Latest News: Data Breaches

Hertz has confirmed that customer data has been stolen during a cyberattack on Cleo Communications, a third-party vendor providing file transfer services. The company said the breach occurred when “zero-day vulnerabilities within Cleo’s platform” were exploited in October and December 2024 — an

Cybersecurity Researcher, Jeremiah Fowler, discovered and reported to vpnMentor about a non-password-protected database that contained nearly 8 million records belonging to a UK-based software company that facilitates employee data management, compliance, timesheets, and payroll. The

X, formerly Twitter, has seemingly fallen victim to the largest social media data breach ever, involving 400 GB of data on 2.8+ billion users. In January 2025, a user published a 34GB sample of the data on BreachForum, a popular hacking forum and messaging board on the surface level web. The

A serious security vulnerability in Verizon’s Call Filter app allowed users to access the incoming call logs of any other Verizon customer by modifying an API request. The issue, discovered by cybersecurity researcher Evan Connelly, was disclosed to Verizon in February 2025 and patched by

A leak of 9,000 sensitive New South Wales court documents may expose the details of domestic violence incidents, including some affecting children. The New South Wales Attorney-General has warned potential victims to take extra precautions in the aftermath as police and forensic experts continue to

Cybersecurity Researcher, Jeremiah Fowler, discovered and reported to vpnMentor about a non-password-protected database that contained just under 100k records belonging to GenNomis by AI-NOMIS — an AI company based in South Korea that provides face swapping and “Nudify” adult content as well as a

SpyX, a consumer-grade spyware app marketed as parental monitoring software, has suffered a major data breach affecting nearly 2 million, including thousands of Apple users. The breach occurred in June 2024 but remained unreported until now, with no notification issued to affected users. The

More than 500,000 individuals are being notified after a cyberattack on the Pennsylvania State Education Association (PSEA) compromised their personal data in July 2024. The union, which represents over 178,000 education professionals across Pennsylvania, said in breach notification letters that

Amazon Web Services (AWS) is under scrutiny for continuing to host stolen data from victims of three stalkerware apps — Cocospy, Spyic, and Spyzie — weeks after being alerted to its presence. These apps, designed for covert surveillance, secretly extract and upload victims' personal data to

PowerSchool, a major provider of education software solutions, was compromised months before its December 2024 data breach, according to a forensic investigation by cybersecurity firm CrowdStrike. The company had initially reported that hackers gained unauthorized access between December 19 and