A data breach has exposed sensitive information from about 17.5 million Instagram accounts, including usernames, email addresses, phone numbers, and physical addresses. This information is being traded on the dark web, raising risks for identity theft and phishing attacks. Users are advised to enable two-factor authentication and change their passwords.

Princeton University experienced a data breach on November 10, affecting a database with personal information of alumni, donors, faculty, and students. While no sensitive financial data or passwords were compromised, the breach resulted from a phone phishing attack on an employee. The university is notifying those impacted and investigating the incident.

A data breach at Coupang exposed the personal information of 33.7 million customers, traced back to a former employee who retained access after leaving. The breach, discovered in November 2025, has prompted police investigations and led to the CEO's resignation. Phishing incidents have surged in South Korea as a result.

Harvard University reported a data breach affecting alumni, donors, and some students due to a voice phishing attack. Compromised data includes personal details like email addresses and home addresses, but financial information and passwords were not affected. The university warns that this information could be used for further phishing attempts.

French retailer Auchan has reported a data breach affecting several hundred thousand customers, compromising sensitive information linked to loyalty accounts, such as names, addresses, and contact details. The company has notified affected individuals and the French Data Protection Authority, advising them to be cautious of potential phishing attempts. However, bank data and passwords remain secure following the incident.

Coinbase experienced a significant data breach in 2025 that compromised the personal information of nearly 70,000 users due to unauthorized access by outsourced call center agents in India. The attackers leveraged social engineering tactics, leading to a rise in phishing attempts, while Coinbase faced estimated remediation costs between $180 million to $400 million and launched a bounty for information on the perpetrators. The incident has sparked discussions on the vulnerabilities associated with outsourcing sensitive customer data management.

Toys “R” Us Canada has notified customers of a data breach in which threat actors leaked personal customer information, including names, addresses, emails, and phone numbers, but not passwords or credit card details. The breach was discovered on July 30, 2025, when the data was posted on the dark web, prompting the company to enhance its cybersecurity measures and notify regulatory authorities. Customers are advised to be vigilant against phishing attempts following the breach.

A series of data breaches affecting companies such as Qantas, Allianz Life, LVMH, and Adidas has been attributed to the ShinyHunters extortion group, which uses voice phishing to compromise Salesforce CRM accounts. The attackers impersonate IT support to manipulate employees into entering connection codes that link malicious applications to Salesforce environments, leading to data theft and potential extortion attempts without public leaks so far. Salesforce has confirmed that their platform is not compromised, emphasizing the importance of customer vigilance against social engineering attacks.

A massive leak of 16 billion login credentials from various online services has been confirmed, marking one of the largest data breaches in history. Cybersecurity experts warn that these compromised credentials pose a significant risk for account takeovers and phishing attacks, emphasizing the importance of switching to secure passkeys and maintaining strong password hygiene. Users are urged to change passwords, utilize password managers, and adopt multi-factor authentication to protect their accounts.

Air France and KLM have reported a data breach resulting from unauthorized access to a third-party platform, compromising customer information such as names, contact details, and loyalty program numbers. The airlines have advised customers to be cautious of phishing attempts but confirmed that sensitive information like passwords and credit card details were not accessed.

Adidas has confirmed that hackers stole personal data from a third-party customer service provider, primarily affecting contact information of customers who interacted with their help desk. The company assures that sensitive information like passwords and payment details were not compromised, but warns customers to remain vigilant against potential phishing attempts due to the breach.