Data Breach Reports

In January 2026, a data breach impacting the French non-profit Association Nationale des Premiers Secours (ANPS) was posted to a hacking forum . The breach exposed 5.6k unique email addresses along with names, dates of birth and places of birth. ANPS self-submitted the data to HIBP and advised the i...

In January 2026, the automated investment platform Betterment confirmed it had suffered a data breach attributed to a social engineering attack . As part of the incident, Betterment customers received fraudulent crypto-related messages promising high returns if funds were sent to an attacker-control...

In December 2025, SoundCloud announced it had discovered unauthorised activity on its platform . The incident allowed an attacker to map publicly available SoundCloud profile data to email addresses for approximately 20% of its users. The impacted data included 30M unique email addresses, names, use...

In November 2025, the Everest ransomware group claimed Under Armour as a victim and attempted to extort a ransom , alleging they had obtained access to 343GB of data. In January 2026, customer data from the incident was published publicly on a popular hacking forum , including 72M email addresses. M...

In December 2025, data allegedly breached from the Indian streaming music service 'Raaga' was posted for sale to a popular hacking forum . The data contained 10M unique email addresses along with names, genders, ages (in some cases, full date of birth), postcodes and passwords stored as unsalted MD5...

In January 2026, data allegedly scraped via an Instagram API was posted to a popular hacking forum . The dataset contained 17M rows of public Instagram information, including usernames, display names, account IDs, and in some cases, geolocation data. Of these records, 6.2M included an associated ema...

In December 2025, a database of the Brazilian crowdfunding platform APOIA.se was posted to an online forum . In January 2026, the company confirmed it had suffered a data breach. The incident exposed 451k unique email addresses along with names and physical addresses.

In February 2026, the online gaming community Toy Battles suffered a data breach. The incident exposed 1k unique email addresses alongside usernames, IP addresses and chat logs. Following the breach, Toy Battles self-submitted the data to Have I Been Pwned.

In October 2025, the publishing platform Substack suffered a data breach that was subsequently circulated more widely in February 2026. The breach exposed 663k account holder records containing email addresses along with publicly visible profile information from Substack accounts, such as publicatio...

In January 2026, Panera Bread suffered a data breach that exposed 14M records . After an attempted extortion failed, the attackers published the data publicly, which included 5.1M unique email addresses along with associated account information such as names, phone numbers and physical addresses. Pa...

In December 2025, data from France's Pass'Sport program was posted to a popular hacking forum . Initially misattributed to CAF (the French family allowance fund), the data contained 6.5M unique email addresses affecting 3.5M households. The data also included names, phone numbers, genders and physic...