Conduent (Government Contracts)
4.3M individuals affected via Fortune 500 contractor — multiple state governments impacted
Latest Disclosures
Zscaler Cloud Security
150K enterprise zero-trust configurations exposed — test environment breach spread to prod
Amazon Web Services (Customer Data)
2.8M customer billing records and account metadata exposed via misconfigured internal tool
Rogers Bank (Canada)
320K credit card applicant records exposed via compromised underwriting platform
JPMorgan Chase (Vendor)
4.7M customer records exposed via compromised third-party payment processing vendor
Telus Health (Canada)
1.8M employee benefits records from Canadian health benefits platform compromised
Costco Wholesale
1.9M customer records stolen from payment processing system via skimming malware at warehouses
Microsoft Windows
Microsoft Windows Information Disclosure Vulnerability — Microsoft Windows Desktop Windows Manager contains an information disclosure vulnerability that allows an authorized attacker to disclose information locally.
New Zealand Ministry of Health
890K patient vaccination records exposed via misconfigured COVID-era data sharing portal
Kirkland & Ellis LLP
Client M&A deal documents and litigation files exposed via compromised document management system
Gogs Gogs
Gogs Path Traversal Vulnerability — Gogs contains a path traversal vulnerability affecting improper Symbolic link handling in the PutContents API that could allow for code execution.
Tesla Inc.
75K employee records leaked by former staff to German newspaper — payroll, SSNs, complaints
Datadog Inc.
APM and logging data from 340 enterprise customers exposed via compromised CI/CD pipeline
6,215,150 records exposed — Display names, Email addresses, Geographic locations, Phone numbers and 1 more
The Ottawa Hospital
780K patient records exposed in data exfiltration
Teck Resources (BC)
450K mining records compromised
Booking.com
2.3M guest records compromised in phishing campaign targeting hotels
Scotiabank (Canada)
2.1M customer records from Caribbean and Central American operations exposed
ABB Ltd (Switzerland)
560K automation records exposed
CIRO (Canadian Investment Regulatory Org)
750K Canadian investors exposed — SINs, income, account statements via phishing attack
City of Toronto (2026)
420K resident records stolen in targeted attack
Garuda Indonesia
450K passenger records exposed
NEC Corporation
560K corporate client records stolen
Government of Prince Edward Island
78K health card records compromised