Here’s your weekly #databreach news roundup:
Samsung, WooCommerce, WK Kellogg Boulanger, German Doner Kebab, Laboratory Services Cooperative, and Western Sydney University.
Samsung Germany
@XposedOrNot += Samsung Germany Data Breach
— XposedOrNot (@XposedOrNot) April 13, 2025
The Samsung Germany #databreach in March 2025 occurred via a compromise of their logistics provider, Spectos, reportedly caused by malware on an employee’s device, exposing 218K unique email addresses, names, and physical addresses. pic.twitter.com/j3547ujNfm
Read more at : https://xposedornot.com/xposed
Laboratory Services Cooperative (LSC)
Seattle-based nonprofit LSC was hacked, exposing sensitive info of 1.6M people, incl. lab, billing & personal data, mainly from Planned Parenthood testing. #databreachhttps://t.co/OtoaKaeW6t
— DevaOnBreaches (@DevaOnBreaches) April 13, 2025
Laboratory Services Cooperative (LSC), a nonprofit providing lab services to reproductive health organizations, has announced a data breach that affected about 1.6 million people. Hackers accessed personal information, including names, Social Security numbers, medical details, and financial data, from LSC’s network in October 2024. The breach mainly impacted individuals who had lab tests through Planned Parenthood centers using LSC. The organization has engaged cybersecurity experts and law enforcement, and is offering free credit and medical identity protection services to those affected.
Western Sydney University
Western Sydney University (WSU) faces multiple data breaches: one from a compromised SSO system affecting 10,000 students, another leak of personal info on the dark web, and a 2023 breach exposing 7,500 individuals' data. #databreachhttps://t.co/NNIIIiTOUl
— DevaOnBreaches (@DevaOnBreaches) April 12, 2025
Western Sydney University (WSU) has reported two recent security incidents that exposed personal information of its students and staff. The first incident, which occurred between January and February 2025, involved a breach of its single sign-on (SSO) system, affecting around 10,000 current and former students. The second incident, discovered in March 2025, revealed that hackers leaked personal information on the dark web in November 2024. WSU had a previous breach in May 2023, where hackers accessed Microsoft Office 365 accounts, affecting 7,500 individuals and exposing sensitive data. The university is investigating the incidents and apologizing to its community, while working to improve its security measures.
Boulanger
@XposedOrNot += Boulanger Data Breach
— XposedOrNot (@XposedOrNot) April 10, 2025
The Boulanger #databreach in September 2024 exposed over 27 million rows of data from the French electronics retailer. The breach included more than 2M email addresses, names, physical addresses, phone numbers, and geographic coordinates pic.twitter.com/EBiJtYT4eJ
Read more at : https://xposedornot.com/xposed#Boulanger
Qraved
@XposedOrNot += Qraved Data Breach
— XposedOrNot (@XposedOrNot) April 10, 2025
The Qraved #databreach in July 2021 impacted the Indonesian restaurant website and exposed nearly 1M unique email addresses. The compromised data included names, phone numbers, dates of birth, and passwords stored as MD5 hashes. pic.twitter.com/D9Urkr5Ey0
Read more at : https://xposedornot.com/xposed#Qraved
German Doner Kebab
@XposedOrNot += German Doner Kebab Data Breach
— XposedOrNot (@XposedOrNot) April 10, 2025
The German Doner Kebab #databreach in March 2025 exposed data published on a popular hacking forum, including 162K unique email addresses, names, phone numbers, and physical addresses. pic.twitter.com/kgYBvVEi8V
Read more at : https://xposedornot.com/xposed#GermanDonerKebab
WooCommerce
Hacker claims to have breached WooCommerce, selling 4.4M user records, including data from orgs like NVIDIA, NIST, and TexasGov. Data includes emails, phone numbers, and business info from websites using WooCommerce and third-party tools. #databreachhttps://t.co/ypRLblL60w
— DevaOnBreaches (@DevaOnBreaches) April 9, 2025
A hacker has claimed responsibility for a data breach involving WooCommerce, which affects over 4.4 million records, including personal and business data from major organizations like NVIDIA, Texas.gov, and NIST. The breach, reportedly occurring on April 6, 2025, is said to involve data from third-party systems tied to WooCommerce websites, rather than WooCommerce itself. The exposed data includes emails, phone numbers, company details, and metadata on corporate websites. The hacker is selling the data, which contains valuable information for phishing and social engineering. WooCommerce’s parent company, Automattic, has denied a direct breach but is investigating the incident, suggesting the data may have been gathered from a third-party service.
WK Kellogg
WK Kellogg Co. confirms #databreach after the 2024 Cleo data theft attack, linked to the Clop ransomware gang. Personal data, including names & SSNs, was stolen via Cleo's software.https://t.co/BjMat8LQ3E
— DevaOnBreaches (@DevaOnBreaches) April 8, 2025
WK Kellogg Co has announced that company data was stolen during the 2024 Cleo data theft attacks, which targeted a managed file transfer tool used by the company. The breach, which occurred on December 7, 2024, was linked to two zero-day vulnerabilities in Cleo’s software exploited by the Clop ransomware gang. The stolen data includes sensitive information like names and Social Security numbers. Kellogg became aware of the breach in February 2025 and is offering impacted individuals free identity monitoring and fraud protection services. This breach is part of a larger wave of attacks involving Cleo’s software, which has affected several companies, including Western Alliance Bank.
