{"version":"https://jsonfeed.org/version/1.1","title":"Breached - Latest data breaches","home_page_url":"https://breached-web-instalaw.vercel.app","feed_url":"https://breached-web-instalaw.vercel.app/feed.json","description":"Latest US data breach summaries and source links from Breached.","items":[{"id":"https://breached-web-instalaw.vercel.app/breach/canada-life-20260420","url":"https://breached-web-instalaw.vercel.app/breach/canada-life-20260420","title":"Canada Life data breach","summary":"Canada Life suffered a data breach in April 2026 when the ShinyHunters group stole and published data on over 237,000 customers, including names, email addresses, phone numbers, physical addresses, and support tickets.","content_text":"What happened According to HIBP and reporting by SC World, the ShinyHunters cybercrime group targeted Canada Life in April 2026 as part of a \"pay or leak\" extortion campaign. When Canada Life did not meet the group's demands, the stolen data was publicly released. Canada Life confirmed the incident in a disclosure notice on its website, stating that a small proportion of its customers may have been impacted. What was exposed According to HIBP, the leaked dataset contained over 200,000 unique email addresses along with names, phone numbers, physical addresses, job titles, salutations, and in some cases, customer support ticket contents. Who is affected Approximately 237,810 accounts are recorded in the breach. Canada Life described the affected group as a small proportion of its overall customer base. What to do now Canada Life published an alert urging customers to be cautious of phishing attempts, which commonly follow public data releases. If you are a Canada Life customer, monitor your email and phone for suspicious messages, avoid clicking unexpected links, and consider updating your account password. Review any financial or insurance accounts for unusual activity.","date_published":"2026-05-13T12:00:50.036Z","date_modified":"2026-05-13T12:00:50.341Z","tags":["medium","Email addresses","Names","Phone numbers","Addresses","Job titles","Salutations","Support tickets"]},{"id":"https://breached-web-instalaw.vercel.app/breach/cushman-wakefield-20260505","url":"https://breached-web-instalaw.vercel.app/breach/cushman-wakefield-20260505","title":"Cushman & Wakefield data breach","summary":"In May 2026, real estate services firm Cushman & Wakefield had data on approximately 310,000 accounts exposed after the ShinyHunters group carried out an extortion campaign and published stolen corporate contact records.","content_text":"What happened According to Have I Been Pwned, in May 2026 the ShinyHunters cybercriminal group targeted Cushman & Wakefield with a \"pay or leak\" extortion campaign. When the firm did not comply, the group publicly released data they claimed to have obtained from the company. The Register reported that Cushman & Wakefield confirmed the attack, which involved a vishing (voice phishing) method. What was exposed According to HIBP, the published data consisted primarily of business contact information: names, job titles, email addresses, phone numbers, physical addresses, and salutations. The records included both internal Cushman & Wakefield email addresses and tens of thousands of external corporate contacts. Who is affected Approximately 310,431 accounts are listed as affected. Those impacted are largely current or former employees and external business contacts of Cushman & Wakefield, based on the nature of the exposed data. What to do now If you have a business relationship with Cushman & Wakefield, be alert to targeted phishing or social engineering attempts using your name, job title, or contact details. Be cautious of unsolicited calls or emails referencing your professional in…","date_published":"2026-05-12T12:00:41.518Z","date_modified":"2026-05-12T12:00:41.654Z","tags":["medium","Email addresses","Job titles","Names","Phone numbers","Physical addresses","Salutations"]},{"id":"https://breached-web-instalaw.vercel.app/breach/zara-20260415","url":"https://breached-web-instalaw.vercel.app/breach/zara-20260415","title":"Zara data breach","summary":"In April 2026, Zara was targeted by the ShinyHunters extortion group, exposing approximately 197,000 unique email addresses along with purchase and support ticket data linked to a compromise of the Anodot analytics platform.","content_text":"What happened According to Have I Been Pwned, in April 2026 the ShinyHunters extortion group targeted Zara as part of a broader \"pay or leak\" campaign. The group claimed the breach stemmed from a compromise of the Anodot analytics platform, a third-party service, and subsequently published a terabyte of data. Zara's parent company Inditex confirmed the incident involved a contractor and stated that passwords and payment information were not affected, as reported by Fashion Network. What was exposed According to HIBP, the leaked data included approximately 197,000 unique email addresses, geographic locations, product SKUs, order IDs, and the market origin of support tickets. The ShinyHunters group claimed the full dataset contained up to 95 million support ticket records. Who is affected Around 197,000 Zara customers whose email addresses appeared in support ticket records are confirmed to be affected. Customers who submitted support requests and had their data processed through the Anodot platform may be included. What to do now If you have a Zara account or have contacted Zara support, be alert for phishing emails that reference your purchases or order history, as attackers may u…","date_published":"2026-05-08T12:00:55.796Z","date_modified":"2026-05-08T12:00:55.895Z","tags":["medium","Email addresses","Geographic locations","Purchases","Support tickets"]},{"id":"https://breached-web-instalaw.vercel.app/breach/woflow-20260304","url":"https://breached-web-instalaw.vercel.app/breach/woflow-20260304","title":"Woflow data breach","summary":"Woflow, an AI-driven merchant data platform, had data on approximately 447,593 accounts exposed after the ShinyHunters extortion group published files allegedly stolen from the company in March 2026.","content_text":"What happened According to Have I Been Pwned, in March 2026 the ShinyHunters data extortion group named Woflow as a victim and subsequently published tens of thousands of files allegedly taken from the company. The leaked data reportedly exceeded 2TB in total size. What was exposed As reported by HIBP, the published files contained hundreds of thousands of records including email addresses, names, phone numbers, and physical addresses. The data appears to relate to Woflow's own customers as well as the customers of merchants using Woflow's platform. Who is affected Approximately 447,593 accounts are listed as affected. Those impacted may include direct Woflow customers and, indirectly, end customers of merchants who rely on Woflow's AI-driven merchant data services. What to do now If you have used Woflow or a merchant platform powered by Woflow, monitor your email and phone for phishing attempts or unsolicited contact. Be cautious of messages referencing your physical address, as that information may also be in circulation. Consider placing a fraud alert with the major credit bureaus if you are concerned about misuse of your personal details.","date_published":"2026-05-07T12:01:08.646Z","date_modified":"2026-05-07T12:01:08.334Z","tags":["medium","Email addresses","Names","Phone numbers","Addresses"]},{"id":"https://breached-web-instalaw.vercel.app/breach/instructure-canvas-20260505","url":"https://breached-web-instalaw.vercel.app/breach/instructure-canvas-20260505","title":"Instructure (Canvas) data breach","summary":"TechCrunch reported that hackers stole student data during a breach at education technology company Instructure, which is widely known for its Canvas platform.","content_text":"What happened TechCrunch reported on May 5, 2026 that hackers stole student data during a breach at Instructure, the education technology company best known for its Canvas platform. Based on the provided materials, this should be referred to as Instructure and Canvas so the affected product is clear. What was exposed The provided source indicates that student data was stolen. The available materials do not specify the full categories of data involved. Who is affected The affected population was not quantified in the provided materials. Based on the admin prompt and source title, the incident is associated with Instructure's Canvas-related user base, but the exact scope was not stated. What to do now Potentially affected schools, students, and families should watch for direct notices from Instructure, Canvas, or their educational institution. They should review any breach guidance that may be provided, stay alert for phishing or impersonation attempts, and follow password-reset or account-security instructions if later recommended by the company or school.","date_published":"2026-05-07T00:23:43.467Z","date_modified":"2026-05-07T01:04:54.053Z","tags":["critical","student data"]},{"id":"https://breached-web-instalaw.vercel.app/breach/legionproxy-20260406","url":"https://breached-web-instalaw.vercel.app/breach/legionproxy-20260406","title":"LegionProxy data breach","summary":"LegionProxy, a commercial residential and ISP proxy network, suffered a data breach in April 2026 that exposed approximately 10,000 accounts including email addresses, names, bcrypt password hashes, and purchase records.","content_text":"What happened According to Have I Been Pwned, LegionProxy — a commercial residential and ISP proxy network — experienced a data breach in April 2026. The breach was disclosed publicly in May 2026. What was exposed According to HIBP, the incident exposed email addresses, names, bcrypt-hashed passwords, and purchase information for roughly 10,000 accounts. Passwords were stored as bcrypt hashes rather than plain text, which provides some protection. Who is affected Approximately 10,144 LegionProxy customers are affected. Anyone who held an account with the service at the time of the breach may have had their personal and purchase details exposed. What to do now If you had a LegionProxy account, change your password there immediately and on any other site where you used the same password. Although the passwords were hashed with bcrypt, hashed passwords can still be cracked over time. Review your purchase history for any unauthorized activity and be alert to phishing emails that may use your name or email address.","date_published":"2026-05-06T12:00:21.988Z","date_modified":"2026-05-06T12:00:22.085Z","tags":["medium","Email addresses","Names","Passwords (hashed)","Purchases"]},{"id":"https://breached-web-instalaw.vercel.app/breach/vimeo-20260428","url":"https://breached-web-instalaw.vercel.app/breach/vimeo-20260428","title":"Vimeo data breach","summary":"In April 2026, the ShinyHunters extortion group published data from a third-party analytics vendor breach affecting approximately 119,000 Vimeo user email addresses and names.","content_text":"What happened According to Have I Been Pwned, in April 2026 the ShinyHunters extortion group listed Vimeo on their \"pay or leak\" portal and subsequently published hundreds of gigabytes of data. Vimeo attributed the exposure to a breach at Anodot, a third-party analytics vendor, rather than a direct compromise of Vimeo's own systems. What was exposed Reported by HIBP and Bleeping Computer, the published data included approximately 119,000 unique email addresses, sometimes accompanied by user names. The bulk of the leaked material consisted of video titles, technical data, and metadata. Vimeo stated the incident does not include video content, valid login credentials, or payment card information. Who is affected Around 119,000 Vimeo users whose email addresses — and in some cases names — were processed by the Anodot analytics platform are affected. Users who have not received direct notification from Vimeo may still want to check whether their email appears in breach databases. What to do now Be alert to phishing emails targeting your Vimeo-associated address, as attackers now know it is linked to a Vimeo account. Although login credentials were not reported as exposed, changing you…","date_published":"2026-05-05T06:00:19.859Z","date_modified":"2026-05-05T06:00:19.951Z","tags":["medium","Email addresses","Names"]},{"id":"https://breached-web-instalaw.vercel.app/breach/reborn-gaming-20260430","url":"https://breached-web-instalaw.vercel.app/breach/reborn-gaming-20260430","title":"Reborn Gaming data breach","summary":"Reborn Gaming, an online gaming community, suffered a data breach in April 2026 that exposed 126 accounts' email addresses, IP addresses, and Steam IDs due to a vulnerability in cPanel and WHM.","content_text":"What happened According to Have I Been Pwned, Reborn Gaming experienced a data breach in April 2026. The breach was caused by a vulnerability in cPanel and WebHost Manager (WHM), software commonly used to manage web hosting environments. Reborn Gaming self-submitted the incident to Have I Been Pwned. What was exposed The breach exposed email addresses, IP addresses, and Steam IDs for 126 unique accounts, according to HIBP. No passwords, financial data, or other sensitive personal information was reported as compromised. Who is affected Members of the Reborn Gaming online community are affected. A total of 126 accounts were involved in this breach. If you have an account on reborngaming.net, your email address, IP address, and Steam ID may have been exposed. What to do now Check whether your email address appears in Have I Been Pwned. While no passwords were reported exposed, be cautious of phishing emails targeting your account. If your Steam ID was linked to other personal information, review your Steam privacy settings. Consider using a unique email address for gaming communities going forward.","date_published":"2026-05-04T06:00:51.781Z","date_modified":"2026-05-04T06:00:51.794Z","tags":["low","Email addresses","IP addresses","Steam IDs"]},{"id":"https://breached-web-instalaw.vercel.app/breach/marcus-millichap-20260412","url":"https://breached-web-instalaw.vercel.app/breach/marcus-millichap-20260412","title":"Marcus & Millichap data breach","summary":"Marcus & Millichap, a commercial real estate brokerage, had data on approximately 1.8 million individuals exposed after being named as an alleged victim of the ShinyHunters hacking group in April 2026.","content_text":"What happened According to HIBP, in April 2026 the commercial real estate brokerage firm Marcus & Millichap was identified as one of several alleged victims of the ShinyHunters hacking and extortion group. Data purportedly obtained from the company was subsequently released publicly. In their own disclosure notice, Marcus & Millichap stated that the data potentially accessed appeared limited to company forms, templates, marketing materials, and general contact information. What was exposed According to HIBP, the released data included approximately 1.8 million unique email addresses, along with names, phone numbers, and employment-related details such as employer names, job titles, and physical company addresses. Who is affected Around 1.8 million individuals are affected, primarily those whose contact and professional information was held in Marcus & Millichap's systems. This likely includes clients, business contacts, and industry professionals. What to do now If you have ever provided contact information to Marcus & Millichap, be alert for phishing emails or unsolicited calls that use your personal or professional details. Consider updating passwords on any accounts that share…","date_published":"2026-05-04T06:00:43.593Z","date_modified":"2026-05-04T06:00:43.728Z","tags":["high","Email addresses","Names","Phone numbers","Addresses","Employers","Job titles"]},{"id":"https://breached-web-instalaw.vercel.app/breach/zenbusiness-20260327","url":"https://breached-web-instalaw.vercel.app/breach/zenbusiness-20260327","title":"ZenBusiness data breach","summary":"ZenBusiness, a business formation platform, had data on approximately 5.1 million accounts exposed after the hacker group ShinyHunters claimed to have exfiltrated records from multiple platforms and publicly released the data following an unpaid ransom demand.","content_text":"What happened According to HIBP, in March 2026 the hacker and extortion group ShinyHunters claimed to have obtained a large volume of data from ZenBusiness, a business formation and compliance platform. The group stated the data was exfiltrated from platforms including Snowflake, Mixpanel, and Salesforce, and threatened to publish it unless a ransom was paid. Reported by Cybernews, after ZenBusiness allegedly did not pay the ransom, ShinyHunters publicly released the data the following month. The release consisted of many terabytes of files spanning thousands of records that appeared to come from multiple internal systems and business functions. What was exposed According to HIBP, the released data included approximately 5 million unique email addresses. Depending on the source file, records were also accompanied by names and phone numbers. The data appeared to originate from leads, support records, and other CRM-related sources. Who is affected Approximately 5.1 million accounts are listed as affected. Those impacted are likely current or former ZenBusiness customers, leads, or individuals who interacted with the company's support systems. What to do now If you have ever used Zen…","date_published":"2026-05-02T18:00:45.195Z","date_modified":"2026-05-03T21:56:41.804Z","tags":["high","Email addresses","Names","Phone numbers"]},{"id":"https://breached-web-instalaw.vercel.app/breach/aman-20260420","url":"https://breached-web-instalaw.vercel.app/breach/aman-20260420","title":"Aman data breach","summary":"Aman, an ultra-luxury hotel brand, suffered a data breach in April 2026 when ShinyHunters obtained customer records from their Salesforce CRM and later leaked them publicly.","content_text":"What happened According to Have I Been Pwned, the ultra-luxury hotel brand Aman was targeted by ShinyHunters in April 2026 as part of a \"pay or leak\" extortion campaign. The threat actor allegedly obtained the data from Aman's Salesforce CRM system. The data was subsequently leaked publicly. What was exposed The breach exposed over 200,000 unique email addresses and additional personal information. According to the source, exposed data included names, dates of birth, genders, physical addresses, phone numbers, nationalities, spouse names, language preferences, and VIP status codes, though not all fields were present on every record. Who is affected Approximately 215,563 Aman customer accounts were affected by the breach. What to do now Affected individuals should monitor their accounts for suspicious activity and consider changing passwords if they reused credentials elsewhere. Those concerned about their personal information should watch for phishing attempts and unsolicited contact from parties claiming to have access to their data.","date_published":"2026-05-02T00:00:49.546Z","date_modified":"2026-05-03T21:56:41.804Z","tags":["high","Dates of birth","Email addresses","Genders","Language preferences","Names","Nationalities","Phone numbers","Physical addresses","Spouses names","VIP statuses"]},{"id":"https://breached-web-instalaw.vercel.app/breach/udemy-20260424","url":"https://breached-web-instalaw.vercel.app/breach/udemy-20260424","title":"Udemy data breach","summary":"Udemy suffered a data breach affecting 1.4 million accounts, with customer and instructor information including email addresses, names, addresses, phone numbers, and payment methods exposed.","content_text":"What happened According to HIBP, online training company Udemy was targeted by the ShinyHunters group in April 2026 in a \"pay or leak\" extortion attempt. The attackers subsequently released the stolen data publicly. What was exposed The breach exposed data for 1.4 million unique email addresses belonging to Udemy customers and instructors. Exposed information included names, physical addresses, phone numbers, employer information, and instructor payout methods such as PayPal, cheque, and bank transfer details. Who is affected Approximately 1.4 million Udemy customers and instructors were affected by the breach. What to do now If you have a Udemy account, monitor your email and financial accounts for suspicious activity. Consider changing your Udemy password and reviewing any linked payment methods for unauthorized transactions. Be cautious of phishing attempts targeting affected users.","date_published":"2026-05-01T03:29:28.907Z","date_modified":"2026-05-03T21:56:41.804Z","tags":["critical","Email addresses","Names","Physical addresses","Phone numbers","Employers","Job titles","Payment methods"]},{"id":"https://breached-web-instalaw.vercel.app/breach/success-20260304","url":"https://breached-web-instalaw.vercel.app/breach/success-20260304","title":"SUCCESS data breach","summary":"SUCCESS, a personal development media brand, suffered a data breach in March 2026 exposing approximately 253,510 accounts with names, email addresses, phone numbers, and other personal information.","content_text":"What happened According to HIBP and SUCCESS's disclosure notice, the personal development and achievement media brand SUCCESS experienced a data breach in March 2026. The incident was disclosed publicly on April 1, 2026. The company also reported that its system was abused to send offensive newsletters with quotes falsely attributed to contributors. What was exposed The breach exposed 250,000 unique email addresses along with names, IP addresses, and phone numbers. For a limited number of staff members, bcrypt password hashes were compromised. The exposed data also included order information containing physical addresses and payment methods used. Who is affected Approximately 253,510 accounts were affected by the breach, including customers and staff members of SUCCESS. What to do now Affected individuals should monitor their accounts for suspicious activity and consider changing their password if they used the same credentials elsewhere. Those who made purchases should watch for unauthorized charges and monitor their physical addresses for potential fraud. SUCCESS customers should review the company's security update for additional guidance.","date_published":"2026-05-01T03:29:24.729Z","date_modified":"2026-05-03T21:56:41.804Z","tags":["high","Device information","Email addresses","IP addresses","Names","Passwords (hashed)","Phone numbers","Physical addresses","Purchase history"]},{"id":"https://breached-web-instalaw.vercel.app/breach/sound-radix-20260325","url":"https://breached-web-instalaw.vercel.app/breach/sound-radix-20260325","title":"Sound Radix data breach","summary":"Sound Radix disclosed a data breach in March 2026 affecting approximately 293,000 user accounts.","content_text":"What happened According to HIBP, audio production tools company Sound Radix disclosed a data breach in March 2026 and self-submitted the incident to the platform. The breach was disclosed on March 26, 2026. What was exposed The breach exposed email addresses and names for approximately 293,000 unique accounts. Sound Radix indicated that hashed passwords may have also been exposed, though the company confirmed that no financial or credit card information was compromised. Who is affected Approximately 292,993 Sound Radix users with registered accounts were impacted by the breach. What to do now Users should consider changing their Sound Radix password if they have an account with the company. Monitor accounts for suspicious activity and review any communications from Sound Radix regarding the incident.","date_published":"2026-05-01T03:29:20.160Z","date_modified":"2026-05-03T21:56:41.804Z","tags":["medium","Email addresses","Names","Passwords"]},{"id":"https://breached-web-instalaw.vercel.app/breach/songtrivia2-20260402","url":"https://breached-web-instalaw.vercel.app/breach/songtrivia2-20260402","title":"SongTrivia2 data breach","summary":"SongTrivia2, a music trivia platform, suffered a data breach in April 2026 affecting approximately 292,000 accounts, with data subsequently published to a public hacking forum.","content_text":"What happened According to HIBP, SongTrivia2 experienced a data breach in April 2026. The breach was discovered and the compromised data was published to a public hacking forum on April 4, 2026. What was exposed The breach exposed approximately 291,739 unique records containing email addresses, names, usernames, avatars, authentication tokens, and passwords. According to the source, email addresses came from either Google OAuth logins or accounts created directly on the platform, with the latter also containing bcrypt password hashes. Who is affected The breach affected 291,739 user accounts on the SongTrivia2 platform, including both users who registered via Google OAuth and those who created accounts directly on the site. What to do now Users should change their password on SongTrivia2 and any other services where they reused the same password. Those who used Google OAuth may review their Google account security settings. Monitor accounts for unauthorized activity and consider enabling two-factor authentication where available.","date_published":"2026-05-01T03:29:16.140Z","date_modified":"2026-05-03T21:56:41.804Z","tags":["high","Auth tokens","Avatars","Email addresses","Names","Passwords","Usernames"]},{"id":"https://breached-web-instalaw.vercel.app/breach/scuf-gaming-20150605","url":"https://breached-web-instalaw.vercel.app/breach/scuf-gaming-20150605","title":"Scuf Gaming data breach","summary":"Scuf Gaming suffered a data breach in June 2015 that exposed approximately 129,000 user accounts including email addresses, usernames, display names, IP addresses, and password hashes.","content_text":"What happened According to HIBP, custom gaming controller maker Scuf Gaming experienced a data breach in June 2015. The incident was disclosed in March 2026. What was exposed The breach exposed display names, email addresses, IP addresses, usernames, and password hashes for affected users. Who is affected Approximately 128,683 user accounts were impacted by the breach. What to do now Users with Scuf Gaming accounts should change their password immediately if they have not already done so. Monitor accounts for suspicious activity and consider using a password manager to create unique, strong passwords for each online service.","date_published":"2026-05-01T03:29:11.921Z","date_modified":"2026-05-03T21:56:41.804Z","tags":["high","Display names","Email addresses","IP addresses","Passwords","Usernames"]},{"id":"https://breached-web-instalaw.vercel.app/breach/runescape-boards-20111226","url":"https://breached-web-instalaw.vercel.app/breach/runescape-boards-20111226","title":"RuneScape Boards data breach","summary":"RuneScape Boards, a vBulletin-based forum, suffered a data breach in 2011 that exposed approximately 223,000 user accounts.","content_text":"What happened According to HIBP, the RuneScape Boards forum (rsboards.com) was breached around 2011. The vBulletin-based service is now defunct. The compromised data was later redistributed as part of a larger corpus of leaked credentials. What was exposed The breach exposed email addresses, usernames, IP addresses, and salted MD5 password hashes for approximately 223,000 unique accounts. Who is affected Around 222,762 user accounts from the RuneScape Boards forum were affected by this breach. What to do now If you had an account on RuneScape Boards, change your password on any other services where you may have reused the same credentials. Monitor your email address for suspicious activity and consider using a password manager to maintain unique passwords across different sites.","date_published":"2026-05-01T03:29:08.982Z","date_modified":"2026-05-03T21:56:41.804Z","tags":["medium","Email addresses","IP addresses","Passwords (hashed)","Usernames"]},{"id":"https://breached-web-instalaw.vercel.app/breach/provecho-20260130","url":"https://breached-web-instalaw.vercel.app/breach/provecho-20260130","title":"Provecho data breach","summary":"Provecho, a recipe and meal planning service, suffered a data breach in early 2026 affecting approximately 713,000 users.","content_text":"What happened According to Have I Been Pwned, data from Provecho was allegedly obtained in a breach in early 2026. The incident was disclosed on March 3, 2026. Provecho has been notified of the claims and is aware of the incident. What was exposed The exposed data included approximately 713,000 unique email addresses and usernames associated with creator accounts. The breach also included information about the accounts that creators followed on the platform. Who is affected Approximately 712,904 user accounts were affected by the breach, primarily consisting of Provecho's recipe and meal planning service users. What to do now Users should monitor their email accounts for suspicious activity and consider changing their password if they had an account with Provecho. Review any connected accounts or services that may have used Provecho credentials.","date_published":"2026-05-01T03:29:05.042Z","date_modified":"2026-05-03T21:56:41.804Z","tags":["medium","Email addresses","Usernames"]},{"id":"https://breached-web-instalaw.vercel.app/breach/pitney-bowes-20260420","url":"https://breached-web-instalaw.vercel.app/breach/pitney-bowes-20260420","title":"Pitney Bowes data breach","summary":"Pitney Bowes suffered a data breach in April 2026 affecting approximately 8.2 million individuals, with ShinyHunters claiming responsibility and publicly releasing the stolen data.","content_text":"What happened According to HIBP, the hacking collective ShinyHunters claimed in April 2026 to have obtained data from Pitney Bowes as part of a broader extortion campaign targeting multiple organizations. After negotiations allegedly failed, the group publicly released the stolen data. What was exposed The breach exposed approximately 8.2 million unique email addresses along with names, phone numbers, and physical addresses. A subset of the released data also included Pitney Bowes employee records containing job titles. Who is affected Approximately 8.2 million individuals had their personal information exposed in the breach, including both customers and employees of Pitney Bowes. What to do now Individuals affected should monitor their email accounts and physical mailboxes for suspicious activity. Consider placing a fraud alert or credit freeze with credit bureaus if personal address and contact information were compromised. Review any communications claiming to be from Pitney Bowes for authenticity.","date_published":"2026-05-01T03:29:01.121Z","date_modified":"2026-05-03T21:56:41.804Z","tags":["critical","Email addresses","Names","Phone numbers","Physical addresses","Job titles"]},{"id":"https://breached-web-instalaw.vercel.app/breach/mcgraw-hill-20260410","url":"https://breached-web-instalaw.vercel.app/breach/mcgraw-hill-20260410","title":"McGraw Hill data breach","summary":"McGraw Hill confirmed a data breach in April 2026 affecting 13.5 million accounts, exposing email addresses, names, phone numbers, and physical addresses due to a Salesforce misconfiguration.","content_text":"What happened According to HIBP, McGraw Hill confirmed a data breach in April 2026 following an extortion attempt. The incident was attributed to a Salesforce misconfiguration that exposed data from a webpage hosted on Salesforce's platform. More than 100GB of data was subsequently distributed publicly. What was exposed The breach exposed 13.5 million unique email addresses. Additional fields including names, physical addresses, and phone numbers appeared inconsistently across some records in the distributed files. Who is affected Approximately 13.5 million individuals with accounts or data associated with McGraw Hill's Salesforce-hosted webpage are affected by this breach. What to do now Affected individuals should monitor their email accounts and watch for unsolicited contact. Consider placing a fraud alert or credit freeze with credit bureaus if personal information including addresses and phone numbers were exposed. Review any McGraw Hill accounts for unauthorized activity.","date_published":"2026-05-01T03:28:57.394Z","date_modified":"2026-05-03T21:56:41.804Z","tags":["critical","Email addresses","Names","Phone numbers","Physical addresses"]},{"id":"https://breached-web-instalaw.vercel.app/breach/lovora-20260225","url":"https://breached-web-instalaw.vercel.app/breach/lovora-20260225","title":"Lovora data breach","summary":"Lovora, a couples and relationship app, suffered a data breach in February 2026 that exposed approximately 496,000 user accounts.","content_text":"What happened According to Have I Been Pwned, Lovora, a couples and relationship app operated by Plantake, allegedly suffered a data breach in February 2026. The breach was disclosed on March 2, 2026. The app's maker did not respond to multiple attempts to contact them about the incident. What was exposed The breach exposed display names, email addresses, and profile photos for affected users. The data also included other personal information collected through use of the app, though specific details were not disclosed. Who is affected Approximately 495,556 user accounts were affected by the breach, representing roughly 496,000 unique email addresses. What to do now Users of Lovora should monitor their email accounts for suspicious activity and consider changing their password if they reused it elsewhere. Review any profile information that may have been exposed and adjust privacy settings as needed.","date_published":"2026-05-01T03:28:52.690Z","date_modified":"2026-05-03T21:56:41.804Z","tags":["high","Display names","Email addresses","Profile photos"]},{"id":"https://breached-web-instalaw.vercel.app/breach/hallmark-20260331","url":"https://breached-web-instalaw.vercel.app/breach/hallmark-20260331","title":"Hallmark data breach","summary":"Hallmark suffered a breach in March 2026 after attackers accessed data stored in Salesforce, exposing approximately 1.7 million customer records.","content_text":"What happened According to HIBP, Hallmark experienced a data breach in March 2026 when attackers gained unauthorized access to data stored within Salesforce. The attackers subsequently attempted extortion, and the data was published after the extortion deadline passed. What was exposed The breach exposed approximately 1.7 million unique email addresses across Hallmark and the Hallmark+ streaming service. Also compromised were customer names, phone numbers, physical addresses, and support tickets. Who is affected Approximately 1.7 million individuals with accounts on Hallmark or Hallmark+ streaming service are affected by this breach. What to do now Affected customers should monitor their accounts for suspicious activity and consider changing their passwords. Given the exposure of physical addresses and phone numbers, individuals should also be alert to potential phishing or social engineering attempts.","date_published":"2026-05-01T03:28:49.080Z","date_modified":"2026-05-03T21:56:41.804Z","tags":["high","Email addresses","Names","Phone numbers","Physical addresses","Support tickets"]},{"id":"https://breached-web-instalaw.vercel.app/breach/divine-skins-20260313","url":"https://breached-web-instalaw.vercel.app/breach/divine-skins-20260313","title":"Divine Skins data breach","summary":"Divine Skins, a League of Legends custom skins service, disclosed a data breach affecting over 105,000 users in March 2026.","content_text":"What happened According to HIBP, Divine Skins suffered an unauthorized access incident in March 2026. The service disclosed the breach via its Discord server, stating that an unauthorized third party accessed part of its systems, deleted all skins from the database, and exposed user data. What was exposed The breach exposed email addresses, usernames, and a history of purchases made by users. Who is affected Approximately 105,814 user accounts were affected by the incident. What to do now Users of Divine Skins should monitor their email accounts for suspicious activity and consider changing passwords on other services if they reused credentials. Review purchase history for any unauthorized transactions.","date_published":"2026-05-01T03:28:45.338Z","date_modified":"2026-05-03T21:56:41.804Z","tags":["high","Email addresses","Usernames","Purchases"]},{"id":"https://breached-web-instalaw.vercel.app/breach/crunchyroll-20260312","url":"https://breached-web-instalaw.vercel.app/breach/crunchyroll-20260312","title":"Crunchyroll data breach","summary":"Crunchyroll suffered a data breach in March 2026 affecting approximately 1.2 million email addresses, with additional personal information exposed from the company's Zendesk support system.","content_text":"What happened According to Have I Been Pwned, the anime streaming service Crunchyroll experienced a data breach in March 2026. A hacker claimed to have stolen data from approximately 6.8 million users, though a subset of 1.2 million records was later provided to HIBP. What was exposed Reported by HIBP, the exposed data originated from Crunchyroll's Zendesk support system and included email addresses, names, login names, IP addresses, general geographic location, and the contents of support tickets. Who is affected According to HIBP, approximately 1.2 million email addresses from the breached dataset were confirmed in their database, though the initial claim suggested a larger pool of affected users. What to do now Users should monitor their accounts for suspicious activity and consider changing their Crunchyroll password if they have not already done so. Those affected should be alert to phishing attempts or social engineering that may reference information from support tickets.","date_published":"2026-05-01T03:28:41.765Z","date_modified":"2026-05-03T21:56:41.804Z","tags":["high","Email addresses","Names","IP addresses","Geographic location","Support ticket contents"]},{"id":"https://breached-web-instalaw.vercel.app/breach/carnival-corporation-20260418","url":"https://breached-web-instalaw.vercel.app/breach/carnival-corporation-20260418","title":"Carnival Corporation data breach","summary":"Carnival Corporation suffered a data breach affecting 7.5 million records from its Holland America loyalty program after ShinyHunters claimed to obtain and later published the data.","content_text":"What happened According to HIBP, in April 2026 the hacking collective ShinyHunters claimed they had obtained a substantial volume of data from Carnival cruise operator and attempted to extort the organization. The group subsequently published the data publicly. Carnival acknowledged a phishing incident involving a single user account and stated they were working to understand the scope of the unauthorized activity. What was exposed The breach contained 8.7 million records with 7.5 million unique email addresses. Exposed data included names, email addresses, dates of birth, genders, geographic locations, and loyalty program details related to the Mariner Society program run by Holland America, a Carnival subsidiary. Who is affected Approximately 7.5 million individuals with accounts in the Mariner Society loyalty program operated by Holland America, a cruise line brand under Carnival Corporation. What to do now Affected individuals should monitor their accounts for suspicious activity and consider changing passwords. Those who received notification from Carnival should follow the company's recommended remediation steps.","date_published":"2026-05-01T03:28:36.765Z","date_modified":"2026-05-03T21:56:41.804Z","tags":["critical","Names","Email addresses","Dates of birth","Genders","Geographic locations","Loyalty program details"]},{"id":"https://breached-web-instalaw.vercel.app/breach/breachforums-version-5-20260326","url":"https://breached-web-instalaw.vercel.app/breach/breachforums-version-5-20260326","title":"BreachForums Version 5 data breach","summary":"BreachForums Version 5, a hacking forum, suffered a breach in March 2026 exposing approximately 340,000 user accounts with email addresses, usernames, and password hashes.","content_text":"What happened According to HIBP, BreachForums Version 5 was breached on March 26, 2026, and the incident was publicly disclosed on March 27, 2026. The breach affected one iteration of the BreachForums hacking forum. What was exposed The breach exposed approximately 340,000 unique email addresses, usernames, and argon2 password hashes. Who is affected Approximately 339,778 user accounts registered on BreachForums Version 5 were affected by the breach. What to do now Users with accounts on BreachForums Version 5 should assume their credentials have been compromised. Those who reused passwords across other services should change them immediately on any other platforms where the same password was used.","date_published":"2026-05-01T03:28:32.399Z","date_modified":"2026-05-03T21:56:41.804Z","tags":["medium","Email addresses","Usernames","Passwords (hashed)"]},{"id":"https://breached-web-instalaw.vercel.app/breach/bayd-ner-20260308","url":"https://breached-web-instalaw.vercel.app/breach/bayd-ner-20260308","title":"Baydöner data breach","summary":"Turkish restaurant chain Baydöner suffered a data breach in March 2026 exposing over 1.2 million customer records including names, email addresses, phone numbers, and plaintext passwords.","content_text":"What happened According to HIBP, Baydöner, a Turkish restaurant chain, experienced a data breach in March 2026. The incident was discovered and the compromised data was subsequently published to a public hacking forum, with disclosure added to HIBP on March 15, 2026. What was exposed The breach exposed over 1.2 million unique email addresses along with names, phone numbers, cities of residence, and plaintext passwords. A smaller subset of records also included Turkish national ID numbers and dates of birth. According to Baydöner's disclosure notice, payment and financial data was not affected. Who is affected Approximately 1.27 million customer accounts were impacted by the breach. What to do now Affected customers should change their password on Baydöner's platform and any other services where the same password was used. Monitor accounts for suspicious activity and consider placing a fraud alert with relevant authorities given the exposure of government-issued ID numbers in some records.","date_published":"2026-05-01T03:28:28.530Z","date_modified":"2026-05-03T21:56:41.804Z","tags":["high","Dates of birth","Email addresses","Genders","Geographic locations","Government issued IDs","Names","Passwords","Phone numbers","Purchases"]},{"id":"https://breached-web-instalaw.vercel.app/breach/aura-20260306","url":"https://breached-web-instalaw.vercel.app/breach/aura-20260306","title":"Aura data breach","summary":"Aura disclosed a data breach in March 2026 affecting over 900,000 customer records, primarily from a marketing tool associated with a previously acquired company.","content_text":"What happened According to Aura's official disclosure, the online safety service experienced a data breach in March 2026 that was discovered and publicly announced on March 18, 2026. The exposed data was primarily associated with a marketing tool from a previously acquired company. What was exposed The breach exposed names, email addresses, phone numbers, physical addresses, IP addresses, and customer service comments. According to Aura's statement, no Social Security numbers, passwords, or financial information were compromised in the incident. Who is affected The breach affected approximately 903,080 unique email addresses. However, Aura reported that fewer than 20,000 of its active customers were impacted, with the majority of exposed records associated with the legacy marketing tool from the acquired company. What to do now Affected individuals should monitor their accounts for suspicious activity and consider updating security settings. Those who received notification from Aura should follow the company's recommended remediation steps provided in their disclosure communication.","date_published":"2026-05-01T03:28:24.066Z","date_modified":"2026-05-03T21:56:41.804Z","tags":["high","Names","Email addresses","Phone numbers","Physical addresses","IP addresses","Customer service comments"]},{"id":"https://breached-web-instalaw.vercel.app/breach/amtrak-20260403","url":"https://breached-web-instalaw.vercel.app/breach/amtrak-20260403","title":"Amtrak data breach","summary":"Amtrak suffered a data breach in April 2026 affecting over 2.1 million accounts, with the hacking group ShinyHunters claiming responsibility and later publishing the stolen data.","content_text":"What happened According to Have I Been Pwned, the hacking group ShinyHunters claimed in April 2026 that they had breached Amtrak. The group typically compromises organizations' Salesforce instances before demanding ransom and, if unpaid, publicly releasing the data. ShinyHunters subsequently published the alleged stolen data. What was exposed The breach exposed over 2 million unique email addresses along with customer names, physical addresses, and customer support records. Who is affected Approximately 2.1 million Amtrak accounts were affected by the breach. What to do now Amtrak customers should monitor their accounts for suspicious activity and consider changing their passwords. Those affected should watch for phishing attempts and unsolicited contact using their exposed personal information.","date_published":"2026-05-01T03:28:20.142Z","date_modified":"2026-05-03T21:56:41.804Z","tags":["high","Email addresses","Names","Physical addresses","Support tickets"]},{"id":"https://breached-web-instalaw.vercel.app/breach/adt-20260420","url":"https://breached-web-instalaw.vercel.app/breach/adt-20260420","title":"ADT data breach","summary":"ADT confirmed a data breach affecting 5.5 million customers in April 2026, with ShinyHunters claiming responsibility and threatening to leak the data.","content_text":"What happened According to HIBP, home security firm ADT confirmed a data breach in April 2026 by the threat actor ShinyHunters. The group listed ADT on its website as part of a \"pay or leak\" extortion attempt. What was exposed The breach exposed email addresses, names, phone numbers, and physical addresses for approximately 5.5 million unique accounts. According to ADT, in a small percentage of cases, dates of birth and the last four digits of Social Security numbers or Tax IDs were also included. Who is affected The breach impacted 5.5 million unique email addresses associated with ADT customers. What to do now ADT advised that it had contacted all affected people. Individuals should monitor their accounts for suspicious activity and consider placing a fraud alert or credit freeze with credit bureaus if their Social Security number information was exposed.","date_published":"2026-05-01T03:28:16.177Z","date_modified":"2026-05-03T21:56:41.804Z","tags":["critical","Dates of birth","Email addresses","Names","Partial government issued IDs","Phone numbers","Physical addresses"]}]}