Weekly Databreaches Roundup Week 48-2025
OpenAI, Asahi, SitusAMC, Harvard University, Dartmouth College, Recent Links, Cox Enterprises, and Iberia.
Asahi
Asahi, a Japanese beer giant, revealed that a September #databreach may have exposed personal info of 1.5M+ customers, including names and contact details. The breach disrupted operations in Japan, causing beer shortages.https://t.co/WRfLwMrXg3
— DevaOnBreaches (@DevaOnBreaches) November 28, 2025
Asahi, a major Japanese beer company, said a large cyber-attack in September may have exposed personal information from over 1.5 million customers, along with data from employees, their families, and business contacts. The ransomware attack disrupted factories, caused drink shortages, and forced staff to use pen and paper for orders. While only a small number of employee files are confirmed leaked, much more data may be at risk, though no credit card details were involved. The company is still restoring its systems, delaying financial results, and strengthening security, and says the impact is limited to its Japan operations.
Read more at : https://www.bbc.com/news/articles/ce86n44178no
OpenAI
OpenAI says a #databreach at Mixpanel exposed some API users’ basic info (names, emails, IDs, device details), but no chats, API keys, passwords, or payment data were leaked.https://t.co/eJxjD9WAPK
— DevaOnBreaches (@DevaOnBreaches) November 27, 2025
OpenAI announced that some API customers’ personal details, including usernames, emails, user or organisation IDs, and basic browser and location data, were exposed after hackers breached Mixpanel, a third-party analytics service used by OpenAI. The company said its own systems were not hacked, and sensitive data such as passwords, API keys, chat data, payment details, or government IDs were not affected. Only users of the API platform, not regular ChatGPT users, were impacted. OpenAI has stopped using Mixpanel, is notifying affected users, and advises customers to watch out for phishing attempts and to enable multi-factor authentication for extra security.
SitusAMC
SitusAMC, a key back-end service provider for major banks like Citi, Morgan Stanley, and JPMorgan Chase, disclosed a #databreach impacting both client and customer data.https://t.co/5BbX0bQtVH
— DevaOnBreaches (@DevaOnBreaches) November 26, 2025
SitusAMC, a company that provides back-end mortgage and real-estate financing services for major banks, announced that a data breach earlier this month exposed some client information and possibly data belonging to their customers. The firm, which works with large institutions like Citi, Morgan Stanley, and JPMorgan Chase, said its systems were not hit by ransomware and its operations remain unaffected. The breach was detected on November 12, confirmed on November 15, and clients began receiving notifications soon after. The compromised data may include accounting records, legal agreements, and other corporate information, though the full number of affected customers is still unknown. SitusAMC says it is working with outside experts, updating clients directly, and continuing to investigate the scope of the attack.
Harvard University
Harvard University disclosed a #databreach after a voice phishing attack compromised its Alumni Affairs and Development systems, exposing personal information like email addresses, phone numbers, event attendance, and donation details.https://t.co/v2VgqY4bcQ
— DevaOnBreaches (@DevaOnBreaches) November 26, 2025
Harvard University announced that its Alumni Affairs and Development systems were hacked through a voice-phishing scam, exposing personal information such as emails, phone numbers, addresses, donation details, and other biographical data for students, alumni, donors, parents, and some faculty and staff. The university said no Social Security numbers, passwords, or financial information were involved. Harvard quickly cut off the attacker’s access, notified affected individuals on November 22, and is working with law enforcement and cybersecurity experts to investigate. Officials warn people to watch for fake calls, texts, or emails pretending to be from Harvard. The number of those affected is still unknown, and the incident follows another recent breach involving a ransomware group claiming to have hacked Harvard, as well as similar attacks on Princeton and the University of Pennsylvania.
Dartmouth College
Dartmouth College has disclosed a #databreach after the Clop ransomware gang leaked stolen data from its Oracle E-Business Suite servers.
— DevaOnBreaches (@DevaOnBreaches) November 26, 2025
The breach exposed personal information of 1,494 individuals, including Social Security numbers and financial data.https://t.co/RU0FrMIKF6
Dartmouth College revealed a data breach after the Clop extortion gang published files allegedly stolen from the school’s Oracle E-Business Suite servers. The attackers used a zero-day flaw to steal data between August 9 and 12, 2025, exposing names, Social Security numbers, and financial account information for at least 1,494 people, though the real number is likely higher. Dartmouth discovered the sensitive files on October 30 and has notified affected individuals, while broader details such as the ransom demand remain unknown. This breach is part of a larger Clop campaign targeting many organizations through the same Oracle vulnerability, with other victims including Harvard, The Washington Post, and American Airlines’ Envoy Air. It also follows a wave of separate voice-phishing attacks against several Ivy League schools.
Recent Links
Recent Links, a feature on JSONFormatter and CodeBeautify, had a #databreach, exposing over 80,000 sensitive files like credentials and private keys.
— DevaOnBreaches (@DevaOnBreaches) November 26, 2025
This left organizations in sectors such as banking, healthcare, and government at risk.https://t.co/9qOWxjqSF4
Researchers found that more than 80,000 JSON files containing sensitive information were publicly accessible on the JSONFormatter and CodeBeautify websites because their “Recent Links” feature exposed user uploads with no protection. The leaked data included passwords, private keys, cloud credentials, API tokens, database access, and even sensitive information from government, banking, healthcare, and cybersecurity organizations. Some examples included AWS keys from a major financial exchange, Active Directory credentials from a security provider, and detailed configuration files from tech and government systems. Attackers were already trying to use exposed credentials, as shown by tests with fake keys. Although some organizations fixed their leaks after being warned, many did not, and the exposed pages remain publicly accessible, leaving a large amount of confidential data at risk.
Cox Enterprises
Cox Enterprises says a #databreach happened after hackers used a zero-day flaw in Oracle’s software to access its systems in August. Cl0p ransomware claims responsibility.https://t.co/Gk7B32dZWf
— DevaOnBreaches (@DevaOnBreaches) November 25, 2025
Cox Enterprises is notifying nearly 9,500 people that their personal data was exposed after hackers broke into the company’s network by exploiting a zero-day flaw in Oracle’s E-Business Suite between August 9 and 14, 2025. The breach wasn’t detected until late September, and the Cl0p ransomware group has claimed responsibility, adding Cox to its leak site and publishing stolen data. Cox, a large U.S. company in telecommunications and automotive services, says the flaw was unknown until Oracle released a patch in October and that similar attacks have hit other major organizations. The company is offering affected individuals a year of free identity theft protection and credit monitoring, though it has not specified which types of data were exposed.
Iberia
Iberia warns customers of a #databreach after a supplier was compromised. Exposed info includes names, emails, and loyalty IDs (no passwords or payment data).https://t.co/dHSSnAIaIr
— DevaOnBreaches (@DevaOnBreaches) November 23, 2025
Iberia, Spain’s largest airline, is warning customers that some of their personal information was exposed after a security breach at one of its suppliers. The leaked data may include names, email addresses, and loyalty card numbers, but no passwords or payment details were affected. Iberia says it activated its security protocols, added extra protections to customer accounts, and is working with authorities and the supplier to investigate. The notice comes shortly after a hacker claimed to be selling 77 GB of alleged Iberia data online, though it’s unclear whether that claim is related. The airline says there is no evidence of fraud so far but urges customers to watch for suspicious messages.
