Data Breach Roundup (Jan 9 – Jan 15, 2026)

Welcome to Data Breach Roundups, our new weekly series where we highlight notable data breaches we encounter. They're more common than you might think! If you want this weekly digest delivered to your inbox in the future, edit your newsletter settings to subscribe to the new 'Data Breach Roundups' mailing list.

Edit Newsletter Subscriptions

BreachForums hacking forum database leaked, exposing 324,000 accounts

From the "highly ironic" department, this breach contains display names, registration dates, IP addresses, and other internal information. Only about 70,000 of the records appear to have useful information (specifically non-local IP addresses). It also appears to include the administrator's private key.

Spanish energy giant Endesa discloses data breach affecting customers

"Endesa is the largest electric utility company in Spain that distributes gas and electricity to more than 10 million customers in Spain and Portugal. In total, the company says it has about 22 million clients." Data impacted includes "basic identification details," contact information, national identity numbers (DNI), contract details, and payment details, including IBANs. The threat actors are already claiming to have 20 million records - about 1 TB - for sale.

Fintech firm Betterment confirms data breach after hackers send fake crypto scam notification to users

Betterment is an "automated investment platform." Attackers have been abusing the push notification system to try to scam users, promising to "triple the value of their crypto by sending $10,000 to a wallet controlled by the attacker." They also compromised names, email & mailing address, phone numbers, and dates of birth. The especially disappointing part:

Betterment’s security incident web page contains a hidden “noindex” tag in its source code, which tells search engines to ignore the page, making it more difficult for anyone searching the web to discover information about the data breach.

Be sure to help spread the word since Betterment is doing everything they can to hide it. Very hostile behavior toward users.

Fintech firm Betterment confirms data breach after hackers send fake crypto scam notification to users | TechCrunch

Hackers gained access to some Betterment customers’ personal information through a social engineering attack, then targeted some of them with a crypto-related phishing message.

TechCrunchLorenzo Franceschi-Bicchierai

University of Hawaii Cancer Center hit by ransomware attack

The attack occurred in August 2025, stealing data of study participants as far back as the 1990s. The impact appears limited to a single study and mostly research data, except Social Security Numbers of participants. (The university has switched to different ID methods.) The university paid the ransom and will alert impacted individuals once the investigation is complete.

Central Maine Healthcare breach exposed data of over 145,000 people

CMH has over 400,00 patients and manages some regionally-significant locations like Central Maine Medical Center (CMMC), Bridgton Hospital, and Rumford Hospital. The breach took place between March and June 2025 and exposed full names, dates of birth, treatment information, dates of service, provider names, health insurance information, and social security numbers.

Monroe University says 2024 data breach affects 320,000 people

Data impacted includes name, date of birth, Social Security number, driver's license number, passport number, government identification number, medical information, health insurance information, electronic account or email username and password, financial account information, and/or student data. The school finished their investigation in September. It's unclear why it took so long or why it took even longer to notify people.

Victorian Department of Education says hackers stole students’ data

Exposed data includes names, school names, year levels, school-issued email addresses, and encrypted passwords. Number of impacted students was not disclosed. Dates of birth, home address, and phone numbers were not exposed.

US cargo tech company publicly exposed its shipping systems and customer data to the web

In a now-published blog post, Zveare said he submitted details of the five flaws in Bluspark’s platform to the Maritime Hacking Village, a nonprofit that works to secure maritime space and helps researchers to notify companies working in the maritime industry of active security flaws.

Weeks later, and following multiple emails, voicemails, and LinkedIn messages, the company had not responded to Zveare. All the while, the flaws could still be exploited by anyone on the internet.

On the third time TechCrunch emailed Bluspark’s CEO, we included a partial copy of his password to demonstrate the seriousness of the security lapse. A couple of hours later, TechCrunch received a response — from a law firm representing Bluspark.

🤦‍♂️

Long story short, a horribly-configured API allowed for phishing emails, plaintext password extraction, and more. Baffling that a company could build such a complex portal and invest basically nothing into security.