News

What Happened in the Breach A massive data breach at Australian fintech platform youX exposed the personal information of hundreds of thousands of borrowers, including more than 200,000 driver’s‑licence numbers and 629,597 loan applications.  youX, a Sydney‑based asset‑finance technology company used by motor‑dealers and lenders, discovered in mid‑February 2026 that a hacker had gained unauthorized…

Figure Technology Solutions’ customer data from roughly 967,200 accounts was posted online in February 2026 after attackers used social engineering to access an employee account and take a limited set of files, according to the company, TechCrunch reporting, and independent analysis from Have I Been Pwned.  The incident matters because the exposed dataset includes identity…

What Happened in the Breach PayPal confirmed that a software error in its PayPal Working Capital (PPWC) loan application led to a data exposure that lasted nearly six months.  According to PayPal’s breach notice filed with Massachusetts authorities, the error in the PPWC application exposed personal data to unauthorized individuals between July 1 2025 and…

Under Armour is investigating claims that a dataset tied to roughly 72 million customer records was posted online after an extortion attempt linked to the Everest ransomware group, raising risks of targeted phishing and account takeover attempts even as the company says it has found no evidence that passwords or payment systems were affected. What…

AT&T’s proposed $177,000,000 class action settlement over two 2024 data incidents allows eligible claimants to seek up to $5,000 for documented losses tied to the first incident and up to $2,500 for documented losses tied to the second, with some people potentially eligible for both. What Happened in the Breach AT&T disclosed on March 30,…

What Happened in the Breach Match Group said it is investigating a security incident after the ShinyHunters extortion group claimed it obtained more than 10 million records tied to Match Group dating services, including Hinge, OkCupid, and Match.com. Match Group told media outlets it moved quickly to terminate unauthorized access and said it has not…

Nike is investigating a potential cybersecurity incident after the extortion group WorldLeaks claimed it stole and leaked about 1.4TB of internal files tied to the sportswear giant, a case that could expose sensitive product and factory documentation even if customer records remain unaffected. What Happened in the Breach WorldLeaks, an extortion crew that posts victims…

Crunchbase confirmed a cybersecurity incident after the extortion group ShinyHunters claimed it stole company documents and posted a tranche of data online, part of a broader wave of social engineering intrusions tied to single sign on account takeovers. Crunchbase told SecurityWeek it detected a threat actor exfiltrated certain documents from its corporate network, said business…

Personal details tied to about 4,500 Immigration and Customs Enforcement and Border Patrol personnel were reported as leaked to the ICE List website, an episode that has intensified a U.S. debate over privacy, transparency, and the safety of federal officers. What Happened in the 4,500 ICE Names Leak Data Breach The ICE List website and…

What Happened in the Oracle E-Business Suite Hack?  A sprawling extortion campaign tied to the CL0P brand has targeted organizations that run Oracle’s E-Business Suite (EBS), with attackers claiming they stole data from victims’ EBS environments and then pressuring executives for payment. The campaign surfaced publicly in late September 2025 and continued into January 2026,…