Data Breaches

Editorial science-poster illustration of breach notification law symbols — a gavel, a sealed envelope, a clock, legal documents, a globe, and a megaphone.

Cybersecurity 101

Data Breach Notification Laws Explained

A clear guide to data breach notification laws — what triggers them, who must be told, the major frameworks, the 72-hour rule, and how to prepare.

05 Jun 2026

Flat white line-art of a registration form feeding a database cylinder with an open padlock, on a charcoal background — exposed aid-registration data.

Data Breaches

UN World Food Programme Breach Exposes Data on 600,000 Gaza Aid Recipients

The UN World Food Programme says its self-registration application for Palestine was breached, exposing names, ID and mobile numbers and location data for roughly 600,000 Gaza households — potentially the largest-known breach of humanitarian beneficiary data to date.

04 Jun 2026

Editorial science-poster illustration of incident response planning symbols — a binder, a phone, a checklist, a stopwatch, a fire extinguisher, and a shield.

Cybersecurity 101

What Is an Incident Response Plan?

A clear guide to incident response plans — what they are, why every organization needs one, what they should contain, and how to build, test, and maintain one.

03 Jun 2026

Line-art of an ID badge fanning out into multiple document copies scattered across screens; one scattered copy carries a single flat red dot.

Cybercrime

Spain Arrests a Suspect Over the Doxxing of Police, Prosecutors and INCIBE Cyber Officials

Spain's National Police arrested a suspect accused of publishing personal data of officials from its most sensitive bodies — including the cyber agency INCIBE, the police, Civil Guard and prosecutors — a doxxing campaign police say endangered both the individuals and their institutions.

03 Jun 2026

Line-art of a vault door ajar with a small key icon being carried out on a thin line; the vault's combination dial shows a single flat red dot.

Account Takeover (ATO)

Dashlane Says Hackers Beat Its 2FA and Downloaded About 20 Customers' Encrypted Vaults

Dashlane now says the brute-force attack it disclosed on May 31 succeeded: by defeating 2FA on about 20 customer accounts, attackers downloaded copies of those users' encrypted password vaults. The vaults stay locked behind each user's master password, but affected users should rotate.

03 Jun 2026

Line-art driver's license card next to a small folder icon containing more ID cards, on an olive background; one flat red dot sits on the front license.

Data Breaches

Pay Tel Exposed Driver's Licenses of 300,000 Prison-Call Customers on an Open Azure Server

Pay Tel, a US prison calling vendor, left a Microsoft Azure storage server holding 300,000-plus driver's license scans and inmate communications open to the web without a password, UpGuard told TechCrunch on May 28. It is Pay Tel's second known security failure in a year.

29 May 2026

Data Breaches

The OnlyFans "340 Million-Record Leak" Was Compiled From Old Breaches, Not a Platform Hack

A threat actor advertised a 340 million-record OnlyFans dataset for 0.313 BTC on May 25, then privately admitted they did not breach the platform. The compilation stitches old breach data to public profiles, and the framing failure is itself the editorial story.

28 May 2026

Line-art cruise-ship silhouette with a row of small porthole circles along the hull; one porthole holds a single flat red dot.

Data Breaches

Carnival Confirms 6 Million-Person Breach, 38 Days After ShinyHunters Posted Ultimatum

Carnival Corporation began notifying 5,995,277 people on May 27, 2026 that their personal data was stolen in an April vishing breach — the corporate confirmation of an extortion claim ShinyHunters posted to its leak site 38 days earlier.

28 May 2026

Line-art cloud icon connected by a chain to a small phone handset, with a stack of data records sliding out of the cloud; a single flat red dot marks the cloud.

Data Breaches

Charter Confirms Breach as ShinyHunters Claims 42 Million Records via Salesforce Vishing

Charter Communications, the parent of Spectrum, confirmed a cybersecurity incident on May 26-27, 2026 after ShinyHunters claimed 42 million customer records via the same vishing-to-Microsoft-Entra-to-Salesforce playbook documented across the 2026 cluster at ADT, Amtrak, Odido, and Vimeo.

28 May 2026

Line-art passport booklet and selfie portrait card overlapped by a web-browser window frame; one flat red dot sits on the passport's data page.

Data Breaches

Third-Party UK Visa Site Exposed About 100,000 Applicants' Passport Scans and Selfies

A site branded as 'UK Visa Portal' exposed at least 100,000 applicants' passport scans and selfies, TechCrunch reported May 26. The site is not affiliated with the UK government, and the operator sent attorneys rather than fix the leak.

27 May 2026

Line-art Lithuanian government building beside a tall filing cabinet, a small key drawn between them carrying a red dot at the cabinet's lock.

Data Breaches

Lithuania Says 600,000 Register Records Pulled Through a Migration Department Login

Lithuania's Prosecutor General's Office says more than 600,000 records were pulled from the Centre of Registers using valid Migration Department login credentials issued queries from abroad. The registry itself was not breached — an authorized third party's login was.

26 May 2026

Line-art illustration of three medical-record file cards linked by thin connector lines to a central vendor server; one card carries a single red dot.

Data Breaches

Three Breaches in One Day Expose the Two Failures Driving 2026: Repeat Victims and Vendor Risk

Three breach disclosures landed in one cycle — Radiology Associates of Richmond (266,183 people), DocketWise (143,480), and a vendor breach at the Oncology Institute. None is a novel attack. Together they map 2026's two structural failures: repeat victimization and third-party risk.

25 May 2026

See all