customer data
-
Rituals discloses data breach affecting My Rituals members
Rituals said attackers stole personal information from its My Rituals membership database, affecting an undisclosed number of customers. The company said passwords and payment information were not accessed and that it has contained the breach.
-
ManoMano notifies customers after third-party provider breach affecting 38 million
ManoMano notified customers after a January 2026 breach of a third-party support provider exposed personal data for 38 million people. No passwords were accessed and the company revoked the subcontractor’s data access.
-
OpenAI notifies some API customers after Mixpanel analytics vendor hacked
OpenAI said some ChatGPT API customers had limited identifying information exposed after a smishing-driven compromise of analytics vendor Mixpanel; no chats, API requests, credentials or payment data were exposed and both companies have taken mitigation steps while investigations continue.
-
Dentsu says Merkle subsidiary suffered data breach exposing staff and client information
Dentsu disclosed that U.S. subsidiary Merkle suffered a cybersecurity incident that exposed staff and client data, systems were taken offline, data were stolen and impacted individuals are being notified while an investigation continues.
-
Toys “R” Us Canada notifies customers after customer records leaked
Toys “R” Us Canada told customers a threat actor posted stolen customer records on the unindexed internet on July 30, 2025. Third-party investigators confirmed the data’s authenticity, which may include names, addresses, emails and phone numbers; passwords and payment data were not exposed. The company said it has upgraded security and is notifying regulators, and…
-
MANGO notifies customers after marketing vendor data breach
Spanish retailer MANGO said on Oct. 14, 2025 that an external marketing service suffered unauthorized access exposing first name, country, postal code, email and telephone numbers; MANGO said last names, payment data and IDs were not compromised and its IT systems were unaffected.
-
Adobe says Analytics ingestion bug caused some customers’ data to appear in other tenants
Adobe said an ingestion bug in Analytics Edge caused some organisations’ data to appear in other customers’ analytics instances between Sept. 17 and Sept. 18, 2025; Adobe is cleaning impacted datasets and a customer advisory seen by BleepingComputer instructs deletion of affected data and backups.
-
Stellantis confirms data breach via third-party provider exposing customer emails
Stellantis disclosed that attackers breached a North American third-party customer-service partner, exposing only customer names and email addresses. The company launched an investigation, notified law enforcement, and urged affected customers to watch for phishing, as the auto maker navigates broader industry disruption linked to a separate JLR cyberattack.
-
LNER confirms customer data accessed in third-party data breach
London North Eastern Railway says customer contact details and some journey information were accessed via a third-party supplier, with no impact on ticketing or services and no storage of bank data. The company urges caution on phishing and emphasizes secure passwords.
-
Qantas cuts executive bonuses by 15% after data breach
Qantas cut senior executive short-term bonuses by 15% after a late-June data breach that exposed millions of customers, reducing CEO Vanessa Hudson’s bonus by A$250,000 and five other executives’ bonuses by a combined A$550,000 while noting overall executive pay rose and the airline posted an A$2.4 billion underlying pre-tax profit.
