Data Breach
-
Swedish privacy authority opens probe after Miljödata cyberattack that exposed up to 1.5 million people
Sweden’s privacy authority is investigating a cyberattack on Miljödata that exposed data tied to up to 1.5 million people. The breach disrupted municipal services, was posted on the dark web by the Datacarry group, and appears in Have I Been Pwned with roughly 870,000 affected records; IMY has prioritised probes of Miljödata and several municipalities.
-
Nikkei says Slack breach exposed personal information of more than 17,000 users
Nikkei said a Slack compromise exposed names, email addresses and chat histories for 17,368 people after attackers used credentials stolen from a malware-infected employee computer; the publisher voluntarily notified Japan’s data protection regulator and said no source-related material was affected.
-
Conduent says 2024 breach affected more than 10.5 million people
Conduent said a data breach first compromising its environment in October 2024 and discovered in January 2025 has impacted more than 10.5 million people, with state filings naming Oregon, Texas, Washington and Maine among those affected; exposed data reportedly included names, Social Security numbers and medical information.
-
Dentsu says Merkle subsidiary suffered data breach exposing staff and client information
Dentsu disclosed that U.S. subsidiary Merkle suffered a cybersecurity incident that exposed staff and client data, systems were taken offline, data were stolen and impacted individuals are being notified while an investigation continues.
-
Toys “R” Us Canada notifies customers after customer records leaked
Toys “R” Us Canada told customers a threat actor posted stolen customer records on the unindexed internet on July 30, 2025. Third-party investigators confirmed the data’s authenticity, which may include names, addresses, emails and phone numbers; passwords and payment data were not exposed. The company said it has upgraded security and is notifying regulators, and…
-
UK regulator declines formal probe into MoD Afghan data leak, commissioner tells MPs
The UK Information Commissioner told MPs his office decided not to open a formal investigation into a Ministry of Defence data breach that exposed details of Afghan resettlement applicants, citing concerns an inquiry might hinder the MoD’s response and noting resource limits for handling classified material.
-
Have I Been Pwned reports 17.6 million addresses affected in Prosper data breach
Prosper, a peer-to-peer lending marketplace, disclosed a breach detected on Sept. 2. Data breach service Have I Been Pwned reported 17.6 million unique email addresses were exposed and said the stolen records include Social Security numbers and other personal data. Prosper said it has not found evidence of account or fund access and is investigating…
-
Sotheby’s reports July breach that exposed Social Security numbers and financial data
Sotheby’s said a July 24 cyber intrusion stole an unspecified amount of data, including Social Security numbers and financial account information; a filing with the Maine attorney general confirmed two Maine residents were affected and the company is offering 12 months of TransUnion monitoring.
-
MANGO notifies customers after marketing vendor data breach
Spanish retailer MANGO said on Oct. 14, 2025 that an external marketing service suffered unauthorized access exposing first name, country, postal code, email and telephone numbers; MANGO said last names, payment data and IDs were not compromised and its IT systems were unaffected.
-
UK regulator fines Capita £14m over 2023 cyberattack that exposed 6.6m people
The UK Information Commissioner’s Office has fined Capita £14 million after a 2023 cyberattack exposed data on about 6.6 million people; the ICO said failures in detection and privileged account controls allowed attackers to exfiltrate roughly 1 TB and deploy ransomware.
