KDDI Data Breach Exposes Email Data of 12 Million People
A single vulnerability in shared email infrastructure has triggered one of Japan's largest data breaches in recent memory. KDDI, the country's second-largest mobile carrier, confirmed that a security incident tied to its email platform has exposed personal information belonging to more than 12 million people. The KDDI data breach also touches customers of five smaller internet service providers that rely

ShinyHunters Disputes NAIC Data Breach Claims After Leak
A major insurance regulator just found itself at odds with the hacking group that broke into its systems. The NAIC data breach, first detected on June 11, has turned into a public dispute over exactly what was stolen and how serious the damage really is. The National Association of Insurance Commissioners, which oversees insurance regulation across all 50 states, confirmed

KDDI Data Breach Exposes Email Logins for 14 Million Customers
One of Japan's largest telecom providers has confirmed a serious security incident. A KDDI data breach has exposed the email credentials of up to 14.22 million customers — not just from KDDI itself, but from five additional internet service providers that shared the same compromised email infrastructure. The breach raises urgent questions about how shared systems across telecoms can turn

LastPass Confirms Data Breach in Supply Chain Attack
Password manager giant LastPass has confirmed a data breach affecting customer information stored in its Salesforce environment. The incident traces back to a supply chain attack on Klue, a third-party market intelligence platform, which gave hackers access to authentication tokens that connected into LastPass's CRM systems. Importantly, the breach did not touch user vaults or LastPass's core infrastructure. How the

Infinite Campus Data Breach Exposes 137K School Staff
A new wave of school cybersecurity trouble landed in March. Attackers broke into the Salesforce systems behind Infinite Campus, a student information platform used by school districts nationwide. The Infinite Campus data breach didn't touch student records directly. Instead, it exposed personal details for more than 137,000 school staff members across the country. The incident adds another entry to a

ServiceNow Data Breach Exposes Customer Records
ServiceNow has confirmed a security incident after a misconfigured API endpoint exposed enterprise customer data to unauthorized access. The ServiceNow data breach became public on June 9, 2026, when the company began notifying affected customers through a gated support bulletin and direct support cases. ServiceNow had already pushed a patch to hosted instances on June 5. But questions about how

Oracle PeopleSoft Data Breach Hits 100+ Organizations
A major Oracle PeopleSoft data breach is now confirmed, with the ShinyHunters extortion gang claiming responsibility for attacks on more than 100 organizations worldwide. The group says it has compromised 300 separate instances and is actively sending extortion demands to victims. One university has already acknowledged the incident publicly, and stolen data has appeared on ShinyHunters' leak site. What Is

Ajax Data Breach Leads to Dutch Police Arrest
Dutch police arrested a 35-year-old man from the municipality of Buren on the morning of May 27 in connection with the Ajax data breach. Investigators determined he had accessed the football club's computer systems without authorization on multiple occasions earlier this year. Officers searched his home and seized computers, hard drives, and other digital storage devices as part of the

7-Eleven Confirms Data Breach Tied to ShinyHunters Gang
7-Eleven has confirmed a data breach affecting its internal systems, with the attack traced back to April 8, 2026. The 7-Eleven data breach exposed documents tied to the company's franchise application process, and the group behind it wasted no time making demands. ShinyHunters, one of the most active cybercrime groups operating today, claimed responsibility and threatened to publish stolen data

NVIDIA GeForce NOW Data Breach Exposes Armenian User Data
A GeForce NOW data breach has been confirmed by NVIDIA, exposing personal information belonging to users of the cloud gaming service in Armenia. The incident did not touch NVIDIA's own global infrastructure, but it has put a spotlight on the security risks that come with the company's regional partner model. What Happened The breach originated at GFN.am, a third-party company
