers over Christmas 2019 after two phishing emails on 15–16 October had compromised the network. The university paid 30 BTC (~$220,000). The ransom Bitcoin — later seized from a money mule — was returned and had appreciated, leaving the university ahead by ~$300,000.
Avvo data breach (2019)
In approximately December 2019, an alleged data breach of the lawyer directory service Avvo was published to an online hacking forum and used in an extortion scam (it's possible the exposure dates back earlier than that).
Data breachResolvedGameSprite data breach (2019)
In December 2019, the now defunct gaming platform GameSprite suffered a data breach that exposed over 6M unique email addresses. The impacted data also included usernames, IP addresses and salted MD5 password hashes.
Data breachResolvedGo Ninja data breach (2019)
In December 2019, the now defunct German gaming website Go Ninja suffered a data breach that exposed 5M unique email addresses. The impacted data included usernames, email and IP addresses and salted MD5 password hashes.
LifeLabs data breach
Canada's largest medical-testing laboratory disclosed that attackers had accessed health data on roughly 15 million customers, paid an undisclosed ransom to retrieve the stolen records, and was later found by privacy regulators to have failed to safeguard the information.
SoarGames data breach (2019)
In December 2019, the now defunct gaming website SoarGames suffered a data breach that exposed 4.8M unique email addresses. The impacted data included usernames, email and IP addresses and salted MD5 password hashes.
Data breachResolvedJoyGames data breach (2019)
In December 2019, the forum for the JoyGames website suffered a data breach that exposed 4.5M unique email addresses. The impacted data also included usernames, IP addresses and salted MD5 password hashes.
Data breachResolvedUnigame data breach (2019)
In December 2019, the now defunct gaming website Unigame (maker of Hunter Online) suffered a data breach that was later redistributed as part of a larger corpus of data. The data included 844k email addresses and salted MD5 password hashes.
Data breachResolvedBenešov Hospital Ryuk ransomware attack
An Emotet–TrickBot–Ryuk malware chain crippled the Rudolf and Stefanie Hospital in Benešov, Czech Republic, knocking out X-ray, ultrasound, and laboratory systems and paralysing the facility for weeks. The hospital did not pay the ransom and reported no patient-record loss.
TaiLieu data breach (2019)
In November 2019, the Vietnamese education website TaiLieu allegedly suffered a data breach exposing 7.3M customer records. Impacted data included names and usernames, email addresses, dates of birth, genders and passwords stored as unsalted MD5 hashes.
Pemex DoppelPaymer ransomware (Mexico, 2019)
DoppelPaymer ransomware paralysed corporate IT systems at Mexican state oil company Pemex, freezing payments and communications for weeks. Attackers demanded 565 BTC (~$5M). Pemex refused to pay; total recovery cost reached approximately $71 million.
Benchmark data breach (2019)
In November 2019, the Serbian technology news website Benchmark suffered a breach of its forum that exposed 93k customer records. The breach exposed IP and email addresses, usernames and passwords stored as salted MD5 hashes.
Data breachResolvedIndiHome data breach (2019)
In mid-2021, reports emerged of a data breach of Indonesia's telecommunications company, IndiHome. Over 26M rows of data alleged to have been sourced from the company was posted to a popular hacking forum and contained 12.6M unique email addresses alongside names, IP addresses, genders and…
Universarium data breach (2019)
In approximately November 2019, the Russian "Remote preparatory faculty for IT specialties" Universarium suffered a data breach. The incident exposed 565k email addresses and passwords in plain text. Universarium did not respond to multiple attempts to make contact over a period of many weeks.
Data breachResolvedIndian Railways data breach (2019)
In November 2019, the website for Indian Rail left more than 2M records exposed on an unprotected Firebase database instance. The exposed data included 583k unique email addresses alongside usernames and passwords stored in plain text.
Data Enrichment Exposure From PDL Customer data breach (2019)
In October 2019, security researchers Vinny Troia and Bob Diachenko identified an unprotected Elasticsearch server holding 1.2 billion records of personal data.
Data breachResolvedHookers.nl data breach (2019)
In October 2019, the Dutch prostitution forum Hookers.nl suffered a data breach which exposed the personal information of sex workers and their customers.
StarTribune data breach (2019)
In October 2019, the Minnesota-based news service StarTribune suffered a data breach which was subsequently sold on the dark web. The breach exposed over 2 million unique email addresses alongside names, usernames, physical addresses, dates of birth, genders and passwords stored as bcrypt hashes.
Data breachResolvedThe Halloween Spot data breach (2019)
In September 2019, the Halloween costume store The Halloween Spot suffered a data breach. Originally misattributed to fancy dress store Smiffys, the breach contained 13GB of data with over 10k unique email addresses alongside names, physical and IP addresses, phone numbers and order histories.
Data breachResolvedZooville data breach (2019)
In September 2019, the zoophilia and bestiality forum Zooville suffered a data breach. The usernames and email addresses of 71k members were accessed via an unpatched vulnerability in the vBulletin forum software then subsequently distributed online.
Data breachResolvedAgusiQ-Torrents.pl data breach (2019)
In September 2019, Polish torrent site AgusiQ-Torrents.pl suffered a data breach. The incident exposed 90k member records including email and IP addresses, usernames and passwords stored as MD5 hashes.
Novaestrat Ecuador data leak
An unsecured Elasticsearch server run by Ecuadorian consultancy Novaestrat exposed 20.8 million records covering nearly the entire population of Ecuador, including 6.7 million children, financial records, and vehicle data.
KiwiFarms data breach (2019)
In September 2019, the forum for discussing "lolcows" (people who can be milked for laughs) Kiwi Farms suffered a data breach. The disclosure notice advised that email and IP addresses, dates of birth and content created by members were all exposed in the incident.
Data breachResolvedDemant ransomware attack
A ransomware-style cyber incident forced Danish hearing-aid giant Demant to shut down IT systems worldwide, crippling production and order processing and causing an estimated loss of up to $95 million — one of the costliest single ransomware events on record.
EpicBot data breach (2019)
In September 2019, the RuneScape bot provider EpicBot suffered a data breach that impacted 817k subscribers. Data from the breach was subsequently shared on a popular hacking forum and included usernames, email and IP addresses and passwords stored as either salted MD5 or bcrypt hashes.
Data breachResolvedZynga data breach (2019)
In September 2019, the hacker Gnosticplayers breached game developer Zynga, accessing data for nearly 173 million Words With Friends and Draw Something players. Exposed data included emails, usernames, phone numbers, and salted SHA-1 password hashes.
AlpineReplay data breach (2019)
In 2019, the snow sports tracking app AlpineReplay suffered a data breach that exposed 900k unique email addresses. Later rolled into the Trace service, the breach included names, usernames, genders, dates of birth, weights and passwords stored as either unsalted MD5 or bcrypt hashes.
Data breachResolvedToonDoo data breach (2019)
In August 2019, the comic strip creation website ToonDoo suffered a data breach. The data was subsequently redistributed on a popular hacking forum in November where the personal information of over 6M subscribers was shared.
Data breachResolvedMastercard Priceless Specials data breach (2019)
In August 2019, the German Mastercard bonus program "Priceless Specials" suffered a data breach. Personal data on almost 90k program members was subsequently extensively circulated online and included names, email and IP addresses, phone numbers and partial credit card data.
Audi data breach (2019)
In August 2019, Audi USA suffered a data breach after a vendor left data unsecured and exposed on the internet. The data contained 2.7M unique email addresses along with names, phone numbers, physical addresses and vehicle information including VIN.
Data breachResolvedeuropa.jobs data breach (2019)
In August 2019, the now defunct European jobs website europa.jobs (Google cache link) suffered a data breach. The incident exposed 226k unique email addresses alongside extensive personal information including names, dates of birth, job applications and passwords.
Data breachResolvedPromofarma data breach (2019)
In August 2019, a data breach from the Spanish online pharmacy Promofarma appeared for sale on a dark web marketplace. The breach exposed over 2.7M records and contained almost 1.3M unique customer email addresses. The data also included customer names and was provided to HIBP by dehashed.com.
Data breachResolvedCapital One cloud misconfiguration breach
Former AWS engineer Paige Thompson exploited a misconfigured Web Application Firewall to extract personal data on roughly 106 million Capital One credit-card applicants and customers from S3.
Club Penguin Rewritten (July 2019) data breach (2019)
In July 2019, the children's gaming site Club Penguin Rewritten (CPRewritten) suffered a data breach (note: CPRewritten is an independent recreation of Disney's Club Penguin game).
Data breachResolvedStockX data breach (2019)
In July 2019, the fashion and sneaker trading platform StockX suffered a data breach which was subsequently sold via a dark webmarketplace. The exposed data included 6.8 million unique email addresses, names, physical addresses, purchases and passwords stored as salted MD5 hashes.
Data breachResolvedMGM Resorts data breach (2019)
In July 2019, MGM Resorts discovered a data breach of one of their cloud services. The breach included 10.6M guest records with 3.1M unique email addresses stemming back to 2017.
Data breachResolvedMGM Resorts (2022 Update) data breach (2019)
In July 2019, MGM Resorts discovered a data breach of one of their cloud services. The breach included 10.6M guest records with 3.1M unique email addresses stemming back to 2017.
Data breachResolvedCracked.to data breach (2019)
In July 2019, the hacking website Cracked.to suffered a data breach. There were 749k unique email addresses spread across 321k forum users and other tables in the database.
Data breachResolvedFlash Flash Revolution (2019 breach) data breach (2019)
In July 2019, the music-based rhythm game Flash Flash Revolution suffered a data breach. The 2019 breach imapcted almost 1.9 million members and is in addition to the 2016 data breach of the same service.
Data breachResolvedBulgarian National Revenue Agency data breach (2019)
In July 2019, a massive data breach of the Bulgarian National Revenue Agency began circulating with data on 5 million people. Allegedly obtained in June, the data was broadly shared online and included taxation information alongside names, phone numbers, physical addresses and 471 thousand unique…
Data breachResolvedBulgarian National Revenue Agency breach
A single SQL injection against a rarely-used VAT service let an attacker exfiltrate tax, income, health and pension records on more than 6 million people — almost the entire adult population of Bulgaria.
BlackSpigotMC data breach (2019)
In July 2019, the hacking website BlackSpigotMC suffered a data breach. The XenForo forum based site was allegedly compromised by a rival hacking website and resulted in 8.5GB of data being leaked including the database and website itself.
Data breachResolvedVedantu data breach (2019)
In mid-2019, the Indian interactive online tutoring platform Vedantu suffered a data breach which exposed the personal data of 687k users. The JSON formatted database dump exposed extensive personal information including email and IP address, names, phone numbers, genders and passwords stored as…
Data breachResolvedPlanet Calypso data breach (2019)
In approximately July 2019, the forums for the Planet Calypso game suffered a data breach. The breach of the vBulletin based forum exposed email and IP addresses, usernames and passwords stored as salted MD5 hashes.
Data breachResolvedQuidd data breach (2019)
In 2019, online marketplace for trading stickers, cards, toys, and other collectibles Quidd suffered a data breach. The breach exposed almost 4 million users' email addresses, usernames and passwords stored as bcrypt hashes.
Data breachResolvedXKCD data breach (2019)
In July 2019, the forum for webcomic XKCD suffered a data breach that impacted 562k subscribers. The breached phpBB forum leaked usernames, email and IP addresses and passwords stored in MD5 phpBB3 format. The data was provided to HIBP by white hat security researcher and data analyst Adam Davies.
Data breachResolvedDesjardins insider data breach
An insider at Desjardins — the largest financial cooperative in Canada — exfiltrated personal data on 9.7 million members and businesses over two years before being caught. The defining Canadian insider-threat case.
Artvalue data breach (2019)
In June 2019, the France-based art valuation website Artvalue.com left their 158k member subscriber base publicly exposed in a text file on their website. The exposed data included names, usernames, email addresses and passwords stored as MD5 hashes.
Data breachResolvedSocial Engineered data breach (2019)
In June 2019, the "Art of Human Hacking" site Social Engineered suffered a data breach. The breach of the MyBB forum was published on a rival hacking forum and included 89k unique email addresses spread across 55k forum users and other tables in the database.
Data breachResolvedVoid.to data breach (2019)
In June 2019, the hacking website Void.to suffered a data breach. There were 95k unique email addresses spread across 86k forum users and other tables in the database.
Data breachResolvedWiener Büchereien data breach (2019)
In June 2019, the library of Vienna (Wiener Büchereien) suffered a data breach. The compromised data included 224k unique email addresses, names, physical addresses, phone numbers and dates of birth. The breached data was subsequently posted to Twitter by the alleged perpetrator of the breach.
Data breachResolvedAustralian National University data breach
A sophisticated, likely state-sponsored actor breached the Australian National University's administrative systems in late 2018, exfiltrating up to 19 years of staff and student records in an intrusion praised by ANU's own report for its extraordinary operational security.
GateHub data breach (2019)
In October 2019, 1.4M accounts from the cryptocurrency wallet service GateHub were posted to a popular hacking forum. GateHub had previously acknowledged a data breach in June, albeit with a smaller number of impacted accounts.
Data breachResolvedCondo.com data breach (2019)
In June 2019, now defunct website Condo.com suffered a data breach that was later redistributed as part of a larger corpus of data. The impacted data included 1.5M email addresses alongside names, phone numbers and for a small number of records, physical addresses.
Data breachResolvedCanva data breach (2019)
The serial hacker GnosticPlayers breached Australian design platform Canva in May 2019, stealing data on roughly 137 million users including emails, names, locations and bcrypt-hashed passwords.
First American Financial document exposure
An insecure direct object reference (IDOR) flaw on First American Financial's website exposed roughly 885 million title-insurance and mortgage documents — including Social Security numbers, bank account details, and driver's-license images — dating back to 2003, accessible to anyone without authentication.
Minehut data breach (2019)
In May 2019, the Minecraft server website Minehut suffered a data breach. The company advised a database backup had been obtained after which they subsequently notified all impacted users. 397k email addresses from the incident were provided to HIBP.
Data breachResolvedOrdine Avvocati di Roma data breach (2019)
In May 2019, the Lawyers Order of Rome suffered a data breach by a group claiming to be Anonymous Italy. Data on tens of thousands of Roman lawyers was taken from the breached system and redistributed online.
EatStreet data breach (2019)
In May 2019, the online food ordering service EatStreet suffered a data breach affecting 6.4 million customers. An extensive amount of personal data was obtained including names, phone numbers, addresses, partial credit card data and passwords stored as bcrypt hashes.
Data breachResolvedRead Novel data breach (2019)
In May 2019, the Chinese literature website Read Novel allegedly suffered a data breach that exposed 22M unique email addresses. Data also included usernames, genders, phone numbers and passwords stored as salted MD5 hashes. Read more about Chinese data breaches in Have I Been Pwned.
Data breachResolvedAimware data breach (2019)
In mid-2019, the video game cheats website "Aimware" suffered a data breach that exposed hundreds of thousands of subscribers' personal information. Data included email and IP addresses, usernames, forum posts, private messages, website activity and passwords stored as salted MD5 hashes.
Data breachResolvedDeezer data breach (2019)
A 2019 snapshot of Deezer user data, retained by a former third-party partner in violation of its contract, was leaked in November 2022 and exposed roughly 229 million records — including names, emails, dates of birth, and locations. No passwords or payment data were affected.
ApexSMS data breach (2019)
In May 2019, news broke of a massive SMS spam operation known as "ApexSMS" which was discovered after a MongoDB instance of the same name was found exposed without a password.
Data breachResolvedInstant Checkmate data breach (2019)
In 2019, the public records search service Instant Checkmate suffered a data breach that later came to light in early 2023. The data included almost 12M unique customer email addresses, names, phone numbers and passwords stored as scrypt hashes.
Data breachResolvedTruth Finder data breach (2019)
In 2019, the public records search service TruthFinder suffered a data breach that later came to light in early 2023. The data included over 8M unique customer email addresses, names, phone numbers and passwords stored as scrypt hashes.
Data breachResolvedStorenvy data breach (2019)
In mid-2019, the e-commerce website Storenvy suffered a data breach that exposed millions of customer records. A portion of the breached records were subsequently posted to a hacking forum with cracked password hashes, whilst the entire corpus of 23M rows was put up for sale.
Data breachResolvedLumin PDF data breach (2019)
In April 2019, the PDF management service Lumin PDF suffered a data breach. The breach wasn't publicly disclosed until September when 15.5M records of user data appeared for download on a popular hacking forum.
Data breachResolvedVastaamo data breach (2019)
In October 2020, the Finnish psychotherapy service Vastaamo was the subject of a ransomware attack targeting first the company itself, followed by their patients directly.
Hakko Corporation data breach (2019)
In March 2019, the Japanese solder-related business Hakko Corporation suffered a data breach. The incident exposed almost 10k customer records including email and physical addresses, phone numbers, names, usernames, genders, dates of birth and plain text passwords.
Data breachResolvedEverybody Edits data breach (2019)
In March 2019, the multiplayer platform game Everybody Edits suffered a data breach. The incident exposed 871k unique email addresses alongside usernames and IP addresses. The data was subsequently distributed online across a collection of files.
Data breachResolvedUtair data breach (2019)
In August 2020, news broke of a data breach of Russian airline Utair that dated back to the previous year. The breach contained over 400k unique email addresses along with extensive personal information including names, physical addresses, dates of birth, passport numbers and loyalty program…
Norsk Hydro LockerGoga ransomware
Aluminium producer Norsk Hydro lost most of its global IT estate to the LockerGoga ransomware. Hydro publicly refused to pay, ran operations on paper for weeks, and set the editorial standard for transparent incident communication.
Mindjolt data breach (2019)
In March 2019, the online gaming website MindJolt suffered a data breach that exposed 28M unique email addresses. Also impacted were names and dates of birth, but no passwords.
Data breachResolvedHurb data breach (2019)
In approximately March 2019, the online Brazilian travel agency Hurb (formerly Hotel Urbano) suffered a data breach. The data subsequently appeared online for download the following year and included over 20 million customer records with email and IP addresses, names, dates of birth, phone numbers…
Data breachResolvedIntelimost data breach (2019)
In March 2019, a spam operation known as "Intelimost" sent millions of emails appearing to come from people the recipients knew. Security researcher Bob Diachenko found over 3 million unique email addresses in an exposed Elasticsearch database, alongside plain text passwords used to access the…
Data breachResolvedMalindoAir data breach (2019)
In early 2019, the Malaysian airline Malindo Air suffered a data breach that exposed tens of millions of customer records. Containing 4.3M unique email addresses, the breach also exposed extensive personal information including names, dates of birth, genders, physical addresses, phone numbers and…
Data breachResolvedEstante Virtual data breach (2019)
In February 2019, the Brazilian book store Estante Virtual suffered a data breach that impacted 5.4M customers. The exposed data included names, usernames, email and physical addresses, phone numbers, dates of birth and unsalted SHA-1 password hashes.
Lifebear data breach (2019)
In early 2019, the Japanese schedule app Lifebear appeared for sale on a dark web marketplace amongst a raft of other hacked websites. The breach exposed almost 3.7M unique email addresses, usernames and passwords stored as salted MD5 hashes.
Data breachResolvedVerifications.io data breach (2019)
In February 2019, the email address validation service verifications.io suffered a data breach. Discovered by Bob Diachenko and Vinny Troia, the breach was due to the data being stored in a MongoDB instance left publicly facing without a password and resulted in 763 million unique email addresses…
Data breachResolvedGameSalad data breach (2019)
In February 2019, the education and game creation website Game Salad suffered a data breach. The incident impacted 1.5M accounts and exposed email addresses, usernames, IP addresses and passwords stored as SHA-256 hashes.
Data breachResolvedCafePress data breach (2019)
In February 2019, the custom merchandise retailer CafePress suffered a data breach. The exposed data included 23 million unique email addresses with some records also containing names, physical addresses, phone numbers and passwords stored as SHA-1 hashes.
Data breachResolvedDemon Forums data breach (2019)
In February 2019, the hacking forum Demon Forums suffered a data breach. The compromise of the vBulletin forum exposed 52k unique email addresses alongside usernames and passwords stored as salted MD5 hashes.
Data breachResolvedYouNow data breach (2019)
In February 2019, data from the live broadcasting service YouNow appeared for sale on a dark web marketplace. Whilst it's not clear what date the actual breach occurred on, the impacted data included 18M unique email addresses, IP addresses, names, usernames and links to social media profiles.
Data breachResolvedLBB data breach (2019)
In August 2022, customer data of the Indian shopping site "LBB" (Little Black Book) was posted to a popular hacking forum. The data contained over 3M records with 39k unique email addresses alongside IP and physical addresses, names and device information with the most recent data dating back to…
devkitPro data breach (2019)
In February 2019, the devkitPro forum suffered a data breach. The phpBB based forum had 1,508 unique email addresses exposed in the breach alongside forum posts, private messages and passwords stored as weak salted hashes. The data breach was self-submitted to HIBP by the forum operator.
Data breachResolvedYouthmanual data breach (2019)
In January 2019, the Indonesian college and career platform Youthmanual suffered a data breach that exposed 1.1M records of data. The breached included 938k unique email addresses along with extensive personal information including names, genders, dates and places of birth, phone numbers, physical…
Data breachResolvedSingapore HIV registry leak
Confidential records of 14,200 HIV-positive people from Singapore's national HIV registry were stolen and leaked online by a foreigner who obtained them through his partner, a Ministry of Health doctor with privileged access.
Peatix data breach (2019)
In January 2019, the event organising platform Peatix suffered a data breach. The incident exposed 4.2M email addresses, names and salted password hashes. The data was provided to HIBP by dehashed.com.
Data breachResolvedCollection #1 credential dump
A 87GB aggregated credential dump posted to the MEGA cloud service exposed 772.9 million unique email addresses and 21.2 million unique passwords, assembled from thousands of prior breaches to fuel credential-stuffing attacks at industrial scale.
ixigo data breach (2019)
In January 2019, the travel and hotel booking site ixigo suffered a data breach. The data appeared for sale on a dark web marketplace the following month and included over 17M unique email addresses alongside names, genders, phone numbers, connections to Facebook profiles and passwords stored as…
Data breachResolvedArmor Games data breach (2019)
In January 2019, the game portal website Armor Games suffered a data breach. A total of 10.6 million email addresses were impacted by the breach which also exposed usernames, IP addresses, birthdays of administrator accounts and passwords stored as salted SHA-1 hashes.
Data breachResolvedRoyal Enfield data breach (2019)
In January 2020, motorcycle maker Royal Enfield left a database publicly exposed that resulted in the inadvertent publication of over 400k customers. The impacted data included email and physical addresses, names, motorcycle information, social media profiles, passwords, and other personal…
Data breachResolved
2018
94 incidentsIIMJobs data breach (2018)
In December 2018, the Indian job portal IIMJobs suffered a data breach that exposed 4.1 million unique email addresses. The data also included names, phone numbers, geographic locations, dates of birth, job titles, job applications and cover letters plus passwords stored as unsalted MD5 hashes.
Data breachResolvedBannerBit data breach (2018)
In approximately December 2018, the online ad platform BannerBit suffered a data breach. Containing 213k unique email addresses and plain text passwords, the data was provided to HIBP by a third party. Multiple attempts were made to contact BannerBit, but no response was received.
Data breachResolvedBlankMediaGames data breach (2018)
In December 2018, the Town of Salem website produced by BlankMediaGames suffered a data breach. Reported to HIBP by DeHashed, the data contained 7.6M unique user email addresses alongside usernames, IP addresses, purchase histories and passwords stored as phpass hashes.
Data breachResolvedOGUsers (2019 breach) data breach (2018)
In May 2019, the account hijacking and SIM swapping forum OGusers suffered a data breach. The breach exposed a database backup from December 2018 which was published on a rival hacking forum. There were 161k unique email addresses spread across 113k forum users and other tables in the database.
Data breachResolvedRoll20 data breach (2018)
In December 2018, the tabletop role-playing games website Roll20 suffered a data breach. Almost 4 million customers were impacted by the breach and had email and IP addresses, names, bcrypt hashes of passwords and the last 4 digits of credit cards exposed.
Data breachResolvedAjarn data breach (2018)
In September 2021, the Thai-based English language teaching website Ajarn discovered they'd been the victim of a data breach dating back to December 2018. The breach was self-submitted to HIBP and included 266k email addresses, names, genders, phone numbers and other personal information.
Data breachResolvedWanelo data breach (2018)
In approximately December 2018, the digital mall Wanelo suffered a data breach. The data was later placed up for sale on a dark web marketplace along with a collection of other data breaches in April 2019.
Data breachResolvedMappery data breach (2018)
In December 2018, the mapping website Mappery suffered a data breach that exposed over 205k unique email addresses. The incident also exposed usernames, the geographic location of the user and passwords stored as unsalted SHA-1 hashes.
Data breachResolvedBombuj.eu data breach (2018)
In December 2018, the Slovak website for watching movies online for free Bombuj.eu suffered a data breach. The incident exposed over 575k unique email addresses and passwords stored as unsalted MD5 hashes. No response was received from Bombuj.eu when contacted about the incident.
Data breachResolvedQuora data breach
The question-and-answer platform Quora disclosed that an unauthorized third party had accessed the data of approximately 100 million users, including names, email addresses, salted-and-hashed passwords, and imported contact and demographic data.
Dubsmash data breach (2018)
The video-messaging app Dubsmash was breached in December 2018, exposing roughly 162 million accounts with email addresses, usernames and PBKDF2 password hashes that later surfaced for sale on the Dream Market dark-web bazaar via the broker GnosticPlayers.
Fotolog data breach (2018)
In December 2018, the photo sharing social network Fotolog suffered a data breach that exposed 16.7 million unique email addresses. The data also included usernames and unsalted SHA-256 password hashes.
Data breachResolvedMarriott / Starwood guest data breach
Chinese state-attributed operators sat undetected on Starwood's guest reservation database from 2014, surviving Marriott's 2016 acquisition. Disclosed 2018: 500 million guest records exposed, including 5.25 million unencrypted passport numbers.
Technic data breach (2018)
In November 2018, the Minecraft modpack platform known as Technic suffered a data breach. Technic promptly disclosed the breach and advised that the impacted data included over 265k unique users' email and IP addresses, chat logs, private messages and passwords stored as bcrypt hashes with a work…
Data breachResolvedMorele.net data breach
Attackers stole the customer database of the Polish e-commerce group Morele.net, exposing data on about 2.2 million customers and launching an SMS-phishing campaign that demanded a fake PLN 1 'top-up' via a counterfeit payment gateway. Poland's UODO issued its then-largest GDPR fine of EUR 660,000.
Data & Leads data breach (2018)
In November 2018, security researcher Bob Diachenko identified an unprotected database believed to be hosted by a data aggregator. Upon further investigation, the data was linked to marketing company Data & Leads.
Data breachResolvedAdapt data breach (2018)
In November 2018, security researcher Bob Diachenko identified an unprotected database hosted by data aggregator "Adapt". A provider of "Fresh Quality Contacts", the service exposed over 9.3M unique records of individuals and employer information including their names, employers, job titles,…
Data breachResolvedWPSandbox data breach (2018)
In November 2018, the WordPress sandboxing service that allows people to create temporary websites WP Sandbox discovered their service was being used to host a phishing site attempting to collect Microsoft OneDrive accounts.
Data breachResolvedSocietà Italiana degli Autori ed Editori data breach (2018)
In November 2018, the Società Italiana degli Autori ed Editori (Italian Society of Authors and Publishers, or SIAE) was hacked, defaced and almost 4GB of data leaked publicly via Twitter. The data included over 14k registered users' names, email addresses and passwords.
Elasticsearch Instance of Sales Leads on AWS data breach (2018)
In October 2018, security researcher Bob Diachenko identified multiple exposed databases with hundreds of millions of records. One of those datasets was an Elasticsearch instance on AWS containing sales lead data and 5.8M unique email addresses.
Data breachResolvedBankIslami / Pakistan banking card breach
Fraudulent withdrawals at BankIslami triggered Pakistan's largest banking-sector breach, with details of more than 19,000 payment cards from 22 banks dumped for sale on the Joker's Stash carding forum and cashed out via ATMs and POS terminals abroad.
Cathay Pacific passenger data breach
A multi-year intrusion into Cathay Pacific's IT systems exposed the personal data of 9.4 million passengers worldwide, including passport and ID numbers, earning the airline the UK ICO's maximum £500,000 pre-GDPR fine.
GoldSilver data breach (2018)
In October 2018, the bullion education and dealer services site GoldSilver suffered a data breach that exposed 243k unique email addresses spanning customers and mailing list subscribers.
Data breachResolvedEatigo data breach (2018)
In October 2018, the restaurant reservation service Eatigo suffered a data breach that exposed 2.8 million accounts. The data included email addresses, names, phone numbers, social media profiles, genders and passwords stored as unsalted MD5 hashes.
Data breachResolvedPluto TV data breach (2018)
In October 2018, the internet television service Pluto TV suffered a data breach which was then shared extensively in hacking communities. Pluto TV "decided not to proactively inform users of the breach" which contained 3.2M unique email and IP addresses, names, usernames, genders, dates of birth…
Data breachResolvedWife Lovers data breach (2018)
In October 2018, the site dedicated to posting naked photos and other erotica of wives Wife Lovers suffered a data breach. The underlying database supported a total of 8 different adult websites and contained over 1.2M unique email addresses.
Data breachResolvedYou've Been Scraped data breach (2018)
In October and November 2018, security researcher Bob Diachenko identified several unprotected MongoDB instances believed to be hosted by a data aggregator.
Data breachResolvedVimeWorld data breach (2018)
In October 2018, the Russian Minecraft service VimeWorld suffered a data breach that was later redistributed as part of a larger corpus of data. The data included 3.1M records of usernames, email and IP addresses and passwords stored as either MD5 or bcrypt hashes.
Data breachResolvedSaverSpy data breach (2018)
In September 2018, security researcher Bob Diachenko discovered a massive collection of personal details exposed in an unprotected Mongo DB instance. The data appears to have been used in marketing campaigns (possibly for spam purposes) but had little identifying data about it other than a…
Data breachResolvedKayo.moe Credential Stuffing List data breach (2018)
In September 2018, a collection of almost 42 million email address and plain text password pairs was uploaded to the anonymous file sharing service kayo.moe.
Data breachResolvedBritish Airways Magecart card-skimming
Magecart operators injected card-skimming JavaScript into British Airways' payment page, stealing card details on 380,000 transactions over 15 days. UK ICO initially proposed a £183.4M GDPR fine — later reduced to £20M after Covid-impact mitigation arguments.
Color Dating data breach (2018)
In September 2018, the dating app to match people with different ethnicities Color Dating suffered a data breach that was later redistributed as part of a larger corpus of data. The breach exposed 220k unique email addresses along with bios, names, profile photos and bcrypt password hashes.
Data breachResolvedKnuddels data breach (2018)
In September 2018, the German social media website Knuddels suffered a data breach. The incident exposed 808k unique email addresses alongside usernames, real names, the city of the person and their password in plain text. Knuddels was subsequently fined €20k for the breach.
Multiplayer.it data breach (2018)
In April 2024, over half a million records taken from the Italian gaming website Multiplayer.it were posted to a popular hacking forum. The impacted data included email addresses, usernames and salted MD5 password hashes.
Atlas Quantum data breach (2018)
In August 2018, the cryptocurrency investment platform Atlas Quantum suffered a data breach. The breach leaked the personal data of 261k investors on the platform including their names, phone numbers, email addresses and account balances.
Data breachResolvedHTH Studios data breach (2018)
In August 2018, the adult furry interactive game creator HTH Studios suffered a data breach impacting multiple repositories of customer data. Several months later, the data surfaced on a popular hacking forum and included 411k unique email addresses along with physical and IP addresses, names,…
Data breachResolvedSpyFone data breach (2018)
In August 2018, the spyware company SpyFone left terabytes of data publicly exposed. Collected surreptitiously whilst the targets were using their devices, the data included photos, audio recordings, text messages and browsing history which were then exposed via a number of misconfigurations within…
Data breachResolvedHauteLook data breach (2018)
In mid-2018, the fashion shopping site HauteLook was among a raft of sites that were breached and their data then sold in early-2019. The data included over 28 million unique email addresses alongside names, genders, dates of birth and passwords stored as bcrypt hashes.
Rbx.Rocks data breach (2018)
In August 2018, the Roblox trading site Rbx.Rocks suffered a data breach. Almost 25k records were sent to HIBP in November and included names, email addresses and passwords stored as bcrypt hashes. In July 2019, a further 125k records emerged bringing the total size of the incident to 150k.
Data breachResolvedTSMC WannaCry production-line shutdown
A WannaCry ransomware variant spread through unpatched Windows 7 fabrication tools at TSMC, the world's largest contract chipmaker, halting production at plants in Hsinchu, Taichung, and Tainan and causing an estimated $170 million in losses.
Lanwar data breach (2018)
In July 2018, staff of the Lanwar gaming site discovered a data breach they believe dates back to sometime over the previous several months. The data contained 45k names, email addresses, usernames and plain text passwords.
Data breachResolvedApollo data exposure (2018)
Sales-engagement startup Apollo left a database of 9 billion data points and over 200 million contact records exposed without a password in 2018; a subset of 126 million unique email addresses was loaded into Have I Been Pwned after researcher Vinny Troia found it.
SingHealth data breach
Chinese state-attributed actors exfiltrated personal and outpatient medication records on 1.5 million SingHealth patients — including Prime Minister Lee Hsien Loong — in Singapore's most serious cyber incident.
Animoto data breach (2018)
In July 2018, the cloud-based video making service Animoto suffered a data breach. The breach exposed 22 million unique email addresses alongside names, dates of birth, country of origin and salted password hashes.
Fashion Nexus data breach (2018)
In July 2018, UK-based ecommerce company Fashion Nexus suffered a data breach which exposed 1.4 million records. Multiple websites developed by sister company White Room Solutions were impacted in the breach amongst which were sites including Jaded London and AX Paris.
ShareThis data breach (2018)
In July 2018, the social bookmarking and sharing service ShareThis suffered a data breach. The incident exposed 41 million unique email addresses alongside names and in some cases, dates of birth and password hashes.
Bookmate data breach (2018)
In mid-2018, the social ebook subscription service Bookmate was among a raft of sites that were breached and their data then sold in early-2019. The data included almost 4 million unique email addresses alongside names, genders, dates of birth and passwords stored as salted SHA-512 hashes.
Data breachResolved500px data breach (2018)
In mid-2018, the online photography community 500px suffered a data breach. The incident exposed almost 15 million unique email addresses alongside names, usernames, genders, dates of birth and either an MD5 or bcrypt password hash.
Data breachResolvedStronghold Kingdoms data breach (2018)
In July 2018, the massive multiplayer online game Stronghold Kingdoms suffered a data breach. Almost 5.2 million accounts were impacted by the incident which exposed emails addresses, usernames and passwords stored as salted SHA-1 hashes.
Data breachResolved8fit data breach (2018)
In July 2018, the health and fitness service 8fit suffered a data breach. The data subsequently appeared for sale on a dark web marketplace in February 2019 and included over 15M unique email addresses alongside names, genders, IP addresses and passwords stored as bcrypt hashes.
Data breachResolvedZoomcar data breach (2018)
In July 2018, the Indian self-drive car rental company Zoomcar suffered a data breach which was subsequently sold on a dark web marketplace in 2020. The breach exposed over 3.5M records including names, email and IP addresses, phone numbers and passwords stored as bcrypt hashes.
Data breachResolvedExactis data exposure
Data-marketing firm Exactis left a database of nearly 340 million detailed records on individuals and businesses exposed on a publicly accessible server with no firewall. Each record held up to 400 fields of personal profiling data, from contact details to children's ages, religion, and habits.
Light's Hope data breach (2018)
In June 2018, the World of Warcraft service Light's Hope suffered a data breach which they subsequently self-submitted to HIBP. Over 30K unique users were impacted and their exposed data included email addresses, dates of birth, private messages and passwords stored as bcrypt hashes.
Data breachResolvedMortal Online data breach (2018)
In June 2018, the massively multiplayer online role-playing game (MMORPG) Mortal Online suffered a data breach. A file containing 570k email addresses and cracked passwords was subsequently distributed online.
Data breachResolvedTrik Spam Botnet data breach (2018)
In June 2018, the command and control server of a malicious botnet known as the "Trik Spam Botnet" was misconfigured such that it exposed the email addresses of more than 43 million people.
Data breachResolvedEstonian Citizens (via Estonian Cybercrime Bureau) data breach (2018)
In June 2018, the Cybercrime Bureau of the Estonian Central Criminal Police contacted HIBP and asked for assistance in making a data set of 655k email addresses searchable.
Data breachResolvedRomwe data breach (2018)
In mid-2018, the Hong Kong-based retailer Romwe suffered a data breach which exposed almost 20 million customers. The data was subsequently sold online and includes names, phone numbers, email and IP addresses, customer geographic locations and passwords stored as salted SHA-1 hashes.
Data breachResolvedSHEIN data breach (2018)
In June 2018, fast-fashion retailer SHEIN suffered a breach of its payment systems exposing about 39 million account credentials. In 2022, New York fined parent company Zoetop $1.9 million for understating the breach and failing to notify most victims.
Ticketfly data breach (2018)
In May 2018, the website for the ticket distribution service Ticketfly was defaced by an attacker and was subsequently taken offline. The attacker allegedly requested a ransom to share details of the vulnerability with Ticketfly but did not receive a reply and subsequently posted the breached data…
Adult-FanFiction.Org data breach (2018)
In May 2018, the website for sharing adult-orientated works of fiction known as Adult-FanFiction.Org had 186k records exposed in a data breach. The data contained names, email addresses, dates of birth and passwords stored as both MD5 hashes and plain text.
Data breachResolvedHouzz data breach (2018)
In mid-2018, the home-design platform Houzz had a file containing user data obtained by an unauthorized third party. The company learned of it in late 2018 and disclosed it in early 2019. Roughly 49 million accounts were exposed, including emails, usernames, salted password hashes and IP-derived locations.
Poshmark data breach (2018)
In May 2018, the social-commerce marketplace Poshmark was breached and roughly 36 million user accounts were exposed, including email addresses, names, usernames, genders, locations and bcrypt-hashed passwords. The company confirmed the incident in August 2019.
Lolzteam data breach (2018)
In May 2018, the Russian hacking forum Lolzteam suffered a data breach that exposed 400k members. The impacted data included usernames and email addresses which were later redistributed via another hacking forum.
Data breachResolvedViewFines data breach (2018)
In May 2018, the South African website for viewing traffic fines online known as ViewFines suffered a data breach. Over 934k records containing 778k unique email addresses were exposed and included names, phone numbers, government issued IDs and passwords stored in plain text.
Creative data breach (2018)
In May 2018, the forum for Singaporean hardware company Creative Technology suffered a data breach which resulted in the disclosure of 483k unique email addresses. Running on an old version of vBulletin, the breach also disclosed usernames, IP addresses and salted MD5 password hashes.
Data breachResolvedLinux Forums data breach (2018)
In May 2018, the Linux Forums website suffered a data breach which resulted in the disclosure of 276k unique email addresses. Running on an old version of vBulletin, the breach also disclosed usernames, IP addresses and salted MD5 password hashes.
Data breachResolvedVNG Zing ID 163-million account breach
A 2015 breach of Vietnamese tech giant VNG's Zing platform exposed roughly 163 million Zing ID accounts, with usernames, passwords, emails and phone numbers later found trading on RaidForums.
Chegg data breach (2018)
The education-technology company Chegg disclosed a 2018 breach affecting about 40 million users, exposing emails, names and unsalted MD5 password hashes; the FTC later cited four breaches and ordered Chegg to overhaul its security.
Funny Games data breach (2018)
In April 2018, the online entertainment site Funny Games suffered a data breach that disclosed 764k records including usernames, email and IP addresses and salted MD5 password hashes.
Data breachResolvedCareem ride-hailing data breach
Attackers accessed the systems of Dubai-based ride-hailing app Careem and stole the names, emails, phone numbers and trip histories of around 14 million riders and 558,000 drivers across the Middle East, North Africa and South Asia.
Banxico SPEI interbank heist (Mexico, 2018)
Attackers exploited third-party software connecting Mexican banks to SPEI, the central bank's interbank payment system, injecting phantom transfers and draining roughly 300-400 million pesos (~$15-20 million) via cash withdrawals by money mules.
Pemiblanc data breach (2018)
In April 2018, a credential stuffing list containing 111 million email addresses and passwords known as Pemiblanc was discovered on a French server. The list contained email addresses and passwords collated from different data breaches and used to mount account takeover attacks against other…
Data breachResolvedAerServ data breach (2018)
In April 2018, the ad management platform known as AerServ suffered a data breach. Acquired by InMobi earlier in the year, the AerServ breach impacted over 66k unique email addresses and also included contact information and passwords stored as salted SHA-512 hashes.
Data breachResolvedArtsy data breach (2018)
In April 2018, the online arts database Artsy suffered a data breach which consequently appeared for sale on a dark web marketplace. Over 1M accounts were impacted and included IP and email addresses, names and passwords stored as salted SHA-512 hashes.
Data breachResolvedEmuparadise data breach (2018)
In April 2018, the self-proclaimed "biggest retro gaming website on earth", Emuparadise, suffered a data breach. The compromised vBulletin forum exposed 1.1 million email addresses, IP address, usernames and passwords stored as salted MD5 hashes. The data was provided to HIBP by dehashed.com.
Data breachResolvedWendy's data breach (2018)
In March 2018, Wendy's in the Philippines suffered a data breach which impacted over 52k customers and job applicants. The breach exposed extensive personal information including names, email and IP addresses, physical addresses, phone numbers and passwords stored as MD5 hashes.
Bestialitysextaboo data breach (2018)
In March 2018, the animal bestiality website known as Bestialitysextaboo was hacked. A collection of various sites running on the same service were also compromised and details of the hack (including links to the data) were posted on a popular forum.
Data breachResolvedFacebook–Cambridge Analytica data scandal
Political consultancy Cambridge Analytica improperly obtained the personal data of up to 87 million Facebook users via a personality-quiz app, exploiting Facebook's permissive third-party API to harvest friend networks and build voter-targeting profiles. The scandal triggered a record $5 billion FTC penalty.
Bad Traffic / AdHose network injection on Egypt's telecom backbone
Citizen Lab found Sandvine PacketLogic deep-packet-inspection devices on Telecom Egypt's network covertly redirecting users en masse to affiliate ads and cryptocurrency-mining scripts, while also blocking dozens of news and human-rights sites.
EyeEm data breach (2018)
In February 2018, photography website EyeEm suffered a data breach. The breach was identified among a collection of other large incidents and exposed almost 20M unique email addresses, names, usernames, bios and password hashes.
Data breachResolved2,844 Separate Data Breaches data breach (2018)
In February 2018, a massive collection of almost 3,000 alleged data breaches was found online. Whilst some of the data had previously been seen in Have I Been Pwned, 2,844 of the files consisting of more than 80 million unique email addresses had not previously been seen.
Data breachResolvedFlorida Virtual School data breach (2018)
In March 2018, the Florida Virtual School (FLVS) posted a data breach notification to their website. The school had identified a data breach which had occurred sometime between 6 May 2016 and 12 Feb 2018 and an XML file containing 368k student records was subsequently found circulating.
Data breachResolvedAutocentrum.pl data breach (2018)
In February 2018, data belonging to the Polish motoring website autocentrum.pl was found online. The data contained 144k email addresses and plain text passwords.
Jobandtalent data breach (2018)
In approximately February 2018, the employment website Jobandtalent suffered a data breach which then appeared for sale alongside other breaches a year later. The incident impacted 11 million subscribers and exposed their names, email and IP addresses and passwords stored as salted SHA-1 hashes.
Data breachResolvedMyFitnessPal data breach (2018)
In February 2018, Under Armour's MyFitnessPal app was breached, exposing about 144 million accounts with usernames, emails and passwords hashed using a mix of SHA-1 and bcrypt; the data later surfaced for sale via GnosticPlayers.
JoomlArt data breach (2018)
In January 2018, the Joomla template website JoomlArt inadvertently exposed more than 22k unique customer records in a Jira ticket. The exposed data was from iJoomla and JomSocial, both services that JoomlArt acquired the previous year.
Data breachResolvedPropTiger data breach (2018)
In January 2018, the Indian property website PropTiger suffered a data breach which resulted in a 3.46GB database file being exposed and subsequently shared extensively on a popular hacking forum 2 years later.
Data breachResolvedCoincheck NEM heist
Tokyo-based cryptocurrency exchange Coincheck lost 523 million NEM tokens (~$530M at the time) from a hot wallet that had no multi-signature protection. The largest single crypto-exchange theft at the time — later attributed to North Korea's Lazarus Group.
Netshoes customer data breach
Brazilian e-commerce giant Netshoes exposed the personal data — names, CPF tax IDs, emails and purchase histories — of about 2 million customers, drawing one of the first major enforcement actions by Brazilian prosecutors over a data breach.
Club Penguin Rewritten (January 2018) data breach (2018)
In January 2018, the children's gaming site Club Penguin Rewritten (CPRewritten) suffered a data breach (note: CPRewritten is an independent recreation of Disney's Club Penguin game).
Data breachResolvedDark Caracal global mobile espionage campaign
A multi-year cyber-espionage campaign tied to the Lebanese General Directorate of General Security (GDGS) stole hundreds of gigabytes of data from thousands of victims across 21+ countries using trojanized Android apps and desktop malware.
Aadhaar database exposure
Tribune India journalists demonstrated that paid intermediaries could provide full Aadhaar records — including biometric-linked identity data on roughly 1.1 billion Indian residents — for 500 rupees per record.
DailyObjects data breach (2018)
In approximately January 2018, a collection of more than 464k customer records from the Indian online retailer DailyObjects were leaked online. The data included names, physical and email addresses, phone numbers and "pincodes" stored in plain text.
Data breachResolvedElanic data breach (2018)
In January 2020, the Indian fashion marketplace Elanic had 2.8M records with 2.3M unique email addresses posted publicly to a popular hacking forum. Elanic confirmed that they had "verified the data and it was pulled from one of our test servers where this data was exposed publicly" and that the…
2017
68 incidentsThe Fly on the Wall data breach (2017)
In December 2017, the stock market news website The Fly on the Wall suffered a data breach. The data in the breach included 84k unique email addresses as well as purchase histories and credit card data.
Data breachResolvedHoundDawgs data breach (2017)
In December 2017, the Danish torrent tracker known as HoundDawgs suffered a data breach. More than 55GB of data was dumped publicly and whilst there was initially contention as to the severity of the incident, the data did indeed contain more than 45k unique email addresses complete extensive logs…
Data breachResolvedLyrics Mania data breach (2017)
In December 2017, the song lyrics website known as Lyrics Mania suffered a data breach. The data in the breach included 109k usernames, email addresses and plain text passwords. Numerous attempts were made to contact Lyrics Mania about the incident, however no responses were received.
Data breachResolved2fast4u data breach (2017)
In December 2017, the Belgian motorcycle forum 2fast4u discovered a data breach of their system. The breach of the vBulletin message board impacted over 17k individual users and exposed email addresses, usersnames and salted MD5 passwords.
PetFlow data breach (2017)
In December 2017, the pet care delivery service PetFlow suffered a data breach which consequently appeared for sale on a dark web marketplace. Almost 1M accounts were impacted and exposed email addresses and passwords stored as unsalted MD5 hashes.
Data breachResolvedpiZap data breach (2017)
In approximately December 2017, the online photo editing site piZap suffered a data breach. The data was later placed up for sale on a dark web marketplace along with a collection of other data breaches in February 2019.
Data breachResolvedai.type data breach (2017)
In December 2017, the virtual keyboard application ai.type was found to have left a huge amount of data publicly facing in an unsecured MongoDB instance.
Data breachResolveddvd-shop.ch data breach (2017)
In December 2017, the online Swiss DVD store known as dvd-shop.ch suffered a data breach. The incident led to the exposure of 68k email addresses and plain text passwords. The site has since been updated to indicate that it is currently closed.
Open CS:GO data breach (2017)
In December 2017, the website for purchasing Counter-Strike skins known as Open CS:GO (Counter-Strike: Global Offensive) suffered a data breach (address since redirects to dropgun.com).
Data breachResolvedTheTVDB.com data breach (2017)
In November 2017, the open television database known as TheTVDB.com suffered a data breach. The breached data was posted to a hacking forum and included 182k records with usernames, email addresses and MySQL password hashes.
Data breachResolvedUber 2016 data breach and cover-up
Attackers stole personal data on 57 million Uber riders and drivers in October 2016. Rather than disclose, Uber paid the hackers a $100,000 ransom and disguised it as a bug bounty — a cover-up that led to a $148 million multistate settlement and the criminal conviction of Uber's security chief.
Malaysia telecommunications mega data breach
Personal data of 46.2 million Malaysian mobile subscribers — names, ID card numbers, SIM and IMSI numbers, and addresses from at least a dozen telcos and MVNOs — was leaked and offered for sale online, in the largest data breach in Malaysian history.
MyHeritage data breach (2017)
Genealogy and DNA-testing service MyHeritage was breached in October 2017, exposing roughly 92 million account email addresses and salted SHA-1 password hashes. The incident was only discovered and disclosed in June 2018.
Bukalapak data breach (2017)
In March 2019, the Indonesian e-commerce website Bukalapak discovered a data breach of the organisation's backups dating back to October 2017. The incident exposed approximately 13 million unique email addresses alongside IP addresses, names and passwords stored as bcrypt and salted SHA-512 hashes.
Data breachResolvedFar Eastern International Bank SWIFT heist
North Korea's Lazarus Group used custom malware to commandeer Far Eastern International Bank's SWIFT terminal and wire roughly $60 million to accounts in the U.S., Cambodia, and Sri Lanka, deploying Hermes ransomware as a diversion.
Legendas.TV data breach (2017)
In October 2017, the now defunct Brazilian service for retrieving subtitles in Portuguese Legendas.TV suffered a data breach that exposed nearly 4M customer records. The impacted data included names, usernames, email and IP addresses and unsalted SHA-1 hashes.
Data breachResolvedSmogon data breach (2017)
In April 2018, the Pokémon website known as Smogon announced they'd suffered a data breach. The breach dated back to September 2017 and affected their XenForo based forum. The exposed data included usernames, email addresses, genders and both bcrypt and MD5 password hashes.
Data breachResolvedEquifax data breach
An unpatched Apache Struts vulnerability let attackers exfiltrate Social Security numbers, dates of birth, addresses, and driver's license numbers for 147 million U.S., U.K., and Canadian consumers.
Moneycontrol data breach (2017)
In April 2021, hackers posted data for sale originating from the online Indian financial platform, Moneycontrol. The data included 763 thousand unique email addresses (allegedly a subset of a larger 40 million account breach), alongside geographic locations, phone numbers, genders, dates of birth…
Data breachResolvedEstonian ID-card ROCA crypto crisis
A flaw in Infineon's RSA key-generation library (ROCA, CVE-2017-15361) made it theoretically possible to forge digital identities for some 750,000 Estonian ID-cards, forcing a nationwide certificate suspension and emergency remote re-keying.
TGBUS data breach (2017)
In approximately 2017, it's alleged that the Chinese gaming site known as TGBUS suffered a data breach that impacted over 10 million unique subscribers.
Data breachResolvedOnliner Spambot data breach (2017)
In August 2017, a spambot by the name of Onliner Spambot was identified by security researcher Benkow moʞuƎq. The malicious software contained a server-based component located on an IP address in the Netherlands which exposed a large number of files containing personal information.
Data breachResolvedCoinmama data breach (2017)
In August 2017, the crypto coin brokerage service Coinmama suffered a data breach that impacted 479k subscribers. The breach was discovered in February 2019 with exposed data including email addresses, usernames and passwords stored as MD5 WordPress hashes.
Data breachResolvedTaringa data breach (2017)
In September 2017, news broke that Taringa had suffered a data breach exposing 28 million records. Known as "The Latin American Reddit", Taringa's breach disclosure notice indicated the incident dated back to August that year.
Data breachResolvedMALL.cz data breach (2017)
In July 2017, the Czech Republic e-commerce site MALL.cz suffered a data breach after which 735k unique accounts including email addresses, names, phone numbers and passwords were later posted online.
B2B USA Businesses data breach (2017)
In mid-2017, a spam list of over 105 million individuals in corporate America was discovered online. Referred to as "B2B USA Businesses", the list categorised email addresses by employer, providing information on individuals' job titles plus their work phone numbers and physical addresses.
Data breachResolvedSwedish Transport Agency data leak
A botched IT outsourcing deal exposed Sweden's entire vehicle and driver-licence database — including data on protected identities, police, and military personnel — to foreign IT workers without security clearance, triggering a national political crisis.
8tracks data breach (2017)
In June 2017, the online playlists service known as 8Tracks suffered a data breach which impacted 18 million accounts. In their disclosure, 8Tracks advised that "the vector for the attack was an employee’s GitHub account, which was not secured using two-factor authentication".
NotPetya destructive wiper
A destructive wiper disguised as ransomware, propagated via a compromised Ukrainian accounting software update. Estimated $10 billion in global damage — the most economically destructive cyberattack in history.
Exposed VINs data breach (2017)
In June 2017, an unsecured database with more than 10 million VINs (vehicle identification numbers) was discovered by researchers. Believed to be sourced from US car dealerships, the data included a raft of personal information and vehicle data along with 397k unique email addresses.
Data breachResolvedQatar News Agency hack
Attackers planted malware on Qatar's state news agency in April 2017 and exploited it on 24 May to publish fabricated quotes attributed to the Emir, providing the pretext used by Saudi Arabia, the UAE, Bahrain, and Egypt to launch a blockade of Qatar.
Zomato data breach (2017)
In May 2017, the restaurant guide website Zomato was hacked resulting in the exposure of almost 17 million accounts. The data was consequently redistributed online and contains email addresses, usernames and salted MD5 hashes of passwords (the password hash was not present on all accounts).
DaFont data breach (2017)
In May 2017, font sharing site DaFont suffered a data breach resulting in the exposure of 637k records. Allegedly due to a SQL injection vulnerability exploited by multiple parties, the exposed data included usernames, email addresses and passwords stored as MD5 without a salt.
Data breachResolvedBell (2017 breach) data breach (2017)
In May 2017, the Bell telecommunications company in Canada suffered a data breach resulting in the exposure of millions of customer records. The data was consequently leaked online with a message from the attacker stating that they were "releasing a significant portion of Bell.ca's data due to the…
Telefónica WannaCry ransomware outbreak
On the day WannaCry erupted worldwide, the worm tore through the corporate network of Spanish telecom giant Telefónica, forcing the company to order thousands of staff at its Madrid headquarters to shut down their PCs.
WannaCry ransomware worm
A North Korean ransomware worm that exploited the EternalBlue SMB vulnerability to spread to ~200,000 systems across 150 countries in 24 hours. Paralysed the U.K.'s NHS and crippled manufacturing globally.
Edmodo data breach (2017)
In May 2017, the education platform Edmodo was hacked resulting in the exposure of 77 million records comprised of over 43 million unique customer email addresses. The data was consequently published to a popular hacking forum and made freely available.
Reincubate data breach (2017)
In October 2020, the app data company Reincubate suffered a data breach which exposed a backup from November 2017 (the newest record in the data appeared several months earlier). The data included over 616k unique email addresses, names and passwords stored as PBKDF2 hashes.
Data breachResolvedGe.tt data breach (2017)
In May 2017, the file sharing platform Ge.tt suffered a data breach. The data was subsequently put up for sale on a dark web marketplace in February 2019 alongside a raft of other breaches.
Data breachResolvedUnderworld Empire data breach (2017)
In April 2017, the vBulletin forum for the Underworld Empire game suffered a data breach that exposed 429k accounts. The data was then posted to a hacking forum in mid-February 2018 where it was made available to download.
Data breachResolvedDueling Network data breach (2017)
In March 2017, the Flash game based on the Yu-Gi-Oh trading card game Dueling Network suffered a data breach. The site itself was taken offline in 2016 due to a cease-and-desist order but the forum remained online for another year.
Data breachResolvedHong Kong Registration and Electoral Office laptop theft
Two laptops stored at the fallback venue for Hong Kong's 2017 Chief Executive election were stolen, exposing the personal data — including ID-card numbers — of all 3.7 million registered voters.
Appartoo data breach (2017)
In March 2017, the French Flatsharing site known as Appartoo suffered a data breach. The incident exposed an extensive amount of personal information on almost 50k members including email addresses, genders, ages, private messages sent between users of the service and passwords stored as SHA-256…
Data breachResolvedHealth Now Networks data breach (2017)
In March 2017, the telemarketing service Health Now Networks left a database containing hundreds of thousands of medical records exposed. There were over 900,000 records in total containing significant volumes of personal information including names, dates of birth, various medical conditions and…
Data breachResolvedFactual data breach (2017)
In March 2017, a file containing 8M rows of data allegedly sourced from data aggregator Factual was compiled and later exchanged on the premise it was a "breach". The data contained 2.5M unique email addresses alongside business names, addresses and phone numbers.
Data breachResolvedMaster Deeds data breach (2017)
In March 2017, a 27GB database backup file named "Master Deeds" was sent to HIBP by a supporter of the project. Upon detailed analysis later that year, the file was found to contain the personal data of tens of millions of living and deceased South African residents.
Data breachResolvedSter-Kinekor data breach (2017)
In 2016, the South African cinema company Ster-Kinekor had a security flaw which leaked a large amount of customer data via an enumeration vulnerability in the API of their old website.
StoneDrill wiper attacks on Saudi organizations
Kaspersky uncovered StoneDrill, a sophisticated new wiper that destroyed data at Saudi petrochemical and industrial targets alongside the Shamoon 2 campaign, and which had spread as far as a victim in Europe.
Bolt data breach (2017)
In approximately March 2017, the file sharing website Bolt suffered a data breach resulting in the exposure of 995k unique user records. The data was sourced from their vBulletin forum and contained email and IP addresses, usernames and salted MD5 password hashes.
Data breachResolvedMINDEF I-net breach
A targeted intrusion into Singapore's Ministry of Defence I-net web-surfing system stole the NRIC numbers, phone numbers and birth dates of 850 national servicemen and staff in the country's first publicly disclosed breach of a government defence network.
Cloudflare "Cloudbleed" memory leak
A buffer-overflow bug in Cloudflare's edge servers caused them to leak adjacent chunks of memory — including passwords, cookies, and private messages from other customers — into web pages, where some were cached by search engines. The flaw was active for months before Google's Project Zero discovered it.
Retina-X data breach (2017)
In February 2017, the mobile device monitoring software developer Retina-X was hacked and customer data downloaded before being wiped from their servers.
Data breachResolvedCoachella data breach (2017)
In February 2017, hundreds of thousands of records from the Coachella music festival were discovered being sold online. Allegedly taken from a combination of the main Coachella website and their vBulletin-based message board, the data included almost 600k usernames, IP and email addresses and…
Data breachResolvedFreeOnes data breach (2017)
In February 2017, the forum for the adult website FreeOnes suffered a data breach that was later redistributed as part of a larger corpus of data. The data included 960k unique email addresses alongside usernames, IP addresses and salted MD5 password hashes.
Data breachResolvedNile Phish phishing campaign against Egyptian civil society
A large-scale, highly targeted phishing campaign documented by Citizen Lab sent 90+ credential-stealing messages against Egyptian NGOs, activists, and lawyers tied to the government's 'Case 173' crackdown on civil society.
Freedom Hosting II data breach (2017)
In January 2017, the free hidden service host Freedom Hosting II suffered a data breach. The attack allegedly took down 20% of dark web sites running behind Tor hidden services with the attacker claiming that of the 10,613 impacted sites, more than 50% of the content was child pornography.
Data breachResolvedDataCamp data breach (2017)
In December 2018, the data science website DataCamp suffered a data breach of records dating back to January 2017. The incident exposed 760k unique email and IP addresses along with names and passwords stored as bcrypt hashes.
Data breachResolvedSwordFantasy data breach (2017)
In January 2019, the now defunct MMO and RPG game SwordFantasy suffered a data breach that exposed 2.7M unique email addresses. Other impacted data included username, IP address and salted MD5 password hashes.
Data breachResolvedCrimeAgency vBulletin Hacks data breach (2017)
In January 2016, a large number of unpatched vBulletin forums were compromised by an actor known as "CrimeAgency". A total of 140 forums had data including usernames, email addresses and passwords (predominantly stored as salted MD5 hashes), extracted and then distributed.
Data breachResolvedSephora data breach (2017)
In approximately January 2017, the beauty store Sephora suffered a data breach. Impacting customers in South East Asia, Australia and New Zealand, 780k unique email addresses were included in the breach alongside names, genders, dates of birth, ethnicities and other personal information.
CloudPets data breach (2017)
In January, the maker of teddy bears that record children's voices and sends them to family and friends via the internet CloudPets left their database publicly exposed and it was subsequently downloaded by external parties (the data was also subject to 3 different ransom demands).
Data breachResolvedHub4Tech data breach (2017)
On an unknown date in approximately 2017, the Indian training and assessment service known as Hub4Tech suffered a data breach via a SQL injection attack. The incident exposed almost 37k unique email addresses and passwords stored as unsalted MD5 hashes.
Data breachResolvedLittle Monsters data breach (2017)
In approximately January 2017, the Lady Gaga fan site known as "Little Monsters" suffered a data breach that impacted 1 million accounts. The data contained usernames, email addresses, dates of birth and bcrypt hashes of passwords.
Data breachResolvedLiveJournal data breach (2017)
In mid-2019, news broke of an alleged LiveJournal data breach. This followed multiple reports of credential abuse against Dreamwidth beginning in 2018, a fork of LiveJournal with a significant crossover in user base.
Data breachResolvedR2 (2017 forum breach) data breach (2017)
In early 2017, the forum for the gaming website R2 Games was hacked. R2 had previously appeared on HIBP in 2015 after a prior incident. This one exposed over 1 million unique user accounts and corresponding MD5 password hashes with no salt.
Data breachResolvedRiver City Media Spam List data breach (2017)
In January 2017, a massive trove of data from River City Media was found exposed online. The data was found to contain almost 1.4 billion records including email and IP addresses, names and physical addresses, all of which was used as part of an enormous spam operation.
Data breachResolvedRussian America data breach (2017)
In approximately 2017, the website for Russian speakers in America known as Russian America suffered a data breach. The incident exposed 183k unique records including names, email addresses, phone numbers and passwords stored in both plain text and as MD5 hashes.
Data breachResolvedVictory Phones data breach (2017)
In January 2017, the automated telephony services company Victory Phones left a Mongo DB database publicly facing without a password. Subsequently, 213GB of data was downloaded by an unauthorised party including names, addresses, phone numbers and over 166k unique email addresses.
Data breachResolved
2016
118 incidentsData Enrichment Records data breach (2016)
In December 2016, more than 200 million "data enrichment profiles" were found for sale on the darknet. The seller claimed the data was sourced from Experian and whilst that claim was rejected by the company, the data itself was found to be legitimate suggesting it may have been sourced from other…
Data breachResolvedUkraine power grid attack — Industroyer (2016)
Russia's Sandworm group deployed Industroyer (CrashOverride), the first malware purpose-built to attack electric grids, against a Kyiv transmission substation, cutting roughly a fifth of the capital's power for about an hour.
Anti Public Combo List data breach (2016)
In December 2016, a huge list of email address and password pairs appeared in a "combo list" referred to as "Anti Public". The list contained 458 million unique email addresses, many with multiple different passwords hacked from various online systems.
Data breachResolvedEthereum data breach (2016)
In December 2016, the forum for the public blockchain-based distributed computing platform Ethereum suffered a data breach. The database contained over 16k unique email addresses along with IP addresses, private forum messages and (mostly) bcrypt hashed passwords.
Data breachResolvedPayAsUGym data breach (2016)
In December 2016, an attacker breached PayAsUGym's website exposing over 400k customers' personal data. The data was consequently leaked publicly and broadly distributed via Twitter.
Data breachResolvedMrExcel data breach (2016)
In December 2016, the forum for the Microsoft Excel tips and solutions site Mr Excel suffered a data breach. The hack of the vBulletin forum led to the exposure of over 366k accounts along with email and IP addresses, dates of birth and salted passwords hashed with MD5.
Data breachResolvedBiohack.me data breach (2016)
In December 2016, the forum for the biohacking website Biohack.me suffered a data breach that exposed 3.4k accounts. The data included usernames, email addresses and hashed passwords along with the private messages of forum members. The data was self-submitted to HIBP by the Biohack.me operators.
Data breachResolvedFashionFantasyGame data breach (2016)
In late 2016, the fashion gaming website Fashion Fantasy Game suffered a data breach. The incident exposed 2.3 million unique user accounts and corresponding MD5 password hashes with no salt. The data was contributed to Have I Been Pwned courtesy of rip@creep.im.
Data breachResolvedWarmane data breach (2016)
In approximately December 2016, the online service for World of Warcraft private servers Warmane suffered a data breach. The incident exposed over 1.1M accounts including usernames, email addresses, dates of birth and salted MD5 password hashes.
Data breachResolvedYouku data breach (2016)
In late 2016, China's leading online video platform Youku suffered a data breach exposing roughly 92 million unique user accounts together with usernames and MD5-hashed passwords, which later circulated on dark-web marketplaces.
xHamster data breach (2016)
In November 2016, news broke that hackers were trading hundreds of thousands of xHamster porn account details. In total, the data contained almost 380k unique user records including email addresses, usernames and unsalted MD5 password hashes.
Data breachResolvedDeutsche Telekom Mirai router outage
A botched Mirai botnet campaign targeting a router exploit crashed roughly 900,000 Deutsche Telekom routers, knocking German customers offline for internet, phone, and TV over two days in November 2016.
RankWatch data breach (2016)
In approximately November 2016, the search engine optimisation management company RankWatch exposed a Mongo DB with no password publicly whereupon their data was exfiltrated and posted to an online forum.
Data breachResolvedCashCrate data breach (2016)
In June 2017, news broke that CashCrate had suffered a data breach exposing 6.8 million records. The breach of the cash-for-surveys site dated back to November 2016 and exposed names, physical addresses, email addresses and passwords stored in plain text for older accounts along with weak MD5…
Data breachResolvedShamoon 2 wiper attacks on Saudi government
A reactivated Shamoon (Disttrack) wiper destroyed thousands of computers across Saudi government bodies including the General Authority of Civil Aviation, overwriting master boot records with the image of a drowned Syrian child.
FriendFinder Networks breach
A local file inclusion flaw let attackers steal 412 million accounts across FriendFinder Networks' adult and dating sites, including AdultFriendFinder. Most passwords were stored in plain text or as unsalted SHA-1, and 'deleted' accounts were never actually removed.
SubaGames data breach (2016)
In November 2016, the game developer Suba Games suffered a data breach which led to the exposure of 6.1M unique email addresses. Impacted data also included usernames and passwords, most of which appeared circulating in the breached file in plain text after being cracked from salted MD5 hashes.
Data breachResolvedMCBans data breach (2016)
In October 2016, the Minecraft banning service known as MCBans suffered a data breach resulting in the exposure of 120k unique user records. The data contained email and IP addresses, usernames and password hashes of unknown format.
Data breachResolvedDyn DNS Mirai DDoS attack
A massive Mirai-botnet DDoS attack against managed DNS provider Dyn knocked Twitter, Netflix, Spotify, GitHub, Reddit, and dozens of other major sites offline across the U.S. and Europe, demonstrating how a botnet of compromised IoT devices could disrupt large swathes of the internet.
Adult FriendFinder (2016) data breach (2016)
In October 2016, the adult entertainment company Friend Finder Networks suffered a massive data breach. The incident impacted multiple separate online assets owned by the company, the largest of which was the Adult FriendFinder website alleged to be "the world's largest sex & swinger community".
Data breachResolvedExploit.In data breach (2016)
In late 2016, a huge list of email address and password pairs appeared in a "combo list" referred to as "Exploit.In". The list contained 593 million unique email addresses, many with multiple different passwords hacked from various online systems.
Data breachResolvedGFAN data breach (2016)
In October 2016, data surfaced that was allegedly obtained from the Chinese website known as GFAN and contained 22.5M accounts. Whilst there is evidence that the data is legitimate, due to the difficulty of emphatically verifying the Chinese breach it has been flagged as "unverified".
Data breachResolvedModern Business Solutions data breach (2016)
In October 2016, a large Mongo DB file containing tens of millions of accounts was shared publicly on Twitter (the file has since been removed). The database contained over 58M unique email addresses along with IP addresses, names, home addresses, genders, job titles, dates of birth and phone…
Data breachResolvedLeak at Dailymotion
In October 2016, French video-sharing platform Dailymotion was breached, exposing roughly 85.2 million user accounts including email addresses and usernames, with bcrypt password hashes for about 18 million of them.
Pokémon Negro data breach (2016)
In approximately October 2016, the Spanish Pokémon site Pokémon Negro suffered a data breach. The attack resulted in the disclosure of 830k accounts including email and IP addresses along with plain text passwords. Pokémon Negro did not respond when contacted about the breach.
Data breachResolvedAipai.com data breach (2016)
In September 2016, data allegedly obtained from the Chinese gaming website known as Aipai.com and containing 6.5M accounts was leaked online. Whilst there is evidence that the data is legitimate, due to the difficulty of emphatically verifying the Chinese breach it has been flagged as "unverified".
Data breachResolvedYahoo data breaches (3 billion accounts)
Two separate breaches — disclosed in 2016 but stretching back to 2013 and 2014 — exposed every Yahoo account in existence. Three billion accounts: the largest single-company data exposure in history.
Leet data breach (2016)
In August 2016, the service for creating and running Pocket Minecraft edition servers known as Leet was reported as having suffered a data breach that impacted 6 million subscribers.
Data breachResolvedeThekwini Municipality data breach (2016)
In September 2016, the new eThekwini eServices website in South Africa was launched with a number of security holes that lead to the leak of over 98k residents' personal information and utility bills across 82k unique email addresses.
Real Estate Mogul data breach (2016)
In September 2016, the real estate investment site Real Estate Mogul had a Mongo DB instance compromised and 5GB of data downloaded by an unauthorised party. The data contained real estate listings including addresses and the names, phone numbers and 308k unique email addresses of the sellers.
Data breachResolveduuu9 data breach (2016)
In September 2016, data was allegedly obtained from the Chinese website known as uuu9.com and contained 7.5M accounts. Whilst there is evidence that the data is legitimate, due to the difficulty of emphatically verifying the Chinese breach it has been flagged as "unverified".
Data breachResolvedDigimon data breach (2016)
In September 2016, over 16GB of logs from a service indicated to be digimon.co.in were obtained, most likely from an unprotected Mongo DB instance. The service ceased running shortly afterwards and no information remains about the precise nature of it.
ClixSense data breach (2016)
In September 2016, the paid-to-click site ClixSense suffered a data breach which exposed 2.4 million subscriber identities. The breached data was then posted online by the attackers who claimed it was a subset of a larger data breach totalling 6.6 million records.
Data breachResolvedNemoWeb data breach (2016)
In September 2016, almost 21GB of data from the French website used for "standardised and decentralized means of exchange for publishing newsgroup articles" NemoWeb was leaked from what appears to have been an unprotected Mongo DB.
Data breachResolvedNetProspex data breach (2016)
In 2016, a list of over 33 million individuals in corporate America sourced from Dun & Bradstreet's NetProspex service was leaked online. D&B believe the targeted marketing data was lost by a customer who purchased it from them.
Data breachResolvedMDPI data breach (2016)
In August 2016, the Swiss scholarly open access publisher known as MDPI had 17.5GB of data obtained from an unprotected Mongo DB instance. The data contained email exchanges between MDPI and their authors and reviewers which included 845k unique email addresses.
Data breachResolvedPPCGeeks data breach (2016)
In August 2016, the pocket PC fan site forum PPCGeeks suffered a data breach that exposed over 490k records. The breach of the vBulletin forum exposed email and IP addresses, usernames, dates of birth and passwords stored as salted MD5 hashes.
Data breachResolvedGeekedIn data breach (2016)
In August 2016, the technology recruitment site GeekedIn left a MongoDB database exposed and over 8M records were extracted by an unknown third party. The breached data was originally scraped from GitHub in violation of their terms of use and contained information exposed in public profiles,…
Data breachResolvedEpic Games data breach (2016)
In August 2016, the Epic Games forum suffered a data breach, allegedly due to a SQL injection vulnerability in vBulletin. The attack resulted in the exposure of 252k accounts including usernames, email addresses and salted MD5 hashes of passwords.
Data breachResolvedUnreal Engine data breach (2016)
In August 2016, the Unreal Engine Forum suffered a data breach, allegedly due to a SQL injection vulnerability in vBulletin. The attack resulted in the exposure of 530k accounts including usernames, email addresses and salted MD5 hashes of passwords.
Data breachResolvedCross Fire data breach (2016)
In August 2016, the Russian gaming forum known as Cross Fire (or cfire.mail.ru) was hacked along with a number of other forums on the Russian mail provider, mail.ru. The vBulletin forum contained 12.8 million accounts including usernames, email addresses and passwords stored as salted MD5 hashes.
Пара Па data breach (2016)
In August 2016, the Russian gaming site known as Пара Па (or parapa.mail.ru) was hacked along with a number of other forums on the Russian mail provider, mail.ru. The vBulletin forum contained 4.9 million accounts including usernames, email addresses and passwords stored as salted MD5 hashes.
Wishbone (2016) data breach (2016)
In August 2016, the mobile app to "compare anything" known as Wishbone suffered a data breach. The data contained 9.4 million records with 2.2 million unique email addresses and was allegedly a subset of the complete data set.
Data breachResolvedGSM Hosting data breach (2016)
In August 2016, breached data from the vBulletin forum for GSM-Hosting appeared for sale alongside dozens of other hacked services. The breach impacted 2.6M users of the service and included email and IP addresses, usernames and salted MD5 password hashes.
Data breachResolvedGTAGaming data breach (2016)
In August 2016, the Grand Theft Auto forum GTAGaming was hacked and nearly 200k user accounts were leaked. The vBulletin based forum included usernames, email addresses and password hashes.
Data breachResolvedDLH.net data breach (2016)
In July 2016, the gaming news site DLH.net suffered a data breach which exposed 3.3M subscriber identities. Along with the keys used to redeem and activate games on the Steam platform, the breach also resulted in the exposure of email addresses, birth dates and salted MD5 password hashes.
Data breachResolvedRoblox data breach (2016)
In August 2016, Roblox disclosed a data breach that affected over 50k users. The security incident impacted email and IP addresses, usernames, purchases and Robux balances which were left exposed on a test server.
Data breachResolvedVietnam Airlines & airports hack (1937CN)
Hackers claiming the name 1937CN hijacked flight-information displays and PA systems at major Vietnamese airports with anti-Vietnam South China Sea messages, and leaked data on 411,000 Vietnam Airlines frequent flyers.
AKP Emails data breach (2016)
In July 2016, a hacker known as Phineas Fisher hacked Turkey's ruling party (Justice and Development Party or "AKP") and gained access to 300k emails. The full contents of the emails were subsequently published by WikiLeaks and made searchable.
i-Dressup data breach (2016)
In June 2016, the teen social site known as i-Dressup was hacked and over 2 million user accounts were exposed. At the time the hack was reported, the i-Dressup operators were not contactable and the underlying SQL injection flaw remained open, allegedly exposing a total of 5.5 million accounts.
Data breachResolvedClash of Kings data breach (2016)
In July 2016, the forum for the game "Clash of Kings" suffered a data breach that impacted 1.6 million subscribers. The impacted data included usernames, IP and email addresses and passwords stored as MD5 hashes. The data was provided to HIBP by dehashed.com.
Data breachResolvedDota2 data breach (2016)
In July 2016, the Dota2 official developers forum suffered a data breach that exposed almost 2 million users. The hack of the vBulletin forum led to the disclosure of email and IP addresses, usernames and passwords stored as salted MD5 hashes.
Data breachResolvedShadi.com data breach (2016)
In July 2016, the Muslim dating site Shadi.com suffered a data breach that exposed over 2M members' email addresses. The breach also exposed passwords stored as MD5 hashes alongside their plain text equivalents.
Data breachResolveddBforums data breach (2016)
In July 2016, a data breach of the now defunct database forum "dBforums" appeared for sale alongside several others hacked from the parent company, Penton.
Data breachResolvedMac Forums data breach (2016)
In July 2016, the self-proclaimed "Ultimate Source For Your Mac" website Mac Forums suffered a data breach. The vBulletin-based system exposed over 326k usernames, email and IP addresses, dates of birth and passwords stored as salted MD5 hashes.
Data breachResolvedAbuseWith.Us data breach (2016)
In 2016, the site dedicated to helping people hack email and online gaming accounts known as Abusewith.us suffered multiple data breaches. The site allegedly had an administrator in common with the nefarious LeakedSource site, both of which have since been shut down.
CrackingForum data breach (2016)
In approximately mid-2016, the cracking community forum known as CrackingForum suffered a data breach. The vBulletin based forum exposed 660k email and IP addresses, usernames and salted MD5 hashes.
Data breachResolvedFreshMenu data breach (2016)
In July 2016, the India-based food delivery service FreshMenu suffered a data breach. The incident exposed the personal data of over 110k customers and included their names, email addresses, phone numbers, home addresses and order histories.
Data breachResolvedFunimation data breach (2016)
In July 2016, the anime site Funimation suffered a data breach that impacted 2.5 million accounts. The data contained usernames, email addresses, dates of birth and salted SHA1 hashes of passwords.
Data breachResolvedGPS Underground data breach (2016)
In early 2017, GPS Underground was amongst a collection of compromised vBulletin websites that were found being sold online. The breach dated back to mid-2016 and included 670k records with usernames, email and IP addresses, dates of birth and salted MD5 password hashes.
Data breachResolvedKaneva data breach (2016)
In July 2016, now defunct website Kaneva, the service to "build and explore virtual worlds", suffered a data breach that exposed 3.9M user records. The data included email addresses, usernames, dates of birth and salted MD5 password hashes.
Data breachResolvedOnRPG data breach (2016)
In July 2016, the now defunct free online games list website OnRPG suffered a data breach that was later redistributed as part of a larger corpus of data. The incident exposed just over 1M email and IP addresses alongside usernames and passwords stored as salted MD5 hashes.
Data breachResolvedTunngle data breach (2016)
In 2016, the now defunct global LAN gaming network Tunngle suffered a data breach that exposed 8.2M unique email addresses. The compromised data also included usernames, IP addresses and passwords stored as salted MD5 hashes.
Data breachResolvedWeb Hosting Talk data breach (2016)
In July 2016, the Web Hosting Talk forum suffered a data breach that was subsequently listed for sale. The breach of the vBulletin based forum exposed 515k user records including usernames, email addresses, IP addresses and salted MD5 password hashes.
Data breachResolvedStreetEasy data breach (2016)
In approximately June 2016, the real estate website StreetEasy suffered a data breach. In total, 988k unique email addresses were included in the breach alongside names, usernames and SHA-1 hashes of passwords, all of which appeared for sale on a dark web marketplace in February 2019.
Data breachResolvedWhitepages data breach (2016)
In mid-2016, the telephone and address directory service Whitepages was among a raft of sites that were breached and their data then sold in early-2019. The data included over 11 million unique email addresses alongside names and passwords stored as either a SHA-1 or bcrypt hash.
Data breachResolvedMuslim Match data breach (2016)
In June 2016, the Muslim Match dating website had 150k email addresses exposed. The data included private chats and messages between relationship seekers and numerous other personal attributes including passwords hashed with MD5.
Data breachResolvedHLTV data breach (2016)
In June 2016, the "home of competitive Counter Strike" website HLTV was hacked and 611k accounts were exposed. The attack led to the exposure of names, usernames, email addresses and bcrypt hashes of passwords.
Data breachResolvedDemocratic National Committee hack
Russian GRU Units 26165 (APT28) and 31165 (APT29) compromised the Democratic National Committee, Hillary Clinton campaign, and DCCC. Stolen emails were selectively released via 'DCLeaks', 'Guccifer 2.0', and WikiLeaks to influence the 2016 U.S. presidential election.
JTB Corporation data breach
A spear-phishing email carrying PlugX malware breached Japan's largest travel agency JTB, exposing personal data — including thousands of passport numbers — for up to 7.93 million customers.
Facepunch data breach (2016)
In June 2016, the game development studio Facepunch suffered a data breach that exposed 343k users. The breached data included usernames, email and IP addresses, dates of birth and salted MD5 password hashes. Facepunch advised they were aware of the incident and had notified people at the time.
Data breachResolvedEvony data breach (2016)
In June 2016, the online multiplayer game Evony was hacked and over 29 million unique accounts were exposed. The attack led to the exposure of usernames, email and IP addresses and MD5 hashes of passwords (without salt).
Data breachResolvedForumCommunity data breach (2016)
In approximately mid-2016, the Italian-based service for creating forums known as ForumCommunity suffered a data breach. The incident impacted over 776k unique email addresses along with usernames and unsalted MD5 password hashes. No response was received from ForumCommunity when contacted.
Data breachResolvedMangaFox.me data breach (2016)
In approximately July 2016, the manga website known as mangafox.me suffered a data breach. The vBulletin based forum exposed 1.3 million accounts including usernames, email and IP addresses, dates of birth and salted MD5 password hashes.
Data breachResolvedUiggy data breach (2016)
In June 2016, the Facebook application known as Uiggy was hacked and 4.3M accounts were exposed, 2.7M of which had email addresses against them. The leaked accounts also exposed names, genders and the Facebook ID of the owners.
Data breachResolvedMySpace credentials breach
Credentials for roughly 360 million pre-2013 MySpace accounts surfaced for sale on the dark web in 2016. The passwords were stored as unsalted SHA-1 hashes, making one of the largest credential dumps ever disclosed trivially crackable.
Teracod data breach (2016)
In May 2015, almost 100k user records were extracted from the Hungarian torrent site known as Teracod. The data was later discovered being torrented itself and included email addresses, passwords, private messages between members and the peering history of IP addresses using the service.
Data breachResolvedRegpack data breach (2016)
In July 2016, a tweet was posted with a link to an alleged data breach of BlueSnap, a global payment gateway and merchant account provider. The data contained 324k payment records across 105k unique email addresses and included personal attributes such as name, home address and phone number.
Data breachResolvedArmy Force Online data breach (2016)
In May 2016, the online gaming site Army Force Online suffered a data breach that exposed 1.5M accounts. The breached data was found being regularly traded online and included usernames, email and IP addresses and MD5 passwords.
Data breachResolvedFur Affinity data breach (2016)
In May 2016, the Fur Affinity website for people with an interest in anthropomorphic animal characters (also known as "furries") was hacked. The attack exposed 1.2M email addresses (many accounts had a different "first" and "last" email against them) and hashed passwords.
Data breachResolvedRosebutt Board data breach (2016)
Some time prior to May 2016, the forum known as "Rosebutt Board" was hacked and 107k accounts were exposed. The self-described "top one board for anal fisting, prolapse, huge insertions and rosebutt fans" had email and IP addresses, usernames and weakly stored salted MD5 password hashes hacked from…
Data breachResolvedShotbow data breach (2016)
In May 2016, the multiplayer server for Minecraft service Shotbow announced they'd suffered a data breach. The incident resulted in the exposure of over 1 million unique email addresses, usernames and salted SHA-256 password hashes.
Data breachResolvedNulled.cr data breach (2016)
In May 2016, the cracking community forum known as Nulled.cr was hacked and 599k user accounts were leaked publicly. The compromised data included email and IP addresses, weak salted MD5 password hashes and hundreds of thousands of private messages between members.
Data breachResolvedGameVN data breach (2016)
In May 2016, the Vietnamese gaming forum GameVN suffered a data breach that was later redistributed as part of a larger corpus of data. Data breached from the XenForo-based forum included 1.4M unique email addresses, usernames, IP addresses and salted MD5 password hashes.
Data breachResolvedInterpark customer data breach
South Korean police attributed a breach of online retailer Interpark — exposing the personal data of more than 10 million shoppers — to North Korea's intelligence agency, which used spearphishing and then demanded a multi-million-dollar bitcoin ransom.
Qatar National Bank data breach
A 1.4 GB archive of internal files, customer account records, and nearly one million payment card numbers stored in clear text was leaked online, including dossiers on Qatar's Al Thani royal family, Al Jazeera staff, and apparent intelligence targets.
Foodora data breach (2016)
In April 2016, the online food delivery service Foodora suffered a data breach which was then extensively redistributed online. The breach included the personal information of hundreds of thousands of customers from multiple countries including their names, delivery addresses, phone numbers and…
Data breachResolved17 data breach (2016)
In April 2016, customer data obtained from the streaming app known as "17" appeared listed for sale on a Tor hidden service marketplace. The data contained over 4 million unique email addresses along with IP addresses, usernames and passwords stored as unsalted MD5 hashes.
Data breachResolvedMexican voter database exposure (Mexico, 2016)
A misconfigured MongoDB database left the full Mexican national voter roll — 93.4 million records including names, addresses, birthdates and national ID numbers — publicly accessible on Amazon's cloud with no password, for months.
KnownCircle data breach (2016)
In approximately April 2016, the "marketing automation for agents and professional service providers" company KnownCircle had a large volume of data obtained by an external party.
Data breachResolvedTurkish citizenship database (MERNIS) leak
A 6.6 GB database containing the national ID numbers, full names, parents' names, addresses, and dates of birth of 49.6 million Turkish citizens was dumped in cleartext online, exposing nearly the entire adult population.
Guns and Robots data breach (2016)
In approximately April 2016, the gaming website Guns and Robots suffered a data breach resulting in the exposure of 143k unique records. The data contained email and IP addresses, usernames and SHA-1 password hashes.
Data breachResolvedCOMELEC 'Comeleak' voter database breach
Hackers defaced the Philippine Commission on Elections website and leaked its entire voter registration database — records on roughly 55 million voters, including 15.8 million fingerprints and 1.3 million overseas passport numbers — in one of the largest government breaches ever.
Tuned Global data breach (2016)
In January 2021, data from a number of breached services including Tuned Global were released to a public hacking forum. The breach appears to date back to 2016 and includes 985k records containing email addresses, names, a small number of physical addresses and phone numbers and passwords stored…
Data breachResolvedNaughty America data breach (2016)
In March 2016, the adult website Naughty America was hacked and the data consequently sold online. The breach included data from numerous systems with various personal identity attributes, the largest of which had passwords stored as easily crackable MD5 hashes.
Data breachResolvedStaminus data breach (2016)
In March 2016, the DDoS protection service Staminus was "massively hacked" resulting in an outage of more than 20 hours and the disclosure of customer credentials (with unsalted MD5 hashes), support tickets, credit card numbers and other sensitive data.
Data breachResolvedCD Projekt RED data breach (2016)
In March 2016, Polish game developer CD Projekt RED suffered a data breach. The hack of their forum led to the exposure of almost 1.9 million accounts along with usernames, email addresses and salted SHA1 passwords.
Data breachResolvedKM.RU data breach (2016)
In February 2016, the Russian portal and email service KM.RU was the target of an attack which was consequently detailed on Reddit. Allegedly protesting "the foreign policy of Russia in regards to Ukraine", KM.RU was one of several Russian sites in the breach and impacted almost 1.5M accounts…
Mate1.com data breach (2016)
In February 2016, the dating site mate1.com suffered a huge data breach resulting in the disclosure of over 27 million subscribers' information. The data included deeply personal information about their private lives including drug and alcohol habits, incomes levels and sexual fetishes as well as…
Data breachResolvedNival data breach (2016)
In February 2016, the Russian gaming company Nival was the target of an attack which was consequently detailed on Reddit. Allegedly protesting "the foreign policy of Russia in regards to Ukraine", Nival was one of several Russian sites in the breach and impacted over 1.5M accounts including…
Data breachResolvedTruckersMP data breach (2016)
In February 2016, the online trucking simulator mod TruckersMP suffered a data breach which exposed 84k user accounts. In a first for "Have I Been Pwned", the breached data was self-submitted directly by the organisation that was breached itself.
Data breachResolvedLinux Mint data breach (2016)
In February 2016, the website for the Linux distro known as Linux Mint was hacked and the ISO infected with a backdoor. The site also ran a phpBB forum which was subsequently put up for sale complete with almost 145k email addresses, passwords and other personal subscriber information.
Data breachResolvedSkTorrent data breach (2016)
In February 2016, the Slovak torrent tracking site SkTorrent was hacked and over 117k records leaked online. The data dump included usernames, email addresses and passwords stored in plain text.
Data breachResolvedV-Tight Gel data breach (2016)
In approximately February 2016, data surfaced which was allegedly obtained from V-Tight Gel (vaginal tightening gel). Whilst the data set was titled V-Tight, within there were 50 other (predominantly wellness-related) domain names, most owned by the same entity.
Data breachResolvedBangladesh Bank SWIFT heist
Lazarus operators sent fraudulent SWIFT instructions through the New York Fed to wire $951 million out of Bangladesh Bank's reserve account. A typo on one transfer stopped $850M; $81M still escaped to Philippine casinos.
Flash Flash Revolution (2016 breach) data breach (2016)
In February 2016, the music-based rhythm game known as Flash Flash Revolution was hacked and 1.8M accounts were exposed. Along with email and IP addresses, the vBulletin forum also exposed salted MD5 password hashes.
Data breachResolvedMinecraft World Map data breach (2016)
In approximately January 2016, the Minecraft World Map site designed for sharing maps created for the game was hacked and over 71k user accounts were exposed. The data included usernames, email and IP addresses along with salted and hashed passwords.
Data breachResolveduTorrent data breach (2016)
In early 2016, the forum for the uTorrent BitTorrent client suffered a data breach which came to light later in the year. The database from the IP.Board based forum contained 395k accounts including usernames, email addresses and MD5 password hashes without a salt.
Data breachResolvedBattlefy data breach (2016)
In January 2016, the esports website Battlefy suffered a data breach that exposed 83k customer records. The impacted data included email addresses, usernames and passwords stored as bcrypt hashes.
Data breachResolvedEpicNPC data breach (2016)
In January 2016, the hacked account reseller EpicNPC suffered a data breach that impacted 409k subscribers. The impacted data included usernames, IP and email addresses and passwords stored as salted MD5 hashes. The data was provided to HIBP by dehashed.com.
Data breachResolvedAnime-Planet data breach (2016)
In approximately 2016, the anime website Anime-Planet suffered a data breach that impacted 369k subscribers. The exposed data included usernames, IP and email addresses, dates of birth and passwords stored as unsalted MD5 hashes and for newer accounts, bcrypt hashes.
Data breachResolvedBitTorrent data breach (2016)
In January 2016, the forum for the popular torrent software BitTorrent was hacked. The IP.Board based forum stored passwords as weak SHA1 salted hashes and the breached data also included usernames, email and IP addresses.
Data breachResolvedD3Scene data breach (2016)
In January 2016, the gaming website D3Scene, suffered a data breach. The compromised vBulletin forum exposed 569k million email addresses, IP address, usernames and passwords stored as salted MD5 hashes. The data was provided to HIBP by dehashed.com.
Data breachResolvedLifeboat data breach (2016)
In January 2016, the Minecraft community known as Lifeboat was hacked and more than 7 million accounts leaked. Lifeboat knew of the incident for three months before the breach was made public but elected not to advise customers.
Data breachResolvedMoDaCo data breach (2016)
In approximately January 2016, the UK based Android community known as MoDaCo suffered a data breach which exposed 880k subscriber identities. The data included email and IP addresses, usernames and passwords stored as salted MD5 hashes.
Data breachResolvedOnverse data breach (2016)
In January 2016, the online virtual world known as Onverse was hacked and 800k accounts were exposed. Along with email and IP addresses, the site also exposed salted MD5 password hashes.
Data breachResolvedServerPact data breach (2016)
In mid-2015, the Dutch Minecraft site ServerPact was hacked and 73k accounts were exposed. Along with birth dates, email and IP addresses, the site also exposed SHA1 password hashes with the username as the salt.
Data breachResolvedXPG data breach (2016)
In approximately early 2016, the gaming website Xpgamesaves (XPG) suffered a data breach resulting in the exposure of 890k unique user records. The data contained email and IP addresses, usernames and salted MD5 hashes of passwords.
Data breachResolved
2015
82 incidentsTrillian data breach (2015)
In December 2015, the instant messaging application Trillian suffered a data breach. The breach became known in July 2016 and exposed various personal data attributes including names, email addresses and passwords stored as salted MD5 hashes.
Data breachResolvedTurkey banking sector & .tr DNS DDoS attacks
A two-week Anonymous-claimed DDoS campaign knocked Turkish banks' online and card-payment systems offline and hit the NIC.tr DNS infrastructure with a 40 Gbps flood, disrupting roughly 400,000 .tr domains nationwide.
Ukraine power grid attack — Sandworm BlackEnergy (2015)
The Russia-linked Sandworm group used spear-phishing, BlackEnergy3, and KillDisk to remotely flip breakers at three Ukrainian regional electricity distribution companies, cutting power to approximately 230,000 customers for 1–6 hours. It is the first publicly acknowledged successful cyberattack on an electric power grid in history.
QuinStreet data breach (2015)
In approximately late 2015, the maker of "performance marketing products" QuinStreet had a number of their online assets compromised. The attack impacted 28 separate sites, predominantly technology forums such as flashkit.com, codeguru.com and webdeveloper.com (view a full list of sites).
Data breachResolvedAternos data breach (2015)
In December 2015, the service for creating and running free Minecraft servers known as Aternos suffered a data breach that impacted 1.4 million subscribers. The data included usernames, email and IP addresses and hashed passwords.
Data breachResolvedDaniWeb data breach (2015)
In late 2015, the technology and social site DaniWeb suffered a data breach. The attack resulted in the disclosure of 1.1 million accounts including email and IP addresses which were also accompanied by salted MD5 hashes of passwords.
Data breachResolvedInvestBank UAE breach and Hacker Buba extortion
A hacker calling himself Hacker Buba breached Sharjah-based InvestBank, demanded a $3 million ransom, and then leaked tens of thousands of customer records including credit card numbers, passports and account details when the bank refused to pay.
Nihonomaru data breach (2015)
In late 2015, the anime community known as Nihonomaru had their vBulletin forum hacked and 1.7 million accounts exposed. The compromised data included email and IP addresses, usernames and salted hashes of passwords.
Data breachResolvedProgramming Forums data breach (2015)
In approximately late 2015, the programming forum at programmingforums.org suffered a data breach resulting in the exposure of 707k unique user records. The data contained email and IP addresses, usernames and salted MD5 hashes of passwords.
Data breachResolvedThe Fappening data breach (2015)
In December 2015, the forum for discussing naked celebrity photos known as "The Fappening" (named after the iCloud leaks of 2014) was compromised and 179k accounts were leaked. Exposed member data included usernames, email addresses and salted hashes of passwords.
Data breachResolvedVTech children's data breach
A SQL-injection attack against Hong Kong toymaker VTech's Learning Lodge service exposed the personal data of 6.4 million children and nearly 5 million parent accounts, becoming the first major breach to focus on data about minors.
MajorGeeks data breach (2015)
In November 2015, almost 270k accounts from the MajorGeeks support forum were breached. The accounts were being actively sold and traded online and included email addresses, salted password hashes and IP addresses.
Data breachResolvedBeautiful People data breach (2015)
In November 2015, the dating website Beautiful People was hacked and over 1.1M accounts were leaked. The data was being traded in underground circles and included a huge amount of personal information related to dating.
Data breachResolvedComcast data breach (2015)
In November 2015, the US internet and cable TV provider Comcast suffered a data breach that exposed 590k customer email addresses and plain text passwords. A further 27k accounts appeared with home addresses with the entire data set being sold on underground forums.
Data breachResolvedAncestry data breach (2015)
In November 2015, an Ancestry service known as RootsWeb suffered a data breach. The breach was not discovered until late 2017 when a file containing almost 300k email addresses and plain text passwords was identified.
Data breachResolvedInterPals data breach (2015)
In late 2015, the online penpal site InterPals had their website hacked and 3.4 million accounts exposed. The compromised data included email addresses, geographical locations, birthdates and salted hashes of passwords.
Data breachResolvedxat data breach (2015)
In November 2015, the online chatroom known as "xat" was hacked and 6 million user accounts were exposed. Used as a chat engine on websites, the leaked data included usernames, email and IP addresses along with hashed passwords.
Data breachResolvedvBulletin data breach (2015)
In November 2015, the forum software maker vBulletin suffered a serious data breach. The attack lead to the release of both forum user and customer accounts totalling almost 519k records.
Data breachResolvedAbandonia (2015) data breach (2015)
In November 2015, the gaming website dedicated to classic DOS games Abandonia suffered a data breach resulting in the exposure of 776k unique user records. The data contained email and IP addresses, usernames and salted MD5 hashes of passwords.
Data breachResolvedR2Games data breach (2015)
In late 2015, the gaming website R2Games was hacked and more than 2.1M personal records disclosed. The vBulletin forum included IP addresses and passwords stored as salted hashes using a weak implementation enabling many to be rapidly cracked.
Data breachResolvedMac-Torrents data breach (2015)
In October 2015, the torrent site Mac-Torrents was hacked and almost 94k usernames, email addresses and passwords were leaked. The passwords were hashed with MD5 and no salt.
Data breachResolvedPHP Freaks data breach (2015)
In October 2015, the PHP discussion board PHP Freaks was hacked and 173k user accounts were publicly leaked. The breach included multiple personal data attributes as well as salted and hashed passwords.
Data breachResolvedGo Games data breach (2015)
In approximately October 2015, the manga website Go Games suffered a data breach. The exposed data included 3.4M customer records including email and IP addresses, usernames and passwords stored as salted MD5 hashes. Go Games did not respond when contacted about the incident.
Data breachResolvedGamerzplanet data breach (2015)
In approximately October 2015, the online gaming forum known as Gamerzplanet was hacked and more than 1.2M accounts were exposed. The vBulletin forum included IP addresses and passwords stored as salted hashes using a weak implementation enabling many to be rapidly cracked.
Data breachResolvedMPGH data breach (2015)
In October 2015, the multiplayer game hacking website MPGH was hacked and 3.1 million user accounts disclosed. The vBulletin forum breach contained usernames, email addresses, IP addresses and salted hashes of passwords.
Data breachResolvedNapsGear data breach (2015)
In October 2015, the anabolic steroids retailer NapsGear suffered a data breach. An extensive amount of personal information on 287k customers was exposed including email addresses, names, addresses, phone numbers, purchase histories and salted MD5 password hashes.
Data breachResolvedTalkTalk customer data breach
An SQL injection attack — committed primarily by four British teenagers — exposed personal data on roughly 157,000 TalkTalk customers including bank account details. Triggered a record £400,000 UK ICO fine.
NetEase data breach (2015)
In October 2015, a dataset attributed to the Chinese email provider NetEase (163.com and 126.com) surfaced, allegedly exposing around 234 million email addresses and plaintext passwords. NetEase denied any breach; HIBP lists the incident as unverified.
Special K Data Feed Spam List data breach (2015)
In mid to late 2015, a spam list known as the Special K Data Feed was discovered containing almost 31M identities. The data includes personal attributes such as names, physical and IP addresses, genders, birth dates and phone numbers. Read more about spam lists in HIBP.
Data breachResolvedPatreon data breach (2015)
In October 2015, the crowdfunding site Patreon was hacked and over 16GB of data was released publicly. The dump included almost 14GB of database records with more than 2.3M unique email addresses, millions of personal messages and passwords stored as bcrypt hashes.
PSP ISO data breach (2015)
In approximately September 2015, the PlayStation PSP forum known as PSP ISO was hacked and almost 1.3 million accounts were exposed. Along with email and IP addresses, the vBulletin forum also exposed salted MD5 password hashes.
Data breachResolvedWIIU ISO data breach (2015)
In September 2015, the Nintendo Wii U forum known as WIIU ISO was hacked and 458k accounts were exposed. Along with email and IP addresses, the vBulletin forum also exposed salted MD5 password hashes.
Data breachResolvedXbox 360 ISO data breach (2015)
In approximately September 2015, the XBOX 360 forum known as XBOX360 ISO was hacked and 1.2 million accounts were exposed. Along with email and IP addresses, the vBulletin forum also exposed salted MD5 password hashes.
Data breachResolvedFinal Fantasy Shrine data breach (2015)
In September 2015, the Final Fantasy discussion forum known as FFShrine was breached and the data dumped publicly. Approximately 620k records were released containing email addresses, IP addresses and salted hashes of passwords.
Data breachResolvedExperian (2015) data breach (2015)
In September 2015, the US based credit bureau and consumer data broker Experian suffered a data breach that impacted 15 million customers who had applied for financing from T-Mobile.
Data breachResolvedThe Candid Board data breach (2015)
In September 2015, the non-consensual voyeurism site "The Candid Board" suffered a data breach. The hack of the vBulletin forum led to the exposure of over 178k accounts along with email and IP addresses, dates of birth and salted passwords hashed with MD5.
Data breachResolvedClearVoice Surveys data breach (2015)
In April 2021, the market research surveys company ClearVoice Surveys had a publicly facing database backup from 2015 taken and redistributed on a popular hacking forum.
Data breachResolvedMyVidster (2015) data breach (2015)
In August 2015, the social video sharing and bookmarking site MyVidster was hacked and nearly 20,000 accounts were dumped online. The dump included usernames, email addresses and hashed passwords.
Data breachResolvedStoryBird data breach (2015)
In August 2015, the storytelling service StoryBird suffered a data breach exposing 4 million records with 1 million unique email addresses. Impacted data also included names, usernames and passwords stored as PBKDF2 hashes. The data was provided to HIBP by dehashed.com.
Data breachResolvedPokébip data breach (2015)
In July 2015, the French Pokémon site Pokébip suffered a data breach which exposed 657k subscriber identities. The data included email and IP addresses, usernames and passwords stored as unsalted MD5 hashes.
Data breachResolvedAshley Madison (Avid Life Media) breach
A group calling itself the Impact Team breached infidelity dating site Ashley Madison, then dumped the account data of roughly 32 million users — names, emails, sexual preferences and payment records — after parent company Avid Life Media refused to shut the site down.
Soundwave data breach (2015)
In approximately mid 2015, the music tracking app Soundwave suffered a data breach. The breach stemmed from an incident whereby "production data had been used to populate the test database" and was then inadvertently exposed in a MongoDB.
Data breachResolvedSeedpeer data breach (2015)
In July 2015, the torrent site Seedpeer was hacked and 282k member records were exposed. The data included usernames, email addresses and passwords stored as weak MD5 hashes.
Data breachResolvedWildStar data breach (2015)
In July 2015, the IP.Board forum for the gaming website WildStar suffered a data breach that exposed over 738k forum members' accounts. The data was being actively traded on underground forums and included email addresses, birth dates and passwords.
Data breachResolvedHemmakväll data breach (2015)
In July 2015, the Swedish video store chain Hemmakväll was hacked and nearly 50k records dumped publicly. The disclosed data included various attributes of their customers including email and physical addresses, names and phone numbers.
Hacking Team data breach (2015)
In July 2015, the Italian security firm Hacking Team suffered a major data breach that resulted in over 400GB of their data being posted online via a torrent. The data searchable on "Have I Been Pwned?" is from 189GB worth of PST mail folders in the dump.
Data breachResolvedmyRepoSpace data breach (2015)
In July 2015, the Cydia repository known as myRepoSpace was hacked and user data leaked publicly. Cydia is designed to facilitate the installation of apps on jailbroken iOS devices.
Data breachResolvedPlex data breach (2015)
In July 2015, the discussion forum for Plex media centre was hacked and over 327k accounts exposed. The IP.Board forum included IP addresses and passwords stored as salted hashes using a weak implementation enabling many to be rapidly cracked.
Data breachResolvedCheapAssGamer.com data breach (2015)
In approximately mid-2015, the forum for CheapAssGamer.com suffered a data breach. The database from the IP.Board based forum contained 445k accounts including usernames, email and IP addresses and salted MD5 password hashes.
Data breachResolvediPmart data breach (2015)
During 2015, the iPmart forum (now known as Mobi NUKE) was hacked and over 2 million forum members' details were exposed. The vBulletin forum included IP addresses, birth dates and passwords stored as salted hashes using a weak implementation enabling many to be rapidly cracked.
Data breachResolvedPS3Hax data breach (2015)
In approximately July 2015, the Sony Playstation hacks and mods forum known as PS3Hax was hacked and more than 447k accounts were exposed. The vBulletin forum included IP addresses and passwords stored as salted hashes using a weak implementation enabling many to be rapidly cracked.
Data breachResolvedSvenskaMagic data breach (2015)
Sometime in 2015, the Swedish magic website SvenskaMagic suffered a data breach that exposed over 30k records. The compromised data included usernames, email addresses and MD5 password hashes. The data was self-submitted to HIBP by SvenskaMagic.
Data breachResolvedMinefield data breach (2015)
In June 2015, the French Minecraft server known as Minefield was hacked and 188k member records were exposed. The IP.Board forum included email and IP addresses, birth dates and passwords stored as salted hashes using a weak implementation enabling many to be rapidly cracked.
Scuf Gaming data breach (2015)
In June 2015, custom gaming controller maker Scuf Gaming suffered a data breach. The incident exposed 129k unique email addresses along with usernames, display names, IP addresses and password hashes.
Data breachResolvedU.S. Office of Personnel Management breach
Chinese state operators exfiltrated background-investigation forms (SF-86s) for 21.5 million U.S. federal employees and contractors — the most-damaging intelligence-loss cyber incident in U.S. government history.
Eroticy data breach (2015)
In mid-2016, it's alleged that the adult website known as Eroticy was hacked. Almost 1.4 million unique accounts were found circulating in late 2016 which contained a raft of personal information ranging from email addresses to phone numbers to plain text passwords.
Data breachResolvedJapan Pension Service data breach
A targeted phishing email carrying malware breached the Japan Pension Service, leaking the names, IDs, addresses, and birth dates of about 1.25 million pension enrollees and forcing a national rethink of public-sector cybersecurity.
Minecraft Pocket Edition Forum data breach (2015)
In May 2015, the Minecraft Pocket Edition forum was hacked and over 16k accounts were dumped public. Allegedly hacked by @rmsg0d, the forum data included numerous personal pieces of data for each user. The forum has subsequently been decommissioned.
Data breachResolvedBitcoin Talk data breach (2015)
In May 2015, the Bitcoin forum Bitcoin Talk was hacked and over 500k unique email addresses were exposed. The attack led to the exposure of a raft of personal data including usernames, email and IP addresses, genders, birth dates, security questions and MD5 hashes of their answers plus hashes of…
Data breachResolvedAdult FriendFinder (2015) data breach (2015)
In May 2015, the adult hookup site Adult FriendFinder was hacked and nearly 4 million records dumped publicly. The data dump included extremely sensitive personal information about individuals and their relationship statuses and sexual preferences combined with personally identifiable information.
Data breachResolvedGaadi data breach (2015)
In May 2015, the Indian motoring website known as Gaadi had 4.3 million records exposed in a data breach. The data contained usernames, email and IP addresses, genders, the city of users as well as passwords stored in both plain text and as MD5 hashes.
Data breachResolvedmSpy data breach (2015)
In May 2015, the "monitoring" software known as mSpy suffered a major data breach. The software (allegedly often used to spy on unsuspecting victims), stored extensive personal information within their online service which after being breached, was made freely available on the internet.
Data breachResolvedСпрашивай.ру data breach (2015)
In May 2015, Спрашивай.ру (a the Russian website for anonymous reviews) was reported to have had 6.7 million user details exposed by a hacker known as "w0rm".
German Bundestag intrusion (APT28)
Russian GRU Unit 26165 (APT28 / Fancy Bear) compromised the Bundestag's parliamentary network, exfiltrating ~16 GB of data including emails from Chancellor Merkel's parliamentary office. Forced a full Bundestag IT estate rebuild.
Evermotion data breach (2015)
In May 2015, the Polish 3D modelling website known as Evermotion suffered a data breach resulting in the exposure of 435k unique user records. The data was sourced from a vBulletin forum and contained email addresses, usernames, dates of birth and salted MD5 hashes of passwords.
Data breachResolvedKimsufi data breach (2015)
In mid-2015, the forum for the providers of affordable dedicated servers known as Kimsufi suffered a data breach. The vBulletin forum contained over half a million accounts including usernames, email and IP addresses and passwords stored as salted MD5 hashes.
Data breachResolvedOVH data breach (2015)
In mid-2015, the forum for the hosting provider known as OVH suffered a data breach. The vBulletin forum contained 453k accounts including usernames, email and IP addresses and passwords stored as salted MD5 hashes.
Data breachResolvedTelecom Regulatory Authority of India data breach (2015)
In April 2015, the Telecom Regulatory Authority of India (TRAI) published tens of thousand of emails sent by Indian citizens supporting net neutrality as part of the SaveTheInternet campaign.
SC Daily Phone Spam List data breach (2015)
In early 2015, a spam list known as SC Daily Phone emerged containing almost 33M identities. The data includes personal attributes such as names, physical and IP addresses, genders, birth dates and phone numbers. Read more about spam lists in HIBP.
Data breachResolvedSweClockers.com data breach (2015)
In early 2015, the Swedish tech news site SweClockers was hacked and 255k accounts were exposed. The attack led to the exposure of usernames, email addresses and salted hashes of passwords stored with a combination of MD5 and SHA512.
Data breachResolvedSnail data breach (2015)
In March 2015, the gaming website Snail suffered a data breach that impacted 1.4 million subscribers. The impacted data included usernames, IP and email addresses and passwords stored as unsalted MD5 hashes. The data was provided to HIBP by dehashed.com.
Data breachResolved000webhost data breach (2015)
In approximately March 2015, the free web hosting provider 000webhost suffered a major data breach that exposed almost 15 million customer records. The data was sold and traded before 000webhost was alerted in October. The breach included names, email addresses and plain text passwords.
Data breachResolvedGameTuts data breach (2015)
Likely in early 2015, the video game website GameTuts suffered a data breach and over 2 million user accounts were exposed. The site later shut down in July 2016 but was identified as having been hosted on a vBulletin forum.
Data breachResolvedHongFire data breach (2015)
In March 2015, the anime and manga forum HongFire suffered a data breach. The hack of their vBulletin forum led to the exposure of 1 million accounts along with email and IP addresses, usernames, dates of birth and salted MD5 passwords.
Data breachResolvedStarNet data breach (2015)
In February 2015, the Moldavian ISP "StarNet" had it's database published online. The dump included nearly 140k email addresses, many with personal details including contact information, usage patterns of the ISP and even passport numbers.
Data breachResolvedMyFHA data breach (2015)
In approximately February 2015, the home financing website MyFHA suffered a data breach which disclosed the personal information of nearly 1 million people.
Data breachResolvedFlashback data breach (2015)
In February 2015, the Swedish forum known as Flashback had sensitive internal data on 40k members published via the tabloid newspaper Aftonbladet. The data was allegedly sold to them via Researchgruppen (The Research Group) who have a history of exposing otherwise anonymous users, primarily those…
Anthem Inc. data breach
Chinese state-attributed actors exfiltrated personal data on 78.8 million current and former Anthem health insurance customers — at the time the largest healthcare-sector breach in U.S. history.
PSX-Scene data breach (2015)
In approximately February 2015, the Sony Playstation forum known as PSX-Scene was hacked and more than 340k accounts were exposed. The vBulletin forum included IP addresses and passwords stored as salted hashes using a weak implementation enabling many to be rapidly cracked.
Data breachResolvedXbox-Scene data breach (2015)
In approximately February 2015, the Xbox forum known as Xbox-Scene was hacked and more than 432k accounts were exposed. The IP.Board forum included IP addresses and passwords stored as salted hashes using a weak implementation enabling many to be rapidly cracked.
Data breachResolvedLizard Squad data breach (2015)
In January 2015, the hacker collective known as "Lizard Squad" created a DDoS service by the name of "Lizard Stresser" which could be procured to mount attacks against online targets.
Data breachResolvedBleach Anime Forum data breach (2015)
In 2015, the now defunct independent forum for the Bleach Anime series suffered a data breach that exposed 144k user records. The impacted data included usernames, email addresses and salted MD5 password hashes.
Data breachResolved
2014
56 incidentsTeam SoloMid data breach (2014)
In December 2014, the electronic sports organisation known as Team SoloMid was hacked and 442k members accounts were leaked. The accounts included email and IP addresses, usernames and salted hashes of passwords.
Data breachResolvedGerman steel mill cyberattack
Attackers used spear-phishing to pivot from a German steel mill's office network into its production network, manipulating industrial controls so a blast furnace could not be shut down properly and suffered massive physical damage.
Acne.org data breach (2014)
In November 2014, the acne website acne.org suffered a data breach that exposed over 430k forum members' accounts. The data was being actively traded on underground forums and included email addresses, birth dates and passwords.
Data breachResolvedSony Pictures Entertainment hack
A North Korean wiper attack tied to the release of 'The Interview' destroyed roughly half of Sony Pictures' IT estate and leaked terabytes of internal documents, emails, and unreleased films.
Warframe data breach (2014)
In November 2014, the online game Warframe was hacked and 819k unique email addresses were exposed. Allegedly due to a SQL injection flaw in Drupal, the attack exposed usernames, email addresses and data in a "pass" column which adheres to the salted SHA12 password hashing pattern used by Drupal 7.
Data breachResolvedMalwarebytes data breach (2014)
In November 2014, the Malwarebytes forum was hacked and 111k member records were exposed. The IP.Board forum included email and IP addresses, birth dates and passwords stored as salted hashes using a weak implementation enabling many to be rapidly cracked.
Data breachResolvedBot of Legends data breach (2014)
In November 2014, the forum for Bot of Legends suffered a data breach. The IP.Board forum contained 238k accounts including usernames, email and IP addresses and passwords stored as salted MD5 hashes.
Data breachResolvedILikeCheats data breach (2014)
In October 2014, the game cheats website known as ILikeCheats suffered a data breach that exposed 189k accounts. The vBulletin based forum leaked usernames, IP and email addresses and weak MD5 hashes of passwords. The data was provided with support from dehashed.com.
Data breachResolvedJPMorgan Chase data breach
Attackers exploited a server missing two-factor authentication to breach more than 90 JPMorgan Chase servers and steal contact details for 76 million households and 7 million small businesses — one of the largest intrusions ever into a U.S. financial institution.
9Lives data breach (2014)
In October 2014, the (now defunct) Belgian gaming news forum 9Lives suffered a data breach that was later redistributed as part of a larger corpus of data. The breach exposed 109k unique email addresses along with usernames and salted MD5 password hashes.
BTC-E data breach (2014)
In October 2014, the Bitcoin exchange BTC-E was hacked and 568k accounts were exposed. The data included email and IP addresses, wallet balances and hashed passwords.
Data breachResolvedTout data breach (2014)
In approximately September 2014, the now defunct social networking service Tout suffered a data breach. The breach subsequently appeared years later and included 653k unique email addresses, names, IP addresses, the location of the user, their bio and passwords stored as bcrypt hashes.
Data breachResolvedmail.ru Dump data breach (2014)
In September 2014, several large dumps of user accounts appeared on the Russian Bitcoin Security Forum including one with nearly 5M email addresses and passwords, predominantly on the mail.ru domain.
Home Depot POS breach
Attackers used a vendor's stolen credentials and custom point-of-sale malware to harvest about 56 million payment cards and 53 million email addresses from Home Depot's U.S. and Canadian self-checkout systems over five months — the largest retail card breach of its time.
Yandex Dump data breach (2014)
In September 2014, news broke of a massive leak of accounts from Yandex, the Russian search engine giants who also provides email services. The purported million "breached" accounts were disclosed at the same time as nearly 5M mail.ru accounts with both companies claiming the credentials were…
Data breachResolvedBin Weevils data breach (2014)
In September 2014, the online game Bin Weevils suffered a data breach. Whilst originally stating that only usernames and passwords had been exposed, a subsequent story on DataBreaches.net indicated that a more extensive set of personal attributes were impacted (comments there also suggest the data…
Data breachResolvedPowerbot data breach (2014)
In approximately September 2014, the RuneScape bot website Powerbot suffered a data breach resulting in the exposure of over half a million unique user records. The data contained email and IP addresses, usernames and salted MD5 hashes of passwords.
Data breachResolvedVermillion data breach (2014)
In August 2014, the Roblox hacking forum Vermillion suffered a data breach that exposed over 8k subscriber records. The breach of the MyBB forum exposed email and IP addresses, usernames, dates of birth and salted password hashes.
Data breachResolvedBanorte data breach (2014)
In August 2022, millions of records from Mexican bank "Banorte" were publicly dumped on a popular hacking forum including 2.1M unique email addresses, physical addresses, names, phone numbers, RFC (tax) numbers, genders and bank balances.
Data breachResolveddiet.com data breach (2014)
In August 2014, the diet and nutrition website diet.com suffered a data breach resulting in the exposure of 1.4 million unique user records dating back as far as 2004.
Data breachResolvedPokémon Creed data breach (2014)
In August 2014, the Pokémon RPG website Pokémon Creed was hacked after a dispute with rival site, Pokémon Dusk. In a post on Facebook, "Cruz Dusk" announced the hack then pasted the dumped MySQL database on pkmndusk.in.
Data breachResolvedInsanelyi data breach (2014)
In July 2014, the iOS forum Insanelyi was hacked by an attacker known as Kim Jong-Cracks. A popular source of information for users of jailbroken iOS devices running Cydia, the Insanelyi breach disclosed over 104k users' emails addresses, user names and weakly hashed passwords (salted MD5).
Data breachResolvedBenesse insider data breach
A contractor's system engineer copied 35 million customer records from Japanese education giant Benesse onto a personal device and sold them to data brokers — the largest insider data theft in Japanese history, triggering a ¥20 billion compensation programme.
PoliceOne data breach (2014)
In February 2017, the law enforcement website PoliceOne confirmed they'd suffered a data breach. The breach contained over 700k accounts which appeared for sale by a data broker and included email and IP addresses, usernames and salted MD5 password hashes.
Data breachResolvedBlack Hat World data breach (2014)
In June 2014, the search engine optimisation forum Black Hat World had three quarters of a million accounts breached from their system. The breach included various personally identifiable attributes which were publicly released in a MySQL database script.
Data breachResolvedSumo Torrent data breach (2014)
In June 2014, the torrent site Sumo Torrent was hacked and 285k member records were exposed. The data included IP addresses, email addresses and passwords stored as weak MD5 hashes.
Data breachResolvedDomino's data breach (2014)
In June 2014, Domino's Pizza in France and Belgium was hacked by a group going by the name "Rex Mundi" and their customer data held to ransom. Domino's refused to pay the ransom and six months later, the attackers released the data along with troves of other hacked accounts.
Manga Traders data breach (2014)
In June 2014, the Manga trading website Mangatraders.com had the usernames and passwords of over 900k users leaked on the internet (approximately 855k of the emails were unique). The passwords were weakly hashed with a single iteration of MD5 leaving them vulnerable to being easily cracked.
Data breachResolvedAvast data breach (2014)
In May 2014, the Avast anti-virus forum was hacked and 423k member records were exposed. The Simple Machines Based forum included usernames, emails and password hashes.
Data breachResolvedeBay credentials breach
Attackers used a small number of compromised employee credentials to access eBay's corporate network and exfiltrate a database covering all 145 million users — names, encrypted passwords, email and postal addresses, phone numbers, and dates of birth.
Bitly data breach (2014)
In May 2014, the link management company Bitly announced they'd suffered a data breach. The breach contained over 9.3 million unique email addresses, usernames and hashed passwords, most using SHA1 with a small number using bcrypt.
Fridae data breach (2014)
In May 2014, over 25,000 user accounts were breached from the Asian lesbian, gay, bisexual and transgender website known as "Fridae". The attack which was announced on Twitter appears to have been orchestrated by Deletesec who claim that "Digital weapons shall annihilate all secrecy within…
Data breachResolvedBusiness Acumen Magazine data breach (2014)
In April 2014, the Australian "Business Acumen Magazine" website was hacked by an attacker known as 1337MiR. The breach resulted in over 26,000 accounts being exposed including usernames, email addresses and password stored with a weak cryptographic hashing algorithm (MD5 with no salt).
Data breachResolvedNextGenUpdate data breach (2014)
Early in 2014, the video game website NextGenUpdate reportedly suffered a data breach that disclosed almost 1.2 million accounts. Amongst the data breach was usernames, email addresses, IP addresses and salted and hashed passwords.
Data breachResolvedCafeMom data breach (2014)
In 2014, the social network for mothers CafeMom suffered a data breach. The data surfaced alongside a number of other historical breaches including Kickstarter, Bitly and Disqus and contained 2.6 million email addresses and plain text passwords.
Data breachResolvedBigMoneyJobs data breach (2014)
In April 2014, the job site bigmoneyjobs.com was hacked by an attacker known as "ProbablyOnion". The attack resulted in the exposure of over 36,000 user accounts including email addresses, usernames and passwords which were stored in plain text.
Data breachResolvedBoxee data breach (2014)
In March 2014, the home theatre PC software maker Boxee had their forums compromised in an attack. The attackers obtained the entire vBulletin MySQL database and promptly posted it for download on the Boxee forum itself.
Data breachResolvedQuantum Booter data breach (2014)
In March 2014, the booter service Quantum Booter (also referred to as Quantum Stresser) suffered a breach which lead to the disclosure of their internal database.
Data breachResolvedRambler data breach (2014)
A data dump of almost 100 million accounts from Russian internet portal Rambler — often called 'the Russian Yahoo' — surfaced for trade in 2016, exposing roughly 91 million unique usernames and passwords stored in plain text.
Spirol data breach (2014)
In February 2014, Connecticut based Spirol Fastening Solutions suffered a data breach that exposed over 70,000 customer records. The attack was allegedly mounted by exploiting a SQL injection vulnerability which yielded data from Spirol’s CRM system ranging from customers’ names, companies, contact…
Data breachResolvedUN Internet Governance Forum data breach (2014)
In February 2014, the Internet Governance Forum (formed by the United Nations for policy dialogue on issues of internet governance) was attacked by hacker collective known as Deletesec.
Data breachResolvedMuslim Directory data breach (2014)
In February 2014, the UK guide to services and business known as the Muslim Directory was attacked by the hacker known as @th3inf1d3l. The data was consequently dumped publicly and included the web accounts of tens of thousands of users which contained data including their names, home address, age…
Kickstarter data breach (2014)
In February 2014, the crowdfunding platform Kickstarter announced they'd suffered a data breach. The breach contained almost 5.2 million unique email addresses, usernames and salted SHA1 hashes of passwords.
Forbes data breach (2014)
In February 2014, the Forbes website succumbed to an attack that leaked over 1 million user accounts. The attack was attributed to the Syrian Electronic Army, allegedly as retribution for a perceived "Hate of Syria".
Data breachResolvedTesco data breach (2014)
In February 2014, over 2,000 Tesco accounts with usernames, passwords and loyalty card balances appeared on Pastebin. Whilst the source of the breach is not clear, many confirmed the credentials were valid for Tesco and indeed they have a history of poor online security.
Data breachResolvedCoupon Mom / Armor Games data breach (2014)
In 2014, a file allegedly containing data hacked from Coupon Mom was created and included 11 million email addresses and plain text passwords. On further investigation, the file was also found to contain data indicating it had been sourced from Armor Games.
Data breachResolvedCannabis.com data breach (2014)
In February 2014, the vBulletin forum for the Marijuana site cannabis.com was breached and leaked publicly. Whilst there has been no public attribution of the breach, the leaked data included over 227k accounts and nearly 10k private messages between users of the forum.
Data breachResolvedBell (2014 breach) data breach (2014)
In February 2014, Bell Canada suffered a data breach via the hacker collective known as NullCrew. The breach included data from multiple locations within Bell and exposed email addresses, usernames, user preferences and a number of unencrypted passwords and credit card data from 40,000 records…
Verified data breach (2014)
In January 2014, one of the largest communities of Eastern Europe cybercriminals known as "Verified" was hacked. The breach exposed nearly 17k users of the vBulletin forum including their personal messages and other potentially personally identifiable information.
Data breachResolvedBitcoin Security Forum Gmail Dump data breach (2014)
In September 2014, a large dump of nearly 5M usernames and passwords was posted to a Russian Bitcoin forum. Whilst commonly reported as 5M "Gmail passwords", the dump also contained 123k yandex.ru addresses.
Data breachResolvedKorea Credit Bureau card-data theft
A contractor at the Korea Credit Bureau copied the card and identity data of about 20 million customers of KB Kookmin, Lotte and NH Nonghyup card firms onto a USB drive and sold it — one of the largest financial-data thefts in South Korean history.
WPT Amateur Poker League data breach (2014)
In January 2014, the World Poker Tour (WPT) Amateur Poker League website was hacked by the Twitter user @smitt3nz. The attack resulted in the public disclosure of 175,000 accounts including 148,000 email addresses. The plain text password for each account was also included in the breach.
Data breachResolvedHiAPK data breach (2014)
In approximately 2014, it's alleged that the Chinese Android store known as HIAPK suffered a data breach that impacted 13.8 million unique subscribers. Whilst there is evidence that the data is legitimate, due to the difficulty of emphatically verifying the Chinese breach it has been flagged as…
Data breachResolvedReverbNation data breach (2014)
In January 2014, the online service for assisting musicians to build their careers ReverbNation suffered a data breach which wasn't identified until September the following year. The breach contained over 7 million accounts with unique email addresses and salted SHA1 passwords.
Data breachResolvedSnapchat data breach (2014)
In January 2014 just one week after Gibson Security detailed vulnerabilities in the service, Snapchat had 4.6 million usernames and phone number exposed.
Data breachResolvedThisHabbo Forum data breach (2014)
In 2014, the ThisHabbo forum (a fan site for Habbo.com, a Finnish social networking site) appeared among a list of compromised sites which has subsequently been removed from the internet.
Data breachResolved
2013
32 incidentsAstropid data breach (2013)
In December 2013, the vBulletin forum for the social engineering site known as "AstroPID" was breached and leaked publicly. The site provided tips on fraudulently obtaining goods and services, often by providing a legitimate "PID" or Product Information Description.
Data breachResolvedTarget POS malware breach
Attackers entered Target via stolen credentials from an HVAC contractor, pivoted to the payment network, and stole magstripe data on 40 million credit and debit cards plus PII on 70 million customers.
Torrent Invites data breach (2013)
In December 2013, the torrent site Torrent Invites was hacked and over 352k accounts were exposed. The vBulletin forum contained usernames, email and IP addresses, birth dates and salted MD5 hashes of passwords.
Data breachResolvedPixel Federation data breach (2013)
In December 2013, a breach of the web-based game community based in Slovakia exposed over 38,000 accounts which were promptly posted online. The breach included email addresses and unsalted MD5 hashed passwords, many of which were easily converted back to plain text.
Data breachResolvedVodafone data breach (2013)
In November 2013, Vodafone in Iceland suffered an attack attributed to the Turkish hacker collective "Maxn3y". The data was consequently publicly exposed and included user names, email addresses, social security numbers, SMS message, server logs and passwords from a variety of different internal…
Data breachResolvedXSplit data breach (2013)
In November 2013, the makers of gaming live streaming and recording software XSplit was compromised in an online attack. The data breach leaked almost 3M names, email addresses, usernames and hashed passwords.
Data breachResolvedWe Heart It data breach (2013)
In November 2013, the image-based social network We Heart It suffered a data breach. The incident wasn't discovered until October 2017 when 8.6 million user records were sent to HIBP.
Data breachResolvedMecho Download data breach (2013)
In October 2013, the (now defunct) downloads website "Mecho Download" suffered a data breach that exposed 438k records. Data from the vBulletin based website included email and IP addresses, usernames and passwords stored as salted MD5 hashes.
Data breachResolvedAdobe data breach (2013)
Attackers stole roughly 153 million Adobe account records — IDs, emails, weakly encrypted passwords and plaintext password hints — along with source code for several Adobe products, in one of the largest software-company breaches on record.
iMesh data breach (2013)
In September 2013, the media and file sharing client known as iMesh was hacked and approximately 50M accounts were exposed. The data was later put up for sale on a dark market website in mid-2016 and included email and IP addresses, usernames and salted MD5 hashes.
Data breachResolvedCrack Community data breach (2013)
In late 2013, the Crack Community forum specialising in cracks for games was compromised and over 19k accounts published online. Built on the MyBB forum platform, the compromised data included email addresses, IP addresses and salted MD5 passwords.
Data breachResolvedWin7Vista Forum data breach (2013)
In September 2013, the Win7Vista Windows forum (since renamed to the "Beyond Windows 9" forum) was hacked and later had its internal database dumped. The dump included over 200k members’ personal information and other internal data extracted from the forum.
Data breachResolvedimgur data breach (2013)
In September 2013, the online image sharing community imgur suffered a data breach. A selection of the data containing 1.7 million email addresses and passwords surfaced more than 4 years later in November 2017.
Yatra data breach (2013)
In September 2013, the Indian bookings website known as Yatra had 5 million records exposed in a data breach. The data contained email and physical addresses, dates of birth and phone numbers along with both PINs and passwords stored in plain text.
Data breachResolvedDragonNest data breach (2013)
In August 2013, the massively multiplayer online role-playing game (MMORGP) DragonNest suffered a data breach that was later redistributed as part of a larger corpus of data. The breach exposed over 500k unique email addresses along with usernames, IP addresses and plain text passwords.
Data breachResolvedEvite data breach (2013)
An archived 2013 database from social-invitations site Evite was accessed by an attacker and later traded online, exposing roughly 101 million unique email addresses along with names, phone numbers, postal addresses, dates of birth and plaintext passwords.
Lord of the Rings Online data breach (2013)
In August 2013, the interactive video game Lord of the Rings Online suffered a data breach that exposed over 1.1M players' accounts. The data was being actively traded on underground forums and included email addresses, birth dates and password hashes.
Data breachResolvedLounge Board data breach (2013)
At some point in 2013, 45k accounts were breached from the Lounge Board "General Discussion Forum" and then dumped publicly. Lounge Board was a MyBB forum launched in 2012 and discontinued in mid 2013 (the last activity in the logs was from August 2013).
Data breachResolvedOwnedCore data breach (2013)
In approximately August 2013, the World of Warcraft exploits forum known as OwnedCore was hacked and more than 880k accounts were exposed. The vBulletin forum included IP addresses and passwords stored as salted hashes using a weak implementation enabling many to be rapidly cracked.
Data breachResolvedNexus Mods data breach (2013)
In December 2015, the game modding site Nexus Mods released a statement notifying users that they had been hacked. They subsequently dated the hack as having occurred in July 2013 although there is evidence to suggest the data was being traded months in advance of that.
Data breachResolvedYam data breach (2013)
In June 2013, the Taiwanese website Yam.com suffered a data breach which was shared to a popular hacking forum in 2021. The data included 13 million unique email addresses alongside names, usernames, phone numbers, physical addresses, dates of birth and unsalted MD5 password hashes.
Data breachResolvedBadoo data breach (2013)
A dataset attributed to the dating and social network Badoo exposed roughly 112 million unique email addresses along with names, birthdates and MD5 password hashes; the data surfaced among traders in 2016 and remains formally unverified.
AhaShare.com data breach (2013)
In May 2013, the torrent site AhaShare.com suffered a breach which resulted in more than 180k user accounts being published publicly. The breach included a raft of personal information on registered users plus despite assertions of not distributing personally identifiable information, the site also…
Data breachResolvedNon Nude Girls data breach (2013)
In May 2013, the non-consensual voyeurism site "Non Nude Girls" suffered a data breach. The hack of the vBulletin forum led to the exposure of over 75k accounts along with email and IP addresses, names and plain text passwords.
Data breachResolvedNeopets data breach (2013)
In May 2016, a set of breached data originating from the virtual pet website "Neopets" was found being traded online. Allegedly hacked "several years earlier", the data contains sensitive personal information including birthdates, genders and names as well as almost 27 million unique email…
Data breachResolvedDungeons & Dragons Online data breach (2013)
In April 2013, the interactive video game Dungeons & Dragons Online suffered a data breach that exposed almost 1.6M players' accounts. The data was being actively traded on underground forums and included email addresses, birth dates and password hashes.
Data breachResolvedBrazzers data breach (2013)
In April 2013, the adult website known as Brazzers was hacked and 790k accounts were exposed publicly. Each record included a username, email address and password stored in plain text. The breach was brought to light by the Vigilante.pw data breach reporting site in September 2016.
Data breachResolvedTumblr data breach (2013)
A 2013 intrusion at the blogging platform Tumblr exposed roughly 65 million email addresses and salted SHA-1 password hashes; the scale only became public in 2016 when the data surfaced for sale on dark-web markets.
Heroes of Gaia data breach (2013)
In early 2013, the online fantasy multiplayer game Heroes of Gaia suffered a data breach. The newest records in the data set indicate a breach date of 4 January 2013 and include usernames, IP and email addresses but no passwords.
Data breachResolvedFaceUP data breach (2013)
In 2013, the Danish social media site FaceUP suffered a data breach. The incident exposed 87k unique email addresses alongside genders, dates of birth, names, phone numbers and passwords stored as unsalted MD5 hashes.
JD data breach (2013)
In 2013 (exact date unknown), the Chinese e-commerce service JD suffered a data breach that exposed 13GB of data containing 77 million unique email addresses. The data also included usernames, phone numbers and passwords stored as SHA-1 hashes.
OMGPOP data breach (2013)
In approximately 2013, the maker of the Draw Something game OMGPOP suffered a data breach. Formerly known as i'minlikewithyou or iilwy and later purchased by Zynga, the breach exposed over 7M email address and plain text password pairs which were later leaked in 2019.
Data breachResolved
2012
22 incidentsHeroes of Newerth data breach (2012)
In December 2012, the multiplayer online battle arena game known as Heroes of Newerth was hacked and over 8 million accounts extracted from the system. The compromised data included usernames, email addresses and passwords.
Data breachResolvedBookCrossing data breach (2012)
In August 2022, the book social networking site BookCrossing disclosed a data breach that dated back to a database backup from November 2012. The incident exposed almost 1.6M records including names, usernames, email and IP addresses, dates of birth and plain text passwords.
Data breachResolvedNetlog data breach (2012)
In July 2018, the Belgian social networking site Netlog identified a data breach of their systems dating back to November 2012 (PDF). Although the service was discontinued in 2015, the data breach still impacted 49 million subscribers for whom email addresses and plain text passwords were exposed.
Lookbook data breach (2012)
In August 2012, the fashion site Lookbook suffered a data breach. The data later appeared listed for sale in June 2016 and included 1.1 million usernames, email and IP addresses, birth dates and plain text passwords.
Data breachResolvedSaudi Aramco Shamoon wiper
Iranian-attributed Shamoon wiper destroyed data on roughly 30,000 Saudi Aramco workstations on a single day, taking the world's largest oil company's IT estate offline for two weeks. The first major Iranian retaliatory cyber operation.
The Botting Network data breach (2012)
In August 2012, the forum for making money with botting "The Botting Network" suffered a data breach that exposed 96k user records. The now defunct vBulletin forum leaked 96k email addresses, usernames, dates of birth and salted MD5 password hashes.
Data breachResolvedGauss banking-espionage malware against Lebanese banks
Gauss, a nation-state cyber-surveillance toolkit related to Flame and Stuxnet, infected over 2,500 systems — most heavily in Lebanon — and was the first publicly known state-sponsored malware engineered to steal online-banking credentials from specific Lebanese banks.
Xiaomi data breach (2012)
In August 2012, the Xiaomi user forum website suffered a data breach. In all, 7 million email addresses appeared in the breach although a significant portion of them were numeric aliases on the bbs_ml_as_uid.xiaomi.com domain.
Yahoo data breach (2012)
In July 2012, Yahoo! had their online publishing service "Voices" compromised via a SQL injection attack. The breach resulted in the disclosure of nearly half a million usernames and passwords stored in plain text.
Data breachResolvedWar Inc. data breach (2012)
In mid-2012, the real-time strategy game War Inc. suffered a data breach. The attack resulted in the exposure of over 1 million accounts including usernames, email addresses and salted MD5 hashes of passwords.
Data breachResolvedDisqus data breach (2012)
In October 2017, the blog commenting service Disqus announced they'd suffered a data breach. The breach dated back to July 2012 but wasn't identified until years later when the data finally surfaced. The breach contained over 17.5 million unique email addresses and usernames.
Data breachResolvedDropbox data breach (2012)
A reused employee password — harvested from the 2012 LinkedIn breach — let an attacker steal a database of about 68 million Dropbox user credentials, which surfaced for sale on the dark web four years later.
League of Legends data breach (2012)
In June 2012, the multiplayer online game League of Legends suffered a data breach. At the time, the service had more than 32 million registered accounts and the breach affected various personal data attributes including "encrypted" passwords.
Data breachResolvedLinkedIn password breach
A 2012 intrusion into LinkedIn exposed user passwords stored as unsalted SHA-1 hashes. Initially reported as 6.5 million credentials, the full scope of 117 million accounts only emerged in 2016 when the data surfaced for sale on the dark web.
WHMCS data breach (2012)
In May 2012, the web hosting, billing and automation company WHMCS suffered a data breach that exposed 134k email addresses. The breach included extensive information about customers and payment histories including partial credit card numbers.
Data breachResolvedLast.fm data breach (2012)
The music platform Last.fm was hacked in March 2012, exposing more than 43 million accounts with usernames, email addresses and unsalted MD5 password hashes; over 96% of passwords were cracked within hours once the data surfaced in 2016.
JobStreet data breach (2012)
In October 2017, the Malaysian website lowyat.net ran a story on a massive set of breached data affecting millions of Malaysians after someone posted it for sale on their forums.
Data breachResolvedGamigo data breach (2012)
In March 2012, the German online game publisher Gamigo was hacked and more than 8 million accounts publicly leaked. The breach included email addresses and passwords stored as weak MD5 hashes with no salt.
Data breachResolvedYouPorn data breach (2012)
In February 2012, the adult website YouPorn had over 1.3M user accounts exposed in a data breach. The publicly released data included both email addresses and plain text passwords.
Data breachResolved126 data breach (2012)
In approximately 2012, it's alleged that the Chinese email service known as 126 suffered a data breach that impacted 6.4 million subscribers. Whilst there is evidence that the data is legitimate, due to the difficulty of emphatically verifying the Chinese breach it has been flagged as "unverified".
Data breachResolvedTaobao data breach (2012)
In approximately 2012, it's alleged that the Chinese shopping site known as Taobao suffered a data breach that impacted over 21 million subscribers. Whilst there is evidence that the data is legitimate, due to the difficulty of emphatically verifying the Chinese breach it has been flagged as…
Data breachResolvedVK data breach (2012)
Russia's largest social network VK was compromised around 2012, exposing roughly 93 million accounts with names, phone numbers, email addresses and plaintext passwords. The data surfaced for sale in 2016 via the broker 'Peace'.
2011
22 incidents17173 data breach (2011)
In late 2011, a series of data breaches in China affected up to 100 million users, including 7.5 million from the gaming site known as 17173. Whilst there is evidence that the data is legitimate, due to the difficulty of emphatically verifying the Chinese breach it has been flagged as "unverified".
Data breachResolvedRuneScape Boards data breach (2011)
In around 2011, the now defunct RuneScape Boards forum (also known as RSBoards) suffered a data breach that was later redistributed as part of a larger corpus of data. The vBulletin-based service exposed 223k unique email addresses along with usernames, IP addresses and salted MD5 password hashes.
Data breachResolvedTianya data breach (2011)
In December 2011, China's largest online forum known as Tianya was hacked and tens of millions of accounts were obtained by the attacker. The leaked data included names, usernames and email addresses.
Stratfor data breach (2011)
In December 2011, "Anonymous" attacked the global intelligence company known as "Stratfor" and consequently disclosed a veritable treasure trove of data including hundreds of gigabytes of email and tens of thousands of credit card details which were promptly used by the attackers to make charitable…
Data breachResolvedChina Software Developer Network data breach (2011)
In 2011, the China Software Developer Network (CSDN) suffered a data breach that exposed over 6M user records. The data included email addresses alongside usernames and plain text passwords.
Data breachResolvedhemmelig.com data breach (2011)
In December 2011, Norway's largest online sex shop hemmelig.com was hacked by a collective calling themselves "Team Appunity". The attack exposed over 28,000 usernames and email addresses along with nicknames, gender, year of birth and unsalted MD5 password hashes.
Data breachResolvedZhenai.com data breach (2011)
In December 2011, the Chinese dating site known as Zhenai.com suffered a data breach that impacted 5 million subscribers. Whilst there is evidence that the data is legitimate, due to the difficulty of emphatically verifying the Chinese breach it has been flagged as "unverified".
Data breachResolvedDodonew.com data breach (2011)
In late 2011, data was allegedly obtained from the Chinese website known as Dodonew.com and contained 8.7M accounts. Whilst there is evidence that the data is legitimate, due to the difficulty of emphatically verifying the Chinese breach it has been flagged as "unverified".
Data breachResolvedAndroid Forums data breach (2011)
In October 2011, the Android Forums website was hacked and 745k user accounts were subsequently leaked publicly. The compromised data included email addresses, user birth dates and passwords stored as a salted MD5 hash.
Data breachResolvedDigiNotar certificate authority compromise
An intruder gained total control of Dutch certificate authority DigiNotar, issuing more than 500 fraudulent SSL certificates — including a wildcard for *.google.com used to wiretap some 300,000 Iranian Gmail users — and triggering the company's collapse.
SK Communications (Nate / Cyworld) breach
Hackers using a poisoned software-update channel stole the personal data of about 35 million Nate and Cyworld users — names, resident-registration numbers, phone numbers and encrypted passwords — in what was then South Korea's largest data breach.
Civil Online data breach (2011)
In mid-2011, data was allegedly obtained from the Chinese engineering website known as Civil Online and contained 7.8M accounts. Whilst there is evidence that the data is legitimate, due to the difficulty of emphatically verifying the Chinese breach it has been flagged as "unverified".
Data breachResolvedBattlefield Heroes data breach (2011)
In June 2011 as part of a final breached data dump, the hacker collective "LulzSec" obtained and released over half a million usernames and passwords from the game Battlefield Heroes.
Data breachResolvedhackforums.net data breach (2011)
In June 2011, the hacktivist group known as "LulzSec" leaked one final large data breach they titled "50 days of lulz". The compromised data came from sources such as AT&T, Battlefield Heroes and the hackforums.net website.
Data breachResolvedSony data breach (2011)
In 2011, Sony suffered breach after breach after breach — it was a very bad year for them. The breaches spanned various areas of the business ranging from the PlayStation network all the way through to the motion picture arm, Sony Pictures.
Data breachResolvedDangdang data breach (2011)
In 2011, the Chinese e-commerce site Dangdang suffered a data breach. The incident exposed over 4.8 million unique email addresses which were subsequently traded online over the ensuing years.
Data breachResolvedQIP data breach (2011)
In mid-2011, the Russian instant messaging service known as QIP (Quiet Internet Pager) suffered a data breach. The attack resulted in the disclosure of over 26 million unique accounts including email addresses and passwords with the data eventually appearing in public years later.
Sony PlayStation Network breach
Intruders penetrated Sony's PlayStation Network and Qriocity, compromising personal data on roughly 77 million accounts and forcing a 23-day global outage — one of the largest consumer data breaches of its time.
RSA SecurID seed compromise
A spear-phishing email carrying a Flash zero-day gave attackers a foothold inside RSA, from which they exfiltrated data tied to the SecurID two-factor authentication system — data later used in an intrusion attempt against Lockheed Martin.
Fling data breach (2011)
In 2011, the self-proclaimed "World's Best Adult Social Network" website known as Fling was hacked and more than 40 million accounts obtained by the attacker.
Data breachResolved7k7k data breach (2011)
In approximately 2011, it's alleged that the Chinese gaming site known as 7k7k suffered a data breach that impacted 9.1 million subscribers. Whilst there is evidence that the data is legitimate, due to the difficulty of emphatically verifying the Chinese breach it has been flagged as "unverified".
Data breachResolvedDuowan.com data breach (2011)
In approximately 2011, data was allegedly obtained from the Chinese gaming website known as Duowan.com and contained 2.6M accounts. Whilst there is evidence that the data is legitimate, due to the difficulty of emphatically verifying the Chinese breach it has been flagged as "unverified".
Data breachResolved
2010
5 incidentsGawker data breach (2010)
In December 2010, Gawker was attacked by the hacker collective "Gnosis" in retaliation for what was reported to be a feud between Gawker and 4Chan. Information about Gawkers 1.3M users was published along with the data from Gawker's other web presences including Gizmodo and Lifehacker.
Data breachResolvedPaddy Power data breach (2010)
In October 2010, the Irish bookmaker Paddy Power suffered a data breach that exposed 750,000 customer records with nearly 600,000 unique email addresses.
Data breachResolvedStuxnet (Operation Olympic Games)
U.S. and Israeli intelligence services jointly developed and deployed Stuxnet — the first widely-known cyber weapon to cause physical damage. The worm targeted Iran's Natanz uranium enrichment facility and destroyed approximately 1,000 IR-1 centrifuges over 2009–2010.
Neteller data breach (2010)
In May 2010, the e-wallet service known as Neteller suffered a data breach which exposed over 3.6M customers. The breach was not discovered until October 2015 and included names, email addresses, home addresses and account balances.
Data breachResolvedDivX SubTitles data breach (2010)
In approximately 2010, the now defunct website DivX SubTitles suffered a data breach that exposed 783k user accounts including email addresses, usernames and plain text passwords.
Data breachResolved
2009
3 incidentsHeartland Payment Systems card breach
An SQL-injection foothold let Albert Gonzalez's crew plant sniffer malware inside Heartland's payment-processing network, capturing roughly 130 million card numbers in transit — at the time the largest card-data breach ever disclosed.
Elance data breach (2009)
Sometime in 2009, staffing platform Elance suffered a data breach that impacted 1.3 million accounts. Appearing online 8 years later, the data contained usernames, email addresses, phone numbers and SHA1 hashes of passwords, amongst other personal data.
Data breachResolvedMoney Bookers data breach (2009)
Sometime in 2009, the e-wallet service known as Money Bookers suffered a data breach which exposed almost 4.5M customers. Now called Skrill, the breach was not discovered until October 2015 and included names, email addresses, home addresses and IP addresses.
Data breachResolved
2008
2 incidentsBaby Names data breach (2008)
In approximately 2008, the site to help parents name their children known as Baby Names suffered a data breach. The incident exposed 846k email addresses and passwords stored as salted MD5 hashes.
Data breachResolvedFoxy Bingo data breach (2008)
In April 2007, the online gambling site Foxy Bingo was hacked and 252,000 accounts were obtained by the hackers. The breached records were subsequently sold and traded and included personal information data such as plain text passwords, birth dates and home addresses.
Data breachResolved
2007
3 incidentsgPotato data breach (2007)
In July 2007, the multiplayer game portal known as gPotato (link to archive of the site at that time) suffered a data breach and over 2 million user accounts were exposed. The site later merged into the Webzen portal where the original accounts still exist today.
Data breachResolved2007 cyberattacks on Estonia
A three-week wave of distributed denial-of-service attacks crippled Estonian government, banking, and media websites amid a dispute with Russia, becoming the first cyber assault on an entire nation-state and the birthplace of NATO's cyber-defence doctrine.
TJX Companies (T.J. Maxx) card breach
Attackers led by Albert Gonzalez sniffed weakly-encrypted in-store Wi-Fi at a Marshalls outlet and pivoted to TJX's central systems, exfiltrating an estimated 94 million payment-card records over an 18-month intrusion — the largest U.S. retail data breach of its era.