Skip to content

Timeline of cyberattacks

Every catalogued incident, plotted by disclosure date.

2026

589 incidents
  1. AdaptHealth reports material breach of patient data after social-engineering attack

    Home medical equipment provider AdaptHealth disclosed a material cybersecurity incident in which a social-engineering attack on a third-party contractor let a threat actor into its cloud systems and reach patient personal and health information.

  2. Medtronic notifies 3.8 million people of ShinyHunters data breach

    Medical device maker Medtronic began notifying roughly 3.8 million people that their personal data was exposed when the ShinyHunters extortion group accessed its corporate IT systems in April 2026.

  3. DHS confirms breach of HSIN sensitive information-sharing network

    The U.S. Department of Homeland Security confirmed that hackers breached the Homeland Security Information Network, an unclassified platform used to share sensitive information with federal, state, local and private-sector partners.

  4. Kubota North America says hackers had month-long access to its network

    Kubota North America said an unauthorised party had month-long access to its network in early 2026, reaching HR files with the personal data of employees and dependents.

  5. Aflac Japan breach exposes personal data of 4.38 million customers and agents

    Aflac disclosed that attackers who breached its Japanese subsidiary's policyholder portal exfiltrated the personal information of roughly 4.38 million customers and insurance agents.

  6. Sapporo Holdings investigates cyberattack on overseas subsidiaries

    Japanese beverage group Sapporo Holdings disclosed suspected unauthorised access at its overseas subsidiaries Pokka in Singapore and Sleeman Breweries in Canada, shutting down affected systems to investigate.

  7. Nissan Americas discloses employee data breach via Oracle PeopleSoft zero-day

    Nissan's Americas operations disclosed that attackers exploiting a zero-day in Oracle PeopleSoft accessed sensitive data belonging to current and former employees in the United States, Canada, Mexico and Brazil.

  8. German naval defense firm Atlas Elektronik listed on TheGentlemen ransomware leak site

    The fast-growing extortion group TheGentlemen added German naval-defense electronics manufacturer Atlas Elektronik to its dark-web leak site on 28 June 2026, claiming a double-extortion attack dated to around 25 June, though the TKMS subsidiary had not publicly confirmed any breach.

  9. Polymarket frontend supply-chain attack drains $3 million

    Attackers compromised a third-party frontend vendor and injected malicious JavaScript into Polymarket's website, tricking users into approving fraudulent transactions and draining about $3 million.

  10. Cisco Unified CM SSRF flaw exploited to drop webshells (CVE-2026-20230)

    Attackers began actively exploiting a critical unauthenticated server-side request forgery flaw in Cisco Unified Communications Manager, tracked as CVE-2026-20230, using the WebDialer service to write files and drop JSP webshells on enterprise telephony servers.

  11. KDDI email-platform breach exposes up to 14.2 million ISP logins

    A flaw in third-party software let attackers breach the shared email platform KDDI operates for six Japanese ISPs, potentially exposing up to 14.22 million email addresses and passwords.

  12. Bajaj Auto hit by ransomware attack on its IT systems

    Indian automaker Bajaj Auto disclosed that a ransomware attack detected on the morning of 23 June 2026 affected systems at the company and its technology subsidiary, prompting containment measures and regulatory filings with CERT-In and SEBI.

  13. NAIC confirms data breach after Oracle PeopleSoft zero-day exploited by ShinyHunters

    The National Association of Insurance Commissioners disclosed on 23 June 2026 that attackers exploited an Oracle PeopleSoft zero-day to access part of its environment, and by 25 June the extortion group ShinyHunters had published the stolen data online, claiming more than 3.1 terabytes.

  14. Phishing breach at healthtech firm Xsolis exposes 1.4 million people

    Xsolis, a US healthcare AI vendor, disclosed that a January phishing attack exposed the personal and protected health information of nearly 1.4 million people.

  15. Qilin claims ransomware attack on the Central Bank of Libya

    The Qilin ransomware group publicly claimed a June cyberattack on the Central Bank of Libya, threatening to leak stolen data after the bank said the intrusion touched a limited number of systems.

  16. Blackfield ransomware hits Nidec's Taiwanese subsidiary, demands $2 million

    Japanese motor and electronics giant Nidec confirmed a ransomware attack on its Taiwanese subsidiary Nidec Chaun Choung Technology, after which the Blackfield gang claimed the breach and demanded a $2 million ransom.

  17. Tata Electronics breach: World Leaks dumps 630GB of alleged Apple and Tesla files

    Tata Electronics confirmed a cyberattack after data-extortion group World Leaks published over 200,000 stolen files, including documents researchers say reference Apple and Tesla.

  18. London Hydro data breach exposes customer account information

    Attackers used a customer account to exploit a system vulnerability at Canadian utility London Hydro, potentially accessing the names, contact details and account information of other customers.

  19. Klue supply-chain breach exposes customers' Salesforce data

    A dormant API credential let attackers compromise competitive-intelligence platform Klue and harvest OAuth tokens for customers' connected apps, exfiltrating Salesforce records from firms including Huntress and Recorded Future in a supply-chain attack later tied to the Icarus extortion group.

  20. Cherry Health discloses data breach after suspected ransomware outage

    Michigan's largest federally qualified health center, Cherry Health, posted a preliminary breach notice on 18 June 2026 after suspicious network activity detected in April triggered a days-long outage and the copying of patient and staff data, including Social Security numbers.

  21. Nintendo employee survey data stolen via third-party TinyPulse platform

    Nintendo of America confirmed that threat actors stole internal employee survey data from TinyPulse, a third-party HR engagement platform it used, after the SHADOWBYT3$ group claimed to have exfiltrated about 859 MB of data and demanded a US$2 million ransom — while stressing that Nintendo's own systems and customer data were not affected.

  22. Texas Parks and Wildlife vendor breach exposes 3 million license holders

    A breach at the third-party vendor that processes Texas hunting and fishing licence sales exposed the driver's licence numbers, passport numbers and contact details of more than three million Texans, though the state said Social Security numbers and financial data were not taken.

  23. Eastman Kodak confirms data breach claimed by ShinyHunters

    Imaging and materials company Eastman Kodak confirmed that an unauthorised third party temporarily accessed a limited amount of company data, after the ShinyHunters extortion gang listed Kodak on its dark-web leak site and claimed to hold more than 2.2 million records of customer and internal corporate data.

  24. FortiBleed: leaked dataset exposes VPN credentials for ~74,000 Fortinet firewalls

    A dataset dubbed FortiBleed exposed valid Fortinet FortiGate VPN credentials — including plaintext passwords — for 73,932 firewall URLs across 194 countries, the product of a Russian-speaking crew that reused passwords from earlier breaches and infostealer logs rather than any new Fortinet vulnerability.

  25. Mastra npm scope hijacked: 144 AI-framework packages backdoored (easy-day-js)

    A hijacked contributor account was used to republish 144 packages in the popular @mastra AI-agent npm scope with a malicious typosquatted dependency, easy-day-js, that pulled down a cross-platform remote-access trojan and cryptocurrency stealer onto any developer machine or build system that installed them.

  26. ShinyHunters leaks Madison Square Garden Sports data online

    The ShinyHunters extortion gang published data it claims to have stolen from Madison Square Garden Sports — owner of the New York Knicks and Rangers — after the company missed a ransom deadline.

  27. UNC6508 PRC-nexus medical & defense research espionage campaign

    Google's Threat Intelligence Group disclosed that PRC-nexus actor UNC6508 spent more than a year inside U.S. and Canadian medical, academic and military-health research environments, compromising legacy REDCap servers, deploying custom INFINITERED malware and abusing Google Workspace email compliance rules to silently exfiltrate research and defense data.

  28. ShinyHunters claims theft of 297GB of Council of Europe payroll and HR data via Oracle PeopleSoft zero-day

    The extortion group ShinyHunters claimed it stole roughly 297GB of payroll, HR and financial records belonging to more than 10,000 current and former Council of Europe staff by exploiting the Oracle PeopleSoft zero-day CVE-2026-35273, prompting the intergovernmental body to investigate.

  29. Cyberattack disrupts four major Iranian banks via their shared communications network

    A cyberattack against the shared communications infrastructure used by Bank Melli, Bank Saderat, Bank Tejarat and the Export Development Bank of Iran knocked ATMs, point-of-sale terminals and online banking offline, though officials said no customer data was accessed.

  30. OptinMonster, TrustPulse and PushEngage WordPress plugins backdoored in Awesome Motive CDN supply-chain attack

    Attackers stole a CDN API key from Awesome Motive and tampered with JavaScript served to the OptinMonster, TrustPulse and PushEngage WordPress plugins, silently creating rogue administrator accounts and planting backdoors on sites whose logged-in admins loaded the malicious code.

  31. 152 'live wallpaper' Chrome extensions caught harvesting user data and faking Google search traffic

    Socket's Threat Research Team uncovered a coordinated family of 152 new-tab 'live wallpaper' Chrome extensions, spread across 38 publisher accounts and three brands, that secretly logged user telemetry and laundered extension-generated visits into fake Google organic search traffic despite declaring they collected no data.

  32. 'Atomic Arch' supply-chain attack hijacks 400+ Arch Linux AUR packages to deploy a credential stealer and eBPF rootkit

    Sonatype researchers uncovered 'Atomic Arch,' a supply-chain campaign in which attackers adopted hundreds of orphaned Arch User Repository packages and rewrote their build scripts to install a malicious npm package that drops a Linux credential stealer with optional eBPF rootkit capabilities.

  33. Novo Nordisk discloses breach of clinical-trial patient data after IT security incident

    Danish pharmaceutical giant Novo Nordisk disclosed that attackers copied pseudonymised patient information from some of its clinical trials out of its internal IT systems, prompting it to take certain systems offline while it investigates.

  34. University of Nottingham student-records breach claimed by ShinyHunters (2026)

    The University of Nottingham confirmed a cyber incident after the ShinyHunters extortion group claimed to have stolen around 40 GB of data from its student-records system, exposing roughly 455,000 email addresses along with names, passport numbers, and fee-payment details.

  35. FulcrumSec leaks Global Schools Foundation data, exposing 33,000+ children's and parents' passports

    The extortion group FulcrumSec claimed it stole roughly 4.8 terabytes of data from Singapore-based Global Schools Foundation after exploiting database credentials left unchanged since a 2022 breach, leaking 33,088 passport numbers belonging to children and parents and around 9.4 million internal messages when ransom negotiations collapsed.

  36. Max-severity Ivanti Sentry flaw exploited for root code execution (CVE-2026-10520)

    Ivanti patched a maximum-severity unauthenticated command-injection flaw in its Sentry mobile gateway that gives attackers root-level remote code execution, and within days real-world exploitation followed a public proof-of-concept, prompting CISA to add it to its Known Exploited Vulnerabilities catalog.

  37. Microsoft Defender 'RoguePlanet' zero-day grants SYSTEM privileges (CVE-2026-47281)

    Researchers disclosed a Microsoft Defender privilege-escalation zero-day dubbed RoguePlanet (CVE-2026-47281) that abuses a race condition to redirect a SYSTEM-level file operation and hand a local attacker full SYSTEM access on fully updated Windows machines.

  38. Oracle PeopleSoft PeopleTools zero-day exploited by ShinyHunters (CVE-2026-35273)

    Oracle issued an emergency out-of-band alert after the ShinyHunters crew exploited a critical unauthenticated remote-code-execution zero-day in PeopleSoft PeopleTools to steal data from more than 100 organisations, most of them universities.

  39. Google patches actively exploited Chrome V8 zero-day (CVE-2026-11645)

    Google shipped an emergency Chrome update fixing CVE-2026-11645, a high-severity out-of-bounds memory flaw in the V8 engine that lets a crafted web page run arbitrary code and for which an exploit already exists in the wild.

  40. ServiceNow discloses unauthenticated API flaw that let attackers query customer instance data

    ServiceNow disclosed that a misconfigured, unauthenticated REST API endpoint allowed actors to query data from hosted customer instances, an issue the company patched on 5 June but did not publish a (login-gated) advisory for until days later.

  41. French government Tchap messaging platform breached via hijacked account (2026)

    French authorities confirmed that an attacker hijacked a Tchap user account to access public chat rooms on the French state's secure messaging platform, with the intruder claiming to have scraped tens of thousands of accounts and hundreds of thousands of messages.

  42. Check Point VPN authentication-bypass zero-day exploited in the wild (CVE-2026-50751)

    Check Point disclosed that attackers, including a Qilin ransomware affiliate, were actively exploiting a critical authentication-bypass zero-day (CVE-2026-50751) in its Remote Access and Mobile Access VPN products to log in without a valid password.

  43. Meta Instagram 'High Touch Support' account-takeover breach (2026)

    Attackers abused a verification flaw in Meta's AI-assisted Instagram account-recovery tool, High Touch Support, to trigger password resets and hijack 20,225 accounts before Meta detected and disabled the tool.

  44. Baker Distributing ShinyHunters Salesforce data-extortion leak (2026)

    After negotiations stalled, the ShinyHunters extortion crew published data it claimed to have stolen from Baker Distributing's Salesforce and SharePoint systems, exposing more than 100,000 customer email addresses and contact records.

  45. Cisco SD-WAN Manager zero-day exploited in the wild (CVE-2026-20245)

    Cisco warned that an unpatched high-severity zero-day in Catalyst SD-WAN Manager (CVE-2026-20245) was being actively exploited to execute arbitrary commands and escalate to root, after Mandiant reported a limited number of real-world attacks.

  46. Miasma worm hits 73 Microsoft GitHub repositories in supply-chain attack (2026)

    A self-replicating supply-chain worm dubbed Miasma compromised 73 repositories across four Microsoft GitHub organisations, planting configuration files that harvested cloud and developer credentials when the projects were opened in AI coding agents such as Claude Code and Cursor.

  47. IronWorm self-propagating malware hits 36 npm packages (2026)

    Researchers disclosed IronWorm, a Rust-based, self-propagating infostealer that compromised 36 npm packages, stealing developer and CI secrets and republishing trojanized packages using stolen npm publishing credentials.

  48. DentaQuest ShinyHunters data breach exposes 2.6 million accounts (2026)

    Dental benefits administrator DentaQuest confirmed a network breach after the extortion group ShinyHunters leaked roughly 234 GB of stolen data, exposing personal, identity, and health-insurance information tied to about 2.6 million accounts.

  49. Google patches actively exploited Android zero-day (CVE-2025-48595)

    Google's June 2026 Android security update fixed 124 vulnerabilities, including CVE-2025-48595, an actively exploited integer-overflow flaw in the Android Framework that lets a local attacker escalate privileges without user interaction.

  50. World Food Programme breach exposes data of 600,000 Gaza households (2026)

    The UN World Food Programme disclosed that attackers gained unauthorized access to its self-registration application for Palestine, exposing names, ID and phone numbers, and location data for roughly 600,000 households in Gaza in what may be the largest known breach of humanitarian beneficiary data.

  51. Atlas Menu data breach (2026)

    In May 2026, the GTA V and CS2 cheat service Atlas Menu suffered a data breach. An attacker claimed to have gained access to all Atlas systems and published the service's database to a public GitHub repository.

    Data breachResolved
  52. BCD Travel data breach (2026)

    In May 2026, the corporate travel management company BCD Travel was claimed as a victim of the ShinyHunters "pay or leak" extortion campaign. Data allegedly obtained from BCD was subsequently published publicly in early June and contained 396k unique email addresses.

    Data breachResolved
  53. 1,528 contacts at Nature & Cie, claimed leak

    In late May 2026, a B2B commercial database attributed to French organic-food distributor Nature & Cie surfaced on a cybercriminal forum, exposing roughly 5,635 stores, over 1,500 professional contacts and around 1,500 sales-visit reports covering Biocoop, Naturalia and La Vie Claire partners.

  54. Eyguières town hall paralyzed by ransomware

    On 22 May 2026, the town hall of Eyguières (Bouches-du-Rhône, ~7,000 inhabitants) was hit by a Qilin ransomware attack that took down its municipal IT systems and put residents' administrative and personal data at risk of compromise.

  55. Les Embruns d'Oléron: data of 1,800 campsite holidaymakers exfiltrated

    On 24 May 2026, the 4-star campsite Les Embruns d'Oléron in Le Château-d'Oléron, France, was hit by a data breach exposing some 39 GB of internal files, including the personal and booking details of at least 1,832 holidaymakers from 2024-2026 reservations.

  56. Optic 2000: nearly 8,000 PDF invoices and franchisee data leaked

    The Optic 2000 group, one of the leading networks of opticians in France, appears in a data leak published on a cybercrime forum. The

  57. Leak at Alan (via Almerys)

    On 23 May 2026, French digital health insurer Alan warned members that a cyberattack on its third-party claims processor Almerys had exposed their personal data — names, dates of birth, social security numbers and insurance contract details — though payment, password and health data were spared.

  58. 18,140 people affected by claimed leak at AVEA Vacances

    On 23 May 2026, AVEA Vacances, a French association organising educational stays and holiday camps for children and teenagers, was named in a forum leak of roughly 46,000 records (128 MB), including an 18,140-line file of postal-worker and CSE data plus booking and accounting documents.

  59. Avea Vacances hit by a cyberattack: 46,000 stay records exposed

    On 23 May 2026, French holiday-camp association Avea Vacances was named by the threat actor ChimeraZ, who published roughly 46,000 records (128 MB) on a cybercrime forum, including stay-organisation documents and a file of more than 18,000 La Poste employees' details.

  60. Camping-Car Plus: victim of a data leak, passwords exposed

    Camping-Car Plus, a French e-commerce retailer of motorhome and camper-van accessories, notified customers in May 2026 of a data breach exposing names, postal and email addresses, phone numbers and account login credentials including passwords; no banking data was affected.

  61. Charter data breach (2026)

    In May 2026, the telecommunications company Charter Communications (the parent company behind the consumer broadband and cable brand Spectrum) was named by the ShinyHunters group in a "pay or leak" extortion campaign.

    Data breachResolved
  62. Delko, ongoing cyberattack and extortion.

    A data leak targeting Delko, a French network of garages and car maintenance centres, is currently being claimed by the cybercriminal group LAPSUS$, known for its extortion operations…

  63. Largo hit by a cyberattack: customer and order data leaked

    The French high-tech refurbishment specialist Largo informs its customers that it was the victim of a security incident that affected part of

  64. Almerys at the heart of a massive leak of 15 million social security numbers

    In May 2026, French third-party health-payment operator Almerys disclosed a breach after a database of more than 44 million records — including 15.4 million unique social security numbers, names, birthdates and insurance details — was offered for sale on a cybercrime forum.

  65. Atol Mon Opticien: 5.9 million customers exposed in a massive data leak

    On 22 May 2026, a database holding the personal records of roughly 5.9 million customers of French optical chain Atol Mon Opticien was put up for sale on a cybercrime forum, exposing names, birthdates, emails, phone numbers and postal addresses.

  66. 5,924,215 Atol customer records: claimed data leak

    On 22 May 2026, a database allegedly holding 5,924,215 customer records from the French optician cooperative Atol was put up for sale on a cybercrime forum, exposing names, birth dates, postal addresses, emails and phone numbers.

  67. Auchan Optique: more than 218,000 customers leaked after a cyberattack

    On 22 May 2026, a database holding the records of about 218,000 Auchan Optique customers — names, dates of birth, postal addresses, phone numbers and account identifiers — was put up for sale on a cybercrime forum, part of a coordinated wave of leaks hitting French opticians.

  68. Jimmy Fairly: massive leak of 357,000 customers after a cyberattack

    On 22 May 2026, a database attributed to French eyewear retailer Jimmy Fairly was put up for sale on a cybercrime forum, exposing the personal details of more than 357,000 customers, including names, full postal addresses, emails and dates of birth.

  69. Data leak at the Haute-Garonne departmental digital media library

    In May 2026, the Haute-Garonne departmental digital media library network (media31.mediatheques.fr) confirmed an intrusion after the threat actor AplaGroup exploited critical vulnerabilities and extracted user-account data on roughly 765 people.

  70. Leak at the Haute-Garonne Departmental Council digital media library

    Disclosed around 22 May 2026, the Haute-Garonne departmental media library network (Média31) was breached via exploited website vulnerabilities, exposing data on roughly 765 users including names, emails, dates of birth, cities and login details.

  71. Move Up Formation hacked: database, source code and administrator access leaked

    On 22 May 2026, French professional-training provider Move Up Formation (moveup-formation.fr) was listed on a cybercrime forum, where attackers claimed to have stolen its full SQL database, customer records, the site's entire source code and Stripe administrator access.

  72. Data leak at Nemea Groupe confirmed by the company

    Nemea Groupe, a French operator of student residences, tourist residences and apart'hotels, confirmed a data breach affecting rental applicants after attacker ChimeraZ exfiltrated a database covering about 12,590 individuals, exposing identity, contact, banking and scanned ID documents.

  73. 23,685 records: claimed leak at ATOA

    A threat actor put a database from ATOA — a French real-estate tokenization and fractional-investment fintech — up for sale on a dark web forum, exposing roughly 23,685 user and financial records plus 326 full KYC archives containing passports, ID cards and banking details.

  74. McDonald's hit by a cyberattack: loyalty accounts used without customers' knowledge

    On 21 May 2026, McDonald's France confirmed a credential-stuffing campaign that hijacked customer McDo+ loyalty accounts, with fraudsters draining accumulated points for free orders; no banking data was affected and the company launched a mass password reset.

  75. GitHub hit by a cyberattack, nearly 4,000 internal private repositories leaked

    GitHub, the development platform used by millions of developers worldwide, confirmed having been the victim of a cyberattack that

  76. 99,671 people: claimed data leak at Lagrange Vacances

    On 19 May 2026 a threat actor known as ChimeraZ claimed to have leaked a database of French holiday-rental operator Lagrange Vacances, allegedly exposing booking records for more than 44,000 holidaymakers, reportedly via an IDOR vulnerability.

  77. Leak at Maeva

    In May 2026, Maeva — the holiday-rental brand of Pierre & Vacances-Center Parcs — disclosed a breach in which an attacker scraped up to ten years of booking data, exposing names, dates of birth, phone numbers and stay details for around 4.5 million customers across 1.6 million reservations.

  78. Groupe CRIT: HR documents and ID papers from a Tunisian subsidiary exposed

    The Titan ransomware group claimed a double-extortion attack on Groupe CRIT's Tunisian subsidiary CRIT Tunisie, leaking payroll and administrative records, financial files and scanned identity documents and passports belonging to workers and employees.

  79. MediaVacances: 256,000 invoices exposed in a data leak

    On 18 May 2026, MediaVacances, a French peer-to-peer vacation-rental platform, had a database of roughly 256,000 customer invoices spanning 2005 to 2026 published on a cybercriminal forum, exposing names, addresses, payment details and listing data.

  80. Gîtes de France: 389,000 customers' bookings in a data leak

    On 17 May 2026, the French rural-tourism rental network Gîtes de France disclosed a data leak exposing booking records for 389,129 customers — names, contact details, postal addresses and stay details — taken via fraudulent access tied to a shared IT provider.

  81. Transitions Pro Centre-Val de Loire: tens of GB of data threatened after a ransomware attack

    Transitions Pro Centre-Val de Loire, the regional body that funds and supports employee career-retraining projects, was hit by the Prinz Eugen ransomware group, which claimed to have exfiltrated and encrypted hundreds of gigabytes of HR, financial and personal data and threatened to publish it.

  82. Djaboo: more than 25 GB of sensitive internal files published after a cyberattack

    On 15 May 2026, more than 25 GB of internal data from French document-management platform Djaboo (djaboo.com) was published on a cybercriminal forum, including a full database dump and records for 12,378 CRM accounts, 6,372 client companies and 13,578 individuals.

  83. Pierre & Vacances: 4.5 million holidaymakers exposed in a massive data leak

    In May 2026, French tourism group Pierre & Vacances-Center Parcs disclosed a breach of its maeva-owned 'La France du Nord au Sud' platform, exposing personal data tied to about 1.6 million reservations and up to 4.5 million customers, including names, dates of birth, phone numbers and stay details.

  84. OpenAI: internal data compromised after installation of the booby-trapped TanStack library

    OpenAI confirmed in May 2026 that two employee devices were compromised through the TanStack npm supply-chain attack, allowing attackers to exfiltrate limited authentication credentials from internal code repositories that contained its software signing certificates.

  85. 4.5 million Pierre & Vacances-Center Parcs customers, data leak

    Pierre & Vacances-Center Parcs customers are affected by a data leak confirmed by the group, linked to the La France du Nord au Sud booking platform, used in particular for…

  86. Collège de France: more than 1,600 researchers, teachers and internal documents leaked

    On 14 May 2026, a threat actor known as ChimeraZ claimed a leak of around 1,600 researcher and staff profiles from the Collège de France, along with hundreds of megabytes of internal files pulled from a Nextcloud file-sharing instance.

  87. EFC Formation: a massive leak exposes 60,000 administrative documents and 49,000 students

    On 14 May 2026, threat actor ChimeraZ leaked data from EFC Formation (École Française de Comptabilité), publishing a 1.3 GB archive on about 49,000 students and offering a second 41 GB set of 60,683 administrative and banking PDFs for sale.

  88. FFMOTO: 2.3 million French motorcyclists exposed in a data leak

    On 13 May 2026, a threat actor using the alias lazasec123 advertised a database of roughly 2.3 million profiles tied to French motorcycle licences and FFMOTO.org, exposing names, dates of birth, postal addresses, emails and phone numbers, offered for sale at 150 euros.

  89. 422 email addresses exposed in a claimed data leak at Union-prof.asso.fr

    On 14 May 2026, the cybercriminal ChimeraZ published roughly 11,000 documents (about 8.6 MB of JSON and PDF files) attributed to UPPCTSC (Union-prof.asso.fr), exposing training-center conventions, institution details, professional email addresses and timestamped download logs.

  90. A.R.Ge.Co: accounting and financial data leaked after a cyberattack

    The Anubis ransomware group claims to have compromised the systems of A.R.Ge.Co, a French company specializing in accounting services and

  91. Akitatek: data on nearly 5,500 customers leaked after a cyberattack

    On 13 May 2026, a threat actor known as ChimeraZ published on a cybercrime forum a roughly 1 MB JSON file said to contain about 5,500 customer profiles from French online computer-hardware retailer Akitatek, exposing names, postal addresses and phone numbers.

  92. Foxconn Nitrogen ransomware breach (2026)

    The Nitrogen ransomware group claimed on its dark-web leak site that it had stolen over 11 million files from Foxconn's North American facilities, including confidential information belonging to customers Apple, Dell, Google, Intel, Nvidia, and Sony. Foxconn said affected factories were resuming normal production.

  93. Le Domaine des Tournels targeted by a cyberattack

    The Qilin ransomware group claims to have compromised the systems of Le Domaine des Tournels, an establishment located in the Gulf of Saint-Tropez. At this

  94. Mistral AI: 450 private repositories and 5 GB of internal code threatened with release after a cyberattack

    A hacker going by the name TeamPCP claims to hold a significant quantity of internal data belonging to Mistral AI, the French startup

  95. Škoda: a cyberattack exposes passwords and customer data of the online store

    Carmaker Škoda, a subsidiary of the Volkswagen group, has confirmed it was the victim of an intrusion targeting its online store. According to

  96. Woop: more than 256,000 users exposed with contact details and banking data

    On 13 May 2026, a database of 256,319 records attributed to French last-mile delivery platform Woop (woopit.fr) was put up for sale on a cybercriminal forum, exposing names, postal addresses, phone numbers, email addresses, birth dates and banking details.

  97. Data leak at Best Western Hotels - customer reservations accessed

    Best Western parent BWH Hotels disclosed in May 2026 that an unauthorised third party had access to a guest-reservation web application from 14 October 2025 to 22 April 2026, exposing names, emails, phone numbers, postal addresses and booking details; payment data was not affected.

  98. CalendrIDEL: data of 1,400 self-employed nurses publicly disclosed

    On 11 May 2026, a dataset attributed to CalendrIDEL, a French scheduling platform for self-employed nurses, was posted on a cybercrime forum, exposing the email addresses, mobile numbers, postal codes and profile names of roughly 1,400 nurses.

  99. CARMF: 2.4 million doctor records leaked after a cyberattack

    In May 2026, an actor using the alias lazasec claimed to have breached CARMF, France's pension and benefits fund for self-employed doctors, leaking a database of up to 2.4 million records with names, contributor codes, postal addresses and last-declaration dates; CARMF said the exposed data was public and non-sensitive.

  100. Data leak at Enercoop after account compromise

    On 11 May 2026, French renewable-energy cooperative Enercoop suffered a security incident in which email addresses tied to customer, prospect and member accounts were compromised and abused to send fraudulent phishing messages impersonating its customer service.

  101. La Boîte Immo: profiles and real estate documents released after a cyberattack

    The hacker ChimeraZ claims to hold data linked to La Boîte Immo, a French company specialized in software and digital services for

  102. 6,410 LuxTrust accounts linked to Thales: claimed leak

    On 12 May 2026, a threat actor known as ChimeraZ published an 85 MB JSON file with roughly 6,410 user profiles from a digital-trust platform tied to LuxTrust and Thales, exposing names, emails, phone numbers, organizations and account roles.

  103. Nuhanciam: over 156,000 customers exposed in a leak targeting the cosmetics brand

    In May 2026, a database attributed to French dermo-cosmetics brand Nuhanciam surfaced on a cybercrime forum, exposing more than 156,000 customer records including names, emails, dates of birth, postal addresses, phone numbers and hashed passwords.

  104. Roubaix: the Kiosque famille suspended after a data leak concerning schoolchildren

    The town of Roubaix disclosed a data breach on its Kiosque famille school-services platform after two user accounts were compromised, exposing identity and schooling details of 165 enrolled children and their families; no banking data was affected.

  105. Thales: thousands of employee records released publicly on a cybercriminal forum

    On 12 May 2026, a threat actor known as ChimeraZ published an 85 MB JSON file with roughly 6,400 user profiles tied to French defence group Thales; the data originated from LuxTrust, an outsourced e-signature provider, and exposed names, emails, phone numbers, organisations and account roles.

  106. Kams Paris: 188,000 customer contact details and IBANs exposed after a cyberattack

    On May 10, 2026, a database of 187,927 records attributed to Paris niche perfumery Kams Paris was put up for sale on a cybercriminal forum, exposing customers' names, postal addresses, phone numbers, dates of birth and IBANs.

  107. Leak at Once for all (via Actradis)

    On 11 May 2026, Once For All disclosed unauthorized access to its Actradis B2B compliance platform, exposing professional contact data (names, professional emails, phone and contact details); a leaked database circulating since early May reportedly held about 305,000 records.

  108. Leak at La France Insoumise

    In May 2026, France's La France Insoumise party had data from its Action Populaire activist platform stolen and posted on a hacking forum, exposing some 120,000 email addresses, 20,000 phone numbers, postal addresses and member activity spanning 2017-2026.

  109. 765 users affected by claimed leak at Média31

    On 9 May 2026, the threat actor AplaGroup claimed an intrusion into Média31, the online media-library platform of the Haute-Garonne departmental libraries (France), exposing data on roughly 765 users; the breach was confirmed on 21 May 2026.

  110. Monservicederemplacement.fr: nearly 185,000 people exposed in a sensitive data leak

    A database tied to Monservicederemplacement.fr, the platform run by France's agricultural replacement service (Service de Remplacement France), surfaced online in May 2026, exposing 213,477 records on about 184,724 people, including names, contact details, dates of birth and social security numbers.

  111. Arsène Valentin: customer data exposed after malicious code was injected on the site

    On 8 May 2026, French e-cigarette retailer Arsène Valentin disclosed that malicious code injected into its e-commerce website had exposed customer personal data — names, emails, postal addresses, phone numbers, dates of birth and order history; the breach was reported to the CNIL.

  112. 812,000 Boulangerie Ange customers affected by a data leak

    On 8 May 2026, French bakery chain Boulangerie Ange confirmed a data breach exposing the names, phone numbers and cities of around 812,000 customers registered on its digital services, after an exposed authentication token allowed API access to its database.

  113. Soprolux: banking documents and customer data released after a cyberattack

    In May 2026, the BravoX ransomware group claimed a double-extortion attack on Soprolux, a French food distributor serving restaurants and professional clients, publishing banking documents, SEPA mandates, IBAN/RIB details and customer and supplier records to pressure the company.

  114. West Pharmaceutical: the Nouvion-en-Thiérache plant paralysed by a cyberattack

    In early May 2026, West Pharmaceutical's plant at Le Nouvion-en-Thiérache (Aisne, France), which employs around 770 people making rubber components for syringes and medical devices, was hit by a cyberattack that halted production for roughly two weeks; no data exfiltration was confirmed.

  115. Académie de Montpellier: sensitive document leak after a cyberattack

    In early May 2026, the MedusaLocker ransomware gang listed the Académie de Montpellier / CSJM — a French public-school network around Béziers — on its leak site, claiming to have exfiltrated administrative documents and credentials, with reported exposure of 309 staff and 6,915 user accounts.

  116. Action Populaire: data linked to La France Insoumise activists leaked

    On 7 May 2026, a hacker using the alias 'fuzzeddffmepg' claimed to have breached Action Populaire, the activist platform of France's La France Insoumise party, exposing roughly 120,000 email addresses, 20,000 phone numbers, private messages and payment data spanning 2017-2026.

  117. Leak at Bilov

    In May 2026, Bilov — operator of the French Boulangeries Ange bakery chain — disclosed a data breach exposing the personal details (name, city, phone number) of around 812,000 customers after an active authentication token allowed unauthorized API access.

  118. Leroy Merlin: more than 367,000 customers exposed in a leak linked to the Leroy&moi program

    On May 6, 2026, a threat actor using the alias Lagui posted a database of 367,462 Leroy Merlin France loyalty-program customers — names, dates of birth, contact details, postal addresses and account data — said to have been harvested by automated scraping of the Leroy&moi platform.

  119. BookMyName: a cyberattack compromised data linked to domain names

    French domain registrar BookMyName detected a security incident on 5 May 2026 in which an attacker exploited a vulnerability to fraudulently alter domain contact data, exposing logins, names, emails, phone numbers and postal addresses of some customers.

  120. Cetelem: customer email addresses exposed after a cyberattack

    Cetelem, the consumer-credit brand of BNP Paribas Personal Finance, confirmed a cyberattack on 20 April 2026 that exposed the email addresses of several hundred thousand customers; the company says no passwords, banking or payment data were compromised.

  121. Cushman & Wakefield data breach (2026)

    In May 2026, the real estate services firm Cushman & Wakefield was the target of a "pay or leak" extortion campaign by the ShinyHunters group. Following the threat, the group publicly published data they alleged had been obtained from the firm, consisting mostly of C&W email addresses along with…

    Data breachResolved
  122. Erla Technologies: a data leak claimed by a ransomware group

    On 5 May 2026, the SpaceBears ransomware group listed French industrial-equipment manufacturer Erla Technologies SAS on its leak site, claiming to have stolen employee and client personal data, financial documents and project files — including documentation tied to a French army client.

  123. Newdeal Institut: a database exposed with passwords and sensitive documents

    A database attributed to Newdeal Institut, a language training centre, has been published on a cybercrime forum by a hacker posing as

  124. Quiberon: municipal services disrupted after a cyberattack

    On 3 May 2026 the town of Quiberon (Morbihan, France) was hit by a Qilin ransomware attack that encrypted part of its IT systems and exfiltrated personal data; the city refused the ransom and began a gradual, secured rebuild of its infrastructure.

  125. 220 candidates in data leak at Auto École du Lys

    On 4 May 2026, Auto École du Lys — a French driving school in Dammarie-les-Lys — was hit by a confirmed data leak exposing files on its 220 candidates, including very recent records with driving-exam dates running up to April 2026.

  126. 428 candidates of Auto École du Moulin affected by a data leak

    Auto École du Moulin, a driving school in La Rochelle, France, suffered a data leak disclosed on 4 May 2026 that exposed personal records of 428 candidates, including their driving-licence examination history.

  127. 1,556 candidates: data leak at École de conduite Vincent

    On 4 May 2026, a confirmed data leak at École de conduite Vincent, a driving school in Ancenis-Saint-Géréon (France), exposed the records of around 1,556 candidates, including names, dates of birth, emails, NEPH dossier numbers and detailed driving-exam histories.

  128. École de Psychologues Praticiens: student database exposed in a massive leak

    On 4 May 2026, a threat actor using the alias Spirigatito claimed to publish roughly 55 GB attributed to France's École de Psychologues Praticiens (Psycho-Prat), including a student database, ID documents, IBANs and the site's full source code.

  129. Groupe CGA: 65,000 customers and 2,500 employees included in a data leak

    On 4 May 2026, the threat actor DumpsecV2 claimed a breach of French automotive dealership group Groupe GCA, exposing data on roughly 65,000 customers and 2,500 employees, including names, contact details and vehicle information such as registration numbers and VINs.

  130. 67,500 Groupe GCA customers affected by a claimed data leak

    Customers of Groupe GCA, a network of car dealerships, are reportedly affected by a claimed leak impacting nearly 67,500 people, according to the claim. The Dumpsec collective states…

  131. i-Run: the leak of 1.2 million customers does not come from their database

    In May 2026 a threat actor using the alias lowiq advertised a database of roughly 1,223,520 records attributed to French running-gear e-tailer i-Run, but the company investigated and determined the data did not originate from its own systems.

  132. La Redoute: a logistics database of 96,000 customers tied to deliveries leaked

    On 4 May 2026 a hacker using the alias Lagui published a database of roughly 96,000 La Redoute customers — names, postal addresses, phone numbers, emails and order/delivery histories — that the retailer traced to a January 2026 breach at its logistics partner Relais Colis.

  133. Smallable: nearly 700,000 children in a public data leak

    The hacker ChimeraZ has published a database attributed to Smallable.com, an e-commerce site specialising in children's and family products. The

  134. Actradis: 82,000 business customers and 222,000 internal tracking records leaked

    On 3 May 2026, a threat actor using the alias Lagui published a database attributed to Actradis, a French enterprise compliance-document platform, exposing roughly 82,611 client records and 222,473 internal tracking entries.

  135. Clinique Ambroise Paré Beuvry: also a victim of a cyberattack

    The Ambroise Paré clinic in Beuvry says it was the victim of a cybersecurity incident on 21 April 2026, according to a communication published on 30

  136. Leak at French Basketball Federation

    In April 2026 the French Basketball Federation (FFBB) suffered a data breach after an attacker abused a compromised user account in its licensee-management tool, exposing identity and contact details of up to ~2 million licensees and ~900,000 legal representatives.

  137. Leak at Interrail

    A December 2025 cyberattack on Eurail B.V., operator of the Interrail and Eurail rail passes, exposed personal data of roughly 308,000 travellers — including names, contact details, dates of birth and passport numbers — which by 2026 was being sold on the dark web.

  138. Profil Search: over 100,000 candidate profiles exposed in a data leak

    A threat actor known as Lagui published a database attributed to French recruitment firm Profil Search containing roughly 100,642 candidate records, exposing names, emails, phone numbers, postal addresses and professional details.

  139. French Ministry of Sports: more than 217,000 photos and sensitive data of educators leaked

    A hacker using the alias Cybernox claims to be putting up for sale a database attributed to the French Ministry of Sports, Youth and

  140. ObjetRama: over 80,000 customers exposed in a 209,000-row leak

    On 2 May 2026, a database attributed to French promotional-items retailer ObjetRama.fr was published by a hacker using the alias ChimeraZ, exposing roughly 209,000 order and billing records tied to nearly 80,000 distinct customers.

  141. Service Civique: contacts from public and association organisations published after a cyberattack

    France's Agence du Service Civique disclosed a personal-data breach affecting its volunteer-host training platform, after a database of contacts at accredited organisations — names, emails, postal addresses, phone numbers and accreditation numbers — was published on a cybercrime forum.

  142. Faco Paris: more than 11,000 sensitive documents, IBANs and source code exposed in a leak

    On 1 May 2026, a hacker claimed to have breached Faco Paris, a private higher education institution, and released a roughly 12 GB archive holding over 11,000 sensitive documents, 27,000+ source code files, identity papers, IBANs and student data.

  143. Instructure Canvas LMS ShinyHunters breach (2026)

    ShinyHunters exploited Canvas's Free-For-Teacher account programme to exfiltrate 3.65 TB of data spanning approximately 275 million users across nearly 9,000 schools — names, email addresses, student IDs, and some private messages between students and teachers. Instructure reportedly paid the ransom and the data was destroyed.

  144. Jour de Fête: 543,000 customer accounts leaked after a cyberattack

    On 1 May 2026, a database holding 543,124 customer records attributed to boutique-jourdefete.com — the online store of French party-supplies retailer Jour de Fête — surfaced on a cybercrime forum, exposing names, emails, postal addresses, phone numbers and login tokens.

  145. 67,767 La Pizza de Nico customers - claimed data leak

    On 1 May 2026, French pizzeria chain La Pizza de Nico was named in an unverified breach claim alleging that a database of 67,767 customers had been published, exposing personal contact details of nearly 68,000 people.

  146. Madeindesign: 464,000 customer accounts exposed in a data leak

    On 1 May 2026, a database attributed to French design e-commerce site Madeindesign.com was posted on a cybercrime forum by a threat actor known as ChimeraZ, exposing around 464,000 customer accounts in a roughly 205 MB JSON dataset; the company has not formally confirmed the breach.

  147. ADEMI: cyberattack on an agricultural weighing system

    A database attributed to ADEMI, an agricultural weighing system, is currently circulating online, exposing sensitive information related to

  148. Ankama: customer contact details exposed after a cyberattack

    On 30 April 2026, French video game studio Ankama (Dofus, Wakfu) disclosed a cyberattack that gave attackers unauthorized access to account data — names, emails, cities, IP addresses, order history and partial card numbers — affecting hundreds of thousands of players.

  149. AQUAES: contact details of environmental consulting firms exposed

    A database attributed to AQUAES, a directory of French environmental consulting and engineering firms, surfaced online on 30 April 2026, exposing firm names, manager names, full postal addresses, phone numbers, email addresses, websites and GPS coordinates.

  150. 374 customers affected by a data leak at Deltadore

    Disclosed on 30 April 2026, a data leak at French smart-home manufacturer Delta Dore exposed personal data of at least 374 people registered on its professional training portal, formation-pro.deltadore.fr, prompting affected-user notifications.

  151. Reborn Gaming data breach (2026)

    In April 2026, the gaming community Reborn Gaming suffered a data breach due to a vulnerability in cPanel and WebHost Manager (WHM). The breach exposed 126 unique email addresses along with IP addresses and Steam IDs. Reborn Gaming self-submitted the data to Have I Been Pwned.

    Data breachResolved
  152. Yomoni contests the data leak involving 443,000 customers

    On 30 April 2026 a hacker claimed to be selling a 443,000-record database tied to French online savings platform Yomoni, exposing names, contact details, dates of birth and tax-residency data; Yomoni disputed the leak after investigation.

  153. Acrimed: online shop hit by a cyberattack

    On 29 April 2026, French media-criticism association Acrimed disclosed a cyberattack on its online shop that exposed customers' email addresses, encrypted passwords and order history; names, postal addresses, phone numbers and banking details were said to be unaffected.

  154. Aréli: some of its partners exposed after a cyberattack

    Aréli, a Lille-based social-housing association, disclosed via a letter to partner organizations that a 12 January 2026 cyberattack exposed partner contact details and bank account information (RIB), affecting less than 2% of the data held on its servers.

  155. Campus France: 18,000 applications exposed after a leak targeting a public service

    On 29 April 2026, a threat actor published a partial database from toucan.campusfrance.org, the online application platform of France's public higher-education agency Campus France, exposing roughly 18,000 international student application files (about 430 MB of JSON) including names, emails, and chosen programs.

  156. Saint-Étienne: city hit by a cyberattack through its ticketing provider

    On 29 April 2026, the City of Saint-Étienne and Saint-Étienne Métropole disclosed a security incident at their third-party ticketing provider, prompting the precautionary deactivation of user account passwords and a forced reset for online ticketing customers.

  157. MyPiscine: customer orders and accounts exposed after a cyberattack

    The MyPiscine e-commerce site informs its customers that it was hit by an intrusion on 23 April 2026, resulting in unauthorised access to certain

  158. Vimeo data breach (2026)

    In April 2026, the ShinyHunters extortion group listed Vimeo on their extortion portal as part of their "pay or leak" campaign. They subsequently published hundreds of gigabytes of data, predominantly consisting of video titles, technical data and metadata.

    Data breachResolved
  159. Bordeaux Métropole: leak of 11,000 tourist tax filers and tourist rental addresses

    A threat actor leaked a database extracted from Bordeaux Métropole's tourist tax portal, exposing the names, emails, phone numbers and property addresses of around 11,000 holiday-rental declarants; the metropolitan authority later confirmed the breach.

  160. Exclusive Networks: cyberattack at a key player in cybersecurity solutions

    On 27 April 2026, the Qilin ransomware group listed Exclusive Networks — the France-headquartered global cybersecurity and IT distributor — on its leak site, threatening to publish stolen data unless the company entered negotiations; the scope remained unconfirmed.

  161. L'Opticienne Verte: 13,039 customers exposed after a cyberattack

    On 27 April 2026, French eco-friendly online eyewear brand L'Opticienne Verte was named in an unverified data-leak claim involving 13,039 customer records — names, emails, phone numbers, postal addresses and dates of birth; the company disputes any intrusion.

  162. Université de Toulouse: students and staff exposed after a cyberattack

    On 27 April 2026, a group calling itself LunarisSec claimed to have breached Université de Toulouse and leaked a database of academic profiles—names, emails, phone numbers and research details for faculty, doctoral candidates and staff—though the university issued no official confirmation.

  163. CTT data breach (2026)

    In April 2026, data allegedly obtained from CTT, Portugal's national postal service, was posted to a public hacking forum. The data included 468k unique email addresses along with names, phone numbers and parcel tracking numbers which can be used to retrieve the tracking history of the parcel.

  164. French Ministry of Ecological Transition: more than 1,000 staff accounts compromised

    On 26 April 2026, a database of 1,154 user profiles tied to the French Ministry of Ecological Transition was published online, exposing staff names, professional @developpement-durable.gouv.fr email addresses, login dates and group memberships.

  165. National Gendarmerie: nearly 60,000 gendarmes exposed after the Resana leak was republished

    On 26 April 2026, the hacker Angel_Batista republished a dataset on about 59,000 French National Gendarmerie members — names, phone numbers, personal and professional emails, postings and account details — scraped in 2025 from the inter-ministerial Resana platform.

  166. Sejourneur.com: 53,000 bookings and thousands of invoices in a data leak

    On 26 April 2026, a threat actor known as ChimeraZ published online the database of Sejourneur.com, a French seasonal-rental management platform, exposing around 53,000 bookings, over 7,000 PDF invoices and personal data on more than 46,000 people.

  167. Adele.org: leak of 261,000 student housing files with ID cards and passports

    On 25 April 2026, a hacker using the alias ChimeraZ claimed to have stolen and published the database of French student-housing platform Adele.org, exposing roughly 261,000 rental application files (~560 MB) containing scanned ID cards, passports, health-insurance cards, bank details and tax documents.

  168. Leak at Céram Décor

    On 25 April 2026, a confirmed data leak exposed customer personal data — names, email addresses, phone numbers, postal addresses and hashed passwords — from French ceramic and tile decoration retailer Céram Décor.

  169. 86,683 teachers affected by a data leak at IFprofs

    On 25 April 2026, IFprofs — the global social network for French-language teaching professionals run by the Institut français — had a database of roughly 90,000 member accounts published online by a threat actor known as ChimeraZ, exposing profile details and platform activity.

  170. Agence de services et de paiement (ASP): sensitive data leak, social security numbers and IBANs exposed

    The Agence de services et de paiement (ASP), the public body responsible for paying out many state benefits, has confirmed a security incident that

  171. Leak at Agence Nationale des Fréquences

    ANFR, France's national frequency agency, disclosed that an intrusion into its Radiomaritime online service exposed the personal data — names, postal addresses, phone numbers, emails and dates of birth — of roughly 330,000 users; a sample was put up for sale online.

  172. ANFR: 330,000 users of the Radiomaritime service affected after a cyberattack

    The Agence Nationale des Fréquences (ANFR), the public authority responsible for managing the radio spectrum in France, has been the victim of a cyberattack

  173. STOR Solutions: a hacker claims access to 120,000 UPS units and the datacenter's systems

    On 24 April 2026 an unnamed hacker claimed on Telegram to have compromised the supervision infrastructure of STOR Solutions, a La Réunion datacenter operator, alleging access to internal monitoring consoles and to 120,000+ UPS units; the claims remain unverified.

  174. Data leak at Système U

    In April 2026, French retail cooperative Système U disclosed a breach of its magasins-u.com loyalty portal in which attackers gained unauthorized access to customer accounts, exposing names, contact details and loyalty-card numbers but no banking data.

  175. Udemy data breach (2026)

    In April 2026, online training company Udemy was the victim of a “pay or leak” extortion attempt perpetrated by the ShinyHunters group. The data was subsequently leaked publicly and contained 1.4M unique email addresses belonging to customers and instructors.

    Data breachResolved
  176. Bodyhit: 218,000 customers and 42,000 IBANs put up for sale after a cyberattack

    On 23 April 2026, a threat actor using the alias 'undef' claimed to be selling a database from French electrostimulation fitness chain Bodyhit, exposing the personal and banking details of more than 218,000 customers, including over 42,000 IBANs.

  177. France Titre (ANTS): the leak would be much larger than 12 million accounts

    Follow-up reporting on the April 2026 breach at France Titres (ANTS), France's secure-identity-document agency: beyond the officially confirmed ~11.7 million exposed accounts, the threat actor now claims access to roughly 600 million lines of data, including plaintext passwords, API and encryption keys, and source code.

  178. La Mie Câline Biscarrosse: data and administrator access released publicly

    On 23 April 2026, a threat actor claimed to have breached the internal website of La Mie Câline's bakery in Biscarrosse, France, leaking a local database of customer records along with administrator credentials on a cybercrime forum.

  179. Parcoursup: data leak of 705,000 applicants after fraudulent access in Occitanie

    The French Ministry of Higher Education, Research and Space has revealed a security incident affecting the data of certain applicants

  180. Wazari: customer data leaked after the Assuréa cyberattack

    Insurance broker Wazari is informing its customers of a security incident linked to an external attack that affected a management and storage tool

  181. Rituals: customer personal data leaked after a cyberattack

    On 22 April 2026, Dutch cosmetics and home-fragrance brand Rituals disclosed an unauthorised download of its loyalty membership database, exposing members' names, dates of birth, gender, postal and email addresses and phone numbers; no passwords or payment data were affected.

  182. Université Aix-Marseille: an internal data leak targeting students and staff

    On 22 April 2026 the group LunarisSec claimed a data leak from France's Université Aix-Marseille, posting screenshots of internal user lists with names, institutional emails and profile data for students, doctoral candidates, interns and staff; the university cut its network and said systems and data integrity were preserved.

  183. EDF: alarming leak of images of French nuclear power plants

    A hacker claims to have 6 GB of images related to several French nuclear power plants operated by EDF, following a claim published on a forum

  184. Engie: a cyberattack claimed by a ransomware group

    In April 2026, the Coinbase Cartel extortion group listed French energy giant Engie on its dark web leak site, claiming to have stolen sensitive data and threatening to publish a full dump unless a ransom was paid; Engie did not publicly confirm the breach.

  185. Ledil Immobilier: 6,700 profiles exposed after a data leak

    On 21 April 2026, a database holding around 6,700 unique profiles tied to French real estate network Ledil Immobilier was posted for download on a cybercriminal forum, exposing names, contact details, internal CRM records and property/transaction data.

  186. Data leak at Magasins U - unspecified volume

    In April 2026, French retail cooperative Magasins U notified loyalty-card holders that unauthorized access to its magasins-u.com customer area exposed personal data including names, contact details and loyalty-card numbers, though banking data was not affected.

  187. Sterimed: internal files published after a cyberattack

    On 21 April 2026, French medical-packaging manufacturer Sterimed was claimed by the Qilin ransomware group, which published internal files — technical documents, project data, HR records, IT-security material and system backups — on its dark-web leak site.

  188. Super U: customer data accessible after a cyberattack

    The Magasins U group (Super U) informs some customers that it has been the victim of an external and malicious cyberattack that led to unauthorised

  189. ADT data breach (2026)

    In April 2026, home security firm ADT confirmed a data breach by ShinyHunters, which listed the company on its website as part of a "pay or leak" extortion attempt. The breach impacted 5.5M unique email addresses along with names, phone numbers and physical addresses.

    Data breachResolved
  190. Aman data breach (2026)

    In April 2026, the ultra-luxury hotel brand Aman was named by ShinyHunters as the target of a "pay or leak" extortion campaign, with the data allegedly obtained from their Salesforce CRM. The data was subsequently leaked publicly and contained over 200k unique email addresses.

    Data breachResolved
  191. 12 million people in the ANTS data leak

    France Titres (ANTS), the French government agency issuing secure identity documents, disclosed a breach of its moncompte.ants.gouv.fr portal via an IDOR API flaw; officials confirmed 11.7 million accounts exposed (names, dates of birth, emails, addresses), while a hacker claimed up to 19 million records.

  192. Canada Life data breach (2026)

    In April 2026, Canada Life was the victim of a "pay or leak" extortion campaign by the ShinyHunters group. The group subsequently published the data which contained over 200k unique email addresses along with names, phone numbers, physical addresses and, in some cases, customer support tickets.

    Data breachResolved
  193. City'Pro Marionneau: data leak after a claimed cyberattack

    On 20 April 2026, the City'Pro Marionneau vocational and driving-training network was hit by a cyberattack claimed by the Qilin ransomware group, which published stolen files — trainee records, HR documents, and commercial data — on its leak site.

  194. Gueguen Avocats: a claimed data leak with thousands of documents exposed

    On 20 April 2026, French law firm Gueguen Avocats was listed on the Qilin ransomware leak site, which claimed to have exfiltrated thousands of files including internal emails, financial reports, a password spreadsheet, employee data and client case files.

  195. Pitney Bowes data breach (2026)

    In April 2026, the hacking collective ShinyHunters claimed to have obtained data from Pitney Bowes as part of a broader extortion campaign that also named several other organisations.

    Data breachResolved
  196. Université de Bourgogne: a claimed data leak targeting students

    On 19 April 2026, the Algerian hacktivist group LunarisSec claimed to have extracted a user database from Université de Bourgogne, exposing names, email addresses and account activity details of students and staff; the scale was not disclosed and the university issued no confirmation.

  197. Vercel: security incident confirmed after a leak claim

    On 19 April 2026, cloud platform Vercel (creator of Next.js) confirmed a security incident traced to a compromised third-party AI tool, exposing non-sensitive environment variables and a limited subset of customer accounts.

  198. Carnival data breach (2026)

    In April 2026, the notorious hacking collective ShinyHunters claimed they had obtained a substantial volume of data belonging to the Carnival cruise operator and attempted to extort the organisation to prevent the data from being leaked.

    Data breachResolved
  199. 38,085 customers exposed in a claimed leak at Comptoir du Rêve

    On 18 April 2026, the threat actor ChimeraZ claimed to have published a customer database stolen from Comptoir du Rêve, a Toulouse-based comics and manga bookseller, containing 42,606 records tied to 38,085 individuals.

  200. Imprimerie Nationale: leak of the software handling French secure documents

    On 18 April 2026, a hacker group claimed on a cybercrime forum to be selling 'Smart Card Middleware Desktop' software attributed to IN Groupe (formerly Imprimerie Nationale), the French state-owned maker of secure identity documents.

  201. JeuJouet.com: alerts customers after a cyberattack on its e-commerce site

    The online retailer JeuJouet.com informed its customers by email after a cyberattack affecting the Magento e-commerce platform, used by many

  202. Magento: 7,500+ sites compromised in a global hacking wave

    A global automated campaign exploiting an unauthenticated file-upload weakness in Magento defaced 7,500+ e-commerce sites across 15,000+ hostnames, dropping malicious files on stores tied to brands including Toyota, Fiat, Asus and FedEx.

  203. Moulin Roty: customer data exposed after a cyberattack

    On 18 April 2026 French toy and baby-goods brand Moulin Roty emailed customers to warn that a cyberattack on its shared Magento e-commerce platform may have exposed identity, contact, account-login, purchase-history and marketing data, though no compromise was confirmed and banking details were not affected.

  204. Bazar du Manga: data leak confirmed after customer cold-calling

    On 17 April 2026, online manga retailer Bazar du Manga confirmed that customer identity and contact details had been extracted without authorisation from its database and were being used by a third party, Panda Manga, for unsolicited marketing; no payment data was affected.

  205. ComptoirDuReve.fr: a leak exposes the contact details of 42,000 customers

    On 17 April 2026, the French bookstore e-commerce site ComptoirDuReve.fr was reported to have suffered a data leak exposing a database of nearly 42,000 customers, including names, titles and full postal addresses usable for targeted fraud.

  206. French Basketball Federation (FFBB): 1.9 million licence holders exposed in a massive leak

    On 17 April 2026, France's Basketball Federation (FFBB) disclosed that fraudulent access to a user account let an attacker (alias HexDex) extract identity, contact and licence data on up to 1.9 million members and roughly 800,000 parents.

  207. Filair: nearly 50 years of internal archives published after a cyberattack

    Filair, a French industrial metal-fabrication company, was hit by the Lamashtu extortion group, which exfiltrated and published nearly 50 years of internal archives — tens of thousands of files spanning CAD engineering data, financial records and HR documents.

  208. Gauthier Tissus: 54 GB of internal data published after a cyberattack

    Gauthier Tissus, a French manufacturer of technical woven and finished fabrics, was listed on the Lamashtu extortion group's leak site, which published roughly 54 GB (about 8,500 files spanning 1996–2026) of internal financial, HR, commercial and R&D data.

  209. Leak at Jeu Jouet

    French online toy retailer JeuJouet.com warned customers in April 2026 that its Magento e-commerce platform was compromised in a mass exploitation campaign, potentially exposing names, email addresses, account credentials and order data; no banking details were affected.

  210. Clinique de l'Yvette: a leak of medical imaging claimed

    The Clinique de l'Yvette in Longjumeau is reportedly targeted by a cyberattack, with data put online and administrator access claimed by a

  211. ETAI (Infopro Digital Automotive): 6,600 garages exposed in a leak

    On 16 April 2026, a threat actor known as ChimeraZ claimed to be distributing a roughly 6,600-record database stolen from ETAI (Infopro Digital Automotive), exposing French garages' business identifiers, contact details and hashed account credentials.

  212. Assuréa: leak of 150 GB of data (140k leads and 11k contracts)

    In April 2026, the DumpSec group claimed to have stolen roughly 150 GB of data from Assuréa, an auto-insurance broker in the Meilleurtaux group, exposing some 139,000 clients, contract records and 11,000+ documents containing IBANs.

  213. Brit Hotel: 682,000 loyalty programme members in a data leak

    On 15 April 2026, threat actor HexDex offered for sale a database stolen from French hotel chain Brit Hotel, exposing 682,662 loyalty-programme members along with emails, phone numbers, postal addresses and a decade of reservation history (2016–2026).

  214. Kemper data breach (2026)

    In April 2026, the American insurance holding company Kemper Corporation was named by the ShinyHunters ransomware group in a "pay or leak" extortion campaign.

    Data breachResolved
  215. National Police: cyberattack against the e-campus platform, 176k officers affected

    On 15 April 2026 France's National Police (DGPN) confirmed that its e-campus online training platform, run by a third-party provider, was hacked in mid-March; the group HexDex claimed 176,317 agent profiles including names, professional emails, locations and login histories.

  216. 1,178 records exposed, data leak at Pompes Funèbres Musulmanes Toulouse

    On 15 April 2026, Pompes Funèbres Musulmanes Toulouse, an Islamic funeral provider, suffered a data leak claimed by an actor known as "ntmpd" who posted a 1,178-record database dump plus working admin credentials on a hacker forum, exposing client and deceased records.

  217. Zara data breach (2026)

    In April 2026, the fashion brand Zara was among a number of organisations targeted by the ShinyHunters extortion group as part of their "pay or leak" campaign.

    Data breachResolved
  218. Abrigo data breach (2026)

    In April 2026, the fintech software company Abrigo was targeted in a "pay or leak" extortion attempt by the ShinyHunters group. Shortly after, data allegedly taken from the company's Salesforce instance was published publicly and contained over 700k unique email addresses belonging to both Abrigo…

    Data breachResolved
  219. CNAOC: 30 years of internal archives and sensitive data exposed after a cyberattack

    On 14 April 2026, the threat actor Lamashtu claimed to have stolen roughly 52.6 GB of data and about 41,000 files from France's wine appellations confederation CNAOC, spanning 1994-2025 and including financial, HR and governance records.

  220. Logis Hotels: 598,000 loyalty program members exposed in massive leak

    On 14 April 2026, a hacker known as HexDex claimed the theft and sale of personal data belonging to 598,154 members of Logis Hotels' ETIK loyalty program, with records spanning 2012 to 2026 and including identity, contact, billing and login details.

  221. Basic-Fit: 1 million customers affected, banking details exposed after a cyberattack

    In April 2026, gym chain Basic-Fit disclosed that attackers breached its member check-in system, exposing the personal and banking details of roughly 1 million members across France, Belgium, Germany, Spain, Luxembourg and the Netherlands.

  222. Leak at Chateau royal de Blois / Maison de la Magie

    The online ticketing data of visitors to the Château royal de Blois / Maison de la Magie was exposed in the breach of its provider Vivaticket (Tickeasy), leaking names, email and postal addresses, dates of birth, phone and fax numbers and VAT numbers.

  223. Leak at IAE Grenoble (via AlumnForce)

    In April 2026, alumni of IAE Grenoble were exposed in a breach of AlumnForce, the third-party platform managing its alumni network; the stolen dataset spanned ~2.7M profiles across 49 French institutions and included names, contact details and full professional/education histories.

  224. Booking.com: customer reservation data exposed

    A security incident reportedly affected Booking.com, with unauthorised access to data related to customer reservations. According to initial

  225. Ardèche department: 26 GB of administrative RSA-related data exposed

    In April 2026, France's Ardèche department disclosed a breach in which an attacker exploited a flaw at an external service provider and exfiltrated roughly 26 GB across 88,000+ files of RSA welfare-beneficiary data spanning 2017-2026.

  226. École Directe: false cyberattack alert

    After the massive leak referencing EduConnect, a new alert is circulating around École Directe, a platform widely used in schools

  227. Insei.fr: 2,700 profiles and ID documents leaked after a cyberattack

    The hacker ChimeraZ claims to have published a database linked to the Insei.fr site, containing sensitive personal information as well as

  228. Marcus & Millichap data breach (2026)

    In April 2026, the commercial real estate brokerage firm Marcus & Millichap was named as one of multiple alleged victims of the ShinyHunters hacking and extortion group.

    Data breachResolved
  229. Mytheresa data breach (2026)

    In April 2026, the luxury fashion e-commerce platform Mytheresa was listed as a victim of the ShinyHunters "pay or leak" extortion group. After the ransom deadline passed, the group publicly released the data which contained 84k unique email addresses.

    Data breachResolved
  230. Académie de Paris: more than 5,000 contact records and student photos leaked

    In April 2026, a hacker using the alias Cybernox claimed to have compromised a Paris secondary school under the Académie de Paris, exposing data on more than 5,500 people — including 1,701 students (minors) and 3,811 guardians — with names, addresses, INE numbers, ID photos and guardians' IBANs.

  231. ADMR: 5,280 employees and volunteers exposed in data leak

    The hacker Cybernox claims to hold a database linked to ADMR (Aide à Domicile en Milieu Rural), containing several thousand profiles. According to the

  232. 70,551 vehicles - claimed leak at Base véhicules d'occasion France

    On 11 April 2026, a database described as a France-wide used-vehicle export covering 70,551 vehicles, along with the buyers and suppliers recorded against them, was put forward in a claimed but unverified data leak.

  233. EduConnect: more than 3.1 million student accounts leaked on the State platform

    A hacker claims to hold a database tied to EduConnect, the official Ministry of Education system used to track schooling of

  234. 3,204 accounts affected by claimed data leak at FranceVerif.fr

    A threat actor on DarkForums claimed in April 2026 to have stolen the FranceVerif.fr database, exposing at least 3,204 unique accounts belonging to reviewers and merchants, including names, emails, phone numbers, postal addresses and business identifiers (SIRET/VAT).

  235. Addresses of 70,000 luxury car owners exposed

    A hacker known as HexDex claims to be selling a database containing more than 70,000 vehicles, along with detailed information about their

  236. Leak at Alumni Université Côte d'Azur (via AlumnForce)

    In April 2026, alumni data of Université Côte d'Azur was exposed as part of a breach of the AlumnForce platform, leaking names, contact details, education and detailed professional/career information for tens of thousands of graduates, within a wider 2.7-million-record leak across 49 institutions.

  237. DB Telecom: a 40k-customer database put up for sale

    Around 10 April 2026, a threat actor put DB Telecom (Service Telecom) — a Marseille-based IP-telephony operator on the Orange/Or-Tel network — up for sale, leaking a database of roughly 41,470 customers and 2,835,372 records including names, contacts, plaintext passwords and internal emails.

  238. Data leak at EasyLounge, Hi-Fi and home cinema reseller

    EasyLounge customers are affected by a data leak confirmed by the company, after a cybersecurity incident communicated to the people concerned. The company, Hi-Fi and…

  239. Leak at ENSAI Network (via AlumnForce)

    ENSAI Network alumni data was exposed in the April 2026 breach of its platform provider AlumnForce, which leaked some 2.7 million student and graduate profiles from 49 French institutions — including names, emails, phone numbers, locations, career history and education details — now offered for sale on cybercrime forums.

  240. Leak at Lilagora (via AlumnForce)

    In April 2026, Lilagora — the University of Lille's alumni network — saw its members' data exposed in a breach of its third-party platform provider AlumnForce, part of a wider incident affecting 2.7 million profiles across 49 French institutions, with names, contact details and professional histories leaked.

  241. McGraw Hill data breach (2026)

    In April 2026, education company McGraw Hill confirmed a data breach following an extortion attempt. Attributed to a Salesforce misconfiguration, the company stated the incident exposed "a limited set of data from a webpage hosted by Salesforce on its platform".

    Data breachResolved
  242. Son-Video.com & EasyLounge: customer data leak after a cyberattack

    On 10 April 2026, French hi-fi and home-cinema retailer Son-Video.com (and sister brand EasyLounge) notified customers of a data leak following unauthorised access, exposing names, contact details, postal addresses and order history, though no banking data or passwords.

  243. Data leak at UPPA Alumni (via AlumnForce)

    UPPA Alumni, the alumni network of the University of Pau et des Pays de l'Adour, confirmed its members' data was exposed in the April 2026 breach of its provider AlumnForce, leaking names, contacts, education and detailed professional profiles.

  244. Vranken-Pommery: customer data exposed after a cyberattack on the ticketing system

    French champagne group Vranken-Pommery disclosed on 10 April 2026 that a ransomware attack on its external online-ticketing provider exposed personal data of visitors to its Reims tourist sites, including names, dates of birth, contact details and reservation records, though banking data was not affected.

  245. 93,061 candidates affected by a claimed data leak at DCL

    Individuals who took the DCL (Diplôme de Compétence en Langue) would be affected, according to the claim, by the sale of a file containing the personal data of 93,061…

  246. 1,133,731 members - claimed leak at French University Sport Federation

    In April 2026 a threat actor known as HexDex advertised the sale of a database stolen from France's university sport federation (FFSU), exposing the identities, contact details and registration data of roughly 1.1 million students, licensees and staff.

  247. 7-Eleven data breach (2026)

    In April 2026, 7-Eleven was the victim of a "pay or leak" extortion campaign by ShinyHunters, with the data later published that month. The incident exposed 185k unique email addresses, along with names, physical addresses, dates of birth and phone numbers.

    Data breachResolved
  248. Académie de Nice: personal data of teachers and staff leaked

    On 8 April 2026, a database tied to France's Académie de Nice was found circulating online, exposing roughly 19,000 records on teachers and administrative staff, including names, professional emails, job assignments and workplace details.

  249. Alinto: a massive leak of 40 million emails hits CAC40 companies

    French email-security provider Alinto left an unsecured Elasticsearch cluster exposing more than 40 million SMTP records (around 4.5 million unique addresses) — metadata for emails from L'Oréal, Renault, Carrefour, DHL and 14,000 French government accounts.

  250. Leak at Alumni Université de Strasbourg (via AlumnForce)

    On 8 April 2026, the alumni network of the University of Strasbourg was exposed as part of a wider compromise of the AlumnForce platform, leaking members' names, contact details, education history and professional career data across 49 French institutions (~2.7M profiles in total).

  251. Diamond: OneDrive and SharePoint documents leaked by the Gunra group

    On 8 April 2026, the French metal-grating manufacturer Diamond was listed on the Gunra ransomware group's leak site, which claimed to have exfiltrated confidential OneDrive and SharePoint documents covering projects, clients and internal operations.

  252. FICOBA: 1.2 million bank accounts exposed after intrusion into state systems

    France's DGFiP disclosed that an attacker, using a civil servant's usurped credentials, accessed the FICOBA national bank-account registry between late January and early April 2026, exposing IBAN/RIB details, names and addresses for about 1.2 million accounts.

  253. Data leak at KFC France, undisclosed volume

    Members of KFC France's Colonel Club loyalty program received an email informing them of a breach of their personal data. KFC France said in this message that the number…

  254. My Lovely AI data breach (2026)

    In April 2026, the NSFW AI girlfriend platform My Lovely AI suffered a data breach that exposed over 100k users. The data included user-created prompts and links to the resulting AI-generated images, along with a small number of Discord and X usernames.

    Data breachResolved
  255. Synergy: a key player in data and cloud in France hit by ransomware

    In early April 2026, Synergy, a French data-management and cloud-services provider, was reportedly hit by a ransomware attack involving unauthorised access to its systems and a probable threat to exfiltrated client data; the scale and attacker were not disclosed.

  256. AlumnForce: 2.7 million students and graduates exposed

    In April 2026, AlumnForce — the French SaaS platform that powers alumni networks for dozens of universities and grandes écoles — was hit by a data breach exposing roughly 2.7 million profiles, including names, emails, phone numbers and detailed career data, later put up for sale on criminal forums.

  257. Gauthier Connectique (nicomatic): 42 GB of sensitive data threatened after a cyberattack

    On 6 April 2026, the Akira ransomware group listed French aerospace connector manufacturer Gauthier Connectique (a Nicomatic company) on its leak site, threatening to publish 42 GB of exfiltrated data including employee ID documents, technical drawings, financial records and NDAs.

  258. LegionProxy data breach (2026)

    In April 2026, the commercial residential and ISP proxy network LegionProxy suffered a data breach. The incident exposed 10k email addresses, bcrypt password hashes, names and purchases.

    Data breachResolved
  259. YMED (SOONCARE): 253,000 patients exposed, 132 GB of medical data exfiltrated

    On 6 April 2026, Bordeaux-based healthcare software publisher YMED, which runs the SOONCARE® appointment platform, was hit by an extortion attack claimed by the group XP95, which exfiltrated 132 GB of data covering 253,342 patients and over 431,000 medical files.

  260. Aircos Pascual (Anjac): ongoing ransomware attack by the TheGentlemen group after a cyberattack

    French cosmetics manufacturer Aircos Pascual, a subsidiary of the Anjac group, is targeted by a ransomware attack claimed by the group

  261. ARS: 35 million patients affected by a data leak, 130 hospitals and AP-HP targeted

    On 5 April 2026, the DumpSec group advertised for sale a database it claims covers 35 million French patients tied to France's Regional Health Agencies (ARS), more than 130 hospitals and AP-HP, exposing identities, social security numbers and health records.

  262. Nosho: 133,000 users compromised, a new leak that weakens the medical sector

    Following our article published on 5 April 2026, the company Nosho wanted to provide several clarifications on the incident: An attack on our database

  263. Alltricks: more than 820,000 customer accounts for sale on the dark web

    In April 2026, a database of more than 820,000 Alltricks customer accounts (roughly 105 MB) was put up for sale on dark web forums, exposing names, emails, dates of birth, postal addresses, mobile numbers and loyalty data; the retailer disputes that the data came from its systems.

  264. Leak at Contrat d'intégration républicaine

    France's OFII immigration agency notified signatories of the Contrat d'intégration républicaine that a January 2026 breach via a compromised subcontractor exposed the names, emails, phone numbers and postal addresses of roughly 2.1 million people.

  265. Ledger: 105,000 French cryptocurrency holders exposed

    In April 2026, a database of roughly 105,000 French Ledger customers — stolen in the January 2026 breach of its e-commerce provider Global-e and exposing names, postal addresses, emails and phone numbers — was put back up for sale on a cybercrime forum.

  266. French Office for Immigration: massive data leak on the Republican Integration Contract

    OFII, France's immigration and integration agency, confirmed in April 2026 that a compromised subcontractor exposed personal data of foreigners enrolled in the Republican Integration Contract, with roughly 2.1 million records offered for sale on BreachForums.

  267. Or en Cash: new data leak confirmed in gold buying/reselling

    On 4 April 2026, French gold buyer/reseller Or en Cash confirmed a data breach exposing the personal data of more than 70,000 customers — including identities, ID documents, contact details and transaction history — days after a similar attack on Gold Union.

  268. Veuve Clicquot: visitor data compromised after a cyberattack on the ticketing system

    Champagne house Veuve Clicquot disclosed in April 2026 that a ransomware attack on its third-party visit-booking provider exposed personal data of people who reserved cellar tours since at least July 2024, including names, dates of birth, phone numbers and emails.

  269. Adobe: 13 million support tickets leaked after a cyberattack

    Adobe is reportedly targeted by a massive data leak claimed by the hacker Mr. Raccoon, involving more than 13 million support tickets. The

  270. Amtrak data breach (2026)

    In April 2026, the hacking group ShinyHunters claimed they had breached Amtrak. The group typically compromises organisations' Salesforce instances before demanding a ransom and later, if not paid, dumping the data publicly.

    Data breachResolved
  271. Fountain: intrusion and data theft during a ransomware cyberattack

    Fountain, a Belgian stock-listed provider of workplace coffee and refreshment services, disclosed in early April 2026 a ransomware attack involving unauthorized access to part of its IT systems and confirmed data exfiltration, with the DragonForce group claiming responsibility.

  272. Data leak at La Quiberonnaise

    In early April 2026, the French cannery La Quiberonnaise confirmed that unauthorized access to its systems exposed customer personal data — names, postal addresses, email addresses and phone numbers — with the company notifying affected clients by email and reporting the breach to the CNIL.

  273. 291,000 users affected by a claimed leak at SongTrivia2.io

    In April 2026, the music trivia game platform SongTrivia2 suffered a data breach published to a public hacking forum, exposing roughly 291,000 user accounts including email addresses, names, usernames, avatars, auth tokens and bcrypt password hashes.

  274. French National Hunters Federation: nearly 1 million members in a leak resurfacing

    On 2 April 2026, a database with the personal details of 1,048,991 members of France's National Hunters Federation (FNC) — including names, postal addresses, phone numbers, emails and hunting-permit data — was offered for sale on the dark web.

  275. Gold Union: more than 120,000 gold buyers exposed with ID documents and transactions

    In April 2026, French precious-metals dealer Gold Union suffered a data breach exposing records on more than 126,000 customers (2023-2026), including identities, addresses, transaction histories, IBANs and around 6,000 ID-card copies.

  276. Maxance: 348,000 people publicly exposed, French state employees among those affected

    Insurance broker Maxance is hit by a data leak now publicly disseminated, affecting more than 348,000 people. Among the

  277. Serap: ransomware with 50 GB of data threatened

    French manufacturer Serap, the world's leading maker of farm milk cooling tanks, was hit by an Akira ransomware double-extortion attack disclosed on 2 April 2026, with the group threatening to publish around 50 GB of stolen internal data.

  278. SongTrivia2 data breach (2026)

    In April 2026, the music trivia platform SongTrivia2 suffered a data breach that was subsequently published to a public hacking forum. The data contained a total of 291k unique email addresses sourced from either Google OAuth logins or accounts created on the site, the latter also containing bcrypt…

    Data breachResolved
  279. Under Armour: the brand warns French customers after the leak of 72 million accounts

    Under Armour confirmed a breach by the Everest ransomware group that exposed roughly 72.7 million unique customer email addresses along with names, dates of birth, genders, locations and purchase histories, leaked publicly after extortion failed and now reaching French customers.

  280. Force Ouvrière (FO): more than 160,000 profiles exposed in a data leak

    On 1 April 2026, French labour union Force Ouvrière (FO) was hit by a data breach claimed by an actor known as HexDex, who put up for sale a database of 161,343 member profiles including over 161,000 email addresses, 130,000 postal addresses and nearly 100,000 phone numbers.

  281. Missions Locales: more than 500,000 young people exposed following a cyberattack

    On 1 April 2026, more than 506,000 profiles of young people enrolled in France's Missions Locales network were put up for sale on dark web forums, exposing full identities, contact details, and sensitive data on their education, employment, and social circumstances.

  282. Notre-Dame du Grandchamp: thousands of pupils exposed after a cyberattack

    On 1 April 2026, the French Catholic school group Notre-Dame du Grandchamp was listed on NightSpire's leak site after a ransomware attack that exfiltrated roughly 330 GB of data, including students' medical records, academic files and HR data on thousands of pupils and staff.

  283. Vacancéole: new customer leak in the tourism sector

    Vacancéole, a specialist in holiday rentals in France, was the victim of a security incident involving a technical provider, confirming a

  284. Hallmark data breach (2026)

    In March 2026, Hallmark suffered an alleged breach and subsequent extortion after attackers gained access to data stored within Salesforce. The data was later published after the extortion deadline passed, exposing 1.7M unique email addresses across both Hallmark and the Hallmark+ streaming…

    Data breachResolved
  285. Homair: customer data exposed after a cyberattack

    On 31 March 2026, French camping and holiday-village operator Homair disclosed a data breach traced to a compromised third-party technical provider, exposing customers' names, email addresses, phone numbers and booking details (destination, stay dates, amount paid), while bank data, passwords and postal addresses were said to be unaffected.

  286. Leak at La Mine Bleue (via Vivaticket)

    On 31 March 2026, French tourist attraction La Mine Bleue notified customers that their personal data — names, postal code/country, email and purchase history — was exposed in the ransomware breach of its ticketing provider Vivaticket; no banking data was affected.

  287. Vaucluse Provence Attractivité: customers targeted after a cyberattack

    On 31 March 2026, Vaucluse Provence Attractivité — the Vaucluse département's public tourism and economic-promotion agency — disclosed a messaging-system compromise that let attackers send fraudulent emails from its official addresses, exposing the names and email addresses of people who had contacted it.

  288. Belambra: customer contact details exposed after a cyberattack

    French holiday-club operator Belambra disclosed in March 2026 that a cyberattack on a shared reservation-system provider exposed personal data of roughly 400,000 customers, including names, emails, phone numbers and booking details, though no banking data or passwords.

  289. French Savate Federation: nearly 680,000 licence holders exposed over 49 years

    On 30 March 2026, the Fédération Française de Savate had a database of roughly 679,000 licence-holder profiles spanning 49 years (1977–2026) stolen and put up for sale by an actor known as HexDex, exposing names, contact details and sports-licensing information.

  290. Leak at GDQuest

    On 30 March 2026, a database from GDQuest — a French e-learning platform for the Godot game engine — surfaced on a hacking forum, exposing learners' email addresses, usernames/account slugs and the titles and prices of purchased courses.

  291. Iliad (Free): new cyberattack with leaked network data

    On 30 March 2026, the extortion group ALP-001 listed French telecom group Iliad (parent of Free) on its leak site, publishing a 5.4 GB sample of mobile-network engineering data — radio measurements, GPS drive tests, and network optimization records — and threatening fuller disclosure.

  292. La Centrale de Financement: 387 GB of data leaked

    On 30 March 2026, French mortgage broker La Centrale de Financement suffered a 387 GB breach of its corporate network — more than 400,000 documents including KYC scans, bank statements and tax returns — later put up for sale for $25,000 after extortion talks failed.

  293. Le Petit Vapoteur: 3.3 million customers exposed

    In late March 2026, French e-cigarette retailer Le Petit Vapoteur was hit by a data breach after a hacker using the alias 'undef' put its customer database up for sale, exposing names, emails, phone numbers, postal addresses and IP logs for a claimed 3.3 million customers and 599 employees spanning 2012-2026.

  294. Handisport: nearly 200,000 members affected by a cyberattack

    On 28 March 2026, the Fédération Française Handisport disclosed a data breach exposing the records of 197,276 licensed members, including civil-identity, contact and sensitive health data such as disability type, with a database put up for sale by the actor 'HexDex'.

  295. Scalian: sensitive employee data leaked after a cyberattack

    Around 27 March 2026, French IT services and engineering firm Scalian disclosed a cyberattack that leaked sensitive employee data — names, contact details, ID cards, vehicle registration papers and bank mandates — with the number of affected staff not yet known.

  296. Allopneus: 453,000 customers exposed after a cyberattack

    On 23 March 2026, French online tyre retailer Allopneus suffered a cyberattack on the software managing its home tyre-fitting service, exposing data on 453,299 unique customers across 739,316 records (2014–2026); no banking data or passwords were compromised.

  297. Mondial Tissus: 365,900 customers compromised by a leak

    A major data leak is reportedly currently targeting the Mondial Tissus chain. According to information circulated on a hacker forum, 365

  298. SIA: data leak of 62,511 firearms in France

    In late March 2026, France's Système d'Information sur les Armes (SIA), the national firearms registry run by the Interior Ministry, was hit by a leak of records on 62,511 weapons and their owners after a company account was compromised and the data put up for sale.

  299. European Union: cyberattack on the Europa platform

    On 27 March 2026 the European Commission confirmed a cyberattack on the cloud infrastructure hosting its Europa.eu web platform; the ShinyHunters extortion group claimed to have stolen 350+ GB of data and leaked over 90 GB, with around 30 EU entities potentially affected.

  300. ZenBusiness data breach (2026)

    In March 2026, the hacker and extortion group "ShinyHunters" claimed to have obtained a substantial corpus of data from ZenBusiness, a business formation and compliance platform.

    Data breachResolved
  301. BreachForums Version 5 data breach (2026)

    In March 2026, a breach of one of the many iterations of the BreachForums hacking forum known as "Version 5" was publicly disclosed. The incident exposed 340k unique email addresses along with usernames and argon2 password hashes.

    Data breachResolved
  302. Leak at Les Champs Libres

    On 26 March 2026, a breach at Les Champs Libres — the public cultural complex in Rennes — exposed user account data including names, email addresses, phone numbers and plain-text passwords.

  303. Addi data breach (2026)

    In March 2026, the Colombian fintech company Addi identified unauthorised activity on its platform and advised customers that "it is possible that your personal information may have been compromised".

    Data breachResolved
  304. Cerballiance: medical data exposed after a cyberattack

    On 25 March 2026, French medical-laboratory network Cerballiance disclosed a breach traced to a compromised external IT provider that exposed patient identities, portal credentials, medical test reports and social security numbers.

  305. 176,317 staff exposed: data leak at the French Ministry of the Interior (E-campus)

    On 25 March 2026 a security incident was disclosed at the French National Police's E-campus training platform, where an intruder accessed personal data of officers and administrative staff; a hacker claimed a database of 176,317 agent profiles.

  306. Sound Radix data breach (2026)

    In March 2026, the audio production tools company Sound Radix disclosed a data breach that they subsequently self-submitted to HIBP. The incident impacted 293k unique email addresses and names.

    Data breachResolved
  307. Crous: 770,000 students affected by a massive leak

    In March 2026, France's Cnous confirmed that an attacker exfiltrated data on 774,000 people from the Crous appointment platform mesrdv.etudiant.gouv.fr, including 139,000 individuals whose stolen files contained ID documents.

  308. Leak at Crunchyroll

    On 24 March 2026, anime streaming service Crunchyroll confirmed a data breach traced to a compromised third-party support vendor (Telus), exposing customer support-ticket data — names, emails, IP addresses and partial payment-card details — with a hacker claiming ~8M ticket records and ~6.8M unique email addresses.

  309. Leak at Europa (European Commission)

    In March 2026, the European Commission's Europa.eu web-hosting infrastructure was breached via a stolen AWS key (Trivy supply-chain compromise); ~91.7 GB of data covering 30+ EU entities — names, emails, email content and documents — was exfiltrated and leaked by ShinyHunters.

  310. Volume unspecified - data leak at French Free Flight Federation

    On 24 March 2026, the French Free Flight Federation (FFVL) was reported to have suffered a data leak exposing member records after unauthorized access to its systems; the volume of affected licence holders was not specified.

  311. Leak at Marseille-Provence Metropolis

    On 24 March 2026, the Métropole Aix-Marseille-Provence disclosed a data leak stemming from a compromised subcontractor, potentially exposing around 19,728 user accounts, including email addresses, names and passwords.

  312. 62,511 records in the SIA data leak

    In late March 2026, a hacker put up for sale data on 62,511 firearms registered in France's Système d'Information sur les Armes (SIA), exposing owners' names, postal addresses, emails, phone numbers, weapon details and transaction histories.

  313. Leak at I-Cad

    I-Cad, France's national dog, cat and ferret identification registry, disclosed in March 2026 that a September 2025 software vulnerability had allowed automated querying of its database, exposing users' email addresses and fuelling phishing campaigns against pet owners.

  314. Intoxalock: a cyberattack locks cars in the United States

    Around 14 March 2026, US ignition-interlock provider Intoxalock was hit by a DDoS-style flood that knocked its servers offline for about a week, disrupting calibration and account services and leaving an estimated 150,000 court-ordered drivers across 46 states unable to start their cars.

  315. Catholic education: a cyberattack exposes 1.5 million pieces of data

    In March 2026, France's General Secretariat of Catholic Education (SGEC) disclosed a cyberattack on an administrative application that exposed the personal data of around 1.5 million students, families and teachers, including names, dates of birth, postal addresses, emails and phone numbers.

  316. 363,000 customers affected by data leak at Airsoft-Entrepot

    In March 2026, French airsoft e-commerce retailer Airsoft-Entrepot was hit by a data breach exposing roughly 363,000 customers and 2.9 million orders spanning 2013-2026, including names, emails, postal addresses, phone numbers and order histories offered for sale by a threat actor.

  317. 109,302 CMF members: data leak claimed

    On 20 March 2026, a database of the Confédération Musicale de France (CMF) — France's federation of amateur music ensembles and schools — was put up for sale by the actor HexDex, allegedly exposing 109,302 members including many minors, with identities, contact details, school records and disability notes.

  318. 113,000 members affected by a cyberattack at La Mutuelle Familiale

    La Mutuelle Familiale, a French complementary health insurer, disclosed a computer intrusion detected on 17 March 2026 that potentially affected its roughly 113,000 members, exposing identity documents, bank details (RIB) and health and insurance data.

  319. Data leak at Mingat

    On 19 March 2026, French vehicle-rental company Mingat confirmed a data leak affecting its customers, notifying them of a security incident that exposed personal information held in its rental records.

  320. 262,651 teachers affected, data leak at the French Ministry of Education

    The 262,651 teachers, future teachers and trainee teachers are affected by a data leak tied to the system managing the education authorities. The incident covers a history of several…

  321. 10,816 Canada Goose customers in a data leak

    French customers of luxury outerwear brand Canada Goose were caught up in a data leak by the ShinyHunters extortion group, with 10,816 records in the France-related subset of a broader corpus of roughly 600,000 customer records traced to a third-party payment processor.

  322. Leak at Musée des Arts et Métiers

    Disclosed on 18 March 2026, the Musée des Arts et Métiers was caught up in the Vivaticket supply-chain ransomware breach, exposing online shop and ticketing customers' names, email addresses, account details and order history.

  323. 60,000 staff exposed in a claimed data leak at Annuaire Administration

    On 17 March 2026, the actor HexDex claimed on DarkForums a leak from the French Annuaire de l'administration, a centralized public-sector directory, exposing the names, phone numbers, professional and personal addresses, and job titles of roughly 60,000 government agents.

  324. Leak at Bibliothèque Nationale de France

    A March 2026 ransomware attack on the Bibliothèque Nationale de France's third-party online ticketing provider exposed the names and email addresses of users who had booked cultural events; banking data, handled by a separate vendor, was not affected.

  325. LA Metro (LACMTA) Iran-linked breach (2026)

    Iran-linked hackers breached Los Angeles' transit agency LA Metro in March 2026, stealing at least 700 GB of internal data and disrupting passenger-information and TAP fare systems.

  326. 594 phone numbers in the claimed leak at Sarah Knafo #2

    On 14 March 2026, a leak was claimed to expose roughly 594 phone numbers of Parisian Reconquête! members tied to Sarah Knafo's municipal campaign — a follow-on to the earlier public exposure of her campaign website's contributor data.

  327. Divine Skins data breach (2026)

    In March 2026, the League of Legends custom skins service Divine Skins suffered a data breach. The incident was disclosed via the service's Discord server, where Divine Skins stated that an unauthorised third party accessed part of its systems, deleted all skins from the database and exposed email…

    Data breachResolved
  328. 890,000 users affected by a claimed leak at GPS Santé

    On 13 March 2026, a threat actor claimed to have leaked a database belonging to GPS Santé, a French health-tech firm offering online medical scheduling and teleconsultation, allegedly exposing data on roughly 890,000 patients and practitioners.

  329. 71,502 patients affected by a claimed data leak at Therapeutes.com

    On 13 March 2026, a dataset claimed to come from the French therapist-booking platform Therapeutes.com was put up for sale, exposing around 71,502 patients along with nearly 199,697 appointment records and highly sensitive mental-health consultation details.

  330. Data leak at Université Paris-Est

    Students, staff and partners of Université Paris-Est are affected by a confirmed leak affecting the establishment's administrative files. Approximately 315,000 lines of…

  331. 813,866 users affected by the data leak at Medoucine

    On 12 March 2026, French alternative-medicine booking platform Medoucine confirmed a data breach in which a database of 813,866 users — including about 6,500 practitioners — was put up for sale, exposing names, emails, phone numbers and consultation history.

  332. 476,282 customers affected by a claimed leak at Intersport Rent

    On 11 March 2026, a database belonging to INTERSPORT Rent — the ski- and snowboard-equipment rental arm of the Intersport sports retail group — was dumped on a hacker forum, exposing roughly 1.2 million rows covering about 476,282 unique customers, including names, emails, phone numbers, loyalty numbers and rental order histories.

  333. Leak at Pronote

    A claimed leak of Pronote login credentials (email addresses and passwords) belonging to French students and parents was reported circulating for sale on the dark web; publisher Index Education stated its own systems were not breached, the credentials stemming from phishing and account theft.

  334. Stryker Handala wiper attack (Iran-linked, 2026)

    The Iranian state-linked group Handala compromised Stryker's Microsoft Intune administrator account and used the endpoint-management tool to wipe more than 200,000 servers, mobile devices, and corporate endpoints across 79 countries — bringing operations at one of the world's largest medical-device makers to a halt.

  335. Data leak at Vivaticket following a ransomware attack

    On 2 March 2026, ticketing platform Vivaticket disclosed a RansomHouse ransomware attack that exfiltrated customer data — names, emails, postal codes and purchase history — affecting users of 3,500 partner venues including the Louvre and the BnF.

  336. 1,005,361 members of the ASPTT Multi-Sports Federation: claimed data leak

    Members of the ASPTT Multi-Sports Federation may be affected by a claimed leak involving more than a million registrations, for the 2014-2026 period, according to the claim...

  337. 310,000 Carte Jeune beneficiaries: Région Occitanie data leak

    In March 2026, France's Région Occitanie disclosed a breach of its Carte Jeune Région scheme after a technical service provider was compromised, exposing the personal data of about 310,000 young beneficiaries — including some 270,000 ID photos of minors — which the DumpSec group put up for sale on the dark web.

  338. Data leak at Vatel Capital

    On 9 March 2026, French AMF-regulated asset manager Vatel Capital emailed its clients to disclose an accidental exposure of files that occurred between 21 February and early March 2026, affecting personal data held by the firm.

  339. 1,042 Airclaim customers affected by a claimed data leak

    On 8 March 2026, a threat actor put a 121 GB database from flight-compensation platform Airclaim up for sale on a hacker forum, claiming 55,867 affected passengers — including 1,042 French nationals — with scanned passports, signatures and boarding passes exposed.

  340. Baydöner data breach (2026)

    In March 2026, the Turkish restaurant chain Baydöner suffered a data breach which was subsequently published to a public hacking forum. The incident exposed over 1.2M unique email addresses along with names, phone numbers, cities of residence and plaintext passwords.

    Data breachResolved
  341. 74,572 FNATH members: claimed data leak

    Members of FNATH are affected by a claimed leak involving nearly 75,000 people, according to the claim. The association supporting victims of life accidents is reportedly the subject of a...

  342. 800,000 Le Temps des Cerises customers - claimed data leak

    On 8 March 2026, a data leak was claimed against French ready-to-wear and denim brand Le Temps des Cerises, reportedly exposing personal details of roughly 800,000 customers who had ordered through its website.

  343. 1,342,952 Stych customers affected by a data leak

    In March 2026, a threat actor put a fresh database of 1,342,952 customer records from Stych — a French online driving school — up for sale on a hacking forum, exposing names, contact details, postal addresses, dates of birth and driving-training profile data.

  344. 4,600 people affected by a claimed leak at Ordoclic

    On 7 March 2026, a threat actor claimed a data leak at Ordoclic, a French e-prescription and e-health provider, allegedly exposing data on nearly 4,600 people including patients and business contacts; the claim remains unverified.

  345. 161 GB of data: claimed data leak at SYNLAB France

    SYNLAB France customers and partners are potentially affected, according to the claim by the HexDex collective. The group claims to hold 161 GB of internal data belonging to the…

  346. Aura data breach (2026)

    In March 2026, the online safety service Aura disclosed a data breach that exposed 900k unique email addresses. The data was primarily associated with a marketing tool from a previously acquired company, with fewer than 20k active Aura customers affected.

    Data breachResolved
  347. Data leak at Centre des Monuments Nationaux

    In early March 2026, France's Centre des Monuments Nationaux disclosed a data leak stemming from a ransomware attack on its online ticketing provider, exposing visitors' emails, names, postal addresses, purchase history and hashed passwords, but no banking data.

  348. Claimed leak at TAJ (Traitement d'antécédents judiciaires)

    Systems linked to TAJ, used by the French Police and Gendarmerie, are allegedly affected by a claimed leak. According to the claim, a data package allegedly presents a complete system image…

  349. 713,814 people affected by a claimed data leak at ImmoJeune

    On 5 March 2026, a database of 713,814 people who had submitted rental applications on the French student-housing platform ImmoJeune was offered for sale on a cybercrime forum, exposing names, emails, phone numbers, postal addresses and income details.

  350. 25,000 students affected by a claimed data leak at Penninghen

    On 5 March 2026, a threat actor known as st0jke claimed to have breached Penninghen, a Paris art and design school, and offered for sale roughly 14 GB of data on around 25,000 students and parents, including photos, IBANs, ID documents and the platform source code.

  351. 15,000 employees affected by claimed data leak at ANCT

    On 4 March 2026, a threat actor claimed on a hacking forum to be selling a database tied to France's Agence Nationale de la Cohésion des Territoires (ANCT), allegedly exposing professional and contact details of around 15,000 employees and administrative contacts, with a sample posted as proof.

  352. 1,462,485 beneficiaries affected by the Banque Alimentaire data leak

    On 4 March 2026 the Fédération française des Banques Alimentaires confirmed a data breach exposing personal records of 659,658 aid-recipient families — about 1,462,485 people — including identity, contact, family-situation, income and aid-history details.

  353. 8,220 users affected - claimed data leak at Brouillon de culture

    On 4 March 2026, a threat actor claimed to have leaked roughly 8,220 customer accounts belonging to Au Brouillon de Culture, a long-established bookshop in Nice, France, that also sells books through its online store.

  354. SUCCESS data breach (2026)

    In March 2026, the personal development and achievement media brand SUCCESS suffered a data breach. The incident exposed 250k unique email addresses along with names, IP addresses, phone numbers and, for a limited number of staff members, bcrypt password hashes.

    Data breachResolved
  355. Woflow data breach (2026)

    In March 2026, the AI-driven merchant data platform Woflow was named as a victim by the ShinyHunters data extortion group. The group subsequently published tens of thousands of files allegedly obtained from the company, comprising more than 2TB of data.

    Data breachResolved
  356. 6.6 million users exposed in data leak at YGG Torrent

    In March 2026, a lone hacker known as Gr0lum fully compromised the French BitTorrent tracker YggTorrent, exfiltrating roughly 6.6 million user accounts plus emails, password hashes, IP addresses and 54,776 plaintext bank card records before the site shut down permanently.

  357. 13,000 Be-bunk customers affected by a data leak

    On 3 March 2026, Be-bunk, a fintech payment provider serving French overseas territories, confirmed a data breach affecting around 13,000 customers, with an actor claiming a 75-million-line database including IBANs, balances and identity data.

  358. 1,457,473 orders affected by claimed leak at Florajet

    On 3 March 2026, French flower-delivery service Florajet confirmed unauthorised access to its B2B ordering tool after a criminal put 1,457,473 order records (2023-2026, ~136 GB) up for sale, exposing names, full postal addresses, ~952,000 phone numbers and intimate accompanying messages.

  359. Ameriprise data breach (2026)

    In March 2026, the financial services firm Ameriprise Financial was named by the ShinyHunters group in a "pay or leak" extortion campaign. The group claimed possession of more than 200GB of compressed data exfiltrated from Ameriprise's Salesforce environment and internal SharePoint infrastructure,…

    Data breachResolved
  360. 2,200 patients affected by a claimed leak at Bioserveur

    Bioserveur's patients are reportedly affected by a claimed leak involving approximately 2,200 PDF documents, according to the claim. These files are described as test result reports…

  361. Leak at Cloud Imperium Games

    Cloud Imperium Games, developer of Star Citizen and Squadron 42, disclosed in March 2026 that a January attack on its backup systems gave intruders read-only access to player account data including names, usernames, dates of birth and contact details.

  362. Leak at Lisi

    In early March 2026, French aerospace and automotive fastener manufacturer LISI Group was hit by the Qilin ransomware gang, which exfiltrated a limited set of corporate data — bank account/IBAN details, supply contracts, confidentiality agreements and employee information — from two ancillary sites.

  363. Leak at MDPH 92

    In early March 2026, MDPH 92 — the Hauts-de-Seine disability services agency — accidentally exposed around 500 beneficiaries' email addresses by sending a mass post-cyberattack notice with recipients in CC instead of BCC.

  364. Leak at the Oceanographic Museum of Monaco (via Vivaticket)

    Customer data of the Oceanographic Museum of Monaco was exposed via a ransomware attack on its ticketing provider Vivaticket (subsidiary Irec SAS), disclosed 2 March 2026 and claimed by RansomHouse, leaking names, emails, phone numbers, postal locations and order/booking history.

  365. Leak at Palais de la Porte Dorée

    On 2 March 2026, the Palais de la Porte Dorée was among 40+ French cultural institutions affected by a ransomware attack on shared ticketing provider Vivaticket, potentially exposing visitors' names, contact details, dates of birth, purchase histories and encrypted passwords.

  366. Leak at Paris Adult Courses Platform

    On 2 March 2026, the City of Paris confirmed a data breach affecting the Cours d'Adultes de Paris (adult education) platform, exposing names, dates of birth, emails, postal addresses and phone numbers of users registered before May 2025; no passwords or banking data were affected.

  367. Data leak at Tactis

    In early 2026, French digital-infrastructure consultancy Tactis was hit by the Qilin ransomware gang, which listed the firm on its leak site and threatened to publish exfiltrated internal data covering its telecom and smart-city projects for public and private clients.

  368. 10,000 members affected by a claimed data leak at Tchap

    On 2 March 2026, a cybercriminal claimed to have breached Tchap, the French state's secure messaging service run by DINUM, exposing data tied to around 10,000 members and naming internal rooms linked to the Interior Ministry and security forces.

  369. Data leak at Orléans city hall (via Vivaticket)

    On 2 March 2026, Orléans city hall warned ticket buyers that its online booking provider Vivaticket was hit by a RansomHouse ransomware attack; exposed customer data may include names, emails, country, postal code and purchase history, but no banking details.

  370. 2,500 people affected by a claimed leak at BE ATEX

    On 1 March 2026, a threat actor claimed to have stolen a database from BE ATEX, a French industrial safety-equipment distributor near Toulouse, allegedly exposing personal data on roughly 2,500 of the firm's clients and employees.

  371. 343,734 members - data leak claimed at French Aeronautics Federation

    On 28 February 2026, the French Aeronautics Federation (FFA) disclosed unauthorised access to its SMILE member-management platform, exposing the names, dates of birth, emails and postal addresses of 343,734 members, with archives reaching back to 2002.

  372. 37,472 licence holder photos in FFR XIII data leak

    Licence holders of the French Rugby XIII Federation are affected by a confirmed leak involving photos and licence information. Nearly 37,000 of the exposed photos relate to...

  373. Data leak at Union Nationale du Sport Scolaire

    France's school-sport federation UNSS disclosed in late February 2026 that intruders accessed its OPUSS membership platform and leaked personal data and roughly 1.5 million ID photos of student athletes (11-18) on the darknet, spanning ~668,000 current and ~889,000 former members.

  374. 3 million students: claimed data leak at UNSS #2

    On 28 February 2026, the group DumpSec claimed it had exfiltrated about 65 GB of data and roughly 1.5 million student identity photos from the French school sports federation UNSS, after breaching its OPUSS intranet; names, birth dates, schools and contact details were exposed.

  375. 175,942 people exposed in the Eiffage (NextSend) data leak

    On 25 February 2026, the LAPSUS$ group claimed a breach of NextSend, the file-transfer platform (edited by Hegyd) used internally by French construction group Eiffage, publishing 77 files exposing 175,942 employees and external contacts.

  376. Leak at ESPCI

    In late February 2026, ESPCI Paris (a PSL University engineering and research school) disclosed that an access-control flaw let unidentified actors harvest its internal directory, exposing identity and contact details of students, staff and external personnel; passwords were not affected.

  377. Leak at French Gymnastics Federation

    In late February 2026, France's gymnastics federation (FFGym) disclosed a breach of its FFGym Licence system via a phished club account, exposing data on roughly 2.9 million current and former licensees registered since 2004.

  378. 203,179 members - claimed leak at French Ski Federation

    In late February 2026, a threat actor advertised a database of 203,179 members of the French Ski Federation (FFS), spanning records from 1999 to 2026 and exposing civil-status details, contact data and family information; the FFS confirmed the breach and notified the CNIL.

  379. Data leak at Westfield Club - customer information exposed

    In February 2026, Unibail-Rodamco-Westfield disclosed unauthorised access to a database holding Westfield Club loyalty members' and newsletter subscribers' names, email addresses, phone numbers, postcodes and dates of birth; no financial data or passwords were exposed.

  380. 15 million patients affected by a data leak at Cegedim

    The records of nearly 15 million patients managed via software from publisher Cegedim are affected by a confirmed leak. The publicly released elements indicate that this data comes from…

  381. 2,978,518 members - claimed data leak at French Gymnastics Federation

    The French Gymnastics Federation (FFGym) suffered a data breach disclosed in early 2026 in which attackers used a phishing-compromised club account on the FFGym Licence platform to access personal data of roughly 2.9 million current and former members licensed since 2004.

  382. Claimed data leak at French Karate Federation, volume unspecified

    Licence holders and members of the French Karate Federation are affected by a claimed data leak, according to the claim. According to the announcement, a FFK database has been...

  383. Leak at Sports and Cultural Federation of France

    The Sports and Cultural Federation of France (FSCF) had the personal data of roughly 1.33 million members exposed after a third-party licence-management provider was compromised, leaking names, dates of birth, postal addresses, contact details and licence/membership records.

  384. 116,122 customers and prospects: claimed data leak at Santeo

    Customers and prospects of Santeo, a health insurance comparator, are reportedly affected by a claimed data leak impacting around 116,122 people, according to the claim published on 26…

  385. Data leak at CAF (RSA) - unspecified volume

    In late February 2026, France's family-allowance fund CAF disclosed that around 70,000 RSA welfare recipients' dossiers were exposed after the HubEE inter-agency document platform was breached, leaking names, social-security numbers and contact details.

  386. Leak at Caisse d'allocations familiales (via Direction du Numérique (DINUM))

    Disclosed in late February 2026, a compromise of HubEE — the inter-administrative document-exchange platform operated by France's DINUM — exposed personal data of RSA welfare claimants, with roughly 70,000 dossiers (about 160,000 documents) affected; no banking data or passwords were exposed.

  387. 352,502 members affected by a claimed leak at FFAAA

    Members of the French Aikido, Aikibudo and Associated Federations (FFAAA) are affected by a claimed leak of their personal data. According to the claim, a corpus of 352,502…

  388. KomikoAI data breach (2026)

    In February, the AI-powered comic generation platform KomikoAI suffered a data breach. The incident exposed 1M unique email addresses along with names, user posts and the AI prompts used to generate content. The exposed data enables the mapping of individual AI prompts to specific email addresses.

    Data breachResolved
  389. Lovora data breach (2026)

    In February 2026, the couples and relationship app Lovora allegedly suffered a data breach that exposed 496k unique email addresses. The data also included users’ display names and profile photos, along with other personal information collected through use of the app.

    Data breachResolved
  390. 18 GB of data (ID cards, bank details, photos) - claimed leak at MyConnect

    In late February 2026, a threat actor known as DumpSec advertised the sale of data allegedly stolen from French digital temp agency MyConnect — around 125,000 records and 18 GB of files (ID scans, bank details, birth certificates) for some 16,000 people.

  391. 8,571 KYC documents, leak claimed at Ayomi

    On 24 February 2026, a threat actor claimed to have leaked a database of 8,571 KYC identity-verification documents belonging to clients and project owners of Ayomi, the French equity-crowdfunding and fundraising platform for SMEs and startups.

  392. 74,312 business accounts: leak claimed at Cegid

    A threat actor claimed to have leaked a database of 74,312 business-customer records from French software publisher Cegid, exposing company names, contact details, IBAN/RIB bank identifiers and invoice metadata for clients in France, Belgium and Spain.

  393. 728,732 members - claimed data leak at French Motor Sport Federation

    On 24 February 2026, a threat actor claimed to be selling a database of 728,732 members of the French Motor Sport Federation (FFSA), exposing names, dates of birth, postal and email addresses, phone numbers and licence details after a third-party provider was compromised.

  394. Leak at the Civil Aviation Safety Organisation

    In February 2026 the LAPSUS$ extortion group claimed the theft of about 420 GB of data from France's Civil Aviation Safety Organisation (OSAC), including ID cards, passports, diplomas, proof-of-address documents and internal files; the data was later leaked in full.

  395. 11 million records and documents - claimed leak at French Athletics Federation

    In February 2026, a database of around 11.4 million records belonging to licensed athletes, officials and coaches of the French Athletics Federation (FFA) was put up for sale, exposing personal details and millions of passwords, including roughly 3 million in plain text.

  396. 5 million records: data leak at Mondial Relay

    Mondial Relay customers are affected by a confirmed data leak impacting approximately 5 million records. The published elements indicate this is a corpus aggregated from…

  397. 400,000 Olympique de Marseille customers, claimed leak

    Olympique de Marseille customers are reportedly affected by a claimed leak impacting nearly 400,000 people, according to the claim. The publication announces the sale of a database…

  398. 80,000 documents: claimed leak at Unis Cité

    On 23 February 2026, the civic-service association Unis Cité was hit by a data breach exposing roughly 80,000 people and around 40 GB of data, including national ID cards, photos, IBANs and other sensitive documents on young volunteers, claimed by the DumpSec group.

  399. Data leak at the French Badminton Federation

    The French Badminton Federation disclosed that an unauthorized export from its internal Poona membership platform, traced to a compromised administrator account and discovered in September 2025, exposed personal data on roughly 300,000 licensed members, including names, dates of birth, contact details and parents' names.

  400. Claimed leak at MaSalleDeSport - unspecified volume

    On 22 February 2026, a hacker known as "84City" claimed to have breached MaSalleDeSport, a CRM and management provider for 2,000+ French gyms (Basic-Fit, Fitness Park, ON AIR Fitness, L'Orange Bleue), exposing member names, phone numbers, SMS and addresses for a potential 1M+ people.

  401. Data leak at IDMerit - Exposed database

    An unprotected MongoDB database linked to identity-verification provider IDMerit exposed roughly 1 billion KYC records across 26 countries, including full names, addresses, dates of birth, national ID numbers, phone numbers and emails.

  402. 41,000 customers affected by a claimed leak at Innovorder

    On 21 February 2026, Innovorder — a French SaaS provider of POS and management software for the foodservice industry — confirmed a data breach after a dataset of around 41,000 records, accessed via credentials compromised in an unrelated breach, was offered on a hacking forum.

  403. 19,000 people affected by a claimed leak at Azaé

    On 20 February 2026, a threat actor claimed a data leak at Azaé, the French home personal-services provider, allegedly exposing personal information on roughly 19,000 clients and employees; the claim remains unconfirmed by the company.

  404. 65,000 employees affected by data leak at French National Gendarmerie (RESANA)

    On 20 February 2026, a dataset of roughly 65,000 records on French National Gendarmerie personnel surfaced online, scraped in March 2025 from the inter-ministerial RESANA collaboration platform and exposing names, contact details and job assignments.

  405. 400,000 members affected by a claimed data leak at KeepCool

    On 20 February 2026, a threat actor put up for sale on BreachForums a database claimed to belong to French gym chain KeepCool, affecting some 400,000 members across 270 clubs and exposing names, emails, phone numbers and some IBANs.

  406. 8,861 staff - data leak at the French Ministries of the Interior & Armed Forces

    On 20 February 2026, a compilation of personal data covering 8,861 staff of the French Ministries of the Interior and Armed Forces — including names, dates of birth, contact details and internal identifiers — surfaced on underground forums, part of a wider aggregate of leaks affecting French public agents.

  407. Claimed leak at OSAC (Civil Aviation) - Ransomware - see details

    On 20 February 2026 the LAPSUS$ extortion group claimed to have stolen about 420 GB of data from France's civil-aviation safety body OSAC, including ID documents, passports and internal files; the full dataset was later published online.

  408. Data leak at PayPal: exposure affects PayPal Working Capital customers

    PayPal disclosed in February 2026 that a coding error in its PayPal Working Capital (PPWC) business-lending platform exposed the personal data — including names, dates of birth, SSNs and business addresses — of around 100 customers, some of whom in France, for nearly six months.

  409. 2,393 officials affected by a Police, Gendarmerie, CNIL data leak

    On 20 February 2026, a compiled database exposing 2,393 French state agents — from the Police, Gendarmerie, Defence ministry, DGSI, DGSE, Customs and the CNIL (including 86 CNIL staff) — was published on underground forums, leaking identity, contact and professional details aggregated from hundreds of prior breaches.

  410. Leak at FFCK and Paddle Sports

    In February 2026, the French Canoe Kayak and Paddle Sports Federation (FFCK) had a member database covering decades of licence-holders leaked and offered for sale, exposing the names, dates of birth, postal addresses, phone numbers, emails and club/licence details of roughly 393,374 people.

  411. Leak at the French Ministry of Sports, Youth and Community Life

    In February 2026, the French Ministry of Sports, Youth and Community Life had data on roughly 450,000 candidates exfiltrated from its FORÔMES sports/youth training platform after a legitimate training organisation's account was compromised, exposing names, contact details and dates and places of birth.

  412. 450,000 FOROM users hit by a data leak

    On 19 February 2026 the French Ministry of Sports disclosed that data on roughly 450,000 candidates was exfiltrated from its FORÔMES training and diploma platform after a legitimate training-organisation account was compromised, exposing names, contact details and dates and places of birth.

  413. Claimed leak at Valgo - internal and customer data (ransomware)

    On 19 February 2026, the Incransom ransomware group claimed to have stolen 279 GB of data (225,372 files) from French environmental-remediation firm Valgo SA, including contracts, NDAs, financial records and client data naming Renault Group and others.

  414. 1,431,906 members affected by a data leak at CFDT

    On 18 February 2026, France's CFDT trade union confederation confirmed a data breach exposing the names, postal addresses and union-affiliation details of up to 1.4 million current and former members, after an attacker abused a hijacked regional manager's account.

  415. Cyrillus data leak detected via a third-party provider

    French family-clothing retailer Cyrillus reported a customer data leak originating from one of its third-party providers, detected on 13 February 2026 and confirmed from publicly disclosed elements; the full number of affected customers was not made public.

  416. Leak at Direction Générale des Finances Publiques

    France's tax authority (DGFiP) disclosed on 18 Feb 2026 that an attacker who hijacked a civil servant's credentials accessed FICOBA, the national bank-account registry, exposing identity, address, IBAN and in some cases tax-ID data for about 1.2 million account holders.

  417. Leak at Espace CE

    In February 2026, personal data belonging to thousands of employees was found circulating on the dark web after a breach of Espace CE (Espace CSE), a French platform managing benefits for Works Councils; exposed fields included names, contact details, dates of birth and hashed passwords.

  418. 1.2 million bank accounts: data leak at FICOBA

    France's Ministry of the Economy and Finance disclosed that an intruder who usurped a civil servant's credentials had illegitimately accessed the national bank-account registry FICOBA from late January 2026, exposing the IBAN/RIB details, identity, address and in some cases tax ID of holders of about 1.2 million accounts.

  419. 5,022 records from Lycée Carnot Paris: claimed data leak

    Students, their parents and staff at Lycée Carnot Paris could be affected by the disclosure of approximately 5,022 user records. According to the claim, these records were reportedly…

  420. 512,000 On Air Fitness members, claimed data leak

    On Air Fitness members and former members are reportedly affected, according to the claim, by a data leak impacting around 512,000 people. According to the announcement, the files cover…

  421. 358,000 Réglo Mobile (Leclerc) customers affected by a data leak

    On 18 February 2026, Réglo Mobile — the E.Leclerc/SFR-backed mobile virtual operator — disclosed that a subcontractor breached from 13 February exposed data on about 358,000 customers, including identity, contact details, dates of birth, PUK codes, call records and partial banking data, with the database offered for sale by actor "84City".

  422. 27,000 employees affected by a data leak at RTL Group

    In February 2026, a threat actor claimed to have breached the intranet of European broadcaster RTL Group, exposing an internal directory of more than 27,000 current and former employees including names, work emails, addresses, phone numbers and job details.

  423. 8,000,000 Axa customers: claimed data leak

    Axa France customers are affected, according to the claim, by an announced leak that would impact more than 8 million people. The claim indicates that 'data and access' were…

  424. Quitbro data breach (2026)

    In February 2026, the porn addiction app Quitbro allegedly suffered a data breach that exposed 23k unique email addresses. The data also included users’ years of birth, responses to questions within the app and their last recorded relapse time.

    Data breachResolved
  425. 1,617 customers and partners hit by Adidas data leak

    Adidas customers and partners are affected by a confirmed leak that exposes personal and commercial information. According to available information, around 1,617 people have been…

  426. CNRS data leak - ransomware targeting agents before 2007

    Permanent and non-permanent staff who worked at CNRS before 31 December 2006 are affected by a data leak confirmed by CNRS. The exact volume of exposed information has not…

  427. 31 million bookings claimed in data leak at Socloz

    Customers of Socloz partner brands are affected, according to the claim, by the exfiltration of approximately 31 million booking lines in early 2026. Socloz is a platform…

  428. Data leak at Voyage Privé - upcoming bookings exposed

    Voyage Privé, the French flash-sale travel platform, confirmed in February 2026 that a compromised third-party partner exposed reservation data for customers with upcoming trips — including names, country of residence, emails, phone numbers and, in some cases, passport numbers — fuelling a wave of WhatsApp phishing.

  429. 14,753 people affected by a claimed leak at EPITA

    On 15 February 2026, the Lapsus$ group listed a database allegedly stolen from French engineering school EPITA on BreachForums, claiming records on 14,753 students and staff including names, email addresses, graduation years and profile photos.

  430. CarGurus data breach (2026)

    In February 2026, the automotive marketplace CarGurus was the target of a data breach attributed to the threat actor ShinyHunters. Following an attempted extortion, the data was published publicly and contained more than 12M email addresses across multiple files including user account ID mappings,…

    Data breachResolved
  431. 97,795 FFVRC members affected by claimed data leak

    Members of the French Radio-Controlled Cars Federation (FFVRC) may be affected by a claimed leak involving nearly 98,000 people. According to the claim, 97,795...

  432. 19,313 Chez Switch customers: data leak claimed

    Chez Switch customers are, according to the claim, affected by a data leak that would impact nearly 19,300 people. Chez Switch presents itself as an energy supplier and…

  433. Leak at Grain de Malice (via Socloz)

    Customer data of French womenswear retailer Grain de Malice was exposed in February 2026 through a breach of its omnichannel retail provider Socloz, leaking names, email addresses and phone numbers as part of a dataset of up to ~31 million records.

  434. 3,600 Gustave-Auto customers affected by a claimed data leak

    Gustave-Auto, a French automotive services platform (vehicle convoyage, fleet management and repairs), disclosed in February 2026 that an access anomaly exposed partner data — names, postal and email addresses, phone numbers, IBAN/BIC banking details and SIRET/VAT numbers — with a tracker claim citing around 3,600 records.

  435. Claimed leak at Kimsufi (OVHcloud) affecting databases

    A threat actor claimed to have stolen data tied to Kimsufi, the budget hosting brand of French cloud provider OVHcloud, alleging exposure of roughly 1.6 million customers and data from 5.9 million hosted websites; OVHcloud denied the breach, saying the sample did not come from its systems.

  436. Cyberattack at Les Restos du Cœur

    On 11 February 2026, French food-aid charity Les Restos du Cœur suffered a cyberattack on an internal system, exposing the personal data of its employees and volunteers, including names, roles, departments, email addresses and phone numbers.

  437. 2.4 million licence holders - data leak at French Judo Federation

    In February 2026, the French Judo Federation (France Judo) suffered a breach of its federal extranet in which the group RavenSec stole and offered for sale roughly 2.4 million records covering 533,730 licence holders, including photos, 948 national ID cards, social security numbers and medical data.

  438. Odido data breach (2026)

    In February 2026, Dutch telco Odido was the victim of a data breach and subsequent extortion attempt. Shortly after, a total of 6M unique email addresses were published across four separate data releases over consecutive days.

  439. Leak at Commune de Bourg-Achard

    The town hall of Bourg-Achard (Eure, Normandy) disclosed a cyberattack dating to 29 January 2026 that led to a data leak, with municipal room-reservation records among the information exposed; the CNIL, gendarmerie and ANSSI/Normandie Cyber were notified.

  440. 13,016 customer accounts, data leak claimed at Birdee

    On 10 February 2026, a threat actor claimed to have stolen 13,016 unique customer records from Birdee, the online savings and robo-advisor platform, allegedly extracted from two database files containing account holders' personal details.

  441. 70,000 customers affected by a claimed leak at Ciffreo Bona

    Ciffreo Bona customers are affected by a claimed leak involving nearly 70,000 accounts, according to the claim. The announced file would cover 15 years of activity (2009-2024) and…

  442. Data leak at Safran Group: supply chain exposed

    In February 2026, a database tied to French aerospace and defense group Safran surfaced on a hacking forum, exposing roughly 718,716 order records — names, emails, phone numbers, ERP references and logistics data — leaked through a third-party provider rather than Safran's own systems.

  443. Data leak at Aïkan affecting Flitter and Wakam customers

    Disclosed on 9 February 2026, a data leak at French insurance-delegated-management firm Aïkan, traced to an intrusion detected on 15 January, exposed personal data of policyholders managed on behalf of partners Flitter and Wakam.

  444. 4,198,129 employees affected by the data leak at Groupe Atalian

    A dataset of 4,198,129 rows tied to Groupe Atalian — a global facility-services and cleaning company — surfaced on BreachForums, exposing HR records including names, dates and places of birth, addresses, nationalities, contract and payroll details, and immigration-card numbers.

  445. Leak at La Carte Avantage Jeune

    A January 2026 breach of Info Jeunes Bourgogne-Franche-Comté's Carte Avantages Jeunes platform exposed the personal data of roughly 283,000 cardholders, including names, dates of birth, addresses, phone numbers and identity documents, later put up for sale on the dark web.

  446. 348,346 Maxance customers: claimed data leak

    Maxance customers are, according to the claim, affected by the publication of 348,346 records containing personal and contractual information. The file is announced as…

  447. Data leak at PharmaShopi - volume not specified

    Customers who placed or attempted an order on PharmaShopi are affected by a confirmed leak. The site, an online pharmacy and parapharmacy, had payment information exposed…

  448. Data leak at Prozon, volume not specified

    In February 2026, French company Prozon disclosed a data breach affecting its customers after an attacker gained unauthorised access to one of its infrastructure tools; the company confirmed the incident and notified France's data-protection regulator, the CNIL, though the volume of affected records was not specified.

  449. 12,143 Renault Sud-Est customers affected by a claimed data leak

    On 9 February 2026, a threat actor published a claimed CRM database export from a Renault dealership network in south-eastern France (PACA), exposing roughly 12,143 customer records including names, contact details, addresses and vehicle information.

  450. Data leak at Sumsub

    In February 2026, identity-verification (KYC) provider Sumsub disclosed a 2024 breach — undetected for ~18 months — in which an attacker reached a customer-support environment and exposed the names, email addresses and phone numbers of clients of crypto and fintech platforms it serves.

  451. 28,000 customers and staff affected by a claimed leak at Immo-pop

    On 8 February 2026, a threat actor claimed to have leaked data on roughly 28,000 customers and staff of Immo-pop, the French fixed-fee online real estate agency; the claim was logged by a French breach tracker and remains unverified by the company.

  452. 1,227 registrations exposed in the data leak at Rankfyt

    Participants registered via Rankfyt are affected by a data leak impacting 1,227 registrations, with details concerning more than 2,000 linked people (teammates). The files…

  453. 12,711 coordinators affected by a claimed data leak at CetteFamille

    On 7 February 2026, a threat actor claimed a data leak from French eldercare platform CetteFamille, exposing the names, email addresses and account status of around 12,711 coordinators across roughly 333,000 documents (about 41 GB).

  454. Leak at the French Office for Biodiversity

    In early February 2026 the French Office for Biodiversity (OFB) disclosed that an intrusion into its national hunting-licence application exposed personal data of licence candidates, applicants and holders — including full identity, contact details, nationality and licence numbers.

  455. Claimed data leak at Voyages Robin

    In early February 2026, the Qilin ransomware group listed French coach-travel operator Voyages Robin on its dark-web leak site, claiming to have stolen customer booking details, travel itineraries and financial records.

  456. Leak at French Table Tennis Federation

    The French Table Tennis Federation (FFTT) disclosed a cyberattack in which a compromised account was used to bulk-extract licence-holder records — names, dates and places of birth, nationality, licence numbers and contact details for an estimated 210,000–254,000 members; no banking or health data was affected.

  457. Leak at French Sailing Federation

    In early February 2026, France's national sailing federation (FFVoile) disclosed a data breach of its licence-management platform via a compromised club account, exposing personal data of several hundred thousand licensees including names, birthdates, addresses, emails, phone numbers and disability status.

  458. Leak at the City of Paris

    A leaked file from the City of Paris's municipal adult-education platform (Cours municipaux pour adultes) exposed the personal data of 320,292 registered users, including names, dates of birth, postal addresses, phone numbers and email addresses; no passwords or banking data were involved.

  459. Toy Battles data breach (2026)

    In February 2026, the online gaming community Toy Battles suffered a data breach. The incident exposed 1k unique email addresses alongside usernames, IP addresses and chat logs. Following the breach, Toy Battles self-submitted the data to Have I Been Pwned.

    Data breachResolved
  460. Leak at ADMR

    On 5 February 2026, the threat group RavenSec claimed a breach of France's ADMR home-care network, leaking member data — names, email and postal addresses and organisation details — with over 10,000 people initially affected and a claimed underlying database of millions.

  461. 15,108 employees hit by claimed leak at ARS

    On 5 February 2026 a threat actor claimed to be selling a database holding the professional email addresses of 15,108 staff of France's Agence Régionale de Santé (ARS), alongside other work-related details, on a cybercrime forum.

  462. 7,665 patients affected by a claimed data leak at Asten Santé

    On 5 February 2026, a threat actor known as sux1337 claimed to have leaked 7,665 lines of patient data from Asten Santé, a French home-healthcare provider, publishing the records for free on a cybercrime forum days before the company suspended its patient and prescriber extranets for security reasons.

  463. Leak at Centre Communal d'Action Sociale de Dunkerque

    In early February 2026, a hacker put up for sale a database of 66,343 people supported by the CCAS of Dunkerque, exposing names, dates of birth, postal addresses, phone numbers, emails and family-situation details of social-aid beneficiaries.

  464. 4,000 officers affected by a claimed data leak at Centre National de Gestion (CNG)

    On 5 February 2026, a threat actor claimed to have leaked roughly 4,000 lines of data concerning authorising officers (agents ordonnateurs) at France's Centre National de Gestion, the public body managing HR for hospital practitioners and healthcare directors.

  465. 39,896 customers affected by a claimed leak at Family Cinema

    Family Cinema customers would be affected by a data leak, according to the claim. The advertised batch would contain nearly 156,489 orders and 39,896 unique customers, covering the period…

  466. 813,983 FFRandonnée members - claimed data leak

    On 5 February 2026, the French Hiking Federation (FFRandonnée) was named in a claimed data leak said to expose the personal records of 813,983 members, part of the 2026 wave of breaches hitting French sports federations through shared licensee-management systems.

  467. Data leak at Flickr confirmed by the company

    Flickr users residing in Europe are affected by a metadata exposure that hit the service in February 2026. According to the official announcement, approximately 228,000 European accounts...

  468. Data leak at Protexia France

    In early February 2026, Protexia France — the legal-protection insurance subsidiary of Allianz France — was reported to have suffered a data breach exposing personal information belonging to its policyholders and contacts.

  469. 1,150 people affected by a data leak at Notre-Dame des Dunes

    On 4 February 2026, the Collège-Lycée Notre-Dame des Dunes, a private Catholic secondary school in Dunkirk, France, disclosed a confirmed data leak affecting roughly 1,150 people, mainly its pupils and the staff and external contributors connected to the school.

  470. 553 Collège Saint-Charles pupils affected by a data leak

    The 553 pupils enrolled in the Sports Association of Collège Saint-Charles (Guipavas/Brest) were exposed in the wider UNSS school-sports breach, with their names, dates of birth, school and ID photos leaked online after the federation's OPUSS platform was compromised.

  471. 828,000 stop-points exposed in data leak at Loxam

    On 4 February 2026, French equipment-rental group Loxam disclosed a breach of a third-party delivery-planning system that exposed roughly 60 GB of logistics data — 94,735 delivery routes and about 828,000 geolocated stop-points covering 2020-2026, plus customer, driver and vehicle details.

  472. 377,418 jobseekers - data leak at Choisir le service public

    France's state recruitment portal Choisir le service public disclosed in early February 2026 a breach exposing the application profiles of 377,418 candidates after attackers abused a compromised manager account; names, contact details, birth dates and career data were leaked and offered for sale.

  473. 697,313 Substack records exposed in data leak

    Substack disclosed in February 2026 that an unauthorized third party scraped its systems, exposing roughly 697,313 user records including email addresses, phone numbers, names, user and Stripe IDs, and profile metadata; passwords and financial data were not affected.

  474. 79,164 customers affected by a data leak at Darty.com (Kitchen)

    A compromise of a third-party appointment-scheduling tool used by Darty's kitchen design service exposed personal and project data on 79,164 French customers, including names, postal addresses, emails, phone numbers and kitchen budgets, with no passwords or banking data affected.

  475. Leak at French Army

    In late January 2026, a hacker claimed to have exfiltrated 2,971 files (about 4.5 GB, including 1,533 PDFs) from the French Army (Armée de Terre) via a compromised account, with documents marked 'Diffusion Restreinte' (restricted distribution) and internal technical guides.

  476. 66,000 users: data leak claimed at CCAS de Dunkerque

    A threat actor claimed to have stolen and put up for sale a database of about 66,343 beneficiaries of the CCAS de Dunkerque, France's municipal social-welfare body, exposing names, emails, phone numbers, dates of birth, addresses and household details.

  477. 21,647 people affected by a data leak at Inria

    Disclosed on 31 January 2026, a confirmed data leak at France's Inria research institute exposed personal records of about 21,647 staff and collaborators from Inria, IRISA and partner research units, including names, dates of birth, postal addresses and household details.

  478. 23,535 locum doctors - claimed data leak at Médecins Remplaçants

    On 31 January 2026, a dataset advertised on BreachForums as the 2026 directory of French locum (replacement) doctors was claimed to expose roughly 23,535 records, including names, emails, phone numbers and professional practice-authorisation numbers.

  479. Claimed leak at ANPS (Association Nationale des Premiers Secours)

    On 30 January 2026 a 1.06 GB SQL database stolen from French first-aid non-profit ANPS was posted to BreachForums, exposing roughly 5,600 unique email addresses along with names, dates and places of birth traced back to a legacy system.

  480. Association Nationale des Premiers Secours data breach (2026)

    In January 2026, a data breach impacting the French non-profit Association Nationale des Premiers Secours (ANPS) was posted to a hacking forum. The breach exposed 5.6k unique email addresses along with names, dates of birth and places of birth.

  481. Leak at Code Rousseau

    In late January 2026, French driving-education company Codes Rousseau disclosed unauthorized access to its Easysystème platform, exposing learner identity and contact details, ID photos, signatures and NEPH driving-licence numbers; ~30,000 records were later put up for sale.

  482. Cyberattack at Codes Rousseau targeting the Easysystème application

    Codes Rousseau disclosed unauthorized access to its Easysystème driving-school platform, used by nearly all French driving schools, exposing learner drivers' identity data including names, contact details, ID photos, signatures and NEPH licence numbers.

  483. 37.8 million user accounts in the ManoMano data leak

    People with a ManoMano account are affected by a data leak hitting the online DIY and gardening site. Nearly 38 million accounts are reportedly involved, according to…

  484. Leak at OpQuast

    On 30 January 2026, a data leak at Opquast — the French web-quality assurance and certification company based in Mérignac — exposed the email addresses of around one hundred people.

  485. Provecho data breach (2026)

    In early 2026, data purportedly sourced from the recipe and meal planning service Provecho was alleged to have been obtained in a breach. The exposed data included 713k unique email address along with username and the creator account holders followed.

    Data breachResolved
  486. 1,000,000 customers of FranceCasse.fr - claimed data leak

    Customers of FranceCasse.fr are, according to the claim, affected by a leak exposing more than a million profiles. According to the claim, a 98 GB file structured via PrestaShop...

  487. Leak at Match Group (Hinge, Match, OKCupid)

    On 29 January 2026, Match Group — parent of Hinge, Match and OKCupid — disclosed a breach after the ShinyHunters group used a vishing attack to hijack an employee Okta SSO account; exposed PII included names, dates of birth, phone numbers and IP addresses.

  488. 20,000 customers affected by the Multi-French-Real-Estate-Agencies data leak

    In late January 2026, a cybercriminal put up for sale on a hacking forum a 500 GB trove of more than 1.18 million files stolen from eleven French real estate agencies, exposing the personal, contractual and financial data of at least 20,000 owners, tenants, co-owners and suppliers.

  489. 126,998 Reseau.site customers affected by a data leak

    On 29 January 2026, a full database dump from Reseau.site — a French SaaS platform for merchants and craftspeople — exposed 126,998 customer records, including names, contact details, hashed passwords, bank card numbers and IBANs.

  490. 900,000 VeryChic customers affected by a data leak

    On 29 January 2026, French luxury travel agency VeryChic, which specialises in private sales of hotel stays and trips, was hit by a confirmed data leak affecting roughly 900,000 customer records.

  491. Leak at 11 real estate agencies

    On 28 January 2026, a leak of roughly 1.18 million files (500+ GB) affecting 11 French real estate agencies — including Marteau Immobilier (Orpi), AFG Immobilier and Trenta Immobilier — was put up for sale on a cybercrime forum, exposing IDs, IBANs, contracts and credentials of an estimated 20,000+ owners, tenants and co-owners.

  492. Leak at Puteaux Medical Imaging Centre

    On 28 January 2026, patient personal data from the Centre d'Imagerie Médicale de Puteaux — a radiology and medical imaging centre in the Hauts-de-Seine — was exposed in a confirmed data breach, including names, dates of birth, contact details and appointment history.

  493. Figure data breach (2026)

    In February 2026, data obtained from the fintech lending platform Figure was publicly posted online. The exposed data, dating back to January 2026, contained over 900k unique email addresses along with names, phone numbers, physical addresses and dates of birth.

    Data breachResolved
  494. Leak at Le CNAM

    A dataset tied to the Conservatoire National des Arts et Métiers (CNAM), the French public higher-education institution, was reported leaked around 28 January 2026, exposing personal records for roughly 10,000 people including names, contact details, dates of birth and job information.

  495. Leak at Lovys

    On 28 January 2026, a data leak was claimed against Lovys, a French 100% digital neo-insurer, allegedly exposing customer records; the scale and exact data categories remain unverified.

  496. Data leak at UGSEL

    On 28 January 2026, a dataset exposing personal details of roughly 600 students linked to UGSEL — the French Catholic-schools sports federation — surfaced online, including names, gender, dates of birth and class/category information.

  497. Data leak at Wemind (via Allianz)

    On 28 January 2026, a data leak affecting Wemind, the French neo-insurer for freelancers and small businesses, exposed members' contact details — names, postal addresses, email addresses and phone numbers — through its Allianz insurance/back-office channel.

  498. 10,000,000 O'Tacos customers affected by a data leak

    On 27 January 2026, a database tied to O'Tacos' loyalty programme and mobile app surfaced for sale on a hacking forum: a 9 GB JSON dump of roughly 29 million user records, about 10 million with full identity details, across the French chain's international markets.

  499. 5.88 million customers affected in data leak at Techni-Contact

    On 27 January 2026, French B2B equipment marketplace Techni-Contact was hit by a confirmed customer data leak, with a corpus of roughly 5.88 million records circulating that exposed customer contact and account details.

  500. Data leak at AutoForever linked to a flaw in the Brevo extension

    Customers and contacts of AutoForever are affected by a confirmed data leak, with the volume remaining unspecified. The company states it does not know whether personal data was stolen following…

  501. 900,000 Lyleoo users affected by a data leak

    On 26 January 2026, Lyleoo, a French ophthalmology tele-expertise platform, confirmed a data breach after attackers used a partner optician's stolen credentials to access its systems; the DumpSec group leaked about 900,000 records of user contact details.

  502. 508,276 Coriolis Télécom customers affected by a data leak

    French mobile and internet operator Coriolis Télécom was hit by a data leak in which a hacker put a 356 MB database of 508,276 customer records — including names, postal and email addresses, dates of birth, IBAN/BIC bank details and business SIRET numbers — up for sale on a dark-web marketplace.

  503. Leak at French Sports for All Federation

    On 25 January 2026, the Fédération Française Sports pour Tous saw the personal data of 1,493 of its members exposed, including names, postal addresses, phone numbers, member status, affiliated club, qualifications and activities.

  504. 683,936 customers affected by claimed leak at Livre en Poche

    On 25 January 2026, a threat actor claimed to have leaked order-related customer data from the French secondhand-bookshop cooperative Livrenpoche (Livre en Poche), with roughly 683,936 rows reportedly affected; the claim is unverified by the company.

  505. Leak at Sciences Po

    On 25 January 2026, a SQL dump of internal databases belonging to Sciences Po — the Paris Institute of Political Studies — surfaced online, exposing data held by the higher-education institution as part of a broader wave of French data leaks that month.

  506. CarMax data breach (2026)

    In January 2026, data allegedly sourced from US automotive retailer CarMax was published online following a failed extortion attempt. The data included 431k unique email addresses along with names, phone numbers and physical addresses.

    Data breachResolved
  507. Edmunds data breach (2026)

    In January 2026, the automotive research and car-shopping platform Edmunds was listed by the ShinyHunters hacking group as having been breached. Data purportedly obtained in the incident was later published publicly and included 178k unique email addresses, usernames, passwords, IP addresses, phone…

    Data breachResolved
  508. 950,000 people affected by data leak at FFESSM

    On 24 January 2026, France's underwater diving federation FFESSM disclosed a personal-data breach after unauthorised access to one of its IT systems exposed identity and contact details of members and licence holders, with roughly 950,000 people affected and data offered for sale on the dark web.

  509. Leak at Guiot de Bourg

    On 24 January 2026, a customer database from French silver-jewelry brand Guiot de Bourg covering some 90,000 e-commerce accounts surfaced online, exposing names, emails, dates of birth, hashed passwords and order/payment metadata.

  510. Leak at Movida

    Customer data from French vehicle-rental company Movida was exposed in a breach disclosed on 24 January 2026, including names, contact details and bank account numbers (IBANs).

  511. Leak at Panorama Banques

    On 24 January 2026, a database attributed to French bank-comparison and credit-brokerage service Panorama Banques (Panorabanques) surfaced online, exposing personal, contact and detailed financial-profile data on roughly 2.34 million customers.

  512. Leak at French Fencing Federation

    On 23 January 2026, the French Fencing Federation (FFE) had its licensee database leaked as part of a wave of attacks on French sports federations, exposing members' names, contact details, postal addresses, nationality and licence/club information.

  513. Leak at French Hunting Federation

    On 23 Jan 2026 the Fédération Nationale des Chasseurs disclosed a breach of its hunting-permit validation portal, exposing names, dates of birth, postal/email addresses, phone numbers, federal IDs and licence details of roughly 1.4 million hunters.

  514. 1,200,000 people exposed in data leak at FFVolley

    The French Volleyball Federation (FFVolley) confirmed a breach of its membership database affecting roughly 1.2 million licensees, with about 23 GB of highly sensitive files — including national ID cards, passports and birth certificates — exfiltrated and offered for sale.

  515. Leak at French Firefighters Federation

    On 23 January 2026, the French Firefighters Federation suffered a data breach exposing the personal records of roughly 822,449 firefighters, including names, email addresses, phone numbers and postal addresses.

  516. Leak at Grand Froid

    On 23 January 2026, a customer database from French frozen-food home-delivery company Grand Froid (Saint-Nabord, Vosges) surfaced online, exposing customers' names, postal addresses and order dates.

  517. Leak at Orpi

    In January 2026, a database from the French real-estate network Orpi's owner/tenant extranet surfaced online, exposing names, postal addresses, IBANs, rent receipts and extranet logins with passwords stored in plain text.

  518. 83,000 users affected by a claimed data leak at Scoring.fit

    On 23 January 2026, a threat actor claimed to have leaked the database of Scoring.fit, a French fitness-competition management platform, exposing personal data tied to roughly 83,000 athletes, clubs and volunteers registered for events.

  519. Data leak at Too Easy

    On 23 January 2026, a data leak attributed to Too Easy was reported, exposing customer personal data including names, email addresses, phone numbers and IP addresses. The full scale of the incident has not been publicly confirmed.

  520. Data leak at Valorissimo

    Disclosed on 23 January 2026, a leak from Valorissimo — the French B2B new-build real estate marketplace owned by Bouygues Immobilier — exposed account data of platform users, including logins, email addresses, names, phone numbers, postal addresses and company affiliations.

  521. Data leak at Waltio

    In January 2026, French crypto-tax platform Waltio disclosed a breach exposing data from around 50,000 users — email addresses and 2024 tax-report summaries (gains/losses and year-end balances) — followed by an extortion attempt the company refused to pay.

  522. 1,224,196 records exposed in the data leak at ffgolf

    Current and former licence holders of the French Golf Federation (ffgolf) are affected by a confirmed leak involving more than 1.2 million records. The leak comes from the central database of...

  523. 1,416,000 records in the FNC and OFB data leak

    In January 2026, the French National Hunters Federation (FNC) and the French Office for Biodiversity (OFB) suffered linked data breaches exposing personal data of roughly 1.4 million hunting-permit holders, with a 27 GB dataset offered for sale on the dark web.

  524. 822,499 FNSPF members affected by data leak

    Around 822,499 members of France's National Firefighters Federation (FNSPF) had their personal data exposed in a January 2026 leak tied to a wider campaign of French federation breaches, with names, dates of birth, postal and email addresses and phone numbers harvested and resold on underground forums.

  525. 3.7 million Babyvista customers affected by a data leak

    Customers of Babyvista, a maternity photography service, are affected by a data leak impacting nearly 3.7 million people. The leak, initially dated 15/03/2025, covers…

  526. Claimed leak at École nationale supérieure d'arts et métiers (volume not specified)

    On 21 January 2026, French engineering grande école ENSAM (Arts et Métiers) disclosed a personal-data breach resulting from external malicious activity, exposing students' names, social security numbers, scholarship decisions and amounts, and work-stoppage dates; the total volume was not specified.

  527. Leak at ENSAM

    ENSAM, a French public engineering school (Arts et Métiers), reported a data breach caused by a malicious external act, exposing students' names, social security numbers, scholarship award decisions and amounts, and sick-leave dates.

  528. Leak at ConseilJuridique.net

    On 20 January 2026, a data leak affecting ConseilJuridique.net — a French online legal-consultation platform connecting individuals with lawyers — was reported, exposing customer account data; the precise scale and exposed fields were not publicly detailed.

  529. Claimed data leak at Delko - Ransomware

    Delko, a French automotive repair and spare-parts franchise network, was hit by the Sinobi ransomware group around December 2025; the gang published the company on its leak site on 5 January 2026, with the claim relayed to affected customers and publicly on 20 January 2026.

  530. Leak at France Éducation International (via GAEL)

    A January 2026 cyberattack on France Éducation International's GAEL platform exposed civil-identity data of roughly 5.8 million DELF-DALF exam candidates and diploma holders since 2005, after attackers used compromised external user credentials.

  531. 108,000 Syma Mobile customers: claimed data leak

    On 20 January 2026, a database of around 108,000 customers of French mobile virtual operator Syma Mobile was offered for sale on a dark-web forum, exposing names, dates of birth, postal and email addresses, phone numbers and copies of identity documents.

  532. Leak at Info Jeunes Bourgogne Franche-Comté

    In January 2026, Info Jeunes Bourgogne Franche-Comté, the regional youth information service running the Carte Avantages Jeunes, had identity data on some 282,906 cardholders stolen and offered for sale on the dark web; exposed fields were limited to identification and contact details.

  533. 12 million employees affected by the Urssaf DPAE data leak

    On 19 January 2026, France's Urssaf disclosed fraudulent access to its DPAE pre-hire declaration API via a compromised partner account, exposing the names, dates of birth, employer SIRET and hire dates of around 12 million employees hired in the past three years.

  534. 46,506 people exposed in a claimed leak at Pix Orga (education)

    The 46,506 people linked to Pix Orga are reportedly affected, according to the claim, mainly pupils and teaching team members. The Pix Orga service, used by institutions…

  535. 90,726 people affected by the TooEasy Agence Web data leak

    A data set tied to TooEasy Agence Web, a French web and digital agency based in Valence, was put up for sale on a dark web forum, exposing roughly 90,726 unique email addresses along with client names, phone numbers and recruitment records.

  536. 6,727,398 Under Armour customers affected by a data leak

    In January 2026, sportswear brand Under Armour was hit by a data leak after the Everest ransomware gang published roughly 72.9 million stolen customer records online, including about 6.7 million people in France, exposing names, emails, dates of birth and purchase history.

  537. 93,746 customers affected by a claimed leak at Ioburo

    On 17 January 2026, a threat actor advertised a database allegedly stolen from French office-supplies and IT retailer iOBURO, claiming 93,746 customer records were exposed; the claim remains unverified by the company.

  538. 9,599 records in a claimed data leak at Le Bambou Castillonnais (Cartedepeche.fr)

    A January 2026 claim alleges that data on members of AAPPMA Le Bambou Castillonnais (Castillon-la-Bataille, Gironde) was exposed through the national Cartedepeche.fr angling platform, with around 9,599 records said to be affected following a breach the FNPF disclosed in early 2026.

  539. 134,209 Wobz (formerly Dalvin) customers: claimed data leak

    On 17 January 2026, a threat actor claimed to have leaked a Wobz (formerly Dalvin) customer database of about 134,209 records, exposing customer and corporate names, email addresses, internal security keys and GoCardless payment identifiers.

  540. 43,366 customers affected by a claimed data leak at StorePasCher

    StorePasCher customers are affected by a claimed leak involving 43,366 accounts, according to the claim. The case concerns the e-commerce site StorePasCher, which offers online sales…

  541. 598 people exposed in the Force Ouvrière UD 75 data leak

    On 15 January 2026, a leak exposed the personal data of 598 people linked to the Paris Departmental Union of the Force Ouvrière trade union (UD 75), reportedly stemming from an export batch pulled from the union's membership management system.

  542. 888 employees affected by a claimed data leak at Groupe Fondasol

    Employees of Groupe Fondasol are affected by a claimed data leak covering 888 profiles, according to the claim. The engineering firm in the construction sector works on projects in…

  543. 3,691,752 customers in a claimed data leak at LBP Granville (Le Bureau de Prospection)

    LBP Granville customers are reportedly affected by a data leak, according to the claim. The announced volume exceeds 3.6 million records and a sale is mentioned for January 15…

  544. Leak at Lire Demain

    On 15 January 2026, French children's and educational book publisher Lire Demain (Auzou group) suffered a data breach exposing the personal details and order history of around 4,616 customers.

  545. Leak at Eurail

    In January 2026, Eurail B.V. — operator of the Interrail and Eurail rail-pass schemes — disclosed a data breach exposing personal and passport details of customers, with up to ~309,000 travellers reportedly affected and stolen data later offered for sale on the dark web.

  546. Data leak at Zurflüh-Feller

    The Akira ransomware group listed French roller-shutter component manufacturer Zurflüh-Feller as a victim in early 2026, threatening to publish around 66 GB of stolen corporate data, including employee identity documents, financials, contracts and NDAs.

  547. Leak at Blackstore

    On 12 January 2026, French streetwear and sneaker retailer Blackstore had a customer database leaked exposing the personal and order details of 101,979 people, including names, email addresses, phone numbers, store locations and order records.

  548. Leak at Instagram

    In January 2026 a dataset of about 17.5 million Instagram records — usernames, full names, email addresses, phone numbers and partial location data — went up for sale on a dark-web forum, reportedly harvested via a 2024 API scraping leak.

  549. Leak at monlogicielmedical.com

    Breach of the MonLogicielMedical (MLM) practice software by Cegedim Santé, disclosed to affected doctors in early January 2026, exposing patient administrative records — name, date of birth, address, social-security scheme — for up to 11–15 million patients via compromised doctor accounts.

  550. 65,000 users affected by a data leak at nephael.net/chloesanchez.com

    Users of the adult sites nephael.net and chloesanchez.com are affected by a confirmed data leak involving around 65,000 accounts. According to the elements published, the…

  551. 9.5 million records in the data leak at Relais Colis

    Customers and recipients who used Relais Colis are affected by a confirmed leak impacting nearly 9.5 million records. The volume announced is 9,526,266 rows, and a claim…

  552. Claimed leak at ACRV.FR (web agency)

    On 10 January 2026, a threat actor claimed a data leak at French digital agency ACRV.FR, alleging it had exfiltrated archives and databases tied to several client sites the agency hosts or maintains; the claim is unverified and the scale is unconfirmed.

  553. 115,000 customers affected by claimed leak at Audiophonics.fr

    Customers of Audiophonics.fr are reportedly affected, according to the claim, by a leak involving a database announced at around 115,000 users. The site targeted is an online shop…

  554. 324,400 accounts exposed in the BreachForums data leak (2025)

    A database from the cybercrime forum BreachForums leaked online, exposing roughly 324,000 user accounts — email addresses, usernames, Argon2 password hashes, IP addresses, forum posts and private messages — after a backup was left in an unsecured folder in August 2025.

  555. 2,340,422 Panorabanques.com customers affected by a data leak

    Panorabanques.com customers are affected by a confirmed leak affecting around 2.34 million people. The financial comparator, used by individuals to compare offers…

  556. 146,605 patients affected by a claimed leak at SOS Oxygène

    On 10 January 2026, a threat actor advertised on BreachForums a database allegedly stolen from French home-respiratory-care provider SOS Oxygène, claiming roughly 146,605 unique patients with names, full postal addresses and GPS coordinates exposed.

  557. Claimed data leak at Apec Région Occitanie - volume not specified

    Accounts linked to Apec Région Occitanie (Montpellier / Nîmes / Toulouse) are reportedly affected by a leak, according to a claim on Breachforums that mentions a scope of around 3,000 profiles. To…

  558. Betterment data breach (2026)

    In January 2026, the automated investment platform Betterment confirmed it had suffered a data breach attributed to a social engineering attack. As part of the incident, Betterment customers received fraudulent crypto-related messages promising high returns if funds were sent to an…

    Data breachResolved
  559. 7,761 people affected by a data leak at Euronature

    Students and teachers of Euronature (School of Naturopathy) are affected by a confirmed data leak. According to the estimate, around 7,761 people would be exposed; the corpus released…

  560. 616 contributors affected by the Paris à cœur ouvert data leak

    On 9 January 2026, the campaign website of Paris mayoral candidate Sarah Knafo (Reconquête) publicly exposed the personal data of hundreds of contributors to its 'Paris à cœur ouvert' forum, including names, emails, phone numbers and IP addresses, even for people who had asked to stay anonymous.

  561. 282,906 young people affected by an Avantages Jeunes data leak

    Young holders of the Carte Avantages Jeunes (CRIJ Bourgogne-Franche-Comté) are affected by a confirmed leak impacting nearly 283,000 people. The published elements include, according to the…

  562. 111,000 Casino de Paris customers: data leak

    In January 2026, the Casino de Paris music hall confirmed a data leak affecting roughly 111,000 customers, with names, email addresses and postal locations (city and zip code) exposed after a database appeared for sale on a hacker forum.

  563. 23,920 Corse GSM customers affected by a data leak

    Corse GSM, Corsica's independent mobile and internet operator, was hit by a data leak disclosed on 8 January 2026 exposing roughly 23,920 customer records, including names, postal addresses, phone numbers and banking details (IBAN/BIC).

  564. 262,925 licensed members affected by a claimed data leak at FFB

    On 8 January 2026, a database of 262,925 licensed members of the French Bridge Federation (FFB) was claimed on a hacker forum, exposing names, dates of birth, postal and email addresses and phone numbers as part of a wider wave of attacks on French federations via a shared IT provider.

  565. 200,415 licence holders affected by claimed leak at FFFA

    Licence holders of the French American Football Federation (FFFA) are affected by a claimed leak said to target 200,415 records. According to the claim, the corpus would contain...

  566. 561,502 licence holders affected by data leak at FFME

    In January 2026 the French Federation of Mountaineering and Climbing (FFME) disclosed a data breach in which a fraudulently used member account gave illegitimate access to contact data — names, dates of birth, addresses, licence types — for its licence holders, a leak tracked at 561,502 records.

  567. 599,797 licence holders: claimed data leak at FSGT

    In January 2026, the Fédération Sportive et Gymnique du Travail (FSGT), a French workers' multisport federation, was hit by a claimed data leak exposing the personal records of its licence holders, with the claim referencing a database of roughly 600,000 accounts.

  568. Leak at EasyCash

    A threat actor put a customer database stolen from second-hand retailer EasyCash up for sale on a hacking forum, exposing roughly 14 million records — names, dates of birth, postal addresses, phone numbers and email addresses — apparently extracted via a compromised internal/partner account.

  569. 393,374 members affected in the data leak at FFCK

    On 7 January 2026, a database of the French Canoe-Kayak Federation (FFCK) holding 31 years of member records was leaked, exposing the personal data of 393,374 members, including 392,892 postal addresses, 212,342 phone numbers and 158,434 unique emails.

  570. 599,797 FFRS licence holders affected by data leak

    Roughly 600,000 licence holders of France's Roller and Skateboard Federation (FFRS) had their personal data exposed after the Rolskanet membership-management platform run by a shared third-party provider was breached, leaking names, contact details, and birth information.

  571. 162,263 licence holders affected by claimed leak at FFSquash

    On 7 January 2026 a leak claim surfaced alleging the theft of a 162,263-row database of French Squash Federation (FFSquash) licence holders, part of a wider wave of attacks on French sports federations exposing members' personal data.

  572. Panera Bread data breach (2026)

    In January 2026, Panera Bread suffered a data breach that exposed 14M records. After an attempted extortion failed, the attackers published the data publicly, which included 5.1M unique email addresses along with associated account information such as names, phone numbers and physical addresses.

    Data breachResolved
  573. 78,133 members affected by claimed data leak at FFPLUM

    On 8 January 2026 the French Microlight Federation (FFPLUM) disclosed that an attacker had fraudulently accessed an administrator account on its licence-management platform, exposing the personal data of roughly 78,000 members, including names, dates of birth, postal addresses, emails and phone numbers.

  574. 52,785 licence holders affected by claimed data leak at FFTwirl

    On 6 January 2026 a data leak claimed against the French Twirling Baton Federation (FFTwirl) exposed the personal records of around 52,785 licence holders, volunteers and officials, including names, postal and email addresses, phone numbers, birth dates and club affiliations.

  575. 133,297 members affected by Lions Clubs of France data leak

    In early January 2026, a member database of the Fondation des Lions de France (Lions Clubs of France) was published on BreachForums, exposing 133,297 deduplicated individuals — including full civil status, home addresses, phone numbers and profile photos — in a leak traced to the MyAssoc club-management platform.

  576. Claimed leak at L'Orange Bleue Fitness Club

    Managers and operators of about 600 L'Orange Bleue clubs are reportedly affected by an internal data leak dating back to June 2025, according to the claim. A public sample analyzed includes…

  577. 5,304 customers affected by claimed data leak at Loft by Denis Moines

    On 6 January 2026, a database of 5,304 customers of the Paris hair salon Loft by Denis (rue des Moines) was published on BreachForums, exposing names, mobile numbers, email addresses, visit counts and profile timestamps.

  578. 47,561 subscribers - claimed data leak at Philharmonie de Paris

    On 6 January 2026, a database from the Philharmonie de Paris's 'Philharmonie à la Demande' (PAD) music platform was published online, exposing 47,561 accounts — names, email addresses, logins and professional profiles — in a leak claimed by an actor known as HexDex2.

  579. Data leak at DCE Conseil and partners (prisons, armed forces, luxury)

    French engineering consultancy DCE Conseil suffered a breach after an employee's cloud account was compromised with stolen credentials, exposing roughly 844 GB of sensitive technical files — including plans of prisons, a military base and luxury and corporate clients — later offered for sale on BreachForums.

  580. Data leak at Ledger (via Global-e) - Undisclosed volume

    Ledger customers are affected by a data leak confirmed by the Global-e provider. The number of impacted customers has not been publicly disclosed.

  581. Leak at the French Office for Immigration and Integration

    In early January 2026, France's immigration and integration agency OFII disclosed a breach traced to a subcontractor handling integration-contract language courses; attackers exposed identity, contact and immigration-status data on foreign residents and advertised 2.1 million records for sale.

  582. 1,050 identities exposed in the data leak at Petits-fils

    On 5 January 2026, French home-care franchise network Petits-fils confirmed a data leak exposing roughly 1,050 identities of staff and collaborators across its network of agencies and franchises.

  583. 800,000 records in Adecco data leak

    In early January 2026, staffing agency Adecco was hit by a data leak after a threat actor put a database of roughly 800,000 candidate profiles — including about 750,000 CVs with names, contact details and work histories — up for sale, claiming extraction from an internal Adecco tool.

  584. Data leak at AgroParisTech

    In January 2026, AgroParisTech — France's leading graduate school of agronomy and life sciences — suffered a cyberattack in which an intruder claimed to have exfiltrated around 211 GB of data, exposing HR and personal records of staff, students and external contributors.

  585. Claimed data leak at AXYON (EDF, Eiffage, Bouygues, Engie, Renault, etc.)

    AXYON customers and partners are affected by a claimed leak said to involve around 340 GB of internal data, according to the claim. AXYON provides B2B engineering services…

  586. Data leak at Dream Up (LAPSUS$) across multiple sites

    In early January 2026, the LAPSUS$ group publicly leaked around 40 GB of data extracted from 54 client SQL databases managed by French web agency Dream Up (dream-me-up.fr), exposing customer and contact information from the e-commerce and showcase sites it hosts.

  587. 24,000 trainees affected by a claimed data leak at AFPPCD-IDF

    On 2 January 2026, a data leak was claimed against AFPPCD-IDF, a Paris-based dental-assistant training association, exposing personal records on roughly 24,000 trainees including names, dates and places of birth, contact details and French social-security (NIR) numbers.

  588. 70,981 customers affected by a claimed leak at Trescal

    On 2 January 2026, a dark-web forum member claimed to be selling an internal Trescal customer database of roughly 70,981 unique records, exposing names, business emails, phone and fax numbers, job titles, company names and French SIRET numbers.

  589. 2.1 million: data leak at OFII / ANEF

    On 1 January 2026, a database of around 2.1 million records belonging to France's OFII / ANEF "Étrangers en France" immigration portal was put up for sale on BreachForums, exposing foreign nationals' identities, contact details, family situation and residence-permit data after a subcontractor was compromised.

2025

1646 incidents
  1. Leak at École Nationale de la statistique et de l'analyse de l'information

    In late December 2025, a hacker claimed a cyberattack on ENSAI, France's national school of statistics near Rennes, and published roughly 21 GB of data exposing personal records of around 3,900 students, including ID photos and partial payment card details.

  2. Leak at French Speleology Federation

    On 31 December 2024 the French Speleology Federation (FFS) disclosed a data leak from its insurance-subscription portal, exposing members' identity, contact details, nationality, profession and licence numbers as part of a wider wave of attacks on French sports federations.

  3. Leak at Institut Polytechnique de Paris

    In late December 2025, a data set on roughly 9,551 students of Institut Polytechnique de Paris (incl. ENSAE) was posted to a leak forum, exposing names, emails, postal addresses, phone numbers and about 4,179 IBANs.

  4. Leak at Grenoble School of Management

    On 29 December 2025, an actor calling themselves CZX leaked a 1.35 GB database of more than 400,000 Grenoble École de Management students, alumni and prospects on BreachForums, exposing names, contact details and academic records.

  5. Data leak at Université de Lille

    On 29 December 2025, a record of 7,244 Université de Lille students — reportedly from an IUT Informatique internship database — was posted on BreachForums by an actor using the LAPSUS$ name, exposing names, dates of birth, postal addresses, emails and phone numbers.

  6. WhiteDate data breach (2025)

    In December 2025, the dating website "for a Europid vision" WhiteDate suffered a data breach that was subsequently leaked online, initially exposing 6.1k unique email addresses. The leaked data included extensive personal information such as physical appearance, income, education and IQ.

    Data breachResolved
  7. Leak at Allegro Musique

    On 28 December 2025, a database of 161,412 members of French at-home music-lesson provider Allegro Musique was leaked, exposing names, postal addresses, emails, phone numbers, social security numbers and registration details.

  8. Leak at Batterie de Portable

    On 28 Dec 2025, French e-commerce retailer Batteriedeportable (Aubagne) disclosed a November cyberattack that exposed customer identity and contact data — names, dates of birth, postal/email addresses and phone numbers. It claims over a million European customers.

  9. Leak at Europages

    On 28 December 2025, a database of 205,403 B2B prospects from European business directory Europages was reported leaked, exposing contact and company-registration details (names, job titles, employers, postal and email addresses, phone numbers, SIRET and VAT identifiers).

  10. Leak at the French Ministry of Agriculture and Food

    In late December 2025, the LAPSUS$ Group claimed a breach of France's Ministry of Agriculture and Food, leaking roughly 60 GB (97,210 files) of FTP credentials, SQL databases and system logs spanning 32 departments and 19 business applications.

  11. Leak at Club de nation 95 (via ACRV)

    On 27 December 2025, data on roughly 200 members of Club de natation 95 was exposed after its service provider ACRV was compromised, leaking names, postal and email addresses, phone numbers and IP addresses.

  12. Leak at ENI

    In December 2025, the French operations of Italian energy group ENI suffered a data breach claimed by the Lapsus$ group, exposing professional contact details for tens of thousands of business customers; ENI confirmed the incident and notified the CNIL.

  13. Leak at HelloWork

    In late December 2025, French recruitment platform HelloWork disclosed that data on roughly 2.8 million jobseekers — names, emails and professional-profile details — was scraped from its CV library via a fraudulently used recruiter account and offered for sale online.

  14. Leak at PayTrip

    On 27 December 2025, French money-transfer fintech PayTrip suffered a data breach exposing data on 74,877 customers, including names, contact details, IBANs and account balances, later circulated online by a threat actor.

  15. Leak at Commune de Lens

    In late December 2025, the town hall of Lens (Pas-de-Calais, France) disclosed an intrusion into its information system that paralysed municipal services for about a week, blocking staff software and telephone lines; the attack vector was undisclosed and data theft was not confirmed.

  16. Leak at French Kick Boxing Federation

    In late December 2025, the French Kick Boxing Federation (FFKMDA) had its member database leaked on BreachForums, exposing 361,321 licensees' names, dates of birth, nationalities, contact details, postal addresses and licence records across 2015-2026 seasons.

  17. Leak at Mondial Relay

    In December 2025, French parcel-delivery firm Mondial Relay disclosed a cyberattack in which attackers accessed customer and shipment data — names, emails, postal addresses, phone numbers and parcel-tracking details; a dark-web actor claimed roughly 25.7 million records.

  18. Leak at Nouvelle Lune

    On 26 December 2025, a customer database from French online boutique Nouvelle Lune was leaked, exposing personal data for roughly 161 customers, including names, email and postal addresses, and order history.

  19. Leak at French Swimming Federation

    Data on roughly 1.3 million members of the French Swimming Federation (FFN) was put up for sale on BreachForums on 23 December 2025 after its Extranat management platform was breached, exposing identity details, contact information and licence numbers.

  20. Leak at 123 casting

    On 22 December 2025, a database of roughly 240,000 users of French casting platform 123casting was published on BreachForums, exposing identities, contact details, MD5-hashed passwords, physical measurements, ethnic origin, photo/video books, private messages and payment data.

  21. Leak at Altitude Infra

    Altitude Infra, a major French independent fiber-optic infrastructure operator, had ~5.76 GB (52 files) stolen from a partner extranet and offered for sale online, exposing network documentation, ISP-partner files and end-customer eligibility data across its 3M+ connected locations.

  22. Leak at justice.fr

    On 22 December 2025 a database attributed to the French justice system (justice.fr) recirculated online, exposing personal, professional and banking data — including IBAN/BIC — of 1,100+ magistrates, judges, lawyers and judicial staff.

  23. Leak at Chronopost

    In December 2025, a 680 MB dataset on ~860,000 Chronopost customers — names, emails and parcel details scraped from the La Poste Pickup relay-point network — was published on BreachForums; the data covered shipments from spring 2025.

  24. Leak at La Licra

    On 19 December 2025, a data leak at French anti-racism association La Licra (LICRA) exposed the email addresses and hashed passwords of 186 website subscribers and 8 administrators.

  25. Leak at the French Ministry of Sports

    On 19 December 2025 France's Ministry of Sports confirmed a breach of a system tied to the Pass'Sport aid scheme, exposing data on about 3.5 million households — names, dates of birth, contact details, social security, INE and CAF numbers — published on a criminal forum.

  26. Leak at Red by SFR

    In December 2025, French telecom operator SFR disclosed a data breach affecting Red by SFR customers, exposing names, postal and email addresses, phone numbers and customer reference numbers after an internal fiber-connection management tool was compromised.

  27. Leak at Parashop

    On 17 December 2025, a leak of customer data from French parapharmacy retailer Parashop was disclosed, exposing personal records including full names, dates of birth and postal addresses.

  28. Pass'Sport data breach (2025)

    In December 2025, data from France's Pass'Sport program was posted to a popular hacking forum. Initially misattributed to CAF (the French family allowance fund), the data contained 6.5M unique email addresses affecting 3.5M households.

  29. APOIA.se data breach (2025)

    In December 2025, a database of the Brazilian crowdfunding platform APOIA.se was posted to an online forum. In January 2026, the company confirmed it had suffered a data breach. The incident exposed 451k unique email addresses along with names and physical addresses.

  30. Leak at PornHub

    On 16 December 2025, adult-content platform Pornhub disclosed that historical analytics data on select Premium users — including email addresses and search/viewing history — was stolen via third-party provider Mixpanel; ShinyHunters claimed ~200 million records and demanded a ransom.

  31. Data leak at SoundCloud

    In December 2025, music-streaming platform SoundCloud disclosed a breach in which an attacker abused an internal system to map roughly 29.8 million private email addresses to public profile data — about 20% of its users; no passwords or payment data were taken.

  32. Raaga data breach (2025)

    In December 2025, data allegedly breached from the Indian streaming music service "Raaga" was posted for sale to a popular hacking forum. The data contained 10M unique email addresses along with names, genders, ages (in some cases, full date of birth), postcodes and passwords stored as unsalted MD5…

    Data breachResolved
  33. Leak at the French Ministry of the Interior

    In December 2025, attackers compromised professional email accounts at France's Ministry of the Interior and accessed sensitive police files including the TAJ criminal-records and FPR wanted-persons databases; the ministry confirmed a few dozen files were exfiltrated while attackers claimed data on 16.4 million people.

  34. Leak at Euromatik

    On 12 December 2025, customer data from French roller-shutter and home-automation retailer Euromatik was exposed in a breach, including names, postal and email addresses, phone numbers, order and contract details, and hashed passwords.

  35. Leak at France Ventilation

    On 12 December 2025, France Ventilation, a French ventilation and air-treatment specialist, disclosed a data breach that exposed customers' payment card details — card number, expiration date and CVV — raising a direct risk of banking fraud.

  36. Leak at French Cycling Federation

    On 10 December 2025, the Fédération Française de Cyclisme detected an intrusion (via stolen credentials/infostealers, no MFA) exposing licensees' names, dates of birth, nationality, postal addresses, emails and phone numbers; group Dumpsec also claimed to hold ID documents.

  37. Leak at Résidence du Parc (Champdeniers-Saint-Denis)

    In December 2025, the EHPAD Résidence du Parc nursing home in Champdeniers-Saint-Denis (Deux-Sèvres, France), home to around 90 residents, was hit by a ransomware attack that encrypted files and dropped a $5 million ransom note; administrative data and possibly scanned ID documents were exposed.

  38. Data leak at UFOLEP (via Exalto)

    On 10 December 2025, UFOLEP — the French multi-sport federation — disclosed that a compromised account on its third-party licence-management provider Exalto exposed at least 3,624 member records, including identity, contact and legal-guardian details.

  39. Dragonica Lunaris data breach (2025)

    In December 2025, the European Dragonica private server Dragonica Lunaris suffered a data breach. The incident exposed 126k email addresses, usernames, dates of birth and bcrypt password hashes. The service operator confirmed the breach and advised it has since been fixed.

    Data breachResolved
  40. Leak at ASAF & AFPS (via Itelis)

    Members of insurer ASAF & AFPS had personal data exposed after a breach at Itelis, the optical-care network processing their claims; names, dates of birth, social security numbers, claim records and vision-correction data from 2020-2022 were affected.

  41. Leak at Cuisinella

    In December 2025, French kitchen retailer Cuisinella (Schmidt Groupe) disclosed that an unauthorized third party accessed customer contact details — title, first name, last name, phone number and email address — for thousands of customers; no bank, address or password data was exposed.

  42. Leak at French Handball Federation (via GestHand)

    In early December 2025, the French Handball Federation (FFHandball) disclosed that its GestHand administrative platform — used by some 2,400 clubs, committees and leagues — was breached via compromised credentials, exposing licensees' names, gender, dates of birth, emails and phone numbers.

  43. Leak at Schmidt

    In early December 2025, French kitchen and home-furnishing group Schmidt (brands Schmidt and Cuisinella) disclosed that an unauthorized third party had accessed the contact details of thousands of customers and prospects — title, name, first name, phone number and email address.

  44. Leak at Médecin Direct

    MédecinDirect, the French teleconsultation platform (a Teladoc Health subsidiary), disclosed on 3 December 2025 a data breach detected on 28 November exposing the personal and health data of around 285,000 patients, with a threat actor claiming up to 323,069 records.

  45. Leak at Leroy Merlin

    In December 2025, French DIY retailer Leroy Merlin disclosed a cyberattack that exposed the loyalty-program data of several hundred thousand French customers, including names, contact details, postal addresses and dates of birth; no banking data or passwords were affected.

  46. Leak at France Travail

    On 1 December 2025, France Travail and the Missions Locales network disclosed that an attacker who hijacked a local-mission agent's account accessed records of about 1.6 million young people, exposing names, dates of birth, social security numbers and contact details.

  47. Coupang insider data breach (2025)

    A former Coupang employee accessed personal data on 33.7 million customer accounts of South Korea's largest e-commerce platform. Coupang announced a $1.17 billion compensation plan; its head of Korean e-commerce resigned.

  48. Leak at La Centrale du Financement

    A threat actor exfiltrated around 387 GB of data (some 411,000 files) from French mortgage and credit broker La Centrale de Financement, exposing highly sensitive customer KYC documents, financial records and internal files, then offered the dataset for sale after failed extortion negotiations.

  49. Leak at French Football Federation (via Footclub)

    In late November 2025, the French Football Federation disclosed that attackers used a compromised account to access its Footclubs club-management software and exfiltrate licensees' personal data, including names, dates and places of birth, addresses, contact details and license numbers.

  50. Leak at La Rochelle (via Synbird)

    Personal data of 394 La Rochelle residents who booked civil-status appointments was exposed after an attacker exploited a flaw in Synbird, the town hall's third-party appointment-scheduling provider, which serves roughly 1,300 French communes.

  51. Leak at MSP Givors Presqu'Île (via Weda)

    Patient data held by the Givors Presqu'Île multidisciplinary health centre was exposed through the November 2025 cyberattack on its medical-software provider Weda, including identity, contact details and sensitive health data.

  52. Leak at AG2R la Mondiale (via Itelis)

    Disclosed in November 2025, a cyberattack on Itelis — the optical-care third-party network used by insurer AG2R la Mondiale — exposed beneficiaries' names, dates of birth, social security numbers, reimbursement records and vision-correction data for optical coverage handled between 2020 and early 2022.

  53. Leak at Clinique du Millénaire (via Weda)

    Clinique du Millénaire in Montpellier was exposed when its medical-records software vendor Weda was breached in November 2025, putting patient identity, contact details and health data at risk among the millions of records handled across Weda's ~23,000 affected practitioners.

  54. Leak at French Dance Federation

    In November 2025, the French Dance Federation (FFDanse) suffered a cyberattack on its extranet that damaged the server and exposed licence-holders' personal data, including names, dates of birth, contact details, licence numbers and hashed passwords; no medical or banking data was affected.

  55. Leak at Itelis

    In November 2025, Itelis — a French optical health-care network linked to AXA — disclosed a breach exposing roughly 1.6 million beneficiaries' identity and optical-reimbursement data, including names, dates of birth and social security numbers.

  56. Leak at MSP du Pré Vicinal (via Weda)

    MSP du Pré Vicinal, a French multidisciplinary health centre, had patient data exposed via the November 2025 cyberattack on its medical-software provider Weda, including names, postal and email addresses, phone numbers and health data.

  57. Leak at ProxiServe

    On 25 November 2025, a database belonging to French residential maintenance firm ProxiServe surfaced on a hacker forum, exposing personal and service data on 294,639 customers, including names, emails, postal addresses and details of home interventions.

  58. Leak at APRS (via Itelis)

    APRS members were exposed in the November 2025 breach of Itelis, AXA's third-party optical-care platform, after an attacker posed as a partner optician; leaked data included names, dates of birth, social security numbers, optical reimbursement records and vision-correction details.

  59. Leak at Chatou town hall (via RDV360)

    Personal data of residents who booked identity-document appointments through the RDV360 platform was exposed when the third-party provider was breached in late 2025, affecting Chatou town hall among roughly 1,300 French municipalities.

  60. Leak at Quimper town hall (via RDV360)

    In November 2025, the city of Quimper (France) was caught in a supply-chain breach of appointment-booking provider RDV360, exposing roughly 12,000 contact records (name, postal code, email, phone) of residents who booked ID-card or passport renewals since April 2024.

  61. Leak at Saint-Aubin d'Aubigné town hall (via RDV360)

    Saint-Aubin d'Aubigné town hall disclosed on 24 November 2025 that residents' contact details were exposed through its appointment-booking provider RDV360, one of ~1,300 French municipalities hit in a third-party breach of ID/passport booking data.

  62. Leak at Malakoff Humanis (via Itelis)

    In November 2025, optical-care platform Itelis was breached via the impersonation of a partner optician, exposing health and identity data of Malakoff Humanis (and AXA) members from optical reimbursement claims processed between 2020 and 2022.

  63. Leak at Colis Privé

    In November 2025, French parcel-delivery firm Colis Privé disclosed unauthorized access to part of its systems that exposed customer contact data — names, postal and email addresses and phone numbers. A threat actor advertised a dataset reportedly running to tens of millions of rows; no passwords or banking data were affected.

  64. Leak at Michelin

    In November 2025, the Cl0p extortion gang listed French tyre maker Michelin on its leak site, claiming to have stolen internal manufacturing, engineering, supply-chain, financial and HR files via the Oracle E-Business Suite zero-day (CVE-2025-61882).

  65. Leak at Murfy

    In November 2025, French home-appliance repair and refurbishment company Murfy disclosed a data breach exposing the personal data of around 294,000 customers — names, email and postal addresses, phone numbers and service-history details — but no banking data or passwords.

  66. Data leak at Suzuki

    Suzuki France disclosed that a cyberattack on one of its third-party partner systems exposed a customer file containing names, email addresses, postal addresses and phone numbers; no financial data or passwords were affected.

  67. Leak at Alfortville town hall (via RDV360)

    On 19 Nov 2025, Alfortville town hall notified residents that their contact details were exposed in a breach of its appointment-booking provider RDV360, part of a supply-chain attack hitting ~1,300 French municipalities and ~14M records.

  68. Leak at Resana

    On 18 November 2025, users of Resana — France's interministerial collaborative platform run by DINUM — were notified of a data exfiltration after attackers logged in with a compromised account. Up to roughly one million public agents were potentially exposed, triggering ransom emails to civil servants.

  69. Data leak at Synbird

    In November 2025, Synbird — the SaaS provider handling municipal appointment bookings for around 1,300 French communes — disclosed a breach in which an attacker abused a weakly-secured PDF export to exfiltrate residents' contact details and appointment information.

  70. Leak at Eurofiber

    In November 2025, Dutch fibre-network operator Eurofiber's French unit was breached via an SQL-injection flaw in its outdated GLPI ticketing system, exposing technical and credential data tied to more than 3,600 customer organisations, including major firms and public bodies.

  71. Leak at Brest town hall (via RDV360)

    Around 50,000 residents who booked ID-card or passport appointments in Brest had personal contact details exposed after a supply-chain breach of the RDV360 appointment-booking platform used by the town hall.

  72. Leak at Pajemploi

    In November 2025, Pajemploi — the Urssaf service used by French households to declare and pay childcare workers — disclosed a data theft affecting up to 1.2 million employees, exposing names, social security numbers, dates/places of birth, postal addresses and Pajemploi/accreditation numbers.

  73. Under Armour data breach (2025)

    In November 2025, the Everest ransomware group claimed to have stolen 343GB of data from apparel maker Under Armour. After no ransom was paid, customer data was leaked in January 2026, exposing roughly 72.7 million unique email addresses with names, dates of birth, genders, locations and purchase histories. This is a separate incident from the 2018 MyFitnessPal breach.

  74. CodeStepByStep data breach (2025)

    In November 2025, the online coding practice tool CodeStepByStep suffered a data breach that exposed 17k records which were subsequently published online. The following month, a further corpus of data was released bringing the total to 103k.

    Data breachResolved
  75. Operation Endgame 3.0 data breach (2025)

    Between 10 and 13 November 2025, the latest phase of Operation Endgame was coordinated from Europol's headquarters in The Hague. The actions targeted one of the biggest infostealer Rhadamanthys, the Remote Access Trojan VenomRAT, and the botnet Elysium, all of which played a key role in…

    Data breachResolved
  76. Data leak at Weda

    On 12 November 2025, French medical-software publisher Weda disclosed a cyberattack in which compromised practitioner credentials (stolen by infostealer malware) gave attackers unauthorized access to its patient-record platform, potentially exposing sensitive medical data for tens of thousands of healthcare professionals.

  77. Leak at French Cardiology Federation

    Around 11 November 2025, the Fédération Française de Cardiologie disclosed that an unauthorized intrusion into its IT systems exposed members' personal data — including names, postal and email addresses, phone numbers and passwords. No banking or medical data was compromised.

  78. International Kiteboarding Organization data breach (2025)

    In November 2025, the International Kiteboarding Organization suffered a data breach that exposed 340k user records. The data was subsequently listed for sale on a hacking forum and included email addresses, names, usernames and in many cases, the user's city and country.

    Data breachResolved
  79. Leak at Oui Heberg

    On 10 November 2025, French web-hosting and VPS provider OuiHeberg was reported to have leaked customer contact records — names, email addresses, phone numbers and postal addresses — following a security incident affecting its infrastructure.

  80. Beckett Collectibles data breach (2025)

    In November 2025, Beckett Collectibles experienced a data breach accompanied by website content defacement. The stolen data was later advertised for sale on a prominent hacking forum, with portions subsequently released publicly.

    Data breachResolved
  81. Leak at MYM

    In November 2025, a database of around 5 million records from French adult-content subscription platform MYM was published on a cybercrime forum, exposing creators' and subscribers' names, emails, postal addresses, phone numbers, IP addresses, birthdates and MD5-hashed passwords; the data traces back to a 2021 compromise.

  82. Zilvia.net data breach (2025)

    In November 2025, data breached from the Zilvia.net Nissan 240SX Silvia and Z Fairlady car forum was leaked. The breach exposed 288k unique email addresses along with usernames, IP addresses and salted MD5 password hashes sourced from the vBulletin based platform.

    Data breachResolved
  83. University of Pennsylvania data breach (2025)

    In October 2025, the University of Pennsylvania was the victim of a data breach followed by a ransom demand, largely affecting its donor database. After the incident, the attackers sent inflammatory emails to some victims.

    Data breachResolved
  84. Leak at France Travail

    In late October 2025, France Travail — France's public employment agency — disclosed a breach in which attackers used credentials harvested by infostealer malware to access job-seeker accounts and exfiltrate sensitive personal, identity and financial data; about 16,479 affected records were catalogued.

  85. Leak at Poltronesofa

    On 27 October 2025, Italian sofa and furniture retailer Poltronesofà suffered a ransomware attack that encrypted its servers and exposed personal data of thousands of customers, including names, postal addresses, emails, phone numbers and tax identification numbers; no banking data was affected.

  86. MyVidster (2025) data breach (2025)

    In October 2025, the data of almost 4M MyVidster users was posted to a public hacking forum. Separate to the 2015 breach, this incident exposed usernames, email addresses and in a small number of cases, profile photos.

    Data breachResolved
  87. Leak at French Shooting Federation (via ITAC)

    An intrusion into the French Shooting Federation's ITAC information system between 18-20 October 2025 exposed personal data of its licensees — including licence numbers, civil status and contact details — with up to around 274,000 members potentially affected.

  88. Substack data breach (2025)

    In October 2025, the publishing platform Substack suffered a data breach that was subsequently circulated more widely in February 2026. The breach exposed 663k account holder records containing email addresses along with publicly visible profile information from Substack accounts, such as…

    Data breachResolved
  89. Leak at Regional Health Agencies of Île-de-France, Auvergne, Rhône-Alpes, Hauts-de-France, Pays de la Loire and Normandie

    A September 2025 cyberattack on regional health-identity platforms used by several French Regional Health Agencies (ARS) exposed patient identity data; an attacker claimed roughly 35 million patient records across 130+ public hospitals, later offered for sale by the DumpSec group.

  90. Leak at Haute-Comté intercommunal hospital centre

    On 19 October 2025, the Centre Hospitalier Intercommunal de Haute-Comté in Pontarlier (France) was hit by a Cryptolocker ransomware attack that encrypted part of its data, forcing a full IT shutdown and a return to paper-based care; attackers demanded a 5 million euro ransom.

  91. Leak at Mango

    In October 2025, Spanish fashion retailer Mango disclosed that an external marketing service provider was breached, exposing customers' first name, country, postal code, email address and phone number; no passwords or banking data were affected.

  92. Leak at Agence Régionale de Santé des Hauts-de-France

    A cyberattack on the shared regional health platform (Prédice/GIP Inéa) hosting patient identity data from public hospitals in Hauts-de-France exposed records such as names, dates and places of birth, contact details and, in some cases, social security numbers; medical records were not affected.

  93. Leak at Hauts-de-France high schools

    Ransomware group Qilin attacked the IT systems of public high schools run by France's Hauts-de-France region in October 2025, paralysing some 80% of around 269 schools and claiming over 1 TB of stolen data including students' ID documents, CVs and academic transcripts.

  94. Leak at France Travail

    On 6 October 2025, France Travail — France's national public employment agency — was hit by one of several 2025 data leaks, with personal records of roughly 5,500 job seekers exposed, including names, France Travail IDs, registration categories, email addresses, RSA welfare status and CIR identifiers.

  95. TISZA Világ data breach (2025)

    In late October 2025, data breached from the Hungarian political party TISZA was published online before being extensively redistributed. Stemming from a compromise of the TISZA Világ service earlier in the month, the breach exposed 200k records of personal data including email addresses along with…

  96. Leak at Discord

    On 4 October 2025 Discord disclosed a breach of a third-party customer-support provider that exposed support-ticket data and roughly 70,000 government-ID photos (submitted for age-verification appeals), plus names, emails, IP addresses and partial billing details.

  97. Canadian Tire data breach (2025)

    In October 2025, retailer Canadian Tire was the victim of a data breach that exposed almost 42M records. The data contained 38M unique email addresses along with names, phone numbers and physical addresses.

  98. Asahi Group Holdings Qilin ransomware (2025)

    Qilin ransomware operators encrypted servers across Asahi's Japanese data centres, halting ordering, shipment, and production at 30 factories, leaking 27 GB of internal data, and exposing personal information of approximately 1.5 million customers, employees, and contacts.

  99. Leak at France Travail

    On 25 September 2025, a leak attributed to France Travail, France's public employment agency, exposed the personal data of about 9,971 job seekers, including their email addresses, names and the email address of their assigned advisor.

  100. Leak at La Nef

    In September 2025, French ethical cooperative bank La Nef notified shareholders that their email addresses were exposed after a cyberattack on third-party voting provider SLIB; only email addresses were affected, with no banking data, IDs or passwords compromised.

  101. Leak at Inovie Labosud

    On 23 September 2025, French medical-lab group Inovie Labosud disclosed a breach exposing administrative and medical data of an estimated 3.2 million patients after attackers used a third-party provider's stolen credentials.

  102. Leak at Digital Charging Solutions

    In September 2025, EV-charging billing provider Digital Charging Solutions disclosed that a contracted third-party service provider had accessed customer records without authorization, exposing names and email addresses of an initial single-digit number of affected users.

  103. Leak at French Table Tennis Federation

    On 19 September 2025, the French Table Tennis Federation (FFTT) disclosed a data breach in which an attacker used a compromised account to bulk-extract member records, exposing the personal data of as many as 254,000 licensees, though no banking or health data.

  104. Leak at Clarins

    French luxury skincare group Clarins confirmed in September 2025 that the Everest extortion gang had exfiltrated contact details of customers in France, the US and Canada; the actor claimed over 600,000 records, with no financial data affected.

  105. Leak at Plex

    On 9 September 2025, media-streaming software company Plex disclosed that an unauthorized third party had accessed one of its databases, exposing user emails, usernames, securely hashed passwords and authentication data, and forcing an account-wide password reset.

  106. WIRED data breach (2025)

    In December 2025, 2.3M records of WIRED magazine users allegedly obtained from parent company Condé Nast were published online. The most recent data dated back to the previous September and exposed email addresses and display names, as well as, for a small number of users, their name, phone number,…

    Data breachResolved
  107. Leak at Eklo

    On 3 September 2025, a data leak was claimed affecting Eklo, a French budget and eco-friendly hotel chain. Details on the volume and exact categories of exposed customer data remain unverified.

  108. Data leak at Syma Mobile

    In September 2025, a database of 117,963 Syma Mobile customers — exposing names, dates of birth, postal and email addresses, phone numbers and ID-document details — was put up for sale on a dark-web forum alongside other French datasets.

  109. Prosper data breach (2025)

    In September 2025, Prosper announced that it had detected unauthorised access to their systems, which resulted in the exposure of customer and applicant information. The data breach impacted 17.6M unique email addresses, along with other customer information, including US Social Security numbers.

    Data breachResolved
  110. Artists&Clients data breach (2025)

    In August 2025, the "marketplace that connects artists to prospective clients" Artists&Clients, suffered a data breach and subsequent ransom demand of US$50k.

    Data breachResolved
  111. Jaguar Land Rover global production halt (Scattered Lapsus$ Hunters, 2025)

    A cyberattack on Britain's biggest carmaker forced JLR to shut down its global IT network and halted vehicle production in the UK, China, Slovakia, India, and Brazil for five weeks — now considered the most economically damaging cyber incident in UK history.

  112. Miljödata data breach (2025)

    In August 2025, the Swedish system supplier Miljödata was the victim of a ransomware attack. Following the attack, data was subsequently published on the dark web and included 870k unique email addresses across various compromised files.

  113. Leak at Auchan

    In August 2025, French retailer Auchan disclosed a breach exposing personal data of several hundred thousand Waaoh loyalty-program customers — names, titles, postal and email addresses, phone numbers and loyalty card numbers; bank data and PINs were not affected.

  114. Leak at France Link Interactive

    On 28 July 2025, French web host FranceLink was hit by the Akira ransomware group, which encrypted about 93% of its servers and threatened to leak roughly 20GB of exfiltrated customer data.

  115. Leak at Google

    In August 2025, Google confirmed that a Salesforce CRM instance holding contact data for small-business Google Ads prospects was breached by ShinyHunters (UNC6040) via a vishing attack, exposing roughly 2.55 million records of business names, emails and phone numbers.

  116. Leak at Partner Immo

    On 13 August 2025, Partner Immo, a French provider of online property- and condominium-management software, was reported as the target of a ransomware/data-leak incident; the exact scope and exposed data were not publicly confirmed.

  117. Leak at Alltricks

    In August 2025, French online cycling and sports retailer Alltricks had its Sendinblue/Brevo email-marketing system compromised; attackers sent customers convincing phishing emails from the brand's own infrastructure, exposing names, email addresses and purchase history.

  118. Leak at France Travail

    On 12 August 2025, France Travail, France's public employment agency, disclosed unauthorized access to its employer-facing job portal that exposed the contact details of business users — names, email addresses, phone numbers and an internal technical identifier.

  119. BreachForums (2025) data breach (2025)

    In October 2025, a reincarnation of the hacking forum BreachForums, which had previously been shut down multiple times, was taken offline by a coalition of law enforcement agencies.

    Data breachResolved
  120. Giglio data breach (2025)

    In August 2025, over 1M unique email addresses appeared in a breach allegedly obtained from Italian fashion designer Giglio. The data also included names, phone numbers and physical addresses. Giglio did not respond to repeated attempts to disclose the incident.

    Data breachResolved
  121. Leak at Optic 2000

    In early August 2025, French optician chain Optic 2000 was hit by a cyberattack — confirmed on 30 July 2025 and affecting four stores around Paris — that exposed customer records including names, social security numbers, dates of birth, postal addresses, phone numbers and optician details.

  122. Leak at Air France

    In August 2025, Air France-KLM disclosed that attackers accessed customer data — names, contact details, Flying Blue loyalty numbers and status, and customer-service request subjects — via a compromised third-party customer-service platform.

  123. Leak at Bouygues Telecom

    On 6 August 2025, French telecom operator Bouygues Telecom disclosed a cyberattack that exposed personal data of 6.4 million customer accounts, including contact details, contractual data, civil status and IBANs (no card numbers or passwords).

  124. Leak at Pandora

    In August 2025, Danish jewelry maker Pandora disclosed a breach of a third-party CRM platform (Salesforce) in which attackers stole customer contact data — names, email addresses and birth dates — while stating no passwords or payment data were taken.

  125. Pi-hole data breach (2025)

    In July 2025, a vulnerability in the GiveWP WordPress plugin exposed the names and email addresses of approximately 30k donors to the Pi-hole network-wide ad blocking project. Pi-hole subsequently self-submitted the list of impacted donors to HIBP.

    Data breachResolved
  126. Leak at Centre d'études et de recherches sur les qualifications

    On 26 July 2025, a database attributed to France's Céreq (Centre d'études et de recherches sur les qualifications) holding records on 210,607 people — surnames, first names, email addresses and phone numbers — was posted on the BreachForums leak forum.

  127. Hello Cake data breach (2025)

    In July 2025, the sexual healthcare product maker Hello Cake suffered a data breach. The data was subsequently posted on a public hacking forum and included 23k unique email addresses along with names, phone numbers, physical addresses, dates of birth and purchases.

    Data breachResolved
  128. Leak at Orange

    On 25 July 2025, French telecom group Orange detected unauthorized access to one of its information systems; the Warlock ransomware group later claimed the attack and published about 4 GB of data, which Orange described as outdated or low-sensitivity.

  129. Leak at France Travail

    France Travail disclosed on 22 July 2025 that an intrusion via its Kairos platform exposed the personal data of around 340,000 job seekers, including names, postal and email addresses, phone numbers, France Travail IDs and jobseeker status; passwords and bank details were not affected.

  130. Leak at Groupe 5àSec

    The DragonForce ransomware group claimed a July 2025 attack on French dry-cleaning chain 5àSec, exfiltrating roughly 290 GB of data — SQL production and test databases spanning the group's France, Switzerland, Luxembourg, Spain and Portugal operations — and published it after the company declined to pay.

  131. Allianz Life data breach (2025)

    In July 2025, Allianz Life was the victim of a cyber attack which resulted in millions of records later being leaked online. Allianz attributed the attack to "a social engineering technique" which targeted data on Salesforce and resulted in the exposure of 1.1M unique email addresses, names,…

    Data breachResolved
  132. Leak at Centre National de la Fonction Publique Territoriale

    In July 2025, France's CNFPT — the national training body for local-government staff — disclosed a targeted intrusion into its trainers' portal that exposed personal files of about 34,000 external instructors, including ID documents, bank details (RIB), contracts, diplomas and CVs.

  133. Leak at Louis Vuitton

    In July 2025, French luxury brand Louis Vuitton disclosed that an unauthorized third party had accessed customer data — names, contact details, postal addresses, dates of birth and purchase history — as part of a global breach affecting clients in France, South Korea and other markets; no payment data was exposed.

  134. Data leak at Sorbonne Université

    In mid-2025, Sorbonne Université (Paris) suffered a breach of its HR/payroll system that exposed personal data of roughly 32,000 current and former staff, including contact details, identity information and family members' names.

  135. Data leak at Union Nationale du Sport Scolaire

    Around 7.8 million profiles of current and former members of France's school sports federation UNSS were scraped from its OPUSS intranet by two teenagers using stolen credentials, exposing names, dates of birth, schools, contact details and more.

  136. Canada Goose data breach (2025)

    In February 2026, a data breach allegedly containing data relating to Canada Goose customers was published publicly. The data contained 920k records with 582k unique email addresses and included names, phone numbers, IP addresses, physical addresses and partial credit card data, specifically card…

    Data breachResolved
  137. C&M Software Pix heist (Brazil, 2025)

    A junior developer at C&M Software — a Central Bank-authorized provider of Pix instant-payment connectivity — was paid roughly R$5,000 to hand over credentials. Attackers used the access to drain approximately R$800 million ($148 million) from reserve accounts at six Brazilian financial institutions in 2.5 hours.

  138. TheSqua.re data breach (2025)

    In June 2025, 107k unique customer email addresses were allegedly obtained from TheSqua.re, the "easiest way to find your next serviced apartment". The data also included names, phone numbers and cities which were subsequently posted to a popular hacking forum.

    Data breachResolved
  139. MaReads data breach (2025)

    In June 2025, MaReads, the website for readers and writers of Thai-language fiction and comics suffered a data breach that exposed 74k records. The breach included usernames, email addresses, phone numbers and dates of birth. MaReads is aware of the breach.

    Data breachResolved
  140. Leak at Disneyland

    In June 2025, the Anubis ransomware gang claimed a 64GB leak of ~39,000 confidential files from Disneyland Paris — engineering plans and behind-the-scenes photos/videos of park attractions — said to be stolen via a compromised third-party contractor.

  141. Leak at Hôpital privé de la Loire

    A cyberattack on Hôpital privé de la Loire (Ramsay Santé) in Saint-Étienne, France exposed personal data of up to 530,000 patients, including identity details, social-security numbers (NIR), ID documents and consultation records, after a hacker used stolen physician credentials.

  142. Data Troll Stealer Logs data breach (2025)

    In June 2025, headlines erupted over a "16 billion password" breach. In reality, the dataset was a compilation of publicly accessible stealer logs, mostly repurposed from older leaks, with only a small portion of genuinely new material.

    Data breachResolved
  143. Vietnam Airlines data breach (2025)

    In October 2025, data stolen from the Salesforce instances of multiple companies by a hacking group calling itself "Scattered LAPSUS$ Hunters" was publicly released.

    Data breachResolved
  144. CNPC USA ransomware attack (Rhysida, 2025)

    CNPC USA was named on the Rhysida ransomware data-leak (extortion) site on 2025-06-16.

    RansomwareUnknown
  145. Jasper Products ransomware attack (Play, 2025)

    Jasper Products was named on the Play ransomware data-leak (extortion) site on 2025-06-16.

    RansomwareUnknown
  146. NF Stroth & Associates ransomware attack (Play, 2025)

    NF Stroth & Associates was named on the Play ransomware data-leak (extortion) site on 2025-06-16.

    RansomwareUnknown
  147. TBN Israel Hacked ransomware attack (Handala, 2025)

    TBN Israel Hacked was named on the Handala ransomware data-leak (extortion) site on 2025-06-16.

    RansomwareUnknown
  148. Israel’s fuel supply system Data ransomware attack (Handala, 2025)

    Israel’s fuel supply system Data was named on the Handala ransomware data-leak (extortion) site on 2025-06-15.

    RansomwareUnknown
  149. S&H Express ransomware attack (Play, 2025)

    S&H Express was named on the Play ransomware data-leak (extortion) site on 2025-06-15.

    RansomwareUnknown
  150. 099 ISP Hacked ransomware attack (Handala, 2025)

    099 ISP Hacked was named on the Handala ransomware data-leak (extortion) site on 2025-06-14.

    RansomwareUnknown
  151. Aerodreams Hacked ransomware attack (Handala, 2025)

    Aerodreams Hacked was named on the Handala ransomware data-leak (extortion) site on 2025-06-14.

    RansomwareUnknown
  152. Israel’s fuel supply system Hacked ransomware attack (Handala, 2025)

    Israel’s fuel supply system Hacked was named on the Handala ransomware data-leak (extortion) site on 2025-06-14.

    RansomwareUnknown
  153. Israel’s fuel supply system Hacked ransomware attack (Handala, 2025)

    Israel’s fuel supply system Hacked was named on the Handala ransomware data-leak (extortion) site on 2025-06-14.

    RansomwareUnknown
  154. NPD Products ransomware attack (Play, 2025)

    NPD Products was named on the Play ransomware data-leak (extortion) site on 2025-06-14.

    RansomwareUnknown
  155. Project Partners ransomware attack (Play, 2025)

    Project Partners was named on the Play ransomware data-leak (extortion) site on 2025-06-14.

    RansomwareUnknown
  156. Rollex ransomware attack (Play, 2025)

    Rollex was named on the Play ransomware data-leak (extortion) site on 2025-06-14.

    RansomwareUnknown
  157. Y.G. New Idan Hacked ransomware attack (Handala, 2025)

    Y.G. New Idan Hacked was named on the Handala ransomware data-leak (extortion) site on 2025-06-14.

    RansomwareUnknown
  158. Ajmanre.gov.ae ransomware attack (Flocker, 2025)

    Ajmanre.gov.ae was named on the Flocker ransomware data-leak (extortion) site on 2025-06-12.

    RansomwareUnknown
  159. alleray-labrouste ransomware attack (Incransom, 2025)

    alleray-labrouste was named on the Incransom ransomware data-leak (extortion) site on 2025-06-12.

    RansomwareUnknown
  160. AP Lettering ransomware attack (Spacebears, 2025)

    AP Lettering was named on the Spacebears ransomware data-leak (extortion) site on 2025-06-11.

    RansomwareUnknown
  161. Mount Rogers Community Services ransomware attack (Incransom, 2025)

    Mount Rogers Community Services was named on the Incransom ransomware data-leak (extortion) site on 2025-06-10.

    RansomwareUnknown
  162. Catwatchful data breach (2025)

    In June 2025, spyware maker Catwatchful suffered a data breach that exposed over 60k customer records. The breach was due to a SQL injection vulnerability that enabled email addresses and plain text passwords to be extracted from the system.

    Data breachResolved
  163. Community Choice Credit Union ransomware attack (Play, 2025)

    Community Choice Credit Union was named on the Play ransomware data-leak (extortion) site on 2025-06-09.

    RansomwareUnknown
  164. EUC Sjlland ransomware attack (Ransomhouse, 2025)

    EUC Sjlland was named on the Ransomhouse ransomware data-leak (extortion) site on 2025-06-09.

    RansomwareUnknown
  165. Homestead Gardens ransomware attack (Play, 2025)

    Homestead Gardens was named on the Play ransomware data-leak (extortion) site on 2025-06-09.

    RansomwareUnknown
  166. Omnicuris data breach (2025)

    In June 2025, the Indian CME platform Omnicuris suffered a data breach that exposed approximately 200k records of healthcare professionals. The data included names, email addresses, phone numbers, geographic locations and other data attributes relating to professional expertise and training…

    Data breachResolved
  167. Hudson River Housing ransomware attack (Rhysida, 2025)

    Hudson River Housing was named on the Rhysida ransomware data-leak (extortion) site on 2025-06-07.

    RansomwareUnknown
  168. waiwhetu-medical-centre ransomware attack (Incransom, 2025)

    waiwhetu-medical-centre was named on the Incransom ransomware data-leak (extortion) site on 2025-06-07.

    RansomwareUnknown
  169. Kittery Police Department ransomware attack (Incransom, 2025)

    Kittery Police Department was named on the Incransom ransomware data-leak (extortion) site on 2025-06-06.

    RansomwareUnknown
  170. MTTEXPERTISES.COM ransomware attack (Incransom, 2025)

    MTTEXPERTISES.COM was named on the Incransom ransomware data-leak (extortion) site on 2025-06-06.

    RansomwareUnknown
  171. Nunez Dental ransomware attack (Incransom, 2025)

    Nunez Dental was named on the Incransom ransomware data-leak (extortion) site on 2025-06-06.

    RansomwareUnknown
  172. A*****e.gov.ae ransomware attack (Flocker, 2025)

    A*****e.gov.ae was named on the Flocker ransomware data-leak (extortion) site on 2025-06-05.

    RansomwareUnknown
  173. Ebac ransomware attack (Play, 2025)

    Ebac was named on the Play ransomware data-leak (extortion) site on 2025-06-05.

    RansomwareUnknown
  174. iscamen ransomware attack (Incransom, 2025)

    iscamen was named on the Incransom ransomware data-leak (extortion) site on 2025-06-05.

    RansomwareUnknown
  175. Lts.com.vn ransomware attack (Flocker, 2025)

    Lts.com.vn was named on the Flocker ransomware data-leak (extortion) site on 2025-06-05.

    RansomwareUnknown
  176. Triumph Construction ransomware attack (Play, 2025)

    Triumph Construction was named on the Play ransomware data-leak (extortion) site on 2025-06-05.

    RansomwareUnknown
  177. cemeteries.local ransomware attack (Incransom, 2025)

    cemeteries.local was named on the Incransom ransomware data-leak (extortion) site on 2025-06-04.

    RansomwareUnknown
  178. Funktel GmbH ransomware attack (Incransom, 2025)

    Funktel GmbH was named on the Incransom ransomware data-leak (extortion) site on 2025-06-04.

    RansomwareUnknown
  179. https://devimco.com/ ransomware attack (Metaencryptor, 2025)

    https://devimco.com/ was named on the Metaencryptor ransomware data-leak (extortion) site on 2025-06-04.

    RansomwareUnknown
  180. Leak at Cartier

    In June 2025, luxury jeweller Cartier (Richemont) disclosed a data breach in which attackers accessed customer records — names, email addresses and country of residence — though no passwords, payment or banking data were exposed.

  181. FLOE Internationa ransomware attack (Play, 2025)

    FLOE Internationa was named on the Play ransomware data-leak (extortion) site on 2025-06-03.

    RansomwareUnknown
  182. Jericho Fire Department ransomware attack (Kairos, 2025)

    Jericho Fire Department was named on the Kairos ransomware data-leak (extortion) site on 2025-06-03.

    RansomwareUnknown
  183. Leak at Kaviari

    On 3 June 2025, a customer database belonging to Kaviari, the Paris-based luxury caviar and premium seafood house, was reported leaked, exposing shoppers' names, contact details, dates of birth, account credentials and order histories.

  184. Rochon ransomware attack (Play, 2025)

    Rochon was named on the Play ransomware data-leak (extortion) site on 2025-06-03.

    RansomwareUnknown
  185. Sandhills Medical Foundation ransomware attack (Incransom, 2025)

    Sandhills Medical Foundation was named on the Incransom ransomware data-leak (extortion) site on 2025-06-03.

    RansomwareUnknown
  186. Sorter Construction ransomware attack (Play, 2025)

    Sorter Construction was named on the Play ransomware data-leak (extortion) site on 2025-06-03.

    RansomwareUnknown
  187. Morocco ANCFCC land registry data leak

    Weeks after the CNSS breach, the hacktivist Jabaroot leaked roughly 4 terabytes of data — millions of property certificates, title deeds, ID cards, passports, and banking documents — from Morocco's national land conservation agency ANCFCC.

  188. Capital Trade ransomware attack (Play, 2025)

    Capital Trade was named on the Play ransomware data-leak (extortion) site on 2025-06-02.

    RansomwareUnknown
  189. http://www.kcac.com ransomware attack (BlackSuit, 2025)

    http://www.kcac.com was named on the BlackSuit ransomware data-leak (extortion) site on 2025-06-02.

    RansomwareUnknown
  190. Universidad Técnica del Norte Ecuador ransomware attack (Incransom, 2025)

    Universidad Técnica del Norte Ecuador was named on the Incransom ransomware data-leak (extortion) site on 2025-06-02.

    RansomwareUnknown
  191. valuestoreit ransomware attack (Incransom, 2025)

    valuestoreit was named on the Incransom ransomware data-leak (extortion) site on 2025-06-02.

    RansomwareUnknown
  192. Vinda Group ransomware attack (Ransomhouse, 2025)

    Vinda Group was named on the Ransomhouse ransomware data-leak (extortion) site on 2025-06-02.

    RansomwareUnknown
  193. Dcsdev.org ransomware attack (Flocker, 2025)

    Dcsdev.org was named on the Flocker ransomware data-leak (extortion) site on 2025-06-01.

    RansomwareUnknown
  194. sitro.com.au ransomware attack (Incransom, 2025)

    sitro.com.au was named on the Incransom ransomware data-leak (extortion) site on 2025-05-31.

    RansomwareUnknown
  195. Trustgrp.ae ransomware attack (Flocker, 2025)

    Trustgrp.ae was named on the Flocker ransomware data-leak (extortion) site on 2025-05-31.

    RansomwareUnknown
  196. Acorn Sales ransomware attack (Arcusmedia, 2025)

    Acorn Sales was named on the Arcusmedia ransomware data-leak (extortion) site on 2025-05-30.

    RansomwareUnknown
  197. Anchor Industries ransomware attack (Play, 2025)

    Anchor Industries was named on the Play ransomware data-leak (extortion) site on 2025-05-30.

    RansomwareUnknown
  198. geruestba ransomware attack (LockBit, 2025)

    geruestba was named on the LockBit ransomware data-leak (extortion) site on 2025-05-30.

    RansomwareUnknown
  199. Jordan Drug ransomware attack (Incransom, 2025)

    Jordan Drug was named on the Incransom ransomware data-leak (extortion) site on 2025-05-30.

    RansomwareUnknown
  200. M&H Electric Fabricators ransomware attack (Embargo, 2025)

    M&H Electric Fabricators was named on the Embargo ransomware data-leak (extortion) site on 2025-05-30.

    RansomwareUnknown
  201. mysfa.org ransomware attack (Incransom, 2025)

    mysfa.org was named on the Incransom ransomware data-leak (extortion) site on 2025-05-30.

    RansomwareUnknown
  202. STANDBYTE ransomware attack (Arcusmedia, 2025)

    STANDBYTE was named on the Arcusmedia ransomware data-leak (extortion) site on 2025-05-30.

    RansomwareUnknown
  203. Tri-Point Solutions ransomware attack (Play, 2025)

    Tri-Point Solutions was named on the Play ransomware data-leak (extortion) site on 2025-05-30.

    RansomwareUnknown
  204. UnigazJordan ransomware attack (Ransomblog_noname, 2025)

    UnigazJordan was named on the Ransomblog_noname ransomware data-leak (extortion) site on 2025-05-30.

    RansomwareUnknown
  205. W.E. Bowers ransomware attack (Play, 2025)

    W.E. Bowers was named on the Play ransomware data-leak (extortion) site on 2025-05-30.

    RansomwareUnknown
  206. http://metromont.com ransomware attack (BlackSuit, 2025)

    http://metromont.com was named on the BlackSuit ransomware data-leak (extortion) site on 2025-05-29.

    RansomwareUnknown
  207. http://www.innsofaurora.com ransomware attack (BlackSuit, 2025)

    http://www.innsofaurora.com was named on the BlackSuit ransomware data-leak (extortion) site on 2025-05-29.

    RansomwareUnknown
  208. Mulia Raya ransomware attack (Ransomblog_noname, 2025)

    Mulia Raya was named on the Ransomblog_noname ransomware data-leak (extortion) site on 2025-05-29.

    RansomwareUnknown
  209. Cator Ruma & Associates ransomware attack (Rhysida, 2025)

    Cator Ruma & Associates was named on the Rhysida ransomware data-leak (extortion) site on 2025-05-28.

    RansomwareUnknown
  210. Czech Ministry of Foreign Affairs APT31 cyber-espionage

    The Czech government publicly attributed a years-long cyber-espionage campaign against an unclassified network of its Ministry of Foreign Affairs to APT31, a group linked to China's Ministry of State Security. The intrusion, active since at least 2022, targeted designated critical national infrastructure.

  211. Eliel Cycling ransomware attack (Play, 2025)

    Eliel Cycling was named on the Play ransomware data-leak (extortion) site on 2025-05-28.

    RansomwareUnknown
  212. Fujipoly Ltd ransomware attack (Spacebears, 2025)

    Fujipoly Ltd was named on the Spacebears ransomware data-leak (extortion) site on 2025-05-28.

    RansomwareUnknown
  213. KDV Label ransomware attack (Play, 2025)

    KDV Label was named on the Play ransomware data-leak (extortion) site on 2025-05-28.

    RansomwareUnknown
  214. l*s.com.vn ransomware attack (Flocker, 2025)

    l*s.com.vn was named on the Flocker ransomware data-leak (extortion) site on 2025-05-28.

    RansomwareUnknown
  215. Corantioquia ransomware attack (Hunters International, 2025)

    Corantioquia was named on the Hunters International ransomware data-leak (extortion) site on 2025-05-27.

    RansomwareUnknown
  216. Eight8Ate Holdings, Inc ransomware attack (Hunters International, 2025)

    Eight8Ate Holdings, Inc was named on the Hunters International ransomware data-leak (extortion) site on 2025-05-27.

    RansomwareUnknown
  217. http://www.iptelecom.at ransomware attack (Ciphbit, 2025)

    http://www.iptelecom.at was named on the Ciphbit ransomware data-leak (extortion) site on 2025-05-27.

    RansomwareUnknown
  218. WAT Supplies ransomware attack (Play, 2025)

    WAT Supplies was named on the Play ransomware data-leak (extortion) site on 2025-05-27.

    RansomwareUnknown
  219. Wrap & Send Services ransomware attack (Hunters International, 2025)

    Wrap & Send Services was named on the Hunters International ransomware data-leak (extortion) site on 2025-05-27.

    RansomwareUnknown
  220. allstarflooring.com ransomware attack (Embargo, 2025)

    allstarflooring.com was named on the Embargo ransomware data-leak (extortion) site on 2025-05-26.

    RansomwareUnknown
  221. Antea Luce ransomware attack (Arcusmedia, 2025)

    Antea Luce was named on the Arcusmedia ransomware data-leak (extortion) site on 2025-05-26.

    RansomwareUnknown
  222. Leak at Autosur

    Autosur, a major French vehicle-inspection network, suffered a data breach exposing personal and vehicle records of millions of customers — names, emails, postal addresses, phone numbers, license plates and vehicle details — advertised for sale on a cybercrime forum.

  223. Carrera Chevrolet ransomware attack (Rhysida, 2025)

    Carrera Chevrolet was named on the Rhysida ransomware data-leak (extortion) site on 2025-05-26.

    RansomwareUnknown
  224. Frederick's Machine & Tool Shop ransomware attack (Play, 2025)

    Frederick's Machine & Tool Shop was named on the Play ransomware data-leak (extortion) site on 2025-05-26.

    RansomwareUnknown
  225. Media Links ransomware attack (Play, 2025)

    Media Links was named on the Play ransomware data-leak (extortion) site on 2025-05-26.

    RansomwareUnknown
  226. D****v.org ransomware attack (Flocker, 2025)

    D****v.org was named on the Flocker ransomware data-leak (extortion) site on 2025-05-25.

    RansomwareUnknown
  227. oxparkrec.org ransomware attack (Incransom, 2025)

    oxparkrec.org was named on the Incransom ransomware data-leak (extortion) site on 2025-05-25.

    RansomwareUnknown
  228. Seneca Gaming & Entertainment ransomware attack (Nitrogen, 2025)

    Seneca Gaming & Entertainment was named on the Nitrogen ransomware data-leak (extortion) site on 2025-05-25.

    RansomwareUnknown
  229. ColoCrossing data breach (2025)

    In May 2025, hosting provider ColoCrossing identified a data breach that impacted customers of their ColoCloud virtual server product. ColoCrossing advised the incident was isolated to their cloud/VPS platform and stemmed from a single sign-on vulnerability.

    Data breachResolved
  230. Coweta County School System ransomware attack (Nitrogen, 2025)

    Coweta County School System was named on the Nitrogen ransomware data-leak (extortion) site on 2025-05-24.

    RansomwareUnknown
  231. T******p.ae ransomware attack (Flocker, 2025)

    T******p.ae was named on the Flocker ransomware data-leak (extortion) site on 2025-05-24.

    RansomwareUnknown
  232. Vernon Milling ransomware attack (Play, 2025)

    Vernon Milling was named on the Play ransomware data-leak (extortion) site on 2025-05-24.

    RansomwareUnknown
  233. AKJ Energiteknik ransomware attack (Play, 2025)

    AKJ Energiteknik was named on the Play ransomware data-leak (extortion) site on 2025-05-23.

    RansomwareUnknown
  234. Operation Endgame 2.0 data breach (2025)

    In May 2025, a coalition of law enforcement agencies took down the criminal infrastructure behind the malware used to launch ransomware attacks in a new phase of "Operation Endgame".

    Data breachResolved
  235. South Atlantic Federal Credit Union ransomware attack (Play, 2025)

    South Atlantic Federal Credit Union was named on the Play ransomware data-leak (extortion) site on 2025-05-23.

    RansomwareUnknown
  236. 4Motive ransomware attack (Spacebears, 2025)

    4Motive was named on the Spacebears ransomware data-leak (extortion) site on 2025-05-22.

    RansomwareUnknown
  237. CNHI LLC ransomware attack (Play, 2025)

    CNHI LLC was named on the Play ransomware data-leak (extortion) site on 2025-05-22.

    RansomwareUnknown
  238. Curewell Pharmacy & Surgicals ransomware attack (Spacebears, 2025)

    Curewell Pharmacy & Surgicals was named on the Spacebears ransomware data-leak (extortion) site on 2025-05-22.

    RansomwareUnknown
  239. Greater Seattle Concrete ransomware attack (Play, 2025)

    Greater Seattle Concrete was named on the Play ransomware data-leak (extortion) site on 2025-05-22.

    RansomwareUnknown
  240. piercecountylibrary.org ransomware attack (Incransom, 2025)

    piercecountylibrary.org was named on the Incransom ransomware data-leak (extortion) site on 2025-05-22.

    RansomwareUnknown
  241. AttainX ransomware attack (Play, 2025)

    AttainX was named on the Play ransomware data-leak (extortion) site on 2025-05-21.

    RansomwareUnknown
  242. Neighborhood Development Services ransomware attack (Kairos, 2025)

    Neighborhood Development Services was named on the Kairos ransomware data-leak (extortion) site on 2025-05-21.

    RansomwareUnknown
  243. Rivers Academy West London ransomware attack (Incransom, 2025)

    Rivers Academy West London was named on the Incransom ransomware data-leak (extortion) site on 2025-05-21.

    RansomwareUnknown
  244. Durham Arts Council ransomware attack (Kairos, 2025)

    Durham Arts Council was named on the Kairos ransomware data-leak (extortion) site on 2025-05-20.

    RansomwareUnknown
  245. Florida Lung ransomware attack (Rhysida, 2025)

    Florida Lung was named on the Rhysida ransomware data-leak (extortion) site on 2025-05-20.

    RansomwareUnknown
  246. Runtec ransomware attack (Lynx, 2025)

    Runtec was named on the Lynx ransomware data-leak (extortion) site on 2025-05-20.

    RansomwareUnknown
  247. The Vascular Experts ransomware attack (Incransom, 2025)

    The Vascular Experts was named on the Incransom ransomware data-leak (extortion) site on 2025-05-20.

    RansomwareUnknown
  248. Tri State Electric ransomware attack (Ransomhouse, 2025)

    Tri State Electric was named on the Ransomhouse ransomware data-leak (extortion) site on 2025-05-20.

    RansomwareUnknown
  249. K & K Fence ransomware attack (Play, 2025)

    K & K Fence was named on the Play ransomware data-leak (extortion) site on 2025-05-19.

    RansomwareUnknown
  250. Colegio de la Compania de Maria Vigo ransomware attack (Arcusmedia, 2025)

    Colegio de la Compania de Maria Vigo was named on the Arcusmedia ransomware data-leak (extortion) site on 2025-05-18.

    RansomwareUnknown
  251. Fong Shann Printing Philippines ransomware attack (Arcusmedia, 2025)

    Fong Shann Printing Philippines was named on the Arcusmedia ransomware data-leak (extortion) site on 2025-05-18.

    RansomwareUnknown
  252. Grupo Boulevard ransomware attack (Arcusmedia, 2025)

    Grupo Boulevard was named on the Arcusmedia ransomware data-leak (extortion) site on 2025-05-18.

    RansomwareUnknown
  253. null ransomware attack (Dragonforce, 2025)

    null was named on the Dragonforce ransomware data-leak (extortion) site on 2025-05-18.

    RansomwareUnknown
  254. RECI SYSTEMS ransomware attack (Arcusmedia, 2025)

    RECI SYSTEMS was named on the Arcusmedia ransomware data-leak (extortion) site on 2025-05-18.

    RansomwareUnknown
  255. Road Development Corporation ransomware attack (Arcusmedia, 2025)

    Road Development Corporation was named on the Arcusmedia ransomware data-leak (extortion) site on 2025-05-18.

    RansomwareUnknown
  256. Termolar ransomware attack (Rhysida, 2025)

    Termolar was named on the Rhysida ransomware data-leak (extortion) site on 2025-05-18.

    RansomwareUnknown
  257. diyar.com ransomware attack (Lynx, 2025)

    diyar.com was named on the Lynx ransomware data-leak (extortion) site on 2025-05-17.

    RansomwareUnknown
  258. Gearhiser Peters Elliott & Cannon ransomware attack (Lynx, 2025)

    Gearhiser Peters Elliott & Cannon was named on the Lynx ransomware data-leak (extortion) site on 2025-05-17.

    RansomwareUnknown
  259. Maruichi Leavitt Pipe & Tube ransomware attack (Lynx, 2025)

    Maruichi Leavitt Pipe & Tube was named on the Lynx ransomware data-leak (extortion) site on 2025-05-17.

    RansomwareUnknown
  260. nissi-beach.com ransomware attack (Incransom, 2025)

    nissi-beach.com was named on the Incransom ransomware data-leak (extortion) site on 2025-05-17.

    RansomwareUnknown
  261. npfy.org ransomware attack (Incransom, 2025)

    npfy.org was named on the Incransom ransomware data-leak (extortion) site on 2025-05-17.

    RansomwareUnknown
  262. ros.eu ransomware attack (Incransom, 2025)

    ros.eu was named on the Incransom ransomware data-leak (extortion) site on 2025-05-17.

    RansomwareUnknown
  263. www.davisdavisco.com ransomware attack (Incransom, 2025)

    www.davisdavisco.com was named on the Incransom ransomware data-leak (extortion) site on 2025-05-17.

    RansomwareUnknown
  264. alpha-steuer.de ransomware attack (Incransom, 2025)

    alpha-steuer.de was named on the Incransom ransomware data-leak (extortion) site on 2025-05-16.

    RansomwareUnknown
  265. Carney Badley Spellman ransomware attack (Play, 2025)

    Carney Badley Spellman was named on the Play ransomware data-leak (extortion) site on 2025-05-16.

    RansomwareUnknown
  266. ccrcda.org ransomware attack (Incransom, 2025)

    ccrcda.org was named on the Incransom ransomware data-leak (extortion) site on 2025-05-16.

    RansomwareUnknown
  267. finanzconsult-immobilien.de ransomware attack (Incransom, 2025)

    finanzconsult-immobilien.de was named on the Incransom ransomware data-leak (extortion) site on 2025-05-16.

    RansomwareUnknown
  268. south african airways (flysaa.com) ransomware attack (Incransom, 2025)

    south african airways (flysaa.com) was named on the Incransom ransomware data-leak (extortion) site on 2025-05-16.

    RansomwareUnknown
  269. Triple Jump ransomware attack (Ransomhouse, 2025)

    Triple Jump was named on the Ransomhouse ransomware data-leak (extortion) site on 2025-05-16.

    RansomwareUnknown
  270. [DISCLOSED]OeTTINGER Brauerei ransomware attack (Ransomhouse, 2025)

    [DISCLOSED]OeTTINGER Brauerei was named on the Ransomhouse ransomware data-leak (extortion) site on 2025-05-15.

    RansomwareUnknown
  271. GARDNER ORTHOPEDICS ransomware attack (Incransom, 2025)

    GARDNER ORTHOPEDICS was named on the Incransom ransomware data-leak (extortion) site on 2025-05-15.

    RansomwareUnknown
  272. http://www.gloucesterva.gov ransomware attack (BlackSuit, 2025)

    http://www.gloucesterva.gov was named on the BlackSuit ransomware data-leak (extortion) site on 2025-05-15.

    RansomwareUnknown
  273. Grafton Technologies ransomware attack (Play, 2025)

    Grafton Technologies was named on the Play ransomware data-leak (extortion) site on 2025-05-14.

    RansomwareUnknown
  274. Kingsmen Creatives Ltd. ransomware attack (Embargo, 2025)

    Kingsmen Creatives Ltd. was named on the Embargo ransomware data-leak (extortion) site on 2025-05-14.

    RansomwareUnknown
  275. Redirecting... ransomware attack (Hellcat, 2025)

    Redirecting... was named on the Hellcat ransomware data-leak (extortion) site on 2025-05-14.

    RansomwareUnknown
  276. Regal Ideas ransomware attack (Play, 2025)

    Regal Ideas was named on the Play ransomware data-leak (extortion) site on 2025-05-14.

    RansomwareUnknown
  277. Royal Chemical ransomware attack (Lynx, 2025)

    Royal Chemical was named on the Lynx ransomware data-leak (extortion) site on 2025-05-14.

    RansomwareUnknown
  278. Sao Camilo Cachoeiro de Itapemirim ransomware attack (Rhysida, 2025)

    Sao Camilo Cachoeiro de Itapemirim was named on the Rhysida ransomware data-leak (extortion) site on 2025-05-14.

    RansomwareUnknown
  279. architekturbuero-heller.de ransomware attack (Dragonforce, 2025)

    architekturbuero-heller.de was named on the Dragonforce ransomware data-leak (extortion) site on 2025-05-13.

    RansomwareUnknown
  280. Leak at Dior

    On 13 May 2025, luxury fashion house Christian Dior Couture (LVMH) began notifying customers — first in Asia — that an intrusion discovered on 7 May exposed names, contact details, purchase histories and marketing preferences; no bank or payment-card data was affected.

  281. Dishaka ransomware attack (Play, 2025)

    Dishaka was named on the Play ransomware data-leak (extortion) site on 2025-05-13.

    RansomwareUnknown
  282. First Choice Courier & Messenger ransomware attack (Spacebears, 2025)

    First Choice Courier & Messenger was named on the Spacebears ransomware data-leak (extortion) site on 2025-05-13.

    RansomwareUnknown
  283. Looper Goodwine ransomware attack (Kairos, 2025)

    Looper Goodwine was named on the Kairos ransomware data-leak (extortion) site on 2025-05-13.

    RansomwareUnknown
  284. Nedved Architekti ransomware attack (Spacebears, 2025)

    Nedved Architekti was named on the Spacebears ransomware data-leak (extortion) site on 2025-05-13.

    RansomwareUnknown
  285. Operative ransomware attack (Play, 2025)

    Operative was named on the Play ransomware data-leak (extortion) site on 2025-05-13.

    RansomwareUnknown
  286. Overhead Door of Nova Scotia ransomware attack (Play, 2025)

    Overhead Door of Nova Scotia was named on the Play ransomware data-leak (extortion) site on 2025-05-13.

    RansomwareUnknown
  287. Leak at Pulsy

    Patient data managed by Pulsy, the regional e-health operator (GRADeS) for France's Grand Est region, was reported leaked on 13 May 2025, exposing identity details, contacts and sensitive health information including care pathways and hospitalisation records.

  288. thaonlesvosges.fr ransomware attack (Dragonforce, 2025)

    thaonlesvosges.fr was named on the Dragonforce ransomware data-leak (extortion) site on 2025-05-13.

    RansomwareUnknown
  289. www.colemanmaterials.com ransomware attack (Dragonforce, 2025)

    www.colemanmaterials.com was named on the Dragonforce ransomware data-leak (extortion) site on 2025-05-13.

    RansomwareUnknown
  290. altara.com ransomware attack (Dragonforce, 2025)

    altara.com was named on the Dragonforce ransomware data-leak (extortion) site on 2025-05-12.

    RansomwareUnknown
  291. atlplasticsurgeon.com ransomware attack (Dragonforce, 2025)

    atlplasticsurgeon.com was named on the Dragonforce ransomware data-leak (extortion) site on 2025-05-12.

    RansomwareUnknown
  292. EIZO Rugged Solutions ransomware attack (Play, 2025)

    EIZO Rugged Solutions was named on the Play ransomware data-leak (extortion) site on 2025-05-12.

    RansomwareUnknown
  293. iacc.holdings ransomware attack (Dragonforce, 2025)

    iacc.holdings was named on the Dragonforce ransomware data-leak (extortion) site on 2025-05-12.

    RansomwareUnknown
  294. industrialdynamics.com ransomware attack (Dragonforce, 2025)

    industrialdynamics.com was named on the Dragonforce ransomware data-leak (extortion) site on 2025-05-12.

    RansomwareUnknown
  295. jtalleycorp.com ransomware attack (Dragonforce, 2025)

    jtalleycorp.com was named on the Dragonforce ransomware data-leak (extortion) site on 2025-05-12.

    RansomwareUnknown
  296. Just Concrete & Masonry ransomware attack (Play, 2025)

    Just Concrete & Masonry was named on the Play ransomware data-leak (extortion) site on 2025-05-12.

    RansomwareUnknown
  297. net-move.com ransomware attack (Dragonforce, 2025)

    net-move.com was named on the Dragonforce ransomware data-leak (extortion) site on 2025-05-12.

    RansomwareUnknown
  298. southernavionics.com ransomware attack (Dragonforce, 2025)

    southernavionics.com was named on the Dragonforce ransomware data-leak (extortion) site on 2025-05-12.

    RansomwareUnknown
  299. www.condista.com ransomware attack (Dragonforce, 2025)

    www.condista.com was named on the Dragonforce ransomware data-leak (extortion) site on 2025-05-12.

    RansomwareUnknown
  300. www.dermatologysolutions.com ransomware attack (Dragonforce, 2025)

    www.dermatologysolutions.com was named on the Dragonforce ransomware data-leak (extortion) site on 2025-05-12.

    RansomwareUnknown
  301. www.philsmithauto.com ransomware attack (Dragonforce, 2025)

    www.philsmithauto.com was named on the Dragonforce ransomware data-leak (extortion) site on 2025-05-12.

    RansomwareUnknown
  302. dac-law.com ransomware attack (Dragonforce, 2025)

    dac-law.com was named on the Dragonforce ransomware data-leak (extortion) site on 2025-05-11.

    RansomwareUnknown
  303. kraftkisarna.se ransomware attack (Dragonforce, 2025)

    kraftkisarna.se was named on the Dragonforce ransomware data-leak (extortion) site on 2025-05-11.

    RansomwareUnknown
  304. millercaggiano.com ransomware attack (Dragonforce, 2025)

    millercaggiano.com was named on the Dragonforce ransomware data-leak (extortion) site on 2025-05-11.

    RansomwareUnknown
  305. ossman.co.uk ransomware attack (Dragonforce, 2025)

    ossman.co.uk was named on the Dragonforce ransomware data-leak (extortion) site on 2025-05-11.

    RansomwareUnknown
  306. pratthomes.com ransomware attack (Dragonforce, 2025)

    pratthomes.com was named on the Dragonforce ransomware data-leak (extortion) site on 2025-05-11.

    RansomwareUnknown
  307. pryor-morrow.com ransomware attack (Dragonforce, 2025)

    pryor-morrow.com was named on the Dragonforce ransomware data-leak (extortion) site on 2025-05-11.

    RansomwareUnknown
  308. stitaly.it ransomware attack (Dragonforce, 2025)

    stitaly.it was named on the Dragonforce ransomware data-leak (extortion) site on 2025-05-11.

    RansomwareUnknown
  309. www.harrissteelco.com ransomware attack (Dragonforce, 2025)

    www.harrissteelco.com was named on the Dragonforce ransomware data-leak (extortion) site on 2025-05-11.

    RansomwareUnknown
  310. www.irisid.com ransomware attack (Dragonforce, 2025)

    www.irisid.com was named on the Dragonforce ransomware data-leak (extortion) site on 2025-05-11.

    RansomwareUnknown
  311. www.precisiontextiles-usa.com ransomware attack (Dragonforce, 2025)

    www.precisiontextiles-usa.com was named on the Dragonforce ransomware data-leak (extortion) site on 2025-05-11.

    RansomwareUnknown
  312. www.setpointsystems.com ransomware attack (Dragonforce, 2025)

    www.setpointsystems.com was named on the Dragonforce ransomware data-leak (extortion) site on 2025-05-11.

    RansomwareUnknown
  313. www.texlaenergy.com ransomware attack (Dragonforce, 2025)

    www.texlaenergy.com was named on the Dragonforce ransomware data-leak (extortion) site on 2025-05-11.

    RansomwareUnknown
  314. American Eagle Logistics - Full Leak ransomware attack (Monti, 2025)

    American Eagle Logistics - Full Leak was named on the Monti ransomware data-leak (extortion) site on 2025-05-10.

    RansomwareUnknown
  315. citrusmagic.com ransomware attack (Dragonforce, 2025)

    citrusmagic.com was named on the Dragonforce ransomware data-leak (extortion) site on 2025-05-10.

    RansomwareUnknown
  316. statesmanbiz.com ransomware attack (Dragonforce, 2025)

    statesmanbiz.com was named on the Dragonforce ransomware data-leak (extortion) site on 2025-05-10.

    RansomwareUnknown
  317. Verrex ransomware attack (Play, 2025)

    Verrex was named on the Play ransomware data-leak (extortion) site on 2025-05-10.

    RansomwareUnknown
  318. www.cityofgroveok.gov ransomware attack (Dragonforce, 2025)

    www.cityofgroveok.gov was named on the Dragonforce ransomware data-leak (extortion) site on 2025-05-10.

    RansomwareUnknown
  319. EMX Enterprises ransomware attack (Play, 2025)

    EMX Enterprises was named on the Play ransomware data-leak (extortion) site on 2025-05-09.

    RansomwareUnknown
  320. Gistic Research ransomware attack (Play, 2025)

    Gistic Research was named on the Play ransomware data-leak (extortion) site on 2025-05-09.

    RansomwareUnknown
  321. hennessyfunds.com ransomware attack (LockBit, 2025)

    hennessyfunds.com was named on the LockBit ransomware data-leak (extortion) site on 2025-05-09.

    RansomwareUnknown
  322. Mountain View Mushrooms ransomware attack (Rhysida, 2025)

    Mountain View Mushrooms was named on the Rhysida ransomware data-leak (extortion) site on 2025-05-09.

    RansomwareUnknown
  323. Sweet Shop USA ransomware attack (Play, 2025)

    Sweet Shop USA was named on the Play ransomware data-leak (extortion) site on 2025-05-09.

    RansomwareUnknown
  324. UniTrak ransomware attack (Play, 2025)

    UniTrak was named on the Play ransomware data-leak (extortion) site on 2025-05-08.

    RansomwareUnknown
  325. vzlom7may.omg ransomware attack (LockBit, 2025)

    vzlom7may.omg was named on the LockBit ransomware data-leak (extortion) site on 2025-05-08.

    RansomwareUnknown
  326. Amtech Software ransomware attack (Monti, 2025)

    Amtech Software was named on the Monti ransomware data-leak (extortion) site on 2025-05-07.

    RansomwareUnknown
  327. GPF Lewis ransomware attack (Hunters International, 2025)

    GPF Lewis was named on the Hunters International ransomware data-leak (extortion) site on 2025-05-07.

    RansomwareUnknown
  328. LGM ransomware attack (Termite, 2025)

    LGM was named on the Termite ransomware data-leak (extortion) site on 2025-05-07.

    RansomwareUnknown
  329. Sioux Chief ransomware attack (Hunters International, 2025)

    Sioux Chief was named on the Hunters International ransomware data-leak (extortion) site on 2025-05-07.

    RansomwareUnknown
  330. Transport Lutztulln ransomware attack (Orca, 2025)

    Transport Lutztulln was named on the Orca ransomware data-leak (extortion) site on 2025-05-07.

    RansomwareUnknown
  331. Breen Construction Services ransomware attack (Play, 2025)

    Breen Construction Services was named on the Play ransomware data-leak (extortion) site on 2025-05-06.

    RansomwareUnknown
  332. Commune de Jemeppe-sur-Sambre ransomware attack (Ransomhouse, 2025)

    Commune de Jemeppe-sur-Sambre was named on the Ransomhouse ransomware data-leak (extortion) site on 2025-05-06.

    RansomwareUnknown
  333. Downtown Travel ransomware attack (Play, 2025)

    Downtown Travel was named on the Play ransomware data-leak (extortion) site on 2025-05-06.

    RansomwareUnknown
  334. ehlers-inc.com ransomware attack (LockBit, 2025)

    ehlers-inc.com was named on the LockBit ransomware data-leak (extortion) site on 2025-05-06.

    RansomwareUnknown
  335. Marine Technical Surveyors ransomware attack (Play, 2025)

    Marine Technical Surveyors was named on the Play ransomware data-leak (extortion) site on 2025-05-06.

    RansomwareUnknown
  336. Mediprobe Research ransomware attack (Rhysida, 2025)

    Mediprobe Research was named on the Rhysida ransomware data-leak (extortion) site on 2025-05-06.

    RansomwareUnknown
  337. Novosit ransomware attack (Play, 2025)

    Novosit was named on the Play ransomware data-leak (extortion) site on 2025-05-06.

    RansomwareUnknown
  338. Rand Technology ransomware attack (Play, 2025)

    Rand Technology was named on the Play ransomware data-leak (extortion) site on 2025-05-06.

    RansomwareUnknown
  339. Sugar Lake Lodge ransomware attack (Play, 2025)

    Sugar Lake Lodge was named on the Play ransomware data-leak (extortion) site on 2025-05-06.

    RansomwareUnknown
  340. Technical Die-Casting ransomware attack (Play, 2025)

    Technical Die-Casting was named on the Play ransomware data-leak (extortion) site on 2025-05-06.

    RansomwareUnknown
  341. Trybus ransomware attack (Play, 2025)

    Trybus was named on the Play ransomware data-leak (extortion) site on 2025-05-06.

    RansomwareUnknown
  342. Ualabee data breach (2025)

    In May 2025, the South American mobility services platform Ualabee had hundreds of thousands of records scraped from an interface on their platform. The data included 472k unique email addresses along with names, profile photos, dates of birth and phone numbers.

    Data breachResolved
  343. Webcor ransomware attack (Play, 2025)

    Webcor was named on the Play ransomware data-leak (extortion) site on 2025-05-06.

    RansomwareUnknown
  344. Alberta Construction Safety Association ransomware attack (Play, 2025)

    Alberta Construction Safety Association was named on the Play ransomware data-leak (extortion) site on 2025-05-05.

    RansomwareUnknown
  345. ATI Systems ransomware attack (Play, 2025)

    ATI Systems was named on the Play ransomware data-leak (extortion) site on 2025-05-05.

    RansomwareUnknown
  346. Hire Velocity (lan.hirevelocity.com) ransomware attack (Lynx, 2025)

    Hire Velocity (lan.hirevelocity.com) was named on the Lynx ransomware data-leak (extortion) site on 2025-05-05.

    RansomwareUnknown
  347. OeTTINGER Brauerei ransomware attack (Ransomhouse, 2025)

    OeTTINGER Brauerei was named on the Ransomhouse ransomware data-leak (extortion) site on 2025-05-05.

    RansomwareUnknown
  348. pbw- ransomware attack (LockBit, 2025)

    pbw- was named on the LockBit ransomware data-leak (extortion) site on 2025-05-05.

    RansomwareUnknown
  349. CabinC.com ransomware attack (Lynx, 2025)

    CabinC.com was named on the Lynx ransomware data-leak (extortion) site on 2025-05-04.

    RansomwareUnknown
  350. soundtransit.org ransomware attack (Braincipher, 2025)

    soundtransit.org was named on the Braincipher ransomware data-leak (extortion) site on 2025-05-04.

    RansomwareUnknown
  351. valedolobo.com ransomware attack (Braincipher, 2025)

    valedolobo.com was named on the Braincipher ransomware data-leak (extortion) site on 2025-05-04.

    RansomwareUnknown
  352. American Eagle Logistics - Press Release ransomware attack (Monti, 2025)

    American Eagle Logistics - Press Release was named on the Monti ransomware data-leak (extortion) site on 2025-05-03.

    RansomwareUnknown
  353. ddecor.com ransomware attack (Braincipher, 2025)

    ddecor.com was named on the Braincipher ransomware data-leak (extortion) site on 2025-05-03.

    RansomwareUnknown
  354. edisoft.es ransomware attack (Braincipher, 2025)

    edisoft.es was named on the Braincipher ransomware data-leak (extortion) site on 2025-05-03.

    RansomwareUnknown
  355. iycsa.com.co ransomware attack (Braincipher, 2025)

    iycsa.com.co was named on the Braincipher ransomware data-leak (extortion) site on 2025-05-03.

    RansomwareUnknown
  356. Kalin Hobeltechnik ransomware attack (Rhysida, 2025)

    Kalin Hobeltechnik was named on the Rhysida ransomware data-leak (extortion) site on 2025-05-03.

    RansomwareUnknown
  357. ruizre.es ransomware attack (Braincipher, 2025)

    ruizre.es was named on the Braincipher ransomware data-leak (extortion) site on 2025-05-03.

    RansomwareUnknown
  358. arc-com.com ransomware attack (LockBit, 2025)

    arc-com.com was named on the LockBit ransomware data-leak (extortion) site on 2025-05-02.

    RansomwareUnknown
  359. derichsukonertz.de ransomware attack (Lynx, 2025)

    derichsukonertz.de was named on the Lynx ransomware data-leak (extortion) site on 2025-05-02.

    RansomwareUnknown
  360. [DISCLOSED]Imedexsa ransomware attack (Ransomhouse, 2025)

    [DISCLOSED]Imedexsa was named on the Ransomhouse ransomware data-leak (extortion) site on 2025-05-02.

    RansomwareUnknown
  361. ECOM America ransomware attack (Play, 2025)

    ECOM America was named on the Play ransomware data-leak (extortion) site on 2025-05-02.

    RansomwareUnknown
  362. Government of Peru ransomware attack (Rhysida, 2025)

    Government of Peru was named on the Rhysida ransomware data-leak (extortion) site on 2025-05-02.

    RansomwareUnknown
  363. kll-law.com ransomware attack (LockBit, 2025)

    kll-law.com was named on the LockBit ransomware data-leak (extortion) site on 2025-05-02.

    RansomwareUnknown
  364. pdcm.com ransomware attack (LockBit, 2025)

    pdcm.com was named on the LockBit ransomware data-leak (extortion) site on 2025-05-02.

    RansomwareUnknown
  365. runtec.co.jp ransomware attack (Lynx, 2025)

    runtec.co.jp was named on the Lynx ransomware data-leak (extortion) site on 2025-05-02.

    RansomwareUnknown
  366. Southern Fidelity ransomware attack (Play, 2025)

    Southern Fidelity was named on the Play ransomware data-leak (extortion) site on 2025-05-02.

    RansomwareUnknown
  367. The Seydel Companies ransomware attack (Play, 2025)

    The Seydel Companies was named on the Play ransomware data-leak (extortion) site on 2025-05-02.

    RansomwareUnknown
  368. Creams Cafe data breach (2025)

    In May 2025, 160k records of customer data was allegedly obtained from Creams Cafe, "the UK's favourite dessert parlour". The data included email and physical addresses, names and phone numbers.

    Data breachResolved
  369. Custom Paper ransomware attack (Play, 2025)

    Custom Paper was named on the Play ransomware data-leak (extortion) site on 2025-05-01.

    RansomwareUnknown
  370. Defected Records ransomware attack (Play, 2025)

    Defected Records was named on the Play ransomware data-leak (extortion) site on 2025-05-01.

    RansomwareUnknown
  371. maywdef ransomware attack (Lynx, 2025)

    maywdef was named on the Lynx ransomware data-leak (extortion) site on 2025-05-01.

    RansomwareUnknown
  372. StudioVaiani ransomware attack (Incransom, 2025)

    StudioVaiani was named on the Incransom ransomware data-leak (extortion) site on 2025-05-01.

    RansomwareUnknown
  373. The Saint James Hospital Group ransomware attack (Incransom, 2025)

    The Saint James Hospital Group was named on the Incransom ransomware data-leak (extortion) site on 2025-05-01.

    RansomwareUnknown
  374. WDEF-TV ransomware attack (Lynx, 2025)

    WDEF-TV was named on the Lynx ransomware data-leak (extortion) site on 2025-05-01.

    RansomwareUnknown
  375. Coop UQAM ransomware attack (Rhysida, 2025)

    Coop UQAM was named on the Rhysida ransomware data-leak (extortion) site on 2025-04-30.

    RansomwareUnknown
  376. Digestive Specialists ransomware attack (Hunters International, 2025)

    Digestive Specialists was named on the Hunters International ransomware data-leak (extortion) site on 2025-04-30.

    RansomwareUnknown
  377. FCC ransomware attack (Hunters International, 2025)

    FCC was named on the Hunters International ransomware data-leak (extortion) site on 2025-04-30.

    RansomwareUnknown
  378. Gorham Sand & Gravel ransomware attack (Play, 2025)

    Gorham Sand & Gravel was named on the Play ransomware data-leak (extortion) site on 2025-04-30.

    RansomwareUnknown
  379. Missouri Pipe Fittings ransomware attack (Play, 2025)

    Missouri Pipe Fittings was named on the Play ransomware data-leak (extortion) site on 2025-04-30.

    RansomwareUnknown
  380. National Steel City ransomware attack (Play, 2025)

    National Steel City was named on the Play ransomware data-leak (extortion) site on 2025-04-30.

    RansomwareUnknown
  381. Penn Emblem (penn.local) ransomware attack (Lynx, 2025)

    Penn Emblem (penn.local) was named on the Lynx ransomware data-leak (extortion) site on 2025-04-30.

    RansomwareUnknown
  382. PermaCold Engineering ransomware attack (Play, 2025)

    PermaCold Engineering was named on the Play ransomware data-leak (extortion) site on 2025-04-30.

    RansomwareUnknown
  383. southernagllc.com ransomware attack (Lynx, 2025)

    southernagllc.com was named on the Lynx ransomware data-leak (extortion) site on 2025-04-30.

    RansomwareUnknown
  384. Telco Intercontinental ransomware attack (Hunters International, 2025)

    Telco Intercontinental was named on the Hunters International ransomware data-leak (extortion) site on 2025-04-30.

    RansomwareUnknown
  385. Ushio ransomware attack (Termite, 2025)

    Ushio was named on the Termite ransomware data-leak (extortion) site on 2025-04-30.

    RansomwareUnknown
  386. BOLL Logistik ransomware attack (Play, 2025)

    BOLL Logistik was named on the Play ransomware data-leak (extortion) site on 2025-04-29.

    RansomwareUnknown
  387. Cooper Global Chauffeured ransomware attack (Play, 2025)

    Cooper Global Chauffeured was named on the Play ransomware data-leak (extortion) site on 2025-04-29.

    RansomwareUnknown
  388. David Mills CPA, LLC ransomware attack (Lynx, 2025)

    David Mills CPA, LLC was named on the Lynx ransomware data-leak (extortion) site on 2025-04-29.

    RansomwareUnknown
  389. Haas & Associates ransomware attack (Play, 2025)

    Haas & Associates was named on the Play ransomware data-leak (extortion) site on 2025-04-28.

    RansomwareUnknown
  390. Hpital Glengarry Memorial Hospital (clglen.local) ransomware attack (Incransom, 2025)

    Hpital Glengarry Memorial Hospital (clglen.local) was named on the Incransom ransomware data-leak (extortion) site on 2025-04-28.

    RansomwareUnknown
  391. LaBella Associates ransomware attack (Rhysida, 2025)

    LaBella Associates was named on the Rhysida ransomware data-leak (extortion) site on 2025-04-28.

    RansomwareUnknown
  392. Mantel Machine Products ransomware attack (Play, 2025)

    Mantel Machine Products was named on the Play ransomware data-leak (extortion) site on 2025-04-28.

    RansomwareUnknown
  393. Minnesota Lawyers Mutual Insurance ransomware attack (Hunters International, 2025)

    Minnesota Lawyers Mutual Insurance was named on the Hunters International ransomware data-leak (extortion) site on 2025-04-28.

    RansomwareUnknown
  394. Scientel Solutions ransomware attack (Play, 2025)

    Scientel Solutions was named on the Play ransomware data-leak (extortion) site on 2025-04-28.

    RansomwareUnknown
  395. Crawford Door Sales ransomware attack (Play, 2025)

    Crawford Door Sales was named on the Play ransomware data-leak (extortion) site on 2025-04-27.

    RansomwareUnknown
  396. FMT Consultants ransomware attack (Play, 2025)

    FMT Consultants was named on the Play ransomware data-leak (extortion) site on 2025-04-27.

    RansomwareUnknown
  397. Global Media Group ransomware attack (Nitrogen, 2025)

    Global Media Group was named on the Nitrogen ransomware data-leak (extortion) site on 2025-04-26.

    RansomwareUnknown
  398. M'AR De AR Hotels ransomware attack (Nitrogen, 2025)

    M'AR De AR Hotels was named on the Nitrogen ransomware data-leak (extortion) site on 2025-04-26.

    RansomwareUnknown
  399. MDB ransomware attack (Rhysida, 2025)

    MDB was named on the Rhysida ransomware data-leak (extortion) site on 2025-04-26.

    RansomwareUnknown
  400. Stadtwerke Schwerte GmbH ransomware attack (Nitrogen, 2025)

    Stadtwerke Schwerte GmbH was named on the Nitrogen ransomware data-leak (extortion) site on 2025-04-26.

    RansomwareUnknown
  401. AKTO ransomware attack (Nitrogen, 2025)

    AKTO was named on the Nitrogen ransomware data-leak (extortion) site on 2025-04-25.

    RansomwareUnknown
  402. corporateflight.com ransomware attack (Lynx, 2025)

    corporateflight.com was named on the Lynx ransomware data-leak (extortion) site on 2025-04-25.

    RansomwareUnknown
  403. friscochamber.com ransomware attack (Lynx, 2025)

    friscochamber.com was named on the Lynx ransomware data-leak (extortion) site on 2025-04-25.

    RansomwareUnknown
  404. greatplainstransport.com ransomware attack (Lynx, 2025)

    greatplainstransport.com was named on the Lynx ransomware data-leak (extortion) site on 2025-04-25.

    RansomwareUnknown
  405. impactcanada.com ransomware attack (Lynx, 2025)

    impactcanada.com was named on the Lynx ransomware data-leak (extortion) site on 2025-04-25.

    RansomwareUnknown
  406. Kasb Bank - K-Trade ransomware attack (Hunters International, 2025)

    Kasb Bank - K-Trade was named on the Hunters International ransomware data-leak (extortion) site on 2025-04-25.

    RansomwareUnknown
  407. Kenworth Del Sur ransomware attack (Hunters International, 2025)

    Kenworth Del Sur was named on the Hunters International ransomware data-leak (extortion) site on 2025-04-25.

    RansomwareUnknown
  408. pay4freight.com ransomware attack (Lynx, 2025)

    pay4freight.com was named on the Lynx ransomware data-leak (extortion) site on 2025-04-25.

    RansomwareUnknown
  409. shgcpa.com ransomware attack (Lynx, 2025)

    shgcpa.com was named on the Lynx ransomware data-leak (extortion) site on 2025-04-25.

    RansomwareUnknown
  410. arkansasprimarycare.com ransomware attack (Incransom, 2025)

    arkansasprimarycare.com was named on the Incransom ransomware data-leak (extortion) site on 2025-04-24.

    RansomwareUnknown
  411. buildingmaterialspecialties.com ransomware attack (Lynx, 2025)

    buildingmaterialspecialties.com was named on the Lynx ransomware data-leak (extortion) site on 2025-04-24.

    RansomwareUnknown
  412. Leak at Carrefour Mobile

    In April 2025, Carrefour Mobile, the Belgian MVNO of the Carrefour retail group, suffered a data breach exposing personal data of about 64,000 customers, including names, contact details, home addresses, portal passwords and, for some, passport numbers.

  413. Colorado Pulmonary Intensivists ransomware attack (Kairos, 2025)

    Colorado Pulmonary Intensivists was named on the Kairos ransomware data-leak (extortion) site on 2025-04-24.

    RansomwareUnknown
  414. end2endtechnologies ransomware attack (Lynx, 2025)

    end2endtechnologies was named on the Lynx ransomware data-leak (extortion) site on 2025-04-24.

    RansomwareUnknown
  415. https://fortunesociety.org/ ransomware attack (BlackSuit, 2025)

    https://fortunesociety.org/ was named on the BlackSuit ransomware data-leak (extortion) site on 2025-04-24.

    RansomwareUnknown
  416. https://www.pacmet.com ransomware attack (BlackSuit, 2025)

    https://www.pacmet.com was named on the BlackSuit ransomware data-leak (extortion) site on 2025-04-24.

    RansomwareUnknown
  417. Vicarage Court Solicitors ransomware attack (Lynx, 2025)

    Vicarage Court Solicitors was named on the Lynx ransomware data-leak (extortion) site on 2025-04-24.

    RansomwareUnknown
  418. amethystgroup.co.uk ransomware attack (Lynx, 2025)

    amethystgroup.co.uk was named on the Lynx ransomware data-leak (extortion) site on 2025-04-23.

    RansomwareUnknown
  419. Farmo Res ransomware attack (Lynx, 2025)

    Farmo Res was named on the Lynx ransomware data-leak (extortion) site on 2025-04-23.

    RansomwareUnknown
  420. iaconnect ransomware attack (LockBit, 2025)

    iaconnect was named on the LockBit ransomware data-leak (extortion) site on 2025-04-23.

    RansomwareUnknown
  421. Lantronix ransomware attack (Play, 2025)

    Lantronix was named on the Play ransomware data-leak (extortion) site on 2025-04-23.

    RansomwareUnknown
  422. lemi-group ransomware attack (Incransom, 2025)

    lemi-group was named on the Incransom ransomware data-leak (extortion) site on 2025-04-23.

    RansomwareUnknown
  423. Mafi ransomware attack (Hunters International, 2025)

    Mafi was named on the Hunters International ransomware data-leak (extortion) site on 2025-04-23.

    RansomwareUnknown
  424. Milicic ransomware attack (Rhysida, 2025)

    Milicic was named on the Rhysida ransomware data-leak (extortion) site on 2025-04-23.

    RansomwareUnknown
  425. NESCTC ransomware attack (Play, 2025)

    NESCTC was named on the Play ransomware data-leak (extortion) site on 2025-04-23.

    RansomwareUnknown
  426. Springer & Steinberg ransomware attack (Lynx, 2025)

    Springer & Steinberg was named on the Lynx ransomware data-leak (extortion) site on 2025-04-23.

    RansomwareUnknown
  427. Suburban Carting ransomware attack (Play, 2025)

    Suburban Carting was named on the Play ransomware data-leak (extortion) site on 2025-04-23.

    RansomwareUnknown
  428. The Derby High School ransomware attack (Kairos, 2025)

    The Derby High School was named on the Kairos ransomware data-leak (extortion) site on 2025-04-23.

    RansomwareUnknown
  429. The Human Bean ransomware attack (Play, 2025)

    The Human Bean was named on the Play ransomware data-leak (extortion) site on 2025-04-23.

    RansomwareUnknown
  430. Acos Favorit ransomware attack (Rhysida, 2025)

    Acos Favorit was named on the Rhysida ransomware data-leak (extortion) site on 2025-04-22.

    RansomwareUnknown
  431. All Book Covers ransomware attack (Play, 2025)

    All Book Covers was named on the Play ransomware data-leak (extortion) site on 2025-04-22.

    RansomwareUnknown
  432. Bacton Transport Services ransomware attack (Ransomhouse, 2025)

    Bacton Transport Services was named on the Ransomhouse ransomware data-leak (extortion) site on 2025-04-22.

    RansomwareUnknown
  433. Leak at Easy Cash

    In April 2025, French second-hand retail chain Easy Cash disclosed a breach exposing the names, first names and dates of birth of around 92,000 customers, traced to a compromised in-store workstation.

  434. franklin nursing home ransomware attack (Incransom, 2025)

    franklin nursing home was named on the Incransom ransomware data-leak (extortion) site on 2025-04-22.

    RansomwareUnknown
  435. Independent Financial Services ransomware attack (Play, 2025)

    Independent Financial Services was named on the Play ransomware data-leak (extortion) site on 2025-04-22.

    RansomwareUnknown
  436. Jet Ice ransomware attack (Play, 2025)

    Jet Ice was named on the Play ransomware data-leak (extortion) site on 2025-04-22.

    RansomwareUnknown
  437. R&N Manufacturing ransomware attack (Lynx, 2025)

    R&N Manufacturing was named on the Lynx ransomware data-leak (extortion) site on 2025-04-22.

    RansomwareUnknown
  438. C-Mec ransomware attack (Ransomhouse, 2025)

    C-Mec was named on the Ransomhouse ransomware data-leak (extortion) site on 2025-04-21.

    RansomwareUnknown
  439. Marks & Spencer DragonForce ransomware (Scattered Spider, 2025)

    Social-engineering of a third-party service desk gave Scattered Spider a domain administrator, which they used to deploy DragonForce ransomware on M&S's VMware ESXi estate at Easter 2025 — knocking out contactless payments, Click & Collect, and online ordering for over six weeks.

  440. Pharma Force ransomware attack (Hunters International, 2025)

    Pharma Force was named on the Hunters International ransomware data-leak (extortion) site on 2025-04-21.

    RansomwareUnknown
  441. tuttoperlufficio.eu ransomware attack (LockBit, 2025)

    tuttoperlufficio.eu was named on the LockBit ransomware data-leak (extortion) site on 2025-04-21.

    RansomwareUnknown
  442. Z****a.com ransomware attack (Flocker, 2025)

    Z****a.com was named on the Flocker ransomware data-leak (extortion) site on 2025-04-19.

    RansomwareUnknown
  443. dhsmithco.com ransomware attack (Lynx, 2025)

    dhsmithco.com was named on the Lynx ransomware data-leak (extortion) site on 2025-04-18.

    RansomwareUnknown
  444. [EVIDENCE PACK 2] Telecontrol ransomware attack (Ransomhouse, 2025)

    [EVIDENCE PACK 2] Telecontrol was named on the Ransomhouse ransomware data-leak (extortion) site on 2025-04-18.

    RansomwareUnknown
  445. Leak at Indigo

    In April 2025, French parking operator Indigo disclosed a breach after attackers accessed its information systems and stole customer names, postal and email addresses, phone numbers and vehicle license plates; no banking data or passwords were affected.

  446. The Tech Interactive ransomware attack (Moneymessage, 2025)

    The Tech Interactive was named on the Moneymessage ransomware data-leak (extortion) site on 2025-04-18.

    RansomwareUnknown
  447. d-line ransomware attack (Kairos, 2025)

    d-line was named on the Kairos ransomware data-leak (extortion) site on 2025-04-17.

    RansomwareUnknown
  448. EVERTECH INSTRUMENTAL CO., LTD ransomware attack (Spacebears, 2025)

    EVERTECH INSTRUMENTAL CO., LTD was named on the Spacebears ransomware data-leak (extortion) site on 2025-04-17.

    RansomwareUnknown
  449. Feldman & Lopez ransomware attack (Lynx, 2025)

    Feldman & Lopez was named on the Lynx ransomware data-leak (extortion) site on 2025-04-17.

    RansomwareUnknown
  450. HOPI ransomware attack (Hunters International, 2025)

    HOPI was named on the Hunters International ransomware data-leak (extortion) site on 2025-04-17.

    RansomwareUnknown
  451. Hyalogic ransomware attack (Lynx, 2025)

    Hyalogic was named on the Lynx ransomware data-leak (extortion) site on 2025-04-17.

    RansomwareUnknown
  452. Koninklijke Ahold Delhaize N.V. ransomware attack (Incransom, 2025)

    Koninklijke Ahold Delhaize N.V. was named on the Incransom ransomware data-leak (extortion) site on 2025-04-17.

    RansomwareUnknown
  453. Red Chamber ransomware attack (Play, 2025)

    Red Chamber was named on the Play ransomware data-leak (extortion) site on 2025-04-17.

    RansomwareUnknown
  454. Sally B Gold ransomware attack (Lynx, 2025)

    Sally B Gold was named on the Lynx ransomware data-leak (extortion) site on 2025-04-17.

    RansomwareUnknown
  455. VIÑUELAS ABOGADOS ransomware attack (Spacebears, 2025)

    VIÑUELAS ABOGADOS was named on the Spacebears ransomware data-leak (extortion) site on 2025-04-17.

    RansomwareUnknown
  456. aeamg.org.br ransomware attack (LockBit, 2025)

    aeamg.org.br was named on the LockBit ransomware data-leak (extortion) site on 2025-04-16.

    RansomwareUnknown
  457. aqhch.com.cn ransomware attack (LockBit, 2025)

    aqhch.com.cn was named on the LockBit ransomware data-leak (extortion) site on 2025-04-16.

    RansomwareUnknown
  458. ende.bo ransomware attack (LockBit, 2025)

    ende.bo was named on the LockBit ransomware data-leak (extortion) site on 2025-04-16.

    RansomwareUnknown
  459. iblinfo.de ransomware attack (Incransom, 2025)

    iblinfo.de was named on the Incransom ransomware data-leak (extortion) site on 2025-04-16.

    RansomwareUnknown
  460. jackpotjunction.com ransomware attack (LockBit, 2025)

    jackpotjunction.com was named on the LockBit ransomware data-leak (extortion) site on 2025-04-16.

    RansomwareUnknown
  461. McElwee Firm ransomware attack (Lynx, 2025)

    McElwee Firm was named on the Lynx ransomware data-leak (extortion) site on 2025-04-16.

    RansomwareUnknown
  462. semex.com ransomware attack (Underground, 2025)

    semex.com was named on the Underground ransomware data-leak (extortion) site on 2025-04-16.

    RansomwareUnknown
  463. spscompanies.com ransomware attack (Lynx, 2025)

    spscompanies.com was named on the Lynx ransomware data-leak (extortion) site on 2025-04-16.

    RansomwareUnknown
  464. toolsign.com ransomware attack (Lynx, 2025)

    toolsign.com was named on the Lynx ransomware data-leak (extortion) site on 2025-04-16.

    RansomwareUnknown
  465. Leak at Afflelou

    In April 2025, French optical and hearing-aid retailer Alain Afflelou disclosed a breach caused by a vulnerability at a third-party CRM provider, exposing the personal and commercial data of thousands of customers and prospects.

  466. Astra Products ransomware attack (Lynx, 2025)

    Astra Products was named on the Lynx ransomware data-leak (extortion) site on 2025-04-15.

    RansomwareUnknown
  467. Destination Toronto ransomware attack (Play, 2025)

    Destination Toronto was named on the Play ransomware data-leak (extortion) site on 2025-04-15.

    RansomwareUnknown
  468. Leak at Hertz

    On 15 April 2025, car-rental company Hertz disclosed a data breach stemming from the late-2024 zero-day exploitation of Cleo's file-transfer software by the CL0P group, exposing customer names, contact details, dates of birth, driver's licences, credit-card and passport data.

  469. James & Sons Fine Jewelers ransomware attack (Play, 2025)

    James & Sons Fine Jewelers was named on the Play ransomware data-leak (extortion) site on 2025-04-15.

    RansomwareUnknown
  470. Lake HVAC ransomware attack (Lynx, 2025)

    Lake HVAC was named on the Lynx ransomware data-leak (extortion) site on 2025-04-15.

    RansomwareUnknown
  471. Merri-Makers ransomware attack (Play, 2025)

    Merri-Makers was named on the Play ransomware data-leak (extortion) site on 2025-04-15.

    RansomwareUnknown
  472. Miller Boskus Lack Architects ransomware attack (Play, 2025)

    Miller Boskus Lack Architects was named on the Play ransomware data-leak (extortion) site on 2025-04-15.

    RansomwareUnknown
  473. nevadareadymix.com ransomware attack (Lynx, 2025)

    nevadareadymix.com was named on the Lynx ransomware data-leak (extortion) site on 2025-04-15.

    RansomwareUnknown
  474. O'Brien & Ryan ransomware attack (Play, 2025)

    O'Brien & Ryan was named on the Play ransomware data-leak (extortion) site on 2025-04-15.

    RansomwareUnknown
  475. Oregon Department of Environmental Quality ransomware attack (Rhysida, 2025)

    Oregon Department of Environmental Quality was named on the Rhysida ransomware data-leak (extortion) site on 2025-04-15.

    RansomwareUnknown
  476. trocaire.edu ransomware attack (Incransom, 2025)

    trocaire.edu was named on the Incransom ransomware data-leak (extortion) site on 2025-04-15.

    RansomwareUnknown
  477. Voigt-Abernathy Company ransomware attack (Play, 2025)

    Voigt-Abernathy Company was named on the Play ransomware data-leak (extortion) site on 2025-04-15.

    RansomwareUnknown
  478. Waller ransomware attack (Play, 2025)

    Waller was named on the Play ransomware data-leak (extortion) site on 2025-04-15.

    RansomwareUnknown
  479. Calmont Group ransomware attack (Play, 2025)

    Calmont Group was named on the Play ransomware data-leak (extortion) site on 2025-04-14.

    RansomwareUnknown
  480. Comport Technology Solutions ransomware attack (Play, 2025)

    Comport Technology Solutions was named on the Play ransomware data-leak (extortion) site on 2025-04-14.

    RansomwareUnknown
  481. Cortez Resources ransomware attack (Play, 2025)

    Cortez Resources was named on the Play ransomware data-leak (extortion) site on 2025-04-14.

    RansomwareUnknown
  482. MENTAL HEALTH ransomware attack (Incransom, 2025)

    MENTAL HEALTH was named on the Incransom ransomware data-leak (extortion) site on 2025-04-14.

    RansomwareUnknown
  483. Orthopaedic Specialists of Connecticut ransomware attack (Incransom, 2025)

    Orthopaedic Specialists of Connecticut was named on the Incransom ransomware data-leak (extortion) site on 2025-04-14.

    RansomwareUnknown
  484. intelliloan.com ransomware attack (LockBit, 2025)

    intelliloan.com was named on the LockBit ransomware data-leak (extortion) site on 2025-04-13.

    RansomwareUnknown
  485. acimfunds.com ransomware attack (LockBit, 2025)

    acimfunds.com was named on the LockBit ransomware data-leak (extortion) site on 2025-04-12.

    RansomwareUnknown
  486. bilbie.com.au ransomware attack (Lynx, 2025)

    bilbie.com.au was named on the Lynx ransomware data-leak (extortion) site on 2025-04-12.

    RansomwareUnknown
  487. Bjørklund ransomware attack (Termite, 2025)

    Bjørklund was named on the Termite ransomware data-leak (extortion) site on 2025-04-12.

    RansomwareUnknown
  488. Chickenshed ransomware attack (Incransom, 2025)

    Chickenshed was named on the Incransom ransomware data-leak (extortion) site on 2025-04-12.

    RansomwareUnknown
  489. Dimension Composite ransomware attack (Rhysida, 2025)

    Dimension Composite was named on the Rhysida ransomware data-leak (extortion) site on 2025-04-12.

    RansomwareUnknown
  490. On IT ransomware attack (Termite, 2025)

    On IT was named on the Termite ransomware data-leak (extortion) site on 2025-04-12.

    RansomwareUnknown
  491. Restaurant Associates ransomware attack (Lynx, 2025)

    Restaurant Associates was named on the Lynx ransomware data-leak (extortion) site on 2025-04-12.

    RansomwareUnknown
  492. visionproducts.llc ransomware attack (LockBit, 2025)

    visionproducts.llc was named on the LockBit ransomware data-leak (extortion) site on 2025-04-12.

    RansomwareUnknown
  493. C?l???t Group ransomware attack (Play, 2025)

    C?l???t Group was named on the Play ransomware data-leak (extortion) site on 2025-04-11.

    RansomwareUnknown
  494. Codinter ransomware attack (Play, 2025)

    Codinter was named on the Play ransomware data-leak (extortion) site on 2025-04-11.

    RansomwareUnknown
  495. Colmar Industrial Supplies ransomware attack (Lynx, 2025)

    Colmar Industrial Supplies was named on the Lynx ransomware data-leak (extortion) site on 2025-04-11.

    RansomwareUnknown
  496. Leak at Harvest

    Harvest, a French wealth-management software editor, was hit by a Run Some Wares ransomware double-extortion attack disclosed in April 2025; internal and client files were exfiltrated and published, reportedly exposing data on tens of thousands of individuals and thousands of companies.

  497. hotelemc2.c ransomware attack (LockBit, 2025)

    hotelemc2.c was named on the LockBit ransomware data-leak (extortion) site on 2025-04-11.

    RansomwareUnknown
  498. Imagineering Finishing Technologies ransomware attack (Incransom, 2025)

    Imagineering Finishing Technologies was named on the Incransom ransomware data-leak (extortion) site on 2025-04-11.

    RansomwareUnknown
  499. KER Custom Molders ransomware attack (Play, 2025)

    KER Custom Molders was named on the Play ransomware data-leak (extortion) site on 2025-04-11.

    RansomwareUnknown
  500. mbmdubai.com ransomware attack (Braincipher, 2025)

    mbmdubai.com was named on the Braincipher ransomware data-leak (extortion) site on 2025-04-11.

    RansomwareUnknown
  501. New York Sports Club ransomware attack (Play, 2025)

    New York Sports Club was named on the Play ransomware data-leak (extortion) site on 2025-04-11.

    RansomwareUnknown
  502. Noyen Construction ransomware attack (Play, 2025)

    Noyen Construction was named on the Play ransomware data-leak (extortion) site on 2025-04-11.

    RansomwareUnknown
  503. PAC Strapping Products ransomware attack (Play, 2025)

    PAC Strapping Products was named on the Play ransomware data-leak (extortion) site on 2025-04-11.

    RansomwareUnknown
  504. Sfrent.net ransomware attack (Play, 2025)

    Sfrent.net was named on the Play ransomware data-leak (extortion) site on 2025-04-11.

    RansomwareUnknown
  505. Synthient Credential Stuffing Threat Data data breach (2025)

    During 2025, the threat-intelligence firm Synthient aggregated 2 billion unique email addresses disclosed in credential-stuffing lists found across multiple malicious internet sources.

    Data breachResolved
  506. Synthient Stealer Log Threat Data data breach (2025)

    During 2025, Synthient aggregated billions of records of "threat data" from various internet sources. The data contained 183M unique email addresses alongside the websites they were entered into and the passwords used.

    Data breachResolved
  507. The Study ransomware attack (Play, 2025)

    The Study was named on the Play ransomware data-leak (extortion) site on 2025-04-11.

    RansomwareUnknown
  508. 3P Corporation ransomware attack (Spacebears, 2025)

    3P Corporation was named on the Spacebears ransomware data-leak (extortion) site on 2025-04-10.

    RansomwareUnknown
  509. Bonick Landscaping ransomware attack (Play, 2025)

    Bonick Landscaping was named on the Play ransomware data-leak (extortion) site on 2025-04-10.

    RansomwareUnknown
  510. Cane Creek Cycling Components ransomware attack (Play, 2025)

    Cane Creek Cycling Components was named on the Play ransomware data-leak (extortion) site on 2025-04-10.

    RansomwareUnknown
  511. chesterfieldtwp.org ransomware attack (Incransom, 2025)

    chesterfieldtwp.org was named on the Incransom ransomware data-leak (extortion) site on 2025-04-10.

    RansomwareUnknown
  512. finetech.de ransomware attack (Incransom, 2025)

    finetech.de was named on the Incransom ransomware data-leak (extortion) site on 2025-04-10.

    RansomwareUnknown
  513. inspec-international.com ransomware attack (Incransom, 2025)

    inspec-international.com was named on the Incransom ransomware data-leak (extortion) site on 2025-04-10.

    RansomwareUnknown
  514. silocaf.com ransomware attack (Incransom, 2025)

    silocaf.com was named on the Incransom ransomware data-leak (extortion) site on 2025-04-10.

    RansomwareUnknown
  515. ccso2014.local(sheriffs) ransomware attack (Incransom, 2025)

    ccso2014.local(sheriffs) was named on the Incransom ransomware data-leak (extortion) site on 2025-04-09.

    RansomwareUnknown
  516. gramoll.com ransomware attack (Lynx, 2025)

    gramoll.com was named on the Lynx ransomware data-leak (extortion) site on 2025-04-09.

    RansomwareUnknown
  517. Morocco CNSS social security data leak

    A hacktivist using the alias Jabaroot leaked more than 53,000 PDF files and CSV databases from Morocco's National Social Security Fund, exposing national ID numbers, salaries, and banking details for nearly 2 million employees across some 500,000 companies.

  518. Coop57 ransomware attack (Incransom, 2025)

    Coop57 was named on the Incransom ransomware data-leak (extortion) site on 2025-04-08.

    RansomwareUnknown
  519. crystal-d.com ransomware attack (LockBit, 2025)

    crystal-d.com was named on the LockBit ransomware data-leak (extortion) site on 2025-04-08.

    RansomwareUnknown
  520. https://www.thirdave.com ransomware attack (Metaencryptor, 2025)

    https://www.thirdave.com was named on the Metaencryptor ransomware data-leak (extortion) site on 2025-04-08.

    RansomwareUnknown
  521. physiciansmedicalbilling.net ransomware attack (LockBit, 2025)

    physiciansmedicalbilling.net was named on the LockBit ransomware data-leak (extortion) site on 2025-04-08.

    RansomwareUnknown
  522. RFMS, Inc. ransomware attack (Kairos, 2025)

    RFMS, Inc. was named on the Kairos ransomware data-leak (extortion) site on 2025-04-08.

    RansomwareUnknown
  523. shengyusteel.com ransomware attack (Underground, 2025)

    shengyusteel.com was named on the Underground ransomware data-leak (extortion) site on 2025-04-08.

    RansomwareUnknown
  524. Thiekon Constructie ransomware attack (Incransom, 2025)

    Thiekon Constructie was named on the Incransom ransomware data-leak (extortion) site on 2025-04-08.

    RansomwareUnknown
  525. [DISCLOSED]Cell C ransomware attack (Ransomhouse, 2025)

    [DISCLOSED]Cell C was named on the Ransomhouse ransomware data-leak (extortion) site on 2025-04-07.

    RansomwareUnknown
  526. Galesburg Area Chamber of Commerce ransomware attack (Kairos, 2025)

    Galesburg Area Chamber of Commerce was named on the Kairos ransomware data-leak (extortion) site on 2025-04-07.

    RansomwareUnknown
  527. IDS Infotech ransomware attack (Hunters International, 2025)

    IDS Infotech was named on the Hunters International ransomware data-leak (extortion) site on 2025-04-07.

    RansomwareUnknown
  528. Telecontrol ransomware attack (Ransomhouse, 2025)

    Telecontrol was named on the Ransomhouse ransomware data-leak (extortion) site on 2025-04-07.

    RansomwareUnknown
  529. asiapacificex.com ransomware attack (LockBit, 2025)

    asiapacificex.com was named on the LockBit ransomware data-leak (extortion) site on 2025-04-06.

    RansomwareUnknown
  530. graphiquedefrance.com ransomware attack (LockBit, 2025)

    graphiquedefrance.com was named on the LockBit ransomware data-leak (extortion) site on 2025-04-06.

    RansomwareUnknown
  531. Groupe Delcourt ransomware attack (Hunters International, 2025)

    Groupe Delcourt was named on the Hunters International ransomware data-leak (extortion) site on 2025-04-06.

    RansomwareUnknown
  532. grupotersa.com.mx ransomware attack (LockBit, 2025)

    grupotersa.com.mx was named on the LockBit ransomware data-leak (extortion) site on 2025-04-06.

    RansomwareUnknown
  533. Hofmann Fördertechnik GmbH ransomware attack (Hunters International, 2025)

    Hofmann Fördertechnik GmbH was named on the Hunters International ransomware data-leak (extortion) site on 2025-04-06.

    RansomwareUnknown
  534. Swiss Capitals Group ransomware attack (Rhysida, 2025)

    Swiss Capitals Group was named on the Rhysida ransomware data-leak (extortion) site on 2025-04-06.

    RansomwareUnknown
  535. ABITL Finishing ransomware attack (Play, 2025)

    ABITL Finishing was named on the Play ransomware data-leak (extortion) site on 2025-04-05.

    RansomwareUnknown
  536. Baltimore Steel Erectors ransomware attack (Play, 2025)

    Baltimore Steel Erectors was named on the Play ransomware data-leak (extortion) site on 2025-04-05.

    RansomwareUnknown
  537. Blackmon Mooring ransomware attack (Hunters International, 2025)

    Blackmon Mooring was named on the Hunters International ransomware data-leak (extortion) site on 2025-04-05.

    RansomwareUnknown
  538. Csm Engineering ransomware attack (Play, 2025)

    Csm Engineering was named on the Play ransomware data-leak (extortion) site on 2025-04-05.

    RansomwareUnknown
  539. Hawk Technology ransomware attack (Play, 2025)

    Hawk Technology was named on the Play ransomware data-leak (extortion) site on 2025-04-05.

    RansomwareUnknown
  540. https://www.mmwec.org ransomware attack (BlackSuit, 2025)

    https://www.mmwec.org was named on the BlackSuit ransomware data-leak (extortion) site on 2025-04-05.

    RansomwareUnknown
  541. Industrial Corona de México ransomware attack (Spacebears, 2025)

    Industrial Corona de México was named on the Spacebears ransomware data-leak (extortion) site on 2025-04-05.

    RansomwareUnknown
  542. L&S Mechanical (Reuploaded) ransomware attack (Spacebears, 2025)

    L&S Mechanical (Reuploaded) was named on the Spacebears ransomware data-leak (extortion) site on 2025-04-05.

    RansomwareUnknown
  543. Nexia Poyiadjis IT ransomware attack (Hunters International, 2025)

    Nexia Poyiadjis IT was named on the Hunters International ransomware data-leak (extortion) site on 2025-04-05.

    RansomwareUnknown
  544. TEDOM ransomware attack (Hunters International, 2025)

    TEDOM was named on the Hunters International ransomware data-leak (extortion) site on 2025-04-05.

    RansomwareUnknown
  545. Fraser Trebilcock ransomware attack (Play, 2025)

    Fraser Trebilcock was named on the Play ransomware data-leak (extortion) site on 2025-04-04.

    RansomwareUnknown
  546. National Sign corp ransomware attack (Hunters International, 2025)

    National Sign corp was named on the Hunters International ransomware data-leak (extortion) site on 2025-04-04.

    RansomwareUnknown
  547. Royal Glass ransomware attack (Play, 2025)

    Royal Glass was named on the Play ransomware data-leak (extortion) site on 2025-04-04.

    RansomwareUnknown
  548. Sansone Group ransomware attack (Hunters International, 2025)

    Sansone Group was named on the Hunters International ransomware data-leak (extortion) site on 2025-04-04.

    RansomwareUnknown
  549. Alton Steel ransomware attack (Lynx, 2025)

    Alton Steel was named on the Lynx ransomware data-leak (extortion) site on 2025-04-03.

    RansomwareUnknown
  550. Hop Industries ransomware attack (Play, 2025)

    Hop Industries was named on the Play ransomware data-leak (extortion) site on 2025-04-03.

    RansomwareUnknown
  551. Lifebreath ransomware attack (Play, 2025)

    Lifebreath was named on the Play ransomware data-leak (extortion) site on 2025-04-03.

    RansomwareUnknown
  552. OTA Management ransomware attack (Play, 2025)

    OTA Management was named on the Play ransomware data-leak (extortion) site on 2025-04-03.

    RansomwareUnknown
  553. Parvin-Clauss Sign Company ransomware attack (Play, 2025)

    Parvin-Clauss Sign Company was named on the Play ransomware data-leak (extortion) site on 2025-04-03.

    RansomwareUnknown
  554. Regionale Verkehrsbetriebe ransomware attack (Play, 2025)

    Regionale Verkehrsbetriebe was named on the Play ransomware data-leak (extortion) site on 2025-04-03.

    RansomwareUnknown
  555. A little gift of exclusive data for everyone ransomware attack (Daixin, 2025)

    A little gift of exclusive data for everyone was named on the Daixin ransomware data-leak (extortion) site on 2025-04-02.

    RansomwareUnknown
  556. Clarity Ventures ransomware attack (Rhysida, 2025)

    Clarity Ventures was named on the Rhysida ransomware data-leak (extortion) site on 2025-04-02.

    RansomwareUnknown
  557. crownlaboratories.com ransomware attack (Abyss, 2025)

    crownlaboratories.com was named on the Abyss ransomware data-leak (extortion) site on 2025-04-02.

    RansomwareUnknown
  558. Fulfillment Plus ransomware attack (Play, 2025)

    Fulfillment Plus was named on the Play ransomware data-leak (extortion) site on 2025-04-02.

    RansomwareUnknown
  559. The Hoff Brand SL Data Leak ransomware attack (Everest, 2025)

    The Hoff Brand SL Data Leak was named on the Everest ransomware data-leak (extortion) site on 2025-04-02.

    RansomwareUnknown
  560. delta-life.com ransomware attack (RansomHub, 2025)

    delta-life.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-04-01.

    RansomwareUnknown
  561. europtec.com ransomware attack (RansomHub, 2025)

    europtec.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-04-01.

    RansomwareUnknown
  562. intellioan.com ransomware attack (RansomHub, 2025)

    intellioan.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-04-01.

    RansomwareUnknown
  563. Leak at Reporterre

    A data leak disclosed on 1 April 2025 exposed personal contact details of people associated with Reporterre, the French independent environmental news outlet, including last names, first names, email addresses and postal addresses.

  564. State's Attorney Office ransomware attack (Kairos, 2025)

    State's Attorney Office was named on the Kairos ransomware data-leak (extortion) site on 2025-04-01.

    RansomwareUnknown
  565. The Loretto Hospital ransomware attack (Incransom, 2025)

    The Loretto Hospital was named on the Incransom ransomware data-leak (extortion) site on 2025-04-01.

    RansomwareUnknown
  566. CMC Technology Group ransomware attack (BianLian, 2025)

    CMC Technology Group was named on the BianLian ransomware data-leak (extortion) site on 2025-03-31.

    RansomwareUnknown
  567. Meridian Senior ransomware attack (BianLian, 2025)

    Meridian Senior was named on the BianLian ransomware data-leak (extortion) site on 2025-03-31.

    RansomwareUnknown
  568. Saunders and Saunders ransomware attack (BianLian, 2025)

    Saunders and Saunders was named on the BianLian ransomware data-leak (extortion) site on 2025-03-31.

    RansomwareUnknown
  569. SIRIUS S.R.L. ransomware attack (Nitrogen, 2025)

    SIRIUS S.R.L. was named on the Nitrogen ransomware data-leak (extortion) site on 2025-03-31.

    RansomwareUnknown
  570. Sonrisas Dental Health ransomware attack (BianLian, 2025)

    Sonrisas Dental Health was named on the BianLian ransomware data-leak (extortion) site on 2025-03-31.

    RansomwareUnknown
  571. test1234.com ransomware attack (LockBit, 2025)

    test1234.com was named on the LockBit ransomware data-leak (extortion) site on 2025-03-31.

    RansomwareUnknown
  572. Samsung Germany Customer Tickets data breach (2025)

    In March 2025, data from Samsung Germany was compromised in a data breach of their logistics provider, Spectos. Allegedly due to credentials being obtained by malware running on a Spectos employee's machine, the breach included 216k unique email addresses along with names, physical addresses, items…

  573. www.assisi.nl ransomware attack (RansomHub, 2025)

    www.assisi.nl was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-30.

    RansomwareUnknown
  574. AJF Inspections & Engineering () ransomware attack (Lynx, 2025)

    AJF Inspections & Engineering () was named on the Lynx ransomware data-leak (extortion) site on 2025-03-29.

    RansomwareUnknown
  575. Amatech ransomware attack (Lynx, 2025)

    Amatech was named on the Lynx ransomware data-leak (extortion) site on 2025-03-29.

    RansomwareUnknown
  576. bahnlog.com ransomware attack (Incransom, 2025)

    bahnlog.com was named on the Incransom ransomware data-leak (extortion) site on 2025-03-29.

    RansomwareUnknown
  577. Commercial Concrete Systems ransomware attack (Lynx, 2025)

    Commercial Concrete Systems was named on the Lynx ransomware data-leak (extortion) site on 2025-03-29.

    RansomwareUnknown
  578. Forrest City School District ransomware attack (Rhysida, 2025)

    Forrest City School District was named on the Rhysida ransomware data-leak (extortion) site on 2025-03-29.

    RansomwareUnknown
  579. importantsteps.com ransomware attack (Incransom, 2025)

    importantsteps.com was named on the Incransom ransomware data-leak (extortion) site on 2025-03-29.

    RansomwareUnknown
  580. Martin Mechanical (martin.local) ransomware attack (Lynx, 2025)

    Martin Mechanical (martin.local) was named on the Lynx ransomware data-leak (extortion) site on 2025-03-29.

    RansomwareUnknown
  581. Pacific Residential Mortgage ransomware attack (Lynx, 2025)

    Pacific Residential Mortgage was named on the Lynx ransomware data-leak (extortion) site on 2025-03-29.

    RansomwareUnknown
  582. Senior Support Services ransomware attack (Rhysida, 2025)

    Senior Support Services was named on the Rhysida ransomware data-leak (extortion) site on 2025-03-29.

    RansomwareUnknown
  583. Solar Optimum ransomware attack (Lynx, 2025)

    Solar Optimum was named on the Lynx ransomware data-leak (extortion) site on 2025-03-29.

    RansomwareUnknown
  584. solaroptimum.com ransomware attack (Lynx, 2025)

    solaroptimum.com was named on the Lynx ransomware data-leak (extortion) site on 2025-03-29.

    RansomwareUnknown
  585. amatechinc.com ransomware attack (Lynx, 2025)

    amatechinc.com was named on the Lynx ransomware data-leak (extortion) site on 2025-03-28.

    RansomwareUnknown
  586. augustssons.se ransomware attack (Incransom, 2025)

    augustssons.se was named on the Incransom ransomware data-leak (extortion) site on 2025-03-28.

    RansomwareUnknown
  587. Direct Traffic Control ransomware attack (Lynx, 2025)

    Direct Traffic Control was named on the Lynx ransomware data-leak (extortion) site on 2025-03-28.

    RansomwareUnknown
  588. entandallergy.com ransomware attack (Abyss, 2025)

    entandallergy.com was named on the Abyss ransomware data-leak (extortion) site on 2025-03-28.

    RansomwareUnknown
  589. Leak at MAIF & BPCE

    A ransomware attack on French wealth-management software vendor Harvest (Run Some Wares group, detected 27 Feb 2025) exposed personal and financial data of customers of insurer MAIF and banking group BPCE (Banque Populaire / Caisse d'Épargne) in a supply-chain breach.

  590. phaus.us&phakr.com&phabodysystems.com ransomware attack (RansomHub, 2025)

    phaus.us&phakr.com&phabodysystems.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-28.

    RansomwareUnknown
  591. W*******w.com ransomware attack (Flocker, 2025)

    W*******w.com was named on the Flocker ransomware data-leak (extortion) site on 2025-03-28.

    RansomwareUnknown
  592. www.bassi.it ransomware attack (RansomHub, 2025)

    www.bassi.it was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-28.

    RansomwareUnknown
  593. www.solventacentroamerica.com ransomware attack (RansomHub, 2025)

    www.solventacentroamerica.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-28.

    RansomwareUnknown
  594. brattenelectrictn.com ransomware attack (RansomHub, 2025)

    brattenelectrictn.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-27.

    RansomwareUnknown
  595. City of Fort St. John (city.cityfsj.local) ransomware attack (Incransom, 2025)

    City of Fort St. John (city.cityfsj.local) was named on the Incransom ransomware data-leak (extortion) site on 2025-03-27.

    RansomwareUnknown
  596. conterra.com ransomware attack (RansomHub, 2025)

    conterra.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-27.

    RansomwareUnknown
  597. German Doner Kebab data breach (2025)

    In March 2025, data allegedly sourced from German Doner Kebab was published on a popular hacking forum. The data included 162k unique email addresses alongside names, phone numbers and physical addresses. German Doner Kebab subsequently sent a disclosure notice to impacted individuals.

    Data breachResolved
  598. NEW JERSEY CPA ransomware attack (Ransomhouse, 2025)

    NEW JERSEY CPA was named on the Ransomhouse ransomware data-leak (extortion) site on 2025-03-27.

    RansomwareUnknown
  599. Leak at Oracle Cloud

    In late March 2025, a threat actor known as 'rose87168' claimed to have stolen roughly 6 million authentication records from an Oracle Cloud SSO/LDAP endpoint, potentially affecting over 140,000 tenants; Oracle initially denied any breach before privately confirming a compromise to customers.

  600. www.allmilmoe.com ransomware attack (RansomHub, 2025)

    www.allmilmoe.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-27.

    RansomwareUnknown
  601. www.carolinaac.com ransomware attack (RansomHub, 2025)

    www.carolinaac.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-27.

    RansomwareUnknown
  602. www.DSelectrical.com ransomware attack (RansomHub, 2025)

    www.DSelectrical.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-27.

    RansomwareUnknown
  603. www.garbinc.com ransomware attack (RansomHub, 2025)

    www.garbinc.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-27.

    RansomwareUnknown
  604. www.hongthongrice.com ransomware attack (RansomHub, 2025)

    www.hongthongrice.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-27.

    RansomwareUnknown
  605. www.s3s.com ransomware attack (RansomHub, 2025)

    www.s3s.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-27.

    RansomwareUnknown
  606. www.solidworld.it ransomware attack (RansomHub, 2025)

    www.solidworld.it was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-27.

    RansomwareUnknown
  607. Leak at Centrale Nantes

    On 26 March 2025, internal data from Centrale Nantes, a French public engineering grande école, was reported leaked, including private reports and projects, user logins with password hashes, source code, and administrative documents.

  608. Concord Orthopaedics Data Leak ransomware attack (Everest, 2025)

    Concord Orthopaedics Data Leak was named on the Everest ransomware data-leak (extortion) site on 2025-03-26.

    RansomwareUnknown
  609. Genie Healthcare Data Leak ransomware attack (Everest, 2025)

    Genie Healthcare Data Leak was named on the Everest ransomware data-leak (extortion) site on 2025-03-26.

    RansomwareUnknown
  610. TehetségKapu data breach (2025)

    In March 2025, almost 55k records were breached from the Hungarian education office website TehetségKapu. The data was subsequently published to a popular hacking forum and included email addresses, names and usernames.

  611. TriCity Family Services ransomware attack (Incransom, 2025)

    TriCity Family Services was named on the Incransom ransomware data-leak (extortion) site on 2025-03-26.

    RansomwareUnknown
  612. usCalibration ransomware attack (Play, 2025)

    usCalibration was named on the Play ransomware data-leak (extortion) site on 2025-03-26.

    RansomwareUnknown
  613. www.afnigc.ca ransomware attack (RansomHub, 2025)

    www.afnigc.ca was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-26.

    RansomwareUnknown
  614. www.argentosc.com ransomware attack (RansomHub, 2025)

    www.argentosc.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-26.

    RansomwareUnknown
  615. www.cormidom.com.do ransomware attack (RansomHub, 2025)

    www.cormidom.com.do was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-26.

    RansomwareUnknown
  616. www.creativelogisticservices.com ransomware attack (RansomHub, 2025)

    www.creativelogisticservices.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-26.

    RansomwareUnknown
  617. www.fkm-elemente.de ransomware attack (RansomHub, 2025)

    www.fkm-elemente.de was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-26.

    RansomwareUnknown
  618. www.lions-online.org ransomware attack (RansomHub, 2025)

    www.lions-online.org was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-26.

    RansomwareUnknown
  619. www.mododoc.com ransomware attack (RansomHub, 2025)

    www.mododoc.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-26.

    RansomwareUnknown
  620. www.ripplejunction.com ransomware attack (RansomHub, 2025)

    www.ripplejunction.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-26.

    RansomwareUnknown
  621. B&C Industries ransomware attack (Play, 2025)

    B&C Industries was named on the Play ransomware data-leak (extortion) site on 2025-03-25.

    RansomwareUnknown
  622. bioclimaservice.it ransomware attack (LockBit, 2025)

    bioclimaservice.it was named on the LockBit ransomware data-leak (extortion) site on 2025-03-25.

    RansomwareUnknown
  623. Leak at Cerballiance

    In late March 2025, French medical-laboratory network Cerballiance disclosed a data breach traced to a February intrusion on an IT provider's server, exposing administrative and some health data of patients in the PACA region, including names, social security numbers and certain test reports.

  624. cisd.org ransomware attack (RansomHub, 2025)

    cisd.org was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-25.

    RansomwareUnknown
  625. fepasa.com.ar ransomware attack (LockBit, 2025)

    fepasa.com.ar was named on the LockBit ransomware data-leak (extortion) site on 2025-03-25.

    RansomwareUnknown
  626. Kimco Steel ransomware attack (Play, 2025)

    Kimco Steel was named on the Play ransomware data-leak (extortion) site on 2025-03-25.

    RansomwareUnknown
  627. mnm.hu ransomware attack (RansomHub, 2025)

    mnm.hu was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-25.

    RansomwareUnknown
  628. Okeene Elementary School ransomware attack (Rhysida, 2025)

    Okeene Elementary School was named on the Rhysida ransomware data-leak (extortion) site on 2025-03-25.

    RansomwareUnknown
  629. OMLTD.CO.JP ransomware attack (RansomHub, 2025)

    OMLTD.CO.JP was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-25.

    RansomwareUnknown
  630. ossc.com.mx ransomware attack (LockBit, 2025)

    ossc.com.mx was named on the LockBit ransomware data-leak (extortion) site on 2025-03-25.

    RansomwareUnknown
  631. technicare.com ransomware attack (RansomHub, 2025)

    technicare.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-25.

    RansomwareUnknown
  632. texascompressionservices.com ransomware attack (RansomHub, 2025)

    texascompressionservices.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-25.

    RansomwareUnknown
  633. Troy Hunt's Mailchimp List data breach (2025)

    In March 2025, a phishing attack successfully gained access to Troy Hunt's Mailchimp account and automatically exported a list of people who had subscribed to the newsletter for his personal blog.

    Data breachResolved
  634. www.rivaldt.com ransomware attack (RansomHub, 2025)

    www.rivaldt.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-25.

    RansomwareUnknown
  635. ADDA data breach (2025)

    In March 2025, data allegedly breached from the ADDA housing societies service was posted to a public hacking forum. The data contained over 1.8M unique email addresses along with names, phone numbers and MD5 password hashes.

    Data breachResolved
  636. allbiz.com ransomware attack (Incransom, 2025)

    allbiz.com was named on the Incransom ransomware data-leak (extortion) site on 2025-03-24.

    RansomwareUnknown
  637. Leak at Autosur & Diagnosur

    In March 2025, French vehicle-inspection network Autosur (Diagnosur brand) disclosed a breach exposing data on roughly 10.7 million customers — names, postal and email addresses, phone numbers, and detailed vehicle records including registration plates and VINs — later offered for sale online.

  638. Lupin Limited ransomware attack (Killsecurity, 2025)

    Lupin Limited was named on the Killsecurity ransomware data-leak (extortion) site on 2025-03-24.

    RansomwareUnknown
  639. TMT Clam Dredger ransomware attack (Incransom, 2025)

    TMT Clam Dredger was named on the Incransom ransomware data-leak (extortion) site on 2025-03-24.

    RansomwareUnknown
  640. www.exemplar.com ransomware attack (RansomHub, 2025)

    www.exemplar.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-24.

    RansomwareUnknown
  641. abeyor.fr ransomware attack (Incransom, 2025)

    abeyor.fr was named on the Incransom ransomware data-leak (extortion) site on 2025-03-23.

    RansomwareUnknown
  642. Goshen Medical Center ransomware attack (BianLian, 2025)

    Goshen Medical Center was named on the BianLian ransomware data-leak (extortion) site on 2025-03-23.

    RansomwareUnknown
  643. Precision Accounting Intl ransomware attack (Killsecurity, 2025)

    Precision Accounting Intl was named on the Killsecurity ransomware data-leak (extortion) site on 2025-03-23.

    RansomwareUnknown
  644. Doumen ransomware attack (Lynx, 2025)

    Doumen was named on the Lynx ransomware data-leak (extortion) site on 2025-03-22.

    RansomwareUnknown
  645. Innovative Surfaces ransomware attack (Killsecurity, 2025)

    Innovative Surfaces was named on the Killsecurity ransomware data-leak (extortion) site on 2025-03-22.

    RansomwareUnknown
  646. REOC San Antonio ransomware attack (Play, 2025)

    REOC San Antonio was named on the Play ransomware data-leak (extortion) site on 2025-03-22.

    RansomwareUnknown
  647. SPARSH Hospital ransomware attack (Killsecurity, 2025)

    SPARSH Hospital was named on the Killsecurity ransomware data-leak (extortion) site on 2025-03-22.

    RansomwareUnknown
  648. Zaveta Custom Homes ransomware attack (Play, 2025)

    Zaveta Custom Homes was named on the Play ransomware data-leak (extortion) site on 2025-03-22.

    RansomwareUnknown
  649. Cayman National Bank ransomware attack (Killsecurity, 2025)

    Cayman National Bank was named on the Killsecurity ransomware data-leak (extortion) site on 2025-03-21.

    RansomwareUnknown
  650. Cuties AI data breach (2025)

    In March 2026, the NSFW AI companion platform Cuties AI suffered a data breach that was subsequently published to a public hacking forum. The incident exposed 144k unique email addresses along with display names, avatars, prompts and descriptions used to generate AI adult images, as well as URLs to…

    Data breachResolved
  651. gbsn.com.br ransomware attack (RansomHub, 2025)

    gbsn.com.br was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-21.

    RansomwareUnknown
  652. https://www.orangeville.ca ransomware attack (BlackSuit, 2025)

    https://www.orangeville.ca was named on the BlackSuit ransomware data-leak (extortion) site on 2025-03-21.

    RansomwareUnknown
  653. Officio Medical ransomware attack (Killsecurity, 2025)

    Officio Medical was named on the Killsecurity ransomware data-leak (extortion) site on 2025-03-21.

    RansomwareUnknown
  654. www.abmenviro.ca ransomware attack (RansomHub, 2025)

    www.abmenviro.ca was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-21.

    RansomwareUnknown
  655. www.accessfinanceonline.com ransomware attack (RansomHub, 2025)

    www.accessfinanceonline.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-21.

    RansomwareUnknown
  656. www.ahmadiyya.ca ransomware attack (RansomHub, 2025)

    www.ahmadiyya.ca was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-21.

    RansomwareUnknown
  657. www.allstarhealthcaresolutions.com ransomware attack (RansomHub, 2025)

    www.allstarhealthcaresolutions.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-21.

    RansomwareUnknown
  658. www.avalonapparel.com ransomware attack (RansomHub, 2025)

    www.avalonapparel.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-21.

    RansomwareUnknown
  659. www.broadmoormethodist.org ransomware attack (RansomHub, 2025)

    www.broadmoormethodist.org was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-21.

    RansomwareUnknown
  660. www.core-1.com ransomware attack (RansomHub, 2025)

    www.core-1.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-21.

    RansomwareUnknown
  661. www.elizajennings.org ransomware attack (RansomHub, 2025)

    www.elizajennings.org was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-21.

    RansomwareUnknown
  662. www.engines.man.eu ransomware attack (RansomHub, 2025)

    www.engines.man.eu was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-21.

    RansomwareUnknown
  663. www.esquirebrands.com ransomware attack (RansomHub, 2025)

    www.esquirebrands.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-21.

    RansomwareUnknown
  664. www.gcsnet.com ransomware attack (RansomHub, 2025)

    www.gcsnet.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-21.

    RansomwareUnknown
  665. www.gestionquintessence.com ransomware attack (RansomHub, 2025)

    www.gestionquintessence.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-21.

    RansomwareUnknown
  666. www.mslglobalexp.com ransomware attack (RansomHub, 2025)

    www.mslglobalexp.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-21.

    RansomwareUnknown
  667. www.njcalwe.com ransomware attack (RansomHub, 2025)

    www.njcalwe.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-21.

    RansomwareUnknown
  668. www.oneupinnovations.com ransomware attack (RansomHub, 2025)

    www.oneupinnovations.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-21.

    RansomwareUnknown
  669. www.parklandmanufacturing.com ransomware attack (RansomHub, 2025)

    www.parklandmanufacturing.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-21.

    RansomwareUnknown
  670. www.scpautomation.com ransomware attack (RansomHub, 2025)

    www.scpautomation.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-21.

    RansomwareUnknown
  671. www.sinkdirect.com ransomware attack (RansomHub, 2025)

    www.sinkdirect.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-21.

    RansomwareUnknown
  672. www.solinst.com ransomware attack (RansomHub, 2025)

    www.solinst.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-21.

    RansomwareUnknown
  673. Cargills Bank ransomware attack (Hunters International, 2025)

    Cargills Bank was named on the Hunters International ransomware data-leak (extortion) site on 2025-03-20.

    RansomwareUnknown
  674. Leak at Éclaireuses et Éclaireurs de France

    On 20 March 2025, the French scouting and guiding association Éclaireuses et Éclaireurs de France had personal data on roughly 44,000 members exposed, including names, dates and places of birth, postal addresses, professions, emails and phone numbers.

  675. Instituto de Ojos ransomware attack (Killsecurity, 2025)

    Instituto de Ojos was named on the Killsecurity ransomware data-leak (extortion) site on 2025-03-20.

    RansomwareUnknown
  676. interiseworld.com ransomware attack (Killsecurity, 2025)

    interiseworld.com was named on the Killsecurity ransomware data-leak (extortion) site on 2025-03-20.

    RansomwareUnknown
  677. Leak at Intersport

    In March 2025, French sporting-goods retailer Intersport had data on roughly 3.4 million customers stolen via a compromised FTP server and put up for sale on BreachForums, exposing names, contact details, addresses, PayPal references and transaction history (no banking credentials).

  678. L&S Mechanical ransomware attack (Spacebears, 2025)

    L&S Mechanical was named on the Spacebears ransomware data-leak (extortion) site on 2025-03-20.

    RansomwareUnknown
  679. Megacentro ransomware attack (Hunters International, 2025)

    Megacentro was named on the Hunters International ransomware data-leak (extortion) site on 2025-03-20.

    RansomwareUnknown
  680. Newtown Friends School (newtownfriends.org) ransomware attack (FOG, 2025)

    Newtown Friends School (newtownfriends.org) was named on the FOG ransomware data-leak (extortion) site on 2025-03-20.

    RansomwareUnknown
  681. Obra Play ransomware attack (Killsecurity, 2025)

    Obra Play was named on the Killsecurity ransomware data-leak (extortion) site on 2025-03-20.

    RansomwareUnknown
  682. Whittaker & Company ransomware attack (Spacebears, 2025)

    Whittaker & Company was named on the Spacebears ransomware data-leak (extortion) site on 2025-03-20.

    RansomwareUnknown
  683. www.georgehay.co.uk ransomware attack (RansomHub, 2025)

    www.georgehay.co.uk was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-20.

    RansomwareUnknown
  684. www.janvier-labs.com ransomware attack (RansomHub, 2025)

    www.janvier-labs.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-20.

    RansomwareUnknown
  685. yano.tokyo ransomware attack (Blackout, 2025)

    yano.tokyo was named on the Blackout ransomware data-leak (extortion) site on 2025-03-20.

    RansomwareUnknown
  686. alphaoil.ca ransomware attack (Incransom, 2025)

    alphaoil.ca was named on the Incransom ransomware data-leak (extortion) site on 2025-03-19.

    RansomwareUnknown
  687. controlledair.com ransomware attack (RansomHub, 2025)

    controlledair.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-19.

    RansomwareUnknown
  688. Coopertruni ransomware attack (Arcusmedia, 2025)

    Coopertruni was named on the Arcusmedia ransomware data-leak (extortion) site on 2025-03-19.

    RansomwareUnknown
  689. Kiribati Government ransomware attack (Arcusmedia, 2025)

    Kiribati Government was named on the Arcusmedia ransomware data-leak (extortion) site on 2025-03-19.

    RansomwareUnknown
  690. newhollandwood.com ransomware attack (Incransom, 2025)

    newhollandwood.com was named on the Incransom ransomware data-leak (extortion) site on 2025-03-19.

    RansomwareUnknown
  691. Palomino Petroleum ransomware attack (Lynx, 2025)

    Palomino Petroleum was named on the Lynx ransomware data-leak (extortion) site on 2025-03-19.

    RansomwareUnknown
  692. Q railing ransomware attack (Play, 2025)

    Q railing was named on the Play ransomware data-leak (extortion) site on 2025-03-19.

    RansomwareUnknown
  693. THX Transport ransomware attack (Arcusmedia, 2025)

    THX Transport was named on the Arcusmedia ransomware data-leak (extortion) site on 2025-03-19.

    RansomwareUnknown
  694. warmsworth.doncaster.sch.uk ransomware attack (Incransom, 2025)

    warmsworth.doncaster.sch.uk was named on the Incransom ransomware data-leak (extortion) site on 2025-03-19.

    RansomwareUnknown
  695. 51talk.com ransomware attack (LockBit, 2025)

    51talk.com was named on the LockBit ransomware data-leak (extortion) site on 2025-03-18.

    RansomwareUnknown
  696. airtelligence.com ransomware attack (Incransom, 2025)

    airtelligence.com was named on the Incransom ransomware data-leak (extortion) site on 2025-03-18.

    RansomwareUnknown
  697. AMICIO ransomware attack (Lynx, 2025)

    AMICIO was named on the Lynx ransomware data-leak (extortion) site on 2025-03-18.

    RansomwareUnknown
  698. CD ransomware attack (Monti, 2025)

    CD was named on the Monti ransomware data-leak (extortion) site on 2025-03-18.

    RansomwareUnknown
  699. Leak at Direct Assurance

    In March 2025, French direct insurer Direct Assurance (an AXA subsidiary) suffered a breach via its partner Run Assurance: attackers exploited a flaw in the data exchanges between the two firms to access customer personal data, raising identity-theft and phishing risks.

  700. expertdata.com.au ransomware attack (Incransom, 2025)

    expertdata.com.au was named on the Incransom ransomware data-leak (extortion) site on 2025-03-18.

    RansomwareUnknown
  701. gaertnerhof-jeutter.de ransomware attack (Incransom, 2025)

    gaertnerhof-jeutter.de was named on the Incransom ransomware data-leak (extortion) site on 2025-03-18.

    RansomwareUnknown
  702. Gloria Cales ransomware attack (Monti, 2025)

    Gloria Cales was named on the Monti ransomware data-leak (extortion) site on 2025-03-18.

    RansomwareUnknown
  703. Harcourts Prime Properties ransomware attack (Killsecurity, 2025)

    Harcourts Prime Properties was named on the Killsecurity ransomware data-leak (extortion) site on 2025-03-18.

    RansomwareUnknown
  704. Ted Hosmer Enterprises ransomware attack (Rhysida, 2025)

    Ted Hosmer Enterprises was named on the Rhysida ransomware data-leak (extortion) site on 2025-03-18.

    RansomwareUnknown
  705. assaabloy.com\$14.4B\Sweden\229GB\<1% DISCLOSED ransomware attack (Cactus, 2025)

    assaabloy.com\$14.4B\Sweden\229GB\<1% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-03-17.

    RansomwareUnknown
  706. baillie.com\$130.5M\USA\52GB\100% DISCLOSED ransomware attack (Cactus, 2025)

    baillie.com\$130.5M\USA\52GB\100% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-03-17.

    RansomwareUnknown
  707. bluedge.com\$104.5M\USA\994GB\100% DISCLOSED ransomware attack (Cactus, 2025)

    bluedge.com\$104.5M\USA\994GB\100% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-03-17.

    RansomwareUnknown
  708. CableVision ransomware attack (Hunters International, 2025)

    CableVision was named on the Hunters International ransomware data-leak (extortion) site on 2025-03-17.

    RansomwareUnknown
  709. ccktech.com ransomware attack (RansomHub, 2025)

    ccktech.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-17.

    RansomwareUnknown
  710. kyb.com\$600.5M\USA\1.8TB\<1% DISCLOSED ransomware attack (Cactus, 2025)

    kyb.com\$600.5M\USA\1.8TB\<1% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-03-17.

    RansomwareUnknown
  711. oneill.com ransomware attack (RansomHub, 2025)

    oneill.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-17.

    RansomwareUnknown
  712. RAE (Real Academia Española) (rae.es) ransomware attack (FOG, 2025)

    RAE (Real Academia Española) (rae.es) was named on the FOG ransomware data-leak (extortion) site on 2025-03-17.

    RansomwareUnknown
  713. rocketstores.com\$738.9M\USA\3.2TB\100% DISCLOSED ransomware attack (Cactus, 2025)

    rocketstores.com\$738.9M\USA\3.2TB\100% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-03-17.

    RansomwareUnknown
  714. tempel.com\$628.7M\USA\111GB\100% DISCLOSED ransomware attack (Cactus, 2025)

    tempel.com\$628.7M\USA\111GB\100% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-03-17.

    RansomwareUnknown
  715. thermoid.com\$183.2M\USA\199GB\100% DISCLOSED ransomware attack (Cactus, 2025)

    thermoid.com\$183.2M\USA\199GB\100% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-03-17.

    RansomwareUnknown
  716. urban1.com\$460.3M\USA\2.5TB\100% DISCLOSED ransomware attack (Cactus, 2025)

    urban1.com\$460.3M\USA\2.5TB\100% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-03-17.

    RansomwareUnknown
  717. www.baxterlaboratories.com ransomware attack (RansomHub, 2025)

    www.baxterlaboratories.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-17.

    RansomwareUnknown
  718. www.jhayber.com ransomware attack (RansomHub, 2025)

    www.jhayber.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-17.

    RansomwareUnknown
  719. Courageous Home Care ransomware attack (Hunters International, 2025)

    Courageous Home Care was named on the Hunters International ransomware data-leak (extortion) site on 2025-03-16.

    RansomwareUnknown
  720. www.ameda.com ransomware attack (RansomHub, 2025)

    www.ameda.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-16.

    RansomwareUnknown
  721. yeanshalle.de ransomware attack (Incransom, 2025)

    yeanshalle.de was named on the Incransom ransomware data-leak (extortion) site on 2025-03-15.

    RansomwareUnknown
  722. Bancroft Wines ransomware attack (Incransom, 2025)

    Bancroft Wines was named on the Incransom ransomware data-leak (extortion) site on 2025-03-14.

    RansomwareUnknown
  723. Casale Del Giglio ransomware attack (Orca, 2025)

    Casale Del Giglio was named on the Orca ransomware data-leak (extortion) site on 2025-03-14.

    RansomwareUnknown
  724. Fulcrum Lifting ransomware attack (Lynx, 2025)

    Fulcrum Lifting was named on the Lynx ransomware data-leak (extortion) site on 2025-03-14.

    RansomwareUnknown
  725. idcconstruction.com ransomware attack (RansomHub, 2025)

    idcconstruction.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-14.

    RansomwareUnknown
  726. Indiv Usa ransomware attack (Lynx, 2025)

    Indiv Usa was named on the Lynx ransomware data-leak (extortion) site on 2025-03-14.

    RansomwareUnknown
  727. jennyyoo.com ransomware attack (RansomHub, 2025)

    jennyyoo.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-14.

    RansomwareUnknown
  728. mdm-insurance.com ransomware attack (Abyss, 2025)

    mdm-insurance.com was named on the Abyss ransomware data-leak (extortion) site on 2025-03-14.

    RansomwareUnknown
  729. Perrigo Company ransomware attack (Termite, 2025)

    Perrigo Company was named on the Termite ransomware data-leak (extortion) site on 2025-03-14.

    RansomwareUnknown
  730. Tryon ransomware attack (Lynx, 2025)

    Tryon was named on the Lynx ransomware data-leak (extortion) site on 2025-03-14.

    RansomwareUnknown
  731. Backes ransomware attack (Play, 2025)

    Backes was named on the Play ransomware data-leak (extortion) site on 2025-03-13.

    RansomwareUnknown
  732. Best Cheer Stone ransomware attack (Play, 2025)

    Best Cheer Stone was named on the Play ransomware data-leak (extortion) site on 2025-03-13.

    RansomwareUnknown
  733. chfindustries.com\$253.8M\USA\2.5TB\100% DISCLOSED ransomware attack (Cactus, 2025)

    chfindustries.com\$253.8M\USA\2.5TB\100% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-03-13.

    RansomwareUnknown
  734. Cothron's Security Professionals ransomware attack (Rhysida, 2025)

    Cothron's Security Professionals was named on the Rhysida ransomware data-leak (extortion) site on 2025-03-13.

    RansomwareUnknown
  735. dtrglaw.com ransomware attack (RansomHub, 2025)

    dtrglaw.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-13.

    RansomwareUnknown
  736. fstlogistics.com ransomware attack (Lynx, 2025)

    fstlogistics.com was named on the Lynx ransomware data-leak (extortion) site on 2025-03-13.

    RansomwareUnknown
  737. Harrells.com ransomware attack (Lynx, 2025)

    Harrells.com was named on the Lynx ransomware data-leak (extortion) site on 2025-03-13.

    RansomwareUnknown
  738. Leak at Laforêt

    In March 2025, rental-application files held by French real estate network Laforêt were exposed, leaking tenants' identity documents and bank account details (RIB) along with the rest of their dossiers.

  739. muellersyste ransomware attack (LockBit, 2025)

    muellersyste was named on the LockBit ransomware data-leak (extortion) site on 2025-03-13.

    RansomwareUnknown
  740. rixos.com ransomware attack (Embargo, 2025)

    rixos.com was named on the Embargo ransomware data-leak (extortion) site on 2025-03-13.

    RansomwareUnknown
  741. SL Tennessee Information ransomware attack (Play, 2025)

    SL Tennessee Information was named on the Play ransomware data-leak (extortion) site on 2025-03-13.

    RansomwareUnknown
  742. University Diagnostic Medical Imaging, PC (udmi.net) ransomware attack (FOG, 2025)

    University Diagnostic Medical Imaging, PC (udmi.net) was named on the FOG ransomware data-leak (extortion) site on 2025-03-13.

    RansomwareUnknown
  743. www.raymond.in ransomware attack (RansomHub, 2025)

    www.raymond.in was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-13.

    RansomwareUnknown
  744. baillie.com\$130.5M\USA\52GB\<1% DISCLOSED ransomware attack (Cactus, 2025)

    baillie.com\$130.5M\USA\52GB\<1% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-03-12.

    RansomwareUnknown
  745. El Camino Real Academy (elcaminorealacademy) ransomware attack (FOG, 2025)

    El Camino Real Academy (elcaminorealacademy) was named on the FOG ransomware data-leak (extortion) site on 2025-03-12.

    RansomwareUnknown
  746. HYPERNOVA TELECOM ransomware attack (Arcusmedia, 2025)

    HYPERNOVA TELECOM was named on the Arcusmedia ransomware data-leak (extortion) site on 2025-03-12.

    RansomwareUnknown
  747. HYPONAMIRU ransomware attack (Arcusmedia, 2025)

    HYPONAMIRU was named on the Arcusmedia ransomware data-leak (extortion) site on 2025-03-12.

    RansomwareUnknown
  748. rocketstores.com\$738.9M\USA\3.2TB\<1% DISCLOSED ransomware attack (Cactus, 2025)

    rocketstores.com\$738.9M\USA\3.2TB\<1% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-03-12.

    RansomwareUnknown
  749. tempel.com\$628.7M\USA\111GB\<1% DISCLOSED ransomware attack (Cactus, 2025)

    tempel.com\$628.7M\USA\111GB\<1% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-03-12.

    RansomwareUnknown
  750. thermoid.com\$183.2M\USA\199GB\<1% DISCLOSED ransomware attack (Cactus, 2025)

    thermoid.com\$183.2M\USA\199GB\<1% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-03-12.

    RansomwareUnknown
  751. TUV India Pvt. Ltd. ransomware attack (Ransomhouse, 2025)

    TUV India Pvt. Ltd. was named on the Ransomhouse ransomware data-leak (extortion) site on 2025-03-12.

    RansomwareUnknown
  752. urban1.com\$460.3M\USA\2.5TB\<1% DISCLOSED ransomware attack (Cactus, 2025)

    urban1.com\$460.3M\USA\2.5TB\<1% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-03-12.

    RansomwareUnknown
  753. www.visualisation.one ransomware attack (RansomHub, 2025)

    www.visualisation.one was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-12.

    RansomwareUnknown
  754. ciscientific.com.au ransomware attack (Lynx, 2025)

    ciscientific.com.au was named on the Lynx ransomware data-leak (extortion) site on 2025-03-11.

    RansomwareUnknown
  755. Edesur Dominicana ransomware attack (Hunters International, 2025)

    Edesur Dominicana was named on the Hunters International ransomware data-leak (extortion) site on 2025-03-11.

    RansomwareUnknown
  756. Essex County OB/GYN Associates ransomware attack (Incransom, 2025)

    Essex County OB/GYN Associates was named on the Incransom ransomware data-leak (extortion) site on 2025-03-11.

    RansomwareUnknown
  757. Longue Vue Club ransomware attack (Lynx, 2025)

    Longue Vue Club was named on the Lynx ransomware data-leak (extortion) site on 2025-03-11.

    RansomwareUnknown
  758. quigleyeye.com\$33.6M\USA\3.4TB\100% DISCLOSED ransomware attack (Cactus, 2025)

    quigleyeye.com\$33.6M\USA\3.4TB\100% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-03-11.

    RansomwareUnknown
  759. Research Electronics International ransomware attack (Nitrogen, 2025)

    Research Electronics International was named on the Nitrogen ransomware data-leak (extortion) site on 2025-03-11.

    RansomwareUnknown
  760. Skyward Specialty Insurance ransomware attack (Killsecurity, 2025)

    Skyward Specialty Insurance was named on the Killsecurity ransomware data-leak (extortion) site on 2025-03-11.

    RansomwareUnknown
  761. Springfield Water and Sewer Commission ransomware attack (Lynx, 2025)

    Springfield Water and Sewer Commission was named on the Lynx ransomware data-leak (extortion) site on 2025-03-11.

    RansomwareUnknown
  762. Trymata ransomware attack (Killsecurity, 2025)

    Trymata was named on the Killsecurity ransomware data-leak (extortion) site on 2025-03-11.

    RansomwareUnknown
  763. Wilkinson Rogers (wilkinsonrogers.com) ransomware attack (FOG, 2025)

    Wilkinson Rogers (wilkinsonrogers.com) was named on the FOG ransomware data-leak (extortion) site on 2025-03-11.

    RansomwareUnknown
  764. wmk-hvb.de ransomware attack (Incransom, 2025)

    wmk-hvb.de was named on the Incransom ransomware data-leak (extortion) site on 2025-03-11.

    RansomwareUnknown
  765. aiibeauty.com\$274.8M\USA\508GB\100% DISCLOSED ransomware attack (Cactus, 2025)

    aiibeauty.com\$274.8M\USA\508GB\100% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-03-10.

    RansomwareUnknown
  766. amalgamatedsugar.com\$764.8 M\USA\464GB\100% DISCLOSED ransomware attack (Cactus, 2025)

    amalgamatedsugar.com\$764.8 M\USA\464GB\100% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-03-10.

    RansomwareUnknown
  767. caltrol.com\$296.3M\USA\224GB\100% DISCLOSED ransomware attack (Cactus, 2025)

    caltrol.com\$296.3M\USA\224GB\100% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-03-10.

    RansomwareUnknown
  768. dccsagroup.com&csahome.com ransomware attack (RansomHub, 2025)

    dccsagroup.com&csahome.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-10.

    RansomwareUnknown
  769. [DISCLOSED]Nationz Technologies Inc. ransomware attack (Ransomhouse, 2025)

    [DISCLOSED]Nationz Technologies Inc. was named on the Ransomhouse ransomware data-leak (extortion) site on 2025-03-10.

    RansomwareUnknown
  770. formanmills.com\$422.2M\USA\846GB\100% DISCLOSED ransomware attack (Cactus, 2025)

    formanmills.com\$422.2M\USA\846GB\100% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-03-10.

    RansomwareUnknown
  771. Fred Salvucci ransomware attack (Kairos, 2025)

    Fred Salvucci was named on the Kairos ransomware data-leak (extortion) site on 2025-03-10.

    RansomwareUnknown
  772. Magnolia Manor (magnoliamanor.com) ransomware attack (FOG, 2025)

    Magnolia Manor (magnoliamanor.com) was named on the FOG ransomware data-leak (extortion) site on 2025-03-10.

    RansomwareUnknown
  773. pace-usa.com\$134.4M\USA\65GB\100% DISCLOSED ransomware attack (Cactus, 2025)

    pace-usa.com\$134.4M\USA\65GB\100% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-03-10.

    RansomwareUnknown
  774. steelwarehouse.com\$570.3M\USA\679GB\100% DISCLOSED ransomware attack (Cactus, 2025)

    steelwarehouse.com\$570.3M\USA\679GB\100% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-03-10.

    RansomwareUnknown
  775. www.hexosys.com ransomware attack (RansomHub, 2025)

    www.hexosys.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-10.

    RansomwareUnknown
  776. ACTi Corporation ransomware attack (Lynx, 2025)

    ACTi Corporation was named on the Lynx ransomware data-leak (extortion) site on 2025-03-09.

    RansomwareUnknown
  777. baldaufarchitekten.de ransomware attack (Incransom, 2025)

    baldaufarchitekten.de was named on the Incransom ransomware data-leak (extortion) site on 2025-03-09.

    RansomwareUnknown
  778. BerksBar.org ransomware attack (Incransom, 2025)

    BerksBar.org was named on the Incransom ransomware data-leak (extortion) site on 2025-03-09.

    RansomwareUnknown
  779. British virgin islands London Office ransomware attack (Rhysida, 2025)

    British virgin islands London Office was named on the Rhysida ransomware data-leak (extortion) site on 2025-03-09.

    RansomwareUnknown
  780. Buckley BalaWilson Mew ransomware attack (Play, 2025)

    Buckley BalaWilson Mew was named on the Play ransomware data-leak (extortion) site on 2025-03-09.

    RansomwareUnknown
  781. Clawson Honda ransomware attack (Play, 2025)

    Clawson Honda was named on the Play ransomware data-leak (extortion) site on 2025-03-09.

    RansomwareUnknown
  782. Compound Solutions ransomware attack (Play, 2025)

    Compound Solutions was named on the Play ransomware data-leak (extortion) site on 2025-03-09.

    RansomwareUnknown
  783. Dectron ransomware attack (Play, 2025)

    Dectron was named on the Play ransomware data-leak (extortion) site on 2025-03-09.

    RansomwareUnknown
  784. emperors.edu ransomware attack (Incransom, 2025)

    emperors.edu was named on the Incransom ransomware data-leak (extortion) site on 2025-03-09.

    RansomwareUnknown
  785. Gevril ransomware attack (Play, 2025)

    Gevril was named on the Play ransomware data-leak (extortion) site on 2025-03-09.

    RansomwareUnknown
  786. Greenwood Village South GVS ransomware attack (Incransom, 2025)

    Greenwood Village South GVS was named on the Incransom ransomware data-leak (extortion) site on 2025-03-09.

    RansomwareUnknown
  787. Holiday Comfort ransomware attack (Play, 2025)

    Holiday Comfort was named on the Play ransomware data-leak (extortion) site on 2025-03-09.

    RansomwareUnknown
  788. Insider Technologies Limited ransomware attack (Embargo, 2025)

    Insider Technologies Limited was named on the Embargo ransomware data-leak (extortion) site on 2025-03-09.

    RansomwareUnknown
  789. Jerue Companies ransomware attack (Play, 2025)

    Jerue Companies was named on the Play ransomware data-leak (extortion) site on 2025-03-09.

    RansomwareUnknown
  790. Nor Arc ransomware attack (Play, 2025)

    Nor Arc was named on the Play ransomware data-leak (extortion) site on 2025-03-09.

    RansomwareUnknown
  791. Peak Season ransomware attack (Play, 2025)

    Peak Season was named on the Play ransomware data-leak (extortion) site on 2025-03-09.

    RansomwareUnknown
  792. Salemerode.com ransomware attack (Flocker, 2025)

    Salemerode.com was named on the Flocker ransomware data-leak (extortion) site on 2025-03-09.

    RansomwareUnknown
  793. State Bar of Texas (www.texasbar.com) ransomware attack (Incransom, 2025)

    State Bar of Texas (www.texasbar.com) was named on the Incransom ransomware data-leak (extortion) site on 2025-03-09.

    RansomwareUnknown
  794. Syma-System ransomware attack (Play, 2025)

    Syma-System was named on the Play ransomware data-leak (extortion) site on 2025-03-09.

    RansomwareUnknown
  795. T J Machine & Tool ransomware attack (Play, 2025)

    T J Machine & Tool was named on the Play ransomware data-leak (extortion) site on 2025-03-09.

    RansomwareUnknown
  796. williampevear.com ransomware attack (Incransom, 2025)

    williampevear.com was named on the Incransom ransomware data-leak (extortion) site on 2025-03-09.

    RansomwareUnknown
  797. wog-kaiserbaeder.de ransomware attack (Incransom, 2025)

    wog-kaiserbaeder.de was named on the Incransom ransomware data-leak (extortion) site on 2025-03-09.

    RansomwareUnknown
  798. Yorke & Curtis ransomware attack (Play, 2025)

    Yorke & Curtis was named on the Play ransomware data-leak (extortion) site on 2025-03-09.

    RansomwareUnknown
  799. mitchellmcnutt.com ransomware attack (RansomHub, 2025)

    mitchellmcnutt.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-08.

    RansomwareUnknown
  800. Tech NH ransomware attack (Lynx, 2025)

    Tech NH was named on the Lynx ransomware data-leak (extortion) site on 2025-03-08.

    RansomwareUnknown
  801. www.dcarosolutions.com ransomware attack (RansomHub, 2025)

    www.dcarosolutions.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-08.

    RansomwareUnknown
  802. www.jpwindustries.com ransomware attack (RansomHub, 2025)

    www.jpwindustries.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-08.

    RansomwareUnknown
  803. Yale New Haven Health data breach (2025)

    Suspicious network activity at Yale New Haven Health led to the largest U.S. healthcare data breach of 2025: 5.5 million patients had names, contact details, dates of birth, medical record numbers, and Social Security numbers stolen. The health system later agreed to an $18 million class-action settlement.

  804. ACDC Express ransomware attack (Lynx, 2025)

    ACDC Express was named on the Lynx ransomware data-leak (extortion) site on 2025-03-07.

    RansomwareUnknown
  805. Allworx ransomware attack (BianLian, 2025)

    Allworx was named on the BianLian ransomware data-leak (extortion) site on 2025-03-07.

    RansomwareUnknown
  806. alphabaking.com\$421.9M\USA\1TB\100% DISCLOSED ransomware attack (Cactus, 2025)

    alphabaking.com\$421.9M\USA\1TB\100% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-03-07.

    RansomwareUnknown
  807. associatedasset.com\$288M\USA\26GB\100% DISCLOSED ransomware attack (Cactus, 2025)

    associatedasset.com\$288M\USA\26GB\100% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-03-07.

    RansomwareUnknown
  808. bayvillage.org ransomware attack (RansomHub, 2025)

    bayvillage.org was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-07.

    RansomwareUnknown
  809. grede.com\$814.7M\USA\524GB\100% DISCLOSED ransomware attack (Cactus, 2025)

    grede.com\$814.7M\USA\524GB\100% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-03-07.

    RansomwareUnknown
  810. Island Realty ransomware attack (BianLian, 2025)

    Island Realty was named on the BianLian ransomware data-leak (extortion) site on 2025-03-07.

    RansomwareUnknown
  811. lofotenseafood.com ransomware attack (Lynx, 2025)

    lofotenseafood.com was named on the Lynx ransomware data-leak (extortion) site on 2025-03-07.

    RansomwareUnknown
  812. Minnesota Orthodontics ransomware attack (BianLian, 2025)

    Minnesota Orthodontics was named on the BianLian ransomware data-leak (extortion) site on 2025-03-07.

    RansomwareUnknown
  813. REYCOTEL ransomware attack (Arcusmedia, 2025)

    REYCOTEL was named on the Arcusmedia ransomware data-leak (extortion) site on 2025-03-07.

    RansomwareUnknown
  814. srmg.com.au ransomware attack (RansomHub, 2025)

    srmg.com.au was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-07.

    RansomwareUnknown
  815. total-ps.com ransomware attack (RansomHub, 2025)

    total-ps.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-07.

    RansomwareUnknown
  816. wheats.com ransomware attack (RansomHub, 2025)

    wheats.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-07.

    RansomwareUnknown
  817. Adval Tech ransomware attack (Lynx, 2025)

    Adval Tech was named on the Lynx ransomware data-leak (extortion) site on 2025-03-06.

    RansomwareUnknown
  818. agi.net ransomware attack (Monti, 2025)

    agi.net was named on the Monti ransomware data-leak (extortion) site on 2025-03-06.

    RansomwareUnknown
  819. Dynamic Closures ransomware attack (Lynx, 2025)

    Dynamic Closures was named on the Lynx ransomware data-leak (extortion) site on 2025-03-06.

    RansomwareUnknown
  820. electrocraft.com\$190.1M\USA\477GB\100% DISCLOSED ransomware attack (Cactus, 2025)

    electrocraft.com\$190.1M\USA\477GB\100% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-03-06.

    RansomwareUnknown
  821. hickorylaw.com ransomware attack (RansomHub, 2025)

    hickorylaw.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-06.

    RansomwareUnknown
  822. holtcat.com\$1B\USA\868GB\100% DISCLOSED ransomware attack (Cactus, 2025)

    holtcat.com\$1B\USA\868GB\100% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-03-06.

    RansomwareUnknown
  823. lovesac.com ransomware attack (RansomHub, 2025)

    lovesac.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-06.

    RansomwareUnknown
  824. Naples Heritage Golf & Country Club ransomware attack (Incransom, 2025)

    Naples Heritage Golf & Country Club was named on the Incransom ransomware data-leak (extortion) site on 2025-03-06.

    RansomwareUnknown
  825. Oberlin Cable Co-op (oberlin.net) ransomware attack (FOG, 2025)

    Oberlin Cable Co-op (oberlin.net) was named on the FOG ransomware data-leak (extortion) site on 2025-03-06.

    RansomwareUnknown
  826. stanleyconsultants.com\$190.5M\USA\388GB\100% DISCLOSED ransomware attack (Cactus, 2025)

    stanleyconsultants.com\$190.5M\USA\388GB\100% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-03-06.

    RansomwareUnknown
  827. Tugwell Pump & Supply ransomware attack (Lynx, 2025)

    Tugwell Pump & Supply was named on the Lynx ransomware data-leak (extortion) site on 2025-03-06.

    RansomwareUnknown
  828. WJCC Public Schools (wjccschools.org) ransomware attack (FOG, 2025)

    WJCC Public Schools (wjccschools.org) was named on the FOG ransomware data-leak (extortion) site on 2025-03-06.

    RansomwareUnknown
  829. www.centersheetmetal.com ransomware attack (RansomHub, 2025)

    www.centersheetmetal.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-06.

    RansomwareUnknown
  830. www.convention.qc.ca ransomware attack (RansomHub, 2025)

    www.convention.qc.ca was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-06.

    RansomwareUnknown
  831. www.hinton.ca ransomware attack (RansomHub, 2025)

    www.hinton.ca was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-06.

    RansomwareUnknown
  832. www.portlandschools.org ransomware attack (RansomHub, 2025)

    www.portlandschools.org was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-06.

    RansomwareUnknown
  833. Best Collateral, Inc. ransomware attack (Rhysida, 2025)

    Best Collateral, Inc. was named on the Rhysida ransomware data-leak (extortion) site on 2025-03-05.

    RansomwareUnknown
  834. Pervedant ransomware attack (Lynx, 2025)

    Pervedant was named on the Lynx ransomware data-leak (extortion) site on 2025-03-05.

    RansomwareUnknown
  835. Schmiedetechnik Plettenberg GmbH & Co KG ransomware attack (Lynx, 2025)

    Schmiedetechnik Plettenberg GmbH & Co KG was named on the Lynx ransomware data-leak (extortion) site on 2025-03-05.

    RansomwareUnknown
  836. SCOLARO FETTER GRIZANTI & McGOUGH, P.C. (scolaro.com) ransomware attack (FOG, 2025)

    SCOLARO FETTER GRIZANTI & McGOUGH, P.C. (scolaro.com) was named on the FOG ransomware data-leak (extortion) site on 2025-03-05.

    RansomwareUnknown
  837. The 19 biggest gitlabs ransomware attack (FOG, 2025)

    The 19 biggest gitlabs was named on the FOG ransomware data-leak (extortion) site on 2025-03-05.

    RansomwareUnknown
  838. USA Rice<br /> ransomware attack (Kairos, 2025)

    USA Rice<br /> was named on the Kairos ransomware data-leak (extortion) site on 2025-03-05.

    RansomwareUnknown
  839. Data leak at UTwin

    On 5 March 2025, French borrower-insurance broker UTwin notified clients that an intrusion into its IT system had temporarily exposed identity details, email addresses and phone numbers; the company said no banking, medical or contract data was affected.

  840. www.black-star.fr ransomware attack (RansomHub, 2025)

    www.black-star.fr was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-05.

    RansomwareUnknown
  841. www.cda.be ransomware attack (RansomHub, 2025)

    www.cda.be was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-05.

    RansomwareUnknown
  842. www.japanrebuilt.jp ransomware attack (RansomHub, 2025)

    www.japanrebuilt.jp was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-05.

    RansomwareUnknown
  843. www.sunsweet.com ransomware attack (RansomHub, 2025)

    www.sunsweet.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-05.

    RansomwareUnknown
  844. 365labs - Security Corp ransomware attack (Monti, 2025)

    365labs - Security Corp was named on the Monti ransomware data-leak (extortion) site on 2025-03-04.

    RansomwareUnknown
  845. Brien, Inc. ransomware attack (BianLian, 2025)

    Brien, Inc. was named on the BianLian ransomware data-leak (extortion) site on 2025-03-04.

    RansomwareUnknown
  846. Leak at Côté Sushi

    In March 2025, French sushi-delivery chain Côté Sushi had the personal data of roughly 1.1 million customers — names, dates of birth, emails and phone numbers — scraped from its loyalty/delivery database and offered for sale on a cybercrime forum.

  847. dsrny.com ransomware attack (RansomHub, 2025)

    dsrny.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-04.

    RansomwareUnknown
  848. Ewald Consulting ransomware attack (BianLian, 2025)

    Ewald Consulting was named on the BianLian ransomware data-leak (extortion) site on 2025-03-04.

    RansomwareUnknown
  849. Garner, P.C. ransomware attack (BianLian, 2025)

    Garner, P.C. was named on the BianLian ransomware data-leak (extortion) site on 2025-03-04.

    RansomwareUnknown
  850. goencon.com ransomware attack (RansomHub, 2025)

    goencon.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-04.

    RansomwareUnknown
  851. Grupo Baston Aerossol (baston.com.br) ransomware attack (FOG, 2025)

    Grupo Baston Aerossol (baston.com.br) was named on the FOG ransomware data-leak (extortion) site on 2025-03-04.

    RansomwareUnknown
  852. Keystone Pacific Property Management LLC ransomware attack (BianLian, 2025)

    Keystone Pacific Property Management LLC was named on the BianLian ransomware data-leak (extortion) site on 2025-03-04.

    RansomwareUnknown
  853. Leak at La Poste

    In March 2025, French postal operator La Poste disclosed a breach of its 'Élection du Timbre' platform exposing personal data of about 50,000 users — names, year of birth, email, phone and postal addresses — which was put up for sale online by an attacker.

  854. Layfield and Borel CPA's L.L.C ransomware attack (BianLian, 2025)

    Layfield and Borel CPA's L.L.C was named on the BianLian ransomware data-leak (extortion) site on 2025-03-04.

    RansomwareUnknown
  855. Legal Aid Society of Salt Lake ransomware attack (BianLian, 2025)

    Legal Aid Society of Salt Lake was named on the BianLian ransomware data-leak (extortion) site on 2025-03-04.

    RansomwareUnknown
  856. Pampili (pampili.com.br) ransomware attack (FOG, 2025)

    Pampili (pampili.com.br) was named on the FOG ransomware data-leak (extortion) site on 2025-03-04.

    RansomwareUnknown
  857. Phoenix ransomware attack (Monti, 2025)

    Phoenix was named on the Monti ransomware data-leak (extortion) site on 2025-03-04.

    RansomwareUnknown
  858. Seabank Group ransomware attack (Lynx, 2025)

    Seabank Group was named on the Lynx ransomware data-leak (extortion) site on 2025-03-04.

    RansomwareUnknown
  859. Tata Technologies ransomware attack (Hunters International, 2025)

    Tata Technologies was named on the Hunters International ransomware data-leak (extortion) site on 2025-03-04.

    RansomwareUnknown
  860. Wendy Wu Tours ransomware attack (Killsecurity, 2025)

    Wendy Wu Tours was named on the Killsecurity ransomware data-leak (extortion) site on 2025-03-04.

    RansomwareUnknown
  861. almostfamousclothing.com\$183M\USA\375GB\100% DISCLOSED ransomware attack (Cactus, 2025)

    almostfamousclothing.com\$183M\USA\375GB\100% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-03-03.

    RansomwareUnknown
  862. andreyevengineering.com ransomware attack (RansomHub, 2025)

    andreyevengineering.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-03.

    RansomwareUnknown
  863. Central McGowan (centralmcgowan.com) ransomware attack (FOG, 2025)

    Central McGowan (centralmcgowan.com) was named on the FOG ransomware data-leak (extortion) site on 2025-03-03.

    RansomwareUnknown
  864. ceratec.com ransomware attack (Abyss, 2025)

    ceratec.com was named on the Abyss ransomware data-leak (extortion) site on 2025-03-03.

    RansomwareUnknown
  865. everelgroup.com\$259M\Italy\440GB\100% DISCLOSED ransomware attack (Cactus, 2025)

    everelgroup.com\$259M\Italy\440GB\100% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-03-03.

    RansomwareUnknown
  866. familychc.com ransomware attack (RansomHub, 2025)

    familychc.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-03-03.

    RansomwareUnknown
  867. Grafitec ransomware attack (Arcusmedia, 2025)

    Grafitec was named on the Arcusmedia ransomware data-leak (extortion) site on 2025-03-03.

    RansomwareUnknown
  868. ICO ransomware attack (Arcusmedia, 2025)

    ICO was named on the Arcusmedia ransomware data-leak (extortion) site on 2025-03-03.

    RansomwareUnknown
  869. Itapeseg ransomware attack (Arcusmedia, 2025)

    Itapeseg was named on the Arcusmedia ransomware data-leak (extortion) site on 2025-03-03.

    RansomwareUnknown
  870. K**d.edu ransomware attack (Flocker, 2025)

    K**d.edu was named on the Flocker ransomware data-leak (extortion) site on 2025-03-03.

    RansomwareUnknown
  871. Klesk Metal Stamping Co (kleskmetalstamping.com) ransomware attack (FOG, 2025)

    Klesk Metal Stamping Co (kleskmetalstamping.com) was named on the FOG ransomware data-leak (extortion) site on 2025-03-03.

    RansomwareUnknown
  872. La Unión ransomware attack (Lynx, 2025)

    La Unión was named on the Lynx ransomware data-leak (extortion) site on 2025-03-03.

    RansomwareUnknown
  873. LINKGROUP ransomware attack (Arcusmedia, 2025)

    LINKGROUP was named on the Arcusmedia ransomware data-leak (extortion) site on 2025-03-03.

    RansomwareUnknown
  874. logic insectes ransomware attack (Arcusmedia, 2025)

    logic insectes was named on the Arcusmedia ransomware data-leak (extortion) site on 2025-03-03.

    RansomwareUnknown
  875. New .Gov ? ransomware attack (Arcusmedia, 2025)

    New .Gov ? was named on the Arcusmedia ransomware data-leak (extortion) site on 2025-03-03.

    RansomwareUnknown
  876. Openreso ransomware attack (Arcusmedia, 2025)

    Openreso was named on the Arcusmedia ransomware data-leak (extortion) site on 2025-03-03.

    RansomwareUnknown
  877. quigleyeye.com\$33.6M\USA\435GB\&lt;1% DISCLOSED ransomware attack (Cactus, 2025)

    quigleyeye.com\$33.6M\USA\435GB\&lt;1% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-03-03.

    RansomwareUnknown
  878. regulvar.com\$253.5M\Canada\3.6TB\100% DISCLOSED ransomware attack (Cactus, 2025)

    regulvar.com\$253.5M\Canada\3.6TB\100% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-03-03.

    RansomwareUnknown
  879. RJ IT Solutions ransomware attack (Arcusmedia, 2025)

    RJ IT Solutions was named on the Arcusmedia ransomware data-leak (extortion) site on 2025-03-03.

    RansomwareUnknown
  880. S********e.com ransomware attack (Flocker, 2025)

    S********e.com was named on the Flocker ransomware data-leak (extortion) site on 2025-03-03.

    RansomwareUnknown
  881. ssmcoop.com\$22.5M\USA\26GB\100% DISCLOSED ransomware attack (Cactus, 2025)

    ssmcoop.com\$22.5M\USA\26GB\100% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-03-03.

    RansomwareUnknown
  882. synaptic.co.tz ransomware attack (Arcusmedia, 2025)

    synaptic.co.tz was named on the Arcusmedia ransomware data-leak (extortion) site on 2025-03-03.

    RansomwareUnknown
  883. Vitenas Cosmetic Surgery ransomware attack (Kairos, 2025)

    Vitenas Cosmetic Surgery was named on the Kairos ransomware data-leak (extortion) site on 2025-03-03.

    RansomwareUnknown
  884. bestbrands.com\$25.5M\USA\659GB\100% DISCLOSED ransomware attack (Cactus, 2025)

    bestbrands.com\$25.5M\USA\659GB\100% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-03-02.

    RansomwareUnknown
  885. britannicahome.com\$20.6M\USA\2.8TB\100% DISCLOSED ransomware attack (Cactus, 2025)

    britannicahome.com\$20.6M\USA\2.8TB\100% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-03-02.

    RansomwareUnknown
  886. Couri Insurance Agency ransomware attack (Play, 2025)

    Couri Insurance Agency was named on the Play ransomware data-leak (extortion) site on 2025-03-02.

    RansomwareUnknown
  887. FM.GOB.AR ransomware attack (Monti, 2025)

    FM.GOB.AR was named on the Monti ransomware data-leak (extortion) site on 2025-03-02.

    RansomwareUnknown
  888. Ganong Bros ransomware attack (Play, 2025)

    Ganong Bros was named on the Play ransomware data-leak (extortion) site on 2025-03-02.

    RansomwareUnknown
  889. germancentre.sg ransomware attack (Incransom, 2025)

    germancentre.sg was named on the Incransom ransomware data-leak (extortion) site on 2025-03-02.

    RansomwareUnknown
  890. gruppocogesi.org ransomware attack (LockBit, 2025)

    gruppocogesi.org was named on the LockBit ransomware data-leak (extortion) site on 2025-03-02.

    RansomwareUnknown
  891. International Process Plants ransomware attack (Play, 2025)

    International Process Plants was named on the Play ransomware data-leak (extortion) site on 2025-03-02.

    RansomwareUnknown
  892. IT-IQ Botswana ransomware attack (Play, 2025)

    IT-IQ Botswana was named on the Play ransomware data-leak (extortion) site on 2025-03-02.

    RansomwareUnknown
  893. kinseysinc.com\$74.9M\USA\675GB\100% DISCLOSED ransomware attack (Cactus, 2025)

    kinseysinc.com\$74.9M\USA\675GB\100% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-03-02.

    RansomwareUnknown
  894. M&n Management ransomware attack (Play, 2025)

    M&n Management was named on the Play ransomware data-leak (extortion) site on 2025-03-02.

    RansomwareUnknown
  895. midwayimporting.com\$43.7M\USA\915GB\100% DISCLOSED ransomware attack (Cactus, 2025)

    midwayimporting.com\$43.7M\USA\915GB\100% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-03-02.

    RansomwareUnknown
  896. newhorizonsbaking.com\$163M\USA\455GB\100% DISCLOSED ransomware attack (Cactus, 2025)

    newhorizonsbaking.com\$163M\USA\455GB\100% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-03-02.

    RansomwareUnknown
  897. North American Fire Hose ransomware attack (Play, 2025)

    North American Fire Hose was named on the Play ransomware data-leak (extortion) site on 2025-03-02.

    RansomwareUnknown
  898. Optometrics ransomware attack (Play, 2025)

    Optometrics was named on the Play ransomware data-leak (extortion) site on 2025-03-02.

    RansomwareUnknown
  899. Pre Con Industries ransomware attack (Play, 2025)

    Pre Con Industries was named on the Play ransomware data-leak (extortion) site on 2025-03-02.

    RansomwareUnknown
  900. revitalash.com\$21.5M\USA\1.2TB\100% DISCLOSED ransomware attack (Cactus, 2025)

    revitalash.com\$21.5M\USA\1.2TB\100% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-03-02.

    RansomwareUnknown
  901. steelerubber.com\$17.9M\USA\116GB\100% DISCLOSED ransomware attack (Cactus, 2025)

    steelerubber.com\$17.9M\USA\116GB\100% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-03-02.

    RansomwareUnknown
  902. uniekinc.com\$37.5M\USA\1.8TB\100% DISCLOSED ransomware attack (Cactus, 2025)

    uniekinc.com\$37.5M\USA\1.8TB\100% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-03-02.

    RansomwareUnknown
  903. Workforce Group ransomware attack (Killsecurity, 2025)

    Workforce Group was named on the Killsecurity ransomware data-leak (extortion) site on 2025-03-02.

    RansomwareUnknown
  904. breakawayconcretecutting.com ransomware attack (Incransom, 2025)

    breakawayconcretecutting.com was named on the Incransom ransomware data-leak (extortion) site on 2025-03-01.

    RansomwareUnknown
  905. Newton & Associates, Inc ransomware attack (Rhysida, 2025)

    Newton & Associates, Inc was named on the Rhysida ransomware data-leak (extortion) site on 2025-03-01.

    RansomwareUnknown
  906. associatedasset.com\$288M\USA\26GB\&lt;1% DISCLOSED ransomware attack (Cactus, 2025)

    associatedasset.com\$288M\USA\26GB\&lt;1% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-02-28.

    RansomwareUnknown
  907. branchgroup.com\$333M\USA\253GB\&lt;1% DISCLOSED ransomware attack (Cactus, 2025)

    branchgroup.com\$333M\USA\253GB\&lt;1% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-02-28.

    RansomwareUnknown
  908. curtisint.com\$37.2M\Canada\676GB\100% DISCLOSED ransomware attack (Cactus, 2025)

    curtisint.com\$37.2M\Canada\676GB\100% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-02-28.

    RansomwareUnknown
  909. Leak at École Nationale de la Sécurité

    Disclosed on 28 February 2025, a data breach at France's École Nationale de la Sécurité, a private-security and VTC training school, exposed the personal records of roughly 30,000 trainees, including national ID numbers, social security numbers, VTC licence numbers and contact details.

  910. Leak at EDF DPIH

    On 28 February 2025, a threat actor claimed to have stolen a database from EDF's hydraulic generation division (DPIH), exposing power-plant intervention and maintenance plans, security inspection results and maintenance staff IDs; EDF and researchers disputed the actor's nuclear claims.

  911. electrocraft.com\$190.1M\USA\477GB\&lt;1% DISCLOSED ransomware attack (Cactus, 2025)

    electrocraft.com\$190.1M\USA\477GB\&lt;1% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-02-28.

    RansomwareUnknown
  912. Engineering Mechanics ransomware attack (Lynx, 2025)

    Engineering Mechanics was named on the Lynx ransomware data-leak (extortion) site on 2025-02-28.

    RansomwareUnknown
  913. grede.com\$814.7M\USA\524gb\&lt;1% DISCLOSED ransomware attack (Cactus, 2025)

    grede.com\$814.7M\USA\524gb\&lt;1% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-02-28.

    RansomwareUnknown
  914. Inversiones Clinica Del Meta SA ransomware attack (Ransomblog_noname, 2025)

    Inversiones Clinica Del Meta SA was named on the Ransomblog_noname ransomware data-leak (extortion) site on 2025-02-28.

    RansomwareUnknown
  915. pace-usa.com\$134.4M\USA\65gb\&lt;1% DISCLOSED ransomware attack (Cactus, 2025)

    pace-usa.com\$134.4M\USA\65gb\&lt;1% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-02-28.

    RansomwareUnknown
  916. stanleyconsultants.com\$190.5M\USA\388GB\&lt;1% DISCLOSED ransomware attack (Cactus, 2025)

    stanleyconsultants.com\$190.5M\USA\388GB\&lt;1% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-02-28.

    RansomwareUnknown
  917. steelwarehouse.com\$570.3M\USA\679gb\&lt;1% DISCLOSED ransomware attack (Cactus, 2025)

    steelwarehouse.com\$570.3M\USA\679gb\&lt;1% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-02-28.

    RansomwareUnknown
  918. sublettecountywy.gov ransomware attack (Incransom, 2025)

    sublettecountywy.gov was named on the Incransom ransomware data-leak (extortion) site on 2025-02-28.

    RansomwareUnknown
  919. uniquehd.com\$13.7M\USA\429GB\100% DISCLOSED ransomware attack (Cactus, 2025)

    uniquehd.com\$13.7M\USA\429GB\100% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-02-28.

    RansomwareUnknown
  920. www.casinoessentials.com ransomware attack (RansomHub, 2025)

    www.casinoessentials.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-28.

    RansomwareUnknown
  921. www.journeyoilfield.net ransomware attack (RansomHub, 2025)

    www.journeyoilfield.net was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-28.

    RansomwareUnknown
  922. Data leak at Zephir

    On 28 February 2025, a data leak attributed to Zephir (France) exposed personal records of roughly 67,000 people, including names, email addresses, phone numbers and bank account details (IBAN).

  923. Biogena GmbH & Co KG ransomware attack (Lynx, 2025)

    Biogena GmbH & Co KG was named on the Lynx ransomware data-leak (extortion) site on 2025-02-27.

    RansomwareUnknown
  924. jtu.com.br ransomware attack (LockBit, 2025)

    jtu.com.br was named on the LockBit ransomware data-leak (extortion) site on 2025-02-27.

    RansomwareUnknown
  925. teamwass.com ransomware attack (RansomHub, 2025)

    teamwass.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-27.

    RansomwareUnknown
  926. www.nasonptc.com ransomware attack (RansomHub, 2025)

    www.nasonptc.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-27.

    RansomwareUnknown
  927. www.townofbourne.com ransomware attack (RansomHub, 2025)

    www.townofbourne.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-27.

    RansomwareUnknown
  928. 3cBSI ransomware attack (Play, 2025)

    3cBSI was named on the Play ransomware data-leak (extortion) site on 2025-02-26.

    RansomwareUnknown
  929. alphabaking.com\$421.9M\USA\1TB\&lt;1% DISCLOSED ransomware attack (Cactus, 2025)

    alphabaking.com\$421.9M\USA\1TB\&lt;1% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-02-26.

    RansomwareUnknown
  930. Arcandco ransomware attack (Termite, 2025)

    Arcandco was named on the Termite ransomware data-leak (extortion) site on 2025-02-26.

    RansomwareUnknown
  931. caltrol.com\$296.3M\USA\224gb\&lt;1% DISCLOSED ransomware attack (Cactus, 2025)

    caltrol.com\$296.3M\USA\224gb\&lt;1% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-02-26.

    RansomwareUnknown
  932. Finck Cigar ransomware attack (Play, 2025)

    Finck Cigar was named on the Play ransomware data-leak (extortion) site on 2025-02-26.

    RansomwareUnknown
  933. Genea ransomware attack (Termite, 2025)

    Genea was named on the Termite ransomware data-leak (extortion) site on 2025-02-26.

    RansomwareUnknown
  934. Gitlabs: Synelixis Solutions, INGV, VMO Holdings ransomware attack (FOG, 2025)

    Gitlabs: Synelixis Solutions, INGV, VMO Holdings was named on the FOG ransomware data-leak (extortion) site on 2025-02-26.

    RansomwareUnknown
  935. holtcat.com\$1B\USA\868GB\&lt;1% DISCLOSED ransomware attack (Cactus, 2025)

    holtcat.com\$1B\USA\868GB\&lt;1% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-02-26.

    RansomwareUnknown
  936. ITU AbsorbTech ransomware attack (Lynx, 2025)

    ITU AbsorbTech was named on the Lynx ransomware data-leak (extortion) site on 2025-02-26.

    RansomwareUnknown
  937. Kendall Auto Group ransomware attack (Hunters International, 2025)

    Kendall Auto Group was named on the Hunters International ransomware data-leak (extortion) site on 2025-02-26.

    RansomwareUnknown
  938. London Belgravia ransomware attack (Termite, 2025)

    London Belgravia was named on the Termite ransomware data-leak (extortion) site on 2025-02-26.

    RansomwareUnknown
  939. Muller Insurance ransomware attack (Play, 2025)

    Muller Insurance was named on the Play ransomware data-leak (extortion) site on 2025-02-26.

    RansomwareUnknown
  940. National Legal Service ransomware attack (Termite, 2025)

    National Legal Service was named on the Termite ransomware data-leak (extortion) site on 2025-02-26.

    RansomwareUnknown
  941. Nationz Technologies Inc. ransomware attack (Ransomhouse, 2025)

    Nationz Technologies Inc. was named on the Ransomhouse ransomware data-leak (extortion) site on 2025-02-26.

    RansomwareUnknown
  942. Nichino Ryokka Co Ltd ransomware attack (Hunters International, 2025)

    Nichino Ryokka Co Ltd was named on the Hunters International ransomware data-leak (extortion) site on 2025-02-26.

    RansomwareUnknown
  943. Leak at Nord Emploi

    On 26 February 2025, Nord Emploi — the Nord department's RSA return-to-employment support platform — was hit by a data leak exposing personal and social-support records of roughly 200,000 benefit recipients, including identity, contact, CAF/RSA and detailed welfare-accompaniment data.

  944. Omni United ransomware attack (Hunters International, 2025)

    Omni United was named on the Hunters International ransomware data-leak (extortion) site on 2025-02-26.

    RansomwareUnknown
  945. powelltool.com ransomware attack (Lynx, 2025)

    powelltool.com was named on the Lynx ransomware data-leak (extortion) site on 2025-02-26.

    RansomwareUnknown
  946. Rooks Rider Solicitors ransomware attack (Termite, 2025)

    Rooks Rider Solicitors was named on the Termite ransomware data-leak (extortion) site on 2025-02-26.

    RansomwareUnknown
  947. Story Environmental ransomware attack (Play, 2025)

    Story Environmental was named on the Play ransomware data-leak (extortion) site on 2025-02-26.

    RansomwareUnknown
  948. Vermeer Mexico ransomware attack (Hunters International, 2025)

    Vermeer Mexico was named on the Hunters International ransomware data-leak (extortion) site on 2025-02-26.

    RansomwareUnknown
  949. www.amerasphalt.com ransomware attack (RansomHub, 2025)

    www.amerasphalt.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-26.

    RansomwareUnknown
  950. www.cmsg.cl ransomware attack (RansomHub, 2025)

    www.cmsg.cl was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-26.

    RansomwareUnknown
  951. www.emeryair.net ransomware attack (RansomHub, 2025)

    www.emeryair.net was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-26.

    RansomwareUnknown
  952. www.envirolabsinc.com ransomware attack (RansomHub, 2025)

    www.envirolabsinc.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-26.

    RansomwareUnknown
  953. www.kppm.com ransomware attack (RansomHub, 2025)

    www.kppm.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-26.

    RansomwareUnknown
  954. www.newburghhealthcarecenter.com ransomware attack (RansomHub, 2025)

    www.newburghhealthcarecenter.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-26.

    RansomwareUnknown
  955. www.obrienavocats.qc.ca ransomware attack (RansomHub, 2025)

    www.obrienavocats.qc.ca was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-26.

    RansomwareUnknown
  956. acmefan.com ransomware attack (Lynx, 2025)

    acmefan.com was named on the Lynx ransomware data-leak (extortion) site on 2025-02-25.

    RansomwareUnknown
  957. ALCOTT HR GROUP ransomware attack (Play, 2025)

    ALCOTT HR GROUP was named on the Play ransomware data-leak (extortion) site on 2025-02-25.

    RansomwareUnknown
  958. bluedge.com\$104.5M\USA\994GB\&lt;1% DISCLOSED ransomware attack (Cactus, 2025)

    bluedge.com\$104.5M\USA\994GB\&lt;1% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-02-25.

    RansomwareUnknown
  959. Convert Solar ransomware attack (Play, 2025)

    Convert Solar was named on the Play ransomware data-leak (extortion) site on 2025-02-25.

    RansomwareUnknown
  960. essenzamovies.com.br ransomware attack (LockBit, 2025)

    essenzamovies.com.br was named on the LockBit ransomware data-leak (extortion) site on 2025-02-25.

    RansomwareUnknown
  961. Fairhaven Shipyard Companies ransomware attack (Play, 2025)

    Fairhaven Shipyard Companies was named on the Play ransomware data-leak (extortion) site on 2025-02-25.

    RansomwareUnknown
  962. First Federal Savings & Loan ransomware attack (Play, 2025)

    First Federal Savings & Loan was named on the Play ransomware data-leak (extortion) site on 2025-02-25.

    RansomwareUnknown
  963. GANRO ransomware attack (Lynx, 2025)

    GANRO was named on the Lynx ransomware data-leak (extortion) site on 2025-02-25.

    RansomwareUnknown
  964. hgmlegal.com ransomware attack (RansomHub, 2025)

    hgmlegal.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-25.

    RansomwareUnknown
  965. lifting.com\$135.8M\USA\1.4TB\&lt;1% DISCLOSED ransomware attack (Cactus, 2025)

    lifting.com\$135.8M\USA\1.4TB\&lt;1% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-02-25.

    RansomwareUnknown
  966. megamtls.com ransomware attack (Incransom, 2025)

    megamtls.com was named on the Incransom ransomware data-leak (extortion) site on 2025-02-25.

    RansomwareUnknown
  967. neatem.fr | Update! ransomware attack (Braincipher, 2025)

    neatem.fr | Update! was named on the Braincipher ransomware data-leak (extortion) site on 2025-02-25.

    RansomwareUnknown
  968. ossc.mx ransomware attack (LockBit, 2025)

    ossc.mx was named on the LockBit ransomware data-leak (extortion) site on 2025-02-25.

    RansomwareUnknown
  969. pacresmortgage.com ransomware attack (Lynx, 2025)

    pacresmortgage.com was named on the Lynx ransomware data-leak (extortion) site on 2025-02-25.

    RansomwareUnknown
  970. PPS Services Group ransomware attack (Lynx, 2025)

    PPS Services Group was named on the Lynx ransomware data-leak (extortion) site on 2025-02-25.

    RansomwareUnknown
  971. Radco Industries ransomware attack (Play, 2025)

    Radco Industries was named on the Play ransomware data-leak (extortion) site on 2025-02-25.

    RansomwareUnknown
  972. South Georgia Accounting Services ransomware attack (Spacebears, 2025)

    South Georgia Accounting Services was named on the Spacebears ransomware data-leak (extortion) site on 2025-02-25.

    RansomwareUnknown
  973. tequaly.com ransomware attack (Embargo, 2025)

    tequaly.com was named on the Embargo ransomware data-leak (extortion) site on 2025-02-25.

    RansomwareUnknown
  974. unila.edu.mx ransomware attack (LockBit, 2025)

    unila.edu.mx was named on the LockBit ransomware data-leak (extortion) site on 2025-02-25.

    RansomwareUnknown
  975. Vvf Ilinois Services ransomware attack (Lynx, 2025)

    Vvf Ilinois Services was named on the Lynx ransomware data-leak (extortion) site on 2025-02-25.

    RansomwareUnknown
  976. welcompanies.com ransomware attack (RansomHub, 2025)

    welcompanies.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-25.

    RansomwareUnknown
  977. www.ateliermonarque.com ransomware attack (RansomHub, 2025)

    www.ateliermonarque.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-25.

    RansomwareUnknown
  978. www.avalon-hotel.com ransomware attack (RansomHub, 2025)

    www.avalon-hotel.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-25.

    RansomwareUnknown
  979. www.bwdtechnology.com ransomware attack (RansomHub, 2025)

    www.bwdtechnology.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-25.

    RansomwareUnknown
  980. www.confabca.com ransomware attack (RansomHub, 2025)

    www.confabca.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-25.

    RansomwareUnknown
  981. www.rgb.com ransomware attack (RansomHub, 2025)

    www.rgb.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-25.

    RansomwareUnknown
  982. www.wpisd.com ransomware attack (RansomHub, 2025)

    www.wpisd.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-25.

    RansomwareUnknown
  983. Xepa Soul ransomware attack (Lynx, 2025)

    Xepa Soul was named on the Lynx ransomware data-leak (extortion) site on 2025-02-25.

    RansomwareUnknown
  984. aiibeauty.com\$274.8M\USA\508GB\&lt;1% DISCLOSED ransomware attack (Cactus, 2025)

    aiibeauty.com\$274.8M\USA\508GB\&lt;1% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-02-24.

    RansomwareUnknown
  985. amalgamatedsugar.com\$764.8 M\USA\464gb\&lt;1% DISCLOSED ransomware attack (Cactus, 2025)

    amalgamatedsugar.com\$764.8 M\USA\464gb\&lt;1% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-02-24.

    RansomwareUnknown
  986. chfindustries.com\$253.8M\USA\2.5TB\&lt;1% DISCLOSED ransomware attack (Cactus, 2025)

    chfindustries.com\$253.8M\USA\2.5TB\&lt;1% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-02-24.

    RansomwareUnknown
  987. compactmould.com ransomware attack (RansomHub, 2025)

    compactmould.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-24.

    RansomwareUnknown
  988. denbyco.co.uk ransomware attack (RansomHub, 2025)

    denbyco.co.uk was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-24.

    RansomwareUnknown
  989. [DISCLOSED] Aishu, Eshoo ransomware attack (Ransomhouse, 2025)

    [DISCLOSED] Aishu, Eshoo was named on the Ransomhouse ransomware data-leak (extortion) site on 2025-02-24.

    RansomwareUnknown
  990. everelgroup.com\$259M\Italy\440GB\&lt;1% DISCLOSED ransomware attack (Cactus, 2025)

    everelgroup.com\$259M\Italy\440GB\&lt;1% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-02-24.

    RansomwareUnknown
  991. [EVIDENCE] Aishu, Eshoo ransomware attack (Ransomhouse, 2025)

    [EVIDENCE] Aishu, Eshoo was named on the Ransomhouse ransomware data-leak (extortion) site on 2025-02-24.

    RansomwareUnknown
  992. Fireplace Warehouse ransomware attack (Kairos, 2025)

    Fireplace Warehouse was named on the Kairos ransomware data-leak (extortion) site on 2025-02-24.

    RansomwareUnknown
  993. formanmills.com\$422.2M\USA\846gb\&lt;1% DISCLOSED ransomware attack (Cactus, 2025)

    formanmills.com\$422.2M\USA\846gb\&lt;1% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-02-24.

    RansomwareUnknown
  994. Geokon ransomware attack (Lynx, 2025)

    Geokon was named on the Lynx ransomware data-leak (extortion) site on 2025-02-24.

    RansomwareUnknown
  995. IDEA Expertises ransomware attack (Lynx, 2025)

    IDEA Expertises was named on the Lynx ransomware data-leak (extortion) site on 2025-02-24.

    RansomwareUnknown
  996. Orange Romania data breach (2025)

    In February 2025, the Romanian arm of telecommunications company Orange suffered a data breach which was subsequently published to a popular hacking forum.

  997. Planet One ransomware attack (Lynx, 2025)

    Planet One was named on the Lynx ransomware data-leak (extortion) site on 2025-02-24.

    RansomwareUnknown
  998. regulvar.com\$253.5M\Canada\3.6TB\&lt;1% DISCLOSED ransomware attack (Cactus, 2025)

    regulvar.com\$253.5M\Canada\3.6TB\&lt;1% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-02-24.

    RansomwareUnknown
  999. Stürmer Maschinen ransomware attack (Lynx, 2025)

    Stürmer Maschinen was named on the Lynx ransomware data-leak (extortion) site on 2025-02-24.

    RansomwareUnknown
  1000. BluAgent Technologies, Inc ransomware attack (Killsecurity, 2025)

    BluAgent Technologies, Inc was named on the Killsecurity ransomware data-leak (extortion) site on 2025-02-23.

    RansomwareUnknown
  1001. G&amp ransomware attack (Killsecurity, 2025)

    G&amp was named on the Killsecurity ransomware data-leak (extortion) site on 2025-02-23.

    RansomwareUnknown
  1002. Gitlabs: Naphix, WDNA, Bayteq ransomware attack (FOG, 2025)

    Gitlabs: Naphix, WDNA, Bayteq was named on the FOG ransomware data-leak (extortion) site on 2025-02-23.

    RansomwareUnknown
  1003. Novi Community School District ransomware attack (Killsecurity, 2025)

    Novi Community School District was named on the Killsecurity ransomware data-leak (extortion) site on 2025-02-23.

    RansomwareUnknown
  1004. ondaralogistica.com ransomware attack (RansomHub, 2025)

    ondaralogistica.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-23.

    RansomwareUnknown
  1005. Shaghalni ransomware attack (Killsecurity, 2025)

    Shaghalni was named on the Killsecurity ransomware data-leak (extortion) site on 2025-02-23.

    RansomwareUnknown
  1006. www.famcomachine.com ransomware attack (RansomHub, 2025)

    www.famcomachine.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-23.

    RansomwareUnknown
  1007. alleghenybradford.com ransomware attack (RansomHub, 2025)

    alleghenybradford.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-22.

    RansomwareUnknown
  1008. CCOO Servicios ransomware attack (Hunters International, 2025)

    CCOO Servicios was named on the Hunters International ransomware data-leak (extortion) site on 2025-02-22.

    RansomwareUnknown
  1009. evergreenpnw.com ransomware attack (Incransom, 2025)

    evergreenpnw.com was named on the Incransom ransomware data-leak (extortion) site on 2025-02-22.

    RansomwareUnknown
  1010. Excel Security ransomware attack (Lynx, 2025)

    Excel Security was named on the Lynx ransomware data-leak (extortion) site on 2025-02-22.

    RansomwareUnknown
  1011. Peter Glenn Ski Sport ransomware attack (Rhysida, 2025)

    Peter Glenn Ski Sport was named on the Rhysida ransomware data-leak (extortion) site on 2025-02-22.

    RansomwareUnknown
  1012. SPEED Co ransomware attack (Hunters International, 2025)

    SPEED Co was named on the Hunters International ransomware data-leak (extortion) site on 2025-02-22.

    RansomwareUnknown
  1013. teamsters175.org ransomware attack (Incransom, 2025)

    teamsters175.org was named on the Incransom ransomware data-leak (extortion) site on 2025-02-22.

    RansomwareUnknown
  1014. Bybit cold wallet heist

    Lazarus operators substituted the implementation contract during a routine Safe multisig transaction, draining ~$1.5 billion in ETH and staked-ETH derivatives from Bybit's Ethereum cold wallet — the largest single cryptocurrency theft in history.

  1015. Leak at French Football Federation

    In February 2025 the French Football Federation (FFF) suffered a data breach via a compromised account on its licensee-management platform; at least ~43,000 users had personal data exposed, including names, contact details, and copies of ID documents.

  1016. guadeloupeformation.com ransomware attack (RansomHub, 2025)

    guadeloupeformation.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-21.

    RansomwareUnknown
  1017. headcount.com ransomware attack (RansomHub, 2025)

    headcount.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-21.

    RansomwareUnknown
  1018. jindalgroup.com ransomware attack (RansomHub, 2025)

    jindalgroup.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-21.

    RansomwareUnknown
  1019. (kc2) geokon.com ransomware attack (Lynx, 2025)

    (kc2) geokon.com was named on the Lynx ransomware data-leak (extortion) site on 2025-02-21.

    RansomwareUnknown
  1020. planetone-asia.com ransomware attack (Lynx, 2025)

    planetone-asia.com was named on the Lynx ransomware data-leak (extortion) site on 2025-02-21.

    RansomwareUnknown
  1021. statesideseattle.com ransomware attack (Incransom, 2025)

    statesideseattle.com was named on the Incransom ransomware data-leak (extortion) site on 2025-02-21.

    RansomwareUnknown
  1022. www.elecgalapagos.com.ec ransomware attack (RansomHub, 2025)

    www.elecgalapagos.com.ec was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-21.

    RansomwareUnknown
  1023. www.electro-fusion.com ransomware attack (RansomHub, 2025)

    www.electro-fusion.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-21.

    RansomwareUnknown
  1024. www.fla-esq.com ransomware attack (RansomHub, 2025)

    www.fla-esq.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-21.

    RansomwareUnknown
  1025. www.midwestvascular.net ransomware attack (RansomHub, 2025)

    www.midwestvascular.net was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-21.

    RansomwareUnknown
  1026. www.nola-law.com ransomware attack (RansomHub, 2025)

    www.nola-law.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-21.

    RansomwareUnknown
  1027. www.saracenproperties.com ransomware attack (RansomHub, 2025)

    www.saracenproperties.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-21.

    RansomwareUnknown
  1028. www.witheyaddison.com ransomware attack (RansomHub, 2025)

    www.witheyaddison.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-21.

    RansomwareUnknown
  1029. californiaclingpeaches.com ransomware attack (Incransom, 2025)

    californiaclingpeaches.com was named on the Incransom ransomware data-leak (extortion) site on 2025-02-20.

    RansomwareUnknown
  1030. eaglepost.com ransomware attack (RansomHub, 2025)

    eaglepost.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-20.

    RansomwareUnknown
  1031. ehdd.com ransomware attack (Incransom, 2025)

    ehdd.com was named on the Incransom ransomware data-leak (extortion) site on 2025-02-20.

    RansomwareUnknown
  1032. Fortune Electric Co Ltd ransomware attack (Lynx, 2025)

    Fortune Electric Co Ltd was named on the Lynx ransomware data-leak (extortion) site on 2025-02-20.

    RansomwareUnknown
  1033. gilcar.co ransomware attack (RansomHub, 2025)

    gilcar.co was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-20.

    RansomwareUnknown
  1034. Ligentia ransomware attack (Termite, 2025)

    Ligentia was named on the Termite ransomware data-leak (extortion) site on 2025-02-20.

    RansomwareUnknown
  1035. Medical File ransomware attack (Killsecurity, 2025)

    Medical File was named on the Killsecurity ransomware data-leak (extortion) site on 2025-02-20.

    RansomwareUnknown
  1036. newhorizonsbaking.com\$163M\USA\455GB\&lt;1% DISCLOSED ransomware attack (Cactus, 2025)

    newhorizonsbaking.com\$163M\USA\455GB\&lt;1% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-02-20.

    RansomwareUnknown
  1037. www.okddsi.net ransomware attack (RansomHub, 2025)

    www.okddsi.net was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-20.

    RansomwareUnknown
  1038. www.phdental.com ransomware attack (RansomHub, 2025)

    www.phdental.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-20.

    RansomwareUnknown
  1039. www.pransystems.com ransomware attack (RansomHub, 2025)

    www.pransystems.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-20.

    RansomwareUnknown
  1040. www.riverdale.edu ransomware attack (RansomHub, 2025)

    www.riverdale.edu was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-20.

    RansomwareUnknown
  1041. Alabama Ophthalmology Associates ransomware attack (BianLian, 2025)

    Alabama Ophthalmology Associates was named on the BianLian ransomware data-leak (extortion) site on 2025-02-19.

    RansomwareUnknown
  1042. BeniPlus ransomware attack (Killsecurity, 2025)

    BeniPlus was named on the Killsecurity ransomware data-leak (extortion) site on 2025-02-19.

    RansomwareUnknown
  1043. Brolly ransomware attack (Killsecurity, 2025)

    Brolly was named on the Killsecurity ransomware data-leak (extortion) site on 2025-02-19.

    RansomwareUnknown
  1044. DR.Claims FL LLC ransomware attack (Killsecurity, 2025)

    DR.Claims FL LLC was named on the Killsecurity ransomware data-leak (extortion) site on 2025-02-19.

    RansomwareUnknown
  1045. Eservices.gov.zm ransomware attack (Flocker, 2025)

    Eservices.gov.zm was named on the Flocker ransomware data-leak (extortion) site on 2025-02-19.

    RansomwareUnknown
  1046. EzyLegal ransomware attack (Killsecurity, 2025)

    EzyLegal was named on the Killsecurity ransomware data-leak (extortion) site on 2025-02-19.

    RansomwareUnknown
  1047. Gitlabs: Next TI, VISEO, Hochschule Trier ransomware attack (FOG, 2025)

    Gitlabs: Next TI, VISEO, Hochschule Trier was named on the FOG ransomware data-leak (extortion) site on 2025-02-19.

    RansomwareUnknown
  1048. Haggin Oaks Golf (hagginoaks.com) ransomware attack (FOG, 2025)

    Haggin Oaks Golf (hagginoaks.com) was named on the FOG ransomware data-leak (extortion) site on 2025-02-19.

    RansomwareUnknown
  1049. haleycomfort.com ransomware attack (RansomHub, 2025)

    haleycomfort.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-19.

    RansomwareUnknown
  1050. Help Me Grow Yolo ransomware attack (Killsecurity, 2025)

    Help Me Grow Yolo was named on the Killsecurity ransomware data-leak (extortion) site on 2025-02-19.

    RansomwareUnknown
  1051. NimuSoft ransomware attack (Killsecurity, 2025)

    NimuSoft was named on the Killsecurity ransomware data-leak (extortion) site on 2025-02-19.

    RansomwareUnknown
  1052. Pulmonary Physicians of South Florida Clinics | Data security breach! ransomware attack (Braincipher, 2025)

    Pulmonary Physicians of South Florida Clinics | Data security breach! was named on the Braincipher ransomware data-leak (extortion) site on 2025-02-19.

    RansomwareUnknown
  1053. Ranhill Bersekutu ransomware attack (Lynx, 2025)

    Ranhill Bersekutu was named on the Lynx ransomware data-leak (extortion) site on 2025-02-19.

    RansomwareUnknown
  1054. Revi ransomware attack (Killsecurity, 2025)

    Revi was named on the Killsecurity ransomware data-leak (extortion) site on 2025-02-19.

    RansomwareUnknown
  1055. Data leak at Vienne Departmental Fire and Rescue Service

    On 19 February 2025, the Vienne Departmental Fire and Rescue Service (SDIS 86) in France suffered a website compromise that exposed an internal database, including user logins, hashed passwords and email addresses, along with sensitive station and emergency-intervention information.

  1056. Supreme Administrative Court of Bulgaria ransomware attack (Ransomhouse, 2025)

    Supreme Administrative Court of Bulgaria was named on the Ransomhouse ransomware data-leak (extortion) site on 2025-02-19.

    RansomwareUnknown
  1057. Afa Systems Ltd. ransomware attack (Underground, 2025)

    Afa Systems Ltd. was named on the Underground ransomware data-leak (extortion) site on 2025-02-18.

    RansomwareUnknown
  1058. bestbrands.com\$25.5M\USA\659GB\&lt;1% DISCLOSED ransomware attack (Cactus, 2025)

    bestbrands.com\$25.5M\USA\659GB\&lt;1% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-02-18.

    RansomwareUnknown
  1059. boostheat.com ransomware attack (Bashe, 2025)

    boostheat.com was named on the Bashe ransomware data-leak (extortion) site on 2025-02-18.

    RansomwareUnknown
  1060. Buanderie Centrale de Montreal ransomware attack (Rhysida, 2025)

    Buanderie Centrale de Montreal was named on the Rhysida ransomware data-leak (extortion) site on 2025-02-18.

    RansomwareUnknown
  1061. lavi.co.il ransomware attack (Incransom, 2025)

    lavi.co.il was named on the Incransom ransomware data-leak (extortion) site on 2025-02-18.

    RansomwareUnknown
  1062. midwayimporting.com\$43.7M\USA\915GB\&lt;1% DISCLOSED ransomware attack (Cactus, 2025)

    midwayimporting.com\$43.7M\USA\915GB\&lt;1% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-02-18.

    RansomwareUnknown
  1063. pyasolutions.com ransomware attack (Incransom, 2025)

    pyasolutions.com was named on the Incransom ransomware data-leak (extortion) site on 2025-02-18.

    RansomwareUnknown
  1064. ranhillbersekutu.com.my ransomware attack (Lynx, 2025)

    ranhillbersekutu.com.my was named on the Lynx ransomware data-leak (extortion) site on 2025-02-18.

    RansomwareUnknown
  1065. revitalash.com\$21.5M\USA\1.2TB\&lt;1% DISCLOSED ransomware attack (Cactus, 2025)

    revitalash.com\$21.5M\USA\1.2TB\&lt;1% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-02-18.

    RansomwareUnknown
  1066. uniekinc.com\$37.5M\USA\1.8TB\&lt;1% DISCLOSED ransomware attack (Cactus, 2025)

    uniekinc.com\$37.5M\USA\1.8TB\&lt;1% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-02-18.

    RansomwareUnknown
  1067. www.alphamedctr.com ransomware attack (RansomHub, 2025)

    www.alphamedctr.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-18.

    RansomwareUnknown
  1068. www.ccttechnologies.com ransomware attack (RansomHub, 2025)

    www.ccttechnologies.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-18.

    RansomwareUnknown
  1069. www.copleystoughton.com ransomware attack (RansomHub, 2025)

    www.copleystoughton.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-18.

    RansomwareUnknown
  1070. www.macmed.com ransomware attack (RansomHub, 2025)

    www.macmed.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-18.

    RansomwareUnknown
  1071. www.mwmechanicalinc.com ransomware attack (RansomHub, 2025)

    www.mwmechanicalinc.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-18.

    RansomwareUnknown
  1072. Allied Tenesis ransomware attack (Lynx, 2025)

    Allied Tenesis was named on the Lynx ransomware data-leak (extortion) site on 2025-02-17.

    RansomwareUnknown
  1073. almostfamousclothing.com\$183M\USA\375GB\&lt;1% DISCLOSED ransomware attack (Cactus, 2025)

    almostfamousclothing.com\$183M\USA\375GB\&lt;1% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-02-17.

    RansomwareUnknown
  1074. Autoschade Pippel ransomware attack (Lynx, 2025)

    Autoschade Pippel was named on the Lynx ransomware data-leak (extortion) site on 2025-02-17.

    RansomwareUnknown
  1075. bisindustries.com ransomware attack (RansomHub, 2025)

    bisindustries.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-17.

    RansomwareUnknown
  1076. Bulldog Oilfield Services ransomware attack (Play, 2025)

    Bulldog Oilfield Services was named on the Play ransomware data-leak (extortion) site on 2025-02-17.

    RansomwareUnknown
  1077. Bushmans ransomware attack (Play, 2025)

    Bushmans was named on the Play ransomware data-leak (extortion) site on 2025-02-17.

    RansomwareUnknown
  1078. Cirion Technologies ransomware attack (Braincipher, 2025)

    Cirion Technologies was named on the Braincipher ransomware data-leak (extortion) site on 2025-02-17.

    RansomwareUnknown
  1079. Cuna Supply ransomware attack (Play, 2025)

    Cuna Supply was named on the Play ransomware data-leak (extortion) site on 2025-02-17.

    RansomwareUnknown
  1080. Dane Court Grammar School ransomware attack (Kairos, 2025)

    Dane Court Grammar School was named on the Kairos ransomware data-leak (extortion) site on 2025-02-17.

    RansomwareUnknown
  1081. Greencastle-Antrim Senior High School (gcasd.org) ransomware attack (FOG, 2025)

    Greencastle-Antrim Senior High School (gcasd.org) was named on the FOG ransomware data-leak (extortion) site on 2025-02-17.

    RansomwareUnknown
  1082. hamton ransomware attack (Lynx, 2025)

    hamton was named on the Lynx ransomware data-leak (extortion) site on 2025-02-17.

    RansomwareUnknown
  1083. Hisingstads Bleck ransomware attack (Lynx, 2025)

    Hisingstads Bleck was named on the Lynx ransomware data-leak (extortion) site on 2025-02-17.

    RansomwareUnknown
  1084. HRS_IDEA_Expertises ransomware attack (Lynx, 2025)

    HRS_IDEA_Expertises was named on the Lynx ransomware data-leak (extortion) site on 2025-02-17.

    RansomwareUnknown
  1085. https://www.dapope.com/ ransomware attack (BlackSuit, 2025)

    https://www.dapope.com/ was named on the BlackSuit ransomware data-leak (extortion) site on 2025-02-17.

    RansomwareUnknown
  1086. Inland Empire Distribution Systems, Inc. ransomware attack (Play, 2025)

    Inland Empire Distribution Systems, Inc. was named on the Play ransomware data-leak (extortion) site on 2025-02-17.

    RansomwareUnknown
  1087. kinseysinc.com\$74.9M\USA\675GB\&lt;1% DISCLOSED ransomware attack (Cactus, 2025)

    kinseysinc.com\$74.9M\USA\675GB\&lt;1% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-02-17.

    RansomwareUnknown
  1088. Leadership Strategies ransomware attack (Lynx, 2025)

    Leadership Strategies was named on the Lynx ransomware data-leak (extortion) site on 2025-02-17.

    RansomwareUnknown
  1089. lekiaviation.com ransomware attack (RansomHub, 2025)

    lekiaviation.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-17.

    RansomwareUnknown
  1090. LINTEC & LINNHOFF Holdings ransomware attack (Lynx, 2025)

    LINTEC & LINNHOFF Holdings was named on the Lynx ransomware data-leak (extortion) site on 2025-02-17.

    RansomwareUnknown
  1091. mgainnovation.com\$30.9M\USA\215GB\100% DISCLOSED ransomware attack (Cactus, 2025)

    mgainnovation.com\$30.9M\USA\215GB\100% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-02-17.

    RansomwareUnknown
  1092. myhscu.com ransomware attack (Embargo, 2025)

    myhscu.com was named on the Embargo ransomware data-leak (extortion) site on 2025-02-17.

    RansomwareUnknown
  1093. neatem.fr ransomware attack (Braincipher, 2025)

    neatem.fr was named on the Braincipher ransomware data-leak (extortion) site on 2025-02-17.

    RansomwareUnknown
  1094. northernresponse.com\$17.4M\Canada\366GB\100% DISCLOSED ransomware attack (Cactus, 2025)

    northernresponse.com\$17.4M\Canada\366GB\100% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-02-17.

    RansomwareUnknown
  1095. Oxford Companies ransomware attack (Play, 2025)

    Oxford Companies was named on the Play ransomware data-leak (extortion) site on 2025-02-17.

    RansomwareUnknown
  1096. Pedensia Graphics Distribution ransomware attack (Lynx, 2025)

    Pedensia Graphics Distribution was named on the Lynx ransomware data-leak (extortion) site on 2025-02-17.

    RansomwareUnknown
  1097. Persante Health Care ransomware attack (Incransom, 2025)

    Persante Health Care was named on the Incransom ransomware data-leak (extortion) site on 2025-02-17.

    RansomwareUnknown
  1098. Rheinischer Sch ransomware attack (Play, 2025)

    Rheinischer Sch was named on the Play ransomware data-leak (extortion) site on 2025-02-17.

    RansomwareUnknown
  1099. savoiesfoods.com\$18.2M\USA\95GB\100% DISCLOSED ransomware attack (Cactus, 2025)

    savoiesfoods.com\$18.2M\USA\95GB\100% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-02-17.

    RansomwareUnknown
  1100. Data leak at Sport Découverte

    On 17 February 2025, French sports-experience e-commerce retailer Sport Découverte (sport-decouverte.com) was reported breached, with a database of roughly 488,000 customer accounts — names, dates of birth, phone numbers and email addresses — exposed.

  1101. ssmcoop.com\$22.5M\USA\26GB\&lt;1% DISCLOSED ransomware attack (Cactus, 2025)

    ssmcoop.com\$22.5M\USA\26GB\&lt;1% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-02-17.

    RansomwareUnknown
  1102. Stage 3 Separation ransomware attack (Play, 2025)

    Stage 3 Separation was named on the Play ransomware data-leak (extortion) site on 2025-02-17.

    RansomwareUnknown
  1103. Startek Peglar & Calcagni ransomware attack (Play, 2025)

    Startek Peglar & Calcagni was named on the Play ransomware data-leak (extortion) site on 2025-02-17.

    RansomwareUnknown
  1104. steelerubber.com\$17.9M\USA\116GB\&lt;1% DISCLOSED ransomware attack (Cactus, 2025)

    steelerubber.com\$17.9M\USA\116GB\&lt;1% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-02-17.

    RansomwareUnknown
  1105. Swissmem ransomware attack (Hunters International, 2025)

    Swissmem was named on the Hunters International ransomware data-leak (extortion) site on 2025-02-17.

    RansomwareUnknown
  1106. teamwass.com\$676.3M\USA\451GB\&lt;1% DISCLOSED ransomware attack (Cactus, 2025)

    teamwass.com\$676.3M\USA\451GB\&lt;1% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-02-17.

    RansomwareUnknown
  1107. The Townsley Law Firm Information ransomware attack (Play, 2025)

    The Townsley Law Firm Information was named on the Play ransomware data-leak (extortion) site on 2025-02-17.

    RansomwareUnknown
  1108. Toi Toi USA ransomware attack (Kairos, 2025)

    Toi Toi USA was named on the Kairos ransomware data-leak (extortion) site on 2025-02-17.

    RansomwareUnknown
  1109. Transkid ransomware attack (Play, 2025)

    Transkid was named on the Play ransomware data-leak (extortion) site on 2025-02-17.

    RansomwareUnknown
  1110. Weed Man Canada ransomware attack (Play, 2025)

    Weed Man Canada was named on the Play ransomware data-leak (extortion) site on 2025-02-17.

    RansomwareUnknown
  1111. Winbas ransomware attack (Lynx, 2025)

    Winbas was named on the Lynx ransomware data-leak (extortion) site on 2025-02-17.

    RansomwareUnknown
  1112. www.macter.com ransomware attack (RansomHub, 2025)

    www.macter.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-17.

    RansomwareUnknown
  1113. Wylie Steel Fabricators ransomware attack (Play, 2025)

    Wylie Steel Fabricators was named on the Play ransomware data-leak (extortion) site on 2025-02-17.

    RansomwareUnknown
  1114. A*u.edu.au ransomware attack (Flocker, 2025)

    A*u.edu.au was named on the Flocker ransomware data-leak (extortion) site on 2025-02-16.

    RansomwareUnknown
  1115. annegrady.org ransomware attack (Embargo, 2025)

    annegrady.org was named on the Embargo ransomware data-leak (extortion) site on 2025-02-16.

    RansomwareUnknown
  1116. Gitlabs: Acqua development, QBurst, Pamyra.de ransomware attack (FOG, 2025)

    Gitlabs: Acqua development, QBurst, Pamyra.de was named on the FOG ransomware data-leak (extortion) site on 2025-02-16.

    RansomwareUnknown
  1117. Gpstech2007.com ransomware attack (Flocker, 2025)

    Gpstech2007.com was named on the Flocker ransomware data-leak (extortion) site on 2025-02-16.

    RansomwareUnknown
  1118. Mervis.info ransomware attack (Flocker, 2025)

    Mervis.info was named on the Flocker ransomware data-leak (extortion) site on 2025-02-16.

    RansomwareUnknown
  1119. Realtime.tw ransomware attack (Flocker, 2025)

    Realtime.tw was named on the Flocker ransomware data-leak (extortion) site on 2025-02-16.

    RansomwareUnknown
  1120. ALIEN TXTBASE Stealer Logs data breach (2025)

    In February 2025, 23 billion rows of stealer logs were obtained from a Telegram channel known as ALIEN TXTBASE. The data contained 284M unique email addresses alongside the websites they were entered into and the passwords used.

    Data breachResolved
  1121. City of McKinney ransomware attack (Incransom, 2025)

    City of McKinney was named on the Incransom ransomware data-leak (extortion) site on 2025-02-15.

    RansomwareUnknown
  1122. Empire Home Center ransomware attack (Lynx, 2025)

    Empire Home Center was named on the Lynx ransomware data-leak (extortion) site on 2025-02-15.

    RansomwareUnknown
  1123. halex.com ransomware attack (Abyss, 2025)

    halex.com was named on the Abyss ransomware data-leak (extortion) site on 2025-02-15.

    RansomwareUnknown
  1124. (M)Empire-home-center ransomware attack (Lynx, 2025)

    (M)Empire-home-center was named on the Lynx ransomware data-leak (extortion) site on 2025-02-15.

    RansomwareUnknown
  1125. Northeast Delta Human Services Authority ransomware attack (Incransom, 2025)

    Northeast Delta Human Services Authority was named on the Incransom ransomware data-leak (extortion) site on 2025-02-15.

    RansomwareUnknown
  1126. saulttribe.com/kewadin.com ransomware attack (RansomHub, 2025)

    saulttribe.com/kewadin.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-15.

    RansomwareUnknown
  1127. www.310tempering.com ransomware attack (RansomHub, 2025)

    www.310tempering.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-15.

    RansomwareUnknown
  1128. www.cityoftarrant.com ransomware attack (RansomHub, 2025)

    www.cityoftarrant.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-15.

    RansomwareUnknown
  1129. www.colacouronnelocations.com ransomware attack (RansomHub, 2025)

    www.colacouronnelocations.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-15.

    RansomwareUnknown
  1130. www.imgenterprises.com ransomware attack (RansomHub, 2025)

    www.imgenterprises.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-15.

    RansomwareUnknown
  1131. www.naga.ae ransomware attack (RansomHub, 2025)

    www.naga.ae was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-15.

    RansomwareUnknown
  1132. www.rowetactical.com ransomware attack (RansomHub, 2025)

    www.rowetactical.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-15.

    RansomwareUnknown
  1133. www.solardatasystems.com ransomware attack (RansomHub, 2025)

    www.solardatasystems.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-15.

    RansomwareUnknown
  1134. www.transcend-info.com ransomware attack (RansomHub, 2025)

    www.transcend-info.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-15.

    RansomwareUnknown
  1135. Adpost data breach (2025)

    In February 2025, data obtained from an earlier Adpost breach surfaced. The dataset contained 3.3M records including email addresses, usernames, and display names. Adpost later published a disclosure notice and advised they'd forced a credential refresh, among other actions.

    Data breachResolved
  1136. brockbanks.co.uk ransomware attack (RansomHub, 2025)

    brockbanks.co.uk was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-14.

    RansomwareUnknown
  1137. Cocospy data breach (2025)

    In February 2025, the spyware service Cocospy suffered a data breach along with sibling spyware service, Spyic. The Cocospy breach alone exposed almost 1.8M customer email addresses which were provided to HIBP, and reportedly also enabled unauthorised access to captured messages, photos, call logs,…

    Data breachResolved
  1138. Heritage South Credit Union ransomware attack (Embargo, 2025)

    Heritage South Credit Union was named on the Embargo ransomware data-leak (extortion) site on 2025-02-14.

    RansomwareUnknown
  1139. Spyic data breach (2025)

    In February 2025, the spyware service Spyic suffered a data breach along with sibling spyware service, Cocospy. The Spyic breach alone exposed almost 876k customer email addresses which were provided to HIBP, and reportedly also enabled unauthorised access to captured messages, photos, call logs,…

    Data breachResolved
  1140. The Agency ransomware attack (Rhysida, 2025)

    The Agency was named on the Rhysida ransomware data-leak (extortion) site on 2025-02-14.

    RansomwareUnknown
  1141. www.calspa.it ransomware attack (RansomHub, 2025)

    www.calspa.it was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-14.

    RansomwareUnknown
  1142. Aspire Rural Health System ransomware attack (BianLian, 2025)

    Aspire Rural Health System was named on the BianLian ransomware data-leak (extortion) site on 2025-02-13.

    RansomwareUnknown
  1143. Ball, LLP ransomware attack (BianLian, 2025)

    Ball, LLP was named on the BianLian ransomware data-leak (extortion) site on 2025-02-13.

    RansomwareUnknown
  1144. Borel CPA's L.L.C ransomware attack (BianLian, 2025)

    Borel CPA's L.L.C was named on the BianLian ransomware data-leak (extortion) site on 2025-02-13.

    RansomwareUnknown
  1145. Dain, Torpy, Le Ray, Wiest and Garner, P.C. ransomware attack (BianLian, 2025)

    Dain, Torpy, Le Ray, Wiest and Garner, P.C. was named on the BianLian ransomware data-leak (extortion) site on 2025-02-13.

    RansomwareUnknown
  1146. enventuregt.com ransomware attack (RansomHub, 2025)

    enventuregt.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-13.

    RansomwareUnknown
  1147. Financial Services of America, Inc. ransomware attack (BianLian, 2025)

    Financial Services of America, Inc. was named on the BianLian ransomware data-leak (extortion) site on 2025-02-13.

    RansomwareUnknown
  1148. Gitlabs: Omydoo, Ayomi, ADULLACT ransomware attack (FOG, 2025)

    Gitlabs: Omydoo, Ayomi, ADULLACT was named on the FOG ransomware data-leak (extortion) site on 2025-02-13.

    RansomwareUnknown
  1149. leonardo.com ransomware attack (Threeam, 2025)

    leonardo.com was named on the Threeam ransomware data-leak (extortion) site on 2025-02-13.

    RansomwareUnknown
  1150. Mozo Grau (mozo-grau.com) ransomware attack (FOG, 2025)

    Mozo Grau (mozo-grau.com) was named on the FOG ransomware data-leak (extortion) site on 2025-02-13.

    RansomwareUnknown
  1151. Leak at Mutuelle des Motards

    In February 2025, French motorcycle insurer Mutuelle des Motards suffered a breach of a marketing contact database, exposing names, email addresses, phone numbers and postal codes of more than 1.3 million members.

  1152. Nash Brothers Construction ransomware attack (BianLian, 2025)

    Nash Brothers Construction was named on the BianLian ransomware data-leak (extortion) site on 2025-02-13.

    RansomwareUnknown
  1153. Nippon Steel USA ransomware attack (BianLian, 2025)

    Nippon Steel USA was named on the BianLian ransomware data-leak (extortion) site on 2025-02-13.

    RansomwareUnknown
  1154. R Molds Inc ransomware attack (BianLian, 2025)

    R Molds Inc was named on the BianLian ransomware data-leak (extortion) site on 2025-02-13.

    RansomwareUnknown
  1155. Shields Facilities Maintenance ransomware attack (Play, 2025)

    Shields Facilities Maintenance was named on the Play ransomware data-leak (extortion) site on 2025-02-13.

    RansomwareUnknown
  1156. snoqualmietribe.us ransomware attack (RansomHub, 2025)

    snoqualmietribe.us was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-13.

    RansomwareUnknown
  1157. alderconstruction.com ransomware attack (RansomHub, 2025)

    alderconstruction.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-12.

    RansomwareUnknown
  1158. askgs.ma ransomware attack (RansomHub, 2025)

    askgs.ma was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-12.

    RansomwareUnknown
  1159. bergconst.com ransomware attack (RansomHub, 2025)

    bergconst.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-12.

    RansomwareUnknown
  1160. britannicahome.com\$20.6M\USA\2.8TB\&lt;1% DISCLOSED ransomware attack (Cactus, 2025)

    britannicahome.com\$20.6M\USA\2.8TB\&lt;1% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-02-12.

    RansomwareUnknown
  1161. burdickpainting.com ransomware attack (RansomHub, 2025)

    burdickpainting.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-12.

    RansomwareUnknown
  1162. Leak at Caisse des dépôts et des consignations

    In February 2025, France's Caisse des dépôts disclosed that attackers used stolen login credentials to access the Ircantec pension platform and steal the personal data of about 70,000 public-sector contract workers, hospital practitioners and roughly 1,000 local elected officials.

  1163. Leak at Chronopost

    Chronopost, the French express parcel carrier, confirmed in February 2025 that an intrusion detected on 29 January 2025 exposed personal data of around 210,000 customers, including names, postal addresses, phone numbers and delivery signatures.

  1164. columbiacabinets.com ransomware attack (RansomHub, 2025)

    columbiacabinets.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-12.

    RansomwareUnknown
  1165. curtisint.com\$37.2M\Canada\676GB\&lt;1% DISCLOSED ransomware attack (Cactus, 2025)

    curtisint.com\$37.2M\Canada\676GB\&lt;1% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-02-12.

    RansomwareUnknown
  1166. E*******s.gov.zm ransomware attack (Flocker, 2025)

    E*******s.gov.zm was named on the Flocker ransomware data-leak (extortion) site on 2025-02-12.

    RansomwareUnknown
  1167. ekvallbyrne.com ransomware attack (RansomHub, 2025)

    ekvallbyrne.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-12.

    RansomwareUnknown
  1168. Gitlabs: INGV, Spacemanic, Squeezer-software ransomware attack (FOG, 2025)

    Gitlabs: INGV, Spacemanic, Squeezer-software was named on the FOG ransomware data-leak (extortion) site on 2025-02-12.

    RansomwareUnknown
  1169. Hess (hess-gmbh.de) ransomware attack (FOG, 2025)

    Hess (hess-gmbh.de) was named on the FOG ransomware data-leak (extortion) site on 2025-02-12.

    RansomwareUnknown
  1170. http://thermaseal.net ransomware attack (Ciphbit, 2025)

    http://thermaseal.net was named on the Ciphbit ransomware data-leak (extortion) site on 2025-02-12.

    RansomwareUnknown
  1171. krmcustomhomes.com ransomware attack (RansomHub, 2025)

    krmcustomhomes.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-12.

    RansomwareUnknown
  1172. laderalending.com ransomware attack (RansomHub, 2025)

    laderalending.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-12.

    RansomwareUnknown
  1173. MICRO MANUFACTRING ransomware attack (Ransomblog_noname, 2025)

    MICRO MANUFACTRING was named on the Ransomblog_noname ransomware data-leak (extortion) site on 2025-02-12.

    RansomwareUnknown
  1174. minnesotaexteriors.com ransomware attack (RansomHub, 2025)

    minnesotaexteriors.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-12.

    RansomwareUnknown
  1175. Obex Medical ransomware attack (Killsecurity, 2025)

    Obex Medical was named on the Killsecurity ransomware data-leak (extortion) site on 2025-02-12.

    RansomwareUnknown
  1176. Omni Fiber LLC ransomware attack (Monti, 2025)

    Omni Fiber LLC was named on the Monti ransomware data-leak (extortion) site on 2025-02-12.

    RansomwareUnknown
  1177. rogerspetro.com ransomware attack (RansomHub, 2025)

    rogerspetro.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-12.

    RansomwareUnknown
  1178. slchc.edu ransomware attack (RansomHub, 2025)

    slchc.edu was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-12.

    RansomwareUnknown
  1179. Societatea Energetica Electrica S.A. ransomware attack (Lynx, 2025)

    Societatea Energetica Electrica S.A. was named on the Lynx ransomware data-leak (extortion) site on 2025-02-12.

    RansomwareUnknown
  1180. steveallcorn.remax.com ransomware attack (RansomHub, 2025)

    steveallcorn.remax.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-12.

    RansomwareUnknown
  1181. STIIIZY Full Data Leak ransomware attack (Everest, 2025)

    STIIIZY Full Data Leak was named on the Everest ransomware data-leak (extortion) site on 2025-02-12.

    RansomwareUnknown
  1182. sundanceliving.com ransomware attack (RansomHub, 2025)

    sundanceliving.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-12.

    RansomwareUnknown
  1183. The Brown & Hurley Group ransomware attack (Lynx, 2025)

    The Brown & Hurley Group was named on the Lynx ransomware data-leak (extortion) site on 2025-02-12.

    RansomwareUnknown
  1184. thejdkgroup.com ransomware attack (RansomHub, 2025)

    thejdkgroup.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-12.

    RansomwareUnknown
  1185. twncomm.com ransomware attack (RansomHub, 2025)

    twncomm.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-12.

    RansomwareUnknown
  1186. uniquehd.com\$13.7M\USA\429GB\&lt;1% DISCLOSED ransomware attack (Cactus, 2025)

    uniquehd.com\$13.7M\USA\429GB\&lt;1% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-02-12.

    RansomwareUnknown
  1187. weathersa.co.za ransomware attack (RansomHub, 2025)

    weathersa.co.za was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-12.

    RansomwareUnknown
  1188. Aurora Public Schools (aurorak12.org) ransomware attack (FOG, 2025)

    Aurora Public Schools (aurorak12.org) was named on the FOG ransomware data-leak (extortion) site on 2025-02-11.

    RansomwareUnknown
  1189. Baltimore Country Club ransomware attack (Play, 2025)

    Baltimore Country Club was named on the Play ransomware data-leak (extortion) site on 2025-02-11.

    RansomwareUnknown
  1190. CESI ransomware attack (Termite, 2025)

    CESI was named on the Termite ransomware data-leak (extortion) site on 2025-02-11.

    RansomwareUnknown
  1191. Cold Storage Manufacturing ransomware attack (Play, 2025)

    Cold Storage Manufacturing was named on the Play ransomware data-leak (extortion) site on 2025-02-11.

    RansomwareUnknown
  1192. EAC Consulting ransomware attack (Play, 2025)

    EAC Consulting was named on the Play ransomware data-leak (extortion) site on 2025-02-11.

    RansomwareUnknown
  1193. Fastighetsservice AB ransomware attack (Play, 2025)

    Fastighetsservice AB was named on the Play ransomware data-leak (extortion) site on 2025-02-11.

    RansomwareUnknown
  1194. Hammond Trucking & Excavation ransomware attack (Rhysida, 2025)

    Hammond Trucking & Excavation was named on the Rhysida ransomware data-leak (extortion) site on 2025-02-11.

    RansomwareUnknown
  1195. Jildor Shoes ransomware attack (Play, 2025)

    Jildor Shoes was named on the Play ransomware data-leak (extortion) site on 2025-02-11.

    RansomwareUnknown
  1196. Kensington Glass Arts ransomware attack (Play, 2025)

    Kensington Glass Arts was named on the Play ransomware data-leak (extortion) site on 2025-02-11.

    RansomwareUnknown
  1197. Leak at King Jouet

    In February 2025, French toy retailer King Jouet was hit by a breach of its online order-tracking interface; a hacker claimed 4.3 million records, but the company said fewer than 25,000 customers across two stores had names, contact details and order information exposed.

  1198. Lexipol data breach (2025)

    In February 2025, the public safety policy management systems company Lexipol suffered a data breach. Attributed to the self-proclaimed "Puppygirl Hacker Polycule", the breach exposed an extensive number of documents and user records which were subsequently published publicly.

    Data breachResolved
  1199. Logix Corporate Solutions ransomware attack (Killsecurity, 2025)

    Logix Corporate Solutions was named on the Killsecurity ransomware data-leak (extortion) site on 2025-02-11.

    RansomwareUnknown
  1200. Mainline Information Systems ransomware attack (Play, 2025)

    Mainline Information Systems was named on the Play ransomware data-leak (extortion) site on 2025-02-11.

    RansomwareUnknown
  1201. Monroe Transportation Services Inc ransomware attack (Play, 2025)

    Monroe Transportation Services Inc was named on the Play ransomware data-leak (extortion) site on 2025-02-11.

    RansomwareUnknown
  1202. Neaton Auto Products Manufacturing ransomware attack (Play, 2025)

    Neaton Auto Products Manufacturing was named on the Play ransomware data-leak (extortion) site on 2025-02-11.

    RansomwareUnknown
  1203. primesourcestaffing.com ransomware attack (RansomHub, 2025)

    primesourcestaffing.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-11.

    RansomwareUnknown
  1204. ROCK SOLID Stabilization & Reclamation ransomware attack (Play, 2025)

    ROCK SOLID Stabilization & Reclamation was named on the Play ransomware data-leak (extortion) site on 2025-02-11.

    RansomwareUnknown
  1205. Rogers ransomware attack (Hunters International, 2025)

    Rogers was named on the Hunters International ransomware data-leak (extortion) site on 2025-02-11.

    RansomwareUnknown
  1206. Saint George&#39;s College (saintgeorge.cl) ransomware attack (FOG, 2025)

    Saint George&#39;s College (saintgeorge.cl) was named on the FOG ransomware data-leak (extortion) site on 2025-02-11.

    RansomwareUnknown
  1207. sehma.com ransomware attack (Threeam, 2025)

    sehma.com was named on the Threeam ransomware data-leak (extortion) site on 2025-02-11.

    RansomwareUnknown
  1208. Shinn Fu Company of America ransomware attack (Play, 2025)

    Shinn Fu Company of America was named on the Play ransomware data-leak (extortion) site on 2025-02-11.

    RansomwareUnknown
  1209. sole technology ransomware attack (Monti, 2025)

    sole technology was named on the Monti ransomware data-leak (extortion) site on 2025-02-11.

    RansomwareUnknown
  1210. The Children's Center Of Hamden ransomware attack (Incransom, 2025)

    The Children's Center Of Hamden was named on the Incransom ransomware data-leak (extortion) site on 2025-02-11.

    RansomwareUnknown
  1211. The University of Notre Dame Australia (nd.edu.au) ransomware attack (FOG, 2025)

    The University of Notre Dame Australia (nd.edu.au) was named on the FOG ransomware data-leak (extortion) site on 2025-02-11.

    RansomwareUnknown
  1212. Tie Down Engineering ransomware attack (Play, 2025)

    Tie Down Engineering was named on the Play ransomware data-leak (extortion) site on 2025-02-11.

    RansomwareUnknown
  1213. TMC ransomware attack (Killsecurity, 2025)

    TMC was named on the Killsecurity ransomware data-leak (extortion) site on 2025-02-11.

    RansomwareUnknown
  1214. abcapital.com.ph ransomware attack (LockBit, 2025)

    abcapital.com.ph was named on the LockBit ransomware data-leak (extortion) site on 2025-02-10.

    RansomwareUnknown
  1215. Albright Institute ransomware attack (Killsecurity, 2025)

    Albright Institute was named on the Killsecurity ransomware data-leak (extortion) site on 2025-02-10.

    RansomwareUnknown
  1216. ASRAM Medical College and Hospita ransomware attack (Killsecurity, 2025)

    ASRAM Medical College and Hospita was named on the Killsecurity ransomware data-leak (extortion) site on 2025-02-10.

    RansomwareUnknown
  1217. Atlas Commodities ransomware attack (Lynx, 2025)

    Atlas Commodities was named on the Lynx ransomware data-leak (extortion) site on 2025-02-10.

    RansomwareUnknown
  1218. bazcooil.com ransomware attack (RansomHub, 2025)

    bazcooil.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-10.

    RansomwareUnknown
  1219. Capital Cell Global (CCG) ransomware attack (Killsecurity, 2025)

    Capital Cell Global (CCG) was named on the Killsecurity ransomware data-leak (extortion) site on 2025-02-10.

    RansomwareUnknown
  1220. D-7 Roofing ransomware attack (BianLian, 2025)

    D-7 Roofing was named on the BianLian ransomware data-leak (extortion) site on 2025-02-10.

    RansomwareUnknown
  1221. Enfin ransomware attack (Killsecurity, 2025)

    Enfin was named on the Killsecurity ransomware data-leak (extortion) site on 2025-02-10.

    RansomwareUnknown
  1222. kaplanstahler.com ransomware attack (RansomHub, 2025)

    kaplanstahler.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-10.

    RansomwareUnknown
  1223. komline.com ransomware attack (RansomHub, 2025)

    komline.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-10.

    RansomwareUnknown
  1224. Lexington Electric ransomware attack (Lynx, 2025)

    Lexington Electric was named on the Lynx ransomware data-leak (extortion) site on 2025-02-10.

    RansomwareUnknown
  1225. Marshall Motor Holdings ransomware attack (Lynx, 2025)

    Marshall Motor Holdings was named on the Lynx ransomware data-leak (extortion) site on 2025-02-10.

    RansomwareUnknown
  1226. ome.tv | SOLD ransomware attack (Bashe, 2025)

    ome.tv | SOLD was named on the Bashe ransomware data-leak (extortion) site on 2025-02-10.

    RansomwareUnknown
  1227. Recievership Specialists ransomware attack (BianLian, 2025)

    Recievership Specialists was named on the BianLian ransomware data-leak (extortion) site on 2025-02-10.

    RansomwareUnknown
  1228. sdfab.com ransomware attack (RansomHub, 2025)

    sdfab.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-10.

    RansomwareUnknown
  1229. WhoHire ransomware attack (Killsecurity, 2025)

    WhoHire was named on the Killsecurity ransomware data-leak (extortion) site on 2025-02-10.

    RansomwareUnknown
  1230. www.jsp.com ransomware attack (RansomHub, 2025)

    www.jsp.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-10.

    RansomwareUnknown
  1231. Gitlabs: Universitatea Politehnica din Bucuresti, Maxvy Technologies Pvt, iRidge Inc. ransomware attack (FOG, 2025)

    Gitlabs: Universitatea Politehnica din Bucuresti, Maxvy Technologies Pvt, iRidge Inc. was named on the FOG ransomware data-leak (extortion) site on 2025-02-09.

    RansomwareUnknown
  1232. Handala New Telegram Channel ransomware attack (Handala, 2025)

    Handala New Telegram Channel was named on the Handala ransomware data-leak (extortion) site on 2025-02-09.

    RansomwareUnknown
  1233. Hpisd.org ransomware attack (RansomHub, 2025)

    Hpisd.org was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-09.

    RansomwareUnknown
  1234. Israel Police Hacked ransomware attack (Handala, 2025)

    Israel Police Hacked was named on the Handala ransomware data-leak (extortion) site on 2025-02-09.

    RansomwareUnknown
  1235. Leading Edge Specialized Dentistry ransomware attack (Rhysida, 2025)

    Leading Edge Specialized Dentistry was named on the Rhysida ransomware data-leak (extortion) site on 2025-02-09.

    RansomwareUnknown
  1236. wwcsd.net ransomware attack (RansomHub, 2025)

    wwcsd.net was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-09.

    RansomwareUnknown
  1237. G*********7.com ransomware attack (Flocker, 2025)

    G*********7.com was named on the Flocker ransomware data-leak (extortion) site on 2025-02-08.

    RansomwareUnknown
  1238. M****s.info ransomware attack (Flocker, 2025)

    M****s.info was named on the Flocker ransomware data-leak (extortion) site on 2025-02-08.

    RansomwareUnknown
  1239. R******e.tw ransomware attack (Flocker, 2025)

    R******e.tw was named on the Flocker ransomware data-leak (extortion) site on 2025-02-08.

    RansomwareUnknown
  1240. SAKAI SOUKEN Co. ransomware attack (Hunters International, 2025)

    SAKAI SOUKEN Co. was named on the Hunters International ransomware data-leak (extortion) site on 2025-02-08.

    RansomwareUnknown
  1241. Gitlabs: Chalmers tekniska högskola, Fligno, 3SS ransomware attack (FOG, 2025)

    Gitlabs: Chalmers tekniska högskola, Fligno, 3SS was named on the FOG ransomware data-leak (extortion) site on 2025-02-07.

    RansomwareUnknown
  1242. sautech.edu ransomware attack (RansomHub, 2025)

    sautech.edu was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-07.

    RansomwareUnknown
  1243. teamues.com ransomware attack (RansomHub, 2025)

    teamues.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-07.

    RansomwareUnknown
  1244. Leak at Espace-Recettes.fr Vorwerk

    In early February 2025, Vorwerk's Thermomix recipe community Espace-Recettes.fr (Rezeptwelt) was breached via a compromised third-party server, exposing names, postal addresses, emails, phone numbers, dates of birth and cooking preferences of roughly 3.3 million users across several countries.

  1245. Gitlabs: eConceptions, Top Systems, DIEM ransomware attack (FOG, 2025)

    Gitlabs: eConceptions, Top Systems, DIEM was named on the FOG ransomware data-leak (extortion) site on 2025-02-06.

    RansomwareUnknown
  1246. northernresponse.com\$17.4M\Canada\366GB\&lt;1% DISCLOSED ransomware attack (Cactus, 2025)

    northernresponse.com\$17.4M\Canada\366GB\&lt;1% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-02-06.

    RansomwareUnknown
  1247. Robertshaw ransomware attack (Hunters International, 2025)

    Robertshaw was named on the Hunters International ransomware data-leak (extortion) site on 2025-02-06.

    RansomwareUnknown
  1248. savoiesfoods.com\$18.2M\USA\95GB\&lt;1% DISCLOSED ransomware attack (Cactus, 2025)

    savoiesfoods.com\$18.2M\USA\95GB\&lt;1% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-02-06.

    RansomwareUnknown
  1249. SmithDunn&amp;Co ransomware attack (Spacebears, 2025)

    SmithDunn&amp;Co was named on the Spacebears ransomware data-leak (extortion) site on 2025-02-06.

    RansomwareUnknown
  1250. zsattorneys.com ransomware attack (RansomHub, 2025)

    zsattorneys.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-06.

    RansomwareUnknown
  1251. A2b-cargo.com ransomware attack (Flocker, 2025)

    A2b-cargo.com was named on the Flocker ransomware data-leak (extortion) site on 2025-02-05.

    RansomwareUnknown
  1252. Banfi Vintners ransomware attack (Lynx, 2025)

    Banfi Vintners was named on the Lynx ransomware data-leak (extortion) site on 2025-02-05.

    RansomwareUnknown
  1253. corehandf.com ransomware attack (Threeam, 2025)

    corehandf.com was named on the Threeam ransomware data-leak (extortion) site on 2025-02-05.

    RansomwareUnknown
  1254. Dash Business ransomware attack (BianLian, 2025)

    Dash Business was named on the BianLian ransomware data-leak (extortion) site on 2025-02-05.

    RansomwareUnknown
  1255. Hall Chadwick ransomware attack (BianLian, 2025)

    Hall Chadwick was named on the BianLian ransomware data-leak (extortion) site on 2025-02-05.

    RansomwareUnknown
  1256. India car owners ransomware attack (Bashe, 2025)

    India car owners was named on the Bashe ransomware data-leak (extortion) site on 2025-02-05.

    RansomwareUnknown
  1257. Mid-State Machine & Fabricating Corp ransomware attack (Play, 2025)

    Mid-State Machine & Fabricating Corp was named on the Play ransomware data-leak (extortion) site on 2025-02-05.

    RansomwareUnknown
  1258. NESCTC Security Services ransomware attack (BianLian, 2025)

    NESCTC Security Services was named on the BianLian ransomware data-leak (extortion) site on 2025-02-05.

    RansomwareUnknown
  1259. OFW Law ransomware attack (BianLian, 2025)

    OFW Law was named on the BianLian ransomware data-leak (extortion) site on 2025-02-05.

    RansomwareUnknown
  1260. Shinsung Delta Tech ransomware attack (Lynx, 2025)

    Shinsung Delta Tech was named on the Lynx ransomware data-leak (extortion) site on 2025-02-05.

    RansomwareUnknown
  1261. St Clair Orthopaedics and Sports Medicine P.C. ransomware attack (BianLian, 2025)

    St Clair Orthopaedics and Sports Medicine P.C. was named on the BianLian ransomware data-leak (extortion) site on 2025-02-05.

    RansomwareUnknown
  1262. Toshapp.com ransomware attack (Flocker, 2025)

    Toshapp.com was named on the Flocker ransomware data-leak (extortion) site on 2025-02-05.

    RansomwareUnknown
  1263. alojaimi.com ransomware attack (RansomHub, 2025)

    alojaimi.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-04.

    RansomwareUnknown
  1264. C and R Molds Inc ransomware attack (BianLian, 2025)

    C and R Molds Inc was named on the BianLian ransomware data-leak (extortion) site on 2025-02-04.

    RansomwareUnknown
  1265. C2S Technologies Inc. ransomware attack (Everest, 2025)

    C2S Technologies Inc. was named on the Everest ransomware data-leak (extortion) site on 2025-02-04.

    RansomwareUnknown
  1266. capstoneins.ca ransomware attack (RansomHub, 2025)

    capstoneins.ca was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-04.

    RansomwareUnknown
  1267. Casper&#39;s Truck Equipment ransomware attack (Kairos, 2025)

    Casper&#39;s Truck Equipment was named on the Kairos ransomware data-leak (extortion) site on 2025-02-04.

    RansomwareUnknown
  1268. clarkfreightways.com ransomware attack (RansomHub, 2025)

    clarkfreightways.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-04.

    RansomwareUnknown
  1269. coel.com.mx ransomware attack (Bashe, 2025)

    coel.com.mx was named on the Bashe ransomware data-leak (extortion) site on 2025-02-04.

    RansomwareUnknown
  1270. Commercial Solutions ransomware attack (BianLian, 2025)

    Commercial Solutions was named on the BianLian ransomware data-leak (extortion) site on 2025-02-04.

    RansomwareUnknown
  1271. cornwelltools.com\$218.7M\USA\4.6TB\&lt;1% DISCLOSED ransomware attack (Cactus, 2025)

    cornwelltools.com\$218.7M\USA\4.6TB\&lt;1% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-02-04.

    RansomwareUnknown
  1272. escada.com ransomware attack (RansomHub, 2025)

    escada.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-04.

    RansomwareUnknown
  1273. gaheritagefcu.org ransomware attack (RansomHub, 2025)

    gaheritagefcu.org was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-04.

    RansomwareUnknown
  1274. Gitlabs: hemio.de, SOLEIL, Devlion ransomware attack (FOG, 2025)

    Gitlabs: hemio.de, SOLEIL, Devlion was named on the FOG ransomware data-leak (extortion) site on 2025-02-04.

    RansomwareUnknown
  1275. heartlandrvs.com ransomware attack (RansomHub, 2025)

    heartlandrvs.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-04.

    RansomwareUnknown
  1276. ITSS ransomware attack (Everest, 2025)

    ITSS was named on the Everest ransomware data-leak (extortion) site on 2025-02-04.

    RansomwareUnknown
  1277. Medical Reports ransomware attack (Kairos, 2025)

    Medical Reports was named on the Kairos ransomware data-leak (extortion) site on 2025-02-04.

    RansomwareUnknown
  1278. mgainnovation.com\$30.9M\USA\215GB\&lt;1% DISCLOSED ransomware attack (Cactus, 2025)

    mgainnovation.com\$30.9M\USA\215GB\&lt;1% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-02-04.

    RansomwareUnknown
  1279. mistralsolutions.com ransomware attack (Bashe, 2025)

    mistralsolutions.com was named on the Bashe ransomware data-leak (extortion) site on 2025-02-04.

    RansomwareUnknown
  1280. rashtiandrashti.com\$19.1M\USA\786GB\&lt;1% DISCLOSED ransomware attack (Cactus, 2025)

    rashtiandrashti.com\$19.1M\USA\786GB\&lt;1% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-02-04.

    RansomwareUnknown
  1281. sportadmin.se ransomware attack (RansomHub, 2025)

    sportadmin.se was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-04.

    RansomwareUnknown
  1282. Town Counsel Law & Litigation ransomware attack (Rhysida, 2025)

    Town Counsel Law & Litigation was named on the Rhysida ransomware data-leak (extortion) site on 2025-02-04.

    RansomwareUnknown
  1283. www.aswgr.com ransomware attack (RansomHub, 2025)

    www.aswgr.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-04.

    RansomwareUnknown
  1284. www.aymcdonald.com ransomware attack (RansomHub, 2025)

    www.aymcdonald.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-04.

    RansomwareUnknown
  1285. Daniel Island Club ransomware attack (Play, 2025)

    Daniel Island Club was named on the Play ransomware data-leak (extortion) site on 2025-02-03.

    RansomwareUnknown
  1286. Dickerson & Nieman Realtors ransomware attack (Play, 2025)

    Dickerson & Nieman Realtors was named on the Play ransomware data-leak (extortion) site on 2025-02-03.

    RansomwareUnknown
  1287. DPC Development ransomware attack (Play, 2025)

    DPC Development was named on the Play ransomware data-leak (extortion) site on 2025-02-03.

    RansomwareUnknown
  1288. [EVIDANCE] AIshu, Eshoo ransomware attack (Ransomhouse, 2025)

    [EVIDANCE] AIshu, Eshoo was named on the Ransomhouse ransomware data-leak (extortion) site on 2025-02-03.

    RansomwareUnknown
  1289. Evidn Data Leak ransomware attack (Everest, 2025)

    Evidn Data Leak was named on the Everest ransomware data-leak (extortion) site on 2025-02-03.

    RansomwareUnknown
  1290. Gitlabs: Bolin Centre for Climate Research, X-lab group, Madia ransomware attack (FOG, 2025)

    Gitlabs: Bolin Centre for Climate Research, X-lab group, Madia was named on the FOG ransomware data-leak (extortion) site on 2025-02-03.

    RansomwareUnknown
  1291. gruppozaccaria.it ransomware attack (LockBit, 2025)

    gruppozaccaria.it was named on the LockBit ransomware data-leak (extortion) site on 2025-02-03.

    RansomwareUnknown
  1292. Karadeniz Holding (karadenizholding.com) ransomware attack (FOG, 2025)

    Karadeniz Holding (karadenizholding.com) was named on the FOG ransomware data-leak (extortion) site on 2025-02-03.

    RansomwareUnknown
  1293. KWS ransomware attack (Play, 2025)

    KWS was named on the Play ransomware data-leak (extortion) site on 2025-02-03.

    RansomwareUnknown
  1294. ome.tv ransomware attack (Bashe, 2025)

    ome.tv was named on the Bashe ransomware data-leak (extortion) site on 2025-02-03.

    RansomwareUnknown
  1295. Pineland community service board ransomware attack (Spacebears, 2025)

    Pineland community service board was named on the Spacebears ransomware data-leak (extortion) site on 2025-02-03.

    RansomwareUnknown
  1296. Ponte16 Hotel &amp ransomware attack (Killsecurity, 2025)

    Ponte16 Hotel &amp was named on the Killsecurity ransomware data-leak (extortion) site on 2025-02-03.

    RansomwareUnknown
  1297. QGS Development ransomware attack (Play, 2025)

    QGS Development was named on the Play ransomware data-leak (extortion) site on 2025-02-03.

    RansomwareUnknown
  1298. realtaxcanada.com ransomware attack (Bashe, 2025)

    realtaxcanada.com was named on the Bashe ransomware data-leak (extortion) site on 2025-02-03.

    RansomwareUnknown
  1299. Sheridan Nurseries ransomware attack (Play, 2025)

    Sheridan Nurseries was named on the Play ransomware data-leak (extortion) site on 2025-02-03.

    RansomwareUnknown
  1300. smithmidland.com ransomware attack (RansomHub, 2025)

    smithmidland.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-03.

    RansomwareUnknown
  1301. The Hill Brush ransomware attack (Play, 2025)

    The Hill Brush was named on the Play ransomware data-leak (extortion) site on 2025-02-03.

    RansomwareUnknown
  1302. Woodway USA ransomware attack (Play, 2025)

    Woodway USA was named on the Play ransomware data-leak (extortion) site on 2025-02-03.

    RansomwareUnknown
  1303. www.origene.com ransomware attack (RansomHub, 2025)

    www.origene.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-03.

    RansomwareUnknown
  1304. www.wongfleming.com ransomware attack (RansomHub, 2025)

    www.wongfleming.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-02-03.

    RansomwareUnknown
  1305. Ayres Law Firm ransomware attack (BianLian, 2025)

    Ayres Law Firm was named on the BianLian ransomware data-leak (extortion) site on 2025-02-02.

    RansomwareUnknown
  1306. Civic Committee ransomware attack (BianLian, 2025)

    Civic Committee was named on the BianLian ransomware data-leak (extortion) site on 2025-02-02.

    RansomwareUnknown
  1307. Four Eye Clinics ransomware attack (Abyss, 2025)

    Four Eye Clinics was named on the Abyss ransomware data-leak (extortion) site on 2025-02-02.

    RansomwareUnknown
  1308. Growth Acceleration Partners ransomware attack (BianLian, 2025)

    Growth Acceleration Partners was named on the BianLian ransomware data-leak (extortion) site on 2025-02-02.

    RansomwareUnknown
  1309. jpcgroupinc.com ransomware attack (Abyss, 2025)

    jpcgroupinc.com was named on the Abyss ransomware data-leak (extortion) site on 2025-02-02.

    RansomwareUnknown
  1310. Tosaf Hacked ransomware attack (Handala, 2025)

    Tosaf Hacked was named on the Handala ransomware data-leak (extortion) site on 2025-02-02.

    RansomwareUnknown
  1311. usuhs.edu ransomware attack (LockBit, 2025)

    usuhs.edu was named on the LockBit ransomware data-leak (extortion) site on 2025-02-02.

    RansomwareUnknown
  1312. CAMRIDGEPORT ransomware attack (Spacebears, 2025)

    CAMRIDGEPORT was named on the Spacebears ransomware data-leak (extortion) site on 2025-02-01.

    RansomwareUnknown
  1313. Eascon ransomware attack (Arcusmedia, 2025)

    Eascon was named on the Arcusmedia ransomware data-leak (extortion) site on 2025-02-01.

    RansomwareUnknown
  1314. Falcon Gaming ransomware attack (Arcusmedia, 2025)

    Falcon Gaming was named on the Arcusmedia ransomware data-leak (extortion) site on 2025-02-01.

    RansomwareUnknown
  1315. GATTELLI SpA ransomware attack (Arcusmedia, 2025)

    GATTELLI SpA was named on the Arcusmedia ransomware data-leak (extortion) site on 2025-02-01.

    RansomwareUnknown
  1316. Gitlabs: PT. ITPRENEUR INDONESIA TECHNOLOGY, GFZ Helmholtz Centre for Geosciences, LUA Cof ransomware attack (FOG, 2025)

    Gitlabs: PT. ITPRENEUR INDONESIA TECHNOLOGY, GFZ Helmholtz Centre for Geosciences, LUA Cof was named on the FOG ransomware data-leak (extortion) site on 2025-02-01.

    RansomwareUnknown
  1317. My New Jersey Dentist ransomware attack (Rhysida, 2025)

    My New Jersey Dentist was named on the Rhysida ransomware data-leak (extortion) site on 2025-02-01.

    RansomwareUnknown
  1318. Nano Health ransomware attack (Killsecurity, 2025)

    Nano Health was named on the Killsecurity ransomware data-leak (extortion) site on 2025-02-01.

    RansomwareUnknown
  1319. Technico ransomware attack (Arcusmedia, 2025)

    Technico was named on the Arcusmedia ransomware data-leak (extortion) site on 2025-02-01.

    RansomwareUnknown
  1320. Utilissimo Transportes ransomware attack (Arcusmedia, 2025)

    Utilissimo Transportes was named on the Arcusmedia ransomware data-leak (extortion) site on 2025-02-01.

    RansomwareUnknown
  1321. Wireless Solutions (Morris.Domain) ransomware attack (Lynx, 2025)

    Wireless Solutions (Morris.Domain) was named on the Lynx ransomware data-leak (extortion) site on 2025-02-01.

    RansomwareUnknown
  1322. Zamzow's ransomware attack (Lynx, 2025)

    Zamzow's was named on the Lynx ransomware data-leak (extortion) site on 2025-02-01.

    RansomwareUnknown
  1323. A**-****o.com ransomware attack (Flocker, 2025)

    A**-****o.com was named on the Flocker ransomware data-leak (extortion) site on 2025-01-31.

    RansomwareUnknown
  1324. BH Aircraft Company, Inc. ransomware attack (Rhysida, 2025)

    BH Aircraft Company, Inc. was named on the Rhysida ransomware data-leak (extortion) site on 2025-01-31.

    RansomwareUnknown
  1325. Business Registration Service data breach

    Attackers exfiltrated Kenya's national company-registry data from the Business Registration Service — including ownership and beneficial-owner records touching President Ruto and the Kenyatta family's firms — and offered it for sale on the dark web.

  1326. Pembina Trails School Division ransomware attack (Rhysida, 2025)

    Pembina Trails School Division was named on the Rhysida ransomware data-leak (extortion) site on 2025-01-31.

    RansomwareUnknown
  1327. T*****p.com ransomware attack (Flocker, 2025)

    T*****p.com was named on the Flocker ransomware data-leak (extortion) site on 2025-01-31.

    RansomwareUnknown
  1328. Engine Power Source ransomware attack (Lynx, 2025)

    Engine Power Source was named on the Lynx ransomware data-leak (extortion) site on 2025-01-30.

    RansomwareUnknown
  1329. FENSTERMAKER ransomware attack (Monti, 2025)

    FENSTERMAKER was named on the Monti ransomware data-leak (extortion) site on 2025-01-30.

    RansomwareUnknown
  1330. Gitlabs: Prasaga, HE2B, Kombinat ransomware attack (FOG, 2025)

    Gitlabs: Prasaga, HE2B, Kombinat was named on the FOG ransomware data-leak (extortion) site on 2025-01-30.

    RansomwareUnknown
  1331. Gitlabs: Professional Computer, X-Pans, Propulsion Academy AG ransomware attack (FOG, 2025)

    Gitlabs: Professional Computer, X-Pans, Propulsion Academy AG was named on the FOG ransomware data-leak (extortion) site on 2025-01-30.

    RansomwareUnknown
  1332. ibericar ransomware attack (Monti, 2025)

    ibericar was named on the Monti ransomware data-leak (extortion) site on 2025-01-30.

    RansomwareUnknown
  1333. icicibank.com | SOLD ransomware attack (Bashe, 2025)

    icicibank.com | SOLD was named on the Bashe ransomware data-leak (extortion) site on 2025-01-30.

    RansomwareUnknown
  1334. Jalaram Produce ransomware attack (Lynx, 2025)

    Jalaram Produce was named on the Lynx ransomware data-leak (extortion) site on 2025-01-30.

    RansomwareUnknown
  1335. jayaapparelgroup.com\$60.6M\USA\824GB\&lt;1% DISCLOSED ransomware attack (Cactus, 2025)

    jayaapparelgroup.com\$60.6M\USA\824GB\&lt;1% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-01-30.

    RansomwareUnknown
  1336. johnpaulrichard.com\$60M\USA\985GB\&lt;1% DISCLOSED ransomware attack (Cactus, 2025)

    johnpaulrichard.com\$60M\USA\985GB\&lt;1% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-01-30.

    RansomwareUnknown
  1337. KPI Engineering ransomware attack (Lynx, 2025)

    KPI Engineering was named on the Lynx ransomware data-leak (extortion) site on 2025-01-30.

    RansomwareUnknown
  1338. malindoair.com | SOLD ransomware attack (Bashe, 2025)

    malindoair.com | SOLD was named on the Bashe ransomware data-leak (extortion) site on 2025-01-30.

    RansomwareUnknown
  1339. nenok.de ransomware attack (Monti, 2025)

    nenok.de was named on the Monti ransomware data-leak (extortion) site on 2025-01-30.

    RansomwareUnknown
  1340. Night Hawk ransomware attack (Play, 2025)

    Night Hawk was named on the Play ransomware data-leak (extortion) site on 2025-01-30.

    RansomwareUnknown
  1341. payahmedabadechallan.org ransomware attack (Killsecurity, 2025)

    payahmedabadechallan.org was named on the Killsecurity ransomware data-leak (extortion) site on 2025-01-30.

    RansomwareUnknown
  1342. Scott Engineering ransomware attack (Lynx, 2025)

    Scott Engineering was named on the Lynx ransomware data-leak (extortion) site on 2025-01-30.

    RansomwareUnknown
  1343. Silverado Contractors ransomware attack (Lynx, 2025)

    Silverado Contractors was named on the Lynx ransomware data-leak (extortion) site on 2025-01-30.

    RansomwareUnknown
  1344. soitinlaine.fi ransomware attack (Threeam, 2025)

    soitinlaine.fi was named on the Threeam ransomware data-leak (extortion) site on 2025-01-30.

    RansomwareUnknown
  1345. sunrise-soya.com\$42.2M\Canada\504GB\&lt;1% DISCLOSED ransomware attack (Cactus, 2025)

    sunrise-soya.com\$42.2M\Canada\504GB\&lt;1% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-01-30.

    RansomwareUnknown
  1346. Thermomix Recipe World Forum data breach (2025)

    In January 2025, the Rezeptwelt (German for "recipe world") forum for Thermomix owners suffered a data breach. The incident exposed 3.1M registered users' details including names, email and physical addresses, phone numbers, dates of birth and bios (usually cooking related).

  1347. Tri-Sen Systems ransomware attack (Lynx, 2025)

    Tri-Sen Systems was named on the Lynx ransomware data-leak (extortion) site on 2025-01-30.

    RansomwareUnknown
  1348. ttucorp.com\$27.6M\USA\1TB\&lt;1% DISCLOSED ransomware attack (Cactus, 2025)

    ttucorp.com\$27.6M\USA\1TB\&lt;1% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-01-30.

    RansomwareUnknown
  1349. vsstransportationgroup.com\$54.5M\USA\522GB\&lt;1% DISCLOSED ransomware attack (Cactus, 2025)

    vsstransportationgroup.com\$54.5M\USA\522GB\&lt;1% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-01-30.

    RansomwareUnknown
  1350. Zschimmer and Schwarz ransomware attack (Termite, 2025)

    Zschimmer and Schwarz was named on the Termite ransomware data-leak (extortion) site on 2025-01-30.

    RansomwareUnknown
  1351. air europa ransomware attack (Incransom, 2025)

    air europa was named on the Incransom ransomware data-leak (extortion) site on 2025-01-29.

    RansomwareUnknown
  1352. alkodistributors.com\$33.5M\USA\345GB\&lt;1% DISCLOSED ransomware attack (Cactus, 2025)

    alkodistributors.com\$33.5M\USA\345GB\&lt;1% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-01-29.

    RansomwareUnknown
  1353. biagibros.com\$273M\USA\820GB\&lt;1% DISCLOSED ransomware attack (Cactus, 2025)

    biagibros.com\$273M\USA\820GB\&lt;1% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-01-29.

    RansomwareUnknown
  1354. Boldon James ransomware attack (Incransom, 2025)

    Boldon James was named on the Incransom ransomware data-leak (extortion) site on 2025-01-29.

    RansomwareUnknown
  1355. Boutin Jones (boutindentino.com) ransomware attack (FOG, 2025)

    Boutin Jones (boutindentino.com) was named on the FOG ransomware data-leak (extortion) site on 2025-01-29.

    RansomwareUnknown
  1356. By design ransomware attack (Play, 2025)

    By design was named on the Play ransomware data-leak (extortion) site on 2025-01-29.

    RansomwareUnknown
  1357. Cahoon Farms ransomware attack (Play, 2025)

    Cahoon Farms was named on the Play ransomware data-leak (extortion) site on 2025-01-29.

    RansomwareUnknown
  1358. Cimarron Telephone Company ransomware attack (Play, 2025)

    Cimarron Telephone Company was named on the Play ransomware data-leak (extortion) site on 2025-01-29.

    RansomwareUnknown
  1359. City Of Beloit ransomware attack (Incransom, 2025)

    City Of Beloit was named on the Incransom ransomware data-leak (extortion) site on 2025-01-29.

    RansomwareUnknown
  1360. Commercial & Residential Management Group ransomware attack (Play, 2025)

    Commercial & Residential Management Group was named on the Play ransomware data-leak (extortion) site on 2025-01-29.

    RansomwareUnknown
  1361. daVinci ransomware attack (Play, 2025)

    daVinci was named on the Play ransomware data-leak (extortion) site on 2025-01-29.

    RansomwareUnknown
  1362. DEL Packaging ransomware attack (Kairos, 2025)

    DEL Packaging was named on the Kairos ransomware data-leak (extortion) site on 2025-01-29.

    RansomwareUnknown
  1363. Delta Screen & Filtration () ransomware attack (Lynx, 2025)

    Delta Screen & Filtration () was named on the Lynx ransomware data-leak (extortion) site on 2025-01-29.

    RansomwareUnknown
  1364. Heart to Heart Hospice ransomware attack (Incransom, 2025)

    Heart to Heart Hospice was named on the Incransom ransomware data-leak (extortion) site on 2025-01-29.

    RansomwareUnknown
  1365. Israel Ministry of National Security Hacked ransomware attack (Handala, 2025)

    Israel Ministry of National Security Hacked was named on the Handala ransomware data-leak (extortion) site on 2025-01-29.

    RansomwareUnknown
  1366. Johnston ransomware attack (Play, 2025)

    Johnston was named on the Play ransomware data-leak (extortion) site on 2025-01-29.

    RansomwareUnknown
  1367. Marshall & Bruce Printing ransomware attack (Play, 2025)

    Marshall & Bruce Printing was named on the Play ransomware data-leak (extortion) site on 2025-01-29.

    RansomwareUnknown
  1368. Menominee Tribal Clinic ransomware attack (Incransom, 2025)

    Menominee Tribal Clinic was named on the Incransom ransomware data-leak (extortion) site on 2025-01-29.

    RansomwareUnknown
  1369. midwaymetals.com.vn ransomware attack (RansomHub, 2025)

    midwaymetals.com.vn was named on the RansomHub ransomware data-leak (extortion) site on 2025-01-29.

    RansomwareUnknown
  1370. Mission Locale Montpellier ransomware attack (Incransom, 2025)

    Mission Locale Montpellier was named on the Incransom ransomware data-leak (extortion) site on 2025-01-29.

    RansomwareUnknown
  1371. Plymouth Foam ransomware attack (Play, 2025)

    Plymouth Foam was named on the Play ransomware data-leak (extortion) site on 2025-01-29.

    RansomwareUnknown
  1372. Rossi Real Estate (ROSSIDG.LOCAL) ransomware attack (Lynx, 2025)

    Rossi Real Estate (ROSSIDG.LOCAL) was named on the Lynx ransomware data-leak (extortion) site on 2025-01-29.

    RansomwareUnknown
  1373. SCV Med Group ransomware attack (Monti, 2025)

    SCV Med Group was named on the Monti ransomware data-leak (extortion) site on 2025-01-29.

    RansomwareUnknown
  1374. Strategic Materials ransomware attack (Lynx, 2025)

    Strategic Materials was named on the Lynx ransomware data-leak (extortion) site on 2025-01-29.

    RansomwareUnknown
  1375. The Wendt Agency ransomware attack (Lynx, 2025)

    The Wendt Agency was named on the Lynx ransomware data-leak (extortion) site on 2025-01-29.

    RansomwareUnknown
  1376. tnlottery.com ransomware attack (Incransom, 2025)

    tnlottery.com was named on the Incransom ransomware data-leak (extortion) site on 2025-01-29.

    RansomwareUnknown
  1377. TRIVAD ransomware attack (Play, 2025)

    TRIVAD was named on the Play ransomware data-leak (extortion) site on 2025-01-29.

    RansomwareUnknown
  1378. Turning Leaf (TURNINGLEAF.local) ransomware attack (Incransom, 2025)

    Turning Leaf (TURNINGLEAF.local) was named on the Incransom ransomware data-leak (extortion) site on 2025-01-29.

    RansomwareUnknown
  1379. W*****e.com ransomware attack (Flocker, 2025)

    W*****e.com was named on the Flocker ransomware data-leak (extortion) site on 2025-01-29.

    RansomwareUnknown
  1380. Wallin & Klarich ransomware attack (Play, 2025)

    Wallin & Klarich was named on the Play ransomware data-leak (extortion) site on 2025-01-29.

    RansomwareUnknown
  1381. Acoustiblok ransomware attack (Monti, 2025)

    Acoustiblok was named on the Monti ransomware data-leak (extortion) site on 2025-01-28.

    RansomwareUnknown
  1382. BBLAWFIRM ransomware attack (Monti, 2025)

    BBLAWFIRM was named on the Monti ransomware data-leak (extortion) site on 2025-01-28.

    RansomwareUnknown
  1383. broward.edu ransomware attack (Incransom, 2025)

    broward.edu was named on the Incransom ransomware data-leak (extortion) site on 2025-01-28.

    RansomwareUnknown
  1384. Carthage Police Department ransomware attack (Rhysida, 2025)

    Carthage Police Department was named on the Rhysida ransomware data-leak (extortion) site on 2025-01-28.

    RansomwareUnknown
  1385. cnnindonesia.com ransomware attack (Incransom, 2025)

    cnnindonesia.com was named on the Incransom ransomware data-leak (extortion) site on 2025-01-28.

    RansomwareUnknown
  1386. lnetwork ransomware attack (Monti, 2025)

    lnetwork was named on the Monti ransomware data-leak (extortion) site on 2025-01-28.

    RansomwareUnknown
  1387. metalurgica roma ransomware attack (Monti, 2025)

    metalurgica roma was named on the Monti ransomware data-leak (extortion) site on 2025-01-28.

    RansomwareUnknown
  1388. sce.org.sg ransomware attack (Lynx, 2025)

    sce.org.sg was named on the Lynx ransomware data-leak (extortion) site on 2025-01-28.

    RansomwareUnknown
  1389. www.healthcarewithinreach.org ransomware attack (RansomHub, 2025)

    www.healthcarewithinreach.org was named on the RansomHub ransomware data-leak (extortion) site on 2025-01-28.

    RansomwareUnknown
  1390. Leak at AIDES

    On 27 January 2025, French HIV/hepatitis-prevention charity AIDES disclosed a breach of a secured file-sharing server, exposing supporters' identity, contact and banking details (IBAN) and, for some, health-related information.

  1391. AIshu, Eshoo ransomware attack (Ransomhouse, 2025)

    AIshu, Eshoo was named on the Ransomhouse ransomware data-leak (extortion) site on 2025-01-27.

    RansomwareUnknown
  1392. Alo Center (hq.aloteknik.se) ransomware attack (Lynx, 2025)

    Alo Center (hq.aloteknik.se) was named on the Lynx ransomware data-leak (extortion) site on 2025-01-27.

    RansomwareUnknown
  1393. https://leehartman.com ransomware attack (Metaencryptor, 2025)

    https://leehartman.com was named on the Metaencryptor ransomware data-leak (extortion) site on 2025-01-27.

    RansomwareUnknown
  1394. International AIDS Vaccine Initiative (iavi.org) ransomware attack (Incransom, 2025)

    International AIDS Vaccine Initiative (iavi.org) was named on the Incransom ransomware data-leak (extortion) site on 2025-01-27.

    RansomwareUnknown
  1395. lhps.org ransomware attack (Incransom, 2025)

    lhps.org was named on the Incransom ransomware data-leak (extortion) site on 2025-01-27.

    RansomwareUnknown
  1396. Prinston Pharmaceutical (huahaius.com) ransomware attack (Incransom, 2025)

    Prinston Pharmaceutical (huahaius.com) was named on the Incransom ransomware data-leak (extortion) site on 2025-01-27.

    RansomwareUnknown
  1397. Weeks, Brucker &#038; Coleman, Ltd | Legal Services ransomware attack (Everest, 2025)

    Weeks, Brucker &#038; Coleman, Ltd | Legal Services was named on the Everest ransomware data-leak (extortion) site on 2025-01-27.

    RansomwareUnknown
  1398. Let’s Secure Insurance ransomware attack (Killsecurity, 2025)

    Let’s Secure Insurance was named on the Killsecurity ransomware data-leak (extortion) site on 2025-01-26.

    RansomwareUnknown
  1399. Metro Wire &amp; Cable ransomware attack (Spacebears, 2025)

    Metro Wire &amp; Cable was named on the Spacebears ransomware data-leak (extortion) site on 2025-01-26.

    RansomwareUnknown
  1400. DataSociete ransomware attack (Killsecurity, 2025)

    DataSociete was named on the Killsecurity ransomware data-leak (extortion) site on 2025-01-25.

    RansomwareUnknown
  1401. envirosep.com ransomware attack (Abyss, 2025)

    envirosep.com was named on the Abyss ransomware data-leak (extortion) site on 2025-01-25.

    RansomwareUnknown
  1402. Keepz ransomware attack (Killsecurity, 2025)

    Keepz was named on the Killsecurity ransomware data-leak (extortion) site on 2025-01-25.

    RansomwareUnknown
  1403. Arrow Motor Auctions ransomware attack (Spacebears, 2025)

    Arrow Motor Auctions was named on the Spacebears ransomware data-leak (extortion) site on 2025-01-24.

    RansomwareUnknown
  1404. De La Salle High School (dlshs.org) ransomware attack (FOG, 2025)

    De La Salle High School (dlshs.org) was named on the FOG ransomware data-leak (extortion) site on 2025-01-24.

    RansomwareUnknown
  1405. Doxbin Scrape data breach (2025)

    In January 2025, 435k email addresses were scraped from the "doxing" service Doxbin. Posts to the service are usually intended to disclose the personal information of non-consensually third parties.

    Data breachResolved
  1406. Leak at E.Leclerc

    In January 2025, E.Leclerc's Prime énergie (energy-rebate) platform was hit by fraudulent account access, exposing customers' names, email addresses, login credentials, file numbers, rebate amounts and service descriptions; the breach was disclosed to affected users on 24 January 2025.

  1407. ELTEK Group (eltekgroup.com) ransomware attack (FOG, 2025)

    ELTEK Group (eltekgroup.com) was named on the FOG ransomware data-leak (extortion) site on 2025-01-24.

    RansomwareUnknown
  1408. Leak at French Mountaineering and Climbing Federation

    In late January 2025, the French Mountaineering and Climbing Federation (FFME) disclosed a breach exposing a dataset of 808,881 member accounts, including names, postal and email addresses, member IDs, dates of birth and phone numbers.

  1409. icicibank.com ransomware attack (Bashe, 2025)

    icicibank.com was named on the Bashe ransomware data-leak (extortion) site on 2025-01-24.

    RansomwareUnknown
  1410. Kooijman Vianen (kooijmanvianen.nl) ransomware attack (FOG, 2025)

    Kooijman Vianen (kooijmanvianen.nl) was named on the FOG ransomware data-leak (extortion) site on 2025-01-24.

    RansomwareUnknown
  1411. ORU Mabee Center ransomware attack (Rhysida, 2025)

    ORU Mabee Center was named on the Rhysida ransomware data-leak (extortion) site on 2025-01-24.

    RansomwareUnknown
  1412. PrimoTicketing ransomware attack (Killsecurity, 2025)

    PrimoTicketing was named on the Killsecurity ransomware data-leak (extortion) site on 2025-01-24.

    RansomwareUnknown
  1413. Punjab.gov.pk ransomware attack (Flocker, 2025)

    Punjab.gov.pk was named on the Flocker ransomware data-leak (extortion) site on 2025-01-24.

    RansomwareUnknown
  1414. topackt.com ransomware attack (LockBit, 2025)

    topackt.com was named on the LockBit ransomware data-leak (extortion) site on 2025-01-24.

    RansomwareUnknown
  1415. www.pcm.com.mx ransomware attack (RansomHub, 2025)

    www.pcm.com.mx was named on the RansomHub ransomware data-leak (extortion) site on 2025-01-24.

    RansomwareUnknown
  1416. archaeologicalresearchservices.com ransomware attack (RansomHub, 2025)

    archaeologicalresearchservices.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-01-23.

    RansomwareUnknown
  1417. Cyrious Software ransomware attack (BianLian, 2025)

    Cyrious Software was named on the BianLian ransomware data-leak (extortion) site on 2025-01-23.

    RansomwareUnknown
  1418. Medical Associates of Brevard ransomware attack (BianLian, 2025)

    Medical Associates of Brevard was named on the BianLian ransomware data-leak (extortion) site on 2025-01-23.

    RansomwareUnknown
  1419. PINELAND BHDD COMMUNITY SERVICES ransomware attack (Spacebears, 2025)

    PINELAND BHDD COMMUNITY SERVICES was named on the Spacebears ransomware data-leak (extortion) site on 2025-01-23.

    RansomwareUnknown
  1420. reesndt.ca ransomware attack (Eldorado, 2025)

    reesndt.ca was named on the Eldorado ransomware data-leak (extortion) site on 2025-01-23.

    RansomwareUnknown
  1421. samsill.com ransomware attack (RansomHub, 2025)

    samsill.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-01-23.

    RansomwareUnknown
  1422. starkaerospace.com ransomware attack (Incransom, 2025)

    starkaerospace.com was named on the Incransom ransomware data-leak (extortion) site on 2025-01-23.

    RansomwareUnknown
  1423. www.missionbank.bank ransomware attack (RansomHub, 2025)

    www.missionbank.bank was named on the RansomHub ransomware data-leak (extortion) site on 2025-01-23.

    RansomwareUnknown
  1424. Christian Community Aid ransomware attack (Spacebears, 2025)

    Christian Community Aid was named on the Spacebears ransomware data-leak (extortion) site on 2025-01-22.

    RansomwareUnknown
  1425. Gossett Motor Cars ransomware attack (Lynx, 2025)

    Gossett Motor Cars was named on the Lynx ransomware data-leak (extortion) site on 2025-01-22.

    RansomwareUnknown
  1426. ilemgroup.com ransomware attack (RansomHub, 2025)

    ilemgroup.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-01-22.

    RansomwareUnknown
  1427. Jacobs & Thompson ransomware attack (Lynx, 2025)

    Jacobs & Thompson was named on the Lynx ransomware data-leak (extortion) site on 2025-01-22.

    RansomwareUnknown
  1428. Mintz Law Firm, LLC ransomware attack (Lynx, 2025)

    Mintz Law Firm, LLC was named on the Lynx ransomware data-leak (extortion) site on 2025-01-22.

    RansomwareUnknown
  1429. Omni Fiber LLC - Press Release ransomware attack (Monti, 2025)

    Omni Fiber LLC - Press Release was named on the Monti ransomware data-leak (extortion) site on 2025-01-22.

    RansomwareUnknown
  1430. SANTA MARIA LABORATORIO ransomware attack (Spacebears, 2025)

    SANTA MARIA LABORATORIO was named on the Spacebears ransomware data-leak (extortion) site on 2025-01-22.

    RansomwareUnknown
  1431. sdkgroup.com ransomware attack (RansomHub, 2025)

    sdkgroup.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-01-22.

    RansomwareUnknown
  1432. www.americanstandard-us.com ransomware attack (RansomHub, 2025)

    www.americanstandard-us.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-01-22.

    RansomwareUnknown
  1433. www.grohe.com ransomware attack (RansomHub, 2025)

    www.grohe.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-01-22.

    RansomwareUnknown
  1434. www.manpower.com ransomware attack (RansomHub, 2025)

    www.manpower.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-01-22.

    RansomwareUnknown
  1435. www.reesndt.com ransomware attack (Eldorado, 2025)

    www.reesndt.com was named on the Eldorado ransomware data-leak (extortion) site on 2025-01-22.

    RansomwareUnknown
  1436. Bethany Hospital ransomware attack (Spacebears, 2025)

    Bethany Hospital was named on the Spacebears ransomware data-leak (extortion) site on 2025-01-21.

    RansomwareUnknown
  1437. boardman-hamilton.com ransomware attack (RansomHub, 2025)

    boardman-hamilton.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-01-21.

    RansomwareUnknown
  1438. FAAB Invest Advisors Private Limited ransomware attack (Killsecurity, 2025)

    FAAB Invest Advisors Private Limited was named on the Killsecurity ransomware data-leak (extortion) site on 2025-01-21.

    RansomwareUnknown
  1439. Inaya Clinique ransomware attack (Spacebears, 2025)

    Inaya Clinique was named on the Spacebears ransomware data-leak (extortion) site on 2025-01-21.

    RansomwareUnknown
  1440. malindoair.com ransomware attack (Bashe, 2025)

    malindoair.com was named on the Bashe ransomware data-leak (extortion) site on 2025-01-21.

    RansomwareUnknown
  1441. Marukai ransomware attack (Lynx, 2025)

    Marukai was named on the Lynx ransomware data-leak (extortion) site on 2025-01-21.

    RansomwareUnknown
  1442. miedemaproduce.com ransomware attack (RansomHub, 2025)

    miedemaproduce.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-01-21.

    RansomwareUnknown
  1443. Nimbus Facility Services ransomware attack (Killsecurity, 2025)

    Nimbus Facility Services was named on the Killsecurity ransomware data-leak (extortion) site on 2025-01-21.

    RansomwareUnknown
  1444. precisionmechsd.com ransomware attack (RansomHub, 2025)

    precisionmechsd.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-01-21.

    RansomwareUnknown
  1445. RETAL Baltic Films ransomware attack (Incransom, 2025)

    RETAL Baltic Films was named on the Incransom ransomware data-leak (extortion) site on 2025-01-21.

    RansomwareUnknown
  1446. Solaris-pharma.com leakage ransomware attack (Everest, 2025)

    Solaris-pharma.com leakage was named on the Everest ransomware data-leak (extortion) site on 2025-01-21.

    RansomwareUnknown
  1447. supremegroup.co.in ransomware attack (RansomHub, 2025)

    supremegroup.co.in was named on the RansomHub ransomware data-leak (extortion) site on 2025-01-21.

    RansomwareUnknown
  1448. whychoosebw.com ransomware attack (RansomHub, 2025)

    whychoosebw.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-01-21.

    RansomwareUnknown
  1449. Angotti & Reilly ransomware attack (Lynx, 2025)

    Angotti & Reilly was named on the Lynx ransomware data-leak (extortion) site on 2025-01-20.

    RansomwareUnknown
  1450. Clutch Industries ransomware attack (Lynx, 2025)

    Clutch Industries was named on the Lynx ransomware data-leak (extortion) site on 2025-01-20.

    RansomwareUnknown
  1451. Leak at French Archery Federation (via ITAC)

    On 20 January 2025 the French Archery Federation (FFTA) disclosed a breach stemming from a flaw at its shared license-management provider; a dataset of 625,434 accounts (names, dates of birth, postal addresses, phones, emails, profile photos) was offered for sale online.

  1452. fol-23.fr ransomware attack (Bashe, 2025)

    fol-23.fr was named on the Bashe ransomware data-leak (extortion) site on 2025-01-20.

    RansomwareUnknown
  1453. Kinseth Hospitality Companies ransomware attack (Lynx, 2025)

    Kinseth Hospitality Companies was named on the Lynx ransomware data-leak (extortion) site on 2025-01-20.

    RansomwareUnknown
  1454. P****b.gov.pk ransomware attack (Flocker, 2025)

    P****b.gov.pk was named on the Flocker ransomware data-leak (extortion) site on 2025-01-20.

    RansomwareUnknown
  1455. PetroVietnam Exploration Production Corporation ransomware attack (Hunters International, 2025)

    PetroVietnam Exploration Production Corporation was named on the Hunters International ransomware data-leak (extortion) site on 2025-01-20.

    RansomwareUnknown
  1456. Sentinel Systems ransomware attack (Lynx, 2025)

    Sentinel Systems was named on the Lynx ransomware data-leak (extortion) site on 2025-01-20.

    RansomwareUnknown
  1457. The Urswick School ransomware attack (Kairos, 2025)

    The Urswick School was named on the Kairos ransomware data-leak (extortion) site on 2025-01-20.

    RansomwareUnknown
  1458. Zuk Group Hacked ransomware attack (Handala, 2025)

    Zuk Group Hacked was named on the Handala ransomware data-leak (extortion) site on 2025-01-20.

    RansomwareUnknown
  1459. TG3 Electronics ransomware attack (Rhysida, 2025)

    TG3 Electronics was named on the Rhysida ransomware data-leak (extortion) site on 2025-01-19.

    RansomwareUnknown
  1460. Kassin & Carrow ransomware attack (Lynx, 2025)

    Kassin & Carrow was named on the Lynx ransomware data-leak (extortion) site on 2025-01-18.

    RansomwareUnknown
  1461. Marina Family Medical ransomware attack (Moneymessage, 2025)

    Marina Family Medical was named on the Moneymessage ransomware data-leak (extortion) site on 2025-01-18.

    RansomwareUnknown
  1462. MassDevelopment ransomware attack (BianLian, 2025)

    MassDevelopment was named on the BianLian ransomware data-leak (extortion) site on 2025-01-18.

    RansomwareUnknown
  1463. betclic.com ransomware attack (Bashe, 2025)

    betclic.com was named on the Bashe ransomware data-leak (extortion) site on 2025-01-17.

    RansomwareUnknown
  1464. Kilgore College (kilgore.edu) ransomware attack (Incransom, 2025)

    Kilgore College (kilgore.edu) was named on the Incransom ransomware data-leak (extortion) site on 2025-01-17.

    RansomwareUnknown
  1465. Nightingale Hammerson ransomware attack (Kairos, 2025)

    Nightingale Hammerson was named on the Kairos ransomware data-leak (extortion) site on 2025-01-17.

    RansomwareUnknown
  1466. peponline.org ransomware attack (Incransom, 2025)

    peponline.org was named on the Incransom ransomware data-leak (extortion) site on 2025-01-17.

    RansomwareUnknown
  1467. Regina Coeli Convent ransomware attack (Incransom, 2025)

    Regina Coeli Convent was named on the Incransom ransomware data-leak (extortion) site on 2025-01-17.

    RansomwareUnknown
  1468. Taylor Regional Hospital (thcg.local) ransomware attack (Incransom, 2025)

    Taylor Regional Hospital (thcg.local) was named on the Incransom ransomware data-leak (extortion) site on 2025-01-17.

    RansomwareUnknown
  1469. Washington Gastroenterology (DHSWA.NET) ransomware attack (Incransom, 2025)

    Washington Gastroenterology (DHSWA.NET) was named on the Incransom ransomware data-leak (extortion) site on 2025-01-17.

    RansomwareUnknown
  1470. Access Capital Partners SA ransomware attack (Lynx, 2025)

    Access Capital Partners SA was named on the Lynx ransomware data-leak (extortion) site on 2025-01-16.

    RansomwareUnknown
  1471. anupalanonline.com ransomware attack (Killsecurity, 2025)

    anupalanonline.com was named on the Killsecurity ransomware data-leak (extortion) site on 2025-01-16.

    RansomwareUnknown
  1472. bsegroup.it ransomware attack (RansomHub, 2025)

    bsegroup.it was named on the RansomHub ransomware data-leak (extortion) site on 2025-01-16.

    RansomwareUnknown
  1473. Fish Nelson and Holden ransomware attack (BianLian, 2025)

    Fish Nelson and Holden was named on the BianLian ransomware data-leak (extortion) site on 2025-01-16.

    RansomwareUnknown
  1474. Frame & Optic data breach (2025)

    In January 2025, the eyewear seller Frame & Optic suffered a data breach. The incident exposed almost 16k unique email addresses along with names, phone numbers and geolocation data including country, state and postcode.

    Data breachResolved
  1475. Real Tax ransomware attack (Kairos, 2025)

    Real Tax was named on the Kairos ransomware data-leak (extortion) site on 2025-01-16.

    RansomwareUnknown
  1476. Solaris Pharma proof ransomware attack (Everest, 2025)

    Solaris Pharma proof was named on the Everest ransomware data-leak (extortion) site on 2025-01-16.

    RansomwareUnknown
  1477. The Hoff Brand SL ransomware attack (Everest, 2025)

    The Hoff Brand SL was named on the Everest ransomware data-leak (extortion) site on 2025-01-16.

    RansomwareUnknown
  1478. Volt Infrastructure ransomware attack (Everest, 2025)

    Volt Infrastructure was named on the Everest ransomware data-leak (extortion) site on 2025-01-16.

    RansomwareUnknown
  1479. Woodlake ransomware attack (Everest, 2025)

    Woodlake was named on the Everest ransomware data-leak (extortion) site on 2025-01-16.

    RansomwareUnknown
  1480. www.liteputer.com.tw ransomware attack (RansomHub, 2025)

    www.liteputer.com.tw was named on the RansomHub ransomware data-leak (extortion) site on 2025-01-16.

    RansomwareUnknown
  1481. www.solariumrevestimentos.com.br ransomware attack (RansomHub, 2025)

    www.solariumrevestimentos.com.br was named on the RansomHub ransomware data-leak (extortion) site on 2025-01-16.

    RansomwareUnknown
  1482. A*****Y.com ransomware attack (Flocker, 2025)

    A*****Y.com was named on the Flocker ransomware data-leak (extortion) site on 2025-01-15.

    RansomwareUnknown
  1483. AKConstructors.com ransomware attack (RansomHub, 2025)

    AKConstructors.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-01-15.

    RansomwareUnknown
  1484. anwsd.org ransomware attack (Threeam, 2025)

    anwsd.org was named on the Threeam ransomware data-leak (extortion) site on 2025-01-15.

    RansomwareUnknown
  1485. Combined Pool and Spa ransomware attack (Kairos, 2025)

    Combined Pool and Spa was named on the Kairos ransomware data-leak (extortion) site on 2025-01-15.

    RansomwareUnknown
  1486. communisis.com & paragon.world ransomware attack (Lynx, 2025)

    communisis.com & paragon.world was named on the Lynx ransomware data-leak (extortion) site on 2025-01-15.

    RansomwareUnknown
  1487. fplfood.com\$675M\USA\21GB\&lt;1% DISCLOSED ransomware attack (Cactus, 2025)

    fplfood.com\$675M\USA\21GB\&lt;1% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-01-15.

    RansomwareUnknown
  1488. FSOCIETY X FUNKSEC ransomware attack (Flocker, 2025)

    FSOCIETY X FUNKSEC was named on the Flocker ransomware data-leak (extortion) site on 2025-01-15.

    RansomwareUnknown
  1489. J.G. Electrical Installations ransomware attack (Kairos, 2025)

    J.G. Electrical Installations was named on the Kairos ransomware data-leak (extortion) site on 2025-01-15.

    RansomwareUnknown
  1490. Lowe Engineers ransomware attack (Lynx, 2025)

    Lowe Engineers was named on the Lynx ransomware data-leak (extortion) site on 2025-01-15.

    RansomwareUnknown
  1491. optiline.com\$127.3M\USA\947GB\&lt;1% DISCLOSED ransomware attack (Cactus, 2025)

    optiline.com\$127.3M\USA\947GB\&lt;1% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-01-15.

    RansomwareUnknown
  1492. pnp.co.za ransomware attack (Bashe, 2025)

    pnp.co.za was named on the Bashe ransomware data-leak (extortion) site on 2025-01-15.

    RansomwareUnknown
  1493. Woodport Doors ransomware attack (Lynx, 2025)

    Woodport Doors was named on the Lynx ransomware data-leak (extortion) site on 2025-01-15.

    RansomwareUnknown
  1494. www.eurocert.pl ransomware attack (RansomHub, 2025)

    www.eurocert.pl was named on the RansomHub ransomware data-leak (extortion) site on 2025-01-15.

    RansomwareUnknown
  1495. Buttery (butterycompany.com) ransomware attack (FOG, 2025)

    Buttery (butterycompany.com) was named on the FOG ransomware data-leak (extortion) site on 2025-01-14.

    RansomwareUnknown
  1496. Douglas County, GA (DDCWSA.COM) ransomware attack (Lynx, 2025)

    Douglas County, GA (DDCWSA.COM) was named on the Lynx ransomware data-leak (extortion) site on 2025-01-14.

    RansomwareUnknown
  1497. Farmacia Cofar ransomware attack (Killsecurity, 2025)

    Farmacia Cofar was named on the Killsecurity ransomware data-leak (extortion) site on 2025-01-14.

    RansomwareUnknown
  1498. Leak at French Strength Federation

    In January 2025, the Fédération Française de Force (FFForce) had personal data of 64,512 members exposed via a compromised shared sports-licensing IT provider; records (names, dates of birth, emails, postal addresses, phone numbers) were later sold on BreachForums.

  1499. Leak at French Roller Skateboard Federation

    In January 2025, the Fédération Française de Roller et Skateboard had the personal data of roughly 577,000 members exposed after a shared sports-federation IT provider was compromised; names, dates of birth, email/postal addresses and phone numbers were leaked.

  1500. Intelservice.com ransomware attack (RansomHub, 2025)

    Intelservice.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-01-14.

    RansomwareUnknown
  1501. Leak at Kiabi

    In January 2025, French clothing retailer Kiabi disclosed a credential-stuffing attack on its secondhand site (secondemain.kiabi.com) that exposed the names, dates of birth, contact details and IBANs of about 20,000 customers.

  1502. pittman-construction.com ransomware attack (LockBit, 2025)

    pittman-construction.com was named on the LockBit ransomware data-leak (extortion) site on 2025-01-14.

    RansomwareUnknown
  1503. QualiTech (qualitech.com) ransomware attack (Lynx, 2025)

    QualiTech (qualitech.com) was named on the Lynx ransomware data-leak (extortion) site on 2025-01-14.

    RansomwareUnknown
  1504. SciTech Services, Inc. ransomware attack (FOG, 2025)

    SciTech Services, Inc. was named on the FOG ransomware data-leak (extortion) site on 2025-01-14.

    RansomwareUnknown
  1505. Sharm Reef Hotel ransomware attack (Spacebears, 2025)

    Sharm Reef Hotel was named on the Spacebears ransomware data-leak (extortion) site on 2025-01-14.

    RansomwareUnknown
  1506. Solaris Pharma ransomware attack (Everest, 2025)

    Solaris Pharma was named on the Everest ransomware data-leak (extortion) site on 2025-01-14.

    RansomwareUnknown
  1507. Spectrum ransomware attack (Incransom, 2025)

    Spectrum was named on the Incransom ransomware data-leak (extortion) site on 2025-01-14.

    RansomwareUnknown
  1508. The Chicano Federation ransomware attack (Rhysida, 2025)

    The Chicano Federation was named on the Rhysida ransomware data-leak (extortion) site on 2025-01-14.

    RansomwareUnknown
  1509. The University of Oklahoma (ou.edu) ransomware attack (FOG, 2025)

    The University of Oklahoma (ou.edu) was named on the FOG ransomware data-leak (extortion) site on 2025-01-14.

    RansomwareUnknown
  1510. udb.net ransomware attack (RansomHub, 2025)

    udb.net was named on the RansomHub ransomware data-leak (extortion) site on 2025-01-14.

    RansomwareUnknown
  1511. WPD.WOODPORTDOORS.COM ransomware attack (Lynx, 2025)

    WPD.WOODPORTDOORS.COM was named on the Lynx ransomware data-leak (extortion) site on 2025-01-14.

    RansomwareUnknown
  1512. adveo.com\$740.7M\France\1.1TB\100% DISCLOSED ransomware attack (Cactus, 2025)

    adveo.com\$740.7M\France\1.1TB\100% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-01-13.

    RansomwareUnknown
  1513. atpformosa.gob.ar ransomware attack (LockBit, 2025)

    atpformosa.gob.ar was named on the LockBit ransomware data-leak (extortion) site on 2025-01-13.

    RansomwareUnknown
  1514. Biomedical Caledonia Medical Laboratory (calmedlab.local) ransomware attack (Incransom, 2025)

    Biomedical Caledonia Medical Laboratory (calmedlab.local) was named on the Incransom ransomware data-leak (extortion) site on 2025-01-13.

    RansomwareUnknown
  1515. Browdy (bl.local) ransomware attack (Lynx, 2025)

    Browdy (bl.local) was named on the Lynx ransomware data-leak (extortion) site on 2025-01-13.

    RansomwareUnknown
  1516. candelasyasociados.es ransomware attack (LockBit, 2025)

    candelasyasociados.es was named on the LockBit ransomware data-leak (extortion) site on 2025-01-13.

    RansomwareUnknown
  1517. Conad (conad.lan) ransomware attack (Lynx, 2025)

    Conad (conad.lan) was named on the Lynx ransomware data-leak (extortion) site on 2025-01-13.

    RansomwareUnknown
  1518. Delap & Waller ransomware attack (Lynx, 2025)

    Delap & Waller was named on the Lynx ransomware data-leak (extortion) site on 2025-01-13.

    RansomwareUnknown
  1519. Findhelp Information Services ransomware attack (Incransom, 2025)

    Findhelp Information Services was named on the Incransom ransomware data-leak (extortion) site on 2025-01-13.

    RansomwareUnknown
  1520. gelco-s-a.com.br ransomware attack (LockBit, 2025)

    gelco-s-a.com.br was named on the LockBit ransomware data-leak (extortion) site on 2025-01-13.

    RansomwareUnknown
  1521. healthcarewithinreach.org ransomware attack (RansomHub, 2025)

    healthcarewithinreach.org was named on the RansomHub ransomware data-leak (extortion) site on 2025-01-13.

    RansomwareUnknown
  1522. Imperial Valley Respite (ivrespite.com) ransomware attack (Incransom, 2025)

    Imperial Valley Respite (ivrespite.com) was named on the Incransom ransomware data-leak (extortion) site on 2025-01-13.

    RansomwareUnknown
  1523. lamejor.com.co ransomware attack (LockBit, 2025)

    lamejor.com.co was named on the LockBit ransomware data-leak (extortion) site on 2025-01-13.

    RansomwareUnknown
  1524. mi.edu ransomware attack (RansomHub, 2025)

    mi.edu was named on the RansomHub ransomware data-leak (extortion) site on 2025-01-13.

    RansomwareUnknown
  1525. Nash Brothers Construction (nashdom.local) ransomware attack (Lynx, 2025)

    Nash Brothers Construction (nashdom.local) was named on the Lynx ransomware data-leak (extortion) site on 2025-01-13.

    RansomwareUnknown
  1526. nicatel.com.uy ransomware attack (LockBit, 2025)

    nicatel.com.uy was named on the LockBit ransomware data-leak (extortion) site on 2025-01-13.

    RansomwareUnknown
  1527. Novati Constructions ransomware attack (Lynx, 2025)

    Novati Constructions was named on the Lynx ransomware data-leak (extortion) site on 2025-01-13.

    RansomwareUnknown
  1528. Onecare ransomware attack (Incransom, 2025)

    Onecare was named on the Incransom ransomware data-leak (extortion) site on 2025-01-13.

    RansomwareUnknown
  1529. oyolasvegas.com ransomware attack (LockBit, 2025)

    oyolasvegas.com was named on the LockBit ransomware data-leak (extortion) site on 2025-01-13.

    RansomwareUnknown
  1530. PHG CPAs (bushman.biz) ransomware attack (Lynx, 2025)

    PHG CPAs (bushman.biz) was named on the Lynx ransomware data-leak (extortion) site on 2025-01-13.

    RansomwareUnknown
  1531. Riverina Medical ransomware attack (Incransom, 2025)

    Riverina Medical was named on the Incransom ransomware data-leak (extortion) site on 2025-01-13.

    RansomwareUnknown
  1532. SERGAS Group ransomware attack (Lynx, 2025)

    SERGAS Group was named on the Lynx ransomware data-leak (extortion) site on 2025-01-13.

    RansomwareUnknown
  1533. Stealer Logs, Jan 2025 data breach (2025)

    In January 2025, stealer logs with 71M email addresses were added to HIBP. Consisting of email address, password and the website the credentials were entered against, this breach marks the launch of a new HIBP feature enabling the retrieval of the specific websites the logs were collected against.

    Data breachResolved
  1534. telering.de ransomware attack (LockBit, 2025)

    telering.de was named on the LockBit ransomware data-leak (extortion) site on 2025-01-13.

    RansomwareUnknown
  1535. viacaojacarei.com.br ransomware attack (LockBit, 2025)

    viacaojacarei.com.br was named on the LockBit ransomware data-leak (extortion) site on 2025-01-13.

    RansomwareUnknown
  1536. Welcomehallmission.com ransomware attack (Everest, 2025)

    Welcomehallmission.com was named on the Everest ransomware data-leak (extortion) site on 2025-01-13.

    RansomwareUnknown
  1537. LandAirSea data breach (2025)

    In January 2025, the GPS tracking service LandAirSea suffered a data breach that exposed 337k unique customer email addresses alongside names, usernames and password hashes.

    Data breachResolved
  1538. Arun Estates ransomware attack (Black Basta, 2025)

    Arun Estates was named on the Black Basta ransomware data-leak (extortion) site on 2025-01-11.

    RansomwareUnknown
  1539. Astaphans ransomware attack (Lynx, 2025)

    Astaphans was named on the Lynx ransomware data-leak (extortion) site on 2025-01-11.

    RansomwareUnknown
  1540. Avril Supermarché Santé ransomware attack (Black Basta, 2025)

    Avril Supermarché Santé was named on the Black Basta ransomware data-leak (extortion) site on 2025-01-11.

    RansomwareUnknown
  1541. Barber Specialties ransomware attack (Hunters International, 2025)

    Barber Specialties was named on the Hunters International ransomware data-leak (extortion) site on 2025-01-11.

    RansomwareUnknown
  1542. Bnext.nl ransomware attack (Black Basta, 2025)

    Bnext.nl was named on the Black Basta ransomware data-leak (extortion) site on 2025-01-11.

    RansomwareUnknown
  1543. Brachot ransomware attack (Black Basta, 2025)

    Brachot was named on the Black Basta ransomware data-leak (extortion) site on 2025-01-11.

    RansomwareUnknown
  1544. COROB ransomware attack (Hunters International, 2025)

    COROB was named on the Hunters International ransomware data-leak (extortion) site on 2025-01-11.

    RansomwareUnknown
  1545. Costex ransomware attack (Hunters International, 2025)

    Costex was named on the Hunters International ransomware data-leak (extortion) site on 2025-01-11.

    RansomwareUnknown
  1546. Granby Industries ransomware attack (Black Basta, 2025)

    Granby Industries was named on the Black Basta ransomware data-leak (extortion) site on 2025-01-11.

    RansomwareUnknown
  1547. Jim Thompson ransomware attack (Lynx, 2025)

    Jim Thompson was named on the Lynx ransomware data-leak (extortion) site on 2025-01-11.

    RansomwareUnknown
  1548. Mortgage Investors Group (MIG) ransomware attack (Black Basta, 2025)

    Mortgage Investors Group (MIG) was named on the Black Basta ransomware data-leak (extortion) site on 2025-01-11.

    RansomwareUnknown
  1549. Patriarche Office of Architecture ransomware attack (Hunters International, 2025)

    Patriarche Office of Architecture was named on the Hunters International ransomware data-leak (extortion) site on 2025-01-11.

    RansomwareUnknown
  1550. Plasma-Therm ransomware attack (Black Basta, 2025)

    Plasma-Therm was named on the Black Basta ransomware data-leak (extortion) site on 2025-01-11.

    RansomwareUnknown
  1551. RocSearch ransomware attack (Hunters International, 2025)

    RocSearch was named on the Hunters International ransomware data-leak (extortion) site on 2025-01-11.

    RansomwareUnknown
  1552. Schuff Steel Company ransomware attack (Black Basta, 2025)

    Schuff Steel Company was named on the Black Basta ransomware data-leak (extortion) site on 2025-01-11.

    RansomwareUnknown
  1553. T. Hasegawa USA ransomware attack (Hunters International, 2025)

    T. Hasegawa USA was named on the Hunters International ransomware data-leak (extortion) site on 2025-01-11.

    RansomwareUnknown
  1554. Unisource Information Services ransomware attack (Hunters International, 2025)

    Unisource Information Services was named on the Hunters International ransomware data-leak (extortion) site on 2025-01-11.

    RansomwareUnknown
  1555. amerplumb.com ransomware attack (RansomHub, 2025)

    amerplumb.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-01-10.

    RansomwareUnknown
  1556. Evidn ransomware attack (Everest, 2025)

    Evidn was named on the Everest ransomware data-leak (extortion) site on 2025-01-10.

    RansomwareUnknown
  1557. massdevelopment.com\$24.6M\USA\1.2TB\100% DISCLOSED ransomware attack (Cactus, 2025)

    massdevelopment.com\$24.6M\USA\1.2TB\100% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-01-10.

    RansomwareUnknown
  1558. OmniRide (omniride.com) ransomware attack (FOG, 2025)

    OmniRide (omniride.com) was named on the FOG ransomware data-leak (extortion) site on 2025-01-10.

    RansomwareUnknown
  1559. Protected: Title Hidden ransomware attack (Everest, 2025)

    Protected: Title Hidden was named on the Everest ransomware data-leak (extortion) site on 2025-01-10.

    RansomwareUnknown
  1560. ptcky.com\$5M\USA\902GB\100% DISCLOSED ransomware attack (Cactus, 2025)

    ptcky.com\$5M\USA\902GB\100% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-01-10.

    RansomwareUnknown
  1561. Qualinet ransomware attack (Rhysida, 2025)

    Qualinet was named on the Rhysida ransomware data-leak (extortion) site on 2025-01-10.

    RansomwareUnknown
  1562. www.wisesocon.com ransomware attack (RansomHub, 2025)

    www.wisesocon.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-01-10.

    RansomwareUnknown
  1563. xtremmedia.com ransomware attack (RansomHub, 2025)

    xtremmedia.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-01-10.

    RansomwareUnknown
  1564. alansarioman.com ransomware attack (Embargo, 2025)

    alansarioman.com was named on the Embargo ransomware data-leak (extortion) site on 2025-01-09.

    RansomwareUnknown
  1565. awimc.com\$102.7M\USA\440GB\100% DISCLOSED ransomware attack (Cactus, 2025)

    awimc.com\$102.7M\USA\440GB\100% DISCLOSED was named on the Cactus ransomware data-leak (extortion) site on 2025-01-09.

    RansomwareUnknown
  1566. azpay.me | SOLD ransomware attack (Bashe, 2025)

    azpay.me | SOLD was named on the Bashe ransomware data-leak (extortion) site on 2025-01-09.

    RansomwareUnknown
  1567. castlehillha.co.uk ransomware attack (RansomHub, 2025)

    castlehillha.co.uk was named on the RansomHub ransomware data-leak (extortion) site on 2025-01-09.

    RansomwareUnknown
  1568. CO-VER Power Technology SpA Data Leak ransomware attack (Everest, 2025)

    CO-VER Power Technology SpA Data Leak was named on the Everest ransomware data-leak (extortion) site on 2025-01-09.

    RansomwareUnknown
  1569. depewgillen.com ransomware attack (Incransom, 2025)

    depewgillen.com was named on the Incransom ransomware data-leak (extortion) site on 2025-01-09.

    RansomwareUnknown
  1570. drive-lines.com ransomware attack (RansomHub, 2025)

    drive-lines.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-01-09.

    RansomwareUnknown
  1571. evasair.com ransomware attack (Eldorado, 2025)

    evasair.com was named on the Eldorado ransomware data-leak (extortion) site on 2025-01-09.

    RansomwareUnknown
  1572. Fukoku Co. Ltd. ransomware attack (Spacebears, 2025)

    Fukoku Co. Ltd. was named on the Spacebears ransomware data-leak (extortion) site on 2025-01-09.

    RansomwareUnknown
  1573. hapsch.de ransomware attack (Threeam, 2025)

    hapsch.de was named on the Threeam ransomware data-leak (extortion) site on 2025-01-09.

    RansomwareUnknown
  1574. Izmocars Data Leak ransomware attack (Everest, 2025)

    Izmocars Data Leak was named on the Everest ransomware data-leak (extortion) site on 2025-01-09.

    RansomwareUnknown
  1575. Myhealthcarebilling Data Leak ransomware attack (Everest, 2025)

    Myhealthcarebilling Data Leak was named on the Everest ransomware data-leak (extortion) site on 2025-01-09.

    RansomwareUnknown
  1576. Sarah Car Care Data Leak ransomware attack (Everest, 2025)

    Sarah Car Care Data Leak was named on the Everest ransomware data-leak (extortion) site on 2025-01-09.

    RansomwareUnknown
  1577. Telefónica Hellcat infostealer-to-Jira breach (Spain, 2025)

    Infostealer malware on the endpoints of 15+ Telefónica employees gave the Hellcat ransomware group credentials into the company's internal Jira ticketing system. Social-engineering escalated the access to SSH. The group did not extort — it publicly published 2.3 GB including 24,000 employee emails, 470,000 internal Jira tickets, and 5,000 internal documents.

  1578. www.excelresourcing.co.uk ransomware attack (RansomHub, 2025)

    www.excelresourcing.co.uk was named on the RansomHub ransomware data-leak (extortion) site on 2025-01-09.

    RansomwareUnknown
  1579. www.fairhallzhang.com ransomware attack (RansomHub, 2025)

    www.fairhallzhang.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-01-09.

    RansomwareUnknown
  1580. www.leaguecenter.org ransomware attack (RansomHub, 2025)

    www.leaguecenter.org was named on the RansomHub ransomware data-leak (extortion) site on 2025-01-09.

    RansomwareUnknown
  1581. www.mie.com.my ransomware attack (RansomHub, 2025)

    www.mie.com.my was named on the RansomHub ransomware data-leak (extortion) site on 2025-01-09.

    RansomwareUnknown
  1582. www.primalwear.com ransomware attack (RansomHub, 2025)

    www.primalwear.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-01-09.

    RansomwareUnknown
  1583. www.rotaryeng.co.th ransomware attack (RansomHub, 2025)

    www.rotaryeng.co.th was named on the RansomHub ransomware data-leak (extortion) site on 2025-01-09.

    RansomwareUnknown
  1584. www.temotekstil.com.tr ransomware attack (RansomHub, 2025)

    www.temotekstil.com.tr was named on the RansomHub ransomware data-leak (extortion) site on 2025-01-09.

    RansomwareUnknown
  1585. acquafertil.com.br ransomware attack (RansomHub, 2025)

    acquafertil.com.br was named on the RansomHub ransomware data-leak (extortion) site on 2025-01-08.

    RansomwareUnknown
  1586. bendixengineering ransomware attack (Ransomblog_noname, 2025)

    bendixengineering was named on the Ransomblog_noname ransomware data-leak (extortion) site on 2025-01-08.

    RansomwareUnknown
  1587. fwmep.edu ransomware attack (Incransom, 2025)

    fwmep.edu was named on the Incransom ransomware data-leak (extortion) site on 2025-01-08.

    RansomwareUnknown
  1588. General Digital ransomware attack (Spacebears, 2025)

    General Digital was named on the Spacebears ransomware data-leak (extortion) site on 2025-01-08.

    RansomwareUnknown
  1589. General Digital CRM ransomware attack (Spacebears, 2025)

    General Digital CRM was named on the Spacebears ransomware data-leak (extortion) site on 2025-01-08.

    RansomwareUnknown
  1590. Huntington Hotel Group ransomware attack (Termite, 2025)

    Huntington Hotel Group was named on the Termite ransomware data-leak (extortion) site on 2025-01-08.

    RansomwareUnknown
  1591. kingpower.com ransomware attack (Abyss, 2025)

    kingpower.com was named on the Abyss ransomware data-leak (extortion) site on 2025-01-08.

    RansomwareUnknown
  1592. sahpetrol.com.tr ransomware attack (RansomHub, 2025)

    sahpetrol.com.tr was named on the RansomHub ransomware data-leak (extortion) site on 2025-01-08.

    RansomwareUnknown
  1593. Scholastic data breach (2025)

    In January 2025, a data breach of the publishing company Scholastic surfaced. The breach contained 4.2M unique email addresses with many of the records also including name, phone number and physical address.

    Data breachResolved
  1594. astaphans.com ransomware attack (Lynx, 2025)

    astaphans.com was named on the Lynx ransomware data-leak (extortion) site on 2025-01-07.

    RansomwareUnknown
  1595. jimthompson.com ransomware attack (Lynx, 2025)

    jimthompson.com was named on the Lynx ransomware data-leak (extortion) site on 2025-01-07.

    RansomwareUnknown
  1596. Saint-Bar (saintbar.be) ransomware attack (FOG, 2025)

    Saint-Bar (saintbar.be) was named on the FOG ransomware data-leak (extortion) site on 2025-01-07.

    RansomwareUnknown
  1597. Sunflower Medical Group ransomware attack (Rhysida, 2025)

    Sunflower Medical Group was named on the Rhysida ransomware data-leak (extortion) site on 2025-01-07.

    RansomwareUnknown
  1598. u0 Excel Transportation ransomware attack (Lynx, 2025)

    u0 Excel Transportation was named on the Lynx ransomware data-leak (extortion) site on 2025-01-07.

    RansomwareUnknown
  1599. molars.co.ke ransomware attack (RansomHub, 2025)

    molars.co.ke was named on the RansomHub ransomware data-leak (extortion) site on 2025-01-06.

    RansomwareUnknown
  1600. yoniot.cn ransomware attack (Darkvault, 2025)

    yoniot.cn was named on the Darkvault ransomware data-leak (extortion) site on 2025-01-06.

    RansomwareUnknown
  1601. akantha.fr ransomware attack (Eldorado, 2025)

    akantha.fr was named on the Eldorado ransomware data-leak (extortion) site on 2025-01-05.

    RansomwareUnknown
  1602. Car Care Plan - Turkey ransomware attack (Hellcat, 2025)

    Car Care Plan - Turkey was named on the Hellcat ransomware data-leak (extortion) site on 2025-01-05.

    RansomwareUnknown
  1603. Hunter Taubman Fischer & Li ransomware attack (Lynx, 2025)

    Hunter Taubman Fischer & Li was named on the Lynx ransomware data-leak (extortion) site on 2025-01-05.

    RansomwareUnknown
  1604. aliorbank.pl ransomware attack (Bashe, 2025)

    aliorbank.pl was named on the Bashe ransomware data-leak (extortion) site on 2025-01-04.

    RansomwareUnknown
  1605. assurified.com ransomware attack (Bashe, 2025)

    assurified.com was named on the Bashe ransomware data-leak (extortion) site on 2025-01-04.

    RansomwareUnknown
  1606. baldinger-ag.ch ransomware attack (Bashe, 2025)

    baldinger-ag.ch was named on the Bashe ransomware data-leak (extortion) site on 2025-01-04.

    RansomwareUnknown
  1607. bigalsfoodservice.co.uk ransomware attack (Bashe, 2025)

    bigalsfoodservice.co.uk was named on the Bashe ransomware data-leak (extortion) site on 2025-01-04.

    RansomwareUnknown
  1608. bms.com ransomware attack (Bashe, 2025)

    bms.com was named on the Bashe ransomware data-leak (extortion) site on 2025-01-04.

    RansomwareUnknown
  1609. certifiedinfosec.com ransomware attack (Bashe, 2025)

    certifiedinfosec.com was named on the Bashe ransomware data-leak (extortion) site on 2025-01-04.

    RansomwareUnknown
  1610. credio.eu ransomware attack (Bashe, 2025)

    credio.eu was named on the Bashe ransomware data-leak (extortion) site on 2025-01-04.

    RansomwareUnknown
  1611. datascan.com ransomware attack (Eldorado, 2025)

    datascan.com was named on the Eldorado ransomware data-leak (extortion) site on 2025-01-04.

    RansomwareUnknown
  1612. fpj.com.py PART1 ransomware attack (Bashe, 2025)

    fpj.com.py PART1 was named on the Bashe ransomware data-leak (extortion) site on 2025-01-04.

    RansomwareUnknown
  1613. fpj.com.py PART2 ransomware attack (Bashe, 2025)

    fpj.com.py PART2 was named on the Bashe ransomware data-leak (extortion) site on 2025-01-04.

    RansomwareUnknown
  1614. fpj.com.py PART3 ransomware attack (Bashe, 2025)

    fpj.com.py PART3 was named on the Bashe ransomware data-leak (extortion) site on 2025-01-04.

    RansomwareUnknown
  1615. gannons.co.uk ransomware attack (Bashe, 2025)

    gannons.co.uk was named on the Bashe ransomware data-leak (extortion) site on 2025-01-04.

    RansomwareUnknown
  1616. hasa-arg.com ransomware attack (Eldorado, 2025)

    hasa-arg.com was named on the Eldorado ransomware data-leak (extortion) site on 2025-01-04.

    RansomwareUnknown
  1617. lamaisonducitron.com ransomware attack (Bashe, 2025)

    lamaisonducitron.com was named on the Bashe ransomware data-leak (extortion) site on 2025-01-04.

    RansomwareUnknown
  1618. legilog.fr ransomware attack (Bashe, 2025)

    legilog.fr was named on the Bashe ransomware data-leak (extortion) site on 2025-01-04.

    RansomwareUnknown
  1619. minerasancristobal.com ransomware attack (Bashe, 2025)

    minerasancristobal.com was named on the Bashe ransomware data-leak (extortion) site on 2025-01-04.

    RansomwareUnknown
  1620. Montreal North ransomware attack (Rhysida, 2025)

    Montreal North was named on the Rhysida ransomware data-leak (extortion) site on 2025-01-04.

    RansomwareUnknown
  1621. netromsoftware.ro ransomware attack (Bashe, 2025)

    netromsoftware.ro was named on the Bashe ransomware data-leak (extortion) site on 2025-01-04.

    RansomwareUnknown
  1622. northernsafety.com ransomware attack (Bashe, 2025)

    northernsafety.com was named on the Bashe ransomware data-leak (extortion) site on 2025-01-04.

    RansomwareUnknown
  1623. perucontrols.com ransomware attack (Eldorado, 2025)

    perucontrols.com was named on the Eldorado ransomware data-leak (extortion) site on 2025-01-04.

    RansomwareUnknown
  1624. pindrophearing.co.uk ransomware attack (Bashe, 2025)

    pindrophearing.co.uk was named on the Bashe ransomware data-leak (extortion) site on 2025-01-04.

    RansomwareUnknown
  1625. polleninformation.at ransomware attack (Bashe, 2025)

    polleninformation.at was named on the Bashe ransomware data-leak (extortion) site on 2025-01-04.

    RansomwareUnknown
  1626. prixet.com ransomware attack (Bashe, 2025)

    prixet.com was named on the Bashe ransomware data-leak (extortion) site on 2025-01-04.

    RansomwareUnknown
  1627. protectasecurity.pe ransomware attack (Bashe, 2025)

    protectasecurity.pe was named on the Bashe ransomware data-leak (extortion) site on 2025-01-04.

    RansomwareUnknown
  1628. sansirostadium.com ransomware attack (Bashe, 2025)

    sansirostadium.com was named on the Bashe ransomware data-leak (extortion) site on 2025-01-04.

    RansomwareUnknown
  1629. scopeset.de ransomware attack (Bashe, 2025)

    scopeset.de was named on the Bashe ransomware data-leak (extortion) site on 2025-01-04.

    RansomwareUnknown
  1630. sella.eng.br ransomware attack (Bashe, 2025)

    sella.eng.br was named on the Bashe ransomware data-leak (extortion) site on 2025-01-04.

    RansomwareUnknown
  1631. servicepower.com ransomware attack (Bashe, 2025)

    servicepower.com was named on the Bashe ransomware data-leak (extortion) site on 2025-01-04.

    RansomwareUnknown
  1632. sfr.fr ransomware attack (Bashe, 2025)

    sfr.fr was named on the Bashe ransomware data-leak (extortion) site on 2025-01-04.

    RansomwareUnknown
  1633. siapenet.gov.br ransomware attack (Bashe, 2025)

    siapenet.gov.br was named on the Bashe ransomware data-leak (extortion) site on 2025-01-04.

    RansomwareUnknown
  1634. talonsolutions.co.uk ransomware attack (Bashe, 2025)

    talonsolutions.co.uk was named on the Bashe ransomware data-leak (extortion) site on 2025-01-04.

    RansomwareUnknown
  1635. trifecta.com ransomware attack (Bashe, 2025)

    trifecta.com was named on the Bashe ransomware data-leak (extortion) site on 2025-01-04.

    RansomwareUnknown
  1636. trinitesolutions.com ransomware attack (Bashe, 2025)

    trinitesolutions.com was named on the Bashe ransomware data-leak (extortion) site on 2025-01-04.

    RansomwareUnknown
  1637. Amourgis & Associates ransomware attack (Lynx, 2025)

    Amourgis & Associates was named on the Lynx ransomware data-leak (extortion) site on 2025-01-03.

    RansomwareUnknown
  1638. Nikki-Universal Co Ltd ransomware attack (Hunters International, 2025)

    Nikki-Universal Co Ltd was named on the Hunters International ransomware data-leak (extortion) site on 2025-01-03.

    RansomwareUnknown
  1639. www.alliancemat.com ransomware attack (RansomHub, 2025)

    www.alliancemat.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-01-03.

    RansomwareUnknown
  1640. www.geedingconstruction.com ransomware attack (RansomHub, 2025)

    www.geedingconstruction.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-01-03.

    RansomwareUnknown
  1641. confluxhr.com ransomware attack (Darkvault, 2025)

    confluxhr.com was named on the Darkvault ransomware data-leak (extortion) site on 2025-01-02.

    RansomwareUnknown
  1642. groupegm.com ransomware attack (RansomHub, 2025)

    groupegm.com was named on the RansomHub ransomware data-leak (extortion) site on 2025-01-02.

    RansomwareUnknown
  1643. CM Buck & Associates ransomware attack (Lynx, 2025)

    CM Buck & Associates was named on the Lynx ransomware data-leak (extortion) site on 2025-01-01.

    RansomwareUnknown
  1644. http://www.kitevuc.com ransomware attack (Ciphbit, 2025)

    http://www.kitevuc.com was named on the Ciphbit ransomware data-leak (extortion) site on 2025-01-01.

    RansomwareUnknown
  1645. lianbeng.sg ransomware attack (RansomHub, 2025)

    lianbeng.sg was named on the RansomHub ransomware data-leak (extortion) site on 2025-01-01.

    RansomwareUnknown
  1646. regencymedia ransomware attack (LockBit, 2025)

    regencymedia was named on the LockBit ransomware data-leak (extortion) site on 2025-01-01.

    RansomwareUnknown

2024

142 incidents
  1. Leak at Cogitis

    On 31 December 2024, the DragonForce ransomware gang listed Cogitis — a French inter-municipal IT syndicate serving local authorities — on its leak site, claiming around 81 GB of exfiltrated data including internal files and personal data tied to the public bodies it supports.

  2. Leak at Atos

    On 28 December 2024, the Space Bears ransomware group claimed to have compromised an Atos database; the French IT giant investigated and concluded its own systems were not breached, attributing the leaked Atos-related data to a compromised external third-party infrastructure.

  3. Leak at Arsoé

    A ransomware attack disclosed in late December 2024 crippled Arsoé de Soual, the agricultural IT provider hosting livestock-management software for ~30,000 farmers across some 22 French departments; systems were encrypted and a ransom demanded, with no data exfiltration detected.

  4. Data leak at Volkswagen

    A misconfigured Amazon cloud storage system run by Volkswagen software subsidiary Cariad exposed data on about 800,000 EV owners across VW, Audi, Seat and Skoda, including contact details and precise vehicle location data for roughly 466,000 cars.

  5. Movistar Peru data leak

    A database containing roughly 22 million records on Movistar Peru customers — DNI numbers, names, birth dates, and addresses collected between 2016 and 2018 — circulated freely on hacking forums over the December holiday break.

  6. Leak at Peugeot

    In December 2024, the ransomware-as-a-service group Cicada 3301 claimed to have stolen 40 GB of data from Peugeot dealerships (mainly in Lot-et-Garonne, France), including customer ID documents, VINs and vehicle inventory data, threatening to publish it by 6 January 2025.

  7. Leak at Cyberhaven

    On 25 Dec 2024, data-security firm Cyberhaven's Chrome extension was hijacked via a phishing attack and pushed a malicious update that exfiltrated cookies and session tokens from roughly 400,000 users over a 24-hour window.

  8. Speedio data breach (2024)

    In December 2024, data alleged to have been taken from the Brazilian lead generation platform Speedio was posted for sale to a popular hacking forum. The data was allegedly obtained from an unsecured Elasticsearch instance and contained over 62M records of largely public business information…

  9. Leak at Electro Dépôt

    Customer data attributed to French electronics retailer Electro Dépôt surfaced as one of at least 17 French breaches consolidated on an open database, exposing names, contact details, IP addresses and partial payment data.

  10. Leak at Go Sport

    In December 2024, French sporting-goods retailer Go Sport was named in dark-web claims of a customer data leak; the alleged fresh breach was debunked, with the data tracing back to a 'go-sport.com' file in an earlier compilation of past French breaches.

  11. Data leak at Sport 2000

    Customer database of French sporting-goods retailer Sport 2000 — covering roughly 4.3 million people — was stolen and circulated on hacking forums and the dark web, exposing names, contact details, dates of birth and purchase history.

  12. Data leak at Wakanim

    Wakanim user data surfaced in a misconfigured, publicly accessible ElasticSearch server hoarding ~95 million records from 17 past French breaches, exposing names, emails, postal and IP addresses and phone numbers.

  13. BitView data breach (2024)

    In December 2024, the video sharing Community BitView suffered a data breach that exposed 63k customer records. Attributed to a backup taken by a previous administrator earlier in the year, the breach exposed email and IP addresses, bcrypt password hashes, usernames, bios, private messages, video…

    Data breachResolved
  14. Data leak at Top Achat

    On 12 December 2024, French PC-hardware e-tailer Top Achat (LDLC group) disclosed a breach exposing customer names, email and postal addresses; no passwords or payment data were affected. The intrusion was linked to an earlier compromise at parent company LDLC.

  15. Young Living Essential Oils data breach (2024)

    In December 2024, data claimed to be breached from the multi-level marketing company Young Living Essential Oils was posted to a popular hacking forum. The data contained 1.1M unique email addresses alongside names, the country of the account and in many cases, their date of birth.

    Data breachResolved
  16. Leak at LDLC

    On 10 December 2024, French high-tech e-commerce retailer LDLC disclosed a data breach exposing personal data (names, email addresses, phone numbers) of both its online and in-store customers — potentially several million people — though it stated no financial or sensitive data was affected.

  17. Electrica Group Lynx ransomware attack

    The Lynx ransomware gang breached Electrica Group, one of Romania's largest electricity suppliers serving 3.8 million users, disrupting customer-facing services while SCADA and other critical grid systems were isolated and kept running.

  18. Leak at Deloitte

    On 4 December 2024, the Brain Cipher ransomware group publicly claimed to have stolen over 1 TB of data from Deloitte UK; Deloitte said the allegations related to a single client's system outside its own network and that no Deloitte systems were impacted.

  19. Leak at Guy Demarle

    French bakeware and kitchenware brand Guy Demarle disclosed in December 2024 that a cyberattack had copied part of its customer database, exposing names, postal addresses, email addresses and phone numbers; passwords and banking data were not affected.

  20. Leak at Norauto

    On 2 December 2024, French automotive retailer Norauto disclosed a cyberattack on its vehicle-rental service that exposed personal data of about 78,000 customers, including names, contact details and, in some cases, ID-document numbers; the dataset was put up for sale on BreachForums.

  21. RECOPE RansomHub ransomware attack

    RansomHub ransomware forced Costa Rica's state oil refiner RECOPE to switch its entire fuel-distribution network to manual operations, triggering the first real-world deployment of the U.S. State Department's FALCON cyber-response program.

  22. Data leak at Ze Camping

    On 27 November 2024, a database from French camping-holiday booking platform Ze Camping (ze-camping.fr) covering 2014-2024 was advertised for sale on a darknet forum, exposing some 1.6 million records including names, logins, hashed passwords, dates of birth, phone numbers and postal addresses.

  23. Leak at JVS

    On 26 November 2024, a dataset of user-account records tied to JVS-Mairistem — a leading French software vendor for municipalities and local authorities — was reported leaked, exposing names, email addresses, logins, phone numbers and the associated local authority.

  24. Data leak at SFR

    On 24 November 2024, a threat actor advertised a leak of personal data on 3.6 million customers of French telecom operator SFR — names, postal and email addresses, dates of birth and phone numbers — plus 150,000 IBANs offered for separate sale on the dark web.

  25. Leak at Banque de France

    On 23 November 2024, the threat actor Near2tlg advertised data allegedly stolen from France's central bank; the Banque de France denied any compromise of its secure systems, acknowledging only brief unauthorized access to an HR extranet with no sensitive data exposed.

  26. Senior Dating data breach (2024)

    In 2024, the 40+ dating website Senior Dating suffered a data breach. Attributed to an exposed Firebase database, the breach included extensive personal information on 766k users of the service including email addresses, photos, genders, links to Facebook accounts, dates of birth and precise…

    Data breachResolved
  27. Leak at Companie de Transport Strasbourgeoise

    In November 2024, the Compagnie des Transports Strasbourgeois (CTS) — Strasbourg's public transport operator — detected fraudulent logins to about 100 of its roughly 350,000 customer accounts via a credential-stuffing attack reusing passwords stolen in unrelated breaches.

  28. Leak at Chambres d'agriculture

    In November 2024, the Chambres d'agriculture d'Occitanie — France's regional public chambers of agriculture — were hit by a malware/ransomware-type cyberattack that spread across their interconnected national network and rendered the workstations of roughly 1,000 regional staff unusable.

  29. Yonéma data breach (2024)

    In November 2024, data from the Senegalese payment platform Yonéma was posted to a popular hacking forum. The data included 36k unique email addresses alongside phone numbers, names and what appears to be encrypted passwords and dates of birth.

    Data breachResolved
  30. Leak at Auchan

    On 19 November 2024, French retailer Auchan disclosed a breach of its loyalty programme exposing the personal data of more than 500,000 customers — names, contact details, dates of birth, family composition and loyalty-card/balance information; no bank data or passwords were affected.

  31. Leak at Direct Assurance

    In November 2024, French online insurer Direct Assurance was breached via a compromised employee account, exposing personal data of roughly 15,000 clients and prospects — including the IBAN/RIB banking details of about 5,800 of them — later offered for sale online.

  32. Leak at Mediboard

    On 19 Nov 2024 a threat actor put the records of ~758,912 patients of French healthcare provider Aléo Santé — extracted via a compromised privileged account on the Mediboard patient-record platform — up for sale on BreachForums, exposing identities, contact details and sensitive medical data.

  33. FlipaClip data breach (2024)

    In November 2024, the animation app FlipaClip suffered a data breach that exposed almost 900k records due to an exposed Firebase server. The impacted data included name, email address, country and date of birth. FlipaClip advised the issue has since been rectified.

    Data breachResolved
  34. Leak at Le Point

    On 18 November 2024, French news magazine Le Point disclosed a breach traced to a compromised subscriber-management subcontractor, exposing the names, postal/email addresses and phone numbers of an estimated 900,000 current and former readers.

  35. The Real World data breach (2024)

    In November 2024, the online course founded by Andrew Tate known as "The Real World" (previously "Hustler's University" suffered a data breach that exposed almost 325k users of the platform. The impacted data was limited to usernames, email addresses and chat logs.

    Data breachResolved
  36. Leak at Huttopia

    On 14 November 2024, a data leak affecting Huttopia, the French eco-tourism and glamping operator, exposed customer records including last names, first names and email addresses.

  37. PoinCampus data breach (2024)

    In November 2024, the South Korean education platform PoinCampus suffered a data breach which was later published to a popular hacking forum. The data included 89k unique email addresses, names and a small number of phone numbers and dates of birth.

    Data breachResolved
  38. Leak at Molotov

    Around 13 November 2024, French streaming TV service Molotov disclosed a data breach exposing roughly 10.8 million email addresses, along with the names and dates of birth of users who had supplied them; no passwords or banking data were affected.

  39. Leak at Picard

    On 12 November 2024, French frozen-food retailer Picard disclosed a credential-stuffing attack that compromised the loyalty accounts of around 45,000 customers, exposing personal and loyalty-programme data; no banking data was affected and the company notified the CNIL.

  40. Tibber data breach (2024)

    In November 2024, the German electricity provider Tibber suffered a data breach that exposed the personal information of 50k customers. The data included names, email addresses, geographic locations (city and postcode) and total spend on purchases.

    Data breachResolved
  41. 1win data breach (2024)

    In November 2024, the online betting platform 1win suffered a data breach that exposed 96M users. The exposed data included email and IP addresses, phone numbers, dates of birth, country and SHA-256 password hashes.

    Data breachResolved
  42. RENIEC Peru citizen data leak

    A threat actor advertised a database said to hold around 37 million records from Peru's national identity registry RENIEC, including DNI numbers, names, birth data, and addresses; RENIEC disputed that its systems were breached.

  43. Interbank Peru data breach

    After a two-week extortion negotiation collapsed, a threat actor known as kzoldyck leaked 3.7 TB of data on roughly 3 million Interbank customers, including names, DNI numbers, card data, and plaintext credentials.

  44. SuperDraft data breach (2024)

    In October 2024, the fantasy sports platform SuperDraft suffered a data breach that exposed over 300k customer records. The breach contained 24GB of data including email addresses, usernames, purchases, latitudes and longitudes, dates of birth and bcrypt password hashes.

    Data breachResolved
  45. Leak at Free

    In late October 2024, French ISP Free (Iliad group) disclosed a breach after attackers accessed an internal management tool, exposing subscriber identity and contact data plus around 5.1 million IBANs; the stolen data was later auctioned and sold online.

  46. Leak at Ornikar

    In late October 2024, French online driving school Ornikar disclosed a breach after an attacker offered a database of up to 4.2 million customer accounts for sale, exposing names, dates of birth, email and postal addresses, and phone numbers; bank data and passwords were unaffected.

  47. Hot Topic data breach (2024)

    In October 2024, retailer Hot Topic suffered a data breach that exposed 57 million unique email addresses. The impacted data also included physical addresses, phone numbers, purchases, genders, dates of birth and partial credit data containing card type, expiry and last 4 digits.

  48. Earth 2 data breach (2024)

    In October 2024, 421k unique email addresses from the virtual earth game Earth 2 were derived from embedded Gravatar images. Appearing alongside player usernames, the root cause was related to how Gravatar presents links to avatars as MD5 hashes within consuming services, a feature Earth 2 advised…

    Data breachResolved
  49. Finsure data breach (2024)

    In October 2024, almost 300k unique email addresses from Australian mortgage broking group Finsure were obtained from the ActivePipe real estate marketing platform. The impacted data also included names, phone numbers and physical addresses.

  50. Flat Earth Sun, Moon and Zodiac App data breach (2024)

    In October 2024, the flat earth sun, moon and zodiac app created by Flat Earth Dave was found to be leaking extensive personal information of its users.

    Data breachResolved
  51. The Club Penguin Experience data breach (2024)

    In October 2024, The Club Penguin Experience (TCPE) suffered a data breach. The incident exposed over 6k subscribers' email addresses alongside usernames, age groups, passwords stored as bcrypt hashes and in some cases, plain text password hints.

    Data breachResolved
  52. Salt Typhoon US telecom espionage campaign (2024)

    China-linked Salt Typhoon infiltrated at least nine U.S. telecom providers — Verizon, AT&T, T-Mobile, Spectrum, Lumen, Consolidated, Windstream — including the CALEA lawful-intercept systems used for court-authorised wiretaps. Metadata for over a million users was exposed; the U.S. Treasury sanctioned a linked PRC contractor.

  53. Switch data breach (2024)

    In October 2024, the Hungarian IT headhunting service Switch inadvertently exposed thousands of customer records via a public GitHub repository. The exposed data contained job applications with names, email addresses and in some cases, commentary on the applicant.

  54. Leak at Meilleurtaux

    In late September 2024, French credit and insurance broker Meilleurtaux disclosed that an external attack on its IT systems had exposed sensitive personal data of customers, including names, contact details, dates of birth, family situation, income and employment status.

  55. digiDirect data breach (2024)

    In September 2024, a data breach sourced from the Australian retailer digiDirect was published to a popular hacking forum. The breach exposed over 300k rows of data including email and physical address, name, phone number and date of birth.

  56. Internet Archive data breach (2024)

    In September 2024, the Internet Archive's authentication database — 31 million records with emails, screen names, and bcrypt password hashes — was stolen, followed by a website defacement and a wave of DDoS attacks.

  57. French Citizens data breach (2024)

    In September 2024, over 90M rows of data on French Citizens was found left exposed in a publicly facing database. Compiled from various data breaches, the corpus contained 28M unique email addresses with the various source breaches each exposing different fields including name, physical and IP…

    Data breachResolved
  58. Leak at RED by SFR

    In September 2024, RED by SFR — the low-cost mobile brand of French telecom SFR — disclosed a breach affecting several tens of thousands of recent customers, exposing names, contact details, IBANs, and SIM/handset identifiers after attackers accessed an order-management tool.

  59. Muah.AI data breach (2024)

    In September 2024, the "AI girlfriend" website Muah.AI suffered a data breach. The breach exposed 1.9M email addresses alongside prompts to generate AI-based images. Many of the prompts were highly sexual in nature, with many also describing child exploitation scenarios.

    Data breachResolved
  60. Leak at Assurance retraite

    On 13 September 2024, France's Assurance retraite (Cnav) disclosed a breach of its PPAS social-action partner portal, exposing data on about 370,000 pension beneficiaries including names, addresses, social security numbers and approximate income.

  61. Leak at Cybertek

    On 12 September 2024, French computer-hardware retailer Cybertek disclosed a customer data breach stemming from a compromised shared IT provider, exposing names, email and postal addresses and phone numbers; passwords and payment data were not affected.

  62. Instituto Nacional de Deportes de Chile data breach (2024)

    In September 2024, the Instituto Nacional de Deportes de Chile (Chile's National Sports Institute) suffered a data breach. The incident exposed 1.7M rows of data with 320k unique email addresses alongside names, dates of birth, genders and bcrypt password hashes.

    Data breachResolved
  63. Leak at Cultura

    On 10 September 2024, French cultural-goods retailer Cultura disclosed that a breach at a shared third-party IT provider exposed the personal data of about 1.5 million customers, including names, contact details and order history; passwords and bank data were not affected.

  64. Leak at Boulanger

    On the night of 6-7 September 2024, French electronics retailer Boulanger suffered a data breach traced to a shared third-party delivery/IT provider, exposing the names, postal and email addresses and phone numbers of several hundred thousand customers; no banking data was affected.

  65. Halliburton RansomHub attack (2024)

    RansomHub gained access to Halliburton's systems, prompting the oil-services giant to take infrastructure offline. The incident delayed invoicing and purchase orders, and Halliburton booked a $35 million loss in its SEC filings.

  66. MC2 Data data breach (2024)

    In August 2024, data aggregator MC2 Data left a database publicly accessible without a password which was subsequently discovered by a security researcher. The breach exposed the personal information of 2.1M subscribers to the service which was marketed under a series of different brand names.

    Data breachResolved
  67. National Public Data SSN breach

    A breach of data broker National Public Data (Jerico Pictures) exposed a database of roughly 2.9 billion records containing names, Social Security numbers, dates of birth, and addresses scraped from public and non-public sources, triggering a wave of lawsuits and the company's bankruptcy.

  68. Explore Talent (August 2024) data breach (2024)

    In August 2024, a slew of security vulnerabilities were identified with a conglomerate of online services which included the talent network Explore Talent. A vulnerable API exposed the personal records of 11.4M users of the service of which 8.9M unique email addresses were provided to HIBP.

    Data breachResolved
  69. schenkYOU data breach (2024)

    In September 2024, data from the online German gift store schenkYOU was put up for sale on a popular hacking forum. Obtained the month before, the data included 237k unique email addresses alongside names, dates of birth and salted SHA-256 password hashes.

  70. Tracki data breach (2024)

    In August 2024, a slew of security vulnerabilities were identified with a conglomerate of online services which included the GPS tracking service Tracki. Multiple vulnerabilities exposed the personal records of 372k users of the service including names and email addresses.

    Data breachResolved
  71. Star Health insurance breach and senior-official extortion (India, 2024)

    A hacker using the alias xenZen exposed personal and medical data on 31.2 million Star Health customers via Telegram bots, alongside 5.76 million claims records. The leak escalated into a public extortion drama implicating a senior Star Health official.

  72. Chris Leong data breach (2024)

    In August 2024, the website of Master Chris Leong "a leading Tit Tar practitioner in Malaysia" suffered a data breach. The incident exposed 27k unique email addresses along with names, physical addresses, dates of birth, genders, nationalities and in many cases, links to Facebook profiles.

    Data breachResolved
  73. Not SOCRadar data breach (2024)

    In August 2024, over 332M rows of email addresses were posted to a popular hacking forum. The post alleged the addresses were scraped from cybersecurity firm SOCRadar, however an investigation on their behalf concluded that "the actor merely utilised functionalities inherent in the platform's…

    Data breachResolved
  74. Ubook data breach (2024)

    In July 2024, 700k unique email addresses from the audiobook platform Ubook were posted to a popular hacking forum. Allegedly scraped from the service, the data appears to be sourced from the Ubook Exchange (UBX) and also includes names, genders, dates of birth and links to profile photos.

    Data breachResolved
  75. Stealer Logs Posted to Telegram data breach (2024)

    In July 2024, info stealer logs with 26M unique email addresses were collated from malicious Telegram channels. The data contained 22GB of logs consisting of email addresses, passwords and the websites they were used on, all obtained by malware running on infected machines.

    Data breachResolved
  76. AT&T Snowflake call-records breach

    AT&T disclosed that attackers used credentials stolen by infostealers to authenticate into its Snowflake cloud-data-warehouse tenant — which lacked MFA — and exfiltrated call and text metadata covering nearly all 110 million AT&T wireless customers.

  77. The Heritage Foundation data breach (2024)

    In July 2024, hacktivists published almost 2GB of data taken from The Heritage Foundation and their media arm, The Daily Signal. The data contained 72k unique email addresses, primarily used for commenting on articles (along with names, IP addresses and the comments left) and by content…

    Data breachResolved
  78. MSI data breach (2024)

    In July 2024, MSI inadvertently exposed hundreds of thousands of customer records related to RMA claims that were subsequently found to be publicly accessible. The data included 250k unique email addresses alongside names, phone numbers, physical addresses and warranty claims.

    Data breachResolved
  79. LuLu data breach (2024)

    In July 2024, the Emirati-based LuLu retail store suffered a data breach. The impacted data included 190k email addresses and associated phone numbers which were subsequently shared on a popular hacking forum.

    Data breachResolved
  80. AnimeLeague data breach (2024)

    In July 2024, AnimeLeague disclosed a data breach of their services. The data was posted for sale on a popular hacking forum and included 2 databases covering both event registration records and a dump of the phpBB bulletin board.

    Data breachResolved
  81. FNTECH data breach (2024)

    In July 2024, the events management platform FNTECH suffered a data breach that exposed 10k unique email addresses. The data contained registrants from various events, including participants of the Roblox Developer Conference registration list. The data also included names and IP addresses.

    Data breachResolved
  82. Husky Owners data breach (2024)

    In July 2024, the Husky Owners forum website was defaced and linked to a breach of user data containing 16k records. The exposed data included usernames, email addresses, dates of birth and time zones.

    Data breachResolved
  83. Ladies.com data breach (2024)

    In 2024, the lesbian dating website ladies.com suffered a data breach. Attributed to an exposed Firebase database, the breach included extensive personal information on 119k users of the service including email addresses, photos, sexual orientation, genders, dates of birth and precise latitude and…

    Data breachResolved
  84. Central Tickets data breach (2024)

    In September 2024, data from the ticketing service Central Tickets was publicly posted to a hacking forum. The data suggests the breach occurred several months earlier and exposed 723k unique email addresses alongside names, phone numbers, IP addresses, purchases and passwords stored as unsalted…

  85. Otelier data breach (2024)

    In July 2024, a threat actor gained access to the hotel management platform Otelier and retrieved customer data from well-known hotel brands including Marriott, Hilton, and Hyatt.

    Data breachResolved
  86. Shoe Zone data breach (2024)

    In June 2024, the UK footwear chain Shoe Zone disclosed a data breach that was subsequently posted for sale on a popular hacking forum. The data included over 100k orders containing names, addresses, partial credit card numbers (card type and last 4 digits), and 46k unique email addresses.

    Data breachResolved
  87. BudTrader data breach (2024)

    In July 2024, a data breach of the now defunct cannabis social platform BudTrader was posted for sale on a hacking forum. Dating back to the previous month, the breach of the website exposed 2.7M email addresses, usernames and WordPress password hashes.

    Data breachResolved
  88. SpyX data breach (2024)

    In June 2024, spyware maker SpyX suffered a data breach that exposed almost 2M unique email addresses. The breach also exposed IP addresses, countries of residence, device information and 6-digit PINs in the password field.

    Data breachResolved
  89. Zacks (2024) data breach (2024)

    In June 2024, the investment research company Zacks was allegedly breached, and data was later published to a popular hacking forum. This comes after a separate Zacks data breach confirmed by the organisation in 2023 with the subsequent breach disclosing millions of additional records representing…

    Data breachResolved
  90. Indonesia National Data Centre (PDNS) ransomware attack

    The Brain Cipher ransomware group encrypted Indonesia's Temporary National Data Centre (PDNS 2), disrupting 282 government services across more than 200 agencies and demanding an $8 million ransom the government refused to pay.

  91. Z-lib data breach (2024)

    In June 2024, almost 10M user records from Z-lib were discovered exposed online. Now defunct, Z-lib was a malicious clone of Z-Library, a well-known shadow online platform for pirating books and academic papers.

    Data breachResolved
  92. CDK Global BlackSuit ransomware (2024)

    BlackSuit operators encrypted CDK Global's dealer-management platform, knocking ~15,000 North American car dealerships offline for nearly two weeks. A second attack hit on day two of recovery. Industry losses estimated at over $1 billion; CDK reportedly paid a $25 million ransom.

  93. mSpy (2024) data breach (2024)

    In June 2024, a huge trove of data from spyware maker mSpy was obtained by hacktivists and published online. Comprising of 142GB of user data and support tickets along with 176GB of more than half a million attachments, the data contained 2.4M unique email addresses, IP addresses names and photos.

    Data breachResolved
  94. KADOKAWA / Niconico BlackSuit ransomware (2024)

    Phishing access let BlackSuit (Russian-linked) encrypt KADOKAWA's infrastructure and the Niconico video-sharing platform, taking services offline for two months. KADOKAWA paid ~$2.9M in cryptocurrency — and BlackSuit leaked the stolen 1.5 TB anyway.

    RansomwareRansom paidJapan$2.9M
  95. Advance Auto Parts data breach (2024)

    In June 2024, Advance Auto Parts confirmed they had suffered a data breach which was posted for sale to a popular hacking forum. Linked to unauthorised access to Snowflake cloud services, the breach exposed a large number of records related to both customers and employees.

  96. Spytech data breach (2024)

    In July 2024, spyware maker Spytech suffered a data breach that exposed data collected as recently as the previous month. Designed to "invisibly record everything users do", the breach exposed information related to both purchasers and targets of the product.

    Data breachResolved
  97. Robinsons Malls data breach (2024)

    In June 2024, the Philippines' largest shopping-mall operators Robinsons Malls suffered a data breach stemming from their mobile app. The incident exposed 195k unique email addresses along with names, phone numbers, dates of birth, genders and the user's city and province.

    Data breachResolved
  98. Ticketek data breach (2024)

    In May 2024, the Australian event ticketing company Ticketek reported a data breach linked to a third party cloud-based platform. The following month, the data appeared for sale on a popular hacking forum and was later linked to a series of breaches of the Snowflake cloud storage service.

  99. Operation Endgame data breach (2024)

    In May 2024, a coalition of international law enforcement agencies took down a series of botnets in a campaign they coined "Operation Endgame". Data seized in the operation included impacted email addresses and passwords which were provided to HIBP to help victims learn of their exposure.

    Data breachResolved
  100. Snowflake customer-account credential-stuffing campaign (UNC5537, 2024)

    A threat cluster tracked as UNC5537 / ShinyHunters used credentials harvested by infostealer malware to log into ~160 Snowflake customer tenants that lacked MFA. Victims included AT&T, Ticketmaster, Santander, LendingTree, Advance Auto Parts, Neiman Marcus, and Bausch Health. Ticketmaster alone exposed data for ~560 million users.

  101. Combolists Posted to Telegram data breach (2024)

    In May 2024, 2B rows of data with 361M unique email addresses were collated from malicious Telegram channels. The data contained 122GB across 1.7k files with email addresses, usernames, passwords and in many cases, the website they were entered into.

    Data breachResolved
  102. pcTattletale data breach (2024)

    In May 2024, the spyware service pcTattletale suffered a data breach that defaced the website and posted tens of gigabytes of data to the homepage, allegedly due to pcTattletale not responding to a previous security vulnerability report.

    Data breachResolved
  103. BSNL telecom data breach

    A threat actor advertised roughly 278 GB of data stolen from India's state-owned telecom BSNL — including IMSI numbers, SIM details, home location register data, and security keys — exposing millions of subscribers to SIM-cloning and fraud, in the carrier's second breach in six months.

  104. MediSecure ransomware attack

    A ransomware attack on Australian e-prescription provider MediSecure exposed the personal and health data of roughly 12.9 million Australians — one of the country's largest breaches — and pushed the company into administration and liquidation.

  105. Ascension Health ransomware attack

    Black Basta ransomware crippled Ascension, one of the largest U.S. health systems, after an employee downloaded a malicious file. The attack forced 140 hospitals onto manual operations for weeks, diverted ambulances, and ultimately exposed the data of nearly 5.6 million patients.

  106. City of Helsinki Education Division breach

    An attacker exploited an unpatched vulnerability in a remote access server to breach the City of Helsinki's Education Division, exposing personal data of tens of thousands of students, guardians, and staff, plus sensitive welfare records.

  107. The Post Millennial data breach (2024)

    In May 2024, the conservative news website The Post Millennial suffered a data breach. The breach resulted in the defacement of the website and links posted to 3 different corpuses of data including hundreds of writers and editors (IP, physical address and email exposed), tens of thousands of…

    Data breachResolved
  108. Data leak at Ticketmaster

    In 2024, ticketing giant Ticketmaster (Live Nation) suffered a breach of a third-party Snowflake cloud database; data on up to 560 million customers — names, contact details, order history and partial payment-card data — was stolen and offered for sale by ShinyHunters.

  109. Piping Rock data breach (2024)

    In April 2024, 2.1M email addresses from the online health products store Piping Rock were publicly posted to a popular hacking forum. The data also included names, phone numbers and physical addresses.

    Data breachResolved
  110. Tappware data breach (2024)

    In April 2024, a substantial volume of data was taken from the Bangladeshi IT services provider Tappware and published to a popular hacking forum. Comprising of 95k unique email addresses, the data also included extensive labour information on local citizens including names, physical addresses, job…

    Data breachResolved
  111. T2 data breach (2024)

    In April 2024, 95k records from the T2 tea store were posted to a popular hacking forum. Data included email and physical addresses, names, phone numbers, dates of birth, purchases and passwords stored as scrypt hashes.

    Data breachResolved
  112. Leak at Le Slip Français

    In April 2024, French apparel brand Le Slip Français disclosed a customer data breach exposing names, phone numbers, postal and email addresses and order numbers; roughly 1.5 million email addresses and close to 700,000 full customer profiles were affected. No passwords or payment data were involved.

  113. MovieBoxPro data breach (2024)

    In April 2024, over 6M records from the streaming service MovieBoxPro were scraped from a vulnerable API. Of questionable legality, the service provided no contact information to disclose the incident, although reportedly the vulnerability was rectified after being mass enumerated.

    Data breachResolved
  114. Neiman Marcus data breach (2024)

    In 2024, the luxury retailer Neiman Marcus had data stolen from its Snowflake cloud environment via stolen credentials. The company reported about 64,000 individuals to regulators, but the leaked dataset exposed roughly 31 million unique email addresses along with names, contact details and gift-card numbers.

  115. Salvadoran Citizens data breach (2024)

    In April 2024, nearly 6 million records of Salvadoran citizens were published to a popular hacking forum. The data included names, dates of birth, phone numbers, physical addresses and nearly 1M unique email addresses. Further, over 5M corresponding profile photos were also included in the breach.

    Data breachResolved
  116. Pandabuy data breach (2024)

    In March 2024, 1.3M unique email addresses from the online store for purchasing goods from China, Pandabuy, were posted to a popular hacking forum. The data also included IP and physical addresses, names, phone numbers and order enquiries.

    Data breachResolved
  117. XZ Utils backdoor (CVE-2024-3094)

    A multi-year social-engineering campaign by a maintainer persona named 'Jia Tan' planted a hidden SSH backdoor in the XZ Utils compression library (liblzma) versions 5.6.0 and 5.6.1, scoring CVSS 10.0 — caught by chance days before it could reach stable Linux releases worldwide.

  118. Lookiero data breach (2024)

    In August 2024, a data breach from the online styling service Lookiero was posted to a popular hacking forum. Dating back to March 2024, the data included 5M unique email addresses, with many of the records also including name, phone number and physical address.

    Data breachResolved
  119. boAt data breach (2024)

    In March 2024, the Indian audio and wearables brand boAt suffered a data breach that exposed 7.5M customer records. The data included physical and email address, names and phone numbers, all of which were subsequently published to a popular clear web hacking forum.

    Data breachResolved
  120. Kaspersky Club data breach (2024)

    In March 2024, the independent fan forum Kaspersky Club suffered a data breach. The incident exposed 56k unique email addresses alongside usernames, IP addresses and passwords stored as either MD5 or bcrypt hashes.

  121. England Cricket data breach (2024)

    In March 2024, English Cricket's icoachcricket website suffered a data breach that exposed over 40k records. The data included email addresses and passwords stored as either bcrypt hashes, salted MD5 hashes or both.

  122. Nigeria NIN national-ID data exposure

    Unauthorized websites such as XpressVerify and AnyVerify were caught selling Nigerians' National Identification Numbers, Bank Verification Numbers, passports, and other personal data for as little as ₦100 — exploiting improperly governed API access to the NIMC identity database.

  123. Leak at France Travail

    On 8 March 2024, France's national employment agency France Travail disclosed a data breach exposing the personal data of up to 43 million jobseekers registered over the previous 20 years, including names, dates of birth, social security numbers and contact details.

  124. HuntStand data breach (2024)

    In March 2024, millions of records scraped from the hunting and land management service HuntStand were publicly posted to a popular hacking forum. The data included 2.8M unique email addresses with many records also containing name, date of birth and country.

    Data breachResolved
  125. Giant Tiger data breach (2024)

    In March 2024, Canadian discount store Giant Tiger suffered a data breach that exposed 2.8M customer records. Attributed to a vendor of the retailer, the breach included physical and email addresses, names and phone numbers.

    Data breachResolved
  126. WoTLabs data breach (2024)

    In March 2024, WoTLabs (World of Tanks Statistics and Resources) suffered a data breach and website defacement attributed to "chromebook breachers". The breach exposed 22k forum members' personal data including email and IP addresses, usernames, dates of birth and time zones.

    Data breachResolved
  127. Fair Vote Canada data breach (2024)

    In March 2024, the Canadian national citizens' campaign for proportional representation Fair Vote Canada suffered a data breach. The incident was attributed to "a well-meaning volunteer" who inadvertently exposed data from 2020 which included 134k unique email addresses, names, physical addresses,…

  128. Leak at LDLC

    In early March 2024, French electronics retailer LDLC confirmed a data breach affecting roughly 1.5 million in-store customers, exposing names, postal addresses, email addresses and phone numbers, though no banking or sensitive data.

  129. Life360 data breach (2024)

    In July 2024, data scraped from a misconfigured Life360 API was posted online after being obtained several months earlier. The records included 443k unique email addresses and in most cases, corresponding names and phone numbers (some records were null or obfuscated).

    Data breachResolved
  130. Mr. Green Gaming data breach (2024)

    In March 2024, the online games community Mr. Green Gaming suffered a data breach that exposed 27k user records. Acknowledged on their Discord server, the incident exposed email and IP addresses, usernames, geographic locations and dates of birth.

    Data breachResolved
  131. DemandScience by Pure Incubation data breach (2024)

    In early 2024, a large corpus of data from DemandScience (a company owned by Pure Incubation), appeared for sale on a popular hacking forum. Later attributed to a leak from a decommissioned legacy system, the breach contained extensive data that was largely business contact information aggregated…

    Data breachResolved
  132. Cutout.Pro data breach (2024)

    In February 2024, the AI-powered visual design platform Cutout.Pro suffered a data breach that exposed 20M records. The data included email and IP addresses, names and salted MD5 password hashes which were subsequently broadly distributed on a popular hacking forum and Telegram channels.

    Data breachResolved
  133. Spyzie data breach (2024)

    In February 2025, the spyware service Spyzie suffered a data breach along with sibling spyware services, Spyic and Cocospy. The Spyzie breach alone exposed almost 519k customer email addresses which were provided to HIBP, and reportedly also enabled unauthorised access to captured messages, photos,…

    Data breachResolved
  134. Change Healthcare ransomware (ALPHV/BlackCat)

    ALPHV/BlackCat compromised Change Healthcare via Citrix portal lacking MFA, paralyzed U.S. prescription claims for weeks, and exfiltrated data on an estimated 100 million people.

  135. Tangerine data breach (2024)

    In February 2024, the Australian Telco Tangerine suffered a data breach that exposed over 200k customer records. Attributed to a legacy customer database, the data included physical and email addresses, names, phone numbers and dates of birth.

  136. Doxbin (TOoDA) data breach (2024)

    In February 2025, the "doxing" website Doxbin was compromised by a group calling themselves "TOoDA" and the data dumped publicly. Included in the breach were 336k unique email addresses alongside usernames.

    Data breachResolved
  137. Romanian hospitals ransomware wave

    A Backmydata (Phobos-family) ransomware attack on the shared Hipocrate hospital information system encrypted data at 25 Romanian hospitals and forced about 75 more offline, pushing more than 100 facilities back to paper records.

  138. Leak at Almerys, Viamedis

    In early February 2024, French third-party health-payment operators Viamedis and Almerys disclosed breaches exposing data on about 33 million people — names, dates of birth, social security numbers and health-insurer details — in one of France's largest ever data breaches.

  139. SurveyLama data breach (2024)

    In February 2024, the paid survey website SurveyLama suffered a data breach that exposed 4.4M customer email addresses. The incident also exposed names, physical and IP addresses, phone numbers, dates of birth and passwords stored as either salted SHA-1, bcrypt or argon2 hashes.

    Data breachResolved
  140. Spoutible data breach (2024)

    In January 2024, Spoutible had 207k records scraped from a misconfigured API that inadvertently returned excessive personal information. The data included names, usernames, email and IP addresses, phone numbers (where provided to the platform), genders and bcrypt password hashes.

    Data breachResolved
  141. Schneider Electric Sustainability Business Cactus ransomware (2024)

    Cactus ransomware operators hit Schneider Electric's Sustainability Business division, taking the Resource Advisor consulting platform offline and exfiltrating approximately 1.5 TB of data — including passport scans and signed NDAs from customers like Hilton, PepsiCo, and Walmart.

  142. Trello data breach (2024)

    In January 2024, data was scraped from Trello and posted for sale on a popular hacking forum. Containing over 15M email addresses, names and usernames, the data was obtained by enumerating a publicly accessible resource using email addresses from previous breach corpuses.

    Data breachResolved

2023

82 incidents
  1. Hathway data breach (2023)

    In December 2023, hundreds of gigabytes of data allegedly taken from Indian ISP and digital TV provider Hathway appeared on a popular hacking website. The incident exposed extensive personal information including 4.7M unique email addresses along with names, physical and IP addresses, phone…

    Data breachResolved
  2. GLAMIRA data breach (2023)

    In late 2023, the online jewellery store GLAMIRA suffered a data breach they attributed to "an unauthorised individual [who] briefly accessed one of our servers". The data was subsequently published on a popular hacking forum and included 875k email addresses, names, phone numbers and purchases.

    Data breachResolved
  3. InflateVids data breach (2023)

    In December 2023, the inflatable and balloon fetish videos website InflateVids suffered a data breach. The incident exposed over 13k unique email addresses alongside usernames, IP addresses, genders and SHA-1 password hashes.

    Data breachResolved
  4. Kyivstar wiper attack

    Russia's Sandworm group destroyed thousands of virtual servers and workstations at Kyivstar, Ukraine's largest mobile operator, knocking out service for some 24 million subscribers and disrupting air-raid alerts, banking and payments in the most damaging cyberattack on Ukrainian telecoms since the 2022 invasion.

    WiperResolvedUkraine$95.0M
  5. Westpole LockBit ransomware — Italian PA outage (2023)

    LockBit 3.0 encrypted the data centres of Italian cloud provider Westpole, taking down PA Digitale's Urbi platform — which serves 1,300 Italian public administrations including 540 municipalities, the Quirinale presidency, ISTAT, the Bank of Italy, and the Ministry of Environment. Payroll, citizen services, and local-government workflows were degraded for weeks.

  6. Welhof data breach (2023)

    In late 2023, the Dutch appliance store Welhof suffered a data breach. The incident exposed over 100k unique email addresses along with names, physical addresses and the value of purchases made.

    Data breachResolved
  7. ALAB Laboratoria ransomware data leak

    The RA World ransomware gang breached Poland's nationwide ALAB Laboratoria medical-lab network, stealing patient test results and PESEL identity numbers. ALAB refused to pay, and the criminals published sensitive medical data on tens of thousands of patients in what became Poland's largest medical data breach.

  8. Zadig & Voltaire data breach (2023)

    In June 2024, a data brach sourced from French fashion brand Zadig & Voltaire was publicly posted to a popular hacking forum. The data included names, email and physical addresses, phone numbers and genders.

    Data breachResolved
  9. KitchenPal data breach (2023)

    In November 2023, the kitchen management application KitchenPal suffered a data breach that exposed 146k lines of data. When contacted about the incident, KitchenPal advised the corpus of data came from a staging environment, although acknowledged it contained a small number of users for debugging…

    Data breachResolved
  10. Blooms Today data breach (2023)

    In April 2024, 15M records from the online florist Blooms Today were listed for sale on a popular hacking forum. The most recent data in the breach corpus was from November 2023 and appeared alongside 3.2M unique email addresses, names, phone numbers physical addresses and partial credit card data…

    Data breachResolved
  11. ICBC Financial Services LockBit ransomware (2023)

    LockBit ransomware disrupted the U.S. broker-dealer arm of the world's largest bank, ICBC, jamming settlement of over $9 billion in U.S. Treasury trades. Bank staff sent critical settlement details by USB stick via a messenger across Manhattan. $62 billion of Treasuries failed to deliver in one day.

  12. Chess data breach (2023)

    In November 2023, over 800k user records were scraped from the Chess website and posted to a popular hacking forum. The data included email address, name, username and the geographic location of the user. A further 446k scraped records were later provided and added to HIBP.

    Data breachResolved
  13. LinkedIn Scraped and Faked Data (2023) data breach (2023)

    In November 2023, a post to a popular hacking forum alleged that millions of LinkedIn records had been scraped and leaked. On investigation, the data turned out to be a combination of legitimate data scraped from LinkedIn and email addresses constructed from impacted individuals' names.

    Data breachResolved
  14. British Library Rhysida ransomware (2023)

    Rhysida ransomware operators destroyed servers, demanded ~£600,000, and leaked 600 GB of internal data when the British Library refused to pay. The main catalogue did not return online — read-only — until January 2024. Recovery is consuming 40% of the Library's financial reserves.

  15. Boeing LockBit ransomware via Citrix Bleed (2023)

    LockBit operators exploited the Citrix Bleed vulnerability (CVE-2023-4966) to enter Boeing's parts and distribution business. Boeing did not pay; LockBit leaked roughly 45 GB of data, including Citrix logs, email backups, supplier lists, and 2020 pricing data.

  16. Okta support case-management system breach

    A threat actor used a stolen service-account credential — exposed via an employee's personal Google account — to access Okta's customer support case-management system, reading HAR files that contained session tokens and enabling session-hijacking against customers including 1Password, BeyondTrust and Cloudflare.

  17. Toumei data breach (2023)

    In October 2023, the Japanese consultancy firm Toumei suffered a data breach. The breach exposed over 100M lines and 10GB of data including 77k unique email addresses along with names, phone numbers and physical addresses.

  18. 23andMe credential-stuffing breach

    Attackers used credentials reused from prior breaches to access 23andMe accounts, then leveraged the 'DNA Relatives' feature to scrape ancestry and genetic profile data on 6.9 million users from compromised relatives' connections.

  19. Bangladesh Smart NID Telegram data leak

    A Telegram bot offered up the names, photos, parents' names, phone numbers and addresses of Bangladeshi voters on demand from a 10-digit NID number, leaked through one of 174 organisations with access to the Election Commission's National ID server.

  20. Facebook Marketplace data breach (2023)

    In February 2024, 200k Facebook Marketplace records allegedly obtained from a Meta contractor in October 2023 were posted to a popular hacking forum. The data contained 77k unique email addresses alongside names, phone numbers, Facebook profile IDs and geographic locations.

    Data breachResolved
  21. Shadow data breach (2023)

    In September 2023, the cloud gaming provider Shadow suffered a data breach that exposed over half a million customer records. The data included email and physical addresses, names and dates of birth.

    Data breachResolved
  22. PhilHealth Medusa ransomware attack

    The Medusa ransomware gang breached the Philippine Health Insurance Corporation, exfiltrating around 750 GB of sensitive member and medical data and demanding a $300,000 ransom; the government refused to pay and the data was leaked.

  23. Hong Kong Consumer Council ransomware attack

    A ransomware attack crippled roughly 80% of the Hong Kong Consumer Council's computer systems, with attackers exfiltrating about 65GB of data and demanding a US$500,000 ransom that the watchdog refused to pay.

  24. Naz.API data breach (2023)

    In September 2023, over 100GB of stealer logs and credential stuffing lists titled "Naz.API" was posted to a popular hacking forum. The incident contained a combination of email address and plain text password pairs alongside the service they were entered into, and standalone credential pairs…

    Data breachResolved
  25. IFX Networks supply-chain ransomware attack

    A ransomware attack on regional cloud provider IFX Networks cascaded into more than 50 Colombian state and private entities — including the Ministry of Health, the Judiciary, and the Superintendency of Industry and Commerce — and affected 762 organisations across Latin America.

  26. Lanka Government Cloud ransomware attack

    A ransomware attack on Sri Lanka's Lanka Government Cloud encrypted around 5,000 gov.lk email accounts — including the Cabinet Office — and, because backups were also encrypted, permanently destroyed roughly three months of government email.

  27. MGM Resorts ransomware (Scattered Spider + ALPHV)

    Scattered Spider vished an MGM IT-desk agent, gained Okta admin, and let ALPHV detonate ransomware. Casinos went offline for ten days; the loss to MGM exceeded $100 million.

  28. Sphero data breach (2023)

    In September 2023, over 1M rows of data from the educational robots company Sphero was posted to a popular hacking forum. The data contained 832k unique email addresses alongside names, usernames, dates of birth and geographic locations.

    Data breachResolved
  29. Market Moveis data breach (2023)

    In August 2023, the Portuguese home decor company Market Moveis suffered a data breach that impacted 28k records. The exposed records were limited to names and email addresses.

  30. Qakbot data breach (2023)

    In August 2023, the US Justice Department announced a multinational operation involving actions in the United States, France, Germany, the Netherlands, and the United Kingdom to disrupt the botnet and malware known as Qakbot and take down its infrastructure.

    Data breachResolved
  31. Caesars Entertainment Scattered Spider ransom payment (2023)

    Scattered Spider impersonated a Caesars employee on a call to a third-party IT support vendor and convinced the vendor to grant Okta credentials, then exfiltrated customer loyalty data including SSNs and driver's licences. Caesars paid roughly $15 million ransom; the FBI later froze a substantial portion of the funds with Chainalysis assistance.

  32. PlayCyberGames data breach (2023)

    In August 2023, PlayCyberGames which "allows users to play any games with LAN function or games using IP address" suffered a data breach which exposed 3.7M customer records. The data included email addresses, usernames and MD5 password hashes with a constant value in the "salt" field.

    Data breachResolved
  33. UK Electoral Commission data breach

    Chinese state-linked hackers exploited unpatched Microsoft Exchange ProxyShell flaws to dwell undetected in the UK Electoral Commission's systems for over a year, accessing electoral-register data on roughly 40 million voters.

  34. MagicDuel data breach (2023)

    In August 2023, the MagicDuel Adventure website suffered a data breach that exposed 138k user records. The data included player names, email and IP addresses and bcrypt password hashes.

    Data breachResolved
  35. Norwegian government Ivanti zero-day breach

    Attackers exploited an Ivanti Endpoint Manager Mobile zero-day (CVE-2023-35078, CVSS 10.0) to breach a shared ICT platform used by 12 Norwegian government ministries, with exploitation traced back to at least April 2023.

  36. eCitizen Anonymous Sudan DDoS attack

    The pro-Russian hacktivist group Anonymous Sudan flooded Kenya's eCitizen government portal with DDoS traffic, knocking out access to roughly 5,000 public services and disrupting M-Pesa, electricity tokens and visa processing for days.

  37. Manipulated Caiman data breach (2023)

    In July 2023, Perception Point reported on a phishing operation dubbed "Manipulated Caiman". Targeting primarily the citizens of Mexico, the campaign attempted to gain access to victims' bank accounts via spear phishing attacks using malicious attachments.

    Data breachResolved
  38. Rightbiz data breach (2023)

    In June 2023, data belonging to the "UK's No.1 Business Marketplace" Rightbiz appeared on a popular hacking forum. Comprising of more than 18M rows of data, the breach included 65k unique email addresses along with names, phone numbers and physical address.

  39. Bangladesh government citizen data leak

    A misconfigured Bangladeshi government birth-and-death registration website exposed the names, addresses, phone numbers and national ID numbers of more than 50 million citizens, discovered accidentally via a Google search.

  40. Fédération Francaise de Rugby data breach (2023)

    In June 2023, the Fédération Francaise de Rugby (French Rugby Federation) suffered a data breach and attempted ransom. The breach exposed 282k unique email addresses along with names, dates of birth and phone numbers.

  41. Dymocks data breach (2023)

    In September 2023, the Australian book retailer Dymocks announced a data breach. The data dated back to June 2023 and contained 1.2M records with 836k unique email addresses. The breach also exposed names, dates of birth, genders, phone numbers and physical addresses.

  42. BreachForums Clone data breach (2023)

    In June 2023, a clone of the previously shuttered popular hacking forum "BreachForums" suffered a data breach that exposed over 4k records. The breach was due to an exposed backup of the MyBB database which included email and IP addresses, usernames and Argon2 password hashes.

    Data breachResolved
  43. e-Devlet (e-Government Gateway) data breach

    Turkey's central e-Government portal was harvested for the records of an estimated 85 million citizens and residents, with ID numbers, addresses, phone numbers, family links, health and financial data sold online and updated in near real time.

  44. JD Group data breach (2023)

    In May 2023, the South African retailer JD Group announced a data breach affecting a number of their online assets including Bradlows, Everyshop, HiFi Corp, Incredible (Connection), Rochester, Russells, and Sleepmasters.

  45. MOVEit Transfer mass exploitation (Cl0p)

    Cl0p exploited CVE-2023-34362 in Progress Software's MOVEit Transfer to mass-extort over 2,700 organizations, including the BBC, British Airways, and the U.S. Department of Energy.

  46. Greek school-exam system DDoS attack

    A massive multi-day DDoS attack on Greece's 'Subject Bank' (Trapeza Thematon) high-school exam platform disrupted nationwide exams with up to 280,000 connections per second and 165 million hits from 114 countries, the largest attack on a Greek public body.

  47. Polish Credentials data breach (2023)

    In May 2023, a credential stuffing list of 6.3M Polish email address and password pairs appeared on a local forum. Likely obtained by malware running on victims' machines, each record included an email address and plain text password alongside the website the credentials were used on.

    Data breachResolved
  48. Xplain ransomware attack and Swiss federal data leak

    The Play ransomware gang breached Swiss IT supplier Xplain and leaked around 65,000 documents on the darknet, including sensitive Federal Administration files from the justice, police, and defence departments.

  49. Xplain Play ransomware and Swiss federal documents leak (2023)

    Play ransomware breached Swiss IT services provider Xplain, exfiltrating 1.3 million files. Approximately 65,000 documents belonging to the Swiss Federal Administration — including classified content, personal data, and readable passwords — were published on Play's dark-web leak site in June 2023.

  50. Microsoft Storm-0558 signing-key theft and US government email access (2023)

    China-based Storm-0558 forged authentication tokens using a stolen Microsoft consumer signing key and read email at approximately 25 organisations — including the US State Department, the Department of Commerce, and the U.S. Ambassador to China. The 'cascade of errors' that enabled it became a defining case for cloud-provider key custody.

  51. Danish energy sector attacks (SektorCERT)

    In May 2023, coordinated waves of attacks exploited Zyxel firewall vulnerabilities to breach 22 Danish energy companies, forcing some operators into island mode in what SektorCERT called Denmark's largest critical-infrastructure cyber incident to date.

  52. Bank Syariah Indonesia (BSI) ransomware attack

    The LockBit ransomware gang crippled Indonesia's largest Islamic bank for days, then leaked 1.5 TB of data covering some 15 million customers and employees after a $20 million ransom went unpaid.

  53. Le Coq Sportif Columbia data breach (2023)

    In January 2025, a data breach from the Columbian website for Le Coq Sportif was posted to a popular hacking forum. The data included almost 80k unique email addresses with the breach dating back to May 2023.

    Data breachResolved
  54. Jobzone data breach (2023)

    In April 2023, data from the Israeli jobs website Jobzone was posted online. The data included 30k records of email addresses, names, social security numbers, genders, dates of birth, fathers' names and physical addresses.

  55. RentoMojo data breach (2023)

    In April 2023, the Indian rental service RentoMojo suffered a data breach. The breach exposed over 2M unique email addresses along with names, phone, passport and Aadhaar numbers, genders, dates of birth, purchases and bcrypt password hashes.

    Data breachResolved
  56. Genesis Market data breach (2023)

    In April 2023, the stolen identity marketplace Genesis Market was shut down by the FBI and a coalition of law enforcement agencies across the globe in "Operation Cookie Monster".

    Data breachResolved
  57. 9Near Thailand 55-million citizen data extortion

    A hacker using the alias '9Near' threatened to leak the personal data of 55 million Thais, allegedly sourced via the government's Mor Prom health app; an army sergeant was later identified and surrendered.

  58. Capita ransomware attack

    A Black Basta ransomware intrusion into UK outsourcing giant Capita exposed pension and personal data on roughly 6.6 million people, drew a £14 million ICO fine, and cost the company over £25 million.

  59. Tigo data breach (2023)

    In Mid-2023, 300GB of data containing over 100M records from the Chinese video chat platform "Tigo" dating back to March that year was discovered. The data contained over 700k unique names, usernames, email and IP addresses, genders, profile photos and private messages.

    Data breachResolved
  60. 3CX supply-chain attack (DPRK)

    North Korea-linked actors trojanized the 3CXDesktopApp softphone client, distributing the SmoothOperator malware through a legitimately-signed update to a customer base of over 600,000 organizations — the first documented cascading software supply-chain compromise, itself enabled by a prior breach of trading software X_TRADER.

  61. Ferrari ransom-driven data breach

    Ferrari disclosed that a threat actor had breached its systems and demanded a ransom over stolen client contact data — names, addresses, emails and phone numbers — which the luxury carmaker refused to pay.

  62. Latitude Financial Services data breach

    Australian consumer-credit lender Latitude Financial disclosed that attackers had exfiltrated 14 million records — including 7.9 million driver's licence numbers and 53,000 passport numbers — via credentials stolen from a service provider.

  63. MediaWorks data breach (2023)

    In March 2024, millions of rows of data from the New Zealand media company MediaWorks was publicly posted to a popular hacking forum. The incident exposed 163k unique email addresses provided by visitors who filled out online competitions and included names, physical addresses, phone numbers, dates…

  64. DC Health Link data breach (2023)

    In March 2023, DC Health Link discovered a data breach that was later publicly posted to a popular data breach forum. The impacted data included 48k unique email addresses alongside names, genders, dates of birth, home addresses, phone numbers and social security numbers.and "IntelBroker".

    Data breachResolved
  65. CityJerks data breach (2023)

    In early 2023, the "mutual masturbation" website CityJerks suffered a data breach that exposed 177k unique email addresses. The breach also included data from the TruckerSucker "dating app for REAL TRUCKERS and REAL MEN" with the combined corpus of data also exposing usernames, IP addresses, dates…

    Data breachResolved
  66. TheGradCafe data breach (2023)

    In February 2023, the grad school admissions search website TheGradCafe suffered a data breach that disclosed the personal records of 310k users. The data included email addresses, names and usernames, genders, geographic locations and passwords stored as bcrypt hashes.

    Data breachResolved
  67. Phished Data via CERT Poland data breach (2023)

    In August 2023, CERT Poland observed a phishing campaign that collected credentials from 68k victims. The campaign collected email addresses and passwords via a phishing email masquerading as a purchase order confirmation.

    Data breachResolved
  68. HDB Financial Services data breach (2023)

    In March 2023, the Indian non-bank lending unit HDB Financial Services suffered a data breach that disclosed over 70M customer records. Containing 1.6M unique email addresses, the breach also disclosed names, dates of birth, phone numbers, genders, post codes and loan information belonging to the…

    Data breachResolved
  69. Flutterwave unauthorized-transfer incidents

    Nigeria's largest fintech suffered a series of unauthorized-transfer incidents in 2023, including a ₦2.9 billion ($4.2M) diversion across 28 accounts and a later ₦19 billion ($24M) loss via abused POS-merchant access, prompting Mareva injunctions to freeze thousands of beneficiary accounts.

    fraudinvestigatingNigeria$24.0M
  70. The Kodi Foundation data breach (2023)

    In February 2023, The Kodi Foundation suffered a data breach that exposed more than 400k user records. Attributed to an account belonging to "a trusted but currently inactive member of the forum admin team", the breach involved the administrator account creating a database backup that was…

    Data breachResolved
  71. Indigo Books LockBit ransomware

    LockBit affiliates encrypted Canada's largest bookseller, taking the website and in-store payment systems offline for weeks. Indigo publicly refused the ransom; LockBit published employee personal data.

  72. Convex data breach (2023)

    In February 2023, the Russian telecommunications provider Convex was hacked by "Anonymous" who subsequently released 128GB of data publicly, alleging it revealed illegal government surveillance. The leaked data contained 150k unique email, IP and physical addresses, names and phone numbers.

  73. Terravision data breach (2023)

    In February 2023, the European airport transfers service Terravision suffered a data breach. The breach exposed over 2M records of customer data including names, phone numbers, email addresses, salted password hashes and in some cases, date of birth and country of origin.

    Data breachResolved
  74. iRent Taiwan customer data exposure

    An unsecured, password-free cloud database belonging to Hotai Motor's iRent car-sharing service exposed roughly 4.2 terabytes of data on more than 400,000 customers, including driver's-license photos, selfies, and partial payment-card details.

  75. Eye4Fraud data breach (2023)

    In February 2023, data alleged to have been taken from the fraud protection service Eye4Fraud was listed for sale on a popular hacking forum. Spanning tens of millions of rows with 16M unique email addresses, the data was spread across 147 tables totalling 65GB and included both direct users of the…

    Data breachResolved
  76. Duolingo data breach (2023)

    In August 2023, 2.6M records of data scraped from Duolingo were broadly distributed on a popular hacking forum. Obtained by enumerating a vulnerable API, the data had earlier appeared for sale in January 2023 and contained email addresses, names, the languages being learned, XP (experience points),…

    Data breachResolved
  77. School District 42 data breach (2023)

    In January 2023, Pitt Meadows School District 42 in British Columbia suffered a data breach. The incident exposed the names and email addresses of approximately 19k students and staff which were consequently redistributed on a popular hacking forum.

  78. Planet Ice data breach (2023)

    In January 2023, the UK-based ice skating rink booking service Planet Ice suffered a data breach. The incident exposed the personal data of 240k people including email and physical addresses, phone numbers, genders, dates of birth and passwords stored as MD5 hashes.

  79. Royal Mail LockBit ransomware

    LockBit affiliates encrypted Royal Mail's international export systems, halting all overseas postal services from the U.K. for six weeks. Royal Mail publicly refused the £65.7M ransom demand; LockBit progressively leaked exfiltrated data.

  80. Zurich data breach (2023)

    In January 2023, the Japanese arm of Zurich insurance suffered a data breach that exposed 2.6M customer records with over 756k unique email addresses. The data was subsequently posted to a popular hacking forum and also included names, genders, dates of birth and details of insured vehicles.

  81. Autotrader data breach (2023)

    In January 2023, 1.4M records from the Autotrader online vehicle marketplace appeared on a popular hacking forum. Autotrader stated that the "data in question relates to aged listing data that was generally publicly available on our site at the time and open to automated collection methods".

    Data breachResolved
  82. iD Tech data breach (2023)

    In February 2023, the tech camps for kids service iD Tech had almost 1M records posted to a popular hacking forum. The data included 415k unique email addresses, names, dates of birth and plain text passwords which appear to have been breached in the previous month.

    Data breachResolved

2022

99 incidents
  1. RailYatri data breach (2022)

    In December 2022, India’s government-approved online travel agency RailYatri suffered a data breach. The incident impacted over 31M customers and exposed 23M unique email addresses. Also impacted were names, genders, phone numbers and tickets purchased, including travel information and fares.

  2. SickKids hospital ransomware attack

    Toronto's Hospital for Sick Children was hit by a ransomware attack over the December 2022 holidays that delayed lab and imaging results; in a rare move, the LockBit gang apologized, blamed a rogue affiliate, and released a free decryptor.

  3. Gemini data breach (2022)

    In late 2022, a hacker posted a data set to a public hacking forum which they alleged was sourced from the Gemini crypto exchange, a claim that was later proven to be false as the data was traced back to an incident at a third-party vendor.

    Data breachResolved
  4. EPM BlackCat ransomware attack

    The BlackCat/ALPHV ransomware gang crippled Colombia's largest public utility, Empresas Públicas de Medellín, forcing 4,000 staff to work offline and disrupting electricity, water, and gas billing across 123 municipalities.

  5. SevenRooms data breach (2022)

    In December 2022, over 400GB of data belonging to restaurant customer management platform SevenRooms was posted for sale to a popular hacking forum. The data included 1.2M unique email addresses alongside names and purchases.

    Data breachResolved
  6. Activision data breach (2022)

    In December 2022, attackers socially engineered an Activision HR employee into disclosing information which led to the breach of almost 20k employee records. The data contained 16k unique email addresses along with names, phone numbers, job titles and the office location of the employee.

    Data breachResolved
  7. GunAuction.com data breach (2022)

    In December 2022, the online firearms auction website GunAuction.com suffered a data breach which was later discovered left unprotected on the hacker's server.

    Data breachResolved
  8. CoinTracker data breach (2022)

    In December 2022, the Crypto & NFT taxes service CoinTracker reported a data breach that impacted over 1.5M of their customers. The company later attributed the breach to a compromise SendGrid in an attack that targeted multiple customers of the email provider.

    Data breachResolved
  9. BreachForums data breach (2022)

    In November 2022, the well-known hacking forum "BreachForums" was itself, breached. Later the following year, the operator of the website was arrested and the site seized by law enforcement agencies.

    Data breachResolved
  10. Keralty / Sanitas RansomHouse ransomware attack

    The RansomHouse gang struck Colombian healthcare giant Keralty and its EPS Sanitas and Colsanitas subsidiaries, claiming 3 TB of stolen data and crippling appointment scheduling for a network serving more than 6 million patients.

  11. Movie Forums data breach (2022)

    In December 2022, the Movie Forums website suffered a data breach that affected 40k users. The breach exposed email and IP addresses, usernames, dates of birth and passwords stored as easily crackable salted MD5 hashes. The data was subsequently posted a popular clear web hacking forum.

    Data breachResolved
  12. AIIMS Delhi ransomware

    Ransomware encrypted the All India Institute of Medical Sciences in New Delhi — India's most prestigious public hospital — taking patient registration and clinical records offline for two weeks during peak winter patient load.

  13. Avito data breach (2022)

    In November 2022, the Moroccan e-commerce service Avito suffered a data breach that exposed the personal information of 2.7M customers. The data included name, email, phone, IP address and geographic location.

    Data breachResolved
  14. Washington State Food Worker Card data breach (2022)

    In June 2023, the Tacoma-Pierce County Health Department announced a data breach of their Washington State Food Worker Card online training system. The breach was published to a popular hacking forum the year before and dated back to a 2018 database backup.

    Data breachResolved
  15. Abandonia (2022) data breach (2022)

    In November 2022, the gaming website dedicated to classic DOS games Abandonia suffered a data breach resulting in the exposure of 920k unique user records. This breach was in addition to another one 7 years earlier in 2015.

    Data breachResolved
  16. AirAsia ransomware attack (Daixin Team)

    The Daixin Team ransomware gang breached AirAsia, stealing and leaking personal data on roughly 5 million unique passengers and all of the airline's employees, after the carrier reportedly declined to negotiate a ransom.

  17. DSB Danish railways shutdown (Supeo supply-chain)

    A cyberattack on subcontractor Supeo forced it to shut down its servers, disabling a mobile app train drivers rely on for operational data and halting all DSB trains across Denmark for several hours — a textbook supply-chain disruption of critical transport.

  18. MyPertamina data breach (2022)

    In November 2022, the Indonesian oil and gas company Pertamina suffered a data breach of their MyPertamina service. The incident exposed 44M records with 6M unique email addresses along with names, dates of birth, genders, physical addresses and purchases.

  19. RealDudesInc data breach (2022)

    In October 2022, the GTA mod menu provider RealDudesInc suffered a data breach that exposed over 100k email addresses (many of which are temporary guest account addresses). The breach also included usernames and bcrypt password hashes.

    Data breachResolved
  20. Medibank ransomware (REvil-affiliated)

    Russian-speaking attackers exfiltrated full health-claim records on 9.7 million current and former Medibank customers, then released them in tranches on the dark web after the Australian insurer refused to pay.

  21. Doomworld data breach (2022)

    In October 2022, the Doomworld fourm suffered a data breach that exposed 34k member records. The data included email and IP addresses, usernames and bcrypt password hashes.

    Data breachResolved
  22. Locally data breach (2022)

    In October 2022, "The Industry's Leading Online-to-Offline Shopping Solution" Locally suffered a data breach. Whilst Locally acknowledged the breach privately, it's unknown whether impacted customers were subsequently notified of the incident which exposed over 362k names, phone numbers, email and…

    Data breachResolved
  23. ClickASnap data breach (2022)

    In September 2022, the online photo sharing platform ClickASnap suffered a data breach. The incident exposed almost 3.3M personal records including email addresses, usernames and passwords stored as SHA-512 hashes.

    Data breachResolved
  24. Traderie data breach (2022)

    In September 2022, the in-game trading marketplace Traderie suffered a data breach that exposed almost 400k records (this preceded a subsequent breach the following year). The incident exposed email and IP addresses, usernames and links to social media profiles.

    Data breachResolved
  25. Chilean Joint Chiefs of Staff (EMCO) Guacamaya leak

    The hacktivist group Guacamaya breached the Chilean armed forces' Estado Mayor Conjunto, exfiltrating over 400,000 emails from 162 military accounts spanning a decade and exposing sensitive national-defense intelligence and operational documents.

  26. Optus customer data breach

    An unauthenticated API endpoint exposed personal data of 9.8 million current and former Optus customers — names, dates of birth, passport and driver's licence numbers — to a single anonymous attacker.

  27. Online Trade (Онлайн Трейд) data breach (2022)

    In September 2022, the Russian e-commerce website Online Trade (Онлайн Трейд) suffered a data breach that exposed 3.8M customer records. The data included email and IP addresses, names, phone numbers, dates of birth and MD5 password hashes.

  28. Rockstar Games GTA VI leak (Lapsus$)

    A teenage Lapsus$ member breached Rockstar Games' internal Slack and developer systems via social engineering, then leaked roughly 90 in-development clips of the unreleased Grand Theft Auto VI — one of the largest leaks in video-game history.

  29. Uber Lapsus$ social-engineering breach

    An 18-year-old affiliated with Lapsus$ socially engineered an Uber contractor, defeated MFA through an hour-long push-bombing campaign, then found hardcoded admin credentials on an internal share that unlocked Uber's AWS, G-Suite, Slack, and HackerOne dashboards.

  30. Get Revenge On Your Ex data breach (2022)

    In September 2022, the revenge website Get Revenge On Your Ex suffered a data breach that exposed almost 80k unique email addresses. The data spanned both customers and victims including names, IP and physical addresses, phone numbers, purchase histories and plain text passwords.

    Data breachResolved
  31. APK.TW data breach (2022)

    In September 2022, the Taiwanese Android forum APK.TW suffered a data breach that was later redistributed as part of a larger corpus of data. The breach exposed 2.5M unique email addresses along with IP addresses, usernames and salted MD5 password hashes.

    Data breachResolved
  32. Misattributed Flipkart Data data breach (2022)

    In September 2022, over 500k customer records alleged to have been sourced from the Indian e-commerce service Flipkart appeared on a popular hacking forum.

    Data breachResolved
  33. Wakanim data breach (2022)

    In August 2022, the European streaming service Wakanim suffered a data breach which was subsequently advertised and sold on a popular hacking forum. The breach exposed 6.7M customer records including email, IP and physical addresses, names and usernames.

    Data breachResolved
  34. TAP Air Portugal ransomware breach

    The Ragnar Locker ransomware gang breached Portugal's flag carrier, exfiltrating and later publishing 581 GB of data on roughly 1.5 million customers, exposing names, dates of birth, addresses and contact details for over 5 million email accounts.

  35. SERNAC government ransomware attack

    Ransomware encrypted the Microsoft and VMware ESXi servers of Chile's National Consumer Service (SERNAC), disrupting its systems and online services and prompting the government CSIRT to issue a state-wide cybersecurity alert.

  36. Brand New Tube data breach (2022)

    In August 2022, the streaming website Brand New Tube suffered a data breach that exposed the personal information of almost 350k subscribers. The impacted data included email and IP addresses, usernames, genders, passwords stored as unsalted SHA-1 hashes and private messages.

    Data breachResolved
  37. Latest Pilot Jobs data breach (2022)

    In August 2022, the Latest Pilot Jobs website suffered a data breach that later appeared on a popular hacking forum before being redistributed as part of a larger corpus of data. The data included 119k unique email addresses along with names, usernames and unsalted MD5 password hashes.

    Data breachResolved
  38. GGCorp data breach (2022)

    In August 2022, the MMORPG website GGCorp suffered a data breach that exposed almost 2.4M unique email addresses. The data also included IP addresses, usernames and MD5 password hashes.

    Data breachResolved
  39. iMenu360 data breach (2022)

    In approximately late 2022, 3.4M customer records from iMenu360 ("The world's #1 most trusted online ordering platform") were exposed. The data appeared to be from ordering systems using the platform and contained email and physical addresses, latitudes and longitudes, names and phone numbers.

    Data breachResolved
  40. LastPass two-stage breach and customer vault theft (2022)

    An August 2022 source-code theft from one LastPass developer's laptop chained into a November 2022 compromise of a DevOps engineer's personal computer — yielding access to backups of customer password vaults. Federal investigators later linked LastPass-stolen vaults to a $150 million crypto heist.

  41. Shitexpress data breach (2022)

    In August 2022, the online faeces delivery service Shitexpress suffered a data breach that exposed 24k unique email addresses. The addresses spanned invoices, gift cards, promotions and PayPal records.

    Data breachResolved
  42. Advanced / NHS 111 ransomware attack

    A LockBit 3.0 ransomware attack on NHS software supplier Advanced took down the NHS 111 triage service and forced clinicians back to pen and paper, exposing data on tens of thousands of patients and drawing a £3.07 million ICO fine.

  43. DoorDash data breach (2022)

    In August 2022, the food ordering and delivery service DoorDash disclosed a data breach that impacted a portion of their customers. DoorDash attributed the breach to an unnamed "third-party vendor" they stated was the victim of a phishing campaign.

    Data breachResolved
  44. Continental AG LockBit ransomware (Germany, 2022)

    LockBit operators infiltrated parts of German auto-parts giant Continental AG's IT systems in August 2022. Containment was initially declared, but in November the group put 40 terabytes of stolen Continental data on its dark-web leak site, offered for sale or destruction for $50 million.

  45. Greek Predatorgate surveillance scandal

    Greece's 'Predatorgate' wiretapping scandal exposed the use of Intellexa/Cytrox's Predator spyware and parallel legal surveillance against journalists, politicians and officials, toppling intelligence chiefs and ending in landmark 2026 convictions.

  46. Didi Global data security enforcement case

    China's cyberspace regulator fined ride-hailing giant Didi Global RMB 8.026 billion (about $1.2 billion) after a year-long review found 16 violations of the Cybersecurity Law, Data Security Law and Personal Information Protection Law, including the illegal collection of facial-recognition, location and clipboard data from hundreds of millions of riders and drivers.

  47. Exvagos data breach (2022)

    In July 2022, the direct download website Exvagos suffered a data breach that was later redistributed as part of a larger corpus of data. The breach exposed 2.1M unique email addresses along with IP addresses, usernames, dates of birth and MD5 password hashes.

    Data breachResolved
  48. Hjedd data breach (2022)

    In July 2022, the Chinese adult website Hjedd was found to be leaking more than 13M customer records which subsequently appeared on a popular hacking forum. The exposed data included email and IP addresses, usernames and passwords stored as bcrypt hashes.

    Data breachResolved
  49. Albania HomeLand Justice destructive wiper (Iran MOIS, 2022)

    Iran's Ministry of Intelligence and Security, operating as 'HomeLand Justice', spent 14 months dwelling in Albanian government networks before launching ransomware-style file encryption and disk-wiping malware. Albania suspended online public services and became the first country in history to sever diplomatic ties with another state over a cyberattack.

  50. Vietnam 30-million student records sale

    A hacker using the alias 'meli0das' put the records of more than 30 million Vietnamese students and staff up for sale on a hacking forum for $3,500 in Monero, allegedly sourced from a major education platform.

  51. OGUsers (2022 breach) data breach (2022)

    In July 2022, the account hijacking and SIM swapping forum OGusers suffered a data breach, the fifth since December 2018. The breach contained usernames, email and IP addresses and passwords stored as argon2 hashes. A total of 529k unique email addresses appeared in the breach.

    Data breachResolved
  52. Weee data breach (2022)

    In February 2023, data belonging to the Asian and Hispanic food delivery service Weee appeared on a popular hacking forum. Dating back to mid-2022, the data included 1.1M unique email addresses from 11M rows of orders containing names, phone numbers and delivery instructions.

    Data breachResolved
  53. Vultr data breach (2022)

    In March 2023, the "AI-first global cloud platform" Vultr disclosed a security incident at a third-party vendor. Dating back to the previous year, the incident was attributed to the ActiveCampaign email marketing service provider and resulted in the exposure of 188k unique email addresses.

    Data breachResolved
  54. La Poste Mobile data breach (2022)

    In July 2022, the French telecommunications company La Poste Mobile was the target of an attack by the LockBit ransomware which resulted in company data being published publicly.

  55. Shanghai National Police database leak

    An exposed Shanghai Public Security Bureau database left a hacker known as 'ChinaDan' offering 23 terabytes of data on roughly 1 billion Chinese residents — names, national ID numbers, phone numbers, addresses and police case records — for 10 bitcoin, in what is widely regarded as the largest government data breach in Chinese history.

  56. Adopt Me Trading Values data breach (2022)

    In July 2022, the Adopt Me Trading Values website for assessing the value of pet trades within the "Adopt Me!" Roblox game suffered a data breach that was later redistributed as part of a larger corpus of data.

    Data breachResolved
  57. Iranian steel plants cyber-sabotage

    Predatory Sparrow compromised industrial control systems at three major Iranian steelmakers, halting production and — in CCTV footage the group released — causing a machine at Khouzestan Steel to spew molten metal and fire across the factory floor.

  58. Altenen data breach (2022)

    In June 2022, the malicious "carding" (referring to credit card fraud) website Altenen suffered a data breach that was later redistributed as part of a larger corpus of data. The data included 1.3M unique email addresses, usernames, bcrypt password hashes and cryptocurrency wallet addresses.

    Data breachResolved
  59. Disk Union data breach (2022)

    In June 2022, the Japanese record chain store Disk Union suffered a data breach. The incident exposed 690k unique email addresses along with names, post codes, phone numbers and plain text passwords.

    Data breachResolved
  60. MemeChat data breach (2022)

    In mid-2022, "the ultimate hub of memes" MemeChat suffered a data breach that exposed 7.4M records. Alleged to be due to a misconfigured Elasticsearch instance, the data contained 4.3M unique email addresses alongside usernames.

    Data breachResolved
  61. TNAFlix data breach (2022)

    In June 2022, the adult website TNAFlix suffered a data breach that was later redistributed as part of a larger corpus of data. The data included 1.4M records of email and IP addresses, usernames and plain text passwords.

    Data breachResolved
  62. CCSS Hive ransomware attack

    The Hive ransomware group crippled Costa Rica's national public-health insurer, the CCSS, encrypting more than 800 servers, forcing hospitals back to paper, and cancelling tens of thousands of medical appointments.

  63. WiredBucks data breach (2022)

    In May 2022, the now defunct social media influencer platform WiredBucks suffered a data breach that was later redistributed as part of a larger corpus of data.

    Data breachResolved
  64. Carinthia state government BlackCat ransomware attack

    The BlackCat/ALPHV ransomware gang encrypted around 3,000 computers of Austria's Carinthia state government and demanded $5 million, halting passport issuance, traffic-fine processing and COVID-19 contact tracing for weeks. The state refused to pay and rebuilt from backups.

  65. QuestionPro data breach (2022)

    In May 2022, the survey website QuestionPro was the target of an extortion attempt relating to an alleged data breach. Over 100GB of data containing 22M unique email addresses (some of which appear to be generated by the platform), are alleged to have been extracted from the service along with IP…

    Data breachResolved
  66. Amart Furniture data breach (2022)

    In May 2022, the Australian retailer Amart Furniture advised that their warranty claims database hosted on Amazon Web Services had been the target of a cyber attack.

  67. Mangatoon data breach (2022)

    In May 2022, the Hong Kong based Manga service Mangatoon suffered a data breach that exposed 23M subscriber records. The breach exposed names, email addresses, genders, social media account identities, auth tokens from social logins and passwords stored as salted MD5 hashes.

    Data breachResolved
  68. BlackBerry Fans data breach (2022)

    In May 2022, the Chinese BlackBerry enthusiasts website BlackBerry Fans suffered a data breach that exposed 174k member records. The impacted data included usernames, email and IP addresses and passwords stored as salted MD5 hashes.

    Data breachResolved
  69. Gemotest medical laboratory data breach

    A database from Russian medical-testing chain Gemotest was offered on a hacking forum, with sellers claiming data on 31 million clients — names, passport and insurance numbers, dates of birth, addresses, phone numbers and email addresses. Have I Been Pwned later indexed about 6.3 million unique email addresses from the leak.

  70. Fanpass data breach (2022)

    In April 2022, the UK based website for buying and selling soccer tickets Fanpass suffered a data breach which exposed 112k customer records. Impacted data includes names, phone numbers, physical addresses, purchase histories and salted password hashes.

  71. PaySystem.tech data breach (2022)

    In mid-2022, data alleged to have been sourced from the Russian payment provider PaySystem.tech appeared in hacking circles where it was made publicly available for download.

    Data breachResolved
  72. Conti ransomware attack on the Government of Costa Rica

    Conti encrypted 27 Costa Rican government institutions including the Ministry of Finance, paralyzing tax collection and customs for months. President Chaves declared a national emergency — the first cyber-incident state of emergency in history.

  73. E-Pal data breach (2022)

    In October 2022, the service dedicated to finding friends on Discord known as E-Pal disclosed a data breach. The compromised data included over 100k unique email addresses and usernames spanning approximately 1M orders. The data was subsequently distributed via a popular hacking forum.

    Data breachResolved
  74. PayHere data breach (2022)

    In late March 2022, the Sri Lankan payment gateway PayHere suffered a data breach that exposed more than 65GB of payment records including over 1.5M unique email addresses.

    Data breachResolved
  75. Ronin Bridge heist

    Lazarus operators compromised five of nine Ronin validator nodes and forged withdrawal signatures, draining 173,600 ETH and 25.5 million USDC (~$625M) — the largest cryptocurrency theft on record at the time.

  76. Okta Lapsus$ third-party support breach

    The Lapsus$ extortion group compromised a laptop belonging to a support engineer at Okta subprocessor Sitel, gaining a 25-minute window of access in January 2022 that touched two customer tenants. The breach only became public when Lapsus$ posted screenshots in March.

  77. Hellenic Post (ELTA) ransomware attack

    A ransomware attack attributed to the Vice Society gang paralysed Greece's national postal operator ELTA for roughly eight days, halting financial services and pension payments, with data later leaked and a €2.99 million GDPR fine in 2024.

  78. TransUnion South Africa breach (South Africa, 2022)

    Threat actor N4ughtySecTU breached TransUnion South Africa using a client account secured with the password 'Password', then demanded a $15 million ransom. TransUnion confirmed millions of consumers' personal data were compromised.

  79. Viva Air data breach (2022)

    In March 2022, the now defunct Colombian airline Viva Air suffered a data breach and subsequent ransomware attack. Among a trove of other ransomed data, the incident exposed a log of 2.6M transactions with 932k unique email addresses, physical and IP addresses, names, phone numbers and partial…

    Data breachResolved
  80. CDEK data breach (2022)

    In early 2022, a collective known as IT Army whose stated goal is to "completely de-anonymise most Russian users by leaking hundreds of gigabytes of databases" published over 30GB of data allegedly sourced from Russian courier service CDEK.

  81. Mercado Libre source-code and user-data breach

    The Lapsus$ extortion group accessed part of Mercado Libre's source code and the data of around 300,000 users, claiming to have reached 24,000 internal repositories of the Latin American e-commerce and fintech giant.

  82. Rompetrol Hive ransomware attack

    The Hive ransomware gang hit Rompetrol, operator of Romania's largest oil refinery Petromidia, demanding a $2 million ransom and knocking out the Fill&Go payment service and corporate websites while refinery operations continued.

  83. CraftRise data breach (2022)

    In May 2023, news broke of a data breach of the Turkish Minecraft server known as CraftRise. The data of over 2.5M users was subsequently shared on a popular hacking forum and included email addresses, usernames, geographic locations and plain text passwords.

  84. Yandex.Eda customer data leak

    Yandex's food-delivery service Yandex.Eda leaked the names, phone numbers, addresses, intercom codes and order details of more than 58,000 customers, which were later mapped onto an interactive public website. Russian regulator Roskomnadzor opened a case and a Moscow court fined the company 60,000 rubles.

  85. Explore Talent (July 2024) data breach (2022)

    In July 2024, a data breach attributed to Explore Talent was publicly posted to a popular hacking forum. Containing 5.7M rows with 5.4M unique email addresses, the incident has been described by various sources as occurring between early 2022 to 2023 and also contains names, phone numbers and…

    Data breachResolved
  86. Toyota Kojima Industries supply-chain cyberattack (2022)

    An attack on Toyota plastics-and-electronics supplier Kojima Industries paralysed one server enough to halt production at all 14 of Toyota's Japanese plants — about 13,000 vehicles of daily output — making the case the canonical example of just-in-time manufacturing's cyber-fragility.

  87. Viasat KA-SAT AcidRain wiper

    One hour before Russia's invasion of Ukraine, Sandworm operators deployed the AcidRain wiper against Viasat KA-SAT satellite modems, bricking ~30,000 European terminals and 5,800 German wind turbines and disabling Ukrainian military command-and-control.

  88. NVIDIA data breach (2022)

    In February 2022, microchip company NVIDIA suffered a data breach that exposed employee credentials and proprietary code. Impacted data included over 70k employee email addresses and NTLM password hashes, many of which were subsequently cracked and circulated within the hacking community.

    Data breachResolved
  89. A1 Hrvatska data breach

    Croatian mobile carrier A1 Hrvatska disclosed unauthorized access to a customer database exposing the names, personal identification numbers, addresses and phone numbers of roughly 200,000 subscribers — about 10% of its customer base.

  90. GiveSendGo data breach (2022)

    In February 2022, the Christian fundraising service GiveSendGo suffered a data breach which exposed the personal data of 90k donors to the Canadian "Freedom Convoy" protest against vaccine mandates.

    Data breachResolved
  91. Vodafone Portugal network sabotage

    A deliberate cyberattack on Vodafone Portugal knocked out 4G/5G mobile data, fixed voice, SMS and television for millions of customers nationwide, disrupting emergency, hospital and ATM services for days.

  92. Swissport ransomware attack

    The BlackCat (ALPHV) ransomware gang struck aviation ground-handling giant Swissport, delaying flights at Zurich Airport and stealing 1.6 TB of data that was later leaked online.

  93. Leaked Reality data breach (2022)

    In January 2022, the now defunct uncensored video website Leaked Reality suffered a data breach that exposed 115k unique email addresses. The data also included usernames, IP addresses and passwords stored as either MD5 or phpass hashes.

    Data breachResolved
  94. MacGeneration data breach (2022)

    In January 2022, the French Apple news website MacGeneration suffered a data breach. The incident exposed over 100k usernames, email addresses and passwords stored as salted SHA-512 hashes. After discovering the incident, MacGeneration self-submitted data to HIBP.

    Data breachResolved
  95. Sundry Files data breach (2022)

    In January 2022, the now defunct file upload service Sundry Files suffered a data breach that exposed 274k unique email addresses. The data also included usernames, IP addresses and passwords stored as salted SHA-256 hashes.

    Data breachResolved
  96. WhisperGate wiper attack

    On the eve of Russia's invasion, a destructive wiper disguised as ransomware corrupted master boot records and files across dozens of Ukrainian government, IT and non-profit organisations, defacing official websites and signalling the cyber dimension of the coming war.

  97. Doxbin data breach (2022)

    In January 2022, the "doxing" website designed to disclose the personal information of targeted individuals ("doxes") Doxbin suffered a data breach. The breach was subsequently leaked online and included over 370k unique email addresses across user accounts and doxes.

    Data breachResolved
  98. Impresa media group ransomware attack

    The Lapsus$ group seized the Amazon Web Services account of Impresa, Portugal's largest media conglomerate, knocking the Expresso newspaper and SIC television channels offline, defacing their websites and hijacking Expresso's verified Twitter account in what authorities called the country's largest ransomware attack.

  99. Twitter data breach (2022)

    In January 2022, a vulnerability in Twitter's platform allowed an attacker to build a database of the email addresses and phone numbers of millions of users of the social platform.

    Data breachResolved

2021

122 incidents
  1. Amedia ransomware attack

    A ransomware attack encrypted the central systems of Amedia, Norway's largest local-newspaper group, halting presses and disrupting subscription and advertising systems for more than 70 titles serving around 2 million readers. Amedia refused to pay.

  2. Carding Mafia (December 2021) data breach (2021)

    In December 2021, the Carding Mafia forum suffered a data breach that exposed over 300k members' email addresses. Dedicated to the theft and trading of stolen credit cards, the forum breach also exposed usernames, IP addresses and passwords stored as salted MD5 hashes.

    Data breachResolved
  3. FlexBooker data breach (2021)

    In December 2021, the online booking service FlexBooker suffered a data breach that exposed 3.7 million accounts. The data included email addresses, names, phone numbers and for a small number of accounts, password hashes and partial credit card data.

    Data breachResolved
  4. Log4Shell (Apache Log4j CVE-2021-44228)

    A trivially exploitable remote code execution flaw in Apache Log4j 2, the ubiquitous Java logging library, scored a maximum CVSS 10.0 and exposed hundreds of millions of devices and applications worldwide to instant takeover via a single crafted log string.

  5. RedLine Stealer data breach (2021)

    In December 2021, logs from the RedLine Stealer malware were left publicly exposed and were then obtained by security researcher Bob Diachenko. The data included 441 thousand unique email addresses, usernames and plain text passwords.

    Data breachResolved
  6. Aditya Birla Fashion and Retail data breach (2021)

    In December 2021, Indian retailer Aditya Birla Fashion and Retail Ltd was breached and ransomed. The ransom demand was allegedly rejected and data containing 5.4M unique email addresses was subsequently dumped publicly on a popular hacking forum the next month.

    Data breachResolved
  7. BDO Unibank 'Mark Nagoyo' account-takeover fraud

    Over 700 customers of the Philippines' largest bank, BDO Unibank, lost money through unauthorized online transfers routed to UnionBank accounts under the alias 'Mark Nagoyo'; five suspects were later arrested and BDO reimbursed victims.

  8. Travelio data breach (2021)

    In November 2021, the Indonesian real estate website Travelio suffered a data breach that exposed over 470k customer accounts. The data included email addresses, names, password hashes, phone numbers and for some accounts, dates of birth, physical address and Facebook auth tokens.

    Data breachResolved
  9. ZAP-Hosting data breach (2021)

    In November 2021, web host ZAP-Hosting suffered a data breach that exposed over 60GB of data containing 746k unique email addresses. The breach also contained support chat logs, IP addresses, names, purchases, physical addresses and phone numbers.

    Data breachResolved
  10. Stripchat data breach (2021)

    In November 2021, the live sex cams and adult chat website Stripchat left several databases exposed and unsecured. In June the following year, over 10M Stripchat records appeared on a popular hacking forum. The exposed data included usernames, email addresses and IP addresses.

    Data breachResolved
  11. Robinhood data breach (2021)

    In November 2021, the online trading platform Robinhood suffered a data breach after a customer service representative was socially engineered. The incident exposed over 5M customer email addresses and 2M customer names.

    Data breachResolved
  12. BTC-Alpha data breach (2021)

    In November 2021, the crypto exchange platform BTC-Alpha suffered a ransomware attack data breach after which customer data was publicly dumped. The impacted data included 362k email and IP addresses, usernames and passwords stored as PBKDF2 hashes.

    Data breachResolved
  13. Newfoundland and Labrador health-system cyberattack

    A Hive ransomware attack on Newfoundland and Labrador's health-care network crippled IT systems across the province, forcing the cancellation of thousands of appointments and procedures in what officials called the worst cyberattack in Canadian history.

  14. Atraf / Cyberserve breach by Black Shadow

    The Iran-linked Black Shadow group breached Israeli hosting provider Cyberserve, then leaked the full database of LGBTQ dating app Atraf — including users' locations and HIV status — after a $1 million ransom went unpaid.

  15. CyberServe data breach (2021)

    In October 2021, the Israeli hosting provider CyberServe was breached and ransomed before having a substantial amount of their customer data leaked publicly by a group known as "Black Shadow". Amongst the data was the LGBTQ dating site Atraf and the Machon Mor medical institute.

  16. JukinMedia data breach (2021)

    In October 2021, the "global leader in user-generated entertainment" Jukin Media suffered a data breach. The breach exposed 13GB of code, configuration and data consisting of 314k unique email addresses along with names, phone numbers, IP addresses and bcrypt password hashes.

    Data breachResolved
  17. Iran nationwide fuel-distribution cyberattack

    A cyberattack attributed to Predatory Sparrow disabled the system behind Iran's subsidized-fuel cards, knocking out payment at all 4,300 of the country's gas stations and hijacking highway billboards to taunt Supreme Leader Khamenei.

  18. Animeify data breach (2021)

    In October 2021, the now defunct Arabic language Anime website Animeify suffered a data breach that was later redistributed as part of a larger corpus of data. The data included 808k unique email addresses along with names, usernames, genders and plain text passwords.

    Data breachResolved
  19. Centara Hotels & Resorts data breach

    The Desorden Group stole roughly 400GB of guest data spanning 2003-2021 from Thai luxury hotel chain Centara, demanding a $900,000 ransom that the company refused to pay.

  20. Argentina RENAPER national ID database breach (2021)

    An attacker used a compromised government VPN account to query Argentina's RENAPER national ID database for all 45 million Argentines. Photos and ID details for the president, soccer star Lionel Messi, and other public figures were posted to Twitter as proof. The data went on sale on a dark-web forum.

  21. Hillel Yaffe Medical Center ransomware attack

    DeepBlueMagic ransomware paralysed Israel's Hillel Yaffe Medical Center, locking every hospital computer system. As a government-owned hospital barred from paying ransom, it ran on paper and alternative systems for weeks, taking roughly two months to fully recover.

  22. RENAPER national ID database breach

    A hacker accessed Argentina's RENAPER national identity registry through a stolen government VPN credential, obtaining ID-card data and photographs on the country's entire population of roughly 45 million citizens.

  23. CoinMarketCap data breach (2021)

    During October 2021, 3.1 million email addresses with accounts on the cryptocurrency market capitalisation website CoinMarketCap were discovered being traded on hacking forums.

    Data breachResolved
  24. Banco Pichincha ransomware attack

    A ransomware intrusion using a Cobalt Strike beacon forced Ecuador's largest private bank, Banco Pichincha, to take ATMs, online banking, and its mobile app offline for several days.

  25. ActMobile data breach (2021)

    In October 2021, security researcher Bob Diachenko discovered an exposed database he attributed to ActMobile, the operators of Dash VPN and FreeVPN. The exposed data included 1.6 million unique email addresses along with IP addresses and password hashes, all of which were subsequently leaked on a…

    Data breachResolved
  26. Twitch source-code and creator-payout leak

    A server misconfiguration exposed Twitch's entire Git repository to an anonymous attacker, who leaked 125 GB of data — the full source code with commit history, internal tools, and three years of creator payout figures — as a torrent on 4chan.

  27. Protemps data breach (2021)

    In October 2021, the Singaporean recruitment website Protemps suffered a data breach that exposed almost 50,000 unique email addresses. The impacted data includes names, email and physical addresses, phone numbers, passport numbers and passwords stored as unsalted MD5 hashes, among troves of other…

  28. Fantasy Football Hub data breach (2021)

    In October 2021, the fantasy premier league (soccer) website Fantasy Football Hub suffered a data breach that exposed 66 thousand unique email addresses. The data included names, usernames, IP addresses, transactions and passwords stored as WordPress MD5 hashes.

  29. Fitmart data breach (2021)

    In October 2021, data from the German fitness supplies store Fitmart was obtained and later redistributed online. The data included 214k unique email addresses accompanied by plain text passwords, allegedly "dehashed" from the original stored version.

  30. Thailand 106-million traveller database exposure

    An unsecured Elasticsearch database left the passport numbers, visa data and arrival-card details of more than 106 million foreign visitors to Thailand openly accessible on the internet.

  31. Epik data breach (2021)

    In September 2021, the domain registrar and web host Epik suffered a significant data breach, allegedly in retaliation for hosting alt-right websites. The breach exposed a huge volume of data not just of Epik customers, but also scraped WHOIS records belonging to individuals and organisations who…

    Data breachResolved
  32. Republican Party of Texas data breach (2021)

    In September 2021, the Republican Party of Texas was hacked by a group claiming to be "Anonymous" in retaliation for the state's controversial abortion ban. The September defacement was followed by a leak of data and documents which included material from the hosting provider Epik.

    Data breachResolved
  33. Dennis Kirk data breach (2021)

    In October 2024, almost 20GB of data containing 1.3M unique email addresses from motorcycle supplies store Dennis Kirk was circulated. Dating back to September 2021, the data also contained purchases from the online store along with customer names, phone numbers and postcodes.

    Data breachResolved
  34. DatPiff data breach (2021)

    In late 2021, email address and plain text password pairs from the rap mixtape website DatPiff appeared for sale on a popular hacking forum. The data allegedly dated back to an earlier breach and in total, contained almost 7.5M email addresses and cracked password pairs.

    Data breachResolved
  35. AT&T data breach (2021)

    A dataset dating to August 2021 — names, addresses, phone numbers, and encrypted SSNs and dates of birth — resurfaced in March 2024 and was leaked for free, with AT&T eventually confirming ~73 million current and former customers were affected.

  36. Imavex data breach (2021)

    In August 2021, the website development company Imavex suffered a data breach that exposed 878 thousand unique email addresses. The data included user records containing names, usernames and password material with some records also containing genders and partial credit card data, including the last…

    Data breachResolved
  37. Public Business Data data breach (2021)

    In approximately August 2021, hundreds of gigabytes of business data collated from public sources was obtained and later published to a popular hacking forum.

    Data breachResolved
  38. Moorfields Eye Hospital Dubai ransomware attack

    The AvosLocker ransomware gang attacked the Dubai branch of NHS-affiliated Moorfields Eye Hospital, exfiltrating roughly 60 GB of patient and staff data including ID cards, insurance claims and internal records, then dumping it online.

  39. Have Fun Teaching data breach (2021)

    In August 2021, the teaching resources website Have Fun Teaching suffered a data breach that leaked 80k WooCommerce transactions which were later posted to a popular hacking forum.

    Data breachResolved
  40. T-Mobile US data breach (Binns)

    A 21-year-old American living in Turkey, John Binns, claimed to have hacked T-Mobile via an exposed GGSN router and exfiltrated personal data on 76.6 million current, former, and prospective customers.

  41. Pakistan FBR data centre breach

    Attackers compromised the data centre of Pakistan's Federal Board of Revenue by exploiting a pirated copy of Microsoft Hyper-V, taking down all tax-authority websites and putting network access for 360 virtual machines up for sale on a Russian dark-web forum.

  42. Misattributed Habib's Data data breach (2021)

    In August 2021, an allegation was made that the Brazilian fast food company "Habib's" had suffered a data breach that was later redistributed as part of a larger corpus of data.

  43. Lazio Region ransomware attack

    A RansomEXX ransomware attack encrypted the datacenter of Italy's Lazio Region, knocking the COVID-19 vaccination booking portal offline for days and triggering a domestic terrorism investigation.

  44. Open Subtitles data breach (2021)

    In August 2021, the subtitling website Open Subtitles suffered a data breach and subsequent ransom demand. The breach exposed almost 7M subscribers' personal data including email and IP addresses, usernames, the country of the user and passwords stored as unsalted MD5 hashes.

    Data breachResolved
  45. AndroidLista data breach (2021)

    In July 2021, the Android applications and games review site AndroidLista suffered a data breach. The incident exposed 6.6M user records containing email addresses, names, usernames and passwords stored as salted SHA-1 hashes, all of which were subsequently posted to a popular hacking forum.

    Data breachResolved
  46. Transnet 'Death Kitty' ransomware (South Africa, 2021)

    A ransomware attack on South Africa's state-owned logistics firm Transnet shut down operations at Durban, Ngqura, Port Elizabeth and Cape Town container terminals, forcing the operator to declare force majeure. Durban — 60% of Southern Africa's containerised trade — reverted to paper-based clearance for cargo for a week.

  47. Saudi Aramco 2021 contractor data extortion

    A threat actor calling itself ZeroX exfiltrated 1 TB of Saudi Aramco data through a third-party contractor and demanded a $50 million ransom, posting samples on a hacking forum behind a 662-hour countdown.

  48. Pegasus spyware surveillance of Hungarian journalists

    Hungary's national security service used NSO Group's Pegasus spyware to covertly hack the phones of investigative journalists, lawyers, and government critics, with more than 300 Hungarian numbers appearing on a leaked target list.

  49. Guntrader data breach (2021)

    In July 2021, the United Kingdom based website Guntrader suffered a data breach that exposed 112k unique email addresses. Extensive personal information was also exposed including names, phone numbers, geolocation data, IP addresses and various physical address attributes (cities for all users,…

  50. CNT Ecuador RansomEXX attack

    The RansomEXX gang hit Ecuador's state-run telecom CNT, disrupting its payment portal and call centers and claiming to have stolen more than 190 GB of corporate and customer data.

  51. Iranian Railways 'MeteorExpress' wiper attack

    A previously unseen wiper named Meteor crippled Iran's national railway network, wiping computers across stations, halting and delaying hundreds of trains, and defacing departure boards with a number for travelers to call: the office of Supreme Leader Khamenei.

  52. Qraved data breach (2021)

    In July 2021, the Indonesian restaurant website Qraved suffered a data breach that was later redistributed as part of a larger corpus of data. The breach exposed almost 1M unique email addresses along with names, phone numbers, dates of birth and passwords stored as MD5 hashes.

    Data breachResolved
  53. Comparis ransomware attack

    Swiss price-comparison portal Comparis was knocked offline by ransomware and faced a roughly $400,000 demand; investigators later found attackers had accessed some internal customer data.

  54. Jam Tangan data breach (2021)

    In July 2021, the online Indonesian watch store, Jam Tangan (AKA Machtwatch), suffered a data breach that exposed over 400k customer records which were subsequently posted to a popular hacking forum.

    Data breachResolved
  55. Coop Sweden Kaseya supply-chain shutdown

    REvil's ransomware attack on Kaseya VSA cascaded through an MSP to Coop Sweden's checkout systems, forcing the supermarket cooperative to close around 800 stores nationwide for days.

  56. Kaseya VSA supply-chain ransomware (REvil)

    REvil affiliates exploited a SQL injection zero-day in Kaseya's VSA remote-management platform to push ransomware to ~60 MSPs and through them to ~1,500 downstream organisations. The largest supply-chain ransomware attack on record.

  57. ECCIE data breach (2021)

    In January 2021, the adult escort forum ECCIE suffered a data breach which was later posted to a popular hacking forum. The data included 536k user records with email and IP addresses, usernames, dates of birth and salted MD5 password hashes.

    Data breachResolved
  58. Short Édition data breach (2021)

    In June 2021, the French publishing house of short literature Short Édition suffered a data breach that exposed 505k records. Impacted data included email and physical addresses, names, usernames, phone numbers, dates of birth, genders and passwords stored as either salted SHA-1 or salted SHA-512…

    Data breachResolved
  59. HeatGames data breach (2021)

    In June 2021, the (now defunct) gaming website HeatGames suffered a data breach that was later redistributed as part of a larger corpus of data. The breach exposed almost 650k unique email addresses along with IP addresses, country and salted MD5 password hashes.

    Data breachResolved
  60. Phoenix data breach (2021)

    In mid-2021, the "vintage messaging reborn" service Phoenix suffered a data breach that exposed 75k unique email addresses. The breach also exposed IP addresses, usernames and passwords.

    Data breachResolved
  61. START data breach (2021)

    In August 2022, news broke of an attack against the Russian streaming service "START". The incident led to the exposure of 44M records containing 7.4M unique email addresses. The impacted data also included the subscriber's country and password hash.

    Data breachResolved
  62. JBS Foods REvil ransomware

    REvil affiliates encrypted the world's largest meat processor, shutting down beef and pork plants across the U.S., Canada, and Australia. JBS paid an $11 million ransom — one of the largest publicly-confirmed ransomware payments at the time.

  63. IndiaMART data breach (2021)

    In August 2021, 38 million records from Indian e-commerce company IndiaMART were found being traded on a popular hacking forum. Dated several months earlier, the data included over 20 million unique email addresses alongside names, phone numbers and physical addresses.

    Data breachResolved
  64. Paragon Cheats data breach (2021)

    In May 2021, the Grand Theft Auto Online cheats website Paragon Cheats suffered a data breach that lead to the shutdown of the service. The breach exposed 188k customer records including usernames, email and IP addresses.

    Data breachResolved
  65. Air India SITA passenger data breach

    A supply-chain compromise of aviation IT provider SITA exposed roughly 4.5 million Air India passengers' names, passport details, ticket data, frequent-flyer numbers, and payment card information collected over nearly a decade of bookings.

  66. CTARS data breach (2021)

    In May 2022, the client management system for the Australian government's NDIS (National Disability Insurance Scheme) suffered a data breach which was subsequently posted to an online hacking forum.

  67. BPJS Kesehatan data leak

    Personal data on an estimated 279 million Indonesians — more than the country's living population — was scraped from the national health-insurance agency BPJS Kesehatan and offered for sale on the RaidForums hacking forum.

  68. Waikato District Health Board ransomware attack

    A Zeppelin ransomware attack crippled New Zealand's Waikato District Health Board, taking down clinical systems and phone lines across five hospitals for weeks, postponing surgeries, and leaking patient and staff data on the dark web.

  69. HSE Ireland ransomware (Conti)

    Conti ransomware paralysed Ireland's Health Service Executive, forcing cancellation of outpatient appointments nationwide for weeks. Conti released the decryptor for free; recovery still cost an estimated €100M+.

  70. HSE Ireland Conti ransomware national healthcare shutdown (2021)

    Conti operators tricked an HSE user into downloading a booby-trapped Excel attachment; the resulting ransomware forced the Health Service Executive to shut down all of Ireland's healthcare IT systems and exfiltrated 700 GB including COVID-19 vaccination PHI. Recovery cost exceeded €100 million.

  71. Colonial Pipeline ransomware (DarkSide)

    A reused VPN password let DarkSide encrypt Colonial Pipeline's billing systems. The operator shut down 5,500 miles of fuel pipeline for six days, paid $4.4M, and triggered a federal emergency.

  72. SirHurt data breach (2021)

    In April 2021, the the Roblox cheats website SirHurt suffered a data breach that exposed over 90k customer records. The exposed data included email and IP addresses, usernames and passwords stored as MD5 hashes.

    Data breachResolved
  73. Atmeltomo data breach (2021)

    In April 2021, "Japan's largest e-mail friend search site" Atmeltomo suffered a data breach that was later sold on a popular hacking forum. The breach exposed 1.3M records with 580k unique email addresses along with usernames, IP addresses and unsalted MD5 password hashes.

    Data breachResolved
  74. OGUsers (2021 breach) data breach (2021)

    In April 2021, the account hijacking and SIM swapping forum OGusers suffered a data breach, the fourth since December 2018. The breach was subsequently sold on a rival hacking forum and contained usernames, email and IP addresses and passwords stored as either salted MD5 or argon2 hashes.

    Data breachResolved
  75. LinkedIn Scraped Data (2021) data breach (2021)

    During the first half of 2021, LinkedIn was targeted by attackers who scraped data from hundreds of millions of public profiles and later sold them online.

    Data breachResolved
  76. Phone House España data breach (2021)

    In April 2021, the Spanish retailer Phone House allegedly suffered a ransomware attack that also exposed significant volumes of customer data. Attributed to the Babuk ransomware, a collection of data alleged to be a subset of a larger corpus was posted to a dark web site and contained 5.2M email…

  77. Phone House Spain ransomware breach

    The Babuk ransomware gang breached Spanish mobile retailer The Phone House and leaked roughly 100 GB of customer data — names, ID numbers, bank details and contact information on up to 3 million people — after the company refused to pay.

  78. Upstox data breach (2021)

    In April 2021, Indian brokerage firm Upstox suffered a data breach. The incident exposed extensive personal information on over 100k customers including names, genders, dates of birth, physical addresses, banking information and passwords stored as bcrypt hashes.

    Data breachResolved
  79. SlideTeam data breach (2021)

    In April 2021, the "world’s largest collection of pre-designed presentation slides" SlideTeam had 1.4M records breached and later published to a popular hacking forum the following year.

    Data breachResolved
  80. Facebook 533M scraped records leak

    Data on 533 million Facebook users from 106 countries — including phone numbers, Facebook IDs, full names, locations, birthdates, and some email addresses — was posted free on a low-level hacking forum. The data had been scraped via a contact-importer flaw Facebook patched in 2019.

  81. MobiKwik data breach

    An 8.2TB trove tied to Indian fintech MobiKwik — reportedly covering up to 99 million users with KYC documents, Aadhaar and card details — was advertised for sale on a dark-web forum, in a breach the company repeatedly denied.

  82. KinoKong data breach (2021)

    In March 2021, the Russian online streaming service KinoKong suffered a data breach that was later redistributed as part of a larger corpus of data. The breach exposed over 800k unique email addresses along with names, usernames, IP addresses and MD5 password hashes.

    Data breachResolved
  83. Domino's India data breach (2021)

    In April 2021, 13TB of compromised Domino's India appeared for sale on a hacking forum after which the company acknowledged a major data breach they dated back to March. The compromised data included 22.5 million unique email addresses, names, phone numbers, order histories and physical addresses.

  84. MangaDex data breach (2021)

    In March 2021, the manga fan site MangaDex suffered a data breach that resulted in the exposure of almost 3 million subscribers. The data included email and IP addresses, usernames and passwords stored as bcrypt hashes. The data was subsequently circulated within hacking groups.

    Data breachResolved
  85. ParkMobile data breach (2021)

    In March 2021, the mobile parking app service ParkMobile suffered a data breach which exposed 21 million customers' personal data. The impacted data included email addresses, names, phone numbers, vehicle licence plates and passwords stored as bcrypt hashes.

    Data breachResolved
  86. Air Europa payment-data breach

    Spanish airline Air Europa exposed contact and full payment-card data — including CVV codes — on roughly 489,000 customers across 1.5 million records, and was fined €600,000 by the AEPD for weak security and a 41-day notification delay.

  87. Carding Mafia (March 2021) data breach (2021)

    In March 2021, the Carding Mafia forum suffered a data breach that exposed almost 300k members' email addresses. Dedicated to the theft and trading of stolen credit cards, the forum breach also exposed usernames, IP addresses and passwords stored as salted MD5 hashes.

    Data breachResolved
  88. Luxottica data breach (2021)

    In March 2021, the world's largest eyewear company Luxoticca suffered a data breach via one of their partners that exposed the personal information of more than 70M people.

  89. IDC Games data breach (2021)

    In March 2021, 4 million records sourced from IDC Games were shared on a public hacking forum. The data included usernames, email addresses and passwords stored as salted MD5 hashes.

    Data breachResolved
  90. Descomplica data breach (2021)

    In March 2021, the Brazilian EdTech company Descomplica suffered a data breach which was subsequently posted to a popular hacking forum. The data included almost 5 million email addresses, names, the first 6 and last 4 digits and the expiry date of credit cards, purchase histories and password…

  91. Liker data breach (2021)

    In March 2021, the self-proclaimed "kinder, smarter social network" Liker suffered a data breach, allegedly in retaliation for the Gab data breach and scraping of data from Parler.

    Data breachResolved
  92. WeLeakInfo data breach (2021)

    In March 2021, the Stripe account of the now-defunct WeLeakInfo service was taken over by "pompompurin" after acquiring an expired domain name with an email address used to manage the account.

    Data breachResolved
  93. Microsoft Exchange ProxyLogon (Hafnium)

    China-linked group Hafnium chained four Exchange Server zero-days (ProxyLogon) to plant web shells and steal email; after Microsoft's emergency patch, mass exploitation by multiple groups compromised an estimated 60,000+ organisations worldwide.

  94. Malaysia Airlines Enrich frequent-flyer data breach

    Malaysia Airlines disclosed a nine-year data security incident at a third-party IT provider running its Enrich loyalty programme, exposing member names, contact details, dates of birth and frequent-flyer data.

  95. Gab data breach (2021)

    In February 2021, the alt-tech social network service Gab suffered a data breach. The incident exposed almost 70GB of data including 4M user accounts, a small number of private chat logs and a list of public groups and public posts made to the service.

    Data breachResolved
  96. SuperVPN & GeckoVPN data breach (2021)

    In February 2021, a series of "free" VPN services were breached including SuperVPN and GeckoVPN, exposing over 20M records. The data appeared together in a single file with a small number of records also included from FlashVPN, suggesting that all three brands may share the same platform.

    Data breachResolved
  97. Ticketcounter data breach and extortion

    A Dutch e-ticketing platform left a database backup exposed on an unsecured Azure server; an attacker downloaded the data on 1.9 million people and demanded 7 bitcoin (~$337,000) not to leak it.

  98. Gemplex data breach (2021)

    In February 2021, the Indian streaming platform Gemplex suffered a data breach that exposed 4.6M user accounts. The impacted data included device information, names, phone numbers, email addresses and bcrypt password hashes.

    Data breachResolved
  99. NurseryCam data breach (2021)

    In February 2021, a series of egregiously bad security flaws were identified in the NurseryCam system designed for parents to remotely monitor their children whilst attending nursery. The flaws led to the exposure of over 10k parent records before the service was shut down.

  100. Yandex mail insider breach

    Yandex disclosed that one of three administrators with privileged access to its email service had been selling unauthorized access to user mailboxes, compromising 4,887 inboxes before the company's internal security team detected the abuse during a routine review.

  101. CD Projekt Red HelloKitty ransomware and source-code theft (2021)

    HelloKitty ransomware encrypted CD Projekt Red devices and exfiltrated source code for Cyberpunk 2077, The Witcher 3, Gwent, and an unreleased version of The Witcher 3. CDPR refused to pay; the data was auctioned and reportedly sold to a private buyer.

  102. Sri Lanka LK Domain Registry hijack (Google.lk)

    Hacktivists hijacked Sri Lanka's national domain registry and redirected around ten high-profile .lk domains — including Google.lk and Oracle.lk — to a political propaganda page, exploiting admin credentials that had been exposed on the dark web since 2012.

  103. CityBee data breach (2021)

    In February 2021, the Lithuanian car-sharing service CityBee announced they'd suffered a data breach that exposed 110k customers' personal information. The breach exposed names, email addresses, government issued IDs and passwords stored as unsalted SHA-1 hashes.

    Data breachResolved
  104. KomplettFritid data breach (2021)

    In January 2023, the online Norwegian store KomplettFritid was reported as having had a data breach dating back to February 2021. The incident exposed 140k customer records including physical, email and IP addresses, names, phone numbers and passwords.

  105. Raychat data breach (2021)

    In January 2021, the now defunct Iranian social media platform Raychat suffered a data breach that exposed 939 thousand unique email addresses. The data included names, IP addresses, browser user agent strings and passwords stored as bcrypt hashes. The data was provided to HIBP by dehashed.com.

    Data breachResolved
  106. Ducks Unlimited data breach (2021)

    In mid-2021, Risk Based Security reported on a database sourced from Ducks Unlimited being traded online. The data dated back to January 2021 and contained 1.3M unique email addresses across both a membership list and a list of website users.

    Data breachResolved
  107. Bookchor data breach (2021)

    In January 2021, the Indian book trading website Bookchor suffered a data breach that exposed half a million customer records. The exposed data included email and IP addresses, names, genders, dates of birth, phone numbers and passwords stored as unsalted MD5 hashes.

    Data breachResolved
  108. Emotet data breach (2021)

    In January 2021, the FBI in partnership with the Dutch NHTCU, German BKA and other international law enforcement agencies brought down the world's most dangerous malware: Emotet.

    Data breachResolved
  109. Unverified Data Source data breach (2021)

    In January 2021, over 11M unique email addresses were discovered by Night Lion Security alongside an extensive amount of personal information including names, physical and IP addresses, phone numbers and dates of birth.

    Data breachResolved
  110. GGD COVID-19 health data sale

    Insiders at the Dutch municipal health service GGD stole personal data — including BSN national ID numbers — from the CoronIT and HPzone COVID-19 systems and sold it on Telegram, Snapchat and Wickr for €30-€60 per person.

  111. Brazil 223-million mega-leak

    The largest personal-data leak in Brazilian history: databases on roughly 223 million people — including names, CPF tax IDs, facial images, salaries and credit scores — surfaced for sale on a dark-web forum, with suspicion pointing at credit-bureau data.

  112. Oxfam data breach (2021)

    In January 2021, Oxfam Australia was the victim of a data breach which exposed 1.8M unique email addresses of supporters of the charity. The data was put up for sale on a popular hacking forum and also included names, phone numbers, addresses, genders and dates of birth.

  113. Daily Quiz data breach (2021)

    In January 2021, the quiz website Daily Quiz suffered a data breach that exposed over 8 million unique email addresses. The data also included usernames, IP addresses and passwords stored in plain text.

    Data breachResolved
  114. Bourse des Vols data breach (2021)

    In January 2021, the French travel company Bourse des Vols suffered a data breach that exposed 1.46M unique email addresses across more than 1.2k .sql files and over 9GB of data.

    Data breachResolved
  115. Date Hot Brunettes data breach (2021)

    In January 2021, the now defunct website Date Hot Brunettes which provided a service to "Date Neglected Women Who Can Keep a Secret", suffered a data breach. The incident exposed 1.5M unique email addresses along with IP addresses, usernames, user-entered bios and MD5 password hashes.

    Data breachResolved
  116. Guns.com data breach (2021)

    In January 2021, the firearms website guns.com suffered a data breach. The breach exposed 376k unique email addresses along with names, phone numbers, physical addresses, gun purchases, partial credit card data, dates of birth and passwords stored as bcrypt hashes.

    Data breachResolved
  117. WedMeGood data breach (2021)

    In January 2021, the Indian wedding planning platform WedMeGood suffered a data breach that exposed 1.3 million customers. The breach exposed 41.5GB of data including email and physical addresses, names, genders, phone numbers and password hashes. The data was provided to HIBP by dehashed.com.

    Data breachResolved
  118. Devil-Torrents.pl data breach (2021)

    In early 2021, the Polish torrents website Devil-Torrents.pl suffered a data breach. A subset of the data including 63k unique email addresses and cracked passwords were subsequently socialised on a popular data breach sharing service.

  119. Ho. Mobile SIM data breach

    The customer database of Ho. Mobile, Vodafone Italy's budget operator, was stolen and offered for sale on the dark web — exposing the personal and SIM data of about 2.5 million Italian subscribers and prompting a mass SIM replacement.

  120. Adecco data breach (2021)

    In March 2021, news broke of a massive data breach impacting millions of Adecco customers in South America which was subsequently sold on a popular hacking forum.

    Data breachResolved
  121. Twitter (200M) data breach (2021)

    In early 2023, over 200M records scraped from Twitter appeared on a popular hacking forum. The data was obtained sometime in 2021 by abusing an API that enabled email addresses to be resolved to Twitter profiles.

  122. Windows93 / Myspace93 data breach (2021)

    In January 2021, the parody site Windows93 suffered a data breach of the Myspace93 sub-site after a beta application was exploited to download server files.

    Data breachResolved

2020

123 incidents
  1. Finnish Parliament espionage hack

    A state-sponsored cyber-espionage operation attributed to China's APT31 breached the internal IT systems of the Finnish Parliament in 2020, compromising email accounts belonging to members of parliament.

  2. Reserve Bank of New Zealand Accellion FTA breach

    Attackers exploited a zero-day in the legacy Accellion File Transfer Appliance to breach New Zealand's central bank, accessing commercially and personally sensitive files; the cleanup cost the Reserve Bank around NZ$3.5 million.

  3. MEO data breach (2020)

    In early 2023, a corpus of data sourced from the New Zealand based face mask company MEO was discovered. Dating back to December 2020, the data contained over 8k customer records including names, addresses, phone numbers and passwords stored as MD5 Wordpress hashes.

    Data breachResolved
  4. University of California data breach (2020)

    In December 2020, the University of California suffered a data breach due to vulnerability in in a third-party provider, Accellion. The breach exposed extensive personal data on both students and staff including 547 thousand unique email addresses, names, dates of birth, genders, social security…

    Data breachResolved
  5. NetGalley data breach (2020)

    In December 2020, the book promotion site NetGalley suffered a data breach. The incident exposed 1.4 million unique email addresses alongside names, usernames, physical and IP addresses, phone numbers, dates of birth and passwords stored as salted SHA-1 hashes.

    Data breachResolved
  6. MMG Fusion data breach (2020)

    In December 2020, the dental practice management service MMG Fusion was the victim of a data breach which exposed 2.6M unique email addresses. The data also included patient appointments, names, phone numbers, dates of birth, genders and physical addresses.

    Data breachResolved
  7. DriveSure data breach (2020)

    In December 2020, the car dealership service provider DriveSure suffered a data breach. The incident resulted in 26GB of data being downloaded and later shared on a hacking forum. Impacted personal information included 3.6 million unique email addresses, names, phone numbers and physical addresses.

    Data breachResolved
  8. Roblox Developer Conference (2023) data breach (2020)

    In July 2023, a list of alleged attendees from the 2017-2020 Roblox Developers Conferences was circulated on a forum. The data contained 4k unique email addresses along with names, usernames, dates of birth, phone numbers, physical and IP addresses and T-shirt sizes

    Data breachResolved
  9. Travel Oklahoma data breach (2020)

    In December 2020, the Oklahoma state Tourism and Recreation Department suffered a data breach. The incident exposed 637k email addresses across a variety of tables including age ranges against brochure orders and dates of birth against contest entries.

    Data breachResolved
  10. People's Energy data breach (2020)

    In December 2020, the UK power company People's Energy suffered a data breach. The breach exposed almost 7GB of files containing 359k unique email addresses along with names, phones numbers, physical addresses and dates of birth.

  11. SolarWinds SUNBURST supply-chain compromise (Cozy Bear)

    Russian SVR operators trojanized SolarWinds Orion build infrastructure, distributing a backdoored update to 18,000 customers including the U.S. Treasury, Commerce, DHS, State, and Energy departments. The defining state cyberespionage operation of the decade.

  12. Capital Economics data breach (2020)

    In December 2020, the economic research company Capital Economics suffered a data breach that exposed 263k customer records. The exposed data included email and physical addresses, names, phone numbers, job titles and the employer of impacted customers.

    Data breachResolved
  13. GamingMonk data breach (2020)

    In December 2020, India's "largest esports community" GamingMonk (since acquired by and redirected to MPL Esports), suffered a data breach. The incident exposed 655k unique email addresses along with names, usernames, phone numbers, dates of birth and bcrypt password hashes.

    Data breachResolved
  14. Shirbit insurance breach by Black Shadow

    The Black Shadow group breached Israeli insurer Shirbit, stealing ID cards, passports, financial and medical documents, and demanded a bitcoin ransom that escalated toward $1 million. When Shirbit refused, the attackers leaked customer data in stages.

  15. Cit0day data breach (2020)

    In November 2020, a collection of more than 23,000 allegedly breached websites known as Cit0day were made available for download on several hacking forums.

  16. Brazil Superior Court (STJ) RansomExx attack

    The RansomExx gang encrypted more than 1,000 servers at Brazil's Superior Tribunal de Justiça, paralysing the country's second-highest court for over a week in the most severe cyberattack ever against a Brazilian public institution.

  17. Wongnai data breach (2020)

    In October 2020, 17 previously undisclosed data breaches appeared for sale including the Thai restaurant, hotel and attraction finding service, Wongnai.

    Data breachResolved
  18. Vastaamo psychotherapy data breach and patient extortion (Finland, 2020)

    Records on approximately 33,000 patients of Finnish psychotherapy provider Vastaamo were stolen in 2018 from an unencrypted database with no root password. After failed company-extortion in October 2020, the attacker sent ransom demands to ~30,000 patients directly. Founder later acquitted; Aleksanteri Kivimäki convicted and sentenced to 6 years 3 months.

  19. Playbook data breach (2020)

    In September 2021, a publicly accessible PostgresSQL database belonging to the Playbook service was identified. Run by VC firm Plug and Play Ventures, the database had been exposed since October 2020 and contained more than 50 thousand unique email addresses along with names, phone numbers, job…

    Data breachResolved
  20. bigbasket data breach (2020)

    In October 2020, the Indian grocery platform bigbasket suffered a data breach that exposed over 20 million customer records. The data was originally sold before being leaked publicly in April the following year and included email, IP and physical addresses, names, phones numbers, dates of birth…

  21. Thingiverse data breach (2020)

    In October 2021, a database backup taken from the 3D model sharing service Thingiverse began extensively circulating within the hacking community. Dating back to October 2020, the 36GB file contained 228 thousand unique email addresses, mostly alongside comments left on 3D models.

    Data breachResolved
  22. Animal Jam data breach (2020)

    In October 2020, the online game for kids Animal Jam suffered a data breach which was subsequently shared through online hacking communities the following month. The data contained 46 million user accounts with over 7 million unique email addresses.

    Data breachResolved
  23. Famm data breach (2020)

    In late 2020, the Japanese family photos website Famm suffered a data breach that subsequently exposed 1.3M customer records, including 535k unique email addresses. Impacted data also included names, dates of birth, genders and passwords stored as SHA-256 hashes.

  24. LimeVPN data breach (2020)

    In October 2020, the VPN provider LimeVPN suffered a data breach that exposed the personal information of tens of thousands of customers. The data included email, IP and physical addresses, names, phone numbers, purchase histories and passwords stored as salted MD5 hashes.

    Data breachResolved
  25. Pixlr data breach (2020)

    In October 2020, the online photo editing application Pixlr suffered a data breach exposing 1.9 million subscribers. Impacted data included names, email addresses, social media profiles, the country signed up from and passwords stored as SHA-512 hashes. The data was provided to HIBP by dehashed.com.

    Data breachResolved
  26. Chowbus data breach (2020)

    In October 2020, the Asian food delivery app Chowbus suffered a data breach which led to over 800,000 records being emailed to customers. The email contained a link to a CSV file with customer data including physical addresses, names, phone numbers and over 444,000 unique email addresses.

    Data breachResolved
  27. Gravatar data scraping (2020)

    In October 2020, a researcher disclosed that Gravatar's profile API could be enumerated without rate limiting. 167 million names, usernames, and email-hash records were scraped, and 114 million of the MD5 hashes were cracked to reveal email addresses.

  28. Software AG Clop ransomware attack

    The Clop ransomware gang breached German enterprise-software giant Software AG, demanded a $23 million ransom, forced internal systems offline, and leaked over a terabyte of stolen company and employee data after negotiations failed.

  29. GeniusU data breach (2020)

    In November 2020, a collection of data breaches were made public including the "Entrepreneur Success Platform", GeniusU. Dating back to the previous month, the data included 1.3M names, email and IP addresses, genders, links to social media profiles and passwords stored as bcrypt hashes.

    Data breachResolved
  30. Nitro data breach (2020)

    In September 2020, the Nitro PDF service suffered a massive data breach which exposed over 70 million unique email addresses. The breach also exposed names, bcrypt password hashes and the titles of converted documents. The data was provided to HIBP by dehashed.com.

  31. Eskimi data breach (2020)

    In late 2020, the AdTech platform Eskimi suffered a data breach that exposed 26M records with 1.2M unique email addresses. The data included usernames, dates of birth, genders and passwords stored as unsalted MD5 hashes.

    Data breachResolved
  32. Magyar Telekom and Hungarian banks DDoS attack

    A multi-wave distributed denial-of-service attack with traffic ten times the normal volume briefly disrupted Hungarian banking and telecom services, in what Magyar Telekom called one of the largest cyberattacks ever seen in Hungary.

  33. RaidForums data breach (2020)

    In May 2023, 478k user records from the now defunct hacking forum known as "RaidForums" was posted to another hacking forum. The data dated back to September 2020 and included email addresses, usernames, dates of birth, IP addresses and passwords stored as Argon2 hashes.

    Data breachResolved
  34. Games Box data breach (2020)

    In September 2020, now defunct website Games Box suffered a data breach that was later redistributed as part of a larger corpus of data. The impacted data included 1.4M email addresses alongside usernames, genders, ages and passwords stored as either a hash or plain text.

    Data breachResolved
  35. Horse Isle data breach (2020)

    In June 2020 then again in September that same year, Horse Isle "The Secrent Land of Horses" suffered a data breach. The incident exposed 28k unique email addresses along with names, usernames, IP addresses, genders, purchases and plain text passwords.

    Data breachResolved
  36. RedDoorz data breach

    A misconfigured cloud database exposed the records of about 5.9 million RedDoorz hotel-booking customers, making it Singapore's largest data breach at the time and drawing a record-context PDPC fine against operator Commeasure.

  37. ShopBack data breach (2020)

    In September 2020, the cashback reward program ShopBack suffered a data breach. The incident exposed over 20 million unique email addresses along with names, phone numbers, country of residence and passwords stored as salted SHA-1 hashes. The data was provided to HIBP by dehashed.com.

    Data breachResolved
  38. Shopper+ data breach (2020)

    In March 2023, "Canada's online shopping mall" Shopper+ disclosed a data breach discovered on a public hacking forum. The breach dated back to September 2020 and included 878k customer records with email and physical addresses, names, phone numbers and in some cases, genders and dates of birth.

  39. K-Electric NetWalker ransomware attack

    NetWalker ransomware crippled the billing and online systems of Karachi's sole electricity supplier and demanded a $3.85 million ransom that would double to $7.7 million; when K-Electric refused, the gang dumped an 8.5 GB archive of stolen data online.

  40. Service NSW data breach

    A phishing campaign compromised 47 Service NSW staff email accounts, exposing 738 GB of data and roughly 3.8 million documents; about 104,000 customers had personal information including driver's licences and birth certificates stolen.

  41. BancoEstado REvil ransomware attack

    REvil (Sodinokibi) ransomware encrypted roughly 14,000 workstations at BancoEstado, one of Chile's largest banks, forcing it to close all branches nationwide for a day while ATMs, online banking, and customer funds were kept unaffected by network segmentation.

  42. RedDoorz data breach (2020)

    In September 2020, the hotel management & booking platform RedDoorz suffered a data breach that exposed over 5.8M user accounts. The breached data included names, email addresses, phone numbers, genders, dates of birth and passwords stored as bcrypt hashes.

    Data breachResolved
  43. Storting (Norwegian Parliament) email breach

    Russia-linked APT28 (Fancy Bear) brute-forced and accessed email accounts of Norwegian members of parliament and staff in August 2020, exfiltrating data in an operation Norway publicly attributed to the GRU.

  44. Hopamedia data breach (2020)

    In 2024, data relating to an unknown service referred to as "Hopamedia" and dating back to 2020 appeared in a publicly exposed database. The data included almost 24M records of email address, name, phone number, the country of the individual and their telecommunications carrier.

    Data breachResolved
  45. Livpure data breach (2020)

    In August 2020, the Indian retailer Livpure suffered a data breach which exposed over 1 million customer purchases with 270 thousand unique email addresses. The data also included names, phone numbers, physical addresses and details of purchased items.

    Data breachResolved
  46. Dirección Nacional de Migraciones Netwalker ransomware attack

    Netwalker ransomware encrypted the systems of Argentina's national immigration agency, halting all border crossings for about four hours and prompting a $4 million ransom demand that the government refused to pay.

  47. Gunnebo security blueprints leak

    Attackers breached Swedish physical-security firm Gunnebo, stole 19 GB of data, and after the company refused to pay, leaked bank-vault floor plans, alarm schematics, and security arrangements for high-value clients including a Swedish parliament building.

  48. NZX stock exchange DDoS attacks

    A sustained volumetric DDoS campaign knocked New Zealand's stock exchange offline for parts of five consecutive trading days, halting trading because the exchange could not publish market announcements, and drawing a sharp regulatory rebuke.

  49. Experian (South Africa) data breach (2020)

    In August 2020, Experian South Africa suffered a data breach which exposed the personal information of tens of millions of individuals. Only 1.3M of the records contained email addresses, whilst most contained government issued identity numbers, names, addresses, occupations and employers, amongst…

    Data breachResolved
  50. Experian South Africa data breach (South Africa, 2020)

    A fraudster posing as a legitimate Experian client obtained the personal data of 24 million South Africans and 793,749 businesses in what became one of the largest data breaches in South African history.

  51. Unico Campania data breach (2020)

    In August 2020, the Neapolitan public transport website Unico Campania was hacked and the data extensively circulated. The breach contained 166k user records with email addresses and plain text passwords.

  52. Bonobos data breach (2020)

    In August 2020, the clothing store Bonobos suffered a data breach that exposed almost 70GB of data containing 2.8 million unique email addresses. The breach also exposed names, physical and IP addresses, phone numbers, order histories and passwords stored as salted SHA-512 hashes, including…

    Data breachResolved
  53. Jefit data breach (2020)

    In August 2020, the workout tracking app Jefit suffered a data breach. The data was subsequently sold within the hacking community and included over 9 million email and IP addresses, usernames and passwords stored as either vBulletin or argon2 hashes.

    Data breachResolved
  54. ShockGore data breach (2020)

    In August 2020, the website for sharing graphic videos and images of gore and animal cruelty suffered a data breach. The breach exposed 74k unique email addresses alongside usernames, IP addresses, genders and unsalted SHA-1 password hashes.

    Data breachResolved
  55. Lazada RedMart data breach (2020)

    In October 2020, news broke of Lazada RedMart data breach containing records as recent as July 2020 and being sold via an online marketplace. In all, the data contained 1.1 million customer email addresses alongside names, phone numbers, physical addresses, partial credit card numbers and passwords…

  56. Garmin WastedLocker ransomware (Evil Corp)

    Evil Corp deployed the WastedLocker ransomware against Garmin, taking flyGarmin aviation services, Garmin Connect, and inReach satellite messaging offline for five days. Garmin paid an estimated $10M ransom despite OFAC sanctions on Evil Corp.

  57. Utah Gun Exchange data breach (2020)

    In July 2020, the Utah Gun Exchange website suffered a data breach which included several other associated websites. In total, 235k unique email addresses were exposed before being traded online alongside names, usernames, genders, IP addresses and password hashes.

    Data breachResolved
  58. Twitter Bitcoin scam and admin-tool compromise

    Attackers used phone spear-phishing against Twitter employees to reach an internal admin 'agent' tool, hijacked 130 high-profile accounts including Obama, Musk, Bezos, and Apple, and posted a Bitcoin-doubling scam that netted roughly $118,000.

  59. WiziShop data breach (2020)

    In July 2020, the French e-commerce platform WiziShop suffered a data breach. The breach exposed 18GB worth of data including names, phone numbers, dates of birth, physical and IP addresses, SHA-1 password hashes and almost 3 million unique email addresses.

  60. StreamCraft data breach (2020)

    In July 2020, the Russian Minecraft service StreamCraft suffered a data breach that was later redistributed as part of a larger corpus of data. The data included 1.8M records of usernames, email and IP addresses and passwords stored as either MD5 or bcrypt hashes.

    Data breachResolved
  61. Drizly data breach (2020)

    In approximately July 2020, the US-based online alcohol delivery service Drizly suffered a data breach. The data was sold online before being extensively redistributed and contained 2.5 million unique email addresses alongside names, physical and IP addresses, phone numbers, dates of birth and…

    Data breachResolved
  62. OrderSnapp data breach (2020)

    In June 2020, the restaurant solutions provider OrderSnapp suffered a data breach which exposed 1.3M unique email addresses. Impacted data also included names, phone numbers, dates of birth and passwords stored as bcrypt hashes. The data was provided to HIBP by dehashed.com.

    Data breachResolved
  63. Wattpad data breach (2020)

    In mid-2020, the user-generated stories platform Wattpad suffered a breach exposing roughly 268.8 million records, including names, email addresses, dates of birth, and bcrypt-hashed passwords. The database was first sold privately, then leaked for free on a hacking forum.

  64. Dave data breach (2020)

    In June 2020, the digital banking app Dave suffered a data breach which exposed 7.5 million rows of data and subsequently appeared for public download on a hacking forum.

    Data breachResolved
  65. ProctorU data breach (2020)

    In June 2020, the online exam service ProctorU suffered a data breach which was subsequently shared extensively across online hacking communities. The breach contained 444k user records including names, email and physical addresses, phones numbers and passwords stored as bcrypt hashes.

    Data breachResolved
  66. Havenly data breach (2020)

    In June 2020, the interior design website Havenly suffered a data breach which impacted almost 1.4 million members of the service. The exposed data included email addresses, names, phone numbers, geographic locations and passwords stored as SHA-1 hashes, all of which was subsequently shared…

    Data breachResolved
  67. Ledger data breach (2020)

    In June 2020, the hardware crypto wallet manufacturer Ledger suffered a data breach that exposed over 1 million email addresses. The data was initially sold before being dumped publicly in December 2020 and included names, physical addresses and phone numbers.

    Data breachResolved
  68. Kreditplus data breach (2020)

    In June 2020, the Indonesian credit service Kreditplus suffered a data breach which exposed 896k records containing 769k unique email addresses. The breach exposed extensive personal information including names, family makeup, information on spouses, income and expenses, religions and employment…

    Data breachResolved
  69. Swvl data breach (2020)

    In June 2020, the Egyptian bus operator Swvl suffered a data breach which impacted over 4 million members of the service. The exposed data included names, email addresses, phone numbers, profile photos, partial credit card data (type and last 4 digits) and passwords stored as bcrypt hashes, all of…

    Data breachResolved
  70. Appen data breach (2020)

    In June 2020, the AI training data company Appen suffered a data breach exposing the details of almost 5.9 million users which were subsequently sold online. Included in the breach were names, email addresses and passwords stored as bcrypt hashes.

    Data breachResolved
  71. Promo data breach (2020)

    In July 2020, the self-proclaimed "World's #1 Marketing Video Maker" Promo suffered a data breach which was then shared extensively on a hacking forum. The incident exposed 22 million records containing almost 15 million unique email addresses alongside IP addresses, genders, names and salted…

    Data breachResolved
  72. Scentbird data breach (2020)

    In June 2020, the online fragrance service Scentbird suffered a data breach that exposed the personal information of over 5.8 million customers. Personal information including names, email addresses, genders, dates of birth, passwords stored as bcrypt hashes and indicators of password strength were…

    Data breachResolved
  73. Vakinha data breach (2020)

    In June 2020, the Brazilian fund raising service Vakinha suffered a data breach which impacted almost 4.8 million members. The exposed data included email addresses, names, phone numbers, geographic locations and passwords stored as bcrypt hashes, all of which was subsequently shared extensively…

  74. yotepresto.com data breach (2020)

    In June 2020, the Mexican lending platform yotepresto.com suffered a data breach. Over 1.4 million customers were impacted by the breach which disclosed email and IP addresses, usernames and passwords stored as bcrypt hashes. The data was provided to HIBP by dehashed.com.

    Data breachResolved
  75. Not Acxiom data breach (2020)

    In 2020, a corpus of data containing almost a quarter of a billion records spanning over 400 different fields was misattributed to database marketing company Acxiom and subsequently circulated within the hacking community.

    Data breachResolved
  76. SitePoint data breach (2020)

    In June 2020, the web development site SitePoint suffered a data breach that exposed over 1M customer records. Impacted data included email and IP addresses, names, usernames, bios and passwords stored as bcrypt hashes.

    Data breachResolved
  77. Dunzo data breach (2020)

    In approximately June 2019, the Indian delivery service Dunzo suffered a data breach. Exposing 3.5 million unique email addresses, the Dunzo breach also included names, phone numbers and IP addresses which were all broadly distributed online via a hacking forum.

  78. LiveAuctioneers data breach (2020)

    In June 2020, the online antiques marketplace LiveAuctioneers suffered a data breach which was subsequently sold online then extensively redistributed in the hacking community.

    Data breachResolved
  79. Acuity data breach (2020)

    In mid-2020, a 437GB corpus of data attributed to an entity named "Acuity" was created and later extensively distributed. However, the source could not be confidently verified as any known companies named Acuity.

    Data breachResolved
  80. Mashable data breach (2020)

    In approximately mid-2020, Mashable suffered a data breach that subsequently turned up publicly in November 2020. The data included 1.4 million unique email addresses along with names, genders, expired auth tokens, physical locations, links to social media profiles and days and months of birth.

    Data breachResolved
  81. Preen.Me data breach (2020)

    In May 2020, social media marketing company Preen.Me was the target of a ransom attack that resulted in hundreds of thousands of records being publicly posted. Over 236k unique email addresses were exposed in the attack alongside names, usernames and links to social media profiles.

    Data breachResolved
  82. Nulled.ch data breach (2020)

    In May 2020, the hacking forum Nulled.ch was breached and the data published to a rival hacking forum. Over 43k records were compromised and included IP and email addresses, usernames and passwords stored as salted MD5 hashes alongside the private message history of the website's admin.

  83. Zacks data breach (2020)

    In December 2022, the investment research company Zacks announced a data breach. The following month, reports emerged of the incident impacting 820k customers. However, in June 2023, a corpus of data with almost 9M Zacks customers appeared before being broadly circulated on a popular hacking forum.

    Data breachResolved
  84. Minted data breach (2020)

    In May 2020, the online marketplace for independent artists Minted suffered a data breach that exposed 4.4M unique customer records subsequently sold on a dark web marketplace. Exposed data also included names, physical addresses, phone numbers and passwords stored as bcrypt hashes.

    Data breachResolved
  85. Stalker Online data breach (2020)

    In May 2020, over 1.3M records from the MMO game Stalker Online were breached. The data included email and IP addresses, usernames and hashed passwords.

    Data breachResolved
  86. Tokopedia data breach (2020)

    In April 2020, Indonesia's largest online store Tokopedia was breached and roughly 91 million user records — names, emails, hashed passwords, and dates of birth — were put up for sale on dark-web forums.

  87. Aptoide data breach (2020)

    In April 2020, the independent Android app store Aptoide suffered a data breach. The incident resulted in the exposure of 20M customer records which were subsequently shared online via a popular hacking forum.

    Data breachResolved
  88. Vianet data breach (2020)

    In April 2020, the Nepalese internet service provider Vianet suffered a data breach. The attack on the ISP led to the exposure of 177k customer records including 94k unique email addresses. Also exposed were names, phone numbers and physical addresses.

    Data breachResolved
  89. HomeRefill data breach (2020)

    In April 2020, now defunct Brazilian e-commerce platform HomeRefill suffered a data breach that was later redistributed as part of a larger corpus of data. The data included 187k unique email addresses along with names, phone numbers, dates of birth and salted password hashes.

  90. OGUsers (2020 breach) data breach (2020)

    In April 2020, the account hijacking and SIM swapping forum OGUsers suffered their second data breach in less than a year. As with the previous breach, the exposed data included email and IP addresses, usernames, private messages and passwords stored as salted MD5 hashes.

    Data breachResolved
  91. Teespring data breach (2020)

    In April 2020, the custom printed apparel website Teespring suffered a data breach that exposed 8.2 million customer records. The data included email addresses, names, geographic locations and social media IDs.

  92. Zoom credential-stuffing and zoombombing wave

    As pandemic lockdowns drove Zoom usage to record highs, over 500,000 Zoom account credentials harvested via credential stuffing were sold or given away on the dark web, while open meetings were hijacked in a wave of disruptive 'zoombombing' incidents.

  93. 집꾸미기 data breach (2020)

    In March 2020, the Korean interior decoration website ???? (Decorating the House) suffered a data breach which impacted almost 1.3 million members. Served via the URL ggumim.co.kr, the exposed data included email addresses, names, usernames and phone numbers, all of which was subsequently shared…

  94. Glofox data breach (2020)

    In March 2020, the Irish gym management software company Glofox suffered a data breach which exposed 2.3M membership records. The data included email addresses, names, phone numbers, genders, dates of birth and passwords stored as unsalted MD5 hashes.

    Data breachResolved
  95. Chatbooks data breach (2020)

    In March 2020, the photo print service Chatbooks suffered a data breach which was subsequently put up for sale on a dark web marketplace. The breach contained 15 million user records with 2.5 million unique email addresses alongside names, phone numbers, social media profiles and salted SHA-512…

    Data breachResolved
  96. James data breach (2020)

    In June 2020, 14 previously undisclosed data breaches appeared for sale including the Brazilian delivery service, "James". The breach occurred in March 2020 and exposed 1.5M unique email addresses, customer locations expressed in longitude and latitude and passwords stored as bcrypt hashes.

  97. 123RF data breach (2020)

    In March 2020, the stock photo site 123RF suffered a data breach which impacted over 8 million subscribers and was subsequently sold online. The breach included email, IP and physical addresses, names, phone numbers and passwords stored as MD5 hashes. The data was provided to HIBP by dehashed.com.

    Data breachResolved
  98. Sina Weibo data leak

    Personal data on 538 million Sina Weibo accounts — including the phone numbers of 172 million users — was offered for sale on the dark web for about $250, in a leak Weibo attributed to address-book matching abuse dating back to 2018. China's industry ministry summoned the company over its handling of personal data.

  99. Brno University Hospital ransomware attack

    A ransomware attack forced Brno University Hospital — one of Czechia's largest hospitals and a major COVID-19 testing centre — to shut down its entire IT network, cancel surgeries, and divert acute patients at the height of the early pandemic.

  100. Lead Hunter data breach (2020)

    In March 2020, a massive trove of personal information referred to as "Lead Hunter" was provided to HIBP after being found left exposed on a publicly facing Elasticsearch server.

    Data breachResolved
  101. Catho data breach (2020)

    In approximately March 2020, the Brazilian recruitment website Catho was compromised and subsequently appeared alongside 20 other breached websites listed for sale on a dark web marketplace. The breach included almost 11 million records with 1.2 million unique email addresses.

  102. Tamodo data breach (2020)

    In February 2020, the affiliate marketing network Tamodo suffered a data breach which was subsequently shared on a popular hacking forum. The incident exposed almost 500k accounts including names, email addresses, dates of birth and passwords stored as bcrypt hashes.

    Data breachResolved
  103. AnimeGame data breach (2020)

    In February 2020, the gaming website AnimeGame suffered a data breach. The incident affected 1.4M subscribers and exposed email addresses, usernames and passwords stored as salted MD5 hashes. The data was subsequently shared on a popular hacking forum and was provided to HIBP by dehashed.com.

    Data breachResolved
  104. TrueFire data breach (2020)

    In February 2020, the guitar tuition website TrueFire suffered a data breach which impacted 600k members. The breach exposed extensive personal information including names, email and physical addresses, account balances and unsalted MD5 password hashes. The data was provided to HIBP by dehashed.com.

    Data breachResolved
  105. Covve data breach (2020)

    In February 2020, a massive trove of personal information referred to as "db8151dd" was provided to HIBP after being found left exposed on a publicly facing Elasticsearch server.

    Data breachResolved
  106. Slickwraps data breach (2020)

    In February 2020, the online store for consumer electronics wraps Slickwraps suffered a data breach. The incident resulted in the exposure of 858k unique email addresses across customer records and newsletter subscribers.

    Data breachResolved
  107. INA Group ransomware attack

    Clop ransomware encrypted backend servers at INA Group, Croatia's largest oil company and petrol-station chain, knocking out invoicing, loyalty cards, e-vignettes, mobile vouchers and utility-bill payments while fuel sales continued.

  108. Straffic data breach (2020)

    In February 2020, Israeli marketing company Straffic exposed a database with 140GB of personal data. The publicly accessible Elasticsearch database contained over 300M rows with 49M unique email addresses. Exposed data also included names, phone numbers, physical addresses and genders.

    Data breachResolved
  109. Home Chef data breach (2020)

    In early 2020, the food delivery service Home Chef suffered a data breach which was subsequently sold online. The breach exposed the personal information of almost 9 million customers including names, IP addresses, post codes, the last 4 digits of credit card numbers and passwords stored as bcrypt…

    Data breachResolved
  110. Bhinneka data breach (2020)

    In early 2020, the Indonesian consumer electronics website Bhinneka suffered a data breach that exposed almost 1.3M customer records. The data included email and physical addresses, names, genders, dates of birth, phone numbers and salted password hashes.

    Data breachResolved
  111. Wishbone (2020) data breach (2020)

    In January 2020, the mobile app to "compare anything" Wishbone suffered another data breach which followed their breach from 2016. An extensive amount of personal information including almost 10M unique email addresses alongside names, phone numbers geographic locations and other personal…

    Data breachResolved
  112. MeetMindful data breach (2020)

    In early 2020, the online dating service MeetMindful suffered a data breach that exposed 1.4 million unique customer email addresses. Included in the data was an extensive array of personal information used to find romantic matches including physical attributes, use of alcohol, drugs and…

    Data breachResolved
  113. Ulmon data breach (2020)

    In January 2020, the travel app creator Ulmon suffered a data breach. The service had almost 1.3M records with 777k unique email addresses, names, passwords stored as bcrypt hashes and in some cases, social media profile IDs, telephone numbers and bios.

    Data breachResolved
  114. Mathway data breach (2020)

    In January 2020, the math solving website Mathway suffered a data breach that exposed over 25M records. The data was subsequently sold on a dark web marketplace and included names, Google and Facebook IDs, email addresses and salted password hashes.

    Data breachResolved
  115. Picanol Group ransomware production halt (Belgium, 2020)

    A ransomware attack paralysed weaving-machine manufacturer Picanol's plants in Ieper (Belgium), Romania, and China, halting production for ~2,300 employees for over a week. Trading in Picanol shares was suspended during the disruption.

  116. Zoosk (2020) data breach (2020)

    In January 2020, the online dating service Zoosk suffered a data breach which was subsequently shared extensively across online hacking communities. The breach contained 24 million unique email addresses alongside extensive personal information including genders, sexualities, dates of birth,…

    Data breachResolved
  117. MobiFriends data breach (2020)

    In January 2020, the Barcelona-based dating app MobiFriends suffered a data breach that exposed 3.5 million unique email addresses. The data also included usernames, genders, dates of birth and MD5 password hashes.

    Data breachResolved
  118. Austrian Foreign Ministry state-sponsored cyberattack

    A sophisticated, weeks-long intrusion hit Austria's Foreign Ministry over the 2020 New Year, attributed by Austrian media to the Russia-linked Turla APT. The ministry, which runs around 100 diplomatic missions, fought a prolonged espionage operation before declaring its systems cleaned.

  119. HTC Mania data breach (2020)

    In January 2020, the Spanish mobile phone forum HTC Mania suffered a data breach of the vBulletin based site. The incident exposed 1.5M member email addresses, usernames, IP addresses, dates of birth and salted MD5 password hashes and password histories.

    Data breachResolved
  120. Pampling data breach (2020)

    In January 2020, the online clothing retailer Pampling suffered a data breach that exposed 383k unique customer email addresses. The data was later shared on a popular hacking forum and also included names, usernames and unsalted MD5 password hashes.

    Data breachResolved
  121. Virgin Mobile Polska data breach

    An unauthorised party exploited a flaw in Virgin Mobile Polska's prepaid-registration application to access the personal data of over 114,000 subscribers, including PESEL identity numbers and ID-card details. Poland's data-protection authority fined the operator nearly PLN 2 million for inadequate security testing.

  122. Filmai.in data breach (2020)

    In approximately 2019 or 2020, the Lithuanian movie streaming service Filmai.in suffered a data breach exposing 645k email addresses, usernames and plain text passwords.

  123. Nameless Malware data breach (2020)

    In January 2021, NordLocker provided HIBP 1.1 million email addresses collected by nameless malware. The malware campaign ran between 2018 and 2020 and infected 3.25 million computers, stealing files, credentials and taking screenshots and photos using the computer's webcam.

    Data breachResolved

2019

95 incidents
  1. Travelex Sodinokibi ransomware and collapse (2019–2020)

    REvil/Sodinokibi operators detonated against Travelex on New Year's Eve 2019 after dwelling in the network for six months via an unpatched Pulse Secure VPN. Travelex paid $2.3 million; parent Finablr failed; PwC put Travelex into administration with the loss of over 1,300 jobs.

  2. Sonicbids data breach (2019)

    In December 2019, the booking website Sonicbids suffered a data breach which they attributed to "a data privacy event involving our third-party cloud hosting services". The breach contained 752k user records including names and usernames, email addresses and passwords stored as PBKDF2 hashes.

    Data breachResolved
  3. BtoBet data breach (2019)

    In December 2019, a large collection of data from Nigerian gambling company Surebet247 was sent to HIBP. Alongside the Surebet247, database backups from gambling sites BetAlfa, BetWay, BongoBongo and TopBet was also included.

    Data breachResolved
  4. Maastricht University Clop ransomware (Netherlands, 2019)

    TA505 used Clop ransomware to encrypt 267 Maastricht University servers over Christmas 2019 after two phishing emails on 15–16 October had compromised the network. The university paid 30 BTC (~$220,000). The ransom Bitcoin — later seized from a money mule — was returned and had appreciated, leaving the university ahead by ~$300,000.

  5. Avvo data breach (2019)

    In approximately December 2019, an alleged data breach of the lawyer directory service Avvo was published to an online hacking forum and used in an extortion scam (it's possible the exposure dates back earlier than that).

    Data breachResolved
  6. GameSprite data breach (2019)

    In December 2019, the now defunct gaming platform GameSprite suffered a data breach that exposed over 6M unique email addresses. The impacted data also included usernames, IP addresses and salted MD5 password hashes.

    Data breachResolved
  7. Go Ninja data breach (2019)

    In December 2019, the now defunct German gaming website Go Ninja suffered a data breach that exposed 5M unique email addresses. The impacted data included usernames, email and IP addresses and salted MD5 password hashes.

  8. LifeLabs data breach

    Canada's largest medical-testing laboratory disclosed that attackers had accessed health data on roughly 15 million customers, paid an undisclosed ransom to retrieve the stolen records, and was later found by privacy regulators to have failed to safeguard the information.

  9. SoarGames data breach (2019)

    In December 2019, the now defunct gaming website SoarGames suffered a data breach that exposed 4.8M unique email addresses. The impacted data included usernames, email and IP addresses and salted MD5 password hashes.

    Data breachResolved
  10. JoyGames data breach (2019)

    In December 2019, the forum for the JoyGames website suffered a data breach that exposed 4.5M unique email addresses. The impacted data also included usernames, IP addresses and salted MD5 password hashes.

    Data breachResolved
  11. Unigame data breach (2019)

    In December 2019, the now defunct gaming website Unigame (maker of Hunter Online) suffered a data breach that was later redistributed as part of a larger corpus of data. The data included 844k email addresses and salted MD5 password hashes.

    Data breachResolved
  12. Benešov Hospital Ryuk ransomware attack

    An Emotet–TrickBot–Ryuk malware chain crippled the Rudolf and Stefanie Hospital in Benešov, Czech Republic, knocking out X-ray, ultrasound, and laboratory systems and paralysing the facility for weeks. The hospital did not pay the ransom and reported no patient-record loss.

  13. TaiLieu data breach (2019)

    In November 2019, the Vietnamese education website TaiLieu allegedly suffered a data breach exposing 7.3M customer records. Impacted data included names and usernames, email addresses, dates of birth, genders and passwords stored as unsalted MD5 hashes.

  14. Pemex DoppelPaymer ransomware (Mexico, 2019)

    DoppelPaymer ransomware paralysed corporate IT systems at Mexican state oil company Pemex, freezing payments and communications for weeks. Attackers demanded 565 BTC (~$5M). Pemex refused to pay; total recovery cost reached approximately $71 million.

  15. Benchmark data breach (2019)

    In November 2019, the Serbian technology news website Benchmark suffered a breach of its forum that exposed 93k customer records. The breach exposed IP and email addresses, usernames and passwords stored as salted MD5 hashes.

    Data breachResolved
  16. IndiHome data breach (2019)

    In mid-2021, reports emerged of a data breach of Indonesia's telecommunications company, IndiHome. Over 26M rows of data alleged to have been sourced from the company was posted to a popular hacking forum and contained 12.6M unique email addresses alongside names, IP addresses, genders and…

  17. Universarium data breach (2019)

    In approximately November 2019, the Russian "Remote preparatory faculty for IT specialties" Universarium suffered a data breach. The incident exposed 565k email addresses and passwords in plain text. Universarium did not respond to multiple attempts to make contact over a period of many weeks.

    Data breachResolved
  18. Indian Railways data breach (2019)

    In November 2019, the website for Indian Rail left more than 2M records exposed on an unprotected Firebase database instance. The exposed data included 583k unique email addresses alongside usernames and passwords stored in plain text.

  19. Data Enrichment Exposure From PDL Customer data breach (2019)

    In October 2019, security researchers Vinny Troia and Bob Diachenko identified an unprotected Elasticsearch server holding 1.2 billion records of personal data.

    Data breachResolved
  20. Hookers.nl data breach (2019)

    In October 2019, the Dutch prostitution forum Hookers.nl suffered a data breach which exposed the personal information of sex workers and their customers.

  21. StarTribune data breach (2019)

    In October 2019, the Minnesota-based news service StarTribune suffered a data breach which was subsequently sold on the dark web. The breach exposed over 2 million unique email addresses alongside names, usernames, physical addresses, dates of birth, genders and passwords stored as bcrypt hashes.

    Data breachResolved
  22. The Halloween Spot data breach (2019)

    In September 2019, the Halloween costume store The Halloween Spot suffered a data breach. Originally misattributed to fancy dress store Smiffys, the breach contained 13GB of data with over 10k unique email addresses alongside names, physical and IP addresses, phone numbers and order histories.

    Data breachResolved
  23. Zooville data breach (2019)

    In September 2019, the zoophilia and bestiality forum Zooville suffered a data breach. The usernames and email addresses of 71k members were accessed via an unpatched vulnerability in the vBulletin forum software then subsequently distributed online.

    Data breachResolved
  24. AgusiQ-Torrents.pl data breach (2019)

    In September 2019, Polish torrent site AgusiQ-Torrents.pl suffered a data breach. The incident exposed 90k member records including email and IP addresses, usernames and passwords stored as MD5 hashes.

  25. Novaestrat Ecuador data leak

    An unsecured Elasticsearch server run by Ecuadorian consultancy Novaestrat exposed 20.8 million records covering nearly the entire population of Ecuador, including 6.7 million children, financial records, and vehicle data.

  26. KiwiFarms data breach (2019)

    In September 2019, the forum for discussing "lolcows" (people who can be milked for laughs) Kiwi Farms suffered a data breach. The disclosure notice advised that email and IP addresses, dates of birth and content created by members were all exposed in the incident.

    Data breachResolved
  27. Demant ransomware attack

    A ransomware-style cyber incident forced Danish hearing-aid giant Demant to shut down IT systems worldwide, crippling production and order processing and causing an estimated loss of up to $95 million — one of the costliest single ransomware events on record.

  28. EpicBot data breach (2019)

    In September 2019, the RuneScape bot provider EpicBot suffered a data breach that impacted 817k subscribers. Data from the breach was subsequently shared on a popular hacking forum and included usernames, email and IP addresses and passwords stored as either salted MD5 or bcrypt hashes.

    Data breachResolved
  29. Zynga data breach (2019)

    In September 2019, the hacker Gnosticplayers breached game developer Zynga, accessing data for nearly 173 million Words With Friends and Draw Something players. Exposed data included emails, usernames, phone numbers, and salted SHA-1 password hashes.

  30. AlpineReplay data breach (2019)

    In 2019, the snow sports tracking app AlpineReplay suffered a data breach that exposed 900k unique email addresses. Later rolled into the Trace service, the breach included names, usernames, genders, dates of birth, weights and passwords stored as either unsalted MD5 or bcrypt hashes.

    Data breachResolved
  31. ToonDoo data breach (2019)

    In August 2019, the comic strip creation website ToonDoo suffered a data breach. The data was subsequently redistributed on a popular hacking forum in November where the personal information of over 6M subscribers was shared.

    Data breachResolved
  32. Mastercard Priceless Specials data breach (2019)

    In August 2019, the German Mastercard bonus program "Priceless Specials" suffered a data breach. Personal data on almost 90k program members was subsequently extensively circulated online and included names, email and IP addresses, phone numbers and partial credit card data.

  33. Audi data breach (2019)

    In August 2019, Audi USA suffered a data breach after a vendor left data unsecured and exposed on the internet. The data contained 2.7M unique email addresses along with names, phone numbers, physical addresses and vehicle information including VIN.

    Data breachResolved
  34. europa.jobs data breach (2019)

    In August 2019, the now defunct European jobs website europa.jobs (Google cache link) suffered a data breach. The incident exposed 226k unique email addresses alongside extensive personal information including names, dates of birth, job applications and passwords.

    Data breachResolved
  35. Promofarma data breach (2019)

    In August 2019, a data breach from the Spanish online pharmacy Promofarma appeared for sale on a dark web marketplace. The breach exposed over 2.7M records and contained almost 1.3M unique customer email addresses. The data also included customer names and was provided to HIBP by dehashed.com.

    Data breachResolved
  36. Capital One cloud misconfiguration breach

    Former AWS engineer Paige Thompson exploited a misconfigured Web Application Firewall to extract personal data on roughly 106 million Capital One credit-card applicants and customers from S3.

  37. Club Penguin Rewritten (July 2019) data breach (2019)

    In July 2019, the children's gaming site Club Penguin Rewritten (CPRewritten) suffered a data breach (note: CPRewritten is an independent recreation of Disney's Club Penguin game).

    Data breachResolved
  38. StockX data breach (2019)

    In July 2019, the fashion and sneaker trading platform StockX suffered a data breach which was subsequently sold via a dark webmarketplace. The exposed data included 6.8 million unique email addresses, names, physical addresses, purchases and passwords stored as salted MD5 hashes.

    Data breachResolved
  39. MGM Resorts data breach (2019)

    In July 2019, MGM Resorts discovered a data breach of one of their cloud services. The breach included 10.6M guest records with 3.1M unique email addresses stemming back to 2017.

    Data breachResolved
  40. MGM Resorts (2022 Update) data breach (2019)

    In July 2019, MGM Resorts discovered a data breach of one of their cloud services. The breach included 10.6M guest records with 3.1M unique email addresses stemming back to 2017.

    Data breachResolved
  41. Cracked.to data breach (2019)

    In July 2019, the hacking website Cracked.to suffered a data breach. There were 749k unique email addresses spread across 321k forum users and other tables in the database.

    Data breachResolved
  42. Flash Flash Revolution (2019 breach) data breach (2019)

    In July 2019, the music-based rhythm game Flash Flash Revolution suffered a data breach. The 2019 breach imapcted almost 1.9 million members and is in addition to the 2016 data breach of the same service.

    Data breachResolved
  43. Bulgarian National Revenue Agency data breach (2019)

    In July 2019, a massive data breach of the Bulgarian National Revenue Agency began circulating with data on 5 million people. Allegedly obtained in June, the data was broadly shared online and included taxation information alongside names, phone numbers, physical addresses and 471 thousand unique…

    Data breachResolved
  44. Bulgarian National Revenue Agency breach

    A single SQL injection against a rarely-used VAT service let an attacker exfiltrate tax, income, health and pension records on more than 6 million people — almost the entire adult population of Bulgaria.

  45. BlackSpigotMC data breach (2019)

    In July 2019, the hacking website BlackSpigotMC suffered a data breach. The XenForo forum based site was allegedly compromised by a rival hacking website and resulted in 8.5GB of data being leaked including the database and website itself.

    Data breachResolved
  46. Vedantu data breach (2019)

    In mid-2019, the Indian interactive online tutoring platform Vedantu suffered a data breach which exposed the personal data of 687k users. The JSON formatted database dump exposed extensive personal information including email and IP address, names, phone numbers, genders and passwords stored as…

    Data breachResolved
  47. Planet Calypso data breach (2019)

    In approximately July 2019, the forums for the Planet Calypso game suffered a data breach. The breach of the vBulletin based forum exposed email and IP addresses, usernames and passwords stored as salted MD5 hashes.

    Data breachResolved
  48. Quidd data breach (2019)

    In 2019, online marketplace for trading stickers, cards, toys, and other collectibles Quidd suffered a data breach. The breach exposed almost 4 million users' email addresses, usernames and passwords stored as bcrypt hashes.

    Data breachResolved
  49. XKCD data breach (2019)

    In July 2019, the forum for webcomic XKCD suffered a data breach that impacted 562k subscribers. The breached phpBB forum leaked usernames, email and IP addresses and passwords stored in MD5 phpBB3 format. The data was provided to HIBP by white hat security researcher and data analyst Adam Davies.

    Data breachResolved
  50. Desjardins insider data breach

    An insider at Desjardins — the largest financial cooperative in Canada — exfiltrated personal data on 9.7 million members and businesses over two years before being caught. The defining Canadian insider-threat case.

  51. Artvalue data breach (2019)

    In June 2019, the France-based art valuation website Artvalue.com left their 158k member subscriber base publicly exposed in a text file on their website. The exposed data included names, usernames, email addresses and passwords stored as MD5 hashes.

    Data breachResolved
  52. Social Engineered data breach (2019)

    In June 2019, the "Art of Human Hacking" site Social Engineered suffered a data breach. The breach of the MyBB forum was published on a rival hacking forum and included 89k unique email addresses spread across 55k forum users and other tables in the database.

    Data breachResolved
  53. Void.to data breach (2019)

    In June 2019, the hacking website Void.to suffered a data breach. There were 95k unique email addresses spread across 86k forum users and other tables in the database.

    Data breachResolved
  54. Wiener Büchereien data breach (2019)

    In June 2019, the library of Vienna (Wiener Büchereien) suffered a data breach. The compromised data included 224k unique email addresses, names, physical addresses, phone numbers and dates of birth. The breached data was subsequently posted to Twitter by the alleged perpetrator of the breach.

    Data breachResolved
  55. Australian National University data breach

    A sophisticated, likely state-sponsored actor breached the Australian National University's administrative systems in late 2018, exfiltrating up to 19 years of staff and student records in an intrusion praised by ANU's own report for its extraordinary operational security.

  56. GateHub data breach (2019)

    In October 2019, 1.4M accounts from the cryptocurrency wallet service GateHub were posted to a popular hacking forum. GateHub had previously acknowledged a data breach in June, albeit with a smaller number of impacted accounts.

    Data breachResolved
  57. Condo.com data breach (2019)

    In June 2019, now defunct website Condo.com suffered a data breach that was later redistributed as part of a larger corpus of data. The impacted data included 1.5M email addresses alongside names, phone numbers and for a small number of records, physical addresses.

    Data breachResolved
  58. Canva data breach (2019)

    The serial hacker GnosticPlayers breached Australian design platform Canva in May 2019, stealing data on roughly 137 million users including emails, names, locations and bcrypt-hashed passwords.

  59. First American Financial document exposure

    An insecure direct object reference (IDOR) flaw on First American Financial's website exposed roughly 885 million title-insurance and mortgage documents — including Social Security numbers, bank account details, and driver's-license images — dating back to 2003, accessible to anyone without authentication.

  60. Minehut data breach (2019)

    In May 2019, the Minecraft server website Minehut suffered a data breach. The company advised a database backup had been obtained after which they subsequently notified all impacted users. 397k email addresses from the incident were provided to HIBP.

    Data breachResolved
  61. Ordine Avvocati di Roma data breach (2019)

    In May 2019, the Lawyers Order of Rome suffered a data breach by a group claiming to be Anonymous Italy. Data on tens of thousands of Roman lawyers was taken from the breached system and redistributed online.

  62. EatStreet data breach (2019)

    In May 2019, the online food ordering service EatStreet suffered a data breach affecting 6.4 million customers. An extensive amount of personal data was obtained including names, phone numbers, addresses, partial credit card data and passwords stored as bcrypt hashes.

    Data breachResolved
  63. Read Novel data breach (2019)

    In May 2019, the Chinese literature website Read Novel allegedly suffered a data breach that exposed 22M unique email addresses. Data also included usernames, genders, phone numbers and passwords stored as salted MD5 hashes. Read more about Chinese data breaches in Have I Been Pwned.

    Data breachResolved
  64. Aimware data breach (2019)

    In mid-2019, the video game cheats website "Aimware" suffered a data breach that exposed hundreds of thousands of subscribers' personal information. Data included email and IP addresses, usernames, forum posts, private messages, website activity and passwords stored as salted MD5 hashes.

    Data breachResolved
  65. Deezer data breach (2019)

    A 2019 snapshot of Deezer user data, retained by a former third-party partner in violation of its contract, was leaked in November 2022 and exposed roughly 229 million records — including names, emails, dates of birth, and locations. No passwords or payment data were affected.

  66. ApexSMS data breach (2019)

    In May 2019, news broke of a massive SMS spam operation known as "ApexSMS" which was discovered after a MongoDB instance of the same name was found exposed without a password.

    Data breachResolved
  67. Instant Checkmate data breach (2019)

    In 2019, the public records search service Instant Checkmate suffered a data breach that later came to light in early 2023. The data included almost 12M unique customer email addresses, names, phone numbers and passwords stored as scrypt hashes.

    Data breachResolved
  68. Truth Finder data breach (2019)

    In 2019, the public records search service TruthFinder suffered a data breach that later came to light in early 2023. The data included over 8M unique customer email addresses, names, phone numbers and passwords stored as scrypt hashes.

    Data breachResolved
  69. Storenvy data breach (2019)

    In mid-2019, the e-commerce website Storenvy suffered a data breach that exposed millions of customer records. A portion of the breached records were subsequently posted to a hacking forum with cracked password hashes, whilst the entire corpus of 23M rows was put up for sale.

    Data breachResolved
  70. Lumin PDF data breach (2019)

    In April 2019, the PDF management service Lumin PDF suffered a data breach. The breach wasn't publicly disclosed until September when 15.5M records of user data appeared for download on a popular hacking forum.

    Data breachResolved
  71. Vastaamo data breach (2019)

    In October 2020, the Finnish psychotherapy service Vastaamo was the subject of a ransomware attack targeting first the company itself, followed by their patients directly.

  72. Hakko Corporation data breach (2019)

    In March 2019, the Japanese solder-related business Hakko Corporation suffered a data breach. The incident exposed almost 10k customer records including email and physical addresses, phone numbers, names, usernames, genders, dates of birth and plain text passwords.

    Data breachResolved
  73. Everybody Edits data breach (2019)

    In March 2019, the multiplayer platform game Everybody Edits suffered a data breach. The incident exposed 871k unique email addresses alongside usernames and IP addresses. The data was subsequently distributed online across a collection of files.

    Data breachResolved
  74. Utair data breach (2019)

    In August 2020, news broke of a data breach of Russian airline Utair that dated back to the previous year. The breach contained over 400k unique email addresses along with extensive personal information including names, physical addresses, dates of birth, passport numbers and loyalty program…

  75. Norsk Hydro LockerGoga ransomware

    Aluminium producer Norsk Hydro lost most of its global IT estate to the LockerGoga ransomware. Hydro publicly refused to pay, ran operations on paper for weeks, and set the editorial standard for transparent incident communication.

  76. Mindjolt data breach (2019)

    In March 2019, the online gaming website MindJolt suffered a data breach that exposed 28M unique email addresses. Also impacted were names and dates of birth, but no passwords.

    Data breachResolved
  77. Hurb data breach (2019)

    In approximately March 2019, the online Brazilian travel agency Hurb (formerly Hotel Urbano) suffered a data breach. The data subsequently appeared online for download the following year and included over 20 million customer records with email and IP addresses, names, dates of birth, phone numbers…

    Data breachResolved
  78. Intelimost data breach (2019)

    In March 2019, a spam operation known as "Intelimost" sent millions of emails appearing to come from people the recipients knew. Security researcher Bob Diachenko found over 3 million unique email addresses in an exposed Elasticsearch database, alongside plain text passwords used to access the…

    Data breachResolved
  79. MalindoAir data breach (2019)

    In early 2019, the Malaysian airline Malindo Air suffered a data breach that exposed tens of millions of customer records. Containing 4.3M unique email addresses, the breach also exposed extensive personal information including names, dates of birth, genders, physical addresses, phone numbers and…

    Data breachResolved
  80. Estante Virtual data breach (2019)

    In February 2019, the Brazilian book store Estante Virtual suffered a data breach that impacted 5.4M customers. The exposed data included names, usernames, email and physical addresses, phone numbers, dates of birth and unsalted SHA-1 password hashes.

  81. Lifebear data breach (2019)

    In early 2019, the Japanese schedule app Lifebear appeared for sale on a dark web marketplace amongst a raft of other hacked websites. The breach exposed almost 3.7M unique email addresses, usernames and passwords stored as salted MD5 hashes.

    Data breachResolved
  82. Verifications.io data breach (2019)

    In February 2019, the email address validation service verifications.io suffered a data breach. Discovered by Bob Diachenko and Vinny Troia, the breach was due to the data being stored in a MongoDB instance left publicly facing without a password and resulted in 763 million unique email addresses…

    Data breachResolved
  83. GameSalad data breach (2019)

    In February 2019, the education and game creation website Game Salad suffered a data breach. The incident impacted 1.5M accounts and exposed email addresses, usernames, IP addresses and passwords stored as SHA-256 hashes.

    Data breachResolved
  84. CafePress data breach (2019)

    In February 2019, the custom merchandise retailer CafePress suffered a data breach. The exposed data included 23 million unique email addresses with some records also containing names, physical addresses, phone numbers and passwords stored as SHA-1 hashes.

    Data breachResolved
  85. Demon Forums data breach (2019)

    In February 2019, the hacking forum Demon Forums suffered a data breach. The compromise of the vBulletin forum exposed 52k unique email addresses alongside usernames and passwords stored as salted MD5 hashes.

    Data breachResolved
  86. YouNow data breach (2019)

    In February 2019, data from the live broadcasting service YouNow appeared for sale on a dark web marketplace. Whilst it's not clear what date the actual breach occurred on, the impacted data included 18M unique email addresses, IP addresses, names, usernames and links to social media profiles.

    Data breachResolved
  87. LBB data breach (2019)

    In August 2022, customer data of the Indian shopping site "LBB" (Little Black Book) was posted to a popular hacking forum. The data contained over 3M records with 39k unique email addresses alongside IP and physical addresses, names and device information with the most recent data dating back to…

  88. devkitPro data breach (2019)

    In February 2019, the devkitPro forum suffered a data breach. The phpBB based forum had 1,508 unique email addresses exposed in the breach alongside forum posts, private messages and passwords stored as weak salted hashes. The data breach was self-submitted to HIBP by the forum operator.

    Data breachResolved
  89. Youthmanual data breach (2019)

    In January 2019, the Indonesian college and career platform Youthmanual suffered a data breach that exposed 1.1M records of data. The breached included 938k unique email addresses along with extensive personal information including names, genders, dates and places of birth, phone numbers, physical…

    Data breachResolved
  90. Singapore HIV registry leak

    Confidential records of 14,200 HIV-positive people from Singapore's national HIV registry were stolen and leaked online by a foreigner who obtained them through his partner, a Ministry of Health doctor with privileged access.

  91. Peatix data breach (2019)

    In January 2019, the event organising platform Peatix suffered a data breach. The incident exposed 4.2M email addresses, names and salted password hashes. The data was provided to HIBP by dehashed.com.

    Data breachResolved
  92. Collection #1 credential dump

    A 87GB aggregated credential dump posted to the MEGA cloud service exposed 772.9 million unique email addresses and 21.2 million unique passwords, assembled from thousands of prior breaches to fuel credential-stuffing attacks at industrial scale.

  93. ixigo data breach (2019)

    In January 2019, the travel and hotel booking site ixigo suffered a data breach. The data appeared for sale on a dark web marketplace the following month and included over 17M unique email addresses alongside names, genders, phone numbers, connections to Facebook profiles and passwords stored as…

    Data breachResolved
  94. Armor Games data breach (2019)

    In January 2019, the game portal website Armor Games suffered a data breach. A total of 10.6 million email addresses were impacted by the breach which also exposed usernames, IP addresses, birthdays of administrator accounts and passwords stored as salted SHA-1 hashes.

    Data breachResolved
  95. Royal Enfield data breach (2019)

    In January 2020, motorcycle maker Royal Enfield left a database publicly exposed that resulted in the inadvertent publication of over 400k customers. The impacted data included email and physical addresses, names, motorcycle information, social media profiles, passwords, and other personal…

    Data breachResolved

2018

94 incidents
  1. IIMJobs data breach (2018)

    In December 2018, the Indian job portal IIMJobs suffered a data breach that exposed 4.1 million unique email addresses. The data also included names, phone numbers, geographic locations, dates of birth, job titles, job applications and cover letters plus passwords stored as unsalted MD5 hashes.

    Data breachResolved
  2. BannerBit data breach (2018)

    In approximately December 2018, the online ad platform BannerBit suffered a data breach. Containing 213k unique email addresses and plain text passwords, the data was provided to HIBP by a third party. Multiple attempts were made to contact BannerBit, but no response was received.

    Data breachResolved
  3. BlankMediaGames data breach (2018)

    In December 2018, the Town of Salem website produced by BlankMediaGames suffered a data breach. Reported to HIBP by DeHashed, the data contained 7.6M unique user email addresses alongside usernames, IP addresses, purchase histories and passwords stored as phpass hashes.

    Data breachResolved
  4. OGUsers (2019 breach) data breach (2018)

    In May 2019, the account hijacking and SIM swapping forum OGusers suffered a data breach. The breach exposed a database backup from December 2018 which was published on a rival hacking forum. There were 161k unique email addresses spread across 113k forum users and other tables in the database.

    Data breachResolved
  5. Roll20 data breach (2018)

    In December 2018, the tabletop role-playing games website Roll20 suffered a data breach. Almost 4 million customers were impacted by the breach and had email and IP addresses, names, bcrypt hashes of passwords and the last 4 digits of credit cards exposed.

    Data breachResolved
  6. Ajarn data breach (2018)

    In September 2021, the Thai-based English language teaching website Ajarn discovered they'd been the victim of a data breach dating back to December 2018. The breach was self-submitted to HIBP and included 266k email addresses, names, genders, phone numbers and other personal information.

    Data breachResolved
  7. Wanelo data breach (2018)

    In approximately December 2018, the digital mall Wanelo suffered a data breach. The data was later placed up for sale on a dark web marketplace along with a collection of other data breaches in April 2019.

    Data breachResolved
  8. Mappery data breach (2018)

    In December 2018, the mapping website Mappery suffered a data breach that exposed over 205k unique email addresses. The incident also exposed usernames, the geographic location of the user and passwords stored as unsalted SHA-1 hashes.

    Data breachResolved
  9. Bombuj.eu data breach (2018)

    In December 2018, the Slovak website for watching movies online for free Bombuj.eu suffered a data breach. The incident exposed over 575k unique email addresses and passwords stored as unsalted MD5 hashes. No response was received from Bombuj.eu when contacted about the incident.

    Data breachResolved
  10. Quora data breach

    The question-and-answer platform Quora disclosed that an unauthorized third party had accessed the data of approximately 100 million users, including names, email addresses, salted-and-hashed passwords, and imported contact and demographic data.

  11. Dubsmash data breach (2018)

    The video-messaging app Dubsmash was breached in December 2018, exposing roughly 162 million accounts with email addresses, usernames and PBKDF2 password hashes that later surfaced for sale on the Dream Market dark-web bazaar via the broker GnosticPlayers.

  12. Fotolog data breach (2018)

    In December 2018, the photo sharing social network Fotolog suffered a data breach that exposed 16.7 million unique email addresses. The data also included usernames and unsalted SHA-256 password hashes.

    Data breachResolved
  13. Marriott / Starwood guest data breach

    Chinese state-attributed operators sat undetected on Starwood's guest reservation database from 2014, surviving Marriott's 2016 acquisition. Disclosed 2018: 500 million guest records exposed, including 5.25 million unencrypted passport numbers.

  14. Technic data breach (2018)

    In November 2018, the Minecraft modpack platform known as Technic suffered a data breach. Technic promptly disclosed the breach and advised that the impacted data included over 265k unique users' email and IP addresses, chat logs, private messages and passwords stored as bcrypt hashes with a work…

    Data breachResolved
  15. Morele.net data breach

    Attackers stole the customer database of the Polish e-commerce group Morele.net, exposing data on about 2.2 million customers and launching an SMS-phishing campaign that demanded a fake PLN 1 'top-up' via a counterfeit payment gateway. Poland's UODO issued its then-largest GDPR fine of EUR 660,000.

  16. Data & Leads data breach (2018)

    In November 2018, security researcher Bob Diachenko identified an unprotected database believed to be hosted by a data aggregator. Upon further investigation, the data was linked to marketing company Data & Leads.

    Data breachResolved
  17. Adapt data breach (2018)

    In November 2018, security researcher Bob Diachenko identified an unprotected database hosted by data aggregator "Adapt". A provider of "Fresh Quality Contacts", the service exposed over 9.3M unique records of individuals and employer information including their names, employers, job titles,…

    Data breachResolved
  18. WPSandbox data breach (2018)

    In November 2018, the WordPress sandboxing service that allows people to create temporary websites WP Sandbox discovered their service was being used to host a phishing site attempting to collect Microsoft OneDrive accounts.

    Data breachResolved
  19. Società Italiana degli Autori ed Editori data breach (2018)

    In November 2018, the Società Italiana degli Autori ed Editori (Italian Society of Authors and Publishers, or SIAE) was hacked, defaced and almost 4GB of data leaked publicly via Twitter. The data included over 14k registered users' names, email addresses and passwords.

  20. Elasticsearch Instance of Sales Leads on AWS data breach (2018)

    In October 2018, security researcher Bob Diachenko identified multiple exposed databases with hundreds of millions of records. One of those datasets was an Elasticsearch instance on AWS containing sales lead data and 5.8M unique email addresses.

    Data breachResolved
  21. BankIslami / Pakistan banking card breach

    Fraudulent withdrawals at BankIslami triggered Pakistan's largest banking-sector breach, with details of more than 19,000 payment cards from 22 banks dumped for sale on the Joker's Stash carding forum and cashed out via ATMs and POS terminals abroad.

  22. Cathay Pacific passenger data breach

    A multi-year intrusion into Cathay Pacific's IT systems exposed the personal data of 9.4 million passengers worldwide, including passport and ID numbers, earning the airline the UK ICO's maximum £500,000 pre-GDPR fine.

  23. GoldSilver data breach (2018)

    In October 2018, the bullion education and dealer services site GoldSilver suffered a data breach that exposed 243k unique email addresses spanning customers and mailing list subscribers.

    Data breachResolved
  24. Eatigo data breach (2018)

    In October 2018, the restaurant reservation service Eatigo suffered a data breach that exposed 2.8 million accounts. The data included email addresses, names, phone numbers, social media profiles, genders and passwords stored as unsalted MD5 hashes.

    Data breachResolved
  25. Pluto TV data breach (2018)

    In October 2018, the internet television service Pluto TV suffered a data breach which was then shared extensively in hacking communities. Pluto TV "decided not to proactively inform users of the breach" which contained 3.2M unique email and IP addresses, names, usernames, genders, dates of birth…

    Data breachResolved
  26. Wife Lovers data breach (2018)

    In October 2018, the site dedicated to posting naked photos and other erotica of wives Wife Lovers suffered a data breach. The underlying database supported a total of 8 different adult websites and contained over 1.2M unique email addresses.

    Data breachResolved
  27. You've Been Scraped data breach (2018)

    In October and November 2018, security researcher Bob Diachenko identified several unprotected MongoDB instances believed to be hosted by a data aggregator.

    Data breachResolved
  28. VimeWorld data breach (2018)

    In October 2018, the Russian Minecraft service VimeWorld suffered a data breach that was later redistributed as part of a larger corpus of data. The data included 3.1M records of usernames, email and IP addresses and passwords stored as either MD5 or bcrypt hashes.

    Data breachResolved
  29. SaverSpy data breach (2018)

    In September 2018, security researcher Bob Diachenko discovered a massive collection of personal details exposed in an unprotected Mongo DB instance. The data appears to have been used in marketing campaigns (possibly for spam purposes) but had little identifying data about it other than a…

    Data breachResolved
  30. Kayo.moe Credential Stuffing List data breach (2018)

    In September 2018, a collection of almost 42 million email address and plain text password pairs was uploaded to the anonymous file sharing service kayo.moe.

    Data breachResolved
  31. British Airways Magecart card-skimming

    Magecart operators injected card-skimming JavaScript into British Airways' payment page, stealing card details on 380,000 transactions over 15 days. UK ICO initially proposed a £183.4M GDPR fine — later reduced to £20M after Covid-impact mitigation arguments.

  32. Color Dating data breach (2018)

    In September 2018, the dating app to match people with different ethnicities Color Dating suffered a data breach that was later redistributed as part of a larger corpus of data. The breach exposed 220k unique email addresses along with bios, names, profile photos and bcrypt password hashes.

    Data breachResolved
  33. Knuddels data breach (2018)

    In September 2018, the German social media website Knuddels suffered a data breach. The incident exposed 808k unique email addresses alongside usernames, real names, the city of the person and their password in plain text. Knuddels was subsequently fined €20k for the breach.

  34. Multiplayer.it data breach (2018)

    In April 2024, over half a million records taken from the Italian gaming website Multiplayer.it were posted to a popular hacking forum. The impacted data included email addresses, usernames and salted MD5 password hashes.

  35. Atlas Quantum data breach (2018)

    In August 2018, the cryptocurrency investment platform Atlas Quantum suffered a data breach. The breach leaked the personal data of 261k investors on the platform including their names, phone numbers, email addresses and account balances.

    Data breachResolved
  36. HTH Studios data breach (2018)

    In August 2018, the adult furry interactive game creator HTH Studios suffered a data breach impacting multiple repositories of customer data. Several months later, the data surfaced on a popular hacking forum and included 411k unique email addresses along with physical and IP addresses, names,…

    Data breachResolved
  37. SpyFone data breach (2018)

    In August 2018, the spyware company SpyFone left terabytes of data publicly exposed. Collected surreptitiously whilst the targets were using their devices, the data included photos, audio recordings, text messages and browsing history which were then exposed via a number of misconfigurations within…

    Data breachResolved
  38. HauteLook data breach (2018)

    In mid-2018, the fashion shopping site HauteLook was among a raft of sites that were breached and their data then sold in early-2019. The data included over 28 million unique email addresses alongside names, genders, dates of birth and passwords stored as bcrypt hashes.

  39. Rbx.Rocks data breach (2018)

    In August 2018, the Roblox trading site Rbx.Rocks suffered a data breach. Almost 25k records were sent to HIBP in November and included names, email addresses and passwords stored as bcrypt hashes. In July 2019, a further 125k records emerged bringing the total size of the incident to 150k.

    Data breachResolved
  40. TSMC WannaCry production-line shutdown

    A WannaCry ransomware variant spread through unpatched Windows 7 fabrication tools at TSMC, the world's largest contract chipmaker, halting production at plants in Hsinchu, Taichung, and Tainan and causing an estimated $170 million in losses.

  41. Lanwar data breach (2018)

    In July 2018, staff of the Lanwar gaming site discovered a data breach they believe dates back to sometime over the previous several months. The data contained 45k names, email addresses, usernames and plain text passwords.

    Data breachResolved
  42. Apollo data exposure (2018)

    Sales-engagement startup Apollo left a database of 9 billion data points and over 200 million contact records exposed without a password in 2018; a subset of 126 million unique email addresses was loaded into Have I Been Pwned after researcher Vinny Troia found it.

  43. SingHealth data breach

    Chinese state-attributed actors exfiltrated personal and outpatient medication records on 1.5 million SingHealth patients — including Prime Minister Lee Hsien Loong — in Singapore's most serious cyber incident.

  44. Animoto data breach (2018)

    In July 2018, the cloud-based video making service Animoto suffered a data breach. The breach exposed 22 million unique email addresses alongside names, dates of birth, country of origin and salted password hashes.

  45. Fashion Nexus data breach (2018)

    In July 2018, UK-based ecommerce company Fashion Nexus suffered a data breach which exposed 1.4 million records. Multiple websites developed by sister company White Room Solutions were impacted in the breach amongst which were sites including Jaded London and AX Paris.

  46. ShareThis data breach (2018)

    In July 2018, the social bookmarking and sharing service ShareThis suffered a data breach. The incident exposed 41 million unique email addresses alongside names and in some cases, dates of birth and password hashes.

  47. Bookmate data breach (2018)

    In mid-2018, the social ebook subscription service Bookmate was among a raft of sites that were breached and their data then sold in early-2019. The data included almost 4 million unique email addresses alongside names, genders, dates of birth and passwords stored as salted SHA-512 hashes.

    Data breachResolved
  48. 500px data breach (2018)

    In mid-2018, the online photography community 500px suffered a data breach. The incident exposed almost 15 million unique email addresses alongside names, usernames, genders, dates of birth and either an MD5 or bcrypt password hash.

    Data breachResolved
  49. Stronghold Kingdoms data breach (2018)

    In July 2018, the massive multiplayer online game Stronghold Kingdoms suffered a data breach. Almost 5.2 million accounts were impacted by the incident which exposed emails addresses, usernames and passwords stored as salted SHA-1 hashes.

    Data breachResolved
  50. 8fit data breach (2018)

    In July 2018, the health and fitness service 8fit suffered a data breach. The data subsequently appeared for sale on a dark web marketplace in February 2019 and included over 15M unique email addresses alongside names, genders, IP addresses and passwords stored as bcrypt hashes.

    Data breachResolved
  51. Zoomcar data breach (2018)

    In July 2018, the Indian self-drive car rental company Zoomcar suffered a data breach which was subsequently sold on a dark web marketplace in 2020. The breach exposed over 3.5M records including names, email and IP addresses, phone numbers and passwords stored as bcrypt hashes.

    Data breachResolved
  52. Exactis data exposure

    Data-marketing firm Exactis left a database of nearly 340 million detailed records on individuals and businesses exposed on a publicly accessible server with no firewall. Each record held up to 400 fields of personal profiling data, from contact details to children's ages, religion, and habits.

  53. Light's Hope data breach (2018)

    In June 2018, the World of Warcraft service Light's Hope suffered a data breach which they subsequently self-submitted to HIBP. Over 30K unique users were impacted and their exposed data included email addresses, dates of birth, private messages and passwords stored as bcrypt hashes.

    Data breachResolved
  54. Mortal Online data breach (2018)

    In June 2018, the massively multiplayer online role-playing game (MMORPG) Mortal Online suffered a data breach. A file containing 570k email addresses and cracked passwords was subsequently distributed online.

    Data breachResolved
  55. Trik Spam Botnet data breach (2018)

    In June 2018, the command and control server of a malicious botnet known as the "Trik Spam Botnet" was misconfigured such that it exposed the email addresses of more than 43 million people.

    Data breachResolved
  56. Estonian Citizens (via Estonian Cybercrime Bureau) data breach (2018)

    In June 2018, the Cybercrime Bureau of the Estonian Central Criminal Police contacted HIBP and asked for assistance in making a data set of 655k email addresses searchable.

    Data breachResolved
  57. Romwe data breach (2018)

    In mid-2018, the Hong Kong-based retailer Romwe suffered a data breach which exposed almost 20 million customers. The data was subsequently sold online and includes names, phone numbers, email and IP addresses, customer geographic locations and passwords stored as salted SHA-1 hashes.

    Data breachResolved
  58. SHEIN data breach (2018)

    In June 2018, fast-fashion retailer SHEIN suffered a breach of its payment systems exposing about 39 million account credentials. In 2022, New York fined parent company Zoetop $1.9 million for understating the breach and failing to notify most victims.

  59. Ticketfly data breach (2018)

    In May 2018, the website for the ticket distribution service Ticketfly was defaced by an attacker and was subsequently taken offline. The attacker allegedly requested a ransom to share details of the vulnerability with Ticketfly but did not receive a reply and subsequently posted the breached data…

  60. Adult-FanFiction.Org data breach (2018)

    In May 2018, the website for sharing adult-orientated works of fiction known as Adult-FanFiction.Org had 186k records exposed in a data breach. The data contained names, email addresses, dates of birth and passwords stored as both MD5 hashes and plain text.

    Data breachResolved
  61. Houzz data breach (2018)

    In mid-2018, the home-design platform Houzz had a file containing user data obtained by an unauthorized third party. The company learned of it in late 2018 and disclosed it in early 2019. Roughly 49 million accounts were exposed, including emails, usernames, salted password hashes and IP-derived locations.

  62. Poshmark data breach (2018)

    In May 2018, the social-commerce marketplace Poshmark was breached and roughly 36 million user accounts were exposed, including email addresses, names, usernames, genders, locations and bcrypt-hashed passwords. The company confirmed the incident in August 2019.

  63. Lolzteam data breach (2018)

    In May 2018, the Russian hacking forum Lolzteam suffered a data breach that exposed 400k members. The impacted data included usernames and email addresses which were later redistributed via another hacking forum.

    Data breachResolved
  64. ViewFines data breach (2018)

    In May 2018, the South African website for viewing traffic fines online known as ViewFines suffered a data breach. Over 934k records containing 778k unique email addresses were exposed and included names, phone numbers, government issued IDs and passwords stored in plain text.

  65. Creative data breach (2018)

    In May 2018, the forum for Singaporean hardware company Creative Technology suffered a data breach which resulted in the disclosure of 483k unique email addresses. Running on an old version of vBulletin, the breach also disclosed usernames, IP addresses and salted MD5 password hashes.

    Data breachResolved
  66. Linux Forums data breach (2018)

    In May 2018, the Linux Forums website suffered a data breach which resulted in the disclosure of 276k unique email addresses. Running on an old version of vBulletin, the breach also disclosed usernames, IP addresses and salted MD5 password hashes.

    Data breachResolved
  67. VNG Zing ID 163-million account breach

    A 2015 breach of Vietnamese tech giant VNG's Zing platform exposed roughly 163 million Zing ID accounts, with usernames, passwords, emails and phone numbers later found trading on RaidForums.

  68. Chegg data breach (2018)

    The education-technology company Chegg disclosed a 2018 breach affecting about 40 million users, exposing emails, names and unsalted MD5 password hashes; the FTC later cited four breaches and ordered Chegg to overhaul its security.

  69. Funny Games data breach (2018)

    In April 2018, the online entertainment site Funny Games suffered a data breach that disclosed 764k records including usernames, email and IP addresses and salted MD5 password hashes.

    Data breachResolved
  70. Careem ride-hailing data breach

    Attackers accessed the systems of Dubai-based ride-hailing app Careem and stole the names, emails, phone numbers and trip histories of around 14 million riders and 558,000 drivers across the Middle East, North Africa and South Asia.

  71. Banxico SPEI interbank heist (Mexico, 2018)

    Attackers exploited third-party software connecting Mexican banks to SPEI, the central bank's interbank payment system, injecting phantom transfers and draining roughly 300-400 million pesos (~$15-20 million) via cash withdrawals by money mules.

  72. Pemiblanc data breach (2018)

    In April 2018, a credential stuffing list containing 111 million email addresses and passwords known as Pemiblanc was discovered on a French server. The list contained email addresses and passwords collated from different data breaches and used to mount account takeover attacks against other…

    Data breachResolved
  73. AerServ data breach (2018)

    In April 2018, the ad management platform known as AerServ suffered a data breach. Acquired by InMobi earlier in the year, the AerServ breach impacted over 66k unique email addresses and also included contact information and passwords stored as salted SHA-512 hashes.

    Data breachResolved
  74. Artsy data breach (2018)

    In April 2018, the online arts database Artsy suffered a data breach which consequently appeared for sale on a dark web marketplace. Over 1M accounts were impacted and included IP and email addresses, names and passwords stored as salted SHA-512 hashes.

    Data breachResolved
  75. Emuparadise data breach (2018)

    In April 2018, the self-proclaimed "biggest retro gaming website on earth", Emuparadise, suffered a data breach. The compromised vBulletin forum exposed 1.1 million email addresses, IP address, usernames and passwords stored as salted MD5 hashes. The data was provided to HIBP by dehashed.com.

    Data breachResolved
  76. Wendy's data breach (2018)

    In March 2018, Wendy's in the Philippines suffered a data breach which impacted over 52k customers and job applicants. The breach exposed extensive personal information including names, email and IP addresses, physical addresses, phone numbers and passwords stored as MD5 hashes.

  77. Bestialitysextaboo data breach (2018)

    In March 2018, the animal bestiality website known as Bestialitysextaboo was hacked. A collection of various sites running on the same service were also compromised and details of the hack (including links to the data) were posted on a popular forum.

    Data breachResolved
  78. Facebook–Cambridge Analytica data scandal

    Political consultancy Cambridge Analytica improperly obtained the personal data of up to 87 million Facebook users via a personality-quiz app, exploiting Facebook's permissive third-party API to harvest friend networks and build voter-targeting profiles. The scandal triggered a record $5 billion FTC penalty.

  79. Bad Traffic / AdHose network injection on Egypt's telecom backbone

    Citizen Lab found Sandvine PacketLogic deep-packet-inspection devices on Telecom Egypt's network covertly redirecting users en masse to affiliate ads and cryptocurrency-mining scripts, while also blocking dozens of news and human-rights sites.

  80. EyeEm data breach (2018)

    In February 2018, photography website EyeEm suffered a data breach. The breach was identified among a collection of other large incidents and exposed almost 20M unique email addresses, names, usernames, bios and password hashes.

    Data breachResolved
  81. 2,844 Separate Data Breaches data breach (2018)

    In February 2018, a massive collection of almost 3,000 alleged data breaches was found online. Whilst some of the data had previously been seen in Have I Been Pwned, 2,844 of the files consisting of more than 80 million unique email addresses had not previously been seen.

    Data breachResolved
  82. Florida Virtual School data breach (2018)

    In March 2018, the Florida Virtual School (FLVS) posted a data breach notification to their website. The school had identified a data breach which had occurred sometime between 6 May 2016 and 12 Feb 2018 and an XML file containing 368k student records was subsequently found circulating.

    Data breachResolved
  83. Autocentrum.pl data breach (2018)

    In February 2018, data belonging to the Polish motoring website autocentrum.pl was found online. The data contained 144k email addresses and plain text passwords.

  84. Jobandtalent data breach (2018)

    In approximately February 2018, the employment website Jobandtalent suffered a data breach which then appeared for sale alongside other breaches a year later. The incident impacted 11 million subscribers and exposed their names, email and IP addresses and passwords stored as salted SHA-1 hashes.

    Data breachResolved
  85. MyFitnessPal data breach (2018)

    In February 2018, Under Armour's MyFitnessPal app was breached, exposing about 144 million accounts with usernames, emails and passwords hashed using a mix of SHA-1 and bcrypt; the data later surfaced for sale via GnosticPlayers.

  86. JoomlArt data breach (2018)

    In January 2018, the Joomla template website JoomlArt inadvertently exposed more than 22k unique customer records in a Jira ticket. The exposed data was from iJoomla and JomSocial, both services that JoomlArt acquired the previous year.

    Data breachResolved
  87. PropTiger data breach (2018)

    In January 2018, the Indian property website PropTiger suffered a data breach which resulted in a 3.46GB database file being exposed and subsequently shared extensively on a popular hacking forum 2 years later.

    Data breachResolved
  88. Coincheck NEM heist

    Tokyo-based cryptocurrency exchange Coincheck lost 523 million NEM tokens (~$530M at the time) from a hot wallet that had no multi-signature protection. The largest single crypto-exchange theft at the time — later attributed to North Korea's Lazarus Group.

  89. Netshoes customer data breach

    Brazilian e-commerce giant Netshoes exposed the personal data — names, CPF tax IDs, emails and purchase histories — of about 2 million customers, drawing one of the first major enforcement actions by Brazilian prosecutors over a data breach.

  90. Club Penguin Rewritten (January 2018) data breach (2018)

    In January 2018, the children's gaming site Club Penguin Rewritten (CPRewritten) suffered a data breach (note: CPRewritten is an independent recreation of Disney's Club Penguin game).

    Data breachResolved
  91. Dark Caracal global mobile espionage campaign

    A multi-year cyber-espionage campaign tied to the Lebanese General Directorate of General Security (GDGS) stole hundreds of gigabytes of data from thousands of victims across 21+ countries using trojanized Android apps and desktop malware.

  92. Aadhaar database exposure

    Tribune India journalists demonstrated that paid intermediaries could provide full Aadhaar records — including biometric-linked identity data on roughly 1.1 billion Indian residents — for 500 rupees per record.

  93. DailyObjects data breach (2018)

    In approximately January 2018, a collection of more than 464k customer records from the Indian online retailer DailyObjects were leaked online. The data included names, physical and email addresses, phone numbers and "pincodes" stored in plain text.

    Data breachResolved
  94. Elanic data breach (2018)

    In January 2020, the Indian fashion marketplace Elanic had 2.8M records with 2.3M unique email addresses posted publicly to a popular hacking forum. Elanic confirmed that they had "verified the data and it was pulled from one of our test servers where this data was exposed publicly" and that the…

2017

68 incidents
  1. The Fly on the Wall data breach (2017)

    In December 2017, the stock market news website The Fly on the Wall suffered a data breach. The data in the breach included 84k unique email addresses as well as purchase histories and credit card data.

    Data breachResolved
  2. HoundDawgs data breach (2017)

    In December 2017, the Danish torrent tracker known as HoundDawgs suffered a data breach. More than 55GB of data was dumped publicly and whilst there was initially contention as to the severity of the incident, the data did indeed contain more than 45k unique email addresses complete extensive logs…

    Data breachResolved
  3. Lyrics Mania data breach (2017)

    In December 2017, the song lyrics website known as Lyrics Mania suffered a data breach. The data in the breach included 109k usernames, email addresses and plain text passwords. Numerous attempts were made to contact Lyrics Mania about the incident, however no responses were received.

    Data breachResolved
  4. 2fast4u data breach (2017)

    In December 2017, the Belgian motorcycle forum 2fast4u discovered a data breach of their system. The breach of the vBulletin message board impacted over 17k individual users and exposed email addresses, usersnames and salted MD5 passwords.

  5. PetFlow data breach (2017)

    In December 2017, the pet care delivery service PetFlow suffered a data breach which consequently appeared for sale on a dark web marketplace. Almost 1M accounts were impacted and exposed email addresses and passwords stored as unsalted MD5 hashes.

    Data breachResolved
  6. piZap data breach (2017)

    In approximately December 2017, the online photo editing site piZap suffered a data breach. The data was later placed up for sale on a dark web marketplace along with a collection of other data breaches in February 2019.

    Data breachResolved
  7. ai.type data breach (2017)

    In December 2017, the virtual keyboard application ai.type was found to have left a huge amount of data publicly facing in an unsecured MongoDB instance.

    Data breachResolved
  8. dvd-shop.ch data breach (2017)

    In December 2017, the online Swiss DVD store known as dvd-shop.ch suffered a data breach. The incident led to the exposure of 68k email addresses and plain text passwords. The site has since been updated to indicate that it is currently closed.

  9. Open CS:GO data breach (2017)

    In December 2017, the website for purchasing Counter-Strike skins known as Open CS:GO (Counter-Strike: Global Offensive) suffered a data breach (address since redirects to dropgun.com).

    Data breachResolved
  10. TheTVDB.com data breach (2017)

    In November 2017, the open television database known as TheTVDB.com suffered a data breach. The breached data was posted to a hacking forum and included 182k records with usernames, email addresses and MySQL password hashes.

    Data breachResolved
  11. Uber 2016 data breach and cover-up

    Attackers stole personal data on 57 million Uber riders and drivers in October 2016. Rather than disclose, Uber paid the hackers a $100,000 ransom and disguised it as a bug bounty — a cover-up that led to a $148 million multistate settlement and the criminal conviction of Uber's security chief.

  12. Malaysia telecommunications mega data breach

    Personal data of 46.2 million Malaysian mobile subscribers — names, ID card numbers, SIM and IMSI numbers, and addresses from at least a dozen telcos and MVNOs — was leaked and offered for sale online, in the largest data breach in Malaysian history.

  13. MyHeritage data breach (2017)

    Genealogy and DNA-testing service MyHeritage was breached in October 2017, exposing roughly 92 million account email addresses and salted SHA-1 password hashes. The incident was only discovered and disclosed in June 2018.

  14. Bukalapak data breach (2017)

    In March 2019, the Indonesian e-commerce website Bukalapak discovered a data breach of the organisation's backups dating back to October 2017. The incident exposed approximately 13 million unique email addresses alongside IP addresses, names and passwords stored as bcrypt and salted SHA-512 hashes.

    Data breachResolved
  15. Far Eastern International Bank SWIFT heist

    North Korea's Lazarus Group used custom malware to commandeer Far Eastern International Bank's SWIFT terminal and wire roughly $60 million to accounts in the U.S., Cambodia, and Sri Lanka, deploying Hermes ransomware as a diversion.

    MalwareResolvedTaiwan$500.0K
  16. Legendas.TV data breach (2017)

    In October 2017, the now defunct Brazilian service for retrieving subtitles in Portuguese Legendas.TV suffered a data breach that exposed nearly 4M customer records. The impacted data included names, usernames, email and IP addresses and unsalted SHA-1 hashes.

    Data breachResolved
  17. Smogon data breach (2017)

    In April 2018, the Pokémon website known as Smogon announced they'd suffered a data breach. The breach dated back to September 2017 and affected their XenForo based forum. The exposed data included usernames, email addresses, genders and both bcrypt and MD5 password hashes.

    Data breachResolved
  18. Equifax data breach

    An unpatched Apache Struts vulnerability let attackers exfiltrate Social Security numbers, dates of birth, addresses, and driver's license numbers for 147 million U.S., U.K., and Canadian consumers.

  19. Moneycontrol data breach (2017)

    In April 2021, hackers posted data for sale originating from the online Indian financial platform, Moneycontrol. The data included 763 thousand unique email addresses (allegedly a subset of a larger 40 million account breach), alongside geographic locations, phone numbers, genders, dates of birth…

    Data breachResolved
  20. Estonian ID-card ROCA crypto crisis

    A flaw in Infineon's RSA key-generation library (ROCA, CVE-2017-15361) made it theoretically possible to forge digital identities for some 750,000 Estonian ID-cards, forcing a nationwide certificate suspension and emergency remote re-keying.

  21. TGBUS data breach (2017)

    In approximately 2017, it's alleged that the Chinese gaming site known as TGBUS suffered a data breach that impacted over 10 million unique subscribers.

    Data breachResolved
  22. Onliner Spambot data breach (2017)

    In August 2017, a spambot by the name of Onliner Spambot was identified by security researcher Benkow moʞuƎq. The malicious software contained a server-based component located on an IP address in the Netherlands which exposed a large number of files containing personal information.

    Data breachResolved
  23. Coinmama data breach (2017)

    In August 2017, the crypto coin brokerage service Coinmama suffered a data breach that impacted 479k subscribers. The breach was discovered in February 2019 with exposed data including email addresses, usernames and passwords stored as MD5 WordPress hashes.

    Data breachResolved
  24. Taringa data breach (2017)

    In September 2017, news broke that Taringa had suffered a data breach exposing 28 million records. Known as "The Latin American Reddit", Taringa's breach disclosure notice indicated the incident dated back to August that year.

    Data breachResolved
  25. MALL.cz data breach (2017)

    In July 2017, the Czech Republic e-commerce site MALL.cz suffered a data breach after which 735k unique accounts including email addresses, names, phone numbers and passwords were later posted online.

  26. B2B USA Businesses data breach (2017)

    In mid-2017, a spam list of over 105 million individuals in corporate America was discovered online. Referred to as "B2B USA Businesses", the list categorised email addresses by employer, providing information on individuals' job titles plus their work phone numbers and physical addresses.

    Data breachResolved
  27. Swedish Transport Agency data leak

    A botched IT outsourcing deal exposed Sweden's entire vehicle and driver-licence database — including data on protected identities, police, and military personnel — to foreign IT workers without security clearance, triggering a national political crisis.

  28. 8tracks data breach (2017)

    In June 2017, the online playlists service known as 8Tracks suffered a data breach which impacted 18 million accounts. In their disclosure, 8Tracks advised that "the vector for the attack was an employee’s GitHub account, which was not secured using two-factor authentication".

  29. NotPetya destructive wiper

    A destructive wiper disguised as ransomware, propagated via a compromised Ukrainian accounting software update. Estimated $10 billion in global damage — the most economically destructive cyberattack in history.

  30. Exposed VINs data breach (2017)

    In June 2017, an unsecured database with more than 10 million VINs (vehicle identification numbers) was discovered by researchers. Believed to be sourced from US car dealerships, the data included a raft of personal information and vehicle data along with 397k unique email addresses.

    Data breachResolved
  31. Qatar News Agency hack

    Attackers planted malware on Qatar's state news agency in April 2017 and exploited it on 24 May to publish fabricated quotes attributed to the Emir, providing the pretext used by Saudi Arabia, the UAE, Bahrain, and Egypt to launch a blockade of Qatar.

  32. Zomato data breach (2017)

    In May 2017, the restaurant guide website Zomato was hacked resulting in the exposure of almost 17 million accounts. The data was consequently redistributed online and contains email addresses, usernames and salted MD5 hashes of passwords (the password hash was not present on all accounts).

  33. DaFont data breach (2017)

    In May 2017, font sharing site DaFont suffered a data breach resulting in the exposure of 637k records. Allegedly due to a SQL injection vulnerability exploited by multiple parties, the exposed data included usernames, email addresses and passwords stored as MD5 without a salt.

    Data breachResolved
  34. Bell (2017 breach) data breach (2017)

    In May 2017, the Bell telecommunications company in Canada suffered a data breach resulting in the exposure of millions of customer records. The data was consequently leaked online with a message from the attacker stating that they were "releasing a significant portion of Bell.ca's data due to the…

  35. Telefónica WannaCry ransomware outbreak

    On the day WannaCry erupted worldwide, the worm tore through the corporate network of Spanish telecom giant Telefónica, forcing the company to order thousands of staff at its Madrid headquarters to shut down their PCs.

  36. WannaCry ransomware worm

    A North Korean ransomware worm that exploited the EternalBlue SMB vulnerability to spread to ~200,000 systems across 150 countries in 24 hours. Paralysed the U.K.'s NHS and crippled manufacturing globally.

  37. Edmodo data breach (2017)

    In May 2017, the education platform Edmodo was hacked resulting in the exposure of 77 million records comprised of over 43 million unique customer email addresses. The data was consequently published to a popular hacking forum and made freely available.

  38. Reincubate data breach (2017)

    In October 2020, the app data company Reincubate suffered a data breach which exposed a backup from November 2017 (the newest record in the data appeared several months earlier). The data included over 616k unique email addresses, names and passwords stored as PBKDF2 hashes.

    Data breachResolved
  39. Ge.tt data breach (2017)

    In May 2017, the file sharing platform Ge.tt suffered a data breach. The data was subsequently put up for sale on a dark web marketplace in February 2019 alongside a raft of other breaches.

    Data breachResolved
  40. Underworld Empire data breach (2017)

    In April 2017, the vBulletin forum for the Underworld Empire game suffered a data breach that exposed 429k accounts. The data was then posted to a hacking forum in mid-February 2018 where it was made available to download.

    Data breachResolved
  41. Dueling Network data breach (2017)

    In March 2017, the Flash game based on the Yu-Gi-Oh trading card game Dueling Network suffered a data breach. The site itself was taken offline in 2016 due to a cease-and-desist order but the forum remained online for another year.

    Data breachResolved
  42. Hong Kong Registration and Electoral Office laptop theft

    Two laptops stored at the fallback venue for Hong Kong's 2017 Chief Executive election were stolen, exposing the personal data — including ID-card numbers — of all 3.7 million registered voters.

  43. Appartoo data breach (2017)

    In March 2017, the French Flatsharing site known as Appartoo suffered a data breach. The incident exposed an extensive amount of personal information on almost 50k members including email addresses, genders, ages, private messages sent between users of the service and passwords stored as SHA-256…

    Data breachResolved
  44. Health Now Networks data breach (2017)

    In March 2017, the telemarketing service Health Now Networks left a database containing hundreds of thousands of medical records exposed. There were over 900,000 records in total containing significant volumes of personal information including names, dates of birth, various medical conditions and…

    Data breachResolved
  45. Factual data breach (2017)

    In March 2017, a file containing 8M rows of data allegedly sourced from data aggregator Factual was compiled and later exchanged on the premise it was a "breach". The data contained 2.5M unique email addresses alongside business names, addresses and phone numbers.

    Data breachResolved
  46. Master Deeds data breach (2017)

    In March 2017, a 27GB database backup file named "Master Deeds" was sent to HIBP by a supporter of the project. Upon detailed analysis later that year, the file was found to contain the personal data of tens of millions of living and deceased South African residents.

    Data breachResolved
  47. Ster-Kinekor data breach (2017)

    In 2016, the South African cinema company Ster-Kinekor had a security flaw which leaked a large amount of customer data via an enumeration vulnerability in the API of their old website.

  48. StoneDrill wiper attacks on Saudi organizations

    Kaspersky uncovered StoneDrill, a sophisticated new wiper that destroyed data at Saudi petrochemical and industrial targets alongside the Shamoon 2 campaign, and which had spread as far as a victim in Europe.

  49. Bolt data breach (2017)

    In approximately March 2017, the file sharing website Bolt suffered a data breach resulting in the exposure of 995k unique user records. The data was sourced from their vBulletin forum and contained email and IP addresses, usernames and salted MD5 password hashes.

    Data breachResolved
  50. MINDEF I-net breach

    A targeted intrusion into Singapore's Ministry of Defence I-net web-surfing system stole the NRIC numbers, phone numbers and birth dates of 850 national servicemen and staff in the country's first publicly disclosed breach of a government defence network.

  51. Cloudflare "Cloudbleed" memory leak

    A buffer-overflow bug in Cloudflare's edge servers caused them to leak adjacent chunks of memory — including passwords, cookies, and private messages from other customers — into web pages, where some were cached by search engines. The flaw was active for months before Google's Project Zero discovered it.

  52. Retina-X data breach (2017)

    In February 2017, the mobile device monitoring software developer Retina-X was hacked and customer data downloaded before being wiped from their servers.

    Data breachResolved
  53. Coachella data breach (2017)

    In February 2017, hundreds of thousands of records from the Coachella music festival were discovered being sold online. Allegedly taken from a combination of the main Coachella website and their vBulletin-based message board, the data included almost 600k usernames, IP and email addresses and…

    Data breachResolved
  54. FreeOnes data breach (2017)

    In February 2017, the forum for the adult website FreeOnes suffered a data breach that was later redistributed as part of a larger corpus of data. The data included 960k unique email addresses alongside usernames, IP addresses and salted MD5 password hashes.

    Data breachResolved
  55. Nile Phish phishing campaign against Egyptian civil society

    A large-scale, highly targeted phishing campaign documented by Citizen Lab sent 90+ credential-stealing messages against Egyptian NGOs, activists, and lawyers tied to the government's 'Case 173' crackdown on civil society.

  56. Freedom Hosting II data breach (2017)

    In January 2017, the free hidden service host Freedom Hosting II suffered a data breach. The attack allegedly took down 20% of dark web sites running behind Tor hidden services with the attacker claiming that of the 10,613 impacted sites, more than 50% of the content was child pornography.

    Data breachResolved
  57. DataCamp data breach (2017)

    In December 2018, the data science website DataCamp suffered a data breach of records dating back to January 2017. The incident exposed 760k unique email and IP addresses along with names and passwords stored as bcrypt hashes.

    Data breachResolved
  58. SwordFantasy data breach (2017)

    In January 2019, the now defunct MMO and RPG game SwordFantasy suffered a data breach that exposed 2.7M unique email addresses. Other impacted data included username, IP address and salted MD5 password hashes.

    Data breachResolved
  59. CrimeAgency vBulletin Hacks data breach (2017)

    In January 2016, a large number of unpatched vBulletin forums were compromised by an actor known as "CrimeAgency". A total of 140 forums had data including usernames, email addresses and passwords (predominantly stored as salted MD5 hashes), extracted and then distributed.

    Data breachResolved
  60. Sephora data breach (2017)

    In approximately January 2017, the beauty store Sephora suffered a data breach. Impacting customers in South East Asia, Australia and New Zealand, 780k unique email addresses were included in the breach alongside names, genders, dates of birth, ethnicities and other personal information.

  61. CloudPets data breach (2017)

    In January, the maker of teddy bears that record children's voices and sends them to family and friends via the internet CloudPets left their database publicly exposed and it was subsequently downloaded by external parties (the data was also subject to 3 different ransom demands).

    Data breachResolved
  62. Hub4Tech data breach (2017)

    On an unknown date in approximately 2017, the Indian training and assessment service known as Hub4Tech suffered a data breach via a SQL injection attack. The incident exposed almost 37k unique email addresses and passwords stored as unsalted MD5 hashes.

    Data breachResolved
  63. Little Monsters data breach (2017)

    In approximately January 2017, the Lady Gaga fan site known as "Little Monsters" suffered a data breach that impacted 1 million accounts. The data contained usernames, email addresses, dates of birth and bcrypt hashes of passwords.

    Data breachResolved
  64. LiveJournal data breach (2017)

    In mid-2019, news broke of an alleged LiveJournal data breach. This followed multiple reports of credential abuse against Dreamwidth beginning in 2018, a fork of LiveJournal with a significant crossover in user base.

    Data breachResolved
  65. R2 (2017 forum breach) data breach (2017)

    In early 2017, the forum for the gaming website R2 Games was hacked. R2 had previously appeared on HIBP in 2015 after a prior incident. This one exposed over 1 million unique user accounts and corresponding MD5 password hashes with no salt.

    Data breachResolved
  66. River City Media Spam List data breach (2017)

    In January 2017, a massive trove of data from River City Media was found exposed online. The data was found to contain almost 1.4 billion records including email and IP addresses, names and physical addresses, all of which was used as part of an enormous spam operation.

    Data breachResolved
  67. Russian America data breach (2017)

    In approximately 2017, the website for Russian speakers in America known as Russian America suffered a data breach. The incident exposed 183k unique records including names, email addresses, phone numbers and passwords stored in both plain text and as MD5 hashes.

    Data breachResolved
  68. Victory Phones data breach (2017)

    In January 2017, the automated telephony services company Victory Phones left a Mongo DB database publicly facing without a password. Subsequently, 213GB of data was downloaded by an unauthorised party including names, addresses, phone numbers and over 166k unique email addresses.

    Data breachResolved

2016

118 incidents
  1. Data Enrichment Records data breach (2016)

    In December 2016, more than 200 million "data enrichment profiles" were found for sale on the darknet. The seller claimed the data was sourced from Experian and whilst that claim was rejected by the company, the data itself was found to be legitimate suggesting it may have been sourced from other…

    Data breachResolved
  2. Ukraine power grid attack — Industroyer (2016)

    Russia's Sandworm group deployed Industroyer (CrashOverride), the first malware purpose-built to attack electric grids, against a Kyiv transmission substation, cutting roughly a fifth of the capital's power for about an hour.

  3. Anti Public Combo List data breach (2016)

    In December 2016, a huge list of email address and password pairs appeared in a "combo list" referred to as "Anti Public". The list contained 458 million unique email addresses, many with multiple different passwords hacked from various online systems.

    Data breachResolved
  4. Ethereum data breach (2016)

    In December 2016, the forum for the public blockchain-based distributed computing platform Ethereum suffered a data breach. The database contained over 16k unique email addresses along with IP addresses, private forum messages and (mostly) bcrypt hashed passwords.

    Data breachResolved
  5. PayAsUGym data breach (2016)

    In December 2016, an attacker breached PayAsUGym's website exposing over 400k customers' personal data. The data was consequently leaked publicly and broadly distributed via Twitter.

    Data breachResolved
  6. MrExcel data breach (2016)

    In December 2016, the forum for the Microsoft Excel tips and solutions site Mr Excel suffered a data breach. The hack of the vBulletin forum led to the exposure of over 366k accounts along with email and IP addresses, dates of birth and salted passwords hashed with MD5.

    Data breachResolved
  7. Biohack.me data breach (2016)

    In December 2016, the forum for the biohacking website Biohack.me suffered a data breach that exposed 3.4k accounts. The data included usernames, email addresses and hashed passwords along with the private messages of forum members. The data was self-submitted to HIBP by the Biohack.me operators.

    Data breachResolved
  8. FashionFantasyGame data breach (2016)

    In late 2016, the fashion gaming website Fashion Fantasy Game suffered a data breach. The incident exposed 2.3 million unique user accounts and corresponding MD5 password hashes with no salt. The data was contributed to Have I Been Pwned courtesy of rip@creep.im.

    Data breachResolved
  9. Warmane data breach (2016)

    In approximately December 2016, the online service for World of Warcraft private servers Warmane suffered a data breach. The incident exposed over 1.1M accounts including usernames, email addresses, dates of birth and salted MD5 password hashes.

    Data breachResolved
  10. Youku data breach (2016)

    In late 2016, China's leading online video platform Youku suffered a data breach exposing roughly 92 million unique user accounts together with usernames and MD5-hashed passwords, which later circulated on dark-web marketplaces.

  11. xHamster data breach (2016)

    In November 2016, news broke that hackers were trading hundreds of thousands of xHamster porn account details. In total, the data contained almost 380k unique user records including email addresses, usernames and unsalted MD5 password hashes.

    Data breachResolved
  12. Deutsche Telekom Mirai router outage

    A botched Mirai botnet campaign targeting a router exploit crashed roughly 900,000 Deutsche Telekom routers, knocking German customers offline for internet, phone, and TV over two days in November 2016.

  13. RankWatch data breach (2016)

    In approximately November 2016, the search engine optimisation management company RankWatch exposed a Mongo DB with no password publicly whereupon their data was exfiltrated and posted to an online forum.

    Data breachResolved
  14. CashCrate data breach (2016)

    In June 2017, news broke that CashCrate had suffered a data breach exposing 6.8 million records. The breach of the cash-for-surveys site dated back to November 2016 and exposed names, physical addresses, email addresses and passwords stored in plain text for older accounts along with weak MD5…

    Data breachResolved
  15. Shamoon 2 wiper attacks on Saudi government

    A reactivated Shamoon (Disttrack) wiper destroyed thousands of computers across Saudi government bodies including the General Authority of Civil Aviation, overwriting master boot records with the image of a drowned Syrian child.

  16. FriendFinder Networks breach

    A local file inclusion flaw let attackers steal 412 million accounts across FriendFinder Networks' adult and dating sites, including AdultFriendFinder. Most passwords were stored in plain text or as unsalted SHA-1, and 'deleted' accounts were never actually removed.

  17. SubaGames data breach (2016)

    In November 2016, the game developer Suba Games suffered a data breach which led to the exposure of 6.1M unique email addresses. Impacted data also included usernames and passwords, most of which appeared circulating in the breached file in plain text after being cracked from salted MD5 hashes.

    Data breachResolved
  18. MCBans data breach (2016)

    In October 2016, the Minecraft banning service known as MCBans suffered a data breach resulting in the exposure of 120k unique user records. The data contained email and IP addresses, usernames and password hashes of unknown format.

    Data breachResolved
  19. Dyn DNS Mirai DDoS attack

    A massive Mirai-botnet DDoS attack against managed DNS provider Dyn knocked Twitter, Netflix, Spotify, GitHub, Reddit, and dozens of other major sites offline across the U.S. and Europe, demonstrating how a botnet of compromised IoT devices could disrupt large swathes of the internet.

  20. Adult FriendFinder (2016) data breach (2016)

    In October 2016, the adult entertainment company Friend Finder Networks suffered a massive data breach. The incident impacted multiple separate online assets owned by the company, the largest of which was the Adult FriendFinder website alleged to be "the world's largest sex & swinger community".

    Data breachResolved
  21. Exploit.In data breach (2016)

    In late 2016, a huge list of email address and password pairs appeared in a "combo list" referred to as "Exploit.In". The list contained 593 million unique email addresses, many with multiple different passwords hacked from various online systems.

    Data breachResolved
  22. GFAN data breach (2016)

    In October 2016, data surfaced that was allegedly obtained from the Chinese website known as GFAN and contained 22.5M accounts. Whilst there is evidence that the data is legitimate, due to the difficulty of emphatically verifying the Chinese breach it has been flagged as "unverified".

    Data breachResolved
  23. Modern Business Solutions data breach (2016)

    In October 2016, a large Mongo DB file containing tens of millions of accounts was shared publicly on Twitter (the file has since been removed). The database contained over 58M unique email addresses along with IP addresses, names, home addresses, genders, job titles, dates of birth and phone…

    Data breachResolved
  24. Leak at Dailymotion

    In October 2016, French video-sharing platform Dailymotion was breached, exposing roughly 85.2 million user accounts including email addresses and usernames, with bcrypt password hashes for about 18 million of them.

  25. Pokémon Negro data breach (2016)

    In approximately October 2016, the Spanish Pokémon site Pokémon Negro suffered a data breach. The attack resulted in the disclosure of 830k accounts including email and IP addresses along with plain text passwords. Pokémon Negro did not respond when contacted about the breach.

    Data breachResolved
  26. Aipai.com data breach (2016)

    In September 2016, data allegedly obtained from the Chinese gaming website known as Aipai.com and containing 6.5M accounts was leaked online. Whilst there is evidence that the data is legitimate, due to the difficulty of emphatically verifying the Chinese breach it has been flagged as "unverified".

    Data breachResolved
  27. Yahoo data breaches (3 billion accounts)

    Two separate breaches — disclosed in 2016 but stretching back to 2013 and 2014 — exposed every Yahoo account in existence. Three billion accounts: the largest single-company data exposure in history.

  28. Leet data breach (2016)

    In August 2016, the service for creating and running Pocket Minecraft edition servers known as Leet was reported as having suffered a data breach that impacted 6 million subscribers.

    Data breachResolved
  29. eThekwini Municipality data breach (2016)

    In September 2016, the new eThekwini eServices website in South Africa was launched with a number of security holes that lead to the leak of over 98k residents' personal information and utility bills across 82k unique email addresses.

  30. Real Estate Mogul data breach (2016)

    In September 2016, the real estate investment site Real Estate Mogul had a Mongo DB instance compromised and 5GB of data downloaded by an unauthorised party. The data contained real estate listings including addresses and the names, phone numbers and 308k unique email addresses of the sellers.

    Data breachResolved
  31. uuu9 data breach (2016)

    In September 2016, data was allegedly obtained from the Chinese website known as uuu9.com and contained 7.5M accounts. Whilst there is evidence that the data is legitimate, due to the difficulty of emphatically verifying the Chinese breach it has been flagged as "unverified".

    Data breachResolved
  32. Digimon data breach (2016)

    In September 2016, over 16GB of logs from a service indicated to be digimon.co.in were obtained, most likely from an unprotected Mongo DB instance. The service ceased running shortly afterwards and no information remains about the precise nature of it.

  33. ClixSense data breach (2016)

    In September 2016, the paid-to-click site ClixSense suffered a data breach which exposed 2.4 million subscriber identities. The breached data was then posted online by the attackers who claimed it was a subset of a larger data breach totalling 6.6 million records.

    Data breachResolved
  34. NemoWeb data breach (2016)

    In September 2016, almost 21GB of data from the French website used for "standardised and decentralized means of exchange for publishing newsgroup articles" NemoWeb was leaked from what appears to have been an unprotected Mongo DB.

    Data breachResolved
  35. NetProspex data breach (2016)

    In 2016, a list of over 33 million individuals in corporate America sourced from Dun & Bradstreet's NetProspex service was leaked online. D&B believe the targeted marketing data was lost by a customer who purchased it from them.

    Data breachResolved
  36. MDPI data breach (2016)

    In August 2016, the Swiss scholarly open access publisher known as MDPI had 17.5GB of data obtained from an unprotected Mongo DB instance. The data contained email exchanges between MDPI and their authors and reviewers which included 845k unique email addresses.

    Data breachResolved
  37. PPCGeeks data breach (2016)

    In August 2016, the pocket PC fan site forum PPCGeeks suffered a data breach that exposed over 490k records. The breach of the vBulletin forum exposed email and IP addresses, usernames, dates of birth and passwords stored as salted MD5 hashes.

    Data breachResolved
  38. GeekedIn data breach (2016)

    In August 2016, the technology recruitment site GeekedIn left a MongoDB database exposed and over 8M records were extracted by an unknown third party. The breached data was originally scraped from GitHub in violation of their terms of use and contained information exposed in public profiles,…

    Data breachResolved
  39. Epic Games data breach (2016)

    In August 2016, the Epic Games forum suffered a data breach, allegedly due to a SQL injection vulnerability in vBulletin. The attack resulted in the exposure of 252k accounts including usernames, email addresses and salted MD5 hashes of passwords.

    Data breachResolved
  40. Unreal Engine data breach (2016)

    In August 2016, the Unreal Engine Forum suffered a data breach, allegedly due to a SQL injection vulnerability in vBulletin. The attack resulted in the exposure of 530k accounts including usernames, email addresses and salted MD5 hashes of passwords.

    Data breachResolved
  41. Cross Fire data breach (2016)

    In August 2016, the Russian gaming forum known as Cross Fire (or cfire.mail.ru) was hacked along with a number of other forums on the Russian mail provider, mail.ru. The vBulletin forum contained 12.8 million accounts including usernames, email addresses and passwords stored as salted MD5 hashes.

  42. Пара Па data breach (2016)

    In August 2016, the Russian gaming site known as Пара Па (or parapa.mail.ru) was hacked along with a number of other forums on the Russian mail provider, mail.ru. The vBulletin forum contained 4.9 million accounts including usernames, email addresses and passwords stored as salted MD5 hashes.

  43. Wishbone (2016) data breach (2016)

    In August 2016, the mobile app to "compare anything" known as Wishbone suffered a data breach. The data contained 9.4 million records with 2.2 million unique email addresses and was allegedly a subset of the complete data set.

    Data breachResolved
  44. GSM Hosting data breach (2016)

    In August 2016, breached data from the vBulletin forum for GSM-Hosting appeared for sale alongside dozens of other hacked services. The breach impacted 2.6M users of the service and included email and IP addresses, usernames and salted MD5 password hashes.

    Data breachResolved
  45. GTAGaming data breach (2016)

    In August 2016, the Grand Theft Auto forum GTAGaming was hacked and nearly 200k user accounts were leaked. The vBulletin based forum included usernames, email addresses and password hashes.

    Data breachResolved
  46. DLH.net data breach (2016)

    In July 2016, the gaming news site DLH.net suffered a data breach which exposed 3.3M subscriber identities. Along with the keys used to redeem and activate games on the Steam platform, the breach also resulted in the exposure of email addresses, birth dates and salted MD5 password hashes.

    Data breachResolved
  47. Roblox data breach (2016)

    In August 2016, Roblox disclosed a data breach that affected over 50k users. The security incident impacted email and IP addresses, usernames, purchases and Robux balances which were left exposed on a test server.

    Data breachResolved
  48. Vietnam Airlines & airports hack (1937CN)

    Hackers claiming the name 1937CN hijacked flight-information displays and PA systems at major Vietnamese airports with anti-Vietnam South China Sea messages, and leaked data on 411,000 Vietnam Airlines frequent flyers.

  49. AKP Emails data breach (2016)

    In July 2016, a hacker known as Phineas Fisher hacked Turkey's ruling party (Justice and Development Party or "AKP") and gained access to 300k emails. The full contents of the emails were subsequently published by WikiLeaks and made searchable.

  50. i-Dressup data breach (2016)

    In June 2016, the teen social site known as i-Dressup was hacked and over 2 million user accounts were exposed. At the time the hack was reported, the i-Dressup operators were not contactable and the underlying SQL injection flaw remained open, allegedly exposing a total of 5.5 million accounts.

    Data breachResolved
  51. Clash of Kings data breach (2016)

    In July 2016, the forum for the game "Clash of Kings" suffered a data breach that impacted 1.6 million subscribers. The impacted data included usernames, IP and email addresses and passwords stored as MD5 hashes. The data was provided to HIBP by dehashed.com.

    Data breachResolved
  52. Dota2 data breach (2016)

    In July 2016, the Dota2 official developers forum suffered a data breach that exposed almost 2 million users. The hack of the vBulletin forum led to the disclosure of email and IP addresses, usernames and passwords stored as salted MD5 hashes.

    Data breachResolved
  53. Shadi.com data breach (2016)

    In July 2016, the Muslim dating site Shadi.com suffered a data breach that exposed over 2M members' email addresses. The breach also exposed passwords stored as MD5 hashes alongside their plain text equivalents.

    Data breachResolved
  54. dBforums data breach (2016)

    In July 2016, a data breach of the now defunct database forum "dBforums" appeared for sale alongside several others hacked from the parent company, Penton.

    Data breachResolved
  55. Mac Forums data breach (2016)

    In July 2016, the self-proclaimed "Ultimate Source For Your Mac" website Mac Forums suffered a data breach. The vBulletin-based system exposed over 326k usernames, email and IP addresses, dates of birth and passwords stored as salted MD5 hashes.

    Data breachResolved
  56. AbuseWith.Us data breach (2016)

    In 2016, the site dedicated to helping people hack email and online gaming accounts known as Abusewith.us suffered multiple data breaches. The site allegedly had an administrator in common with the nefarious LeakedSource site, both of which have since been shut down.

  57. CrackingForum data breach (2016)

    In approximately mid-2016, the cracking community forum known as CrackingForum suffered a data breach. The vBulletin based forum exposed 660k email and IP addresses, usernames and salted MD5 hashes.

    Data breachResolved
  58. FreshMenu data breach (2016)

    In July 2016, the India-based food delivery service FreshMenu suffered a data breach. The incident exposed the personal data of over 110k customers and included their names, email addresses, phone numbers, home addresses and order histories.

    Data breachResolved
  59. Funimation data breach (2016)

    In July 2016, the anime site Funimation suffered a data breach that impacted 2.5 million accounts. The data contained usernames, email addresses, dates of birth and salted SHA1 hashes of passwords.

    Data breachResolved
  60. GPS Underground data breach (2016)

    In early 2017, GPS Underground was amongst a collection of compromised vBulletin websites that were found being sold online. The breach dated back to mid-2016 and included 670k records with usernames, email and IP addresses, dates of birth and salted MD5 password hashes.

    Data breachResolved
  61. Kaneva data breach (2016)

    In July 2016, now defunct website Kaneva, the service to "build and explore virtual worlds", suffered a data breach that exposed 3.9M user records. The data included email addresses, usernames, dates of birth and salted MD5 password hashes.

    Data breachResolved
  62. OnRPG data breach (2016)

    In July 2016, the now defunct free online games list website OnRPG suffered a data breach that was later redistributed as part of a larger corpus of data. The incident exposed just over 1M email and IP addresses alongside usernames and passwords stored as salted MD5 hashes.

    Data breachResolved
  63. Tunngle data breach (2016)

    In 2016, the now defunct global LAN gaming network Tunngle suffered a data breach that exposed 8.2M unique email addresses. The compromised data also included usernames, IP addresses and passwords stored as salted MD5 hashes.

    Data breachResolved
  64. Web Hosting Talk data breach (2016)

    In July 2016, the Web Hosting Talk forum suffered a data breach that was subsequently listed for sale. The breach of the vBulletin based forum exposed 515k user records including usernames, email addresses, IP addresses and salted MD5 password hashes.

    Data breachResolved
  65. StreetEasy data breach (2016)

    In approximately June 2016, the real estate website StreetEasy suffered a data breach. In total, 988k unique email addresses were included in the breach alongside names, usernames and SHA-1 hashes of passwords, all of which appeared for sale on a dark web marketplace in February 2019.

    Data breachResolved
  66. Whitepages data breach (2016)

    In mid-2016, the telephone and address directory service Whitepages was among a raft of sites that were breached and their data then sold in early-2019. The data included over 11 million unique email addresses alongside names and passwords stored as either a SHA-1 or bcrypt hash.

    Data breachResolved
  67. Muslim Match data breach (2016)

    In June 2016, the Muslim Match dating website had 150k email addresses exposed. The data included private chats and messages between relationship seekers and numerous other personal attributes including passwords hashed with MD5.

    Data breachResolved
  68. HLTV data breach (2016)

    In June 2016, the "home of competitive Counter Strike" website HLTV was hacked and 611k accounts were exposed. The attack led to the exposure of names, usernames, email addresses and bcrypt hashes of passwords.

    Data breachResolved
  69. Democratic National Committee hack

    Russian GRU Units 26165 (APT28) and 31165 (APT29) compromised the Democratic National Committee, Hillary Clinton campaign, and DCCC. Stolen emails were selectively released via 'DCLeaks', 'Guccifer 2.0', and WikiLeaks to influence the 2016 U.S. presidential election.

  70. JTB Corporation data breach

    A spear-phishing email carrying PlugX malware breached Japan's largest travel agency JTB, exposing personal data — including thousands of passport numbers — for up to 7.93 million customers.

  71. Facepunch data breach (2016)

    In June 2016, the game development studio Facepunch suffered a data breach that exposed 343k users. The breached data included usernames, email and IP addresses, dates of birth and salted MD5 password hashes. Facepunch advised they were aware of the incident and had notified people at the time.

    Data breachResolved
  72. Evony data breach (2016)

    In June 2016, the online multiplayer game Evony was hacked and over 29 million unique accounts were exposed. The attack led to the exposure of usernames, email and IP addresses and MD5 hashes of passwords (without salt).

    Data breachResolved
  73. ForumCommunity data breach (2016)

    In approximately mid-2016, the Italian-based service for creating forums known as ForumCommunity suffered a data breach. The incident impacted over 776k unique email addresses along with usernames and unsalted MD5 password hashes. No response was received from ForumCommunity when contacted.

    Data breachResolved
  74. MangaFox.me data breach (2016)

    In approximately July 2016, the manga website known as mangafox.me suffered a data breach. The vBulletin based forum exposed 1.3 million accounts including usernames, email and IP addresses, dates of birth and salted MD5 password hashes.

    Data breachResolved
  75. Uiggy data breach (2016)

    In June 2016, the Facebook application known as Uiggy was hacked and 4.3M accounts were exposed, 2.7M of which had email addresses against them. The leaked accounts also exposed names, genders and the Facebook ID of the owners.

    Data breachResolved
  76. MySpace credentials breach

    Credentials for roughly 360 million pre-2013 MySpace accounts surfaced for sale on the dark web in 2016. The passwords were stored as unsalted SHA-1 hashes, making one of the largest credential dumps ever disclosed trivially crackable.

  77. Teracod data breach (2016)

    In May 2015, almost 100k user records were extracted from the Hungarian torrent site known as Teracod. The data was later discovered being torrented itself and included email addresses, passwords, private messages between members and the peering history of IP addresses using the service.

    Data breachResolved
  78. Regpack data breach (2016)

    In July 2016, a tweet was posted with a link to an alleged data breach of BlueSnap, a global payment gateway and merchant account provider. The data contained 324k payment records across 105k unique email addresses and included personal attributes such as name, home address and phone number.

    Data breachResolved
  79. Army Force Online data breach (2016)

    In May 2016, the online gaming site Army Force Online suffered a data breach that exposed 1.5M accounts. The breached data was found being regularly traded online and included usernames, email and IP addresses and MD5 passwords.

    Data breachResolved
  80. Fur Affinity data breach (2016)

    In May 2016, the Fur Affinity website for people with an interest in anthropomorphic animal characters (also known as "furries") was hacked. The attack exposed 1.2M email addresses (many accounts had a different "first" and "last" email against them) and hashed passwords.

    Data breachResolved
  81. Rosebutt Board data breach (2016)

    Some time prior to May 2016, the forum known as "Rosebutt Board" was hacked and 107k accounts were exposed. The self-described "top one board for anal fisting, prolapse, huge insertions and rosebutt fans" had email and IP addresses, usernames and weakly stored salted MD5 password hashes hacked from…

    Data breachResolved
  82. Shotbow data breach (2016)

    In May 2016, the multiplayer server for Minecraft service Shotbow announced they'd suffered a data breach. The incident resulted in the exposure of over 1 million unique email addresses, usernames and salted SHA-256 password hashes.

    Data breachResolved
  83. Nulled.cr data breach (2016)

    In May 2016, the cracking community forum known as Nulled.cr was hacked and 599k user accounts were leaked publicly. The compromised data included email and IP addresses, weak salted MD5 password hashes and hundreds of thousands of private messages between members.

    Data breachResolved
  84. GameVN data breach (2016)

    In May 2016, the Vietnamese gaming forum GameVN suffered a data breach that was later redistributed as part of a larger corpus of data. Data breached from the XenForo-based forum included 1.4M unique email addresses, usernames, IP addresses and salted MD5 password hashes.

    Data breachResolved
  85. Interpark customer data breach

    South Korean police attributed a breach of online retailer Interpark — exposing the personal data of more than 10 million shoppers — to North Korea's intelligence agency, which used spearphishing and then demanded a multi-million-dollar bitcoin ransom.

  86. Qatar National Bank data breach

    A 1.4 GB archive of internal files, customer account records, and nearly one million payment card numbers stored in clear text was leaked online, including dossiers on Qatar's Al Thani royal family, Al Jazeera staff, and apparent intelligence targets.

  87. Foodora data breach (2016)

    In April 2016, the online food delivery service Foodora suffered a data breach which was then extensively redistributed online. The breach included the personal information of hundreds of thousands of customers from multiple countries including their names, delivery addresses, phone numbers and…

    Data breachResolved
  88. 17 data breach (2016)

    In April 2016, customer data obtained from the streaming app known as "17" appeared listed for sale on a Tor hidden service marketplace. The data contained over 4 million unique email addresses along with IP addresses, usernames and passwords stored as unsalted MD5 hashes.

    Data breachResolved
  89. Mexican voter database exposure (Mexico, 2016)

    A misconfigured MongoDB database left the full Mexican national voter roll — 93.4 million records including names, addresses, birthdates and national ID numbers — publicly accessible on Amazon's cloud with no password, for months.

  90. KnownCircle data breach (2016)

    In approximately April 2016, the "marketing automation for agents and professional service providers" company KnownCircle had a large volume of data obtained by an external party.

    Data breachResolved
  91. Turkish citizenship database (MERNIS) leak

    A 6.6 GB database containing the national ID numbers, full names, parents' names, addresses, and dates of birth of 49.6 million Turkish citizens was dumped in cleartext online, exposing nearly the entire adult population.

  92. Guns and Robots data breach (2016)

    In approximately April 2016, the gaming website Guns and Robots suffered a data breach resulting in the exposure of 143k unique records. The data contained email and IP addresses, usernames and SHA-1 password hashes.

    Data breachResolved
  93. COMELEC 'Comeleak' voter database breach

    Hackers defaced the Philippine Commission on Elections website and leaked its entire voter registration database — records on roughly 55 million voters, including 15.8 million fingerprints and 1.3 million overseas passport numbers — in one of the largest government breaches ever.

  94. Tuned Global data breach (2016)

    In January 2021, data from a number of breached services including Tuned Global were released to a public hacking forum. The breach appears to date back to 2016 and includes 985k records containing email addresses, names, a small number of physical addresses and phone numbers and passwords stored…

    Data breachResolved
  95. Naughty America data breach (2016)

    In March 2016, the adult website Naughty America was hacked and the data consequently sold online. The breach included data from numerous systems with various personal identity attributes, the largest of which had passwords stored as easily crackable MD5 hashes.

    Data breachResolved
  96. Staminus data breach (2016)

    In March 2016, the DDoS protection service Staminus was "massively hacked" resulting in an outage of more than 20 hours and the disclosure of customer credentials (with unsalted MD5 hashes), support tickets, credit card numbers and other sensitive data.

    Data breachResolved
  97. CD Projekt RED data breach (2016)

    In March 2016, Polish game developer CD Projekt RED suffered a data breach. The hack of their forum led to the exposure of almost 1.9 million accounts along with usernames, email addresses and salted SHA1 passwords.

    Data breachResolved
  98. KM.RU data breach (2016)

    In February 2016, the Russian portal and email service KM.RU was the target of an attack which was consequently detailed on Reddit. Allegedly protesting "the foreign policy of Russia in regards to Ukraine", KM.RU was one of several Russian sites in the breach and impacted almost 1.5M accounts…

  99. Mate1.com data breach (2016)

    In February 2016, the dating site mate1.com suffered a huge data breach resulting in the disclosure of over 27 million subscribers' information. The data included deeply personal information about their private lives including drug and alcohol habits, incomes levels and sexual fetishes as well as…

    Data breachResolved
  100. Nival data breach (2016)

    In February 2016, the Russian gaming company Nival was the target of an attack which was consequently detailed on Reddit. Allegedly protesting "the foreign policy of Russia in regards to Ukraine", Nival was one of several Russian sites in the breach and impacted over 1.5M accounts including…

    Data breachResolved
  101. TruckersMP data breach (2016)

    In February 2016, the online trucking simulator mod TruckersMP suffered a data breach which exposed 84k user accounts. In a first for "Have I Been Pwned", the breached data was self-submitted directly by the organisation that was breached itself.

    Data breachResolved
  102. Linux Mint data breach (2016)

    In February 2016, the website for the Linux distro known as Linux Mint was hacked and the ISO infected with a backdoor. The site also ran a phpBB forum which was subsequently put up for sale complete with almost 145k email addresses, passwords and other personal subscriber information.

    Data breachResolved
  103. SkTorrent data breach (2016)

    In February 2016, the Slovak torrent tracking site SkTorrent was hacked and over 117k records leaked online. The data dump included usernames, email addresses and passwords stored in plain text.

    Data breachResolved
  104. V-Tight Gel data breach (2016)

    In approximately February 2016, data surfaced which was allegedly obtained from V-Tight Gel (vaginal tightening gel). Whilst the data set was titled V-Tight, within there were 50 other (predominantly wellness-related) domain names, most owned by the same entity.

    Data breachResolved
  105. Bangladesh Bank SWIFT heist

    Lazarus operators sent fraudulent SWIFT instructions through the New York Fed to wire $951 million out of Bangladesh Bank's reserve account. A typo on one transfer stopped $850M; $81M still escaped to Philippine casinos.

  106. Flash Flash Revolution (2016 breach) data breach (2016)

    In February 2016, the music-based rhythm game known as Flash Flash Revolution was hacked and 1.8M accounts were exposed. Along with email and IP addresses, the vBulletin forum also exposed salted MD5 password hashes.

    Data breachResolved
  107. Minecraft World Map data breach (2016)

    In approximately January 2016, the Minecraft World Map site designed for sharing maps created for the game was hacked and over 71k user accounts were exposed. The data included usernames, email and IP addresses along with salted and hashed passwords.

    Data breachResolved
  108. uTorrent data breach (2016)

    In early 2016, the forum for the uTorrent BitTorrent client suffered a data breach which came to light later in the year. The database from the IP.Board based forum contained 395k accounts including usernames, email addresses and MD5 password hashes without a salt.

    Data breachResolved
  109. Battlefy data breach (2016)

    In January 2016, the esports website Battlefy suffered a data breach that exposed 83k customer records. The impacted data included email addresses, usernames and passwords stored as bcrypt hashes.

    Data breachResolved
  110. EpicNPC data breach (2016)

    In January 2016, the hacked account reseller EpicNPC suffered a data breach that impacted 409k subscribers. The impacted data included usernames, IP and email addresses and passwords stored as salted MD5 hashes. The data was provided to HIBP by dehashed.com.

    Data breachResolved
  111. Anime-Planet data breach (2016)

    In approximately 2016, the anime website Anime-Planet suffered a data breach that impacted 369k subscribers. The exposed data included usernames, IP and email addresses, dates of birth and passwords stored as unsalted MD5 hashes and for newer accounts, bcrypt hashes.

    Data breachResolved
  112. BitTorrent data breach (2016)

    In January 2016, the forum for the popular torrent software BitTorrent was hacked. The IP.Board based forum stored passwords as weak SHA1 salted hashes and the breached data also included usernames, email and IP addresses.

    Data breachResolved
  113. D3Scene data breach (2016)

    In January 2016, the gaming website D3Scene, suffered a data breach. The compromised vBulletin forum exposed 569k million email addresses, IP address, usernames and passwords stored as salted MD5 hashes. The data was provided to HIBP by dehashed.com.

    Data breachResolved
  114. Lifeboat data breach (2016)

    In January 2016, the Minecraft community known as Lifeboat was hacked and more than 7 million accounts leaked. Lifeboat knew of the incident for three months before the breach was made public but elected not to advise customers.

    Data breachResolved
  115. MoDaCo data breach (2016)

    In approximately January 2016, the UK based Android community known as MoDaCo suffered a data breach which exposed 880k subscriber identities. The data included email and IP addresses, usernames and passwords stored as salted MD5 hashes.

    Data breachResolved
  116. Onverse data breach (2016)

    In January 2016, the online virtual world known as Onverse was hacked and 800k accounts were exposed. Along with email and IP addresses, the site also exposed salted MD5 password hashes.

    Data breachResolved
  117. ServerPact data breach (2016)

    In mid-2015, the Dutch Minecraft site ServerPact was hacked and 73k accounts were exposed. Along with birth dates, email and IP addresses, the site also exposed SHA1 password hashes with the username as the salt.

    Data breachResolved
  118. XPG data breach (2016)

    In approximately early 2016, the gaming website Xpgamesaves (XPG) suffered a data breach resulting in the exposure of 890k unique user records. The data contained email and IP addresses, usernames and salted MD5 hashes of passwords.

    Data breachResolved

2015

82 incidents
  1. Trillian data breach (2015)

    In December 2015, the instant messaging application Trillian suffered a data breach. The breach became known in July 2016 and exposed various personal data attributes including names, email addresses and passwords stored as salted MD5 hashes.

    Data breachResolved
  2. Turkey banking sector & .tr DNS DDoS attacks

    A two-week Anonymous-claimed DDoS campaign knocked Turkish banks' online and card-payment systems offline and hit the NIC.tr DNS infrastructure with a 40 Gbps flood, disrupting roughly 400,000 .tr domains nationwide.

  3. Ukraine power grid attack — Sandworm BlackEnergy (2015)

    The Russia-linked Sandworm group used spear-phishing, BlackEnergy3, and KillDisk to remotely flip breakers at three Ukrainian regional electricity distribution companies, cutting power to approximately 230,000 customers for 1–6 hours. It is the first publicly acknowledged successful cyberattack on an electric power grid in history.

  4. QuinStreet data breach (2015)

    In approximately late 2015, the maker of "performance marketing products" QuinStreet had a number of their online assets compromised. The attack impacted 28 separate sites, predominantly technology forums such as flashkit.com, codeguru.com and webdeveloper.com (view a full list of sites).

    Data breachResolved
  5. Aternos data breach (2015)

    In December 2015, the service for creating and running free Minecraft servers known as Aternos suffered a data breach that impacted 1.4 million subscribers. The data included usernames, email and IP addresses and hashed passwords.

    Data breachResolved
  6. DaniWeb data breach (2015)

    In late 2015, the technology and social site DaniWeb suffered a data breach. The attack resulted in the disclosure of 1.1 million accounts including email and IP addresses which were also accompanied by salted MD5 hashes of passwords.

    Data breachResolved
  7. InvestBank UAE breach and Hacker Buba extortion

    A hacker calling himself Hacker Buba breached Sharjah-based InvestBank, demanded a $3 million ransom, and then leaked tens of thousands of customer records including credit card numbers, passports and account details when the bank refused to pay.

  8. Nihonomaru data breach (2015)

    In late 2015, the anime community known as Nihonomaru had their vBulletin forum hacked and 1.7 million accounts exposed. The compromised data included email and IP addresses, usernames and salted hashes of passwords.

    Data breachResolved
  9. Programming Forums data breach (2015)

    In approximately late 2015, the programming forum at programmingforums.org suffered a data breach resulting in the exposure of 707k unique user records. The data contained email and IP addresses, usernames and salted MD5 hashes of passwords.

    Data breachResolved
  10. The Fappening data breach (2015)

    In December 2015, the forum for discussing naked celebrity photos known as "The Fappening" (named after the iCloud leaks of 2014) was compromised and 179k accounts were leaked. Exposed member data included usernames, email addresses and salted hashes of passwords.

    Data breachResolved
  11. VTech children's data breach

    A SQL-injection attack against Hong Kong toymaker VTech's Learning Lodge service exposed the personal data of 6.4 million children and nearly 5 million parent accounts, becoming the first major breach to focus on data about minors.

  12. MajorGeeks data breach (2015)

    In November 2015, almost 270k accounts from the MajorGeeks support forum were breached. The accounts were being actively sold and traded online and included email addresses, salted password hashes and IP addresses.

    Data breachResolved
  13. Beautiful People data breach (2015)

    In November 2015, the dating website Beautiful People was hacked and over 1.1M accounts were leaked. The data was being traded in underground circles and included a huge amount of personal information related to dating.

    Data breachResolved
  14. Comcast data breach (2015)

    In November 2015, the US internet and cable TV provider Comcast suffered a data breach that exposed 590k customer email addresses and plain text passwords. A further 27k accounts appeared with home addresses with the entire data set being sold on underground forums.

    Data breachResolved
  15. Ancestry data breach (2015)

    In November 2015, an Ancestry service known as RootsWeb suffered a data breach. The breach was not discovered until late 2017 when a file containing almost 300k email addresses and plain text passwords was identified.

    Data breachResolved
  16. InterPals data breach (2015)

    In late 2015, the online penpal site InterPals had their website hacked and 3.4 million accounts exposed. The compromised data included email addresses, geographical locations, birthdates and salted hashes of passwords.

    Data breachResolved
  17. xat data breach (2015)

    In November 2015, the online chatroom known as "xat" was hacked and 6 million user accounts were exposed. Used as a chat engine on websites, the leaked data included usernames, email and IP addresses along with hashed passwords.

    Data breachResolved
  18. vBulletin data breach (2015)

    In November 2015, the forum software maker vBulletin suffered a serious data breach. The attack lead to the release of both forum user and customer accounts totalling almost 519k records.

    Data breachResolved
  19. Abandonia (2015) data breach (2015)

    In November 2015, the gaming website dedicated to classic DOS games Abandonia suffered a data breach resulting in the exposure of 776k unique user records. The data contained email and IP addresses, usernames and salted MD5 hashes of passwords.

    Data breachResolved
  20. R2Games data breach (2015)

    In late 2015, the gaming website R2Games was hacked and more than 2.1M personal records disclosed. The vBulletin forum included IP addresses and passwords stored as salted hashes using a weak implementation enabling many to be rapidly cracked.

    Data breachResolved
  21. Mac-Torrents data breach (2015)

    In October 2015, the torrent site Mac-Torrents was hacked and almost 94k usernames, email addresses and passwords were leaked. The passwords were hashed with MD5 and no salt.

    Data breachResolved
  22. PHP Freaks data breach (2015)

    In October 2015, the PHP discussion board PHP Freaks was hacked and 173k user accounts were publicly leaked. The breach included multiple personal data attributes as well as salted and hashed passwords.

    Data breachResolved
  23. Go Games data breach (2015)

    In approximately October 2015, the manga website Go Games suffered a data breach. The exposed data included 3.4M customer records including email and IP addresses, usernames and passwords stored as salted MD5 hashes. Go Games did not respond when contacted about the incident.

    Data breachResolved
  24. Gamerzplanet data breach (2015)

    In approximately October 2015, the online gaming forum known as Gamerzplanet was hacked and more than 1.2M accounts were exposed. The vBulletin forum included IP addresses and passwords stored as salted hashes using a weak implementation enabling many to be rapidly cracked.

    Data breachResolved
  25. MPGH data breach (2015)

    In October 2015, the multiplayer game hacking website MPGH was hacked and 3.1 million user accounts disclosed. The vBulletin forum breach contained usernames, email addresses, IP addresses and salted hashes of passwords.

    Data breachResolved
  26. NapsGear data breach (2015)

    In October 2015, the anabolic steroids retailer NapsGear suffered a data breach. An extensive amount of personal information on 287k customers was exposed including email addresses, names, addresses, phone numbers, purchase histories and salted MD5 password hashes.

    Data breachResolved
  27. TalkTalk customer data breach

    An SQL injection attack — committed primarily by four British teenagers — exposed personal data on roughly 157,000 TalkTalk customers including bank account details. Triggered a record £400,000 UK ICO fine.

  28. NetEase data breach (2015)

    In October 2015, a dataset attributed to the Chinese email provider NetEase (163.com and 126.com) surfaced, allegedly exposing around 234 million email addresses and plaintext passwords. NetEase denied any breach; HIBP lists the incident as unverified.

  29. Special K Data Feed Spam List data breach (2015)

    In mid to late 2015, a spam list known as the Special K Data Feed was discovered containing almost 31M identities. The data includes personal attributes such as names, physical and IP addresses, genders, birth dates and phone numbers. Read more about spam lists in HIBP.

    Data breachResolved
  30. Patreon data breach (2015)

    In October 2015, the crowdfunding site Patreon was hacked and over 16GB of data was released publicly. The dump included almost 14GB of database records with more than 2.3M unique email addresses, millions of personal messages and passwords stored as bcrypt hashes.

  31. PSP ISO data breach (2015)

    In approximately September 2015, the PlayStation PSP forum known as PSP ISO was hacked and almost 1.3 million accounts were exposed. Along with email and IP addresses, the vBulletin forum also exposed salted MD5 password hashes.

    Data breachResolved
  32. WIIU ISO data breach (2015)

    In September 2015, the Nintendo Wii U forum known as WIIU ISO was hacked and 458k accounts were exposed. Along with email and IP addresses, the vBulletin forum also exposed salted MD5 password hashes.

    Data breachResolved
  33. Xbox 360 ISO data breach (2015)

    In approximately September 2015, the XBOX 360 forum known as XBOX360 ISO was hacked and 1.2 million accounts were exposed. Along with email and IP addresses, the vBulletin forum also exposed salted MD5 password hashes.

    Data breachResolved
  34. Final Fantasy Shrine data breach (2015)

    In September 2015, the Final Fantasy discussion forum known as FFShrine was breached and the data dumped publicly. Approximately 620k records were released containing email addresses, IP addresses and salted hashes of passwords.

    Data breachResolved
  35. Experian (2015) data breach (2015)

    In September 2015, the US based credit bureau and consumer data broker Experian suffered a data breach that impacted 15 million customers who had applied for financing from T-Mobile.

    Data breachResolved
  36. The Candid Board data breach (2015)

    In September 2015, the non-consensual voyeurism site "The Candid Board" suffered a data breach. The hack of the vBulletin forum led to the exposure of over 178k accounts along with email and IP addresses, dates of birth and salted passwords hashed with MD5.

    Data breachResolved
  37. ClearVoice Surveys data breach (2015)

    In April 2021, the market research surveys company ClearVoice Surveys had a publicly facing database backup from 2015 taken and redistributed on a popular hacking forum.

    Data breachResolved
  38. MyVidster (2015) data breach (2015)

    In August 2015, the social video sharing and bookmarking site MyVidster was hacked and nearly 20,000 accounts were dumped online. The dump included usernames, email addresses and hashed passwords.

    Data breachResolved
  39. StoryBird data breach (2015)

    In August 2015, the storytelling service StoryBird suffered a data breach exposing 4 million records with 1 million unique email addresses. Impacted data also included names, usernames and passwords stored as PBKDF2 hashes. The data was provided to HIBP by dehashed.com.

    Data breachResolved
  40. Pokébip data breach (2015)

    In July 2015, the French Pokémon site Pokébip suffered a data breach which exposed 657k subscriber identities. The data included email and IP addresses, usernames and passwords stored as unsalted MD5 hashes.

    Data breachResolved
  41. Ashley Madison (Avid Life Media) breach

    A group calling itself the Impact Team breached infidelity dating site Ashley Madison, then dumped the account data of roughly 32 million users — names, emails, sexual preferences and payment records — after parent company Avid Life Media refused to shut the site down.

  42. Soundwave data breach (2015)

    In approximately mid 2015, the music tracking app Soundwave suffered a data breach. The breach stemmed from an incident whereby "production data had been used to populate the test database" and was then inadvertently exposed in a MongoDB.

    Data breachResolved
  43. Seedpeer data breach (2015)

    In July 2015, the torrent site Seedpeer was hacked and 282k member records were exposed. The data included usernames, email addresses and passwords stored as weak MD5 hashes.

    Data breachResolved
  44. WildStar data breach (2015)

    In July 2015, the IP.Board forum for the gaming website WildStar suffered a data breach that exposed over 738k forum members' accounts. The data was being actively traded on underground forums and included email addresses, birth dates and passwords.

    Data breachResolved
  45. Hemmakväll data breach (2015)

    In July 2015, the Swedish video store chain Hemmakväll was hacked and nearly 50k records dumped publicly. The disclosed data included various attributes of their customers including email and physical addresses, names and phone numbers.

  46. Hacking Team data breach (2015)

    In July 2015, the Italian security firm Hacking Team suffered a major data breach that resulted in over 400GB of their data being posted online via a torrent. The data searchable on "Have I Been Pwned?" is from 189GB worth of PST mail folders in the dump.

    Data breachResolved
  47. myRepoSpace data breach (2015)

    In July 2015, the Cydia repository known as myRepoSpace was hacked and user data leaked publicly. Cydia is designed to facilitate the installation of apps on jailbroken iOS devices.

    Data breachResolved
  48. Plex data breach (2015)

    In July 2015, the discussion forum for Plex media centre was hacked and over 327k accounts exposed. The IP.Board forum included IP addresses and passwords stored as salted hashes using a weak implementation enabling many to be rapidly cracked.

    Data breachResolved
  49. CheapAssGamer.com data breach (2015)

    In approximately mid-2015, the forum for CheapAssGamer.com suffered a data breach. The database from the IP.Board based forum contained 445k accounts including usernames, email and IP addresses and salted MD5 password hashes.

    Data breachResolved
  50. iPmart data breach (2015)

    During 2015, the iPmart forum (now known as Mobi NUKE) was hacked and over 2 million forum members' details were exposed. The vBulletin forum included IP addresses, birth dates and passwords stored as salted hashes using a weak implementation enabling many to be rapidly cracked.

    Data breachResolved
  51. PS3Hax data breach (2015)

    In approximately July 2015, the Sony Playstation hacks and mods forum known as PS3Hax was hacked and more than 447k accounts were exposed. The vBulletin forum included IP addresses and passwords stored as salted hashes using a weak implementation enabling many to be rapidly cracked.

    Data breachResolved
  52. SvenskaMagic data breach (2015)

    Sometime in 2015, the Swedish magic website SvenskaMagic suffered a data breach that exposed over 30k records. The compromised data included usernames, email addresses and MD5 password hashes. The data was self-submitted to HIBP by SvenskaMagic.

    Data breachResolved
  53. Minefield data breach (2015)

    In June 2015, the French Minecraft server known as Minefield was hacked and 188k member records were exposed. The IP.Board forum included email and IP addresses, birth dates and passwords stored as salted hashes using a weak implementation enabling many to be rapidly cracked.

  54. Scuf Gaming data breach (2015)

    In June 2015, custom gaming controller maker Scuf Gaming suffered a data breach. The incident exposed 129k unique email addresses along with usernames, display names, IP addresses and password hashes.

    Data breachResolved
  55. U.S. Office of Personnel Management breach

    Chinese state operators exfiltrated background-investigation forms (SF-86s) for 21.5 million U.S. federal employees and contractors — the most-damaging intelligence-loss cyber incident in U.S. government history.

  56. Eroticy data breach (2015)

    In mid-2016, it's alleged that the adult website known as Eroticy was hacked. Almost 1.4 million unique accounts were found circulating in late 2016 which contained a raft of personal information ranging from email addresses to phone numbers to plain text passwords.

    Data breachResolved
  57. Japan Pension Service data breach

    A targeted phishing email carrying malware breached the Japan Pension Service, leaking the names, IDs, addresses, and birth dates of about 1.25 million pension enrollees and forcing a national rethink of public-sector cybersecurity.

  58. Minecraft Pocket Edition Forum data breach (2015)

    In May 2015, the Minecraft Pocket Edition forum was hacked and over 16k accounts were dumped public. Allegedly hacked by @rmsg0d, the forum data included numerous personal pieces of data for each user. The forum has subsequently been decommissioned.

    Data breachResolved
  59. Bitcoin Talk data breach (2015)

    In May 2015, the Bitcoin forum Bitcoin Talk was hacked and over 500k unique email addresses were exposed. The attack led to the exposure of a raft of personal data including usernames, email and IP addresses, genders, birth dates, security questions and MD5 hashes of their answers plus hashes of…

    Data breachResolved
  60. Adult FriendFinder (2015) data breach (2015)

    In May 2015, the adult hookup site Adult FriendFinder was hacked and nearly 4 million records dumped publicly. The data dump included extremely sensitive personal information about individuals and their relationship statuses and sexual preferences combined with personally identifiable information.

    Data breachResolved
  61. Gaadi data breach (2015)

    In May 2015, the Indian motoring website known as Gaadi had 4.3 million records exposed in a data breach. The data contained usernames, email and IP addresses, genders, the city of users as well as passwords stored in both plain text and as MD5 hashes.

    Data breachResolved
  62. mSpy data breach (2015)

    In May 2015, the "monitoring" software known as mSpy suffered a major data breach. The software (allegedly often used to spy on unsuspecting victims), stored extensive personal information within their online service which after being breached, was made freely available on the internet.

    Data breachResolved
  63. Спрашивай.ру data breach (2015)

    In May 2015, Спрашивай.ру (a the Russian website for anonymous reviews) was reported to have had 6.7 million user details exposed by a hacker known as "w0rm".

  64. German Bundestag intrusion (APT28)

    Russian GRU Unit 26165 (APT28 / Fancy Bear) compromised the Bundestag's parliamentary network, exfiltrating ~16 GB of data including emails from Chancellor Merkel's parliamentary office. Forced a full Bundestag IT estate rebuild.

  65. Evermotion data breach (2015)

    In May 2015, the Polish 3D modelling website known as Evermotion suffered a data breach resulting in the exposure of 435k unique user records. The data was sourced from a vBulletin forum and contained email addresses, usernames, dates of birth and salted MD5 hashes of passwords.

    Data breachResolved
  66. Kimsufi data breach (2015)

    In mid-2015, the forum for the providers of affordable dedicated servers known as Kimsufi suffered a data breach. The vBulletin forum contained over half a million accounts including usernames, email and IP addresses and passwords stored as salted MD5 hashes.

    Data breachResolved
  67. OVH data breach (2015)

    In mid-2015, the forum for the hosting provider known as OVH suffered a data breach. The vBulletin forum contained 453k accounts including usernames, email and IP addresses and passwords stored as salted MD5 hashes.

    Data breachResolved
  68. Telecom Regulatory Authority of India data breach (2015)

    In April 2015, the Telecom Regulatory Authority of India (TRAI) published tens of thousand of emails sent by Indian citizens supporting net neutrality as part of the SaveTheInternet campaign.

  69. SC Daily Phone Spam List data breach (2015)

    In early 2015, a spam list known as SC Daily Phone emerged containing almost 33M identities. The data includes personal attributes such as names, physical and IP addresses, genders, birth dates and phone numbers. Read more about spam lists in HIBP.

    Data breachResolved
  70. SweClockers.com data breach (2015)

    In early 2015, the Swedish tech news site SweClockers was hacked and 255k accounts were exposed. The attack led to the exposure of usernames, email addresses and salted hashes of passwords stored with a combination of MD5 and SHA512.

    Data breachResolved
  71. Snail data breach (2015)

    In March 2015, the gaming website Snail suffered a data breach that impacted 1.4 million subscribers. The impacted data included usernames, IP and email addresses and passwords stored as unsalted MD5 hashes. The data was provided to HIBP by dehashed.com.

    Data breachResolved
  72. 000webhost data breach (2015)

    In approximately March 2015, the free web hosting provider 000webhost suffered a major data breach that exposed almost 15 million customer records. The data was sold and traded before 000webhost was alerted in October. The breach included names, email addresses and plain text passwords.

    Data breachResolved
  73. GameTuts data breach (2015)

    Likely in early 2015, the video game website GameTuts suffered a data breach and over 2 million user accounts were exposed. The site later shut down in July 2016 but was identified as having been hosted on a vBulletin forum.

    Data breachResolved
  74. HongFire data breach (2015)

    In March 2015, the anime and manga forum HongFire suffered a data breach. The hack of their vBulletin forum led to the exposure of 1 million accounts along with email and IP addresses, usernames, dates of birth and salted MD5 passwords.

    Data breachResolved
  75. StarNet data breach (2015)

    In February 2015, the Moldavian ISP "StarNet" had it's database published online. The dump included nearly 140k email addresses, many with personal details including contact information, usage patterns of the ISP and even passport numbers.

    Data breachResolved
  76. MyFHA data breach (2015)

    In approximately February 2015, the home financing website MyFHA suffered a data breach which disclosed the personal information of nearly 1 million people.

    Data breachResolved
  77. Flashback data breach (2015)

    In February 2015, the Swedish forum known as Flashback had sensitive internal data on 40k members published via the tabloid newspaper Aftonbladet. The data was allegedly sold to them via Researchgruppen (The Research Group) who have a history of exposing otherwise anonymous users, primarily those…

  78. Anthem Inc. data breach

    Chinese state-attributed actors exfiltrated personal data on 78.8 million current and former Anthem health insurance customers — at the time the largest healthcare-sector breach in U.S. history.

  79. PSX-Scene data breach (2015)

    In approximately February 2015, the Sony Playstation forum known as PSX-Scene was hacked and more than 340k accounts were exposed. The vBulletin forum included IP addresses and passwords stored as salted hashes using a weak implementation enabling many to be rapidly cracked.

    Data breachResolved
  80. Xbox-Scene data breach (2015)

    In approximately February 2015, the Xbox forum known as Xbox-Scene was hacked and more than 432k accounts were exposed. The IP.Board forum included IP addresses and passwords stored as salted hashes using a weak implementation enabling many to be rapidly cracked.

    Data breachResolved
  81. Lizard Squad data breach (2015)

    In January 2015, the hacker collective known as "Lizard Squad" created a DDoS service by the name of "Lizard Stresser" which could be procured to mount attacks against online targets.

    Data breachResolved
  82. Bleach Anime Forum data breach (2015)

    In 2015, the now defunct independent forum for the Bleach Anime series suffered a data breach that exposed 144k user records. The impacted data included usernames, email addresses and salted MD5 password hashes.

    Data breachResolved

2014

56 incidents
  1. Team SoloMid data breach (2014)

    In December 2014, the electronic sports organisation known as Team SoloMid was hacked and 442k members accounts were leaked. The accounts included email and IP addresses, usernames and salted hashes of passwords.

    Data breachResolved
  2. German steel mill cyberattack

    Attackers used spear-phishing to pivot from a German steel mill's office network into its production network, manipulating industrial controls so a blast furnace could not be shut down properly and suffered massive physical damage.

  3. Acne.org data breach (2014)

    In November 2014, the acne website acne.org suffered a data breach that exposed over 430k forum members' accounts. The data was being actively traded on underground forums and included email addresses, birth dates and passwords.

    Data breachResolved
  4. Sony Pictures Entertainment hack

    A North Korean wiper attack tied to the release of 'The Interview' destroyed roughly half of Sony Pictures' IT estate and leaked terabytes of internal documents, emails, and unreleased films.

  5. Warframe data breach (2014)

    In November 2014, the online game Warframe was hacked and 819k unique email addresses were exposed. Allegedly due to a SQL injection flaw in Drupal, the attack exposed usernames, email addresses and data in a "pass" column which adheres to the salted SHA12 password hashing pattern used by Drupal 7.

    Data breachResolved
  6. Malwarebytes data breach (2014)

    In November 2014, the Malwarebytes forum was hacked and 111k member records were exposed. The IP.Board forum included email and IP addresses, birth dates and passwords stored as salted hashes using a weak implementation enabling many to be rapidly cracked.

    Data breachResolved
  7. Bot of Legends data breach (2014)

    In November 2014, the forum for Bot of Legends suffered a data breach. The IP.Board forum contained 238k accounts including usernames, email and IP addresses and passwords stored as salted MD5 hashes.

    Data breachResolved
  8. ILikeCheats data breach (2014)

    In October 2014, the game cheats website known as ILikeCheats suffered a data breach that exposed 189k accounts. The vBulletin based forum leaked usernames, IP and email addresses and weak MD5 hashes of passwords. The data was provided with support from dehashed.com.

    Data breachResolved
  9. JPMorgan Chase data breach

    Attackers exploited a server missing two-factor authentication to breach more than 90 JPMorgan Chase servers and steal contact details for 76 million households and 7 million small businesses — one of the largest intrusions ever into a U.S. financial institution.

  10. 9Lives data breach (2014)

    In October 2014, the (now defunct) Belgian gaming news forum 9Lives suffered a data breach that was later redistributed as part of a larger corpus of data. The breach exposed 109k unique email addresses along with usernames and salted MD5 password hashes.

  11. BTC-E data breach (2014)

    In October 2014, the Bitcoin exchange BTC-E was hacked and 568k accounts were exposed. The data included email and IP addresses, wallet balances and hashed passwords.

    Data breachResolved
  12. Tout data breach (2014)

    In approximately September 2014, the now defunct social networking service Tout suffered a data breach. The breach subsequently appeared years later and included 653k unique email addresses, names, IP addresses, the location of the user, their bio and passwords stored as bcrypt hashes.

    Data breachResolved
  13. mail.ru Dump data breach (2014)

    In September 2014, several large dumps of user accounts appeared on the Russian Bitcoin Security Forum including one with nearly 5M email addresses and passwords, predominantly on the mail.ru domain.

  14. Home Depot POS breach

    Attackers used a vendor's stolen credentials and custom point-of-sale malware to harvest about 56 million payment cards and 53 million email addresses from Home Depot's U.S. and Canadian self-checkout systems over five months — the largest retail card breach of its time.

  15. Yandex Dump data breach (2014)

    In September 2014, news broke of a massive leak of accounts from Yandex, the Russian search engine giants who also provides email services. The purported million "breached" accounts were disclosed at the same time as nearly 5M mail.ru accounts with both companies claiming the credentials were…

    Data breachResolved
  16. Bin Weevils data breach (2014)

    In September 2014, the online game Bin Weevils suffered a data breach. Whilst originally stating that only usernames and passwords had been exposed, a subsequent story on DataBreaches.net indicated that a more extensive set of personal attributes were impacted (comments there also suggest the data…

    Data breachResolved
  17. Powerbot data breach (2014)

    In approximately September 2014, the RuneScape bot website Powerbot suffered a data breach resulting in the exposure of over half a million unique user records. The data contained email and IP addresses, usernames and salted MD5 hashes of passwords.

    Data breachResolved
  18. Vermillion data breach (2014)

    In August 2014, the Roblox hacking forum Vermillion suffered a data breach that exposed over 8k subscriber records. The breach of the MyBB forum exposed email and IP addresses, usernames, dates of birth and salted password hashes.

    Data breachResolved
  19. Banorte data breach (2014)

    In August 2022, millions of records from Mexican bank "Banorte" were publicly dumped on a popular hacking forum including 2.1M unique email addresses, physical addresses, names, phone numbers, RFC (tax) numbers, genders and bank balances.

    Data breachResolved
  20. diet.com data breach (2014)

    In August 2014, the diet and nutrition website diet.com suffered a data breach resulting in the exposure of 1.4 million unique user records dating back as far as 2004.

    Data breachResolved
  21. Pokémon Creed data breach (2014)

    In August 2014, the Pokémon RPG website Pokémon Creed was hacked after a dispute with rival site, Pokémon Dusk. In a post on Facebook, "Cruz Dusk" announced the hack then pasted the dumped MySQL database on pkmndusk.in.

    Data breachResolved
  22. Insanelyi data breach (2014)

    In July 2014, the iOS forum Insanelyi was hacked by an attacker known as Kim Jong-Cracks. A popular source of information for users of jailbroken iOS devices running Cydia, the Insanelyi breach disclosed over 104k users' emails addresses, user names and weakly hashed passwords (salted MD5).

    Data breachResolved
  23. Benesse insider data breach

    A contractor's system engineer copied 35 million customer records from Japanese education giant Benesse onto a personal device and sold them to data brokers — the largest insider data theft in Japanese history, triggering a ¥20 billion compensation programme.

  24. PoliceOne data breach (2014)

    In February 2017, the law enforcement website PoliceOne confirmed they'd suffered a data breach. The breach contained over 700k accounts which appeared for sale by a data broker and included email and IP addresses, usernames and salted MD5 password hashes.

    Data breachResolved
  25. Black Hat World data breach (2014)

    In June 2014, the search engine optimisation forum Black Hat World had three quarters of a million accounts breached from their system. The breach included various personally identifiable attributes which were publicly released in a MySQL database script.

    Data breachResolved
  26. Sumo Torrent data breach (2014)

    In June 2014, the torrent site Sumo Torrent was hacked and 285k member records were exposed. The data included IP addresses, email addresses and passwords stored as weak MD5 hashes.

    Data breachResolved
  27. Domino's data breach (2014)

    In June 2014, Domino's Pizza in France and Belgium was hacked by a group going by the name "Rex Mundi" and their customer data held to ransom. Domino's refused to pay the ransom and six months later, the attackers released the data along with troves of other hacked accounts.

  28. Manga Traders data breach (2014)

    In June 2014, the Manga trading website Mangatraders.com had the usernames and passwords of over 900k users leaked on the internet (approximately 855k of the emails were unique). The passwords were weakly hashed with a single iteration of MD5 leaving them vulnerable to being easily cracked.

    Data breachResolved
  29. Avast data breach (2014)

    In May 2014, the Avast anti-virus forum was hacked and 423k member records were exposed. The Simple Machines Based forum included usernames, emails and password hashes.

    Data breachResolved
  30. eBay credentials breach

    Attackers used a small number of compromised employee credentials to access eBay's corporate network and exfiltrate a database covering all 145 million users — names, encrypted passwords, email and postal addresses, phone numbers, and dates of birth.

  31. Bitly data breach (2014)

    In May 2014, the link management company Bitly announced they'd suffered a data breach. The breach contained over 9.3 million unique email addresses, usernames and hashed passwords, most using SHA1 with a small number using bcrypt.

  32. Fridae data breach (2014)

    In May 2014, over 25,000 user accounts were breached from the Asian lesbian, gay, bisexual and transgender website known as "Fridae". The attack which was announced on Twitter appears to have been orchestrated by Deletesec who claim that "Digital weapons shall annihilate all secrecy within…

    Data breachResolved
  33. Business Acumen Magazine data breach (2014)

    In April 2014, the Australian "Business Acumen Magazine" website was hacked by an attacker known as 1337MiR. The breach resulted in over 26,000 accounts being exposed including usernames, email addresses and password stored with a weak cryptographic hashing algorithm (MD5 with no salt).

    Data breachResolved
  34. NextGenUpdate data breach (2014)

    Early in 2014, the video game website NextGenUpdate reportedly suffered a data breach that disclosed almost 1.2 million accounts. Amongst the data breach was usernames, email addresses, IP addresses and salted and hashed passwords.

    Data breachResolved
  35. CafeMom data breach (2014)

    In 2014, the social network for mothers CafeMom suffered a data breach. The data surfaced alongside a number of other historical breaches including Kickstarter, Bitly and Disqus and contained 2.6 million email addresses and plain text passwords.

    Data breachResolved
  36. BigMoneyJobs data breach (2014)

    In April 2014, the job site bigmoneyjobs.com was hacked by an attacker known as "ProbablyOnion". The attack resulted in the exposure of over 36,000 user accounts including email addresses, usernames and passwords which were stored in plain text.

    Data breachResolved
  37. Boxee data breach (2014)

    In March 2014, the home theatre PC software maker Boxee had their forums compromised in an attack. The attackers obtained the entire vBulletin MySQL database and promptly posted it for download on the Boxee forum itself.

    Data breachResolved
  38. Quantum Booter data breach (2014)

    In March 2014, the booter service Quantum Booter (also referred to as Quantum Stresser) suffered a breach which lead to the disclosure of their internal database.

    Data breachResolved
  39. Rambler data breach (2014)

    A data dump of almost 100 million accounts from Russian internet portal Rambler — often called 'the Russian Yahoo' — surfaced for trade in 2016, exposing roughly 91 million unique usernames and passwords stored in plain text.

  40. Spirol data breach (2014)

    In February 2014, Connecticut based Spirol Fastening Solutions suffered a data breach that exposed over 70,000 customer records. The attack was allegedly mounted by exploiting a SQL injection vulnerability which yielded data from Spirol’s CRM system ranging from customers’ names, companies, contact…

    Data breachResolved
  41. UN Internet Governance Forum data breach (2014)

    In February 2014, the Internet Governance Forum (formed by the United Nations for policy dialogue on issues of internet governance) was attacked by hacker collective known as Deletesec.

    Data breachResolved
  42. Muslim Directory data breach (2014)

    In February 2014, the UK guide to services and business known as the Muslim Directory was attacked by the hacker known as @th3inf1d3l. The data was consequently dumped publicly and included the web accounts of tens of thousands of users which contained data including their names, home address, age…

  43. Kickstarter data breach (2014)

    In February 2014, the crowdfunding platform Kickstarter announced they'd suffered a data breach. The breach contained almost 5.2 million unique email addresses, usernames and salted SHA1 hashes of passwords.

  44. Forbes data breach (2014)

    In February 2014, the Forbes website succumbed to an attack that leaked over 1 million user accounts. The attack was attributed to the Syrian Electronic Army, allegedly as retribution for a perceived "Hate of Syria".

    Data breachResolved
  45. Tesco data breach (2014)

    In February 2014, over 2,000 Tesco accounts with usernames, passwords and loyalty card balances appeared on Pastebin. Whilst the source of the breach is not clear, many confirmed the credentials were valid for Tesco and indeed they have a history of poor online security.

    Data breachResolved
  46. Coupon Mom / Armor Games data breach (2014)

    In 2014, a file allegedly containing data hacked from Coupon Mom was created and included 11 million email addresses and plain text passwords. On further investigation, the file was also found to contain data indicating it had been sourced from Armor Games.

    Data breachResolved
  47. Cannabis.com data breach (2014)

    In February 2014, the vBulletin forum for the Marijuana site cannabis.com was breached and leaked publicly. Whilst there has been no public attribution of the breach, the leaked data included over 227k accounts and nearly 10k private messages between users of the forum.

    Data breachResolved
  48. Bell (2014 breach) data breach (2014)

    In February 2014, Bell Canada suffered a data breach via the hacker collective known as NullCrew. The breach included data from multiple locations within Bell and exposed email addresses, usernames, user preferences and a number of unencrypted passwords and credit card data from 40,000 records…

  49. Verified data breach (2014)

    In January 2014, one of the largest communities of Eastern Europe cybercriminals known as "Verified" was hacked. The breach exposed nearly 17k users of the vBulletin forum including their personal messages and other potentially personally identifiable information.

    Data breachResolved
  50. Bitcoin Security Forum Gmail Dump data breach (2014)

    In September 2014, a large dump of nearly 5M usernames and passwords was posted to a Russian Bitcoin forum. Whilst commonly reported as 5M "Gmail passwords", the dump also contained 123k yandex.ru addresses.

    Data breachResolved
  51. Korea Credit Bureau card-data theft

    A contractor at the Korea Credit Bureau copied the card and identity data of about 20 million customers of KB Kookmin, Lotte and NH Nonghyup card firms onto a USB drive and sold it — one of the largest financial-data thefts in South Korean history.

  52. WPT Amateur Poker League data breach (2014)

    In January 2014, the World Poker Tour (WPT) Amateur Poker League website was hacked by the Twitter user @smitt3nz. The attack resulted in the public disclosure of 175,000 accounts including 148,000 email addresses. The plain text password for each account was also included in the breach.

    Data breachResolved
  53. HiAPK data breach (2014)

    In approximately 2014, it's alleged that the Chinese Android store known as HIAPK suffered a data breach that impacted 13.8 million unique subscribers. Whilst there is evidence that the data is legitimate, due to the difficulty of emphatically verifying the Chinese breach it has been flagged as…

    Data breachResolved
  54. ReverbNation data breach (2014)

    In January 2014, the online service for assisting musicians to build their careers ReverbNation suffered a data breach which wasn't identified until September the following year. The breach contained over 7 million accounts with unique email addresses and salted SHA1 passwords.

    Data breachResolved
  55. Snapchat data breach (2014)

    In January 2014 just one week after Gibson Security detailed vulnerabilities in the service, Snapchat had 4.6 million usernames and phone number exposed.

    Data breachResolved
  56. ThisHabbo Forum data breach (2014)

    In 2014, the ThisHabbo forum (a fan site for Habbo.com, a Finnish social networking site) appeared among a list of compromised sites which has subsequently been removed from the internet.

    Data breachResolved

2013

32 incidents
  1. Astropid data breach (2013)

    In December 2013, the vBulletin forum for the social engineering site known as "AstroPID" was breached and leaked publicly. The site provided tips on fraudulently obtaining goods and services, often by providing a legitimate "PID" or Product Information Description.

    Data breachResolved
  2. Target POS malware breach

    Attackers entered Target via stolen credentials from an HVAC contractor, pivoted to the payment network, and stole magstripe data on 40 million credit and debit cards plus PII on 70 million customers.

  3. Torrent Invites data breach (2013)

    In December 2013, the torrent site Torrent Invites was hacked and over 352k accounts were exposed. The vBulletin forum contained usernames, email and IP addresses, birth dates and salted MD5 hashes of passwords.

    Data breachResolved
  4. Pixel Federation data breach (2013)

    In December 2013, a breach of the web-based game community based in Slovakia exposed over 38,000 accounts which were promptly posted online. The breach included email addresses and unsalted MD5 hashed passwords, many of which were easily converted back to plain text.

    Data breachResolved
  5. Vodafone data breach (2013)

    In November 2013, Vodafone in Iceland suffered an attack attributed to the Turkish hacker collective "Maxn3y". The data was consequently publicly exposed and included user names, email addresses, social security numbers, SMS message, server logs and passwords from a variety of different internal…

    Data breachResolved
  6. XSplit data breach (2013)

    In November 2013, the makers of gaming live streaming and recording software XSplit was compromised in an online attack. The data breach leaked almost 3M names, email addresses, usernames and hashed passwords.

    Data breachResolved
  7. We Heart It data breach (2013)

    In November 2013, the image-based social network We Heart It suffered a data breach. The incident wasn't discovered until October 2017 when 8.6 million user records were sent to HIBP.

    Data breachResolved
  8. Mecho Download data breach (2013)

    In October 2013, the (now defunct) downloads website "Mecho Download" suffered a data breach that exposed 438k records. Data from the vBulletin based website included email and IP addresses, usernames and passwords stored as salted MD5 hashes.

    Data breachResolved
  9. Adobe data breach (2013)

    Attackers stole roughly 153 million Adobe account records — IDs, emails, weakly encrypted passwords and plaintext password hints — along with source code for several Adobe products, in one of the largest software-company breaches on record.

  10. iMesh data breach (2013)

    In September 2013, the media and file sharing client known as iMesh was hacked and approximately 50M accounts were exposed. The data was later put up for sale on a dark market website in mid-2016 and included email and IP addresses, usernames and salted MD5 hashes.

    Data breachResolved
  11. Crack Community data breach (2013)

    In late 2013, the Crack Community forum specialising in cracks for games was compromised and over 19k accounts published online. Built on the MyBB forum platform, the compromised data included email addresses, IP addresses and salted MD5 passwords.

    Data breachResolved
  12. Win7Vista Forum data breach (2013)

    In September 2013, the Win7Vista Windows forum (since renamed to the "Beyond Windows 9" forum) was hacked and later had its internal database dumped. The dump included over 200k members’ personal information and other internal data extracted from the forum.

    Data breachResolved
  13. imgur data breach (2013)

    In September 2013, the online image sharing community imgur suffered a data breach. A selection of the data containing 1.7 million email addresses and passwords surfaced more than 4 years later in November 2017.

  14. Yatra data breach (2013)

    In September 2013, the Indian bookings website known as Yatra had 5 million records exposed in a data breach. The data contained email and physical addresses, dates of birth and phone numbers along with both PINs and passwords stored in plain text.

    Data breachResolved
  15. DragonNest data breach (2013)

    In August 2013, the massively multiplayer online role-playing game (MMORGP) DragonNest suffered a data breach that was later redistributed as part of a larger corpus of data. The breach exposed over 500k unique email addresses along with usernames, IP addresses and plain text passwords.

    Data breachResolved
  16. Evite data breach (2013)

    An archived 2013 database from social-invitations site Evite was accessed by an attacker and later traded online, exposing roughly 101 million unique email addresses along with names, phone numbers, postal addresses, dates of birth and plaintext passwords.

  17. Lord of the Rings Online data breach (2013)

    In August 2013, the interactive video game Lord of the Rings Online suffered a data breach that exposed over 1.1M players' accounts. The data was being actively traded on underground forums and included email addresses, birth dates and password hashes.

    Data breachResolved
  18. Lounge Board data breach (2013)

    At some point in 2013, 45k accounts were breached from the Lounge Board "General Discussion Forum" and then dumped publicly. Lounge Board was a MyBB forum launched in 2012 and discontinued in mid 2013 (the last activity in the logs was from August 2013).

    Data breachResolved
  19. OwnedCore data breach (2013)

    In approximately August 2013, the World of Warcraft exploits forum known as OwnedCore was hacked and more than 880k accounts were exposed. The vBulletin forum included IP addresses and passwords stored as salted hashes using a weak implementation enabling many to be rapidly cracked.

    Data breachResolved
  20. Nexus Mods data breach (2013)

    In December 2015, the game modding site Nexus Mods released a statement notifying users that they had been hacked. They subsequently dated the hack as having occurred in July 2013 although there is evidence to suggest the data was being traded months in advance of that.

    Data breachResolved
  21. Yam data breach (2013)

    In June 2013, the Taiwanese website Yam.com suffered a data breach which was shared to a popular hacking forum in 2021. The data included 13 million unique email addresses alongside names, usernames, phone numbers, physical addresses, dates of birth and unsalted MD5 password hashes.

    Data breachResolved
  22. Badoo data breach (2013)

    A dataset attributed to the dating and social network Badoo exposed roughly 112 million unique email addresses along with names, birthdates and MD5 password hashes; the data surfaced among traders in 2016 and remains formally unverified.

  23. AhaShare.com data breach (2013)

    In May 2013, the torrent site AhaShare.com suffered a breach which resulted in more than 180k user accounts being published publicly. The breach included a raft of personal information on registered users plus despite assertions of not distributing personally identifiable information, the site also…

    Data breachResolved
  24. Non Nude Girls data breach (2013)

    In May 2013, the non-consensual voyeurism site "Non Nude Girls" suffered a data breach. The hack of the vBulletin forum led to the exposure of over 75k accounts along with email and IP addresses, names and plain text passwords.

    Data breachResolved
  25. Neopets data breach (2013)

    In May 2016, a set of breached data originating from the virtual pet website "Neopets" was found being traded online. Allegedly hacked "several years earlier", the data contains sensitive personal information including birthdates, genders and names as well as almost 27 million unique email…

    Data breachResolved
  26. Dungeons & Dragons Online data breach (2013)

    In April 2013, the interactive video game Dungeons & Dragons Online suffered a data breach that exposed almost 1.6M players' accounts. The data was being actively traded on underground forums and included email addresses, birth dates and password hashes.

    Data breachResolved
  27. Brazzers data breach (2013)

    In April 2013, the adult website known as Brazzers was hacked and 790k accounts were exposed publicly. Each record included a username, email address and password stored in plain text. The breach was brought to light by the Vigilante.pw data breach reporting site in September 2016.

    Data breachResolved
  28. Tumblr data breach (2013)

    A 2013 intrusion at the blogging platform Tumblr exposed roughly 65 million email addresses and salted SHA-1 password hashes; the scale only became public in 2016 when the data surfaced for sale on dark-web markets.

  29. Heroes of Gaia data breach (2013)

    In early 2013, the online fantasy multiplayer game Heroes of Gaia suffered a data breach. The newest records in the data set indicate a breach date of 4 January 2013 and include usernames, IP and email addresses but no passwords.

    Data breachResolved
  30. FaceUP data breach (2013)

    In 2013, the Danish social media site FaceUP suffered a data breach. The incident exposed 87k unique email addresses alongside genders, dates of birth, names, phone numbers and passwords stored as unsalted MD5 hashes.

  31. JD data breach (2013)

    In 2013 (exact date unknown), the Chinese e-commerce service JD suffered a data breach that exposed 13GB of data containing 77 million unique email addresses. The data also included usernames, phone numbers and passwords stored as SHA-1 hashes.

  32. OMGPOP data breach (2013)

    In approximately 2013, the maker of the Draw Something game OMGPOP suffered a data breach. Formerly known as i'minlikewithyou or iilwy and later purchased by Zynga, the breach exposed over 7M email address and plain text password pairs which were later leaked in 2019.

    Data breachResolved

2012

22 incidents
  1. Heroes of Newerth data breach (2012)

    In December 2012, the multiplayer online battle arena game known as Heroes of Newerth was hacked and over 8 million accounts extracted from the system. The compromised data included usernames, email addresses and passwords.

    Data breachResolved
  2. BookCrossing data breach (2012)

    In August 2022, the book social networking site BookCrossing disclosed a data breach that dated back to a database backup from November 2012. The incident exposed almost 1.6M records including names, usernames, email and IP addresses, dates of birth and plain text passwords.

    Data breachResolved
  3. Netlog data breach (2012)

    In July 2018, the Belgian social networking site Netlog identified a data breach of their systems dating back to November 2012 (PDF). Although the service was discontinued in 2015, the data breach still impacted 49 million subscribers for whom email addresses and plain text passwords were exposed.

  4. Lookbook data breach (2012)

    In August 2012, the fashion site Lookbook suffered a data breach. The data later appeared listed for sale in June 2016 and included 1.1 million usernames, email and IP addresses, birth dates and plain text passwords.

    Data breachResolved
  5. Saudi Aramco Shamoon wiper

    Iranian-attributed Shamoon wiper destroyed data on roughly 30,000 Saudi Aramco workstations on a single day, taking the world's largest oil company's IT estate offline for two weeks. The first major Iranian retaliatory cyber operation.

  6. The Botting Network data breach (2012)

    In August 2012, the forum for making money with botting "The Botting Network" suffered a data breach that exposed 96k user records. The now defunct vBulletin forum leaked 96k email addresses, usernames, dates of birth and salted MD5 password hashes.

    Data breachResolved
  7. Gauss banking-espionage malware against Lebanese banks

    Gauss, a nation-state cyber-surveillance toolkit related to Flame and Stuxnet, infected over 2,500 systems — most heavily in Lebanon — and was the first publicly known state-sponsored malware engineered to steal online-banking credentials from specific Lebanese banks.

  8. Xiaomi data breach (2012)

    In August 2012, the Xiaomi user forum website suffered a data breach. In all, 7 million email addresses appeared in the breach although a significant portion of them were numeric aliases on the bbs_ml_as_uid.xiaomi.com domain.

  9. Yahoo data breach (2012)

    In July 2012, Yahoo! had their online publishing service "Voices" compromised via a SQL injection attack. The breach resulted in the disclosure of nearly half a million usernames and passwords stored in plain text.

    Data breachResolved
  10. War Inc. data breach (2012)

    In mid-2012, the real-time strategy game War Inc. suffered a data breach. The attack resulted in the exposure of over 1 million accounts including usernames, email addresses and salted MD5 hashes of passwords.

    Data breachResolved
  11. Disqus data breach (2012)

    In October 2017, the blog commenting service Disqus announced they'd suffered a data breach. The breach dated back to July 2012 but wasn't identified until years later when the data finally surfaced. The breach contained over 17.5 million unique email addresses and usernames.

    Data breachResolved
  12. Dropbox data breach (2012)

    A reused employee password — harvested from the 2012 LinkedIn breach — let an attacker steal a database of about 68 million Dropbox user credentials, which surfaced for sale on the dark web four years later.

  13. League of Legends data breach (2012)

    In June 2012, the multiplayer online game League of Legends suffered a data breach. At the time, the service had more than 32 million registered accounts and the breach affected various personal data attributes including "encrypted" passwords.

    Data breachResolved
  14. LinkedIn password breach

    A 2012 intrusion into LinkedIn exposed user passwords stored as unsalted SHA-1 hashes. Initially reported as 6.5 million credentials, the full scope of 117 million accounts only emerged in 2016 when the data surfaced for sale on the dark web.

  15. WHMCS data breach (2012)

    In May 2012, the web hosting, billing and automation company WHMCS suffered a data breach that exposed 134k email addresses. The breach included extensive information about customers and payment histories including partial credit card numbers.

    Data breachResolved
  16. Last.fm data breach (2012)

    The music platform Last.fm was hacked in March 2012, exposing more than 43 million accounts with usernames, email addresses and unsalted MD5 password hashes; over 96% of passwords were cracked within hours once the data surfaced in 2016.

  17. JobStreet data breach (2012)

    In October 2017, the Malaysian website lowyat.net ran a story on a massive set of breached data affecting millions of Malaysians after someone posted it for sale on their forums.

    Data breachResolved
  18. Gamigo data breach (2012)

    In March 2012, the German online game publisher Gamigo was hacked and more than 8 million accounts publicly leaked. The breach included email addresses and passwords stored as weak MD5 hashes with no salt.

    Data breachResolved
  19. YouPorn data breach (2012)

    In February 2012, the adult website YouPorn had over 1.3M user accounts exposed in a data breach. The publicly released data included both email addresses and plain text passwords.

    Data breachResolved
  20. 126 data breach (2012)

    In approximately 2012, it's alleged that the Chinese email service known as 126 suffered a data breach that impacted 6.4 million subscribers. Whilst there is evidence that the data is legitimate, due to the difficulty of emphatically verifying the Chinese breach it has been flagged as "unverified".

    Data breachResolved
  21. Taobao data breach (2012)

    In approximately 2012, it's alleged that the Chinese shopping site known as Taobao suffered a data breach that impacted over 21 million subscribers. Whilst there is evidence that the data is legitimate, due to the difficulty of emphatically verifying the Chinese breach it has been flagged as…

    Data breachResolved
  22. VK data breach (2012)

    Russia's largest social network VK was compromised around 2012, exposing roughly 93 million accounts with names, phone numbers, email addresses and plaintext passwords. The data surfaced for sale in 2016 via the broker 'Peace'.

2011

22 incidents
  1. 17173 data breach (2011)

    In late 2011, a series of data breaches in China affected up to 100 million users, including 7.5 million from the gaming site known as 17173. Whilst there is evidence that the data is legitimate, due to the difficulty of emphatically verifying the Chinese breach it has been flagged as "unverified".

    Data breachResolved
  2. RuneScape Boards data breach (2011)

    In around 2011, the now defunct RuneScape Boards forum (also known as RSBoards) suffered a data breach that was later redistributed as part of a larger corpus of data. The vBulletin-based service exposed 223k unique email addresses along with usernames, IP addresses and salted MD5 password hashes.

    Data breachResolved
  3. Tianya data breach (2011)

    In December 2011, China's largest online forum known as Tianya was hacked and tens of millions of accounts were obtained by the attacker. The leaked data included names, usernames and email addresses.

  4. Stratfor data breach (2011)

    In December 2011, "Anonymous" attacked the global intelligence company known as "Stratfor" and consequently disclosed a veritable treasure trove of data including hundreds of gigabytes of email and tens of thousands of credit card details which were promptly used by the attackers to make charitable…

    Data breachResolved
  5. China Software Developer Network data breach (2011)

    In 2011, the China Software Developer Network (CSDN) suffered a data breach that exposed over 6M user records. The data included email addresses alongside usernames and plain text passwords.

    Data breachResolved
  6. hemmelig.com data breach (2011)

    In December 2011, Norway's largest online sex shop hemmelig.com was hacked by a collective calling themselves "Team Appunity". The attack exposed over 28,000 usernames and email addresses along with nicknames, gender, year of birth and unsalted MD5 password hashes.

    Data breachResolved
  7. Zhenai.com data breach (2011)

    In December 2011, the Chinese dating site known as Zhenai.com suffered a data breach that impacted 5 million subscribers. Whilst there is evidence that the data is legitimate, due to the difficulty of emphatically verifying the Chinese breach it has been flagged as "unverified".

    Data breachResolved
  8. Dodonew.com data breach (2011)

    In late 2011, data was allegedly obtained from the Chinese website known as Dodonew.com and contained 8.7M accounts. Whilst there is evidence that the data is legitimate, due to the difficulty of emphatically verifying the Chinese breach it has been flagged as "unverified".

    Data breachResolved
  9. Android Forums data breach (2011)

    In October 2011, the Android Forums website was hacked and 745k user accounts were subsequently leaked publicly. The compromised data included email addresses, user birth dates and passwords stored as a salted MD5 hash.

    Data breachResolved
  10. DigiNotar certificate authority compromise

    An intruder gained total control of Dutch certificate authority DigiNotar, issuing more than 500 fraudulent SSL certificates — including a wildcard for *.google.com used to wiretap some 300,000 Iranian Gmail users — and triggering the company's collapse.

  11. SK Communications (Nate / Cyworld) breach

    Hackers using a poisoned software-update channel stole the personal data of about 35 million Nate and Cyworld users — names, resident-registration numbers, phone numbers and encrypted passwords — in what was then South Korea's largest data breach.

  12. Civil Online data breach (2011)

    In mid-2011, data was allegedly obtained from the Chinese engineering website known as Civil Online and contained 7.8M accounts. Whilst there is evidence that the data is legitimate, due to the difficulty of emphatically verifying the Chinese breach it has been flagged as "unverified".

    Data breachResolved
  13. Battlefield Heroes data breach (2011)

    In June 2011 as part of a final breached data dump, the hacker collective "LulzSec" obtained and released over half a million usernames and passwords from the game Battlefield Heroes.

    Data breachResolved
  14. hackforums.net data breach (2011)

    In June 2011, the hacktivist group known as "LulzSec" leaked one final large data breach they titled "50 days of lulz". The compromised data came from sources such as AT&T, Battlefield Heroes and the hackforums.net website.

    Data breachResolved
  15. Sony data breach (2011)

    In 2011, Sony suffered breach after breach after breach — it was a very bad year for them. The breaches spanned various areas of the business ranging from the PlayStation network all the way through to the motion picture arm, Sony Pictures.

    Data breachResolved
  16. Dangdang data breach (2011)

    In 2011, the Chinese e-commerce site Dangdang suffered a data breach. The incident exposed over 4.8 million unique email addresses which were subsequently traded online over the ensuing years.

    Data breachResolved
  17. QIP data breach (2011)

    In mid-2011, the Russian instant messaging service known as QIP (Quiet Internet Pager) suffered a data breach. The attack resulted in the disclosure of over 26 million unique accounts including email addresses and passwords with the data eventually appearing in public years later.

  18. Sony PlayStation Network breach

    Intruders penetrated Sony's PlayStation Network and Qriocity, compromising personal data on roughly 77 million accounts and forcing a 23-day global outage — one of the largest consumer data breaches of its time.

  19. RSA SecurID seed compromise

    A spear-phishing email carrying a Flash zero-day gave attackers a foothold inside RSA, from which they exfiltrated data tied to the SecurID two-factor authentication system — data later used in an intrusion attempt against Lockheed Martin.

  20. Fling data breach (2011)

    In 2011, the self-proclaimed "World's Best Adult Social Network" website known as Fling was hacked and more than 40 million accounts obtained by the attacker.

    Data breachResolved
  21. 7k7k data breach (2011)

    In approximately 2011, it's alleged that the Chinese gaming site known as 7k7k suffered a data breach that impacted 9.1 million subscribers. Whilst there is evidence that the data is legitimate, due to the difficulty of emphatically verifying the Chinese breach it has been flagged as "unverified".

    Data breachResolved
  22. Duowan.com data breach (2011)

    In approximately 2011, data was allegedly obtained from the Chinese gaming website known as Duowan.com and contained 2.6M accounts. Whilst there is evidence that the data is legitimate, due to the difficulty of emphatically verifying the Chinese breach it has been flagged as "unverified".

    Data breachResolved

2010

5 incidents
  1. Gawker data breach (2010)

    In December 2010, Gawker was attacked by the hacker collective "Gnosis" in retaliation for what was reported to be a feud between Gawker and 4Chan. Information about Gawkers 1.3M users was published along with the data from Gawker's other web presences including Gizmodo and Lifehacker.

    Data breachResolved
  2. Paddy Power data breach (2010)

    In October 2010, the Irish bookmaker Paddy Power suffered a data breach that exposed 750,000 customer records with nearly 600,000 unique email addresses.

    Data breachResolved
  3. Stuxnet (Operation Olympic Games)

    U.S. and Israeli intelligence services jointly developed and deployed Stuxnet — the first widely-known cyber weapon to cause physical damage. The worm targeted Iran's Natanz uranium enrichment facility and destroyed approximately 1,000 IR-1 centrifuges over 2009–2010.

    WiperResolvedIran$100.0M
  4. Neteller data breach (2010)

    In May 2010, the e-wallet service known as Neteller suffered a data breach which exposed over 3.6M customers. The breach was not discovered until October 2015 and included names, email addresses, home addresses and account balances.

    Data breachResolved
  5. DivX SubTitles data breach (2010)

    In approximately 2010, the now defunct website DivX SubTitles suffered a data breach that exposed 783k user accounts including email addresses, usernames and plain text passwords.

    Data breachResolved

2009

3 incidents
  1. Heartland Payment Systems card breach

    An SQL-injection foothold let Albert Gonzalez's crew plant sniffer malware inside Heartland's payment-processing network, capturing roughly 130 million card numbers in transit — at the time the largest card-data breach ever disclosed.

  2. Elance data breach (2009)

    Sometime in 2009, staffing platform Elance suffered a data breach that impacted 1.3 million accounts. Appearing online 8 years later, the data contained usernames, email addresses, phone numbers and SHA1 hashes of passwords, amongst other personal data.

    Data breachResolved
  3. Money Bookers data breach (2009)

    Sometime in 2009, the e-wallet service known as Money Bookers suffered a data breach which exposed almost 4.5M customers. Now called Skrill, the breach was not discovered until October 2015 and included names, email addresses, home addresses and IP addresses.

    Data breachResolved

2008

2 incidents
  1. Baby Names data breach (2008)

    In approximately 2008, the site to help parents name their children known as Baby Names suffered a data breach. The incident exposed 846k email addresses and passwords stored as salted MD5 hashes.

    Data breachResolved
  2. Foxy Bingo data breach (2008)

    In April 2007, the online gambling site Foxy Bingo was hacked and 252,000 accounts were obtained by the hackers. The breached records were subsequently sold and traded and included personal information data such as plain text passwords, birth dates and home addresses.

    Data breachResolved

2007

3 incidents
  1. gPotato data breach (2007)

    In July 2007, the multiplayer game portal known as gPotato (link to archive of the site at that time) suffered a data breach and over 2 million user accounts were exposed. The site later merged into the Webzen portal where the original accounts still exist today.

    Data breachResolved
  2. 2007 cyberattacks on Estonia

    A three-week wave of distributed denial-of-service attacks crippled Estonian government, banking, and media websites amid a dispute with Russia, becoming the first cyber assault on an entire nation-state and the birthplace of NATO's cyber-defence doctrine.

  3. TJX Companies (T.J. Maxx) card breach

    Attackers led by Albert Gonzalez sniffed weakly-encrypted in-store Wi-Fi at a Marshalls outlet and pivoted to TJX's central systems, exfiltrating an estimated 94 million payment-card records over an 18-month intrusion — the largest U.S. retail data breach of its era.