Breach Reports

A threat actor scraped 49 million Dell customer purchase records by abusing a partner portal API, exposing names, addresses, and hardware purchase details.

Threat actors from the Scattered Spider and ShinyHunters groups breached Allianz Life's Salesforce CRM through social engineering, exposing personal data including Social Security numbers of 1.5 million customers and financial professionals.

Cencora (formerly AmerisourceBergen), one of the world's largest pharmaceutical distributors, suffered a data breach exposing patient personal and health information from its specialty pharmacy and patient services programs.

Scattered Spider social-engineered a service desk password reset to breach M&S, deploying DragonForce ransomware that encrypted VMware infrastructure, halted online sales for 46 days, and caused £300 million in lost profit.

Hackers breached Yale New Haven Health's network, stealing personal and medical information of 5.56 million patients in the largest healthcare data breach of 2025, resulting in an $18 million class action settlement.

A compromised credential without MFA enabled allowed a hacker to access PowerSchool's systems for nine days, exfiltrating personal data of 62 million students and 9.5 million educators in the largest breach of children's data in U.S. history.