2025 Data Breaches — Year-to-Date Disclosure Tracker

2025 Data Breaches (637 indexed)

critical · tech · Jun 1, 2025

Qantas Airways

5.7M customer records stolen via third-party Salesforce integration — data posted on dark web

View incident → Original disclosure Indexed 10 months, 1 week ago

medium · other · Jun 1, 2025

MOL Group (Hungary)

210K fuel card records compromised

View incident → Original disclosure Indexed 10 months, 1 week ago

critical · tech · Jun 1, 2025

Credential Compilation (16B Passwords)

16 billion credentials from Google, Apple, Facebook — largest credential dump in history

View incident → Original disclosure Indexed 10 months, 1 week ago

medium · healthcare · Jun 1, 2025

Smith & Nephew

210K surgical records compromised

View incident → Original disclosure Indexed 10 months, 1 week ago

high · finance · Jun 1, 2025

Societe Generale

560K customer records exposed

View incident → Original disclosure Indexed 10 months, 1 week ago

high · finance · Jun 1, 2025

Suncorp Group

560K insurance records stolen

View incident → Original disclosure Indexed 10 months, 1 week ago

critical · government · Jun 1, 2025

Chinese Surveillance Network Breach

4 billion records exposed including banking details and home addresses

View incident → Original disclosure Indexed 10 months, 1 week ago

critical · healthcare · Jun 1, 2025

Aflac Incorporated

13M health insurance records compromised — largest healthcare breach of 2025

View incident → Original disclosure Indexed 10 months, 1 week ago

critical · retail · Jun 1, 2025

WestJet Airlines

1.2M passenger records including government IDs and travel documents

View incident → Original disclosure Indexed 10 months, 1 week ago

medium · government · Jun 1, 2025

Bahrain Ministry of Interior

180K citizen records exposed in targeted attack

View incident → Original disclosure Indexed 10 months, 1 week ago

critical · finance · May 27, 2025

Free

13,926,173 records exposed — Bank account numbers, Dates of birth, Genders, Names and 2 more

View incident → Original disclosure Indexed 10 months, 2 weeks ago

high · healthcare · May 27, 2025

NHS Dumfries and Galloway

Patient data published by INC Ransom group after Scottish health board refused to pay

View incident → Original disclosure Indexed 10 months, 2 weeks ago

medium · government · May 22, 2025

Fédération Francaise de Rugby

281,977 records exposed — Dates of birth, Email addresses, Names, Phone numbers

View incident → Original disclosure Indexed 10 months, 3 weeks ago

high · tech · May 15, 2025

Canva Design Platform

2.5M enterprise workspace records exposed via API misconfiguration — design assets leaked

View incident → Original disclosure Indexed 10 months, 4 weeks ago

critical · finance · May 15, 2025

Chime Financial

1.1M customer records stolen in targeted attack

View incident → Original disclosure Indexed 10 months, 4 weeks ago

high · finance · May 15, 2025

Coinbase Global

Customer support agents bribed to steal 97K user records — $20M extortion demand

View incident → Original disclosure Indexed 10 months, 4 weeks ago

high · healthcare · May 15, 2025

Scripps Health (San Diego)

530K patient records re-exposed via legacy system — previously thought contained from 2021

View incident → Original disclosure Indexed 10 months, 4 weeks ago

critical · retail · May 14, 2025

Woolworths Group (Australia 2025)

2.2M MyDeal customer records stolen via compromised subsidiary marketplace platform

View incident → Original disclosure Indexed 10 months, 4 weeks ago

high · healthcare · May 12, 2025

Blue Cross Blue Shield of Massachusetts

490K member records exposed via compromised third-party billing vendor

View incident → Original disclosure Indexed 11 months ago

high · finance · May 11, 2025

Coinbase

70K user records stolen via bribed overseas support contractors — $20M ransom refused

View incident → Original disclosure Indexed 11 months ago

critical · finance · May 10, 2025

Plaid Financial API

2.8M bank account linking records exposed via misconfigured staging environment

View incident → Original disclosure Indexed 11 months ago

high · finance · May 10, 2025

AXA Group

780K policyholder records compromised in ransomware

View incident → Original disclosure Indexed 11 months ago

high · other · May 10, 2025

Pemex (Mexico)

890K employee and pipeline records exposed

View incident → Original disclosure Indexed 11 months ago

medium · education · May 10, 2025

Trinity College Dublin

210K student records exposed

View incident → Original disclosure Indexed 11 months ago