Data Security

Cybersecurity
Skoda Online Shop Breach Exposes Customer Data and Password Hashes
Skoda Auto disclosed a breach of its online shop portal that exposed customer names, addresses, email addresses, and password hashes to unauthorized access.
Cybersecurity
ShinyHunters Leaks 50GB After Vishing Breach at Cushman & Wakefield
Cushman & Wakefield confirmed a vishing-enabled breach after ShinyHunters and Qilin ransomware listed the firm separately. ShinyHunters published a 50GB Salesforce dataset after the May ...
Application Security
SailPoint GitHub Repositories Breached via Third-Party App Flaw
SailPoint disclosed unauthorized access to its GitHub repositories through a third-party app vulnerability on April 20, 2026, exposing source code data.
Cybersecurity
NVIDIA GeForce NOW Breach Exposes Armenian Users’ Data
NVIDIA confirmed a GeForce NOW data breach via Armenian partner GFN.am, exposing names, emails, and phone numbers of users registered before March 9, 2026.
Cybersecurity
RansomHouse Breaches Trellix; Source Code Repositories Accessed
Trellix confirmed unauthorized access to its source code repositories after RansomHouse posted photographic evidence of the breach. Law enforcement has been notified.
Zara Data Breach Exposes Personal Data of More Than 197,000 Customers
Cybersecurity
Zara Data Breach Exposes Personal Data of More Than 197,000 Customers
Fashion retailer Zara confirmed a data breach affecting over 197,000 customers after hackers accessed databases containing personal information from Inditex systems.
Virginia Contractor Convicted for Destroying Federal Databases
Cybersecurity
Virginia Contractor Convicted for Destroying Federal Databases
A Virginia man convicted of conspiring to destroy dozens of federal databases after being fired from his government contractor role, highlighting insider threat risks to ...
FTC Bans Data Broker Kochava from Selling Americans Location Data
Cybersecurity
FTC Bans Data Broker Kochava from Selling Americans Location Data
The FTC on May 5, 2026 proposed banning data broker Kochava from selling Americans' location data without consent. The 2022 lawsuit alleged Kochava processed 94 ...
ShinyHunters Claims 280 Million Canvas Records Lifted from Instructure
Cybersecurity
ShinyHunters Claims 280 Million Canvas Records Lifted from Instructure
ShinyHunters claims 280 million records stolen from Instructure's Canvas LMS across 8,809 schools and universities in a breach disclosed May 5, 2026.
11 Million Downloads, One Poisoned Version PyTorch's Close Call
Application Security
11 Million Downloads, One Poisoned Version: PyTorch’s Close Call
Attackers compromised PyTorch Lightning 2.6.3 on PyPI with ShaiWorm credential stealer, targeting cloud API keys, browser credentials, and AWS/Azure/GCP tokens.