Here’s your weekly #databreach news roundup:
Legends International, Conduent, Hertz, Oregon Department of Environmental Quality (DEQ), and Lemonade.
Legends International
Legends International, an entertainment venue management firm, reveals a #databreach in November 2024 impacting employees and visitors. Personal data was exfiltrated, but specifics remain unclear.https://t.co/UVFa9Y9SG2
— DevaOnBreaches (@DevaOnBreaches) April 18, 2025
Legends International, a major global sports and entertainment venue management firm, disclosed a data breach that occurred in November 2024, potentially impacting employees and venue visitors. Detected on November 9, the breach involved unauthorized access to its IT systems and the exfiltration of personal data, though the exact data types remain unspecified. The company, which manages over 350 venues worldwid including SoFi Stadium, Camp Nou, and OVO Arena Wemble has not revealed the scope of the breach but acknowledged the seriousness due to its scale. Legends has offered affected individuals 24 months of identity theft protection and stated there’s no current evidence of misuse. The perpetrators and method of attack remain unknown.
Oregon Department of Environmental Quality (DEQ)
Oregon’s DEQ confirms a cyberattack but denies any #databreach. Rhysida ransomware group claims responsibility, alleging 2.5TB of stolen data and demanding $2.5M, though evidence remains scarce. DEQ says no data was exfiltrated.https://t.co/1CcpwyMiYf
— DevaOnBreaches (@DevaOnBreaches) April 18, 2025
The Oregon Department of Environmental Quality (DEQ) recently experienced a cyberattack that forced parts of its systems offline, including email, help desk services, and some vehicle inspection stations. While the agency has launched an investigation, it says there’s no evidence that any data was stolen. On the other hand, the Rhysida ransomware group is claiming responsibility and insists they’ve taken over 2.5 terabytes of sensitive data, including SQL files and employee records. They’re demanding a $2.5 million ransom and took a jab at the agency by suggesting DEQ has no idea how much data was actually taken. However
Lemonade
Lemonade reveals a 17-month #databreach exposed 19,513 driver's license numbers, affecting users in Texas and South Carolina. Vulnerability in the car insurance app has been fixed, but no evidence of misuse has been found.https://t.co/RM0oIpz4kU
— DevaOnBreaches (@DevaOnBreaches) April 16, 2025
Lemonade, the insurance company known for its tech-forward approach, has revealed a data breach that left thousands of driver’s license numbers exposed for over a year. The issue stemmed from a vulnerability in its online car insurance application process, which went unnoticed from around April to September 2024. Lemonade discovered the problem in March 2025 and began notifying affected individuals—over 17,000 in Texas and nearly 2,000 in South Carolina. While the company hasn’t confirmed whether other personal info like names or addresses was also compromised, it’s clear the exposure could be useful to fraudsters. Lemonade has fixed the flaw but hasn’t explained how it was discovered or whether the data was actually misused. As a precaution, the company is urging affected customers to monitor their financial accounts and credit reports, and it’s offering temporary identity protection. This incident adds to Lemonade’s rocky track record with data privacy, following past issues involving account visibility and biometric data use.
Conduent
Conduent, a major business services and government contractor, reveals client data was stolen in a January 2025 cyberattack. The investigation is ongoing. #databreach https://t.co/O1Dox83hGj
— DevaOnBreaches (@DevaOnBreaches) April 15, 2025
Conduent, a major U.S. business services provider and government contractor, has confirmed that client data was stolen in a cyberattack that occurred back in January 2025. The breach affected operations for some of its government and commercial customers, and now, in a recent SEC filing, the company revealed that personal information tied to clients’ end-users was among the data exfiltrated. While the exact impact is still being assessed with the help of cybersecurity experts, Conduent says affected clients are being notified as required by law. So far, there’s no sign the stolen data has surfaced online or been shared publicly. Although the attack didn’t disrupt core operations, the company did take a financial hit in the first quarter. This marks the second major breach for Conduent in recent years, the last being in 2020 at the hands of the Maze ransomware gang.
Hertz
Hertz confirms a #databreach via Cleo software hacks, exposing customer info like names, IDs, and credit cards. Clop ransomware gang claims responsibility.https://t.co/EnLkktNGgQ
— DevaOnBreaches (@DevaOnBreaches) April 15, 2025
Hertz Corporation has confirmed a data breach tied to the Cleo zero-day attacks, affecting customer data from its Hertz, Thrifty, and Dollar brands. The company discovered the breach on February 10, 2025, tracing it back to vulnerabilities in Cleo’s platform exploited in October and December 2024. The stolen data varies by individual but may include names, contact details, birth dates, credit card and driver’s license info, and, in some cases, sensitive records like Social Security numbers and injury-related claims. Hertz hasn’t said how many people were affected overall, but at least 3,400 customers in Maine are being notified. The Clop ransomware group has already leaked some of the stolen data, although Hertz says there’s no evidence it’s been misused so far. Impacted customers are being offered two years of free identity monitoring as a precaution.
