Data Breaches

Chinese AI startup DeepSeek left critical user data and internal secrets unprotected, raising alarms over security risks in the AI industry.

The exposed database was connected to the internet without a password, exposing GPS coordinates, names, phone numbers, and postal addresses.

Some people might have had their names and medical information exposed on a Chicago Department of Public Health online dashboard last fall.

That’s not much when split across 37 million victims.

London-based engineering giant Smiths Group disclosed a security breach after unknown attackers gained access to the company's systems.

Let’s Secure Insurance Brokers Pvt Ltd., a prominent Indian insurance brokerage firm, has reportedly fallen victim to ransomware. The perpetrators, identified as the Kill Security (alias KillSec) group, claim to have gained unauthorised access to the company’s data, sparking concerns over potential data breaches.

New York State has announced a $2,000,000 settlement with PayPal over charges it failed to comply with the state's cybersecurity regulations, leading to a 2022 data breach.

UK telecommunications company TalkTalk is investigating a third-party supplier data breach after a threat actor began selling alleged customer data on a hacking forum.

The hacker who breached education tech giant PowerSchool claimed in an extortion demand that they stole the personal data of 62.4 million students and 9.5 million teachers.

Hewlett Packard Enterprise (HPE) is investigating claims of a new breach after a threat actor said they stole documents from the company's developer environments.

Hotel management platform Otelier suffered a data breach after threat actors breached its Amazon S3 cloud storage to steal millions of guests' personal information and reservations for well-known hotel brands like Marriott, Hilton, and Hyatt.

Wolf Haldenstein Adler Freeman & Herz LLP ("Wolf Haldenstein") reports it has suffered a data breach that exposed the personal information of nearly 3.5 million individuals to hackers.

Avery Products Corporation is warning it suffered a data breach after its website was hacked to steal customers' credit cards and personal information.

A breach of AT&T that exposed “nearly all” of the company’s customers may have included records related to confidential FBI sources, potentially explaining the bureau’s new embrace of end-to-end encryption.

Blood-donation not-for-profit OneBlood confirms that donors' personal information was stolen in a ransomware attack last summer.

Path of Exile 2 developers confirmed that a hacked admin account allowed a threat actor to change the password and access at least 66 accounts, finally explaining how PoE 2 accounts have been breached since November.

Nominet, the official .UK domain registry and one of the largest country code registries, has confirmed that its network was breached two weeks ago using an Ivanti VPN zero-day vulnerability.

On March 25, DataBreaches entered Teton Orthopaedics’ name on a monthly worksheet this site uses for tracking breaches in the healthcare sector. The entry wasn’t based on any report by Teton Orthopaedics or media, and DataBreaches had been unable to find any notice by the provider. The entry was based on a claim by the ransomware group known as DragonForce, who claimed to have exfiltrated 19.48GB of files and to have encrypted Teton’s files.

Spanish telecommunications company Telefónica confirms its internal ticketing system was breached after stolen data was leaked on a hacking forum.

Silk Typhoon Chinese state-backed hackers have reportedly breached a Treasury Department office that reviews foreign investments for national security risks.

Popular cannabis brand STIIIZY disclosed a data breach this week after hackers breached its point-of-sale (POS) vendor to steal customer information, including government IDs and purchase information.

​BayMark Health Services, North America's largest provider of substance use disorder (SUD) treatment and recovery services, is notifying an undisclosed number of patients that attackers stole their personal and health information in a September 2024 breach.