Last updated: July 5, 2026 at 9:01 AM UTC
All 557 Vulnerability 199 Breach 106 Threat 245 Defense 7
Tag: data-breach (31 articles)Clear

ShinyHunters leaks Moody Bible Institute data on 2.3 million students and donors

The extortion group ShinyHunters has published data stolen from Moody Bible Institute, a Chicago-based Christian college, after a "pay or leak" campaign. Have I Been Pwned indexed more than 2.3 million unique email addresses along with names, physical addresses, phone numbers, and dates of birth belonging to students, alumni, donors, and supporters. ShinyHunters claimed a much larger haul spanning enrollment, donor, payroll, and communications systems, and some reporting ties the intrusion to the same ShinyHunters campaign that exploited an Oracle PeopleSoft flaw. Most of the leaked email addresses had already appeared in earlier breaches, raising the risk of credential stuffing and targeted phishing.

Check
People connected to Moody Bible Institute as students, alumni, donors, or staff should watch for a notification, be alert to phishing referencing the school, and check Have I Been Pwned.
Affected
Students, alumni, donors, and supporters of Moody Bible Institute whose contact details and dates of birth were exposed (over 2.3 million emails); the data supports credential stuffing and convincing phishing.
Fix
Affected people should reset any reused passwords, enable multi-factor authentication, and treat school-themed messages with caution. Organizations should secure SaaS and HR platforms, enforce MFA, and harden against social-engineering-driven data theft.

Medtronic notifies customers after ShinyHunters breach of corporate systems

Medical device maker Medtronic has begun notifying customers that their personal data was exposed in a breach of its corporate IT systems earlier this year, an attack claimed by the extortion group ShinyHunters. Medtronic noticed unusual activity in mid-April and its investigation found that an unauthorized actor had access between April 13 and 19. ShinyHunters claimed to hold roughly nine million records containing personal and internal corporate data, and Medtronic did not pay, with its listing later removed from the group's leak site. The company says its products, patient safety, and the networks running its medical devices were not affected, crediting separation between corporate and clinical systems.

Check
People who have dealt with Medtronic as customers, patients, providers, or partners should watch for their notification and stay alert to phishing or fraud that references Medtronic or medical accounts.
Affected
Individuals whose personal data sat in Medtronic's corporate IT systems, accessed between April 13 and 19; ShinyHunters claimed about nine million records, though device networks and patient safety were not affected.
Fix
Affected people should monitor for targeted phishing and identity fraud. Organizations should segment corporate IT from operational and clinical systems, harden SaaS and identity against social engineering, and enforce phishing-resistant MFA.

Aflac Japan breach exposes personal data of 4.38 million customers and agents

Aflac Life Insurance Japan, a subsidiary of the US insurance giant Aflac, says attackers broke into its policyholder portal and stole personal data belonging to about 4.38 million customers and agents. The intruders accessed systems repeatedly between June 15 and June 25, when the breach was detected through a surge in traffic, and the company suspended affected systems in response. Exposed data includes names, addresses, phone numbers, dates of birth, gender, and insurance account details, plus premium payment account information for roughly 230,000 people; no credit card data was taken. Aflac says the incident is limited to its Japan systems and does not affect its US operations.

Check
Aflac Japan policyholders and agents should watch for their notification letter, stay alert to phishing and fraud referencing Aflac or insurance accounts, and monitor bank accounts used for premium payments.
Affected
About 4.38 million Aflac Japan customers and agents whose personal and insurance data was exposed, including premium payment account details for roughly 230,000; the breach is limited to Aflac's Japan systems.
Fix
Affected people should monitor accounts for fraud and be cautious of insurance-themed phishing. Organizations should tighten access to customer portals, enforce phishing-resistant MFA, and monitor for unusual access and data exfiltration.

Nissan employee data stolen through Oracle PeopleSoft zero-day attacks

Nissan has disclosed that current and former employees' data was stolen after attackers exploited a zero-day flaw in Oracle PeopleSoft, the software it uses to manage payroll, tax, and personnel records. In a filing with California's attorney general, Nissan said Oracle informed it that the personnel records of hundreds of companies may have been taken. The attacks, tied to the extortion group ShinyHunters, exploited PeopleSoft vulnerability CVE-2026-35273 as a zero-day between late May and early June, primarily hitting education organizations, before Oracle issued mitigations. ShinyHunters has begun leaking stolen data, with Nissan joining victims that include the University of Nottingham and a US insurance regulator group.

Check
Organizations using Oracle PeopleSoft should confirm the CVE-2026-35273 mitigations are applied and review access logs from late May through early June for signs of the data-theft activity Mandiant documented.
Affected
Nissan's current and former employees whose payroll and personnel records were exposed, and the hundreds of other PeopleSoft-using organizations Oracle says were caught in the same ShinyHunters zero-day campaign (CVE-2026-35273).
Fix
Apply Oracle's PeopleSoft mitigations, rotate exposed credentials, and offer affected employees identity protection. Affected individuals should watch for phishing and fraud using stolen payroll and personnel data, including tax-related identity theft.

KDDI email breach affects up to 14.2 million accounts across six Japanese ISPs

Japanese telecom giant KDDI has disclosed a breach of an email platform it operates for itself and several internet service providers, potentially exposing the email addresses and passwords of up to 14.22 million mailboxes. KDDI detected the intrusion on June 17, blocked the attacker the same day, and traced the entry to a vulnerability in unnamed third-party software used by the email system. Six ISPs are affected, including JCOM, Nifty, and Biglobe, and the figure covers current, former, and inactive accounts. KDDI says some passwords were hashed or encrypted but has not said how many were stored in plaintext, and is urging all affected users to change their passwords.

Check
Customers of KDDI or the affected ISPs, including JCOM, Nifty, and Biglobe, should change their email passwords immediately and anywhere the same password was reused, and watch for phishing attempts.
Affected
Up to 14.22 million current, former, and inactive email accounts across six Japanese ISPs on KDDI's platform; exposed addresses and passwords enable account takeover, phishing, and credential stuffing where reused.
Fix
Affected users should change email passwords and any reused elsewhere, and enable multi-factor authentication. Organizations should inventory third-party software in shared platforms, patch promptly, and segment systems to limit breach scope.

ShinyHunters leaks Sysco data with 2.7 million email addresses after extortion

Food distribution giant Sysco was hit by the extortion group ShinyHunters in a "pay or leak" attack, and after the company did not pay, the stolen data was published. Have I Been Pwned has indexed 2,691,852 unique email addresses belonging to staff and customers, alongside what is described as largely corporate contact information. The breach fits ShinyHunters' sweeping 2026 campaign against large enterprises, which has typically relied on social engineering and compromised SaaS integrations rather than software exploits. Exposed business contact data is useful for convincing, targeted phishing aimed at Sysco's staff, customers, and partners.

Check
People and businesses dealing with Sysco should check Have I Been Pwned for affected emails and stay alert to phishing or invoice fraud that references Sysco accounts, orders, or deliveries.
Affected
Sysco staff, customers, and partners whose email addresses and corporate contact details were exposed (2,691,852 indexed); the data supports targeted phishing and business email compromise against the food-distribution supply chain.
Fix
Treat unexpected Sysco-themed emails with caution, verify payment or account changes through known contacts, enable phishing-resistant MFA, and brief staff and partners on the heightened phishing risk from this exposure.

American Tower breach surfaces on Have I Been Pwned with 216,000 accounts

Data from a breach of American Tower, one of the largest wireless communications infrastructure companies, has been indexed by Have I Been Pwned, which added 216,601 affected accounts. The extortion group ShinyHunters is linked to the incident, consistent with its sweeping 2026 campaign that has used social engineering against staff to reach corporate systems and exfiltrate data at major enterprises. American Tower operates critical telecom infrastructure, making any exposure of employee or partner data a concern for follow-on phishing and targeted attacks. Exposed contact details are commonly reused for convincing phishing against affected individuals and the organization.

Check
People connected to American Tower should check Have I Been Pwned for their email and stay alert to phishing referencing the company; the organization should review how the data was accessed.
Affected
Individuals whose data was exposed in the American Tower breach (216,601 accounts indexed); exposed contact information supports targeted phishing against a company operating critical communications infrastructure.
Fix
Reset and avoid reusing affected passwords, enable phishing-resistant MFA, and treat unexpected messages referencing American Tower with caution. Organizations should harden help desks and accounts against social-engineering-driven access.

ShinyHunters leaks Madison Square Garden Sports data on nearly 10 million people

The extortion group ShinyHunters has published data stolen from Madison Square Garden Sports, owner of the New York Knicks and Rangers, after the company did not pay. Have I Been Pwned indexed 9,796,738 unique email addresses spanning staff and customers, alongside extensive personal, employment, and customer-relationship records including names, addresses, phone numbers, and some dates of birth. Reporting on the leak describes an internal "Talent" file profiling former players, executives' family members, and celebrities, in some cases with so-called threat assessments. The intrusion reportedly began with voice-phishing of staff, the same social-engineering pattern behind ShinyHunters' wider 2026 campaign against large enterprises.

Check
People who interacted with Madison Square Garden venues or teams should check Have I Been Pwned for their email and watch for targeted phishing or fraud referencing tickets, accounts, or events.
Affected
Staff and customers of Madison Square Garden Sports whose contact and personal data was exposed (9,796,738 emails); high-profile individuals named in internal files face heightened targeting and impersonation risk.
Fix
Reset and avoid reusing affected account passwords, enable phishing-resistant MFA, and stay alert to convincing phishing. Organizations should harden help desks against voice-phishing with strict caller-identity verification.

Healthcare AI vendor Xsolis breach exposes data on 1.4 million people

Xsolis, a US healthcare technology company whose AI software is used by more than 600 hospitals and insurers for utilization management and reimbursement decisions, has disclosed a breach affecting 1,396,519 people. Attackers got in through a targeted phishing attack on an employee in January, accessing files containing patient data Xsolis handles for its clients. The exposed information includes names, dates of birth, addresses, Social Security numbers, health insurance details, and medical treatment information. Because Xsolis is a vendor, affected individuals may never have dealt with it directly; downstream health systems including Mayo Clinic are among those whose patients are impacted.

Check
Healthcare organizations should check whether they share data with Xsolis and confirm their breach-notification obligations; affected individuals should watch for medical, insurance, and identity fraud and any Xsolis-related notice.
Affected
Patients and health-plan members whose data Xsolis processed for hospitals and insurers (1,396,519 affected); exposed Social Security numbers and medical information carry lasting identity-theft and medical-fraud risk.
Fix
Affected people should enroll in the offered monitoring, freeze credit, and watch insurance statements. Healthcare organizations should strengthen phishing-resistant MFA, map which vendors hold patient data, and tighten access to health-data repositories.

Tata Electronics confirms breach as extortion gang leaks Apple and Tesla files

Tata Electronics, the Indian manufacturer that assembles roughly a third of Apple's iPhones in India, has confirmed a cyberattack affecting part of its IT systems after the extortion group World Leaks began leaking stolen data. The group claims to have taken around 200,000 files, including confidential Apple and Tesla manufacturing and component design documents, internal emails, years of event logs, and copies of employee passports, some belonging to foreign nationals. Researchers say the data has been on the dark web since at least June 10, and a ransom was demanded. World Leaks, a rebrand of the Hunters International group, also claimed breaches at Nike and Dell.

Check
Manufacturers and their partners should review how design documents, supplier data, and employee identity records are segmented and monitored, and watch for phishing or fraud using leaked passport and email data.
Affected
Tata Electronics, its employees whose passports and emails were exposed, and partners like Apple and Tesla whose confidential design and manufacturing documents were reportedly included in the roughly 200,000 leaked files.
Fix
Segment and tightly control access to sensitive design and HR data, monitor for large data exfiltration, enforce phishing-resistant MFA, and prepare partners for downstream phishing and fraud using the leaked information.