Data Breach Roundup (Mar 6 - Mar 12, 2026)

Cognizant TriZetto breach exposes health data of 3.4 million patients

TriZetto makes software and IT services used by health insurers and healthcare providers. This breach was detected in October 2025 and the subsequent investigation revealed access dating back to November 2024. Data exposed includes full name, physical address, date of birth, Social Security number, health insurance member number, Medicare beneficiary identifier, provider name, health insurer name, and demographic, health, & insurance information.

Ericsson US discloses data breach after service provider hack

Ericsson is a Swedish "networking and telecommunications giant." Their US arm is reporting that the data of over 15,000 employees and customers had been exposed including names, addresses, Social Security numbers, driver's license numbers, government-issued ID numbers (passports, state IDs, etc), financial information (account numbers, cred/debit card numbers, etc), medical information, and dates of birth.

An unnamed DOGE software engineer - who left in October of last year - says that he took two USB sticks with him containing two databases ("Numident" and "Master Death File") with the intention of re-using the data at his new company. The Social Security Administration disputes this claim.

DOGE employee stole Social Security data and put it on a thumb drive, report says | TechCrunch

A whistleblower is accusing a former DOGE member of stealing a large number of Americans’ personal data while he was working at the Social Security Administration, with the plan of using it at his new job.

TechCrunchLorenzo Franceschi-Bicchierai

Telus Digital confirms breach after hacker claims 1 petabyte data theft

Telus Digital is a "business process outsourcing" company. Details on this breach are still very limited. The company has confirmed that a breach but has not responded to any questions. ShinyHunters is claiming the breach, but BleepingComputer has not been able to confirm any of the samples. ShinyHunters claims to have impacted 28 "well-known" companies impacted by the breach, and says data incldes things like customer support agent rankings and fraud detection tools, but also more sensitive data like FBI background checks, financial information, voice recordings of support calls, and call metadata.

England Hockey investigating ransomware data breach

England Hockey is the governing board for field hockey in England. A threat actor is claiming to have stolen 129GB of data. No other details have been released yet, but typically in these cases the attacker turns out to be telling the truth so we'll likely have an update in a future newsletter.

Canadian retail giant Loblaw notifies customers of data breach

The breach contains "basic customer information" like names, phone numbers, and email addresses. The company said that out of caution they logged all customers out of their accounts and recommend (but are not forcing) password changes.

Starbucks discloses data breach affecting hundreds of employees

This occurred after attackers gained access to 889 Starbucks Partner Central accounts, which employees use for managing personal details, benefits, and HR information. The article did not explain how this compromise occurred, but said exposed information includes names, Social Security numbers, dates of birth, and financial account information such as routing numbers.

Viral 'Quittr' Porn Addiction App Exposed the Masturbation Habits of Hundreds of Thousands of Users

This is an update to a story from January. 404 wrote about an app that was leaking user data but declines to name the app because the security issues weren't resolved yet. The app had a misconfiguration that allowed anyone to query the user database. After initially denying the vulnerability and dodging reporters, the vulnerability has been fixed.