Shopify (Merchant Data)
860K merchant store records including revenue data exposed via compromised support tool
Latest Disclosures
Tenet Healthcare
2.4M patient records stolen from 65 hospitals in coordinated supply chain attack
Vite Vitejs
Vite Vitejs Improper Access Control Vulnerability — Vite Vitejs contains an improper access control vulnerability that exposes content of non-allowed files using ?inline&import or ?raw?import. Only apps explicitly exposi
Prettier eslint-config-prettier
Prettier eslint-config-prettier Embedded Malicious Code Vulnerability — Prettier eslint-config-prettier contains an embedded malicious code vulnerability. Installing an affected package executes an install.js file that l
Synacor Zimbra Collaboration Suite (ZCS)
Synacor Zimbra Collaboration Suite (ZCS) PHP Remote File Inclusion Vulnerability — Synacor Zimbra Collaboration Suite (ZCS) contains a PHP remote file inclusion vulnerability that could allow for remote attackers to craf
Versa Concerto
Versa Concerto Improper Authentication Vulnerability — Versa Concerto SD-WAN orchestration platform contains an improper authentication vulnerability in the Traefik reverse proxy configuration, allowing at attacker to ac
HSBC (Global)
1.6M customer records from US and UK operations exposed via MOVEit successor vulnerability
Ramsay Health Care (Australia)
2.3M patient records stolen from Australian private hospital operator
Cisco Unified Communications Manager
Cisco Unified Communications Products Code Injection Vulnerability — Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), Cisco Unified Comm
Under Armour
72,742,892 records exposed — Dates of birth, Email addresses, Genders, Geographic locations and 2 more
Crunchbase
Business intelligence platform breached — ShinyHunters claimed responsibility
Korea Telecom (South Korea)
8.7M customer records exposed via compromised customer portal at largest Korean telco
UPS (Supply Chain Data)
1.5M shipping manifests and customs records exposed via compromised logistics API
US Census Bureau
680K household survey response records exposed via misconfigured data sharing portal
US Postal Service
2.3M package tracking records and sender data exposed via compromised Informed Delivery API
Magna International (Canada)
180K employee records from automotive parts manufacturer exposed via phishing attack
Morgan Stanley (Cloud)
680K wealth management client records exposed via misconfigured cloud storage bucket
Raaga
10,225,145 records exposed — Ages, Dates of birth, Email addresses, Genders and 3 more
Pass'Sport
6,366,133 records exposed — Email addresses, Genders, Names, Phone numbers and 1 more
Fujitsu (Japan)
1.2M customer records from government IT contracts exposed via compromised ProjectWEB portal
Salesforce (Data Cloud)
3.4M CRM records from multiple tenants exposed via privilege escalation in Data Cloud module
InterContinental Hotels (IHG)
1.3M guest reservation records including passport and payment data compromised
Visa Inc. (Token Service)
1.1M tokenized card records exposed via vulnerability in token provisioning service
Optus (Australia 2026)
2.8M customer records stolen via API vulnerability in self-service portal