Data Breach Roundup (12/5/25–12/11/25)

Welcome to Data Breach Roundups, our new weekly series where we highlight notable data breaches we encounter. They're more common than you might think! If you want this weekly digest delivered to your inbox in the future, edit your newsletter settings to subscribe to the new 'Data Breach Roundups' mailing list.

Edit Newsletter Subscriptions

Huge Trove of Nude Images Leaked by AI Image Generator Startup’s Exposed Database

An AI Startup (seemingly called DreamX, although the article isn't completely clear) has left a database exposed containing over 1 million images and videos created using their image generation tools. These include so-called "nudify" images wherein AI can take completely benign, "safe-for-work" photos of real people and return images of what they might look like naked. Very little actionable information here as all the images were AI generated, not the training material.

Pharma firm Inotiv discloses data breach after ransomware attack

Inotiv is a US-based pharmaceutical research company. The company has not disclosed exactly what data was stolen, but the theft occurred on August 5-8, 2025 and impacted both current and former employees and their family members.

Petco’s security lapse affected customers’ SSNs, driver’s licenses, and more

Petco is a "pet products and services giant." Last week they confirmed that they suffered a data breach back in September. The initial confirmation was scant on details but we now know a little more. We know that impacted data included names, Social Security numbers, financial account numbers, credit/debit card numbers, and dates of birth. We also know that notices were filed in Texas, California, Massachusetts, and Montana. Exact numbers remain unknown, but California requires disclosure for breaches impacting 500 residents or more.

Petco’s security lapse affected customers’ SSNs, driver’s licenses, and more | TechCrunch

Petco said the exposure was due to an error in an application and that it is notifying victims whose data was affected.

TechCrunchLorenzo Franceschi-Bicchierai

Petco takes down Vetco website after exposing customers’ personal information

Earlier this week, TechCrunch discovered a vulnerability in Petco's website, allowing anyone to download customer data without any authentication required. This includes home address, email address, phone number, visit summaries, medical histories, records, forms, pretty much everything you can imagine.

Barts Health NHS discloses data breach after Oracle zero-day hack

Barts Health NHS Trust is a major healthcare provider in England. After being attacked by the Clop ransomware gang via a widely-exploited Oracle E-business Suite zero day, the provider has announced that data was also stolen. It spans several years and impacts full names and addresses of patients.

CEO of South Korean retail giant Coupang resigns after massive data breach

Coupang is "often compared to Amazon for its dominance in South Korean e-commerce and logistics." Last month they announced a data breach that impacted nearly 34 million people. This appears to be the latest in a number of security incidents. The breach has since been linked back to a former employee's unrevoked system access, though it's unclear if that employee acted maliciously or some third party leveraged said access.