SaaS Breach Database

Stay up to date with the latest SaaS breaches from around the world, brought to you by the team of data security experts at Metomic

What’s a SaaS data breach?

With businesses around the world using SaaS apps like Slack, Google Drive and ChatGPT, to enhance collaboration and productivity, the risk of sensitive data being shared between teams is at an all-time high. A SaaS data breach involves one of these handy apps being compromised, and the data stored within it being leaked or stolen.

Although these apps may come with some security benefits, this doesn't always include the data layer specifically, putting customer and employee data at risk.

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form.

November 15, 2024

Featured

DemandScience Data Breach Exposes 122 Million Businesses

B2B data aggregator DemandScience confirmed the exposure of 122 million business records, initially denied as a breach.

November 14, 2024

Featured

Kaiser Permanente email breach

An email data breach at Kaiser Permanente in September 2024 exposed sensitive patient information, including medical details, in Southern California.

November 14, 2024

Featured

Amazon Employee Data Exposed in MOVEit Breach

Amazon confirmed employee contact data was leaked through a property management vendor’s MOVEit vulnerability, exposing over 5 million records.

October 31, 2024

Featured

IBM Employee Data Allegedly Leaked in Cyber Attack

The threat actor 888 claims to have breached IBM’s network, allegedly accessing and leaking personal information of 17,500 current and former employees on a public threat forum.

October 22, 2024

Featured

FBCS Data Breach Hits Comcast, Truist, CF Medical

A ransomware attack on debt collector FBCS exposed personal data of over 4.2 million customers, impacting Comcast, Truist Bank, and CF Medical in the US.

October 11, 2024

Featured

Fidelity Notifies 77,000 Customers of Data Breach

Fidelity Investments has notified over 77,000 customers that their personal information was compromised by a third-party actor during a two-day breach b

October 7, 2024

Featured

Rackspace Confirms Zero-Day Exploit

Intruders exploited a zero-day vulnerability in a third-party application linked to ScienceLogic, gaining limited access to internal monitoring data without impacting customer services.

October 3, 2024

Featured

Latin American Banking App Causes Data Breach

A misconfigured digital banking platform, Bankingly, leaked personal data of nearly 135,000 clients from seven financial institutions across Latin America.

September 24, 2024

Featured

Star Health Data Breach: Medical Records Sold Online

A data breach at Star Health exposed millions of customers' sensitive medical records, which are now being sold on Telegram and BreachForums.

September 20, 2024

Featured

DFA fears data breach at state passport printer

The DFA has expressed concern over potential data breaches at APO, the state-owned passport printer, possibly compromising the data of 28 million Philippine passport holders.

September 18, 2024

Featured

Capgemini Data Breach Exposes T-Mobile Logs

A hacker claims to have stolen 20GB of Capgemini data, including T-Mobile virtual machine logs, API keys, and sensitive staff information.

September 13, 2024

Featured

Fortinet Data Breach: Hackers Steal 440GB of Sensitive Data

Fortinet has confirmed a limited data breach following a hacker’s claim of stealing 440GB of sensitive data, though the company downplays the incident’s impact.

September 9, 2024

Featured

TfL Limits Data Feeds and Services After Cyber-Attack

Transport for London is managing the fallout from a cyber-attack by cutting live data feeds and limiting access to online services, though it assures that customer data has not been compromised.

September 6, 2024

Featured

Tracelo Data Breach Exposes 1.4 Million User Records

A hacker breached Tracelo's system, exposing the personal data of 1.4 million users, including names, emails, phone numbers, and location information, raising serious security and privacy concerns.

September 5, 2024

Featured

TfL Hit by Major Cyber-Attack

Transport for London is dealing with a significant cyber-attack, but there is no evidence that customer data has been compromised.

August 28, 2024

Featured

Microsoft

A Microsoft employee accidentally exposed 38 terabytes of private data while publishing a bucket of open-source AI training data on GitHub.

August 28, 2024

Featured

MOVEit hack

A hydra-headed breach centered on a single American software maker has compromised data at more than 600 organisations worldwide, according to cyber analyst tallies corroborated by Reuters.

August 28, 2024

Featured

Microsoft Outlook

A sophisticated Chinese cyber-espionage campaign targeting Microsoft Outlook accounts gave Beijing access to tens of thousands of private US government emails

August 28, 2024

Featured

MGM & Caesers (plus many more)

David Bradbury, chief security officer of the identity management company Okta, said five of the company's clients, including MGM and Caesars, had fallen victim to hacking groups known as ALPHV and Scattered Spider since August.

August 28, 2024

Featured

Equifax

Credit bureau company, Equifax, has been fined US$13.4 million by The Financial Conduct Authority (FCA), a UK financial watchdog, following its involvement in “one of the largest” data breaches ever.

August 28, 2024

Featured

City of Philadelphia Email Hack

The City of Philadelphia says personal, health, and financial information was stolen in a cyberattack on its email environment.

August 28, 2024

Featured

Okta Security Breach

Okta Security identified adversarial activity that used a stolen credential to gain access to the company’s support case management system.

August 28, 2024

Featured

23andMe Data Breach

Genetics testing company 23andMe sent emails to several customers to inform them of a breach into the "DNA Relatives" feature that allowed them to compare ancestry information with users worldwide.

August 28, 2024

Featured

US department of Health and Human Services launches investigation in Change Healthcare data breach

The US Health Department investigates a Change Healthcare breach and ransomware attack, as restoration efforts proceed amidst scrutiny over a £22 million ransom payment and HIPAA compliance investigation.

August 28, 2024

Featured

Fujitsu cyberattack triggers data theft concern amidst post office scandal

Fujitsu confirmed a cyberattack resulting in potential data theft, prompting internal investigation amidst scrutiny over its involvement in U.K. Post Office workers' wrongful convictions.

August 28, 2024

Featured

London Clinic delayed reporting on data breach

The ICO probes delayed reporting of a breach at the London Clinic regarding unauthorised access to Princess Catherine's medical records, potentially leading to enforcement and criminal action.

August 28, 2024

Featured

Report shows 61% of 2023 data breaches caused by malware

SpyCloud's 2024 report highlights that 61% of data breaches in 2023 were caused by infostealer malware, affecting over 343 million stolen credentials, significantly increasing cybercrime risks.

August 28, 2024

Featured

UK/China electoral Data Breach

The UK government accuses China state-affiliated actors of conducting malicious cyber activities targeting UK democratic institutions and individuals, including parliamentarians and the Electoral Commission, with breaches occurring in 2021 and 2022.

August 28, 2024

Featured

NHS Scotland Confirms Data Breach

NHS Scotland's Dumfries and Galloway health board confirms INC Ransom gang's cyberattack, revealing that patient data was compromised, prompting investigations and notifications to authorities and affected individuals.

August 28, 2024

Featured

AT&T Data Breach

AT&T confirms data leak of 73 million customers, including personal information, prompting outreach to affected users and offering credit monitoring services.

August 28, 2024

Featured

Acuity data breach

IntelBroker leaks allegedly stolen Five Eyes data from Acuity breach, containing sensitive government and military information, following similar attacks on entities like Los Angeles International Airport and General Electric.

August 28, 2024

Featured

US Congress Bans Staff From Using Microsoft Copilot

Congress bans staff use of Microsoft's AI Copilot over cybersecurity concerns, highlighting challenges in regulating AI technology internally and externally.

August 28, 2024

Featured

Home Depot Data Breach

Home Depot confirms employee data breach due to vendor error, posing phishing threat by IntelBroker, risking financial and reputational harm.

August 28, 2024

Featured

Microsoft Employee Details Leaked

A data breach at Microsoft exposed employees' credentials and internal files related to Bing on an unprotected Azure server, potentially allowing unauthorised access to sensitive information, despite being reported and resolved, raising concerns about security protocols.

August 28, 2024

Featured

French municipal services suffer cyberattacks

Multiple French municipalities face significant disruptions to public services due to a large-scale cyberattack on shared servers, emphasising the growing threat to public infrastructure and the need for enhanced cybersecurity measures globally.

August 28, 2024

Featured

Change Healthcare data breach extortion development

RansomHub threatens to publish healthcare data stolen from Change Healthcare unless a ransom is paid, alleging non-payment of a $22 million ransom from a previous attack by BlackCat ransomware.

August 28, 2024

Featured

Grindr Faces UK Lawsuit Over Alleged Data Breaches

Grindr, the LGBTQ dating app, faces a UK lawsuit alleging unauthorised sharing of users' sensitive information, including HIV status, with third parties, despite the app's denial of commercial use of health data.

August 28, 2024

Featured

UK Smartphone Maker Nothing Confirms 2022 Data Breach

UK smartphone maker Nothing confirms a 2022 data breach compromising 2,250 members' personal info, though payment details remain secure, while ongoing security enhancements are in progress.

August 28, 2024

Featured

Kaiser Health Insurance Breach

Kaiser Health Insurance has notified millions of a data breach after inadvertently sharing patients’ data with advertisers, including Google and Microsoft.

August 28, 2024

Featured

FBCS Data Breach Exposes Two Million Users

US-based collection agency, Financial Business and Consumer Solutions (FBCS), experienced a data breach, exposing the sensitive data of nearly two million individuals.

August 28, 2024

Featured

Dropbox eSign Tool Hit by Major Data Breach

Dropbox's eSign tool suffered a major data breach, compromising sensitive customer information including emails, usernames, phone numbers, hashed passwords, and multi-factor authentication details, prompting password resets and security measures.

August 28, 2024

Featured

HMRC 2023 Breaches Exposes 10K+ Data

HMRC reveals 2023 breaches exposed 10,000+ customers' data and widespread security gaps in government departments, with HMRC reporting 1015 lost devices.

August 28, 2024

Featured

Dell Issues Warning of Data Breach Impacting 49M Customers

Dell warns of data breach affecting 49 million customers, compromising names, addresses, and purchase details, prompting caution against potential targeted attacks.

August 28, 2024

Featured

Nissan North America Data Breach

A cyber attack on Nissan North America compromised personal data of 53,038 current and former employees, with names and Social Security Numbers leaked.

August 28, 2024

Featured

Patriot Mobile Data Breach

Conservative Cell Carrier Patriot Mobile, experienced a data breach compromising customer information, including names, email addresses, and ZIP codes.

August 28, 2024

Featured

Cencora Data Breach

Cencora cyberattack exposes sensitive data at nearly a dozen pharmaceutical firms, sparking identity theft worries.

August 28, 2024

Featured

BBC Data Breach

BBC faces data breach exposing the personal data of 25,000 staff including names, addresses, and National Insurance numbers, prompting an urgent investigation and precautionary measures.

August 28, 2024

Featured

Snowflake Data Breach Upgraded

The Snowflake data breach, involving stolen login details and linked to attacks on Ticketmaster and Santander, is escalating into one of the largest ever, with cybercriminals claiming to sell vast amounts of stolen data online.

August 28, 2024

Featured

SoftBank Data Breach Strains Japan-South Korea Ties

A data breach at Line Yahoo, a joint venture between Japan's SoftBank and South Korea's Naver, compromised personal information of 510,000 users, straining Japan-South Korea relations and prompting Japan to urge Naver to reduce its stake over security concerns.

August 28, 2024

Featured

Thailand Election Commission Probes Massive Data Breach

The Election Commission of Thailand is investigating a breach after district-level Senate voting, involving the leak of personal data from over 20,000 applicants, including sensitive details like ID card numbers.

August 28, 2024

Featured

Keytronic Confirms Data Breach by Black Basta

Hardware firm Keytronic confirmed a data breach by the Black Basta ransomware group, affecting personal information and operations, with the group leaking over 500GB of stolen data.

August 28, 2024

Featured

Hackers Claim Massive Data Theft from AMD

Hackers claim to have stolen and are selling extensive confidential data from AMD, including employee and customer information and future product details, prompting an investigation involving law enforcement and highlighting vulnerabilities in third-party hosting services.

August 28, 2024

Featured

Geisinger Alerts Patients to Data Breach

A former Nuance Communications employee accessed over a million Geisinger patients' personal information after termination, prompting Geisinger to notify affected individuals and collaborate with authorities on the investigation.

August 28, 2024

Featured

RockYou2024: Largest Ever Leak of 10 Billion Passwords

Nearly 10 billion passwords have been leaked online in the largest compilation ever, known as "RockYou2024," by a user named "ObamaCare," heightening the risk of credential stuffing attacks.

August 28, 2024

Featured

1.1 terabytes of Disney Slack Data Leaked in AI Art Protest

Hackers from the group NullBulge claim to have leaked 1.1 TB of Disney's internal Slack messages and files in protest against AI-generated art.

August 28, 2024

Featured

Acadian Ambulance Data Breach

The Daixin Team claims to have stolen and is threatening to release the personal and employee data of around 10 million individuals from Acadian Ambulance unless a $7 million ransom is paid, amid ongoing negotiations and efforts to secure the breach.

August 28, 2024

Featured

Leidos Data Breach Exposes Sensitive Defence Information

Hackers leaked internal documents from defence contractor Leidos, exposing sensitive information due to vulnerabilities in third-party data management.

August 28, 2024

Featured

National Public Data Breach

A data breach at National Public Data exposed the personal information of 2.9 billion people, including names, addresses, and Social Security Numbers, which were then put up for sale on the dark web.

August 28, 2024

Featured

HealthEquity Breach Exposes Data of 4.3 Million

A third-party breach at HealthEquity exposed the personal and health data of 4.3 million people.

August 28, 2024

Featured

Toyota Confirms Data Breach from Third-Party Leak

Toyota has confirmed that a third-party data breach exposed 240GB of customer and employee information, but the breach did not affect Toyota's own systems.

Minimise your attack surface in SaaS apps

Book a demo with one of our SaaS security specialists to see how Metomic can help your business