Here’s your weekly #databreach news roundup:
AIPAC, Under Armour, Protei, Eurofiber France, Princeton University, Samsung Medison, Pajemploi, Gainsight, and FS Italiane Group.
AIPAC
AIPAC (American Israel Public Affairs Committee) announces a #databreach from an external system, exposing personal info of 810 individuals between Oct 2024-Feb 2025.https://t.co/E6OivuEkjv
— DevaOnBreaches (@DevaOnBreaches) November 18, 2025
AIPAC reported that a cyberattack on an outside company led to unauthorized access to its systems, exposing files between October 2024 and February 2025. The breach was discovered in August 2025 and affected 810 people, whose names and other personal information may have been taken. So far, there is no sign that the stolen data has been misused or shared online. AIPAC began notifying affected individuals in November 2025 and is offering a year of free identity protection through IDX. The organization says it has since added stronger security measures. AIPAC is a U.S. political group that works to influence government policy related to Israel.
Read more at : https://hackread.com/aipac-data-breach-hundreds-affected/
Under Armour
Under Armour is the latest victim of a #databreach, allegedly by Everest ransomware gang.
— DevaOnBreaches (@DevaOnBreaches) November 18, 2025
Hackers claim to have stolen 343 GB of internal data, including sensitive customer info like shopping histories, product details, & personal identifiers.https://t.co/vs01ynhnOS
The Everest ransomware gang claims it hacked Under Armour and stole 343 GB of internal company data, employee records, and personal information belonging to millions of customers worldwide. The group posted sample data on its dark-web site that includes emails, phone numbers, shopping history, product details, tracking records, and other sensitive customer and business information. Everest has given Under Armour seven days to respond before it leaks everything. Security experts say customers should act now by changing passwords, using strong and unique logins, enabling multi-factor authentication, watching bank activity, and being careful with emails that may be phishing attempts. Under Armour has not yet confirmed whether the breach is real.
Protei
Protei, a Russian telecom firm that provides surveillance and censorship tech, was hacked. 182GB of data, including emails, was stolen, and the website was defaced.https://t.co/a7ueEWO18b
— DevaOnBreaches (@DevaOnBreaches) November 18, 2025
Protei, a telecom company that builds internet surveillance and censorship tools for countries around the world, was hacked and had its website defaced and about 182 GB of internal data stolen, including years of emails. The hacking took place around November 8, when the company’s website briefly displayed a message mocking its role in making deep-packet inspection and SORM-style monitoring systems used for government surveillance. The leaked data was shared with DDoSecrets, a group that publishes datasets in the public interest. Protei, which began in Russia but is now based in Jordan, denied having Russian ties and said it was unaware of any data theft. The attacker’s identity is unknown, but the incident highlights concerns over companies that provide technology used for censorship and tracking people’s online activity.
Eurofiber France
Eurofiber France reported a #databreach after hackers exploited a vulnerability in its ticket management system.
— DevaOnBreaches (@DevaOnBreaches) November 19, 2025
The breach impacted its French division and exposed data such as credentials and VPN configs.https://t.co/SO9SEuPb15
Eurofiber France, a business-focused telecom provider, revealed that hackers broke into its ticket management system by exploiting a vulnerability and stole data from the platform. The breach affects only its French division and related brands, and the company says no banking or other highly sensitive data from main systems was impacted, though it has not specified what was taken. A hacker called “ByteToBreach” claims they stole information from about 10,000 business and government clients, including screenshots, VPN configs, credentials, certificates, email files, and SQL backups, and is demanding payment to avoid leaking it. Eurofiber France has notified French regulators and cybersecurity authorities, patched the issue, and added extra protections, but has declined to share more details while the investigation continues.
Princeton University
Princeton University disclosed a #databreach exposing personal info of alumni, donors, and staff. Hackers gained access via phishing, stealing names, emails, and addresses.https://t.co/24ibsZxXFd
— DevaOnBreaches (@DevaOnBreaches) November 19, 2025
Princeton University announced that a database containing personal information about alumni, donors, students, faculty, staff, and related groups was accessed in a cyberattack on November 10. Hackers broke in by phishing a university employee and were able to view biographical details such as names, emails, phone numbers, and home or work addresses, though no financial data, passwords, Social Security numbers, or detailed student records were included. Princeton says the attackers were removed from its systems and did not access other parts of the network. The university is warning people to watch for fake emails pretending to be from Princeton and to avoid sharing any sensitive information. Although the incident resembles a recent breach at the University of Pennsylvania, Princeton says there is no evidence the two attacks are connected.
Pajemploi
Pajemploi reports a #databreach exposing personal infomation of up to 1.2M childcare workers, including names, addresses, and social security numbers.https://t.co/Dpj57NQgVb
— DevaOnBreaches (@DevaOnBreaches) November 19, 2025
Pajemploi, a French social security service for parents and home-based childcare workers, suffered a data breach that may have exposed personal information belonging to up to 1.2 million caregivers. The stolen data could include names, birthplaces, addresses, Social Security numbers, banking institutions, and Pajemploi identification numbers, though bank account numbers, emails, phone numbers, and passwords were not accessed. The attack was detected on November 14, and Pajemploi says its services continue to operate normally while it secures its systems and notifies those affected. French authorities CNIL and ANSSI have been informed, and users are warned to watch out for scams using the stolen information. No ransomware group has claimed responsibility so far.
Samsung Medison
Alleged Samsung Medison data from a reported 3rd-party #databreach is being offered for sale, including source code, credentials and healthcare-linked PII.https://t.co/nKOGLOY2uK
— DevaOnBreaches (@DevaOnBreaches) November 19, 2025
A hacker known as “888” is selling data they claim to have stolen from Samsung through a breach of a third-party contractor. The hacker says the files include source code, private keys, login details, configuration files, and personal information from what appears to be a Samsung Medison healthcare system, along with exported MSSQL and AWS S3 data. Screenshots suggest access to backend databases, cloud storage, and employee or user records from Samsung’s medical imaging division. The hacker is offering the data as a one-time sale and is taking bids through Keybase, with payment in Monero. Samsung has not yet confirmed whether the data is real, but if genuine, it poses serious privacy and security risks. The same hacker has a history of major leaks involving companies like Microsoft and Nokia.
Gainsight
Salesforce is probing a #databreach of some customer data tied to Gainsight-connected apps. Salesforce says its platform wasn’t the source, while hackers claim responsibility and threaten leaks.
— DevaOnBreaches (@DevaOnBreaches) November 21, 2025
Gainsight and affected companies are still investigating.https://t.co/vPQ91foROX
Salesforce is investigating a data breach affecting some customers after hackers accessed information through apps made by Gainsight, a customer-management platform that connects to Salesforce. Salesforce says the issue came from Gainsight’s external connection, not from a flaw in Salesforce itself. Gainsight is still investigating and has not acknowledged a breach, but the hacking group ShinyHunters claims responsibility and is threatening to leak the stolen data if Salesforce doesn’t negotiate. The group says it accessed data from nearly a thousand companies, similar to an earlier breach involving Salesloft that let hackers break into connected Salesforce accounts for major firms like Google, Qantas, and TransUnion. It’s unclear whether this new incident is linked to Gainsight’s previous compromise.
FS Italiane Group
Italy’s FS railway data exposed after IT provider Almaviva was hacked.
— DevaOnBreaches (@DevaOnBreaches) November 22, 2025
Hackers claim 2.3TB of sensitive files leaked, including internal docs, contracts & HR data.
Almaviva confirms #databreach, investigation ongoing; impact on passengers still unclear.https://t.co/9fRZahymwN
A hacker has leaked 2.3 terabytes of data stolen from Almaviva, the IT provider for Italy’s national railway operator, FS Italiane Group. The exposed files appear to be recent and include internal documents, technical records, HR and accounting data, multi-company repositories, and contracts, according to cybersecurity experts. Almaviva later confirmed that its systems were breached but said critical services remained operational thanks to its security measures. The company has notified Italian authorities and is investigating the attack. It’s not yet known whether passenger data or information from other Almaviva clients is included in the leak.
