Data Breach Roundup (Apr 24 - 30 2026)

ADT confirms data breach after ShinyHunters leak threat

The breach took place on April 20 and impacted dates of birth, last four of Social Security numbers, and Tax IDs. No payment information was accessed. The number of victims was not released but the ShinyHunters listing alleges over 10 million records. The article notes that ADT also had breaches in August and October of 2024. A later article from Bleeping Computer noted that the breach affects 5.5 million people.

ADT confirms data breach after ShinyHunters leak threat

Home security giant ADT has confirmed a data breach after the ShinyHunters extortion group threatened to leak stolen data unless a ransom is paid.

BleepingComputerLawrence Abrams

Medtronic confirms breach after hackers claim 9 million records theft

Medtronic - a medical equipment manufacturer - says they detected an incident that did not impact customers or products or business operations. ShinyHunters, however, claims to have personally identifiable information and "terabytes" of internal corporate data.

Medtronic confirms breach after hackers claim 9 million records theft

Medical device giant Medtronic disclosed last week that hackers breached its network and accessed data in “certain corporate IT systems.”

BleepingComputerBill Toulas

Hackers threaten to leak over 9M Amtrak records, including personal info

This article is from April 14, but was just posted to our forum this week. There's not really any information as the threats did not mention what kind of information was stolen. Given the lack updates, it seems likely that Amtrack paid, but if anyone has any updates feel free to leave them in the comments.

Hackers threaten to leak over 9M Amtrak records, including personal info

ShinyHunters claims to have stolen 9.4 million Amtrak records via Salesforce and is threatening to leak personal data unless a ransom is paid.

CybernewsVilius Petkauskas

Video service Vimeo confirms Anodot breach exposed user data

Vimeo is a video hosting and streaming service, one of the largest competitors to YouTube (according to this article), with over 300 million registered users. Anodot is a third-party service vendor who suffered a breach earlier this month. As a result, attackers were able to compromise Vimeo. An undisclosed number of customers had email addresses exposed, but information also included "technical data, video titles, and metadata."

Video service Vimeo confirms Anodot breach exposed user data

Vimeo has disclosed that data belonging to some of its customers and users has been accessed without authorization following the recent breach at the Anodot data anomaly detection company.

BleepingComputerBill Toulas

Dental practice software maker fixes bug that exposed patients’ medical records

Practice by Numbers makes popular patient management software for dental offices. An insecure direct object reference flaw allowed access to any other patient's records simply by changing the web address. The records were sequential, making them even easier to scrape or view. The company's email address was broken and a LinkedIn message went ignored until TechCrunch got involved. It was finally closed.

Dental practice software maker fixes bug that exposed patients’ medical records | TechCrunch

Exclusive: The security bug is now fixed, but the patient who found it said it was challenging to alert the software company about the issue.

TechCrunchZack Whittaker