Here’s your weekly #databreach news roundup:
Barts Health NHS, Petco, Freedom Mobile, Leroy Merlin, University of Phoenix, and Marquis.
Barts Health NHS
Barts Health NHS Trust says Clop ransomware actors stole invoice data via an Oracle software flaw, exposing the names and addresses of people who paid for services. #databreach
— DevaOnBreaches (@DevaOnBreaches) December 7, 2025
https://t.co/8IPwe4fOPZ
Barts Health NHS Trust said that hackers using Clop ransomware stole invoice files from one of its databases by taking advantage of a flaw in its Oracle software. The files include names and addresses of people who paid for treatment, as well as some former staff and supplier information. Data related to accounting work for another NHS trust was also taken and later posted on the dark web. Barts says the main hospital systems were not affected, authorities have been notified, and a court order is being pursued to stop the data from being shared. Patients who have paid Barts are advised to review their invoices and watch out for any unexpected messages asking for personal information or payment.
Petco
Petco disclosed a #databreach after a misconfigured app exposed customer files online. The company says it fixed the issue quickly and is offering credit and ID monitoring, but hasn’t said how many people or what data was affected.https://t.co/2HZ9q71kBW
— DevaOnBreaches (@DevaOnBreaches) December 7, 2025
Petco has reported a data breach that made some customer information accessible online because of a wrong setting in one of its software tools. The company says it found the issue itself, quickly fixed it, and removed the files from public access, but it has not said what specific personal data was exposed or how many people were affected. California records show that at least 500 state residents were impacted, and customers in Massachusetts and a few in Montana were also notified. Petco is offering free credit and identity-theft monitoring to those involved and says it has strengthened its security to prevent similar problems in the future.
Freedom Mobile
Freedom Mobile says hackers breached a subcontractor account, exposing customer data (names, addresses, DOBs, phone + account numbers). #databreach https://t.co/l1Ri02jifA
— DevaOnBreaches (@DevaOnBreaches) December 5, 2025
Freedom Mobile reported that hackers accessed its customer account management platform by using a subcontractor’s stolen account, exposing personal details such as names, addresses, dates of birth, phone numbers, and account numbers for an unknown number of customers. The company says it detected the breach on October 23, quickly blocked the suspicious access, and strengthened its security, and it has found no signs that the stolen data has been misused. Freedom’s network and operations were not affected, and it advises customers to watch for strange messages, avoid clicking suspicious links, and check their accounts for unusual activity.
Leroy Merlin
Leroy Merlin France has confirmed a #databreach exposing customer names, contact details, addresses, dates of birth, and loyalty information.https://t.co/fyjaiDsn1w
— DevaOnBreaches (@DevaOnBreaches) December 4, 2025
Leroy Merlin has told customers in France that a cyberattack allowed outsiders to access some personal information, including names, phone numbers, email addresses, home addresses, dates of birth, and loyalty program details. The company says it quickly blocked the unauthorized access and confirmed that no banking information or passwords were exposed. There is no sign that the stolen data has been misused, but customers are advised to stay alert for fake messages pretending to be from the company and to report any unusual account activity or loyalty point issues.
University of Phoenix
University of Phoenix allegedly has a #databreach after Clop hackers exploited an Oracle E-Business zero-day, stealing sensitive data from students, staff, and suppliers. The school says reviews are ongoing and notifications will follow.https://t.co/HsBfLfrjTb
— DevaOnBreaches (@DevaOnBreaches) December 4, 2025
The University of Phoenix says that hackers broke into its Oracle E-Business Suite system in August 2025 and stole sensitive information belonging to students, staff, and suppliers. The breach was discovered in November after the Clop extortion group posted the university on its leak site. The stolen data includes names, contact details, dates of birth, Social Security numbers, and bank account information. The university and its parent company have reported the incident to regulators and will send letters to affected people with next steps. This attack is part of a larger Clop campaign that has also hit other U.S. universities and many companies worldwide by exploiting a zero-day flaw in Oracle software.
Marquis
Marquis Software Solutions allegedly has a #databreach after a ransomware attack that hit its SonicWall firewall, exposing personal data from over 400,000 customers across dozens of U.S. banks and credit unions.https://t.co/3DvbaBW3h1
— DevaOnBreaches (@DevaOnBreaches) December 4, 2025
Marquis Software Solutions says it was hit by a ransomware attack in August 2025 after hackers got into its network through a SonicWall firewall, allowing them to steal files containing personal information from dozens of banks and credit unions. More than 400,000 people across 74 financial institutions may have had data exposed, including names, addresses, phone numbers, Social Security numbers, tax IDs, birth dates, and some financial account details. Marquis says there is no sign the stolen data has been misused, though one deleted filing suggested the company paid a ransom to prevent leaks. The company has since strengthened its security by patching firewalls, removing old accounts, enabling multi factor authentication, and adding stricter access controls. The attack appears similar to methods used by the Akira ransomware group, which often breaks into networks using stolen SonicWall VPN credentials.
