A newly filed putative class action in the Western District of Texas targets Bumble, Inc., over an alleged “massive and preventable” cyberattack in or around January 2026, in which attackers allegedly accessed highly sensitive user data stored in Bumble’s systems. The complaint alleges the compromised information included names, dates of birth, addresses, telephone numbers, Social Security numbers
Social Security numbers
Privacy Tip #481 – Threat Actors Continue to Use Data from Old Breaches
By Linn Foster Freedman on
Posted in Privacy Tips
Researchers at UpGuard have discovered a misconfigured cloud database online while conducting routine internet scanning that contains billions of records, including 2.7 billion Social Security numbers (SSNs) and 3 billion plaintext email addresses and password combinations. The fairly easy-to-find data was accessed without authentication.
After reporting the access to the FBI’s Internet Crime Complaint Center…
Why Dumping Sensitive Data on Network Shares is a Liability
By Kathryn Rattigan & Jim Merrifield on
Posted in Information Governance
Are you storing sensitive data on a shared network drive? If so, your organization could be at serious risk of a data breach or privacy lawsuit. Shared drives, like the common “S:\ drive,” are often used to store documents, spreadsheets, customer information, financial records, and even scanned IDs. But here’s the problem: these network shares…
Insight Into DOGE’s Access to HHS’ Systems
By Linn Foster Freedman on
Posted in Cybersecurity
Becker’s Hospital Review reports that the Department of Government Efficiency (DOGE) “has access to sensitive information in 19 HHS databases and systems,” according to a court filing obtained by Wired. HHS provided the information during the discovery process in the lawsuit filed by the American Federation of Labor and Congress of Industrial Organizations against…
Ascension Health Notifying 5.6 Million of Data Breach
By Linn Foster Freedman on
Posted in Data Privacy
We previously reported that Ascension Health detected a cyber-attack on May 8, 2024, that affected clinical operations in Ascension facilities in six states.
On December 20, 2024, Ascension notified the Maine Attorney General in a regulatory filing that the attack compromised the personal information of 5.6 million individuals. According to Ascension, the incident occurred on…
Rhysida Hits American Addiction Centers + Publishes 2.8TB of Data
By Linn Foster Freedman on
Posted in Data Privacy
American Addiction Centers (AAC) has notified 422,424 individuals that their personal information was stolen in a cyber-attack attributed to the Rhysida criminal organization. The incident was discovered on September 26, 2024, and the notification letter to affected individuals confirmed that the information exfiltrated included names, Social Security numbers, and health insurance information. AAC is offering…
Hacker Hits Toyota Industries N.A.
By Linn Foster Freedman on
Posted in Data Breach
Toyota Industries North America (TINA) has discovered that a hacker was able to access its corporate email system, compromising the personal and protected health information of approximately 19,000 individuals, apparently most of whom were employees.
The data that was potentially compromised included health insurance information, names, addresses, dates of birth, financial information, Social Security numbers,…