Data Breach Roundup (Jan 2 – Jan 8, 2026)

Welcome to Data Breach Roundups, our new weekly series where we highlight notable data breaches we encounter. They're more common than you might think! If you want this weekly digest delivered to your inbox in the future, edit your newsletter settings to subscribe to the new 'Data Breach Roundups' mailing list.

Edit Newsletter Subscriptions

Cryptocurrency theft attacks traced to 2022 LastPass breach

You may or may not remember LastPass' 2022 data breach that was poorly handled from start to finish. It was caused by an employee's Plex server being compromised, which then pivoted to the employee's work device at home, and ultimately resulted in the leak of vaults that were poorly encrypted (or some fields were curiously never encrypted). The most notably impact of this breach has been a continual stream of cryptocurrency thefts that can be linked directly to the breach as vaults continue to be decrypted. Remember to be mindful about where you store your seed phrases and private keys.

Covenant Health says May data breach impacted nearly 478,000 patients

Covenant is a healthcare provider based out of Massachusetts providing a number of services across New England. This data breach was disclosed last year, but the number of victims has been updated.

Ledger customers impacted by third-party Global-e data breach

Ledger - producer of hardware crypto wallets and data breaches - has exposed customer data after their third-party payment processor Global-e was hacked. The article was sparse on details but a screenshot suggests at least name and contact information were compromised. Financial information such as seed phrases was not. The article briefly notes that the attackers were able to gain access to "several other brands" and notes that Global-e also works with brains like Netflix, Disney, adidas, and several luxury brands so expect to see those names pop up again soon.

Hacktivist deletes white supremacist websites live onstage during hacker conference

Apparently a hacker, during a presentation at the Chaos Communication Congress, deleted WhiteDate, WhiteChild, and WhiteDeal. Prior to that, this person scraped the personal data from WhiteDate and published it online. This included names, location, and other user-disclosed data such as pictures, age, gender, and more. The attacker says there are no emails, passwords, or DMs "for now."

US broadband provider Brightspeed investigates breach claims

Brightspeed is "one of the largest fiber broadband companies in the United States." Attackers claim to have stolen the data of over 1 million customers, including "personally identifiable information (PII), address information, user account information linked to session/user IDs (including names, emails, and phone numbers), payment history, some payment card information, and appointment/order records containing customer PII."

ownCloud urges users to enable MFA after credential theft reports

The reports come from an Israeli cybersecurity company called Hudson Rock who claims that "multiple organizations had their self-hosted file sharing platforms (including some ownCloud Community Edition instances) breached in credential theft attacks." ownCloud stressed that the platform itself was not breached or impacted by a vulnerability, but that this was the result of infostealers.

Illinois health department exposed over 700,000 residents’ personal data for years

The breach goes as far back as April 2021 and was discovered and fixed in September 2025. It impact individuals on the Medicaid and Medicare Savings Program and included address, case numbers, and "demographic data" but not names. It also impacted some individuals from the Division of Rehabilitation Services. The IDHS can't determine if anyone viewed the data or not.