Industry Privacy News

Denmark School District staff raised concerns at a school board meeting about the district's handling of a January data breach that potentially compromised the identities of at least 60 current and former employees. Teachers criticized the district for lack of transparency, particularly after learning the district allegedly received a ransom note but initially stated there was no evidence of unauthorized access to employee tax information. Staff members said they were not immediately informed...

Cryptocurrency exchange Kraken disclosed that two former support team members inappropriately accessed limited client data affecting roughly 2,000 accounts, and a criminal group is now attempting to extort the company by threatening to release videos of internal systems. The company terminated the insiders' access, notified affected users, and stated it will not pay the extortionists while working with law enforcement. Kraken emphasized that no system breach occurred and customer funds were n...

Booking.com notified customers that unauthorized third parties may have accessed personal information including names, emails, addresses, phone numbers, and booking details through suspicious activity affecting multiple reservations. The company responded by changing reservation PIN numbers and advising customers not to share credit card details via email, phone, text, or WhatsApp, though it remains unclear how many people were affected or whether payment information was compromised. The brea...

INSUFFICIENT The source material discusses Salesforce job cuts driven by AI automation, but contains no information about a third-party data breach or any privacy-related incident. The title mentions "data breach concerns," but this topic is completely absent from the provided content.

Rockstar Games confirmed it suffered a cyberattack in which hackers accessed a "limited amount of non-material company information" through a third-party data breach, though the company states no player data was affected. The hacking group ShinyHunters claims to have stolen company data including financial information and player habit studies from cloud servers, and threatened to release it after their ransom demand went unpaid. This breach is separate from Rockstar's 2022 incident that leake...

Spring Lake Park Schools in Minnesota closed all buildings on Monday after detecting a suspected ransomware attack that disrupted the district's computer systems. The district shut down its computer networks as a precautionary measure and is working with law enforcement and cybersecurity experts to investigate the incident. Officials have not disclosed whether any student or staff data was compromised in the attack.

Grand Theft Auto developer Rockstar Games was hacked through a third-party cloud provider, with hackers claiming to have accessed company servers and threatening to release stolen data unless paid a ransom. Rockstar confirmed the breach but stated it has no impact on the organization or its players. This marks the second time in three years that the gaming company has been targeted by hackers.

INSUFFICIENT The source material contains information about multiple unrelated data breaches (Rise Interactive, Legend Senior Living) but provides no substantive information about a Rocky Mountain Associated Physicians data breach mentioned in the title. Without specific details about what happened at Rocky Mountain Associated Physicians, who was affected, or what data was compromised, a meaningful summary cannot be written.

Hackers breached business monitoring software company Anodot on April 4, stealing authentication tokens that allowed them to access and extract customer data stored in the cloud, affecting at least a dozen companies including Rockstar Games. The ShinyHunters hacking group is now threatening to publish the stolen data unless ransom demands are met, demonstrating how attackers can compromise multiple organizations by targeting a single software provider they all use. Cloud storage provider Snow...

AI staffing firm Mercor faces lawsuits over data breach

The Silent Ransom Group has publicly leaked data from approximately 38 U.S. law firms that refused to pay ransom demands, including Wood Smith Henning & Berman LLP, which was hit with a $1.8 million demand after hackers stole 3.6 GB of data in February 2025. The FBI issued a warning in May 2025 about SRG specifically targeting law firms, and the group claims most victims do pay, suggesting they may have attacked over 76 firms total. The leaked data exposes sensitive client information held by...

David Evans Enterprises Data Breach: 8,915 Affected

The City of Anthony, New Mexico, has reported to state and federal authorities that public records - including investigative files, operational documents, and grant materials - went missing during a transition between city administrations, with police department devices allegedly locked or wiped clean. City officials also discovered irregularities in timecards and payroll practices. The incident raises concerns about improper destruction of public records, which can constitute a fourth-degree...

A 2021 security research study by PrivacySavvy found that multiple popular travel booking and ride-sharing apps exposed user data through unsecured servers and subdomains, potentially affecting up to 105 million users. The researchers discovered that many apps lacked basic security measures and allowed third-party access to servers containing sensitive customer information. While some affected companies addressed the vulnerabilities after being notified, many had not yet implemented fixes at ...

Kloeckner Metals Corporation Data Breach Exposes Personal Information: Murphy Law Firm Investigates Legal Claims

SouthState Bank has agreed to a $1.5 million settlement following a February 2024 data breach that potentially exposed personal information - including names, Social Security numbers, and financial account details - of approximately two million customers. Affected individuals will automatically receive one year of free credit monitoring, and those who file claims can receive up to $3,500 for documented losses such as fraudulent charges, bank fees, and ID replacement costs. The settlement cove...

Salesforce disclosed a customer data breach affecting thousands of records, linked to the third-party application Drift, raising concerns about how sensitive customer data is managed across external integrations on its platform. The incident coincides with the company's plan to cut approximately 4,000 customer support roles as AI tools increasingly handle service tasks. The breach and workforce restructuring may influence enterprise customers' confidence in Salesforce's data handling and supp...

OpenAI revoked and updated its macOS security certificates after a North Korea-linked attack compromised Axios, a third-party developer tool used in the company's app-signing process. While OpenAI found no evidence that user data, systems, or software were compromised, the company is requiring all macOS users to update their apps as a precautionary measure to prevent potential distribution of fake applications appearing to be from OpenAI. The incident highlights growing risks from supply chai...

Hackers breached European gym chain Basic-Fit's systems and downloaded personal data of approximately 1 million members across six countries, including names, addresses, phone numbers, email addresses, dates of birth, bank details, and membership information. The company detected and stopped the intrusion within minutes but confirmed some data had already been extracted, though passwords and identity documents were not accessed. Basic-Fit reported the breach to Dutch authorities and notified ...

OpenAI detected a security vulnerability involving a third-party tool integrated into its platform through internal monitoring systems, but the issue was contained before any exploitation occurred. The company confirmed that no user data was accessed, exposed, or compromised during the incident. The event highlights the security risks that external integrations can introduce to AI platforms, even when detection systems function as intended.

LexisNexis Data Breach: Security Safeguards Failed

OpenAI detected a security issue involving the Axios developer library, which was compromised in a suspected North Korean supply chain attack on March 31. The breach affected an internal automation process that had access to code-signing tools for OpenAI's macOS apps, but the company says no user data, passwords, or API keys were accessed. As a precaution, OpenAI is requiring all macOS users to update ChatGPT Desktop, Codex, and other apps by May 8, after which older versions will stop receiv...

Brockton Hospital in Massachusetts experienced a ransomware attack by the Anubis group that forced the facility to divert ambulances, cancel chemotherapy appointments, and operate on paper records for two weeks. The attack encrypted hospital systems and continues to prevent patients from filling new prescriptions, despite the group's claims they were careful not to harm patient care. Federal and state officials are assisting with the ongoing investigation into the incident.

Rockstar Games confirmed a network intrusion resulted in the theft of confidential information, including over 90 videos of early development footage and source code for the unreleased Grand Theft Auto 6 game. The breach exposed internal development materials showing gameplay set in Vice City and featured a female protagonist, though the company stated operations would not be affected. The incident demonstrates how unauthorized access to corporate networks can lead to the leak of sensitive pr...

GTA 6 Dev Rockstar Confirms 'A Limited Amount of Non-Material Company Information Was Accessed' in Third-Party Data Breach, as Hackers Issue Ultimatum: 'Pay or Leak'

Rockstar Games confirmed it was affected by a third-party data breach after a hacker group claimed to have breached the GTA 6 developer and issued a ransom demand with an April 14 deadline. The company stated the breach has no major impact on its operations or players. The incident follows previous security breaches involving Rockstar Games.

A hacker allegedly stole more than 10 petabytes of sensitive data from China's National Supercomputing Center in Tianjin, including classified defense documents and missile schematics from thousands of government and research clients. In response, Chinese authorities imposed strict new security measures across government agencies, including bans on mobile phones in offices, mandatory signal-blocking lockers, and offline-only operations for sensitive systems. The breach, which cybersecurity ex...

INSUFFICIENT The source material describes a Department of Justice lawsuit settlement regarding IBM's diversity, equity, and inclusion (DEI) employment practices. This is a civil rights and employment discrimination matter, not a privacy-related event involving data protection, surveillance, user information handling, or similar privacy concerns.

OpenAI identifies security issue involving third-party tool, says user data was not accessed

South Korea to inspect call centers after major data breach

INSUFFICIENT The source material does not contain any information about Christie's, a 280 million won penalty, a 7.2 million won fine, or a data breach involving Christie's. The provided content discusses unrelated topics including Bitcoin Depot, OpenAI, Iranian hackers, and Steam forum posts.

INSUFFICIENT The source material discusses Chinese electric vehicles and potential market entry into the U.S., focusing on trade, manufacturing, and competition concerns. While it mentions "national security risks" in passing, it provides no specific information about data security concerns, privacy issues, or any actual ban on Chinese vehicles that would constitute a privacy event.

Japanese shipping company NYK disclosed that unauthorized third parties accessed its bunker fuel procurement system on March 24, exfiltrating personal data including names, phone numbers, and email addresses of current and former employees as well as business partners. The company temporarily shut down the system, reported the breach to Japan's data protection authority and police, and confirmed no ransomware or financial demands have been detected. The incident affects individuals connected ...

The Silent Ransom Group breached law firm Orrick, Herrington & Sutcliffe in January 2026, accessing its network for approximately one week without deploying malware, likely through phishing or social engineering. After Orrick offered $1 million to resolve the incident - significantly less than the ransom demand - the threat actors leaked the firm's data, marking the first top-100 law firm to offer what the group considered an insufficient payment. This is Orrick's second major data breach in ...

A physician practice with multiple New York locations agreed to a $2.5 million settlement after a data breach affected more than 167,000 people, with plaintiffs alleging the practice maintained patient information in a reckless manner. The case demonstrates that healthcare organizations can face liability even when following recognized cybersecurity frameworks, as courts evaluate security measures based on context rather than simple compliance checklists. Legal experts note that widely availa...

Blue Dart Express reported a low-severity cybersecurity incident involving phishing and impersonation exposure within its parent group, confirming that no sensitive data, customer information, or business data was breached. The company notified India's CERT-In authorities as required, implemented immediate remedial measures, and contained the incident with no significant financial impact on operations. The disclosure emphasizes that all customer data remained secure throughout the incident.

Affiliated Dermatologists and Dermatologic Surgeons suffered a data breach between March 2-5, 2024, exposing personal information of approximately 380,000 individuals, including Social Security numbers, medical records, driver's license numbers, and health insurance details. Cybercriminals gained unauthorized access to the company's computer systems during this period, and the compromised data may be sold on the dark web or used for identity theft. A law firm is investigating potential legal ...

Windward Life Care, a San Diego-based home healthcare provider, disclosed a data breach on April 10, 2025, stemming from a December 8, 2025 cybersecurity incident that exposed sensitive personal information including Social Security numbers, financial account details, medical records, and health insurance information. The breach, which appears connected to a ransomware attack by the Sinobi group, has prompted a class action investigation as affected individuals face risks of identity theft an...

Korea Launches First Census of Government AI Training Data Holdings

The Trump administration's Office of Personnel Management is requesting monthly medical records from 65 insurance companies covering over 8 million federal workers, retirees, and their families, including details on prescriptions and doctor visits. The proposal has raised concerns among health policy and legal experts about the legality of creating such an extensive database of identifiable health information and the potential for political misuse, particularly given the administration's patt...

A large-scale data breach, including approximately 1 million email addresses, may have occurred from SUUMO, CHINTAI, At Home, Homes, Ouchino, and Chintai EX.

A threat actor posted 61 gigabytes of data allegedly stolen from Russell Cellular, a Verizon authorized retailer, affecting 6.3 million customers and employees and offered it for sale on a hacker forum for $1,200. The compromised data reportedly includes full names, phone numbers, email addresses, account numbers, device identifiers, contract details, and employee credentials. Russell Cellular has not yet notified affected individuals as of the report date.

South Korea's Personal Information Protection Commission fined Lotte Card 9.62 billion won ($6.51 million) after a hacking incident exposed personal data of 2.97 million customers, including resident registration numbers of 450,000 people. The breach occurred because Lotte Card stored registration numbers in plain text in log files from its online payment system and failed to implement proper encryption, violating data protection laws. The Financial Supervisory Service also imposed a separate...

Christie's fined $194,000 for data breach in South Korea

South Korea's Personal Information Protection Commission fined British auction house Christie's approximately $193,600 after a data breach exposed personal information of 620 South Korean members, including names, addresses, and resident registration numbers. The breach occurred when a Christie's employee granted system access to a malicious actor, and the company failed to encrypt customer data or report the incident within the required 72-hour timeframe. The regulator cited inadequate secur...

Eurail, a European train travel operator, disclosed that attackers breached its customer database in December 2025 and stole personal information of over 308,000 individuals, including names, passport numbers, ID numbers, bank account details, and health information. The company warned that stolen data samples appeared on Telegram and the dark web, and advised affected customers to watch for phishing attempts, change passwords, and monitor bank accounts for suspicious activity. The breach par...

French email provider Alinto left an Elasticsearch database exposed online, leaking 40 million email records containing sender and recipient addresses, location details, and relay IP addresses. The breach affected major corporations including L'Oreal, Renault, and DHL, as well as numerous French government agencies with at least 14,000 government email addresses exposed. Security researchers discovered the unsecured database and notified Alinto, which has since secured the server.

An Iran-linked hacking group claims to have infiltrated the personal devices of former Israeli military chief Herzi Halevi over several years, obtaining more than 19,000 confidential images and videos including footage from secret meetings, military facilities, and personal moments. The leaked material, published by the Handala group, revealed previously undisclosed meetings with Jordanian and Qatari officials, along with personal identification documents belonging to Halevi and his wife. Thi...

Dutch healthcare software vendor ChipSoft was hit by a ransomware attack that forced the company to take offline its website and digital services, including platforms used by multiple hospitals across the Netherlands. The incident prompted ChipSoft to warn healthcare institutions of possible unauthorized access and advise them to disconnect from its systems, causing service disruptions at several hospitals including Sint Jans Gasthuis, Laurentius, VieCuri, and Flevo Hospital. The attack is pa...

INSUFFICIENT The source material discusses data breaches at Union Home Mortgage Corporation and DocketWise, but does not contain any information about Russell Cellular, which is the subject mentioned in the title. Without relevant source material about the Russell Cellular incident, a factual summary cannot be written.

Eurail data breach impacts 300,000 Tourists leading to their passport info steal - Cybersecurity Insiders

South Korea's financial regulator has notified Lotte Card of a $3.38 million fine and a four-month suspension of new customer sign-ups following a massive data breach that affected nearly 3 million customers. This is the second penalty this year for the same incident, which previously resulted in compensation orders and the reissuance of 650,000 cards. South Korean regulators are known for imposing strict consequences on companies after data breaches, including business suspensions and fines ...

INSUFFICIENT The source material consists primarily of Law360 website navigation menus and truncated text that does not provide sufficient factual information about the data breach counsel incident or court proceedings mentioned in the title. Without access to the actual article content, it is impossible to accurately summarize what happened, who was affected, or why it matters to users.

Data Breach Alert: Edelson Lechtzin LLP Investigates Heart South Cardiovascular Group Data Breach

Dutch healthcare software vendor ChipSoft was hit by a ransomware attack on April 7 that took its website offline, though most of the approximately 80 percent of Dutch hospitals using its patient record systems can still access their portals. The attacker's identity remains unknown, and Dutch healthcare authorities have confirmed the ransomware incident. This attack raises concerns about potential access to sensitive patient data across a significant portion of the Netherlands' healthcare inf...

Cybercriminals allegedly stole and leaked 7.7 terabytes of sensitive Los Angeles Police Department data, including officer personnel files, internal affairs investigations, and discovery documents containing unredacted criminal complaints, witness names, and medical information. The breach affected a third-party digital storage system used by the LA City Attorney's Office rather than LAPD systems directly, with the extortion gang World Leaks claiming responsibility. The leak exposes more than...

CareCloud: Millions of Health Care Patients Potentially Affected by Data Breach

INSUFFICIENT The source material describes a lawsuit against Hope College related to a data breach, but the title references AAA Northeast and a driving school breach. These are two completely different incidents, making it impossible to write an accurate summary without clarification about which event to cover.

Healthcare IT company CareCloud disclosed a data breach on March 16 that potentially exposed medical records of millions of patients after hackers accessed one of its six patient record stores for approximately eight hours. The company serves over 45,000 provider groups, hospitals, and medical practices across the U.S., though it remains unclear whether protected health information was actually stolen or if ransomware was involved. An investigation is ongoing with third-party cybersecurity ex...

OuterBox LLC, an Ohio-based digital marketing agency, disclosed a data breach exposing names, Social Security numbers, driver's license numbers, and financial account information, with at least 308 Texas residents affected. The company is notifying impacted individuals by mail but has not disclosed when or how the breach occurred, nor whether it will offer credit monitoring services. Affected individuals should monitor their financial accounts closely and consider placing fraud alerts, as the...

INSUFFICIENT The title references a Gulfstream Services data breach, but the source material only describes a completely different incident involving Eurail B.V., a European train travel company that experienced a breach affecting approximately 308,777 individuals. The source material contains no information about Gulfstream Services.

INSUFFICIENT The source material does not contain information about an LAPD data breach related to a city attorney hack. The provided text discusses a separate case involving a journalist who obtained LAPD officer information through a legal public records request, and includes an unrelated segment about data breaches in general. The source material does not support the event title's claim about a breach involving leaked confidential police records from a city attorney hack.

Jones Day, a top-ranked U.S. law firm, confirmed a data breach affecting 10 clients after the Silent Ransom Group gained access through a phishing attack and posted stolen files to the dark web on March 30. The hackers demanded $13 million and threatened to publish all data, contact employees and clients, and resume attacks if the firm did not respond by their deadline. All affected clients have been notified of the breach, which targeted a senior member of the firm's Federal Circuit legal team.

Nigeria's Data Protection Commission (NDPC) has launched an investigation into Remita and Sterling Bank following alleged data breach incidents, according to the article title. However, the provided source material only contains details about a separate case involving Fidelity Bank, which was fined ₦555.8 million for processing customer data without proper consent and using non-compliant third-party processors. INSUFFICIENT

A group dispute mediation process has begun in South Korea after Coupang suffered a data breach affecting approximately 33.7 million user accounts, with an additional 165,000 accounts exposing delivery address information. A joint investigation found that user data including names and email addresses was exposed through vulnerabilities in Coupang's account-information update page. At least 50 consumers have filed for collective mediation seeking damages, and if Coupang accepts the eventual me...

Drift blames exploit on North Korea, GitHub attacks target South Korea, Die Linke breach threatens data leak

Figure Technology confirms data breach affecting nearly 1 million users - Class Action Lawsuits

Iranian-affiliated hackers have exploited internet-facing programmable logic controllers (PLCs) used in U.S. critical infrastructure, causing operational disruptions and financial losses across multiple sectors. The attacks targeted devices manufactured by Rockwell Automation/Allen-Bradley, manipulating control systems and display data. CISA urges organizations to immediately remove PLCs from direct internet exposure and check their networks for signs of compromise using provided indicators.

Over a dozen companies suffered data theft attacks after authentication tokens were stolen from Anodot, a SaaS integration provider, with most attacks targeting customers of the cloud data platform Snowflake. The ShinyHunters extortion gang has claimed responsibility and is now demanding ransoms from affected organizations to prevent release of the stolen data. Snowflake confirmed it detected unusual activity in a small number of customer accounts and has locked down potentially impacted acco...

INSUFFICIENT The source material only contains a social media post title and error messages from disabled JavaScript, with no actual article content or details about the Grafana vulnerability, what data was at risk, or how the issue was resolved.

Syracuse, N.Y., Notifies Possible Police Data Breach Victims

Five Louisiana officials arrested for malfeasance and data breach

AI training startup Mercor faces at least five lawsuits from contractors after a data breach exposed Social Security numbers, addresses, and interview recordings to hackers through compromised LiteLLM software. The breach affected gig workers who provided personal information on W-9 forms while training AI for clients like Meta, which has since paused its work with Mercor. The lawsuits seek unspecified damages for alleged violations of data privacy and consumer protection laws.

New Orleans Saints Data Breach Investigation

Blackstone Valley Community Health Care, along with several healthcare organizations, agreed to pay $5.48 million to settle a lawsuit over a December 2023 data breach that affected approximately 1.52 million patients. The breach compromised personal and health information, and affected individuals can claim reimbursement for out-of-pocket losses, compensation for time spent addressing the breach, or an alternative cash payment. Separately, LoanCare and Fidelity National Financial settled a si...

Lakeview Loan Servicing and related mortgage companies agreed to a $26 million settlement after an October 2021 data breach potentially exposed sensitive information of approximately 5.8 million customers. Affected individuals can file claims by June 22, 2026, for reimbursement of documented out-of-pocket losses up to $5,000, such as fraud-related expenses or credit monitoring costs, or receive a pro-rated cash payment. The settlement covers current and former customers of Lakeview, Pingora, ...

INSUFFICIENT The source material does not contain information about an OuterBox data breach. The provided content describes two separate incidents involving Boston Mountain Rural Health Center and Heart South Cardiovascular Group, neither of which matches the title referencing OuterBox.

Five Louisiana public officials, including a mayor and police chief, were arrested for illegally accessing government databases and sharing protected information about an active criminal case with the defendant, including details about alleged victims. The officials - spanning multiple law enforcement agencies and a 911 dispatch center - face charges of malfeasance in office and trespass against state computers. This breach compromised victim protections and potentially jeopardized ongoing cr...

Oklahoma Governor Stitt signed Senate Bill 546 on March 20, 2026, making Oklahoma the 21st state with a comprehensive consumer privacy law, effective January 1, 2027. The law applies to businesses that serve Oklahoma residents and either process data of 100,000+ consumers annually or process data of 25,000+ consumers while earning over 50% of revenue from selling personal data. Covered businesses must honor consumer requests to access, correct, delete, or port their data, and allow opt-outs f...

Switzerland Probes Crans-Montana 144 Data Leak: Privacy Risks - April 06

The FBI issued a public alert warning that many popular mobile apps developed by foreign companies, particularly those based in China, pose data security risks because they may be subject to laws enabling government access to user information. The agency cautioned that these apps can collect extensive personal data from users' devices - including contact lists of non-users - and may store this information on servers in China or contain malware that exploits system vulnerabilities. While the F...

Gritman Medical Center in Moscow, Idaho, closed multiple outpatient clinics for several days this week following a cybersecurity incident that disrupted electronic systems, though its hospital and emergency department remained operational. The health system began bringing systems back online Friday and expected to resume normal clinic operations by Monday. The incident forced temporary closures of primary care, specialty clinics, and various medical services while the organization addressed t...

German authorities have publicly identified 31-year-old Russian national Daniil Maksimovich Shchukin as the leader behind major ransomware operations GandCrab and REvil, which carried out at least 130 cyberattacks in Germany between 2019 and 2021. The attacks, conducted alongside another Russian national, resulted in nearly €2 million in ransom payments and over €35 million in total economic damage to victims. This marks a significant breakthrough in identifying leadership of ransomware group...

In September 2024, immigration case management platform DocketWise suffered a data breach when unauthorized actors used valid credentials to access repositories containing unstructured client data from multiple law firms, affecting 116,666 individuals. The exposed information varied by person but could include Social Security numbers, passport details, financial account information, medical records, and other sensitive personal data belonging to immigration law firm clients. The breach is par...

A class action lawsuit filed on April 3, 2026, alleges that Chime Financial suffered a cyberattack on April 1, 2026, that locked customers out of their accounts and potentially exposed personal data after cybercriminal group Team 313 claimed responsibility. The lawsuit claims Chime failed to maintain adequate cybersecurity protections and did not promptly notify affected customers, leaving users unable to access funds, pay bills, or take protective measures like changing passwords. At the att...

Phoenix-based Cardiovascular Consultants agreed to pay $3.85 million to settle a class action lawsuit following a September 2023 data breach in which attackers accessed systems, encrypted data, and stole patient information including names, addresses, birth dates, Social Security numbers, and driver's license numbers. The practice denied wrongdoing but settled to avoid ongoing litigation costs and risks. The breach affected patients' personal and health information due to what the lawsuit all...

Data breach notice clarified by T-Mobile | brief | SC Media

A security breach at Mercor, a data contracting firm that generates proprietary AI training data for major tech companies, has prompted Meta to indefinitely pause all work with the startup while investigating potential exposure of sensitive datasets. The breach, linked to a compromised AI API tool called LiteLLM, could affect thousands of organizations and may have exposed confidential information about how companies like OpenAI and Anthropic train their AI models. OpenAI confirmed it is inve...

A European Union law that allowed tech companies to scan private communications for child sexual abuse material (CSAM) expired, with EU officials confirming such scanning now violates European law without a legal basis. Despite this, Microsoft, Google, Meta, and Snapchat announced they will continue voluntary scanning, creating potential legal risk as they proceed without explicit authorization. The expiration reflects ongoing tension between child safety advocates and privacy critics who arg...

INSUFFICIENT The source material discusses two separate incidents: a Southern Illinois Dermatology data breach and a Chime Financial lawsuit. The content about Chime is incomplete (truncated), and neither incident provides sufficient detail to write a clear, factual summary that meets the standards for meaningful reporting on what happened, who was affected, and the practical significance.

Charles River Insurance Data Breach Confirmed; Lawyers Investigating

INSUFFICIENT The source material only contains brief headlines and incomplete snippets from a law firm's press releases about investigating various data breaches, including one involving Heart South Cardiovascular Group. There is no information provided about what actually happened in the breach, what data was compromised, how many people were affected, or any other substantive details needed to write a meaningful summary.

A corporate data breach occurred when attackers exploited an internet-connected coffee machine that had a default password, outdated software, and no firewall protection on the company's network. Every time employees brewed coffee, the machine transmitted sensitive corporate data to threat actors overseas. The incident highlights how IoT devices like smart appliances, thermostats, and connected equipment can bypass traditional security measures when they share networks with sensitive business...

In March, several Syrian government accounts on X were hacked and used to post pro-Israel messages and explicit content, exposing weak security practices including possible shared credentials and lack of multi-factor authentication. Cybersecurity experts noted that multiple accounts appeared to fall simultaneously, suggesting centralized access without proper safeguards like password diversity or MFA. The breach highlights how governments relying on commercial platforms for official communica...

Conduent, a business process services company, disclosed that a January 2025 cyberattack affected far more people than initially reported, with the number of impacted New Hampshire customers rising from 181,000 to 293,000. The breach compromised sensitive personal information including names and Social Security numbers of clients from government agencies, healthcare organizations, and transportation services. The attackers gained unauthorized access to a limited portion of Conduent's systems ...

The Swiss have filed a lawsuit over the data leak in the Crans-Montana case.

Fitness app Strava's public "Global Heatmap" feature inadvertently revealed the locations of secret U.S. military bases and personnel movements in conflict zones like Afghanistan and Syria by displaying users' GPS-tracked exercise routes. Military analysts found that jogging trails at forward operating bases were clearly visible on the map, making it easy to identify facilities that don't appear on services like Google Maps, with U.S. military personnel being the primary Strava users in many ...

The FTC settled with Match Group and OkCupid over allegations that the dating app shared nearly 3 million user photos, along with location and demographic data, with AI facial recognition company Clarifai in 2014 without user consent or disclosure. The settlement, which includes no financial penalty, permanently prohibits the companies from misrepresenting how they handle user data, though Match did not admit wrongdoing. The FTC alleged the data-sharing violated OkCupid's own privacy policy, ...

A Strava data leak exposed activity logs from over 500 UK military personnel, revealing routes, habits, and locations tied to sensitive military sites including naval bases and submarine facilities. Investigators were able to identify specific individuals and even their family members by combining public workout data with account details and shared routes. The incident highlights how fitness app location data, left public by default, can be pieced together to map routines and compromise secur...

Probe launched after Hospital Authority data breach involving 56,0000 patients

Hims & Hers Health reported a data breach affecting a third-party customer service platform that exposed some customers' personal information, though medical records were not compromised. The telehealth company has notified regulators and affected users, and is offering free credit monitoring while law firms have begun investigating potential legal claims. The breach raises concerns about operational security for a company whose business model depends on customer trust in handling sensitive h...

Hong Kong's Hospital Authority disclosed that personal data of over 56,000 patients from Kowloon East hospitals was accessed without authorization and leaked on a third-party platform, including names, identity card numbers, birth dates, and details of surgical procedures. The breach was detected by monitoring systems early Friday morning and linked to a contractor's system maintenance work, which has been suspended. Both Hong Kong police and the privacy watchdog are investigating the inciden...

Hims Data Breach Tests Trust As Valuation Gap Attracts Investors

A former Greek MEP and three others are being investigated for allegedly misusing email addresses of expatriate voters who received campaign emails without consent. Greece's Data Protection Authority imposed fines totaling €490,000 on the political party New Democracy, the Interior Ministry, and several individuals for violating GDPR regulations and inadequate data protection measures. The case highlights enforcement against unauthorized use of personal data in political campaigning.

An IT system used by schools across Northern Ireland experienced a cyber attack, prompting the Education Authority to reset passwords for all users as a containment measure. The incident has locked students and staff out of their accounts, preventing access to educational materials and resources during the critical exam preparation period. Authorities are investigating whether any personal data was compromised, though this has not yet been confirmed.

A cyberattack on the Patriot Regional Emergency Communications Center in Massachusetts has disrupted phone systems and public safety operations in multiple towns, including Ashby, Dunstable, Pepperell, and Townsend. The attack, discovered Tuesday, has impacted police and fire departments' ability to communicate and respond to emergencies. No threat actor has claimed responsibility for the breach.

Cybercriminals are exploiting Anthropic's accidental leak of Claude Code's source code to create fake GitHub repositories that distribute Vidar information-stealing malware. On March 31, Anthropic inadvertently exposed the full client-side source code through a 59.8 MB JavaScript source map included in a published npm package. Attackers are using this leaked code to make malicious repositories appear legitimate, targeting users who may be searching for the AI coding tool.

Greek influencer Ioanna Touni was arrested in Thessaloniki after posting a video on social media that revealed the identity and image of a man who had been convicted in a revenge porn case where she was the victim. The man filed a complaint for breach of personal data laws, leading to her detention when she appeared at a police station to testify. Greek law prohibits publishing personal data, including images and identifying details, without consent, particularly for private individuals.

Ireland is testing a government-issued digital wallet that will store identification documents and enable age verification for social media access, ahead of a mandatory EU deadline in 2026. The wallet is currently in an opt-in pilot phase and is part of Ireland's Online Safety Code requirements for platforms to verify users' ages to protect children from online harm. Citizens can provide feedback through a government survey during the testing period.

What Ameriprise Financial (AMP)'s Data Breach Lawsuits Mean For Shareholders

Gun owners personal data hacked in cyberattack of French government site

A threat group called TeamPCP breached the European Commission's Amazon cloud environment using a stolen API key, exposing personal data including names, email addresses, and email content from at least 30 EU entities. The attackers exfiltrated a 90GB dataset containing tens of thousands of files, which was subsequently published on the dark web by data extortion group ShinyHunters. The breach affected 42 internal European Commission clients and at least 29 other Union entities using the euro...

AI recruiting firm Mercor confirmed it was compromised in a supply chain attack involving LiteLLM, an open-source library used to connect applications to AI services. Hackers claim to have stolen 4 terabytes of data including candidate profiles, personally identifiable information, video interviews, source code, and credentials. The breach affects one of Silicon Valley's prominent AI startups, which provides services to major AI companies including OpenAI, Anthropic, and Meta.

T-Mobile Sets the Record Straight on Latest Data Breach Filing - securityweek.com

Digital Extremes confirmed that an alleged data breach affecting over 3 million Warframe user accounts was false, instead identifying the leaked data as repackaged information from a 2014 breach that was publicly disclosed in 2016. The original breach compromised usernames and email addresses of nearly 800,000 accounts, but no new breach has occurred. The company encourages users to maintain strong passwords and enable two-factor authentication for account security.

Questions raised after Cherry Creek students notified of data breach, lawsuit

The Play ransomware group claims to have stolen 4 GB of data from Brokk, a Swedish demolition machinery manufacturer, including employee payroll information, tax details, IDs, financial records, and client files. The Russia-linked group has threatened to release the full dataset if ransom demands are not met, putting employees at risk of targeted scams and identity theft. While the breach claims remain unverified, the exposed personally identifiable information could create long-term security...

INSUFFICIENT The source material discusses a data breach at Central Maine Healthcare affecting over 145,000 people, but the title references a $17 million Naviance settlement. These appear to be different incidents, and the source material provides no information about Naviance, the settlement amount, families' eligibility, or settlement details mentioned in the title.

North Attleboro Public Schools in Massachusetts reported unauthorized activity on its network following a suspected cybersecurity incident. District officials have not disclosed the nature of the attack, whether any data was accessed, or who may be responsible. The incident affects the school district's network, though the full scope and impact on student and staff information remains unclear.

Concord Orthopaedics Professional Association agreed to a class action settlement after a November 2024 cyberattack compromised the personal information of 72,815 individuals, including Social Security numbers, health insurance details, and driver's license numbers. Affected individuals can claim up to $3,000 for documented losses from identity theft or fraud, plus up to $100 for time spent responding to the breach, with claims due by July 8, 2026. The settlement also offers one year of medic...

AGS Health® Expands Data Security Portfolio with HITRUST Certification

T-Mobile confirmed that a vendor employee improperly accessed one customer's account information, including name, contact details, account PIN, date of birth, driver's license number, and Social Security number. The company stated this was an isolated insider incident with no credential compromise, and it has reset the affected customer's account PIN, notified authorities, and contacted the customer directly. Financial account information and call records were not affected.

Brokk purportedly hacked by Play ransomware, data leaked

China's cyberspace regulator proposed rules requiring all digital human content to be clearly labeled and banning virtual humans from offering services like "virtual intimate relationships" to minors or creating profiles using others' personal information without consent. The draft regulations prohibit using digital humans to bypass identity verification systems and restrict content that could mislead children or fuel addiction. The rules reflect Beijing's effort to govern AI development whil...

GrammaTech, a U.S. cybersecurity research firm working with government agencies including DHS and NASA, was allegedly breached by the Play ransomware operation, which claims to have stolen private, personal, and business data. While no data samples were published on Play's leak site, researchers note the breach could potentially expose confidential details about classified systems the company works on, though the overall impact may be limited. Play ransomware has compromised at least 376 orga...

Data Security and Bug Bounty Programs: Lessons Learned from the Uber Breach and Security Researchers - U.S. Senate Committee on Commerce, Science, & Transportation (.gov)

Drift, a decentralized cryptocurrency exchange on the Solana blockchain, suffered a hack that drained $285 million in digital assets, potentially making it one of the largest crypto thefts in history. Security researchers believe the attacker exploited a vulnerability in a new lending market feature that allowed users to borrow against an illiquid token. The exchange suspended deposits and withdrawals while working with security firms and exchanges to contain the breach.

Binance formally denied media reports claiming it fired compliance investigators who flagged cryptocurrency transactions linked to Iran, calling the allegations "false and defamatory" and demanding retractions from the Wall Street Journal and New York Times. Company executives stated the departures were related to a separate data breach incident, not retaliation for compliance work, and emphasized their continued investment in a 1,500-person compliance team. The controversy centers on whether...

Questions remain after Oklahoma Tax Commission reveals data breach

Millions of freelancers potentially exposed, as side hustle platform faces breach allegations

Cardiovascular Consultants agreed to pay $3.85 million to settle a class action lawsuit stemming from a September 2023 cyberattack that exposed patients' Social Security numbers, medical records, addresses, and other sensitive information. Affected individuals who received breach notification can claim up to $5,000 for documented out-of-pocket losses related to the incident, plus two years of medical monitoring services. The cardiology practice denied wrongdoing but settled to avoid ongoing l...

INSUFFICIENT The source material appears to be only navigation menus and website structural elements from Law360, with no actual article content about the IRS, Booz Allen, or the tax data leak lawsuit mentioned in the title.

FBI Director Kash Patel's personal Gmail account was hacked by an Iranian-linked group called Handala HackTeam, which accessed historical personal information but no government data. The group claimed the breach was retaliation for the Department of Justice seizing four of its domains as part of ongoing cybercrime enforcement operations. The incident highlights ongoing cybersecurity concerns as approximately 60 percent of the Cybersecurity and Infrastructure Security Agency's employees remain...

Mercer Advisors, a wealth management firm, suffered a data breach in which cybercriminals accessed files containing sensitive personal information of thousands of clients, including names, Social Security numbers, financial account details, medical information, and driver's license numbers. The breach, discovered in January 2026, involved the hacking group ShinyHunters, which allegedly extracted over 5.7 million records and released the data on the dark web after Mercer declined to pay a rans...

AGS Health, a healthcare revenue cycle management company, has obtained HITRUST i1 certification for its cloud and on-premises infrastructure, verifying that it meets rigorous cybersecurity standards for protecting sensitive healthcare data. The certification, independently validated through third-party testing, covers the company's enterprise systems, AI platforms, and global operations across AWS, Microsoft Azure, and physical office locations. This matters to users because it confirms stro...

INSUFFICIENT The source material describes data breaches at Synopsys and Mercer Advisors, but the title references an "IPPC Data Breach." There is no mention of any entity called "IPPC" in the provided content, making it impossible to accurately summarize the event referenced in the title.

The Oklahoma Tax Commission reported that unauthorized individuals accessed personal information through its taxpayer portal in December, though the agency has not disclosed how many people were affected or what specific data was compromised. The commission is sending notification letters to impacted taxpayers and offering free credit monitoring and identity theft protection services. Officials have not released details about how the breach occurred or provided a timeline for disclosing the f...

Nacogdoches Memorial Hospital disclosed that a January 31 cyberattack compromised its computer network, potentially exposing patient information including names, Social Security numbers, dates of birth, medical record numbers, and in some cases photographs. The hospital has notified affected patients by letter and established a hotline for questions, stating no confirmed misuse of data has been detected so far. NMH says it has enhanced network security measures and updated procedures to preve...

Nacogdoches Memorial Hospital says system hacked, possibly revealing patient data

INSUFFICIENT The source material consists of generic law firm press releases announcing investigations into multiple different data breaches (ID Care, OrthoMinds, Nacogdoches Memorial Hospital, TriMed) but provides no substantive information about the specific Nacogdoches Memorial Hospital breach mentioned in the title. The articles contain only boilerplate legal language and investigative announcements without details about what happened, when it occurred, what data was compromised, or how ...

Dutch football club Ajax suffered a data breach through vulnerabilities in its website and app that exposed email addresses of hundreds of fans and allowed hackers to potentially steal or disable over 42,000 season tickets and manipulate stadium bans. The breach affected more than 300,000 registered Ajax fans, with personal data including names, email addresses, and birth dates accessed for individuals with stadium bans. Ajax has patched the vulnerabilities, notified affected parties, and rep...

INSUFFICIENT The source material does not contain any information about a SATS data breach or privacy event. The provided content discusses Matas share buy-back transactions and EchoStar's Hughes JUPITER System deployment in Kazakhstan, neither of which relates to the claimed criminal data breach mentioned in the title.

Average cost of data breach $4.4m: Axa XL, Thales

INSUFFICIENT The source material lacks essential details about the alleged Nike data breach, including what type of customer information was exposed, how many people were affected, how the breach occurred, or when it happened. Without these basic facts, a meaningful and accurate summary cannot be written.

Mazda Motor Corporation disclosed that attackers exploited a vulnerability in a warehouse management system for Thai-sourced parts, exposing 692 records containing employee and business partner information including names, email addresses, and company identifiers. The breach, detected in mid-December 2025 but disclosed three months later, did not affect customer data, though Mazda warned that exposed corporate emails and names could enable targeted phishing attacks. The company has implemente...

The FBI reported a major cyber incident to Congress involving Chinese state-backed hackers who infiltrated its systems through a commercial internet service provider, compromising sensitive surveillance data including pen register records and personally identifiable information from FBI investigations. The breach, which the FBI has not experienced at this scale since at least 2020, exposed information that could reveal FBI surveillance targets and is part of broader Chinese campaigns targetin...

Hasbro disclosed to the SEC that it detected unauthorized access to its corporate network on March 28, prompting the company to take systems offline and launch an investigation with cybersecurity professionals. The toy company, which owns major brands including Peppa Pig and Dungeons & Dragons, warned that disruptions could continue for several weeks, but has not yet confirmed whether consumer data was compromised. The breach raises particular concerns given Hasbro's management of children's ...

3rd Ex-Staples Employee Sues Over Alleged Data Hack

St. Joseph County, Indiana confirmed a data breach of its third-party cloud-based fax server by a hacker group called Handala Hack, which claimed to have accessed two terabytes of data including employee information, police reports, and health records. County officials say the breach was limited to approximately 20 days of fax server history and far less data was compromised than claimed, with no files deleted from other systems. The FBI and state officials have been notified, and the issue h...

Intuitive Surgical disclosed that a phishing attack compromised employee credentials and exposed internal data including names, specialties, procedure records, training histories, and complaints of surgeons and hospital administrators who use the company's da Vinci robotic surgery systems. The attackers did not access patient health records, financial information, or the surgical robots themselves, which remained isolated through network segmentation. The breach affects healthcare providers w...

A California federal court denied X.AI's request to block enforcement of the state's AI Training Data Transparency law, which requires generative AI developers to publicly disclose details about datasets used to train their systems, including whether they contain personal or copyrighted content. The court rejected X.AI's arguments that the disclosure requirements would destroy trade secrets and violate free speech rights, finding the company failed to demonstrate its datasets merit special pr...

The FBI issued a public alert warning that foreign-developed mobile apps, particularly those from China, pose data security risks because Chinese law may compel developers to share user data with the government. The alert notes these apps can collect extensive personal information including contacts, location data, and system prompts, often storing it on servers in China, and some may contain hard-to-remove malware. The FBI recommends users disable unnecessary data sharing, only download apps...

INSUFFICIENT The source material discusses multiple data breaches (LexisNexis Risk Solutions, Change Healthcare, and Bradford Health Services) without clearly identifying which breach relates to Liberty Bankers Life Insurance Company mentioned in the title. The content primarily consists of legal solicitation templates rather than factual reporting about a specific Liberty Bankers Life breach, making it impossible to write an accurate summary about what happened and who was affected.

INSUFFICIENT The source material only contains a headline stating that TriMed suffered a data breach, but provides no details about the scope, nature, or impact of the incident. The remaining content consists of unrelated breach summaries from other organizations.

Banking tech data breach exposes 672K in ransomware attack

INSUFFICIENT The source material contains information about three separate data breaches (Delta County Memorial Hospital, Nacogdoches Memorial Hospital, and Hims & Hers), with conflicting details and dates that don't align with the event title referencing Nacogdoches Memorial Hospital. The content is fragmented and unclear about which specific breach should be summarized.

South Korean telecom operator KT Corp. appointed Park Yoon-young as its new CEO following a major data breach in September that resulted in unauthorized micropayments and subscriber losses. The company waived contract cancellation penalties for affected customers, leading over 150,000 users to switch mobile carriers within nine days. The new CEO is expected to focus on stabilizing operations and restoring customer trust while pursuing AI-driven growth strategies.

FTC Warns Dating App User Photos May Have Been Used to Train AI Without Consent

A new phishing campaign called "ClickFix" targets macOS users by disguising itself as a CAPTCHA verification and tricking victims into manually executing malicious terminal commands that steal login credentials, browser data, and cryptocurrency wallet files. The attack uses fake Cloudflare-style verification pages to social engineer users into pasting base64-encoded scripts that harvest sensitive files from their Desktop, Documents, and browser profiles including saved passwords, cookies, and...

INSUFFICIENT The source material discusses a Celsius energy drink class-action lawsuit related to misleading advertising about preservatives and a separate breach of contract case with Flo Rida. There is no information about Nike or any data breach in the provided content.

A database containing 2.7 billion records allegedly stolen from National Public Data - a company that collects and sells personal information from public sources - was posted for free download on a criminal forum. The leaked data reportedly includes names, addresses, and social security numbers of U.S. residents, though the records contain duplicates and some inaccuracies. NPD now faces multiple lawsuits for failing to protect user data, with plaintiffs demanding the company delete collected ...

Iowa's Attorney General filed a lawsuit against Change Healthcare following a February 2024 data breach that exposed sensitive information - including Social Security numbers, medical records, and health insurance details - of nearly 2.2 million Iowans. The breach went undetected for 10 days while hackers installed malware and stole data through a remote access portal lacking multifactor authentication, and the company waited five months to notify affected individuals. The lawsuit alleges vio...

What Match Group (MTCH)'s FTC Privacy Settlement With OkCupid Data-Sharing Allegations Means For Shareholders

OkCupid and parent company Match Group settled with the FTC over allegations they gave AI firm Clarifai unrestricted access to users' demographic data, location information, and nearly 3 million photos without consent or opt-out options. The proposed settlement includes a 20-year order requiring clearer disclosures about how the companies handle sensitive user data, including messages, health information, photos, and location details. The companies have not admitted liability in the case.

Uhlig lawsuit claims customer illegally scraped data from website, then resold it

INSUFFICIENT The source material describes a business infrastructure announcement about an AI data center construction project. While it mentions "data sovereignty" in passing, there is no substantive information about privacy policies, data protection practices, user data handling, regulatory compliance, or other privacy-related developments that would constitute a meaningful privacy event summary.

A faulty software update at Lloyds exposed mobile banking users' transaction data to other users of the application, affecting 450,000 individuals. The incident allowed customers to inadvertently view other users' banking transactions through the mobile app. This software error highlights the risks of inadequate testing before deploying updates to sensitive financial applications.

SPARXiQ Awarded SOC 2 Type 2, Strengthening Client Trust in Data Security and Operational Integrity

UnitedHealth Group confirmed that a ransomware attack on its subsidiary Change Healthcare exposed protected health information and personally identifiable information potentially affecting a substantial proportion of people in America. The company paid $22 million in ransom but never received the stolen data back because the ransomware operator ALPHV took the payment and shut down, leaving the affiliate attackers and the victim empty-handed. UnitedHealth is offering affected individuals two y...

A California shopper filed a class-action lawsuit against Nike over a January data breach that allegedly exposed customer names, email addresses, billing information, and payment card details through unauthorized access to a third-party portal. The suit claims Nike failed to encrypt sensitive data and waited roughly a month after discovering the breach on January 21 before notifying customers. Plaintiffs are seeking at least $5 million in damages plus long-term credit monitoring for all affec...

Class-action lawsuit filed against Nike over data breach

Ajax forced a hacker to sign an NDA to hide a 2017 data breach: now he's telling it all

A patient who received an X-ray at West Tallinn Central Hospital in Estonia was given a supposedly new USB drive to transfer their medical images, but discovered it also contained health data from several other patients. The hospital has not yet explained how patient data ended up on what was meant to be a blank drive and says it will investigate only after the patient files a formal complaint. The incident exposed sensitive health information of multiple individuals through what appears to b...

Louis Vuitton hit with another class action in Salesforce-related data breach - Class Action Lawsuits

CareCloud, a healthcare IT platform, has disclosed a cybersecurity incident affecting one of its electronic health record environments and is investigating a potential data breach. The incident involves systems that store sensitive patient medical information, though the company has not yet confirmed what data may have been compromised. Healthcare data breaches pose significant privacy risks to patients whose medical records and personal information could be exposed.

Italy data protection agency fines Intesa Sanpaolo $36 mln over data breach

Law firm Pillsbury Winthrop Shaw Pittman has filed a motion to dismiss a data breach lawsuit, arguing that the plaintiffs were not clients and have failed to show concrete damages from the unauthorized access to their personal information. The case raises questions about whether law firms have legal obligations to protect data of non-clients whose information they possess. If successful, the dismissal could set a precedent limiting liability for firms when breached data belongs to individuals...

Iran-linked hackers claimed to have published personal data of dozens of Lockheed Martin employees stationed in the Middle East, according to statements from the hacker group Handala and the company. Lockheed Martin confirmed awareness of the reports and said it has policies and procedures in place to mitigate cyber threats. The breach is part of a broader campaign by the hacker group, which also recently targeted FBI Director Kash Patel's personal email and medical device company Stryker.

Aroostook Mental Health Services Data Breach Lawsuit Investigation

Match Group and its subsidiary OkCupid settled with the FTC over allegations that the dating platform shared three million user photos and location data with facial recognition company Clarifai in 2014 without informing users or providing an opt-out option. The FTC claimed this violated OkCupid's privacy policy, which only allowed sharing with service providers and business partners, not unrelated third parties. Under the settlement, which carries no monetary penalty, Match Group is permanent...

The FTC announced enforcement action against OkCupid and Match Group for allegedly sharing nearly 3 million users' personal data - including photos, location information, and demographics - with a third party without authorization or contractual restrictions, reportedly because OkCupid's founders had financial ties to the recipient. Under the proposed settlement, both companies are permanently barred from misrepresenting their data collection, use, and disclosure practices, with future violat...

Italy's data protection authority fined Intesa Sanpaolo, the country's largest banking group, €31.8 million after an employee improperly accessed the banking information of 3,573 customers over a two-year period from February 2022 to April 2024. The regulator cited inadequate technical and organizational security measures that allowed the employee to conduct more than 6,600 unauthorized queries. The penalty represents one of Italy's largest data protection fines for insider misuse of customer...

FTC levies no fines after dating site caught giving AI company user data - Straight Arrow News

INSUFFICIENT The source material does not contain information about a Nike data breach or a California woman filing a class action lawsuit against Nike. The provided content discusses unrelated topics: a Target parking lot injury case, an Oakwood University data breach lawsuit, and Virginia's hands-free driving law.

T-Mobile confirmed a data breach affecting 47.8 million people, including 7.8 million current postpaid customers, over 40 million former or prospective customers, and 850,000 prepaid customers. Stolen data included names, dates of birth, Social Security numbers, and driver's license information, while 850,000 prepaid customers also had phone numbers and account PINs exposed. T-Mobile stated that payment card information was not compromised and reset PINs for affected prepaid accounts after di...

TransUnion confirmed a late-July data breach affecting its US consumer support operations, with 4.5 million Maine residents and Canadian consumers impacted, though the company states South African credit data was not compromised. The breach involved unauthorized access to limited personal information for a small percentage of US consumers, and was reported to Maine authorities in late August. This incident adds to a growing wave of cyberattacks targeting organizations globally, including rece...

A California woman filed a class-action lawsuit against Nike alleging the company failed to adequately protect customer data during a January 2026 breach that exposed names, email addresses, billing addresses, phone numbers, and payment card information. The lawsuit claims Nike discovered the breach around January 21 but waited more than a month to notify affected customers, and seeks at least $5 million in damages plus credit monitoring services. Nike stated that no full payment card details...

Rocky Mountain Care, a Utah-based healthcare provider, disclosed that unauthorized third parties accessed files on its network between January 30 and February 2, 2026, following a ransomware attack by the Qilin group. The company is still reviewing what personal information was compromised and whether protected health information was exposed, while offering affected individuals assistance through a dedicated helpline and recommending they monitor their accounts for suspicious activity. It rem...

Data breach at US insurance firm may have exposed personal data of 7,400 people

The UK Ministry of Defence's 2022 data breach exposed personal details of approximately 18,700 Afghan applicants to resettlement schemes, but was only discovered in 2023. More than six months after the breach was publicly revealed, around 400 affected Afghans and 1,900 family members remain stranded in Afghanistan and neighboring countries despite government promises to evacuate them. Campaigners warn that evacuation efforts are proceeding too slowly while affected individuals face potential ...

Bangladeshi retail chain Shwapno filed a police report seven months after hackers breached its customer database in August, demanding $1.5 million ransom and later leaking over 410 GB of data on the dark web. The leaked information includes customer names and phone numbers, supplier details, sales records, and internal company documents. Shwapno delayed reporting because its technical team initially claimed the data had been recovered, but filed the complaint after discovering the data leak o...

CareCloud reported to the SEC that an unauthorized third party temporarily accessed one of its six electronic health record environments on March 16, disrupting functionality for about eight hours before systems were restored. The health technology company is investigating whether patient information was accessed or stolen during the breach, which affected its CareCloud Health division but was reportedly contained to that single environment. CareCloud has engaged cybersecurity experts and not...

A threat actor is selling a database containing personal information of 1.5 million Binance users, including names, email addresses, phone numbers, two-factor authentication statuses, and login IP addresses. Cybersecurity investigators determined the data was obtained through a sophisticated scraping attack that bypassed security mechanisms like Captcha, rather than a direct server breach. The exposed information, particularly 2FA and KYC data, leaves affected users vulnerable to SIM-swap att...

Settlement approved for Canadians affected by past 23andMe data breach

Data breach suspected after attack on EU Commission website

CRUNCHYROLL Facing Class Action Lawsuit Over Third-Party Data Breach Involving User Names, Emails, And More

Hong Kong's Correctional Services Department disclosed that a hacker illegally accessed its IT systems on Tuesday, compromising personal data of 6,800 current and former prison employees including names, birthdates, academic qualifications, employment history, and email addresses. The breach occurred when the attacker first infiltrated the department's internal Knowledge Management System and then gained entry to a separate system containing staff data. Authorities have notified affected indi...

Anthropic accidentally leaked nearly 3,000 internal assets, including details about its upcoming "Claude Mythos" AI model and other confidential materials, through a misconfigured content management system that failed to mark items as private. The data was stored in a publicly accessible data lake, making internal documents, PDFs, and images available to anyone who found them. The leak affects Anthropic's business operations and exposes unreleased product information that was meant to remain ...

Lloyds Banking Group Data Breach: IT Failure Exposed Customer Details - News and Statistics

Bangladesh retail chain Shwapno disclosed that hackers breached its customer database in August 2025, demanding $1.5 million in ransom, with portions of customer data - including names, phone numbers, and purchase histories - recently circulating on social media. The company, which has over 4 million registered customers across 812 outlets, says it secured its database after the initial breach but was unaware hackers had retained some data until it surfaced publicly months later. Shwapno is n...

INSUFFICIENT The source material does not contain factual information about a ShinyHunters hack of the European Commission. The content includes fragments about Iranian election interference and a security newsletter mentioning ShinyHunters in unrelated contexts, but provides no details about what happened, when it occurred, or what data may have been compromised in any alleged European Commission breach.

Metro resumes TAP card sales after data breach | 2 Urban Girls - Urban News, Politics, Local Theatre & More

A data breach at student information system provider Infinite Campus exposed support tickets containing names and sensitive details about specific students, including information about disabilities, disciplinary actions, and arrests. While most of the leaked data involved proprietary or client information without personal details, approximately two dozen support requests submitted by school employees referenced students by name in contexts involving attendance issues, special education status...

A technical glitch at Lloyds Banking Group in May exposed transaction details of approximately 485,000 customers to other users for five days, allowing logged-in customers to view other people's payment amounts, merchant names, and transaction dates. The UK's Information Commissioner's Office is investigating the incident, which affected customers across Lloyds, Halifax, and Bank of Scotland. While no passwords were compromised or funds stolen, the breach revealed sensitive financial behavior...

Dutch Police discloses security breach after phishing attack

Ajax data breach exposed season tickets, supporter bans open to tampering - Help Net Security

Monmouth University Data Breach Reported; Attorneys Investigating

Excelsior Orthopaedics; Buffalo Surgery Center Pay $2.4 Million to Settle Data Breach Lawsuit

Iranian hackers, Handala, claim to compromise FBI Director Kash Patel’s personal data

Krispy Kreme settles data breach class action for $1.6 million: Who can claim a payout and how to file

Ransomware Attack Totally Cripples Jackson County Sheriff’s Office in Indiana: From a report on cyber.netsecops.io: Executive Summary A debilitating ransomware attack has completely crippled the IT operations of the Jackson County Sheriff’s Office in Indiana. The attack, which struck last week, has rendered the department’s entire computer network,...

Lakeview Loan Servicing agrees to $26M settlement over data breach. Here's how to file a claim

Corewell Health says patients' social security numbers and more may have been compromised in data breach

LeakBase’s “Chucky” detained in Russia: TASS reports: Police have detained a Taganrog resident suspected of administering LeakBase, one of the largest hacker platforms. Law enforcement officials told TASS. The detained Taganrog resident is suspected of administering “one of the largest international hacker platforms,...

Eye Physicians of Central Florida data breach class action settlement - Class Action Lawsuits

European Parliament rejects extension of CSAM scanning rules for tech platforms

Austria plans social media ban for children under 14

Hightower Holding Data Breach Claims Investigated by Lynch Carpenter

INSUFFICIENT The source material discusses two separate data breaches (UMass Dartmouth and STRATeBEN) but the event title references "Monmouth University." There is no information about Monmouth University in the provided content, making it impossible to write an accurate summary about the stated event.

The European Commission confirmed a cyberattack on its cloud infrastructure hosting Europa.eu websites, with hackers reportedly stealing over 350 gigabytes of data from the Commission's Amazon Web Services account. The Commission stated its internal systems were not affected and the attack has been contained, though the investigation is ongoing to determine what specific data was taken. The breach affected the Commission's web presence platform, and the organization is notifying entities that...

Iran-linked hackers breached FBI Director Kash Patel's personal Gmail account and published over 300 emails along with personal photographs dating from 2010 to 2019. The FBI confirmed the breach but stated the compromised data was historical and contained no government information, while the hacker group Handala Hack Team - believed by Western researchers to be linked to Iranian government cyber-intelligence - publicly posted the materials on their website. The incident demonstrates the vulne...

A software update to Lloyds Banking Group's mobile apps on March 12 caused a glitch that exposed personal data of nearly 500,000 customers, allowing users to view others' payment details, account information, and national insurance numbers for brief moments. The bank reported 114,182 people actually clicked into transactions revealing this sensitive information, and has paid £139,000 in compensation to over 3,600 customers for distress, though no financial losses occurred. Lloyds reported the...

Colorado's House of Representatives has advanced legislation that would prohibit companies from using consumers' personal data - such as browsing history, location, and financial status - to set individualized prices or wages through AI algorithms. The bill targets practices like charging higher prices to people perceived as willing to pay more or offering lower wages based on surveillance data, treating such conduct as a deceptive trade practice subject to civil penalties. If passed, Colorad...

INSUFFICIENT The source material does not contain information about a California District Court upholding transparency requirements for generative AI training data. The provided text discusses unrelated legal topics including defamation cases, extradition proceedings, and privacy in the metaverse, but does not address the event described in the title.

Hightower Holding LLC, a Chicago and New York-based investment firm, experienced a cybersecurity incident in which an unauthorized person accessed its network and may have obtained personal information of over 100,000 individuals, including names combined with Social Security numbers and driver's license numbers. A law firm is now investigating potential claims related to the breach on behalf of affected individuals who may be entitled to compensation.

Nearly 447,936 customers of Lloyds Banking Group brands (Lloyds, Halifax, and Bank of Scotland) had their personal data exposed to other customers on March 12 due to a software defect from an overnight IT update. The breach allowed 114,182 people to view others' transactions, potentially including account details, national insurance numbers, and payment references. Lloyds has paid £139,000 in compensation to 3,625 affected customers, though no financial losses have been identified so far.

Data Breach Hits Benefits Administrator Navia, Affecting Nearly 2.7 Million People

KERBER, ECK & BRAECKEL REACHES $1.4 MILLION SETTLEMENT OVER DATA BREACH IMPACTING CHRISTOPHER RURAL HEALTH PATIENTS

EU says Pornhub and others failed to stop minors accessing adult content

The College of Health Care Professionals Data Breach Lawsuit Investigation

Judge tosses out X's advertiser boycott lawsuit

FBI Resumes Buying Commercial Data Renewing Debate Over Warrantless Surveillance

GitHub to Train AI With User Data by Default

Denmark School District investigating ‘potential data security incident’

Year-Long Online Surveillance Violated Man’s Privacy Right

Sanders and Ocasio-Cortez introduce a bill to pause US data center construction

The FBI has resumed purchasing commercially available data on American citizens for investigations, including potentially location data, according to testimony from FBI Director Kash Patel before the Senate Intelligence Committee. This reverses a 2023 statement by former FBI Director Christopher Wray that the agency had stopped buying such data, reigniting debate over whether the practice circumvents Fourth Amendment warrant requirements. Lawmakers have introduced the Government Surveillance ...

GitHub announced it will use user data to train its AI models under an opt-out system that automatically enrolls Free, Pro, and Pro+ users, while exempting Business, Enterprise, student, and teacher accounts. The training will include code snippets, prompts, file structures, user feedback, and interactions with Copilot, though content from private repositories at rest is excluded. Users must actively opt out to prevent their data from being used in AI training.

NHRC Issues Notice To MeitY Over Lapses On Children's Digital Safety, Data Breach By Digital Platforms

Public Safety Committee of Seattle City Council approves measures related to immigration, surveillance data

Taiwan plans national security law revisions after TSMC data breach involving former SVP

Oklahoma signs new data privacy law as experts warn of risks on public Wi-Fi

PowerSchool returning to Charlotte-Mecklenburg Schools despite massive data breach in 2024

Handala Hackers Releases Massive Data Breach of Former Mossad Chief

Lewis Drug faces lawsuits over data breach

Handala Hackers Alleges Massive Data Breach of Tamir Pardo, Former Mossad Chief: As posted by the Iranian news agency, WANA: The hacker group Handala announced that it has released 14 gigabytes of personal and highly confidential documents belonging to Tamir Pardo as proof of concept (PoC). A message from Handala that accompanies some screengrabs offered as...

Anime streaming giant Crunchyroll says hacker stole data related to customer service tickets: Jonathan Greig reports: The popular anime streaming platform Crunchyroll confirmed on Monday evening that a batch of customer information leaked online over the weekend is legitimate. In a statement to Recorded Future News, a spokesperson for the company said their investigation...

Malware on Luxembourg public sector devices was active for almost a month: Alex Stevensson reports: Thousands of devices owned by the Luxembourg public sector found to be infected with malware at the end of February have since been updated and secured, digitalisation minister Stéphanie Obertin has said. The security breach was confirmed on 27 February...

TeamPCP Hits Trivy, Checkmarx, and LiteLLM in Credential Theft Campaign: Deeba Ahmed reports on some of TeamPCP’s dangerously effective recent activities: What Happened? The trouble began on 19 March 2026, when a hacking group calling themselves TeamPCP managed to break into Trivy, a popular tool used by developers to scan their code for security...

Delaware Supreme Court Reverses, Holds Cyber Insurers Sufficiently Pled Collective Subrogation Claim Resulting from Blackbaud Data Breach: The fallout from the massive Blackbaud breach is not over, it seems. Lydia Mills of Wiley Rein writes: Reversing the decision below, the Delaware Supreme Court held that a group of cyber liability insurers sufficiently pled a complaint for subrogation based on breach of...

Emanuel Medical Center Data Breach Affects 28K; Lawyers Investigating

SoFi class action alleges data breach exposed sensitive customer information - Class Action Lawsuits

Ajax just suffered a data breach exposing personal information of over 300,000 soccer fans

Trio-Tech International Reports Data Breach to SEC

Sen. Scott Sues Booz Hamilton, IRS Leaker Over Data Breach

Fidelity Reaches $2.5M Settlement Over Data Breach Affecting 155,000 Customers

Nike Hit With Suit Over January Data Breach Affecting Thousands

Florida senator sues Booz Allen over his leaked tax returns: Gary Fineout reports:  Sen. Rick Scott is suing a major government contractor for damages after his tax returns were leaked along with other prominent and wealthy figures, including President Donald Trump. The Florida Republican on Monday filed a lawsuit against Booz Allen...

Bank to pay $12,500 from $5.2m data settlement - see if you got the notice

AG: Louisiana secures federal consent decree over social media censorship

Hightower, a wealth management firm, disclosed a data breach affecting approximately 131,483 individuals after cybercriminals accessed client information including names, Social Security numbers, and driver's license numbers on January 8. A former employee filed a class-action lawsuit alleging the firm failed to properly protect client data through encryption and other security measures. Affected individuals face ongoing risks of identity theft and potential exposure of their data on the dark...

Lewis Drug is facing multiple class-action lawsuits after a March 3 ransomware attack by the group AliLock allegedly compromised 110 gigabytes of customer data from its pharmacies across South Dakota, Iowa, and Minnesota. The breach reportedly exposed sensitive information including names, Social Security numbers, dates of birth, contact information, and confidential medical records. The lawsuits seek to represent all affected Lewis Drug customers impacted by the data exposure.

Mazda Data Breach Exposing Employee and Partner Records Via System Vulnerability - CyberSecurityNews

Minnesota delays new disability waiver program amid data breach

3.1 Million Impacted by QualDerm Data Breach - SecurityWeek

Foster City goes offline after cybersecurity breach: The Daily Journal reports: Days after a cybersecurity breach that was “widely impacting city services,” the city of Foster City has moved its network offline, an action that disrupted its phone and email systems outside of emergency response, according to the city. City staff...

HackerOne slams supplier for delayed breach notice after staff data exposed

Clinica Family Health & Wellness reveals 2025 data breach

Data breach in French Education Ministry information system hits 243,000 staff

Infinite Campus warns of breach after ShinyHunters claims data theft

Washington DOL hid License Express data breach for six years, lawsuit claims

HackerOne discloses employee data breach after Navia hack

Columbus nonprofit organization announces data breach of its computer network

Millions of Anonymous Student and Crime Tips Exposed in Major Data Breach

Toll of Kaplan data breach surpasses 230K

Crunchyroll confirms data breach after hacker claims unauthorized access

Crunchyroll Data Breach: Threat Actor Claims Exfiltration of 100 GB of User Data - Security Boulevard

Telehealth Platform Provider OpenLoop Health Disclosed Data Breach

Massive data breach at Lockheed Martin claimed by pro-Iran hacktivist

OVHcloud Founder Denies Massive 590TB Data Breach Claims

243,000 French Public School Employees Victims of Hack: La Revue Technique reports: A cyberattack on a French Education Ministry HR system has exposed personal information tied to roughly 243,000 public education employees, most of them teachers, raising fears of targeted scams and identity fraud. French officials say the breach hit...

Family of UMMC patient speaks out after cyberattack during lifesaving surgery: WBAL reports: A Mississippi family is sharing their story for the first time after a cyberattack disrupted operations at a major hospital system in the middle of a lifesaving surgery. At the University of Mississippi Medical Center, patient Wade Watts was undergoing a liver...

Austin Plastic Surgery Data Breach Exposes Sensitive Personal and Health Info

50 Israeli companies ‘digitally erased’: On March 9, The Jerusalem Post reported that the Israel National Cyber Directorate had received a growing number of reports of cyberattacks aimed at destroying information and systems to disrupt the functioning of the home front economy. At that point, National Cyber Directorate...

Data breach at Dutch Ministry of Finance impacts staff following cyberattack - Security Affairs

Florida Medicare members’ data exposed as Mirra Health improperly outsourced records overseas: Skyler Shepard reports: State investigators say Mirra Health jeopardized the safety of thousands of Floridians by sharing their sensitive health data with unauthorized companies overseas. Florida Insurance Commissioner Mike Yaworsky suspended Mirra Health Care LLC on Tuesday...

Data Breach Alert: Edelson Lechtzin LLP Investigates QualDerm Partners, LLC Data Breach Affecting More Than 3 Million Individuals

NCLA Reaches Historic Settlement, Strikes Major Blow Against Government’s Social Media Censorship

Fiserv, Credit Union Settle Payment Data Security Lawsuit

CrowdStrike expands Falcon platform with threat-informed cloud risk and data security tools

Wilson Pauses Surveillance Camera Expansion, Pending Data Security Audit

Lehigh Carbon CC Still Recovering From Data Breach

Spain's data protection agency fines school after pupils access inappropriate online content

Sweden’s national digital ID system (BankID) compromised after hacker group ByteToBreach breached CGI’s Swedish division - source code, passwords, encryption keys, and personal data of 8.6 million citizens exposed and reportedly sold on the dark web

Crunchyroll Data Breach: Cybersecurity Sources Report 100GB Leak

AU: Fairfield Council obtains injunction against unknown threat actors in ransomware incident: Anthony Segaert reports: A western Sydney council is communicating with anonymous hackers by sending Dropbox links into a chatroom, after it suffered a major data breach. In October last year, Fairfield Council’s servers - which contained personal, financial and property...

Hackers target schools, towns in alarming attacks. Why aren’t more using New Jersey’s MS-ISAC ybersecurity service?: If you’re asking, “What MS-ISAC service?”, you’re not alone. Brianna Kudisch reports: A nationwide data breach exposing millions of K-12 students’ information, including kids in Cranford and Millburn. […] In November 2025, New Jersey signed on as a statewide member of...

Stockton Cardiology Ransomware Data Breach: 645GB Exposed

3.7 Million Telehealth Patients Allegedly Affected By Two Recent Breaches: He hasn’t attracted much attention or media coverage yet, and he doesn’t have any leak site or Telegram account. However, those reporting breaches involving patient data should note a threat actor known as “Stuckin2019” (or simply “Stuck”).  Two of his recent attacks allegedly...

If threat actors gave you a chance to redact the patient data they hacked before they leak it, would you take them up on the offer? Read about the Woundtech incident.: On January 2, while many were still greeting each other with “Happy New Year,” Wound Technology Network (“Woundtech”), a Florida-headquartered mobile wound treatment provider, was not off to a great start for the year. On or about December 6, 2025, they had become aware of...

Lapsus$ Hackers disclose more about AstraZeneca Data Breach - Cybersecurity Insiders

PURA set to vote Wednesday on Aquarion sale, Avangrid data breach findings

Utah Medical Clinic Sued by Insurer Over Data Breach Coverage

Crunchyroll Officially Responds to Data Breach With New Statement

Kaplan Data Breach Exposes Personal Information: Murphy Law Firm Investigates Legal Claims

Kaplan North America Data Breach Alert Issued By Wolf Haldenstein

Education company Kaplan reports data breach impacting more than 230,000

Was Your Personal Information Sold in WA DOL Data Breach? Lawsuit Claims It Might Have

Mutual of America Data Breach Exposes PII Including SSNs

Who are ShinyHunters and what is Telus Digital? Crunchyroll data breach explained. Here's how much and wha

RuneScape Boards - 222,762 breached accounts: In around 2011, the now defunct RuneScape Boards forum (also known as RSBoards) suffered a data breach that was later redistributed as part of a larger corpus of data . The vBulletin-based service exposed 223k unique email addresses along with usernames, IP addresses and salted...

Heritage Bank Data Breach Claims Investigated by Lynch Carpenter

Lehigh Carbon Community College reopens rest of sites weeks after reported data breach, but IT disruptions persist

In Ohio County, Phishing Attack May Have Led to a Data Breach

Initial Access Broker sentenced to 81 months in prison for enabling Yanluowang ransomware gang: A press release from the U.S. Department of Justice about a Russian initial access broker who pleaded guilty in November, 2025: A court in the Southern District of Indiana today sentenced a Russian citizen, Aleksei Volkov, to 81 months in prison for assisting major cybercrime...

GoFan’s Privacy Fine: What Every Youth Sports Platform Can Learn

German security researcher claims Malta regulator data breach

Balance Autism Settles Class Action Data Breach Lawsuit

Fidelity agrees to $2.5M class action settlement over alleged data security failure - Class Action Lawsuits

Attorney General Jackley's Genetic Data Privacy Bill Signed into Law

Oklahoma's new data privacy law aims to give consumers more control

Senate confirms FBI bought Americans’ location data, privacy groups demand oversight

Major Data Privacy Bill Signed into Law; New law, effective 2027, gives Oklahomans greater control over personal information

Heritage Bank Data Breach Lawsuit Investigation

Coupang nears full user recovery after data breach

PowerSchool, Bain Can't Skirt MDL Over Student Data Breach

WATCH: Still waiting for WA DOL to respond to alleged massive data breach

Charlottesville Settlement Company data breach impacts over 22,000 customers

North Carolina tech worker found guilty of insider attack netting $2.5M ransom: Matt Kapko reports: A 27-year-old North Carolina man was found guilty of six counts of extortion for a series of crimes he committed while working as a data analyst contractor for a D.C.-based international technology company, the Justice Department said Thursday. Cameron...