Here’s your weekly #databreach news roundup:
Brightspeed, Ledger, Sedgwick, Gulshan Management Services(Handi), ownCloud, llinois Department of Human Services (IDHS), and BreachForums2025.
Brightspeed
Brightspeed, a major U.S. fiber internet company serving rural and suburban areas in 20 states, is investigating claims that it was hacked by the Crimson Collective cybercrime group. The hackers say they stole sensitive personal data from over one million customers, including names, addresses, emails, phone numbers, account details, and some payment information, and are threatening to release samples if the company does not respond. Brightspeed has confirmed it is looking into a possible cybersecurity incident and says it will update customers and authorities as it learns more. The Crimson Collective is known for other large data breaches, including attacks linked to Red Hat, Nissan, and cloud systems like AWS.
Ledger
Ledger confirmed that a data breach at its e-commerce partner, Global-e, exposed some customer information that is now being used in phishing attacks. The leaked data did not include passwords, payment details, or crypto recovery phrases, but it did include names, contact details, and order history, which criminals are using to send realistic fake emails and messages pretending to be Ledger or Global-e. These phishing attempts try to trick users into sharing wallet recovery phrases or scanning malicious codes. Ledger warned customers that it will never ask for recovery phrases, send unsolicited devices, or request code scans, and advised users to be cautious with emails and texts related to their orders while the investigation continues.
Sedgwick
Sedgwick, a global claims and risk management company, confirmed that its federal contractor subsidiary, Sedgwick Government Solutions, was hit by a security breach. The company said the incident was limited to an isolated system at the subsidiary and did not affect Sedgwick’s main network or disrupt services for government clients, which include agencies like DHS, CISA, and USCIS. Sedgwick has notified law enforcement and hired outside cybersecurity experts to investigate. Although Sedgwick did not name the attackers, the TridentLocker ransomware group claims responsibility and says it stole and leaked a small amount of data.
Gulshan Management Services(Handi)
Gulshan Management Services, a Texas-based company that operates about 150 gas stations and convenience stores across the U.S., confirmed a major data breach affecting more than 377,000 people. Hackers accessed an external system in September 2025 and may have stolen sensitive information such as names, addresses, Social Security numbers, driver’s license or government ID details, and financial data. The breach was not reported to affected individuals until January 2026, months after it was discovered, which has led to lawsuits and investigations. Customers who received notices are advised to closely monitor their bank accounts, watch for suspicious messages, and be alert to possible identity theft or phishing scams.
Read more at : https://hackread.com/data-breach-us-gas-stations-company/
ownCloud
ownCloud has warned users to turn on multi-factor authentication (MFA) after attackers used stolen login credentials to access file-sharing accounts and steal data. The company said its platform itself was not hacked; instead, criminals got usernames and passwords from employee devices infected with malware and then logged into ownCloud accounts that did not have MFA enabled. To reduce risk, ownCloud is urging users to enable MFA, reset passwords, log out all active sessions, and review login activity for anything suspicious. The warning follows reports that stolen credentials have been used to access file-sharing systems at many organizations, including large companies and public-sector agencies.
llinois Department of Human Services (IDHS)
The Illinois Department of Human Services accidentally exposed personal and health-related data of nearly 700,000 residents because internal maps were left publicly accessible due to incorrect privacy settings. The exposed information included addresses, case numbers, demographic details, and program information for Medicaid and rehabilitation services clients, with some records also containing names. The data was available online for several years before being discovered in September 2025, though the agency says it has no evidence the information was misused. IDHS has since locked down access, fixed its controls, reported the incident to regulators, and is notifying affected individuals.
BreachForums2025
BreachForums data breach occurred in the months leading up to the forum’s October 2025 takedown by an international law enforcement coalition, exposing data from the platform itself. The breach leaked a total of 324K unique email addresses across multiple database tables, including forum posts and private messages.
Read more at : https://xposedornot.com/breach#BreachForums2025
