July 9, 2026

KDDI Data Breach Exposes Email Data of 12 Million People

A single vulnerability in shared email infrastructure has triggered one of Japan's largest data breaches in recent memory. KDDI, the country's second-largest mobile carrier, confirmed that a security incident tied to its email platform has exposed personal information belonging to more than 12 million people. The KDDI data breach also touches customers of five smaller internet service providers that rely

KDDI Data Breach
June 30, 2026

ShinyHunters Disputes NAIC Data Breach Claims After Leak

A major insurance regulator just found itself at odds with the hacking group that broke into its systems. The NAIC data breach, first detected on June 11, has turned into a public dispute over exactly what was stolen and how serious the damage really is. The National Association of Insurance Commissioners, which oversees insurance regulation across all 50 states, confirmed

NAIC Data Breach
June 29, 2026

KDDI Data Breach Exposes Email Logins for 14 Million Customers

One of Japan's largest telecom providers has confirmed a serious security incident. A KDDI data breach has exposed the email credentials of up to 14.22 million customers — not just from KDDI itself, but from five additional internet service providers that shared the same compromised email infrastructure. The breach raises urgent questions about how shared systems across telecoms can turn

KDDI Data Breach
June 24, 2026

LastPass Confirms Data Breach in Supply Chain Attack

Password manager giant LastPass has confirmed a data breach affecting customer information stored in its Salesforce environment. The incident traces back to a supply chain attack on Klue, a third-party market intelligence platform, which gave hackers access to authentication tokens that connected into LastPass's CRM systems. Importantly, the breach did not touch user vaults or LastPass's core infrastructure. How the

LastPass Data Breach
June 16, 2026

Infinite Campus Data Breach Exposes 137K School Staff

A new wave of school cybersecurity trouble landed in March. Attackers broke into the Salesforce systems behind Infinite Campus, a student information platform used by school districts nationwide. The Infinite Campus data breach didn't touch student records directly. Instead, it exposed personal details for more than 137,000 school staff members across the country. The incident adds another entry to a

Infinite Campus Data Breach
June 12, 2026

ServiceNow Data Breach Exposes Customer Records

ServiceNow has confirmed a security incident after a misconfigured API endpoint exposed enterprise customer data to unauthorized access. The ServiceNow data breach became public on June 9, 2026, when the company began notifying affected customers through a gated support bulletin and direct support cases. ServiceNow had already pushed a patch to hosted instances on June 5. But questions about how

ServiceNow data breach
June 11, 2026

Oracle PeopleSoft Data Breach Hits 100+ Organizations

A major Oracle PeopleSoft data breach is now confirmed, with the ShinyHunters extortion gang claiming responsibility for attacks on more than 100 organizations worldwide. The group says it has compromised 300 separate instances and is actively sending extortion demands to victims. One university has already acknowledged the incident publicly, and stolen data has appeared on ShinyHunters' leak site. What Is

Oracle PeopleSoft data breach
May 27, 2026

Ajax Data Breach Leads to Dutch Police Arrest

Dutch police arrested a 35-year-old man from the municipality of Buren on the morning of May 27 in connection with the Ajax data breach. Investigators determined he had accessed the football club's computer systems without authorization on multiple occasions earlier this year. Officers searched his home and seized computers, hard drives, and other digital storage devices as part of the

Ajax Data Breach
May 19, 2026

7-Eleven Confirms Data Breach Tied to ShinyHunters Gang

7-Eleven has confirmed a data breach affecting its internal systems, with the attack traced back to April 8, 2026. The 7-Eleven data breach exposed documents tied to the company's franchise application process, and the group behind it wasted no time making demands. ShinyHunters, one of the most active cybercrime groups operating today, claimed responsibility and threatened to publish stolen data

7-Eleven data breach
May 11, 2026

NVIDIA GeForce NOW Data Breach Exposes Armenian User Data

A GeForce NOW data breach has been confirmed by NVIDIA, exposing personal information belonging to users of the cloud gaming service in Armenia. The incident did not touch NVIDIA's own global infrastructure, but it has put a spotlight on the security risks that come with the company's regional partner model. What Happened The breach originated at GFN.am, a third-party company

GeForce NOW Data Breach