Latest News: Data Breaches

Crypto exchange giant Coinbase is reeling from a cyberattack that exposed sensitive customer data, prompted a $20 million extortion attempt, and could cost the company up to $400 million in remediation. The breach, disclosed this week via Coinbase’s official blog and a filing with U.S. regulators,

Marks & Spencer has confirmed that personal customer data was stolen in the recent cyberattack that disrupted its services for weeks. The breach exposed names, addresses, phone numbers, and order histories. While account passwords and full card details were not compromised, the retailer urged

Cybersecurity Researcher, Jeremiah Fowler, discovered and reported to vpnMentor about an unencrypted and non-password-protected database that contained 3,154,239 records presumably belonging to a platform designed to assist high school athletes in securing college sports scholarships. The

The cybergang behind a massive PowerSchool data breach is now attempting to directly extort schools and districts across the US and Canada — despite PowerSchool reportedly paying an undisclosed ransom for the deletion of the stolen data. According to BleepingComputer, PowerSchool was given

Ascension Health has begun notifying individuals of yet another data breach that exposed their personally identifiable information (PII) and sensitive health records. Notifications were sent out to patients starting April 30, 2025 — nearly six months after Ascension discovered the breach on

Cybersecurity Researcher, Jeremiah Fowler, discovered and reported to vpnMentor about a non-password-protected database that contained 520,054 records belonging to an event ticket resale platform. The publicly exposed database was not password-protected or encrypted. It contained ​​520,054

Blue Shield of California has revealed that a misconfiguration in Google Analytics caused the unintentional exposure of sensitive health information for 4.7 million members. Between April 2021 and January 2024, certain member data was inadvertently shared with Google Ads — without the consent or

Hertz has confirmed that customer data has been stolen during a cyberattack on Cleo Communications, a third-party vendor providing file transfer services. The company said the breach occurred when “zero-day vulnerabilities within Cleo’s platform” were exploited in October and December 2024 — an

Cybersecurity Researcher, Jeremiah Fowler, discovered and reported to vpnMentor about a non-password-protected database that contained nearly 8 million records belonging to a UK-based software company that facilitates employee data management, compliance, timesheets, and payroll. The

X, formerly Twitter, has seemingly fallen victim to the largest social media data breach ever, involving 400 GB of data on 2.8+ billion users. In January 2025, a user published a 34GB sample of the data on BreachForum, a popular hacking forum and messaging board on the surface level web. The