Data Breach Roundup (Jan 16 – Jan 22, 2026)

Supreme Court hacker posted stolen government data on Instagram

A man used stolen credentials to access the accounts of people at the Supreme Court, but also AmeriCorps (a government agency that runs stipend volunteer programs) and the Department of Veterans Affairs. He then posted some of the data on Instagram under the handle @ihackthegovernment. It's unclear what he was attempting to gain (money, intimidation, etc) but the man now faces up to 1 year in jail and and a $100,000 fine.

Supreme Court hacker posted stolen government data on Instagram | TechCrunch

Nicholas Moore pleaded guilty to stealing victims’ information from the Supreme Court and other federal government agencies, and then posting it on his Instagram @ihackthegovernment.

TechCrunchLorenzo Franceschi-Bicchierai

CIRO confirms data breach exposed info on 750,000 Canadian investors

CIRO is the Canadian Investment Regulatory Organization. It was formed in 2023 and is "one of the core pillars of the country’s financial regulatory framework." The data - stolen in August 2024 - includes dates of birth, phone numbers, annual income, social insurance numbers, government ID numbers, investment account numbers, and account statements.

CIRO confirms data breach exposed info on 750,000 Canadian investors

The Canadian Investment Regulatory Organization (CIRO) confirmed that the data breach it suffered last year impacts about 750,000 Canadian investors.

BleepingComputerBill Toulas

Ingram Micro says ransomware attack affected 42,000 people

This breach took place in July 2025 and included name, contact information, date of birth, government ID numbers (including Social Security, driver's license, and passport numbers), and "certain employment-related information (such as work-related evaluations)."

Ingram Micro says ransomware attack affected 42,000 people

​Information technology giant Ingram Micro has revealed that a ransomware attack on its systems in July 2025 led to a data breach affecting over 42,000 individuals.

BleepingComputerSergiu Gatlan

UStrive security lapse exposed personal data of its users, including children

UStrive is a nonprofit online mentoring site formerly known as "Strive for College." The "security lapse" was that personal data was visible using "browser tools" while signed in and navigating the website. This was apparently linked to a vulnerable Amazon-hosted GraphQL endpoint. The researcher said that at least 238,000 records were visible and included data such as full names, email addresses, phone numbers, gender and date of birth. UStrive has not said if they plan to inform users.

Exclusive: UStrive security lapse exposed personal data of its users, including children

The online mentoring site UStrive exposed email addresses, phone numbers, and other non-public information to other logged-in users. The nonprofit told TechCrunch that the issue is now fixed, but wouldn’t commit to alerting affected individuals.

TechCrunchZack Whittaker

Under Armour says it’s ‘aware’ of data breach claims after 72M customer records were posted online

Under Armour - mostly known for their fitness clothes - apparently suffered a data breach in November. The data includes name, email address, gender, date of birth, location based on ZIP code, and purchase-related information for 72 million individuals. Under Armour said they were still investigating the incident but made no comment about plans to notify victims.

Under Armour says it’s ‘aware’ of data breach claims after 72M customer records were posted online | TechCrunch

TechCrunch obtained a sample of the stolen data, which contained names, email addresses, dates of birth, and the user’s approximate geographic location. Under Armour confirmed some sensitive information was taken in the breach.

TechCrunchZack Whittaker