Fujitsu (Japan)
1.2M customer records from government IT contracts exposed via compromised ProjectWEB portal
Technology & Software Data Breaches (1145 indexed)
Salesforce (Data Cloud)
3.4M CRM records from multiple tenants exposed via privilege escalation in Data Cloud module
Optus (Australia 2026)
2.8M customer records stolen via API vulnerability in self-service portal
Match Group (Hinge / OkCupid)
10M+ dating records stolen by ShinyHunters via Okta SSO social engineering
Zscaler Cloud Security
150K enterprise zero-trust configurations exposed — test environment breach spread to prod
Amazon Web Services (Customer Data)
2.8M customer billing records and account metadata exposed via misconfigured internal tool
Microsoft Windows
Microsoft Windows Information Disclosure Vulnerability — Microsoft Windows Desktop Windows Manager contains an information disclosure vulnerability that allows an authorized attacker to disclose information locally.
Gogs Gogs
Gogs Path Traversal Vulnerability — Gogs contains a path traversal vulnerability affecting improper Symbolic link handling in the PutContents API that could allow for code execution.
Tesla Inc.
75K employee records leaked by former staff to German newspaper — payroll, SSNs, complaints
Datadog Inc.
APM and logging data from 340 enterprise customers exposed via compromised CI/CD pipeline
6,215,150 records exposed — Display names, Email addresses, Geographic locations, Phone numbers and 1 more
BreachForums (2025)
672,247 records exposed — Email addresses, Forum posts, Passwords, Private messages and 1 more
NEC Corporation
560K corporate client records stolen
Booking.com
2.3M guest records compromised in phishing campaign targeting hotels
Bosch Group
560K manufacturing and IoT device records exposed
Spark New Zealand
450K customer records exposed in targeted attack
Instagram (Alleged Leak)
17.5M account records posted to BreachForums
ABB Ltd (Switzerland)
560K automation records exposed
Linear (Project Management)
120K workspace records exposed via OAuth misconfiguration
Hewlett Packard Enterprise (HPE) OneView
Hewlett Packard Enterprise (HPE) OneView Code Injection Vulnerability — Hewlett Packard Enterprise (HPE) OneView contains a code injection vulnerability that allows a remote unauthenticated user to perform remote code ex
Microsoft Office
Microsoft Office PowerPoint Code Injection Vulnerability — Microsoft Office PowerPoint contains a code injection vulnerability that allows remote attackers to execute arbitrary code via a PowerPoint file with an OutlineT
Bandai Namco (Japan)
340K gaming records exposed in ransomware
MongoDB MongoDB and MongoDB Server
MongoDB and MongoDB Server Improper Handling of Length Parameter Inconsistency Vulnerability — MongoDB Server contains an improper handling of length parameter inconsistency vulnerability in Zlib compressed protocol head
WIRED
2,364,431 records exposed — Dates of birth, Display names, Email addresses, Genders and 4 more