Data Breach Observatory
Four in five small businesses have suffered a recent data breach. And a single incident can cost a small firm over $1 million. So why don’t we hear more data breach news?
Proton isn’t waiting for breaches to be reported. Instead, we go to the dark web and track leaks in real time. Click below to see if you’re affected, and to reduce your risk, use a business password manager.
Raaga
What happened?
A dataset containing more than 10 million records from the Indian music streaming service Raaga appeared on the dark web following an incident that allegedly occurred in December 2025. The compromised data includes names, dates of birth, phone numbers, email addresses, usernames, and passwords. In January 2026, the company officially confirmed(nova finestra) the breach and advised users to change their passwords and enable two-factor authentication to secure their accounts against unauthorized access.
Canada Goose
What happened?
In February 2026, Canadian luxury apparel brand Canada Goose was linked to a data exposure involving nearly one million customer records. In an official statement(nova finestra), the company confirmed that the data "appears to relate to past customer transactions" and stated that the incident originated from a breach at a third party in August 2025. The leaked data included customer names, physical addresses, phone numbers, and email addresses.
Association Nationale des Premiers Secours (ANPS)
What happened?
The Association Nationale des Premiers Secours (ANPS), a French first-aid nonprofit organization, was targeted by a cyberattack that resulted in the leak of over 300,000 records. The exposed data included sensitive personal and financial information such as names, dates of birth, addresses, phone numbers, email addresses, and IBANs. ANPS confirmed the leak originated from a legacy system(nova finestra) and stated it has notified the French Data Protection Authority (CNIL).
Substack
What happened?
Digital publishing platform Substack was impacted by a major API scraping incident that exposed contact information for more than 660,000 users. The incident happened in October 2025 but was officially disclosed on February 6, 2026(nova finestra), just days after a hacker known as “w1kkid” leaked what they claimed to be Substack user data. In a notification sent to users, the company stated that passwords, payment card numbers, and other financial information were not exposed.
Bumble
What happened?
In January 2026, dating app Bumble confirmed(nova finestra) that a contractor’s account was compromised in a phishing attack, granting attackers unauthorized access to its internal network. The cybercriminal group ShinyHunters claimed responsibility, allegedly exfiltrating 30GB of data, including company documents and employee information. While Bumble stated that its member database, user accounts, and private messages were not affected, a class action lawsuit(nova finestra) filed in February 2026 alleges that a wide range of user personally identifiable information (PII) was exposed in the "preventable" attack.
Match Group
What happened?
In January 2026, Match Group, the parent company of Tinder and Hinge, confirmed(nova finestra) a cybersecurity incident involving a "limited amount of user data", stating there was “no indication that user credentials, financial information, or private communications were accessed.” The attack was linked to a ShinyHunters voice phishing (vishing) campaign(nova finestra) targeting its identity provider, Okta. The exposed data included personal and contact information such as names, dates of birth, addresses, phone numbers, and email addresses.
Panera Bread
What happened?
The American bakery-café chain Panera Bread suffered a major data breach exposing over 8 million customer records, including names, dates of birth, phone numbers, and email addresses. According to The Register,(nova finestra) the cybercriminal group ShinyHunters gained access to the company’s internal systems by compromising a Microsoft Entra SSO code. The incident was part of the group’s broader voice phishing (vishing) campaign(nova finestra) that also affected Bumble, Match Group, SoundCloud, and others.
SoundCloud
What happened?
Music streaming platform SoundCloud was impacted by a data exposure involving more than 29 million user records. The incident was part of the same widespread "vishing" campaign (nova finestra)carried out by the threat actor group ShinyHunters, which targeted multiple major tech companies in early 2026. SoundCloud confirmed(nova finestra) the exposure involved customers’ names and email addresses, and clarified that “no sensitive data (such as financial or password data) has been accessed.”
Thermomix (Vorwerk) – Recipe World Forum
What happened?
In January 2026, a database containing over 3 million user records from the Thermomix Recipe World Forum (Rezeptwelt) was leaked online following a security incident. Parent company Vorwerk confirmed(nova finestra) that the breach was limited to a subordinate server managed by an external service provider and did not affect its core platform or connected devices. Compromised data included names, dates of birth, addresses, phone numbers, email addresses, and usernames.
Endesa
What happened?
In January 2026, the Spanish energy company Endesa notified customers(nova finestra) of a cyberattack that resulted in the leak of highly sensitive information including names, postal codes, phone numbers, email addresses, ID numbers, and IBANs. Endesa confirmed it was working with law enforcement to address the breach, which was likely initiated through compromised credentials.
Qantas Airways
What happened?
Australia's national airline Qantas Airways Ltd. was targeted by a group of hackers named Scattered Lapsus$ Hunters which launched a ransomware attack(nova finestra). The company did not pay the ransom, leading to more than 11 million customer records being leaked on the dark web. Sensitive data including customer names, addresses, and email addresses were exposed, but no financial records appeared. Qantas announced that it has strengthened its security measures following the data breach.
Vietnam Airlines
What happened?
In October 2025, a dataset obtained from the Salesforce systems of several organizations was released online(nova finestra) by a hacking group known as “Scattered LAPSUS$ Hunters.” One of the affected companies was Vietnam Airlines, where attackers had previously accessed its Salesforce environment in June 2025. The breach exposed over 30 million customer records, including names, dates of birth, addresses, phone numbers, and email addresses.
Bouygues Telecom
What happened?
In August 2025, French telecommunications provider Bouygues Telecom reported a cyberattack(nova finestra) that led to the exposure of nearly 6.4 million customer records. The leaked data contained names, dates of birth, addresses, phone numbers, email addresses, and IBANs. The company stated that all affected customers were notified of the incident.
Miljödata
What happened?
In August 2025, Swedish system supplier Miljödata suffered a ransomware attack (nova finestra)that led to the publication of stolen data on the dark web. The leaked information included email addresses and passwords, along with additional personal information such as names, dates of birth, addresses, phone numbers, and government-issued personal identity numbers.
Free
What happened?
France's second largest ISP and telephone provider Free(nova finestra) confirmed in October 2024 that it had been targeted by a data breach. In May 2025, customer data appeared on the dark web: names, dates of birth, phone numbers, email addresses, and IBANs were all leaked. In total, more than 19.5 million records appeared online. The National Commission for Information Technology and Freedoms launched a sanctions procedure against Free in March 2025.
Royal Mail
What happened?
UK postal service Royal Mail was impacted by a data breach (nova finestra)involving a 144GB leak of customer information. According to reports, the incident originated at Spectos, a German service provider used by Royal Mail to monitor delivery quality. The exposed data included names, dates of birth, addresses, phone number, email addresses, and passwords.
Hertz
What happened?
In April 2025, global car rental giant Hertz confirmed a data breach(nova finestra) that resulted in the exposure of customer information. The incident was caused by a third-party software vulnerability in Cleo, a file-transfer program used by the company. Attackers exploited "zero-day" flaws in the software to gain unauthorized access to data. Compromised data included names, email addresses, usernames, and passwords.
Orange Romania
What happened?
In February 2025, a hacker going by the name Rey obtained more than 3.4 million records from telecoms provider Orange's Romanian branch(nova finestra). Data including customer names, dates of birth, addresses, phone numbers, email addresses, usernames, and ID numbers appeared on the dark web following a ransomware attack which Orange declined to pay. Orange is monitoring the attack along with The Romanian National Cybersecurity Directorate (DNSC).
Zacks Investment Research
What happened?
Chicago-based investment research company Zacks Investment Research(nova finestra) was breached by hackers in June 2024. In February 2025, customer data including names, addresses, phone numbers, email addresses, usernames, and passwords appeared for sale online. The company has not yet addressed this breach, having now been affected by multiple data breaches in recent years.
PhoneMondo
What happened?
In January 2025, more than 10.5 million records stolen from German telecommunications platform PhoneMondo appeared on the dark web. Sensitive data includes names, dates of birth, addresses, phone numbers, email addresses, usernames, passwords, and IBANs. As of October 2025, it doesn't appear that PhoneMondo has acknowledged the breach.
Keep your business off this list
Your passwords and multi-factor authentication are your first line of defense against hackers. Learn how thousands of small business leaders streamline password management and protect their data.
About the Data Breach Observatory
- What is the Data Breach Observatory?
- Where do you get your information?
- Why report data breach news?
- Doesn't disclosing recent data breaches harm the businesses?
- How are breaches added to the Data Breach Observatory?
- What data is leaked?
- What types of data make a breach critical?
- What does the breach publication date mean?