Data Breach Roundup (Jan 30 – Feb 5, 2026)

NationStates confirms data breach, shuts down game site

NationStates is a mulitplayer in-browser government simulation game. In late January the developers received a report from a player who claimed to have found a vulnerability, but also accessed user data in the process. The player has a history of reporting vulnerabilities like these and promises that any user data downloaded was deleted, but out of caution the devs are treating this like a breach. The exposed data included email address (including past email addresses), IP address, browser UserAgent strings, passwords stored in MD5, and DMs.

Panera Bread breach impacts 5.1 million accounts, not 14 million customers

Late last month, it was reported that American fast-food chain Panera Bread had suffered a data breach of 14 million customers. It's now been clarified that it was 14 million records, or just over 5 million customers. The data includes email address, name, phone number, and physical address and likely impacts employees as well as customers. Panera Bread has yet to make a formal statement or notify customers.

Wedding Photo Booth Company Exposes Customers’ Drunken Photos

Curator Live - who offers photo booths for weddings, engagement parties, and lobbying events in D.C. - has exposed photos, which include phone numbers. The researcher says they found at least 100 GB of photos and some include children.

Coinbase confirms insider breach linked to leaked support tool screenshots

A contractor at Coinbase "improperly accessed" the data of about 30 customers. Coinbase has let him go and notified the impacted customers. Insider threats like this are a reminder why we support zero-knowledge services.

Discovered just this week, the breach occurred in October 2025 and impacted email addresses and phone numbers. It's unclear how many users were impacted but a BreachForum post contains just shy of 700,000 records. The attacker says the method they used was "patched fast."

Data breach at govtech giant Conduent balloons, affecting millions more Americans

This breach occurred in 2024 and was disclosed in October, said to originally affect roughly 10 million people. We now know it affects over 35 million. Stolen data includes names, Social Security numbers, medical data, and health insurance information.

Data breach at fintech firm Betterment exposes 1.4 million accounts

We covered this story last month. Betterment is an "automated investing platform." Betterment still hasn't confirmed how many accounts were impacted, but Have I Been Pwned said the data of over 1.4 million accounts (including email address, names, and geographic location data) were compromised. This confirms Betterment's statement that primarily name and email address were impacted, as well as physical address, phone number, or birthdate "in some cases."