2025 Data Breaches — Year-to-Date Disclosure Tracker

Oracle Fusion Middleware Missing Authentication for Critical Function Vulnerability — Oracle Fusion Middleware contains a missing authentication for critical function vulnerability, allowing unauthenticated remote attack

View incident → Original disclosure Indexed 4 months, 3 weeks ago

high · tech · Nov 20, 2025

Beckett Collectibles

1,041,238 records exposed — Email addresses, Names, Phone numbers, Physical addresses and 1 more

View incident → Original disclosure Indexed 4 months, 3 weeks ago

medium · tech · Nov 20, 2025

International Kiteboarding Organization

340,349 records exposed — Email addresses, Geographic locations, Names, Usernames

View incident → Original disclosure Indexed 4 months, 3 weeks ago

medium · retail · Nov 20, 2025

Eurofiber

10,003 records exposed — Email addresses, Names, Phone numbers

View incident → Original disclosure Indexed 4 months, 3 weeks ago

medium · retail · Nov 20, 2025

Vultr

187,872 records exposed — Email addresses, Geographic locations, IP addresses, Names

View incident → Original disclosure Indexed 4 months, 3 weeks ago

high · tech · Nov 19, 2025

Google Chromium V8

Google Chromium V8 Type Confusion Vulnerability — Google Chromium V8 contains a type confusion vulnerability that allows for heap corruption.

View incident → Original disclosure Indexed 4 months, 3 weeks ago

high · education · Nov 18, 2025

Kaplan Education

230K+ people affected — SSNs and driver's license numbers stolen from test prep provider

View incident → Original disclosure Indexed 4 months, 3 weeks ago

critical · retail · Nov 18, 2025

Walmart (eCommerce)

3.5M marketplace seller records exposed via compromised Walmart Connect advertising platform

View incident → Original disclosure Indexed 4 months, 3 weeks ago

high · tech · Nov 18, 2025

Fortinet FortiWeb

Fortinet FortiWeb OS Command Injection Vulnerability — Fortinet FortiWeb contains an OS command Injection vulnerability that may allow an authenticated attacker to execute unauthorized code on the underlying system via c

View incident → Original disclosure Indexed 4 months, 3 weeks ago

high · tech · Nov 18, 2025

Datadog Monitoring Platform

240K customer APM configurations exposed via compromised CI/CD signing key

View incident → Original disclosure Indexed 4 months, 3 weeks ago

high · healthcare · Nov 15, 2025

Denver Health

480K patient records stolen in targeted attack

View incident → Original disclosure Indexed 4 months, 3 weeks ago