Skip to content

Incidents from

2024

RansomwareUnknown

Leak at Cogitis

On 31 December 2024, the DragonForce ransomware gang listed Cogitis โ€” a French inter-municipal IT syndicate serving local authorities โ€” on its leak site, claiming around 81 GB of exfiltrated data including internal files and personal data tied to the public bodies it supports.

Victim
Cogitis
RansomwareContained

Leak at Atos

On 28 December 2024, the Space Bears ransomware group claimed to have compromised an Atos database; the French IT giant investigated and concluded its own systems were not breached, attributing the leaked Atos-related data to a compromised external third-party infrastructure.

Victim
Atos
RansomwareOngoing

Leak at Arsoรฉ

A ransomware attack disclosed in late December 2024 crippled Arsoรฉ de Soual, the agricultural IT provider hosting livestock-management software for ~30,000 farmers across some 22 French departments; systems were encrypted and a ransom demanded, with no data exfiltration detected.

Victim
Arsoรฉ
Data breachContained

Data leak at Volkswagen

A misconfigured Amazon cloud storage system run by Volkswagen software subsidiary Cariad exposed data on about 800,000 EV owners across VW, Audi, Seat and Skoda, including contact details and precise vehicle location data for roughly 466,000 cars.

Victim
Volkswagen
Records
800.0K
Data breachinvestigating

Movistar Peru data leak

A database containing roughly 22 million records on Movistar Peru customers โ€” DNI numbers, names, birth dates, and addresses collected between 2016 and 2018 โ€” circulated freely on hacking forums over the December holiday break.

Victim
Movistar Peru (Telefรณnica del Perรบ)
Records
22.0M
RansomwareOngoing

Leak at Peugeot

In December 2024, the ransomware-as-a-service group Cicada 3301 claimed to have stolen 40 GB of data from Peugeot dealerships (mainly in Lot-et-Garonne, France), including customer ID documents, VINs and vehicle inventory data, threatening to publish it by 6 January 2025.

Victim
Peugeot
Supply chainContained

Leak at Cyberhaven

On 25 Dec 2024, data-security firm Cyberhaven's Chrome extension was hijacked via a phishing attack and pushed a malicious update that exfiltrated cookies and session tokens from roughly 400,000 users over a 24-hour window.

Victim
Cyberhaven
Data breachResolved

Speedio data breach (2024)

In December 2024, data alleged to have been taken from the Brazilian lead generation platform Speedio was posted for sale to a popular hacking forum. The data was allegedly obtained from an unsecured Elasticsearch instance and contained over 62M records of largely public business informationโ€ฆ

Victim
Speedio
Records
27.5M
Data breachUnknown

Leak at Go Sport

In December 2024, French sporting-goods retailer Go Sport was named in dark-web claims of a customer data leak; the alleged fresh breach was debunked, with the data tracing back to a 'go-sport.com' file in an earlier compilation of past French breaches.

Victim
Go Sport
Data breachResolved

Data leak at Sport 2000

Customer database of French sporting-goods retailer Sport 2000 โ€” covering roughly 4.3 million people โ€” was stolen and circulated on hacking forums and the dark web, exposing names, contact details, dates of birth and purchase history.

Victim
Sport 2000
Records
4.4M
Data breachUnknown

Data leak at Wakanim

Wakanim user data surfaced in a misconfigured, publicly accessible ElasticSearch server hoarding ~95 million records from 17 past French breaches, exposing names, emails, postal and IP addresses and phone numbers.

Victim
Wakanim
Data breachResolved

BitView data breach (2024)

In December 2024, the video sharing Community BitView suffered a data breach that exposed 63k customer records. Attributed to a backup taken by a previous administrator earlier in the year, the breach exposed email and IP addresses, bcrypt password hashes, usernames, bios, private messages, videoโ€ฆ

Victim
BitView
Records
63.1K
Data breachContained

Data leak at Top Achat

On 12 December 2024, French PC-hardware e-tailer Top Achat (LDLC group) disclosed a breach exposing customer names, email and postal addresses; no passwords or payment data were affected. The intrusion was linked to an earlier compromise at parent company LDLC.

Victim
Top Achat
Data breachResolved

Young Living Essential Oils data breach (2024)

In December 2024, data claimed to be breached from the multi-level marketing company Young Living Essential Oils was posted to a popular hacking forum. The data contained 1.1M unique email addresses alongside names, the country of the account and in many cases, their date of birth.

Victim
Young Living Essential Oils
Records
1.1M
Data breachOngoing

Leak at LDLC

On 10 December 2024, French high-tech e-commerce retailer LDLC disclosed a data breach exposing personal data (names, email addresses, phone numbers) of both its online and in-store customers โ€” potentially several million people โ€” though it stated no financial or sensitive data was affected.

Victim
LDLC
RansomwareUnknown

Leak at Deloitte

On 4 December 2024, the Brain Cipher ransomware group publicly claimed to have stolen over 1 TB of data from Deloitte UK; Deloitte said the allegations related to a single client's system outside its own network and that no Deloitte systems were impacted.

Victim
Deloitte
Data breachContained

Leak at Guy Demarle

French bakeware and kitchenware brand Guy Demarle disclosed in December 2024 that a cyberattack had copied part of its customer database, exposing names, postal addresses, email addresses and phone numbers; passwords and banking data were not affected.

Victim
Guy Demarle
Data breachContained

Leak at Norauto

On 2 December 2024, French automotive retailer Norauto disclosed a cyberattack on its vehicle-rental service that exposed personal data of about 78,000 customers, including names, contact details and, in some cases, ID-document numbers; the dataset was put up for sale on BreachForums.

Victim
Norauto
Records
78.0K
RansomwareResolved

RECOPE RansomHub ransomware attack

RansomHub ransomware forced Costa Rica's state oil refiner RECOPE to switch its entire fuel-distribution network to manual operations, triggering the first real-world deployment of the U.S. State Department's FALCON cyber-response program.

Victim
Refinadora Costarricense de Petrรณleo (RECOPE)
Data breachUnknown

Data leak at Ze Camping

On 27 November 2024, a database from French camping-holiday booking platform Ze Camping (ze-camping.fr) covering 2014-2024 was advertised for sale on a darknet forum, exposing some 1.6 million records including names, logins, hashed passwords, dates of birth, phone numbers and postal addresses.

Victim
Ze Camping
Records
1.6M
Data breachUnknown

Leak at JVS

On 26 November 2024, a dataset of user-account records tied to JVS-Mairistem โ€” a leading French software vendor for municipalities and local authorities โ€” was reported leaked, exposing names, email addresses, logins, phone numbers and the associated local authority.

Victim
JVS
Data breachOngoing

Data leak at SFR

On 24 November 2024, a threat actor advertised a leak of personal data on 3.6 million customers of French telecom operator SFR โ€” names, postal and email addresses, dates of birth and phone numbers โ€” plus 150,000 IBANs offered for separate sale on the dark web.

Victim
SFR
Records
3.6M
Data breachContained

Leak at Banque de France

On 23 November 2024, the threat actor Near2tlg advertised data allegedly stolen from France's central bank; the Banque de France denied any compromise of its secure systems, acknowledging only brief unauthorized access to an HR extranet with no sensitive data exposed.

Victim
Banque de France
Data breachResolved

Senior Dating data breach (2024)

In 2024, the 40+ dating website Senior Dating suffered a data breach. Attributed to an exposed Firebase database, the breach included extensive personal information on 766k users of the service including email addresses, photos, genders, links to Facebook accounts, dates of birth and preciseโ€ฆ

Victim
Senior Dating
Records
765.5K
RansomwareContained

Leak at Chambres d'agriculture

In November 2024, the Chambres d'agriculture d'Occitanie โ€” France's regional public chambers of agriculture โ€” were hit by a malware/ransomware-type cyberattack that spread across their interconnected national network and rendered the workstations of roughly 1,000 regional staff unusable.

Victim
Chambres d'agriculture
Data breachResolved

Yonรฉma data breach (2024)

In November 2024, data from the Senegalese payment platform Yonรฉma was posted to a popular hacking forum. The data included 36k unique email addresses alongside phone numbers, names and what appears to be encrypted passwords and dates of birth.

Victim
Yonรฉma
Records
36.0K
Data breachContained

Leak at Auchan

On 19 November 2024, French retailer Auchan disclosed a breach of its loyalty programme exposing the personal data of more than 500,000 customers โ€” names, contact details, dates of birth, family composition and loyalty-card/balance information; no bank data or passwords were affected.

Victim
Auchan
Records
500.0K
Data breachContained

Leak at Direct Assurance

In November 2024, French online insurer Direct Assurance was breached via a compromised employee account, exposing personal data of roughly 15,000 clients and prospects โ€” including the IBAN/RIB banking details of about 5,800 of them โ€” later offered for sale online.

Victim
Direct Assurance
Records
15.0K
Data breachContained

Leak at Mediboard

On 19 Nov 2024 a threat actor put the records of ~758,912 patients of French healthcare provider Alรฉo Santรฉ โ€” extracted via a compromised privileged account on the Mediboard patient-record platform โ€” up for sale on BreachForums, exposing identities, contact details and sensitive medical data.

Victim
Mediboard
Records
758.9K
Data breachResolved

FlipaClip data breach (2024)

In November 2024, the animation app FlipaClip suffered a data breach that exposed almost 900k records due to an exposed Firebase server. The impacted data included name, email address, country and date of birth. FlipaClip advised the issue has since been rectified.

Victim
FlipaClip
Records
892.9K
Supply chainContained

Leak at Le Point

On 18 November 2024, French news magazine Le Point disclosed a breach traced to a compromised subscriber-management subcontractor, exposing the names, postal/email addresses and phone numbers of an estimated 900,000 current and former readers.

Victim
Le Point
Data breachResolved

The Real World data breach (2024)

In November 2024, the online course founded by Andrew Tate known as "The Real World" (previously "Hustler's University" suffered a data breach that exposed almost 325k users of the platform. The impacted data was limited to usernames, email addresses and chat logs.

Victim
The Real World
Records
324.4K
Data breachResolved

PoinCampus data breach (2024)

In November 2024, the South Korean education platform PoinCampus suffered a data breach which was later published to a popular hacking forum. The data included 89k unique email addresses, names and a small number of phone numbers and dates of birth.

Victim
PoinCampus
Records
89.1K
Data breachContained

Leak at Molotov

Around 13 November 2024, French streaming TV service Molotov disclosed a data breach exposing roughly 10.8 million email addresses, along with the names and dates of birth of users who had supplied them; no passwords or banking data were affected.

Victim
Molotov
Records
10.8M
Credential stuffingContained

Leak at Picard

On 12 November 2024, French frozen-food retailer Picard disclosed a credential-stuffing attack that compromised the loyalty accounts of around 45,000 customers, exposing personal and loyalty-programme data; no banking data was affected and the company notified the CNIL.

Victim
Picard
Records
45.0K
Data breachResolved

Tibber data breach (2024)

In November 2024, the German electricity provider Tibber suffered a data breach that exposed the personal information of 50k customers. The data included names, email addresses, geographic locations (city and postcode) and total spend on purchases.

Victim
Tibber
Records
50.0K
Data breachResolved

1win data breach (2024)

In November 2024, the online betting platform 1win suffered a data breach that exposed 96M users. The exposed data included email and IP addresses, phone numbers, dates of birth, country and SHA-256 password hashes.

Victim
1win
Records
96.2M
Data breachinvestigating

RENIEC Peru citizen data leak

A threat actor advertised a database said to hold around 37 million records from Peru's national identity registry RENIEC, including DNI numbers, names, birth data, and addresses; RENIEC disputed that its systems were breached.

Victim
RENIEC (Registro Nacional de Identificaciรณn y Estado Civil)
Records
37.0M
Data breachResolved

Interbank Peru data breach

After a two-week extortion negotiation collapsed, a threat actor known as kzoldyck leaked 3.7 TB of data on roughly 3 million Interbank customers, including names, DNI numbers, card data, and plaintext credentials.

Victim
Interbank (Banco Internacional del Perรบ)
Records
3.3M
Data breachResolved

SuperDraft data breach (2024)

In October 2024, the fantasy sports platform SuperDraft suffered a data breach that exposed over 300k customer records. The breach contained 24GB of data including email addresses, usernames, purchases, latitudes and longitudes, dates of birth and bcrypt password hashes.

Victim
SuperDraft
Records
300.2K
Data breachContained

Leak at Free

In late October 2024, French ISP Free (Iliad group) disclosed a breach after attackers accessed an internal management tool, exposing subscriber identity and contact data plus around 5.1 million IBANs; the stolen data was later auctioned and sold online.

Victim
Free
Records
5.2M
Data breachContained

Leak at Ornikar

In late October 2024, French online driving school Ornikar disclosed a breach after an attacker offered a database of up to 4.2 million customer accounts for sale, exposing names, dates of birth, email and postal addresses, and phone numbers; bank data and passwords were unaffected.

Victim
Ornikar
Records
4.2M
Data breachResolved

Hot Topic data breach (2024)

In October 2024, retailer Hot Topic suffered a data breach that exposed 57 million unique email addresses. The impacted data also included physical addresses, phone numbers, purchases, genders, dates of birth and partial credit data containing card type, expiry and last 4 digits.

Victim
Hot Topic
Records
56.9M
Data breachResolved

Earth 2 data breach (2024)

In October 2024, 421k unique email addresses from the virtual earth game Earth 2 were derived from embedded Gravatar images. Appearing alongside player usernames, the root cause was related to how Gravatar presents links to avatars as MD5 hashes within consuming services, a feature Earth 2 advisedโ€ฆ

Victim
Earth 2
Records
421.0K
Data breachResolved

The Club Penguin Experience data breach (2024)

In October 2024, The Club Penguin Experience (TCPE) suffered a data breach. The incident exposed over 6k subscribers' email addresses alongside usernames, age groups, passwords stored as bcrypt hashes and in some cases, plain text password hints.

Victim
The Club Penguin Experience
Records
6.3K
EspionageContained

Salt Typhoon US telecom espionage campaign (2024)

China-linked Salt Typhoon infiltrated at least nine U.S. telecom providers โ€” Verizon, AT&T, T-Mobile, Spectrum, Lumen, Consolidated, Windstream โ€” including the CALEA lawful-intercept systems used for court-authorised wiretaps. Metadata for over a million users was exposed; the U.S. Treasury sanctioned a linked PRC contractor.

Victim
U.S. telecommunications providers (Verizon, AT&T, T-Mobile, Spectrum, Lumen, Consolidated Communications, Windstream)
Data breachResolved

Switch data breach (2024)

In October 2024, the Hungarian IT headhunting service Switch inadvertently exposed thousands of customer records via a public GitHub repository. The exposed data contained job applications with names, email addresses and in some cases, commentary on the applicant.

Victim
Switch
Records
5.4K
Data breachContained

Leak at Meilleurtaux

In late September 2024, French credit and insurance broker Meilleurtaux disclosed that an external attack on its IT systems had exposed sensitive personal data of customers, including names, contact details, dates of birth, family situation, income and employment status.

Victim
Meilleurtaux
Data breachResolved

French Citizens data breach (2024)

In September 2024, over 90M rows of data on French Citizens was found left exposed in a publicly facing database. Compiled from various data breaches, the corpus contained 28M unique email addresses with the various source breaches each exposing different fields including name, physical and IPโ€ฆ

Victim
French Citizens
Records
28.4M
Data breachContained

Leak at RED by SFR

In September 2024, RED by SFR โ€” the low-cost mobile brand of French telecom SFR โ€” disclosed a breach affecting several tens of thousands of recent customers, exposing names, contact details, IBANs, and SIM/handset identifiers after attackers accessed an order-management tool.

Victim
RED by SFR
Data breachResolved

Muah.AI data breach (2024)

In September 2024, the "AI girlfriend" website Muah.AI suffered a data breach. The breach exposed 1.9M email addresses alongside prompts to generate AI-based images. Many of the prompts were highly sexual in nature, with many also describing child exploitation scenarios.

Victim
Muah.AI
Records
1.9M
Data breachContained

Leak at Assurance retraite

On 13 September 2024, France's Assurance retraite (Cnav) disclosed a breach of its PPAS social-action partner portal, exposing data on about 370,000 pension beneficiaries including names, addresses, social security numbers and approximate income.

Victim
Assurance retraite (French pension fund)
Records
370.0K
Supply chainContained

Leak at Cybertek

On 12 September 2024, French computer-hardware retailer Cybertek disclosed a customer data breach stemming from a compromised shared IT provider, exposing names, email and postal addresses and phone numbers; passwords and payment data were not affected.

Victim
Cybertek
Data breachResolved

Instituto Nacional de Deportes de Chile data breach (2024)

In September 2024, the Instituto Nacional de Deportes de Chile (Chile's National Sports Institute) suffered a data breach. The incident exposed 1.7M rows of data with 320k unique email addresses alongside names, dates of birth, genders and bcrypt password hashes.

Victim
Instituto Nacional de Deportes de Chile
Records
319.6K
Supply chainContained

Leak at Cultura

On 10 September 2024, French cultural-goods retailer Cultura disclosed that a breach at a shared third-party IT provider exposed the personal data of about 1.5 million customers, including names, contact details and order history; passwords and bank data were not affected.

Victim
Cultura
Records
1.5M
Supply chainContained

Leak at Boulanger

On the night of 6-7 September 2024, French electronics retailer Boulanger suffered a data breach traced to a shared third-party delivery/IT provider, exposing the names, postal and email addresses and phone numbers of several hundred thousand customers; no banking data was affected.

Victim
Boulanger
Data breachResolved

MC2 Data data breach (2024)

In August 2024, data aggregator MC2 Data left a database publicly accessible without a password which was subsequently discovered by a security researcher. The breach exposed the personal information of 2.1M subscribers to the service which was marketed under a series of different brand names.

Victim
MC2 Data
Records
2.1M
Data breachResolved

Explore Talent (August 2024) data breach (2024)

In August 2024, a slew of security vulnerabilities were identified with a conglomerate of online services which included the talent network Explore Talent. A vulnerable API exposed the personal records of 11.4M users of the service of which 8.9M unique email addresses were provided to HIBP.

Victim
Explore Talent (August 2024)
Records
8.9M
Data breachResolved

schenkYOU data breach (2024)

In September 2024, data from the online German gift store schenkYOU was put up for sale on a popular hacking forum. Obtained the month before, the data included 237k unique email addresses alongside names, dates of birth and salted SHA-256 password hashes.

Victim
schenkYOU
Records
237.3K
Data breachResolved

Tracki data breach (2024)

In August 2024, a slew of security vulnerabilities were identified with a conglomerate of online services which included the GPS tracking service Tracki. Multiple vulnerabilities exposed the personal records of 372k users of the service including names and email addresses.

Victim
Tracki
Records
372.6K
Data breachResolved

Chris Leong data breach (2024)

In August 2024, the website of Master Chris Leong "a leading Tit Tar practitioner in Malaysia" suffered a data breach. The incident exposed 27k unique email addresses along with names, physical addresses, dates of birth, genders, nationalities and in many cases, links to Facebook profiles.

Victim
Chris Leong
Records
27.1K
Data breachResolved

Not SOCRadar data breach (2024)

In August 2024, over 332M rows of email addresses were posted to a popular hacking forum. The post alleged the addresses were scraped from cybersecurity firm SOCRadar, however an investigation on their behalf concluded that "the actor merely utilised functionalities inherent in the platform'sโ€ฆ

Victim
Not SOCRadar
Records
282.5M
Data breachResolved

Ubook data breach (2024)

In July 2024, 700k unique email addresses from the audiobook platform Ubook were posted to a popular hacking forum. Allegedly scraped from the service, the data appears to be sourced from the Ubook Exchange (UBX) and also includes names, genders, dates of birth and links to profile photos.

Victim
Ubook
Records
699.9K
Data breachResolved

Stealer Logs Posted to Telegram data breach (2024)

In July 2024, info stealer logs with 26M unique email addresses were collated from malicious Telegram channels. The data contained 22GB of logs consisting of email addresses, passwords and the websites they were used on, all obtained by malware running on infected machines.

Victim
Stealer Logs Posted to Telegram
Records
26.1M
Data breachResolved

The Heritage Foundation data breach (2024)

In July 2024, hacktivists published almost 2GB of data taken from The Heritage Foundation and their media arm, The Daily Signal. The data contained 72k unique email addresses, primarily used for commenting on articles (along with names, IP addresses and the comments left) and by contentโ€ฆ

Victim
The Heritage Foundation
Records
72.0K
Data breachResolved

MSI data breach (2024)

In July 2024, MSI inadvertently exposed hundreds of thousands of customer records related to RMA claims that were subsequently found to be publicly accessible. The data included 250k unique email addresses alongside names, phone numbers, physical addresses and warranty claims.

Victim
MSI
Records
250.0K
Data breachResolved

LuLu data breach (2024)

In July 2024, the Emirati-based LuLu retail store suffered a data breach. The impacted data included 190k email addresses and associated phone numbers which were subsequently shared on a popular hacking forum.

Victim
LuLu
Records
2.8M
Data breachResolved

AnimeLeague data breach (2024)

In July 2024, AnimeLeague disclosed a data breach of their services. The data was posted for sale on a popular hacking forum and included 2 databases covering both event registration records and a dump of the phpBB bulletin board.

Victim
AnimeLeague
Records
192.1K
Data breachResolved

FNTECH data breach (2024)

In July 2024, the events management platform FNTECH suffered a data breach that exposed 10k unique email addresses. The data contained registrants from various events, including participants of the Roblox Developer Conference registration list. The data also included names and IP addresses.

Victim
FNTECH
Records
10.4K
Data breachResolved

Husky Owners data breach (2024)

In July 2024, the Husky Owners forum website was defaced and linked to a breach of user data containing 16k records. The exposed data included usernames, email addresses, dates of birth and time zones.

Victim
Husky Owners
Records
16.5K
Data breachResolved

Ladies.com data breach (2024)

In 2024, the lesbian dating website ladies.com suffered a data breach. Attributed to an exposed Firebase database, the breach included extensive personal information on 119k users of the service including email addresses, photos, sexual orientation, genders, dates of birth and precise latitude andโ€ฆ

Victim
Ladies.com
Records
118.8K
Data breachResolved

Central Tickets data breach (2024)

In September 2024, data from the ticketing service Central Tickets was publicly posted to a hacking forum. The data suggests the breach occurred several months earlier and exposed 723k unique email addresses alongside names, phone numbers, IP addresses, purchases and passwords stored as unsaltedโ€ฆ

Victim
Central Tickets
Records
722.9K
Data breachResolved

Otelier data breach (2024)

In July 2024, a threat actor gained access to the hotel management platform Otelier and retrieved customer data from well-known hotel brands including Marriott, Hilton, and Hyatt.

Victim
Otelier
Records
436.9K
Data breachResolved

Shoe Zone data breach (2024)

In June 2024, the UK footwear chain Shoe Zone disclosed a data breach that was subsequently posted for sale on a popular hacking forum. The data included over 100k orders containing names, addresses, partial credit card numbers (card type and last 4 digits), and 46k unique email addresses.

Victim
Shoe Zone
Records
46.1K
Data breachResolved

BudTrader data breach (2024)

In July 2024, a data breach of the now defunct cannabis social platform BudTrader was posted for sale on a hacking forum. Dating back to the previous month, the breach of the website exposed 2.7M email addresses, usernames and WordPress password hashes.

Victim
BudTrader
Records
2.7M
Data breachResolved

SpyX data breach (2024)

In June 2024, spyware maker SpyX suffered a data breach that exposed almost 2M unique email addresses. The breach also exposed IP addresses, countries of residence, device information and 6-digit PINs in the password field.

Victim
SpyX
Records
2.0M
Data breachResolved

Zacks (2024) data breach (2024)

In June 2024, the investment research company Zacks was allegedly breached, and data was later published to a popular hacking forum. This comes after a separate Zacks data breach confirmed by the organisation in 2023 with the subsequent breach disclosing millions of additional records representingโ€ฆ

Victim
Zacks (2024)
Records
12.0M
Data breachResolved

Z-lib data breach (2024)

In June 2024, almost 10M user records from Z-lib were discovered exposed online. Now defunct, Z-lib was a malicious clone of Z-Library, a well-known shadow online platform for pirating books and academic papers.

Victim
Z-lib
Records
9.7M
Data breachResolved

mSpy (2024) data breach (2024)

In June 2024, a huge trove of data from spyware maker mSpy was obtained by hacktivists and published online. Comprising of 142GB of user data and support tickets along with 176GB of more than half a million attachments, the data contained 2.4M unique email addresses, IP addresses names and photos.

Victim
mSpy (2024)
Records
2.4M
Data breachResolved

Spytech data breach (2024)

In July 2024, spyware maker Spytech suffered a data breach that exposed data collected as recently as the previous month. Designed to "invisibly record everything users do", the breach exposed information related to both purchasers and targets of the product.

Victim
Spytech
Records
5.6K
Data breachResolved

Robinsons Malls data breach (2024)

In June 2024, the Philippines' largest shopping-mall operators Robinsons Malls suffered a data breach stemming from their mobile app. The incident exposed 195k unique email addresses along with names, phone numbers, dates of birth, genders and the user's city and province.

Victim
Robinsons Malls
Records
195.6K
Data breachResolved

Ticketek data breach (2024)

In May 2024, the Australian event ticketing company Ticketek reported a data breach linked to a third party cloud-based platform. The following month, the data appeared for sale on a popular hacking forum and was later linked to a series of breaches of the Snowflake cloud storage service.

Victim
Ticketek
Records
17.6M
Data breachResolved

Operation Endgame data breach (2024)

In May 2024, a coalition of international law enforcement agencies took down a series of botnets in a campaign they coined "Operation Endgame". Data seized in the operation included impacted email addresses and passwords which were provided to HIBP to help victims learn of their exposure.

Victim
Operation Endgame
Records
16.5M
Credential stuffingContained

Snowflake customer-account credential-stuffing campaign (UNC5537, 2024)

A threat cluster tracked as UNC5537 / ShinyHunters used credentials harvested by infostealer malware to log into ~160 Snowflake customer tenants that lacked MFA. Victims included AT&T, Ticketmaster, Santander, LendingTree, Advance Auto Parts, Neiman Marcus, and Bausch Health. Ticketmaster alone exposed data for ~560 million users.

Victim
Snowflake customer tenants (~160 organisations: AT&T, Ticketmaster, Santander, LendingTree, Advance Auto Parts, Neiman Marcus, Bausch Health, et al.)
Records
560.0M
Data breachResolved

Combolists Posted to Telegram data breach (2024)

In May 2024, 2B rows of data with 361M unique email addresses were collated from malicious Telegram channels. The data contained 122GB across 1.7k files with email addresses, usernames, passwords and in many cases, the website they were entered into.

Victim
Combolists Posted to Telegram
Records
361.5M
Data breachResolved

pcTattletale data breach (2024)

In May 2024, the spyware service pcTattletale suffered a data breach that defaced the website and posted tens of gigabytes of data to the homepage, allegedly due to pcTattletale not responding to a previous security vulnerability report.

Victim
pcTattletale
Records
138.8K
Data breachResolved

BSNL telecom data breach

A threat actor advertised roughly 278 GB of data stolen from India's state-owned telecom BSNL โ€” including IMSI numbers, SIM details, home location register data, and security keys โ€” exposing millions of subscribers to SIM-cloning and fraud, in the carrier's second breach in six months.

Victim
Bharat Sanchar Nigam Limited (BSNL)
Data breachResolved

The Post Millennial data breach (2024)

In May 2024, the conservative news website The Post Millennial suffered a data breach. The breach resulted in the defacement of the website and links posted to 3 different corpuses of data including hundreds of writers and editors (IP, physical address and email exposed), tens of thousands ofโ€ฆ

Victim
The Post Millennial
Records
57.0M
Supply chainContained

Data leak at Ticketmaster

In 2024, ticketing giant Ticketmaster (Live Nation) suffered a breach of a third-party Snowflake cloud database; data on up to 560 million customers โ€” names, contact details, order history and partial payment-card data โ€” was stolen and offered for sale by ShinyHunters.

Victim
Ticketmaster
Records
560.0M
Data breachResolved

Piping Rock data breach (2024)

In April 2024, 2.1M email addresses from the online health products store Piping Rock were publicly posted to a popular hacking forum. The data also included names, phone numbers and physical addresses.

Victim
Piping Rock
Records
2.1M
Data breachResolved

Tappware data breach (2024)

In April 2024, a substantial volume of data was taken from the Bangladeshi IT services provider Tappware and published to a popular hacking forum. Comprising of 95k unique email addresses, the data also included extensive labour information on local citizens including names, physical addresses, jobโ€ฆ

Victim
Tappware
Records
94.7K
Data breachResolved

T2 data breach (2024)

In April 2024, 95k records from the T2 tea store were posted to a popular hacking forum. Data included email and physical addresses, names, phone numbers, dates of birth, purchases and passwords stored as scrypt hashes.

Victim
T2
Records
94.6K
Data breachContained

Leak at Le Slip Franรงais

In April 2024, French apparel brand Le Slip Franรงais disclosed a customer data breach exposing names, phone numbers, postal and email addresses and order numbers; roughly 1.5 million email addresses and close to 700,000 full customer profiles were affected. No passwords or payment data were involved.

Victim
Le Slip Franรงais
Data breachResolved

MovieBoxPro data breach (2024)

In April 2024, over 6M records from the streaming service MovieBoxPro were scraped from a vulnerable API. Of questionable legality, the service provided no contact information to disclose the incident, although reportedly the vulnerability was rectified after being mass enumerated.

Victim
MovieBoxPro
Records
6.0M
Data breachResolved

Neiman Marcus data breach (2024)

In 2024, the luxury retailer Neiman Marcus had data stolen from its Snowflake cloud environment via stolen credentials. The company reported about 64,000 individuals to regulators, but the leaked dataset exposed roughly 31 million unique email addresses along with names, contact details and gift-card numbers.

Victim
Neiman Marcus
Records
31.2M
Data breachResolved

Salvadoran Citizens data breach (2024)

In April 2024, nearly 6 million records of Salvadoran citizens were published to a popular hacking forum. The data included names, dates of birth, phone numbers, physical addresses and nearly 1M unique email addresses. Further, over 5M corresponding profile photos were also included in the breach.

Victim
Salvadoran Citizens
Records
947.0K
Data breachResolved

Pandabuy data breach (2024)

In March 2024, 1.3M unique email addresses from the online store for purchasing goods from China, Pandabuy, were posted to a popular hacking forum. The data also included IP and physical addresses, names, phone numbers and order enquiries.

Victim
Pandabuy
Records
1.3M
Supply chainContained

XZ Utils backdoor (CVE-2024-3094)

A multi-year social-engineering campaign by a maintainer persona named 'Jia Tan' planted a hidden SSH backdoor in the XZ Utils compression library (liblzma) versions 5.6.0 and 5.6.1, scoring CVSS 10.0 โ€” caught by chance days before it could reach stable Linux releases worldwide.

Victim
XZ Utils / Linux open-source ecosystem
Data breachResolved

Lookiero data breach (2024)

In August 2024, a data breach from the online styling service Lookiero was posted to a popular hacking forum. Dating back to March 2024, the data included 5M unique email addresses, with many of the records also including name, phone number and physical address.

Victim
Lookiero
Records
5.0M
Data breachResolved

boAt data breach (2024)

In March 2024, the Indian audio and wearables brand boAt suffered a data breach that exposed 7.5M customer records. The data included physical and email address, names and phone numbers, all of which were subsequently published to a popular clear web hacking forum.

Victim
boAt
Records
7.5M
Data breachinvestigating

Nigeria NIN national-ID data exposure

Unauthorized websites such as XpressVerify and AnyVerify were caught selling Nigerians' National Identification Numbers, Bank Verification Numbers, passports, and other personal data for as little as โ‚ฆ100 โ€” exploiting improperly governed API access to the NIMC identity database.

Victim
National Identity Management Commission (NIMC)
Social engineeringContained

Leak at France Travail

On 8 March 2024, France's national employment agency France Travail disclosed a data breach exposing the personal data of up to 43 million jobseekers registered over the previous 20 years, including names, dates of birth, social security numbers and contact details.

Victim
France Travail
Records
43.0M
Data breachResolved

HuntStand data breach (2024)

In March 2024, millions of records scraped from the hunting and land management service HuntStand were publicly posted to a popular hacking forum. The data included 2.8M unique email addresses with many records also containing name, date of birth and country.

Victim
HuntStand
Records
2.8M
Data breachResolved

Giant Tiger data breach (2024)

In March 2024, Canadian discount store Giant Tiger suffered a data breach that exposed 2.8M customer records. Attributed to a vendor of the retailer, the breach included physical and email addresses, names and phone numbers.

Victim
Giant Tiger
Records
2.8M
Data breachResolved

WoTLabs data breach (2024)

In March 2024, WoTLabs (World of Tanks Statistics and Resources) suffered a data breach and website defacement attributed to "chromebook breachers". The breach exposed 22k forum members' personal data including email and IP addresses, usernames, dates of birth and time zones.

Victim
WoTLabs
Records
22.0K
Data breachResolved

Fair Vote Canada data breach (2024)

In March 2024, the Canadian national citizens' campaign for proportional representation Fair Vote Canada suffered a data breach. The incident was attributed to "a well-meaning volunteer" who inadvertently exposed data from 2020 which included 134k unique email addresses, names, physical addresses,โ€ฆ

Victim
Fair Vote Canada
Records
134.3K
Data breachContained

Leak at LDLC

In early March 2024, French electronics retailer LDLC confirmed a data breach affecting roughly 1.5 million in-store customers, exposing names, postal addresses, email addresses and phone numbers, though no banking or sensitive data.

Victim
LDLC
Records
1.5M
Data breachResolved

Life360 data breach (2024)

In July 2024, data scraped from a misconfigured Life360 API was posted online after being obtained several months earlier. The records included 443k unique email addresses and in most cases, corresponding names and phone numbers (some records were null or obfuscated).

Victim
Life360
Records
442.5K
Data breachResolved

Mr. Green Gaming data breach (2024)

In March 2024, the online games community Mr. Green Gaming suffered a data breach that exposed 27k user records. Acknowledged on their Discord server, the incident exposed email and IP addresses, usernames, geographic locations and dates of birth.

Victim
Mr. Green Gaming
Records
27.1K
Data breachResolved

DemandScience by Pure Incubation data breach (2024)

In early 2024, a large corpus of data from DemandScience (a company owned by Pure Incubation), appeared for sale on a popular hacking forum. Later attributed to a leak from a decommissioned legacy system, the breach contained extensive data that was largely business contact information aggregatedโ€ฆ

Victim
DemandScience by Pure Incubation
Records
121.8M
Data breachResolved

Cutout.Pro data breach (2024)

In February 2024, the AI-powered visual design platform Cutout.Pro suffered a data breach that exposed 20M records. The data included email and IP addresses, names and salted MD5 password hashes which were subsequently broadly distributed on a popular hacking forum and Telegram channels.

Victim
Cutout.Pro
Records
20.0M
Data breachResolved

Spyzie data breach (2024)

In February 2025, the spyware service Spyzie suffered a data breach along with sibling spyware services, Spyic and Cocospy. The Spyzie breach alone exposed almost 519k customer email addresses which were provided to HIBP, and reportedly also enabled unauthorised access to captured messages, photos,โ€ฆ

Victim
Spyzie
Records
518.6K
Data breachResolved

Doxbin (TOoDA) data breach (2024)

In February 2025, the "doxing" website Doxbin was compromised by a group calling themselves "TOoDA" and the data dumped publicly. Included in the breach were 336k unique email addresses alongside usernames.

Victim
Doxbin (TOoDA)
Records
136.5K
Data breachContained

Leak at Almerys, Viamedis

In early February 2024, French third-party health-payment operators Viamedis and Almerys disclosed breaches exposing data on about 33 million people โ€” names, dates of birth, social security numbers and health-insurer details โ€” in one of France's largest ever data breaches.

Victim
Almerys, Viamedis
Records
33.0M
Data breachResolved

SurveyLama data breach (2024)

In February 2024, the paid survey website SurveyLama suffered a data breach that exposed 4.4M customer email addresses. The incident also exposed names, physical and IP addresses, phone numbers, dates of birth and passwords stored as either salted SHA-1, bcrypt or argon2 hashes.

Victim
SurveyLama
Records
4.4M
Data breachResolved

Spoutible data breach (2024)

In January 2024, Spoutible had 207k records scraped from a misconfigured API that inadvertently returned excessive personal information. The data included names, usernames, email and IP addresses, phone numbers (where provided to the platform), genders and bcrypt password hashes.

Victim
Spoutible
Records
207.1K
RansomwareContained

Schneider Electric Sustainability Business Cactus ransomware (2024)

Cactus ransomware operators hit Schneider Electric's Sustainability Business division, taking the Resource Advisor consulting platform offline and exfiltrating approximately 1.5 TB of data โ€” including passport scans and signed NDAs from customers like Hilton, PepsiCo, and Walmart.

Victim
Schneider Electric โ€” Sustainability Business division
Data breachResolved

Trello data breach (2024)

In January 2024, data was scraped from Trello and posted for sale on a popular hacking forum. Containing over 15M email addresses, names and usernames, the data was obtained by enumerating a publicly accessible resource using email addresses from previous breach corpuses.

Victim
Trello
Records
15.1M