Data Breach Observatory
Four in five small businesses have suffered a recent data breach. And a single incident can cost a small firm over $1 million. So why don’t we hear more data breach news?
Proton isn’t waiting for breaches to be reported. Instead, we go to the dark web and track leaks in real time. Click below to see if you’re affected, and to reduce your risk, use a business password manager.
Hallmark
What happened?
In March 2026, greeting card company Hallmark Cards was targeted by threat actor group ShinyHunters, which claimed to have obtained records from the company's Salesforce environment. After Hallmark did not respond to an extortion deadline on April 2, the data was leaked by the group, exposing more than 2.8 million unique accounts. The leaked data included customer names, phone numbers, physical addresses, email addresses, and dates of birth. Hallmark has not released an official statement confirming the breach.
Circle
What happened?
In March 2026, Aura, a US-based identity protection company and parent company of Circle, confirmed a data breach(new window) after an employee fell victim to a voice phishing attack. The incident exposed more than 1.5 million records containing customer names, physical addresses, phone numbers, and email addresses. ShinyHunters claimed responsibility for the attack, who accessed the data through a marketing tool the company used.
Baydöner
What happened?
In March 2026, Turkish restaurant chain Baydöner suffered a data breach (new window)that was subsequently published on a cybercrime forum by a threat actor exposing over 2.7 million records. The leaked data included customer names, dates of birth, physical addresses, phone numbers, email addresses, usernames, and passwords. In its disclosure notice(new window), Baydöner stated that payment and financial data was not affected. Turkey's personal data protection authority KVKK announced the breach shortly after it came to light.
Canada Goose
What happened?
In February 2026, Canadian luxury apparel brand Canada Goose was linked to a data exposure involving nearly one million customer records. In an official statement(new window), the company confirmed that the data "appears to relate to past customer transactions" and stated that the incident originated from a breach at a third party in August 2025. The leaked data included customer names, physical addresses, phone numbers, and email addresses.
Brillen.de
What happened?
German online eyewear retailer Brillen.de alerted customers in February 2026 (new window)after its darknet monitoring flagged a forum post offering 1.5 million customer records for sale. Forensic investigation traced the theft back to a separate cyberattack carried out in September 2025, in which an unauthorized party accessed the company's systems through a compromised entry point. The stolen records included names, dates of birth, postal codes, phone numbers, and email addresses. The incident was reported to the relevant data protection authority.
GDQuest
What happened?
In February 2026, a threat actor posted on a hacking forum (new window)claiming to have leaked a database belonging to GDQuest, a French e-learning platform focused on Godot game engine development. The dataset reportedly contained 66,339 records with user email addresses and usernames. GDQuest has not released a public statement confirming the incident.
Crunchbase
What happened?
In January 2026, market intelligence platform Crunchbase confirmed a data breach(new window) after ShinyHunters published over 400MB of files stolen from its corporate network following a failed ransom attempt. The attack is believed to have originated from a voice phishing campaign targeting Okta SSO credentials, a method the group used against multiple companies in late 2025 and early 2026. The leaked data affecting more than 1.5 million records included names, dates of birth, physical addresses, phone numbers, email addresses, and usernames, alongside internal corporate documents and contracts. Crunchbase engaged cybersecurity experts and notified federal law enforcement, stating that no business operations were disrupted.
SoundCloud
What happened?
Music streaming platform SoundCloud was impacted by a data exposure involving more than 29 million user records. The incident was part of the same widespread "vishing" campaign (new window)carried out by the threat actor group ShinyHunters, which targeted multiple major tech companies in early 2026. SoundCloud confirmed(new window) the exposure involved customers’ names and email addresses, and clarified that “no sensitive data (such as financial or password data) has been accessed.”
WhiteDate
What happened?
In December 2025, WhiteDate, a white nationalist dating platform, was infiltrated by an anonymous security researcher going by the pseudonym Martha Root, who presented the findings publicly at the Chaos Communication Congress in Hamburg. Using AI-generated fake accounts to bypass the site's verification process, Root exfiltrated over 6,600 user records containing dates of birth, physical addresses, email addresses, usernames, and sensitive personal profile information including medical data. The full dataset was subsequently archived and made available to journalists and researchers via DDoSecrets. WhiteDate's domain went offline shortly after the breach was disclosed.
Figure Lending LLC
What happened?
In February 2026, US fintech Figure Lending LLC confirmed a data breach after (new window)an employee was targeted by a social engineering attack that gave hackers access to internal systems via the company's Okta SSO environment. ShinyHunters claimed responsibility and published 2.5GB of stolen files after Figure declined to pay a ransom. The breach exposed more than 3 million records containing customer names, dates of birth, physical addresses, phone numbers, email addresses, passwords, and Social Security numbers. Figure notified affected individuals in late February 2026 and offered complimentary credit monitoring services.
Qantas Airways
What happened?
Australia's national airline Qantas Airways Ltd. was targeted by a group of hackers named Scattered Lapsus$ Hunters which launched a ransomware attack(new window). The company did not pay the ransom, leading to more than 11 million customer records being leaked on the dark web. Sensitive data including customer names, addresses, and email addresses were exposed, but no financial records appeared. Qantas announced that it has strengthened its security measures following the data breach.
Vietnam Airlines
What happened?
In October 2025, a dataset obtained from the Salesforce systems of several organizations was released online(new window) by a hacking group known as “Scattered LAPSUS$ Hunters.” One of the affected companies was Vietnam Airlines, where attackers had previously accessed its Salesforce environment in June 2025. The breach exposed over 30 million customer records, including names, dates of birth, addresses, phone numbers, and email addresses.
Bouygues Telecom
What happened?
In August 2025, French telecommunications provider Bouygues Telecom reported a cyberattack(new window) that led to the exposure of nearly 6.4 million customer records. The leaked data contained names, dates of birth, addresses, phone numbers, email addresses, and IBANs. The company stated that all affected customers were notified of the incident.
Miljödata
What happened?
In August 2025, Swedish system supplier Miljödata suffered a ransomware attack (new window)that led to the publication of stolen data on the dark web. The leaked information included email addresses and passwords, along with additional personal information such as names, dates of birth, addresses, phone numbers, and government-issued personal identity numbers.
Free
What happened?
France's second largest ISP and telephone provider Free(new window) confirmed in October 2024 that it had been targeted by a data breach. In May 2025, customer data appeared on the dark web: names, dates of birth, phone numbers, email addresses, and IBANs were all leaked. In total, more than 19.5 million records appeared online. The National Commission for Information Technology and Freedoms launched a sanctions procedure against Free in March 2025.
Royal Mail
What happened?
UK postal service Royal Mail was impacted by a data breach (new window)involving a 144GB leak of customer information. According to reports, the incident originated at Spectos, a German service provider used by Royal Mail to monitor delivery quality. The exposed data included names, dates of birth, addresses, phone number, email addresses, and passwords.
Hertz
What happened?
In April 2025, global car rental giant Hertz confirmed a data breach(new window) that resulted in the exposure of customer information. The incident was caused by a third-party software vulnerability in Cleo, a file-transfer program used by the company. Attackers exploited "zero-day" flaws in the software to gain unauthorized access to data. Compromised data included names, email addresses, usernames, and passwords.
Orange Romania
What happened?
In February 2025, a hacker going by the name Rey obtained more than 3.4 million records from telecoms provider Orange's Romanian branch(new window). Data including customer names, dates of birth, addresses, phone numbers, email addresses, usernames, and ID numbers appeared on the dark web following a ransomware attack which Orange declined to pay. Orange is monitoring the attack along with The Romanian National Cybersecurity Directorate (DNSC).
Zacks Investment Research
What happened?
Chicago-based investment research company Zacks Investment Research(new window) was breached by hackers in June 2024. In February 2025, customer data including names, addresses, phone numbers, email addresses, usernames, and passwords appeared for sale online. The company has not yet addressed this breach, having now been affected by multiple data breaches in recent years.
PhoneMondo
What happened?
In January 2025, more than 10.5 million records stolen from German telecommunications platform PhoneMondo appeared on the dark web. Sensitive data includes names, dates of birth, addresses, phone numbers, email addresses, usernames, passwords, and IBANs. As of October 2025, it doesn't appear that PhoneMondo has acknowledged the breach.
Keep your business off this list
Your passwords and multi-factor authentication are your first line of defense against hackers. Learn how thousands of small business leaders streamline password management and protect their data.
About the Data Breach Observatory
- What is the Data Breach Observatory?
- Where do you get your information?
- Why report data breach news?
- Doesn't disclosing recent data breaches harm the businesses?
- How are breaches added to the Data Breach Observatory?
- What data is leaked?
- What types of data make a breach critical?
- What does the breach publication date mean?