Here’s your weekly #databreach news roundup:
University of Sydney, DXS International, Askul, Hama Film, Home Depot, French Interior Ministry, and SoundCloud.
University of Sydney
University of Sydney hit by #databreach after hackers stole personal info of 27,000+ staff, students, and affiliates. https://t.co/IFcoqDcRal
— DevaOnBreaches (@DevaOnBreaches) December 21, 2025
Hackers broke into an online coding system used by the University of Sydney and stole files that contained personal information of staff and students. The university said the issue was found last week, quickly contained, and limited to one system. Around 27,000 people were affected, including current and former staff, students, and alumni, with data such as names, dates of birth, phone numbers, addresses, and job details accessed. The university said there is no evidence the information has been shared or misused. Authorities have been notified, affected individuals are being contacted, and support services have been set up. Staff and students have been advised to stay alert, change passwords, and use extra security measures.
DXS International
DXS International, a UK company providing tech for NHS, disclosed a cyberattack on Dec 14. A ransomware group claimed responsibility, stealing 300GB of data. #databreach https://t.co/3pPtLW5FHI
— DevaOnBreaches (@DevaOnBreaches) December 20, 2025
DXS International, a company that provides healthcare technology for the UK’s National Health Service (NHS), reported a cyberattack on December 14, 2023. The company said the breach affected its office servers but was quickly contained with the help of the NHS and a cybersecurity firm. The attack had minimal impact on DXS’s services, and the company’s clinical services remained operational. The specific details of the breach, including whether patient data was stolen, are not yet clear. A ransomware group called DevMan claimed responsibility for the attack and stated they had stolen 300 gigabytes of data. DXS has informed law enforcement and the UK’s Information Commissioner’s Office (ICO), while NHS England confirmed that no patient services were impacted. DXS’s software, which handles patient records, is hosted on the NHS’s network in some cases.
Askul
Japanese e-commerce giant Askul confirmed a RansomHouse ransomware attack stole ~740,000 records. #Databreach via compromised partner admin creds (no MFA) led to data theft, system outages, wiped backups, and ongoing shipment disruptions since October. https://t.co/bQnk0Grp7T
— DevaOnBreaches (@DevaOnBreaches) December 19, 2025
Japanese e-commerce company Askul Corporation confirmed that hackers from the RansomHouse group stole around 740,000 customer records in a ransomware attack that took place in October. The breach caused an IT system failure, halting shipments, including to major retailer Muji. The stolen data includes information on business customers (590,000 records), individual customers (132,000 records), business partners (15,000 records), and employees (2,700 records). Askul has notified affected individuals and reported the breach to Japan’s Personal Information Protection Commission. The hackers gained access using compromised credentials from an outsourced partner’s administrator account, and multiple ransomware variants were used in the attack, causing data encryption and system disruptions. Askul is still working to restore its systems, and the full financial impact of the attack is yet to be determined.
Hama Film
Hama Film exposed customer photos and videos online due to a basic website flaw, a security researcher says.
— DevaOnBreaches (@DevaOnBreaches) December 17, 2025
The photo booth maker was alerted but didn’t respond, leaving users’ images briefly accessible each day. #dataleak https://t.co/ODGn7LWQ6X
A photo booth company called Hama Film, owned by Vibecast, is exposing its customers’ photos and videos online due to a security flaw on its website. A researcher named Zeacer discovered the issue in October and reported it, but received no response from the company. The vulnerability allowed anyone to access and download images from the company’s servers, which store customer photos and videos after being taken in the booths. Although the company deletes photos after 24 hours to limit exposure, the flaw still allows hackers to exploit it daily. At one point, over 1,000 photos from the company’s booths in Melbourne were publicly accessible. The lack of basic security practices, like rate-limiting, has left the customer data exposed. Vibecast has not responded to multiple requests for comment, and as of late December, the issue remains unresolved.
Home Depot
Home Depot exposed access to its internal systems for nearly a year after an employee leaked a private GitHub token.
— DevaOnBreaches (@DevaOnBreaches) December 17, 2025
The key allowed access to source code and core systems and was only revoked after a researcher contacted TechCrunch. https://t.co/5woW81SYdv
A security researcher discovered that Home Depot accidentally exposed access to its internal systems for a year after one of its employees mistakenly published a private access token online. The token, found in early November, granted access to private Home Depot repositories on GitHub, including systems for order fulfillment, inventory management, and code development. The researcher, Ben Zimmermann, tried to alert Home Depot about the issue but received no response for several weeks. After TechCrunch reached out, the token was removed and access was revoked. Home Depot does not have a vulnerability disclosure or bug bounty program, which may have contributed to the delay in addressing the issue. Zimmermann has disclosed similar vulnerabilities to other companies, which have acknowledged and acted on his findings.
French Interior Ministry
France’s Interior Ministry confirmed a cyberattack that breached its email servers, giving hackers access to some internal files. #databreach https://t.co/o6aDovTdB4
— DevaOnBreaches (@DevaOnBreaches) December 17, 2025
The French Ministry of the Interior was hit by a cyberattack between December 11 and 12, which compromised its email servers and allowed attackers to access some document files. While it is unclear whether any data was stolen, the ministry has strengthened its security measures and implemented tighter access controls. The French authorities have launched an investigation to determine the origin and scope of the attack, considering various possibilities such as foreign interference, activists, or cybercrime. The ministry oversees key security functions like police forces and immigration services, making it a valuable target for hackers. In the past, France has attributed similar cyberattacks to the Russian hacking group APT28, which has targeted French government and defense entities, as well as other European and North American organizations.
Pornhub
Pornhub had a #databreach exposing the viewing histories, searches, emails, and locations of 200M+ former Premium users.
— DevaOnBreaches (@DevaOnBreaches) December 17, 2025
Hackers claim to have stolen 94GB of data via third-party analytics Mixpanel or a compromised Aylo account.https://t.co/XnvhiYEF8H
A major privacy breach involving Pornhub Premium users has surfaced, with the hacker group ShinyHunters claiming to have stolen a 94GB database containing over 200 million records of user activity, including searches, downloads, and video viewing details. The breach reportedly originated from a security lapse at Mixpanel, a third-party analytics provider, but conflicting reports have emerged about whether the breach was due to Mixpanel or a compromised employee account at Pornhub’s parent company, Aylo. The hackers are demanding a Bitcoin ransom, threatening to release the data unless paid. While Pornhub confirmed that no sensitive data like passwords or credit card details were compromised, the stolen information includes email addresses, locations, and timestamps of video activity.
SoundCloud
SoundCloud confirms a recent #databreach exposed users' email addresses and profile info, affecting 20% of its users (28M accounts).https://t.co/XMXeKabI2D
— DevaOnBreaches (@DevaOnBreaches) December 16, 2025
SoundCloud has confirmed a security breach that led to outages and VPN connection issues, exposing users’ email addresses and profile information. The breach, which affected around 20% of SoundCloud’s users (roughly 28 million accounts), was traced to unauthorized activity involving an ancillary service dashboard. The company assured that no sensitive data, like passwords or financial information, was compromised. The breach led to some disruption in VPN access, as the company made security improvements, including enhanced monitoring and stronger access controls. Additionally, denial-of-service attacks temporarily impacted the platform’s availability. Although SoundCloud did not name the attackers, a source suggested that the ShinyHunters extortion group, which was also responsible for the PornHub breach, was behind the attack.
