Data Breach Roundup (Mar 13-19, 2026)

UK’s Companies House confirms security flaw exposed business data

Companies House is a British government agency that operates the registry for all U.K. companies. There was a flaw that allowed users to view the dashboards of other companies, which could reveal data including dates of birth, home addresses, and email addresses. This leak could've impacted as many as five million companies over five months, allowing attackers to change data or export records.

UK’s Companies House confirms security flaw exposed business data

Companies House, a British government agency that operates the registry for all U.K. companies, says its WebFiling service is back online after it was closed on Friday to fix a security flaw that exposed companies’ information since October 2025.

BleepingComputerSergiu Gatlan

Sears Exposed AI Chatbot Phone Calls and Text Chats to Anyone on the Web

Prolific security researcher Jeremy Fowler discovered three databases from Sears exposed to the public which contained 3.7 million chat logs and 1.4 million audio files (with transcripts) from Sears' Home Services customer service chatbot "Samantha." Some of the chats contained detailed personal information like names, phone numbers, home addresses, appliances owned, and information on delivery appointments and repairs.

Sears Exposed AI Chatbot Phone Calls and Text Chats to Anyone on the Web

Customer conversations with chatbots can include contact information and personal details that make it easier for scammers to launch phishing attacks and commit fraud.

WIREDLily Hay Newman

Marquis: Ransomware gang stole data of 672K people in cyberattack

Marquis is a Texas-based financial services provider, providing digital marketing, data analytics, compliance, and CRM services to more than 700 banks, credit unions, and mortgage lenders across the United States. This incident occurred in August 2025 and impacted names, dates of birth, addresses, phone numbers, Social Security numbers, Taxpayer Identification Numbers, and financial account information.

Marquis: Ransomware gang stole data of 672K people in cyberattack

Marquis, a Texas-based financial services provider, revealed this week that a ransomware gang stole the data of over 670,000 individuals in an August 2025 cyberattack that also disrupted operations at 74 banks across the United States.

BleepingComputerSergiu Gatlan

Aura confirms data breach exposing 900,000 marketing contacts

Aura is an "identity protection" company that sells products to consumers like identity theft protection, credit and fraud monitoring, and online security tools like phishing protection. Ironically, an employee fell for a voice phishing attack and exposed the of current and former customers. This included full names, email addresses, home addresses, and phone numbers. The company is claiming only about 35,000 customers were compromised and that the rest were a marketing email list they acquired in 2021.

Aura confirms data breach exposing 900,000 marketing contacts

Identity protection company Aura has confirmed that an unauthorized party gained access to nearly 900,000 customer records containing names and email addresses.

BleepingComputerBill Toulas

Navia discloses data breach impacting 2.7 million people

Navia provides software and customer services for Flexible Spending Accounts (FSA), Health Savings Accounts (HSA), Health Reimbursement Arrangements (HRA), Commuter Benefits and COBRA Services. The breached data includes full name, date of birth, Social Security number, phone number, email address, participation in HRA, FSA information, and COBRA enrollment information.

Navia discloses data breach impacting 2.7 million people

Navia Benefit Solutions, Inc. (Navia) is informing nearly 2.7 million individuals of a data breach that exposed their sensitive information to attackers.

BleepingComputerBill Toulas