Welcome to DBD. Cybercrime made global headlines in 2025. Attacks on well-known brands and organizations have raised public awareness of the severity, frequency and impact of cyber attacks. Ransomware attacks are at their highest ever recorded, and 2026 has the potential to be even worse, as cyber criminals continue to extort their victims, with little chance of being brought to justice. On a lighter note, I'd like to take this opportunity to wish you all a very Merry Christmas and all the best for the New Year. Thanks again for all your support. Stay safe. :)
Dentons Senior Analyst, Washington D.C.
Welcome to this week's Data Breaches Digest, a catalogue of links concerning Data Breaches and Cyber Security that were published on the Internet during the period between 29th December 2025 and 4th January 2026.29th December
1.6 Million+ Salvation Army transactions exposed, hackers claim
2.3 Million WIRED users exposed, hacker threatens release of 40 Million more records
22 Million Affected by Aflac Data Breach
27 Malicious npm Packages Used as Phishing Infrastructure to Steal Login Credentials
27 Malicious npm Packages Used in Phishing Attacks on Healthcare, Industrial Sectors
Accused Coupang Data Thief Threw Laptop into the River, Founder Apologizes for Recent Data Breach
After Asiana, Even Korean Air... Employee Names and Account Numbers Exposed
After robbing Amazon of Korea, the attacker threw his MacBook into the river
AI-Powered Phishing Kit Targets Microsoft Users for Credential Theft
As tax filing approaches, hackers target US taxpayers
Automation forces a reset in security strategy
Binance-backed Trust Wallet hit by $7 Million hack, experts warn users
Browser-in-the-Browser Phishing Attack: How to Protect Yourself
Christmas gift: method to exploit MongoBleed vulnerability leaking MongoDB secrets showcased on web
Chrysler allegedly compromised by Everest ransomware gang
CISOs are managing risk in survival mode
Coinbase Breach Fallout: Former Support Agent Arrested in India
Coinbase Data Breach Fallout Reaches India as Insider Arrested
Coinbase’s $400 Million Nightmare: Insider Arrested Following Massive Data Breach
Coupang Allocates €850 Million in Vouchers for Data Breach Victims
Coupang data breach triggers $1.1 Billion compensation and political scrutiny
Coupang offers US$1 billion compensation for data breach victims
Coupang offers 50,000 won voucher but effectively gives customers 10,000 won
Coupang offers 50,000 won vouchers to 33.7 million customers after data breach
Coupang offers compensation to 33.7 million users over data breach
Coupang recovers smashed laptop that alleged data leaker threw into river
Coupang to Issue $1.17 Billion in Vouchers Over Data Breach
Coupang to Pay $1.1 Billion in Compensation to Users After Data Breach
Coupang unveils $1.17 billion compensation plan over data breach
Coupang Unveils Nearly 1.69 Trillion Won Compensation Plan Over Data Breach
Coupang’s W1.7 trillion payout plan fails to quell public anger
Coupang's Billion-Dollar Response to Data Breach
Coupang's compensation plan derided as 'bait'
Critical 0day flaw Exposes 70k XSpeeder Devices as Vendor Ignores Alert
Critical ‘MongoBleed’ Flaw Exploited in the Wild to Leak Database Secrets
Cyber attacks: 2025 the ‘tipping point’ as Jaguar Land Rover (JLR) and Marks & Spencer (M&S) incidents highlight risks
Data Breach Affects Patients of Multiple Fyzical Therapy & Balance Centers
Data breach at Korean Air leaks 30,000 employee records
Data theft alert: insurer Aflac notifying millions of clients
Dataset containing data from Wired circulating on hacker forums
Dozens of Chrome Extensions Hacked, Exposing Millions of Users to Data Theft
EazyTick Data Breach Exposes Over 20,000 User Records
Elford, Inc. Construction Data Breach: Project Files Leaked Online
Ericher Data Breach: Customs and Logistics Firm Sensitive Data Exposed
Farfetch owner Coupang announces compensation payout after data breach hits nearly 34 Million customers
Farfetch owner offers $1 billion in vouchers for those affected by data breach
Five Key Flaws Exploited in 2025's Major Software Supply Chain Incidents
Former Coinbase support agent arrested for helping hackers
Former Coinbase support agent arrested in India over major data breach as legal and security pressures mount
Fortinet warns of 5-year-old FortiOS 2FA bypass still exploited in attacks
French software company fined $2 million for cyber failings leading to data breach
From the Boardroom to the SOC: Why Some Organizations Recover Quickly from Ransomware While Others Stall
Guernsey data breach ruling upheld over legal papers left outside
Hacker arrested for KMSAuto malware campaign with 2.8 million downloads
Hacker Claims Theft of 40 Million Condé Nast Records After Wired Data Leak
Hacker Dumped MacBook in River in Attempt to Destroy Digital Evidence
Hacker Threw MacBook in River to Erase Evidence in Coupang Data Breach
HoneyMyte APT Campaign Uses Kernel-Mode Rootkit to Deploy ToneShell
How to Spot the Most Common Crypto Phishing Scams
Income Tax Phishing Campaigns Linked to Silver Fox Hackers Target Indian Organizations
Indian train driver loses $29,000 in “digital arrest” scam
IoT Device Vulnerabilities in Smart Pet Feeders: Petlibro Exposes Pet, User and Employee Details
Kaspersky detected a fivefold surge in QR code phishing attacks in the second half of 2025
Korean Air data breach exposes data of thousands of employees
Korean Air discloses data breach after the hack of its catering and duty-free supplier
Korean Air employee data breach exposes 30,000 records after cyberattack
Korean Air employees' personal info leaked after supplier hit by hacking attack
Kumpulan Prasarana Rakyat Johor (KPRJ) Data Breach: 180GB Leaked
LLMs are automating the human part of romance scams
Mens Den Men Data Breach Exposes User Database and Emails
MongoDB Flaw Allows Unauthenticated Memory Access, Immediate Patching Required
MongoDB Vulnerability CVE-2025-14847 Under Active Exploitation Worldwide
New AI-Assisted Phishing Kit Targets Microsoft Users to Steal Login Credentials
New ransomware methods emerge: ClickFix & group alliances
New York Attorney General Fines Capital Region Orthopedic Practice $500K for 2023 Data Breach
Over 22 million were impacted by data breach in June, Aflac says
Phishing scam targets India’s drivers in large-scale e-Challan cyberattack
Rainbow Six Siege Betrayal: Five Hacker Groups and Bribed Ubisoft Staff Spark $339 Trillion Crisis
Rainbow Six Siege players given billions of credits in Ubisoft hack
Ransomware group claims to steal 650GB of Inha University data
Romanian energy provider hit by Gentlemen ransomware attack
Shai-Hulud Returns with ‘Golden Path’ Malware in Latest NPM Supply Chain Attack
Silver Fox Hackers Target Indian Entities Using Income Tax Phishing Lures
SIM Box Scam: A Hidden Phishing Network Powered by Thousands of SIM Cards
Singapore: At least $622,000 lost to phishing scams since November
South Korea’s e-commerce platform Coupang to pay over $1.1B to customers over user data breach
The biggest corporate security blunders of 2025
The Evolution of Ransomware Entry Points: Why the Perimeter Isn’t the Perimeter Anymore
Top 10 Cyber Law Enforcement Operations of 2025
Top Ransomware Attacks of 2025: Major incidents, impacts & rising Cyber Threats Globally
Traditional Security Frameworks Leave Organizations Exposed to AI-Specific Attack Vectors
Trust Wallet says 2,596 wallets drained in $7 million crypto theft attack
Two more banks notifying thousands of victims about Marquis Software ransomware attack
Ubisoft Shuts Down Rainbow Six Siege After MongoDB Exploit Hits Players
Ubisoft Takes Down Rainbow Six Siege After a Hacker Plays Santa and Gives Away Billions of In-Game Currency and Items
Why Peak Shopping Seasons Are Now Peak Cyber Risk Periods
‘Why should we pay these criminals?’: the hidden world of ransomware negotiations
You’ve been targeted by government spyware. Now what?
Welcome to last week's ROC Report, an exclusive summary of Ransomware Operator's global victims that were claimed during the period between 15th December and 21st December 2025, kindly assisted by our partners.
