2025 Data Breaches — Year-to-Date Disclosure Tracker

2025 Data Breaches (637 indexed)

high · finance · May 1, 2025

Macquarie Group

450K investment account records compromised

View incident → Original disclosure Indexed 11 months, 1 week ago

critical · retail · May 1, 2025

Etsy

1.1M seller records compromised in targeted attack

View incident → Original disclosure Indexed 11 months, 1 week ago

high · other · May 1, 2025

Suncor Energy

890K employee and operations records stolen

View incident → Original disclosure Indexed 11 months, 1 week ago

high · other · May 1, 2025

Lufthansa

780K passenger records compromised

View incident → Original disclosure Indexed 11 months, 1 week ago

critical · tech · May 1, 2025

Singtel

1.1M subscriber records stolen in targeted attack

View incident → Original disclosure Indexed 11 months, 1 week ago

high · finance · May 1, 2025

Great-West Lifeco

890K insurance records stolen in credential harvesting

View incident → Original disclosure Indexed 11 months, 1 week ago

high · healthcare · May 1, 2025

Alabama Ophthalmology Associates

130K patient records including medical images and insurance details exposed

View incident → Original disclosure Indexed 11 months, 1 week ago

high · tech · May 1, 2025

Fujitsu (2025)

780K employee and client records exposed

View incident → Original disclosure Indexed 11 months, 1 week ago

critical · other · May 1, 2025

Deutsche Post DHL

1.2M shipping records exposed via vendor breach

View incident → Original disclosure Indexed 11 months, 1 week ago

high · finance · May 1, 2025

Bank of China (Hong Kong)

890K customer records stolen in targeted attack

View incident → Original disclosure Indexed 11 months, 1 week ago

medium · retail · May 1, 2025

Harrods (UK)

Luxury retailer confirmed cyber incident — restricted internet access as precaution

View incident → Original disclosure Indexed 11 months, 1 week ago

high · other · May 1, 2025

Fiat Chrysler (Stellantis Italy)

670K vehicle owner records compromised

View incident → Original disclosure Indexed 11 months, 1 week ago

medium · retail · May 1, 2025

Harrods Department Store (UK)

Attempted cyberattack forced internet shutdown across all stores — systems isolated

View incident → Original disclosure Indexed 11 months, 1 week ago

critical · government · Apr 25, 2025

Nova Scotia Power

375K current and 540K former customers — SINs, driver's licenses, account data exposed

View incident → Original disclosure Indexed 11 months, 2 weeks ago

high · retail · Apr 22, 2025

Marks & Spencer Cyber Incident

Cyberattack disrupted online ordering and contactless payments across UK stores

View incident → Original disclosure Indexed 11 months, 3 weeks ago

high · tech · Apr 22, 2025

Databricks Lakehouse Platform

380K enterprise data pipeline configurations exposed via compromised admin credentials

View incident → Original disclosure Indexed 11 months, 3 weeks ago

high · government · Apr 22, 2025

Service NSW (Australia)

540K citizen records exposed via compromised employee email accounts

View incident → Original disclosure Indexed 11 months, 3 weeks ago

critical · retail · Apr 22, 2025

Marks & Spencer (UK)

3.2M customer records exposed in DragonForce ransomware attack — loyalty and contact data

View incident → Original disclosure Indexed 11 months, 3 weeks ago

high · education · Apr 18, 2025

University of Alberta (Canada)

290K student and staff records exposed via compromised PeopleSoft HR system

View incident → Original disclosure Indexed 11 months, 3 weeks ago

critical · government · Apr 15, 2025

IRS Free File Program

340K taxpayer records exposed via vulnerability in online filing partner systems

View incident → Original disclosure Indexed 11 months, 4 weeks ago

high · education · Apr 14, 2025

Stanford Health (Systems Breach)

92K patient records from Stanford Health Care clinics exposed via ransomware attack

View incident → Original disclosure Indexed 11 months, 4 weeks ago

medium · retail · Apr 13, 2025

Samsung Germany Customer Tickets

216,333 records exposed — Email addresses, Names, Physical addresses, Purchases and 3 more

View incident → Original disclosure Indexed 11 months, 4 weeks ago

high · healthcare · Apr 12, 2025

Mount Sinai Health System (NYC)

320K patient records exposed via third-party billing vendor ransomware attack

View incident → Original disclosure Indexed 1 year ago

critical · finance · Apr 11, 2025

Latitude Financial (Australia)

7.9M driver license records and 53K passport numbers stolen from Australian fintech

View incident → Original disclosure Indexed 1 year ago