Data Breach Roundup (May 22 - 28, 2026)

Charter confirms data breach after ShinyHunters extortion threat

Charter Communications, one of America's largest ISPs and company behind Spectrum, has admitted to a data breach. They have not disclosed the scope but assure that no sensitive personal customer data was stolen. ShinyHunters claims to have taken over 40 million records containing customer names, email addresses, addresses, phone numbers, phone type, plan information, and some CPNI data. They also claim to have stolen customer support ticket data.

UK Visa Portal spilled thousands of applicants’ passports and selfies online — and hasn’t fixed the leak

An anonymous researcher has alerted TechCrunch that the UK's immigration application portal is exposing at least 100,00 documents. TechCrunch attempted to report the issue, but the company's lawyers and PR firm replied instead of management or security experts. At this time, the issue remains unresolved.

Scammers Are Using Your Real Hotel Reservations to Trick You With Spear-Phishing Attacks

This story is a bit unclear. It seems that someone somehow (both unidentified) is getting access to hotel booking information and using it to create phishing attacks for travelers to try and steal their credit card numbers. The article is unsure who's behind this or how they're getting access to these systems.

Carnival Cruise confirms data breach affecting nearly 6 million people

Carnival is the world's largest cruise operator. This breach occurred in April of this year and included names, dates of birth, email addresses, genders, geographic locations, and loyalty program details.

Microsoft accused of leaking data of Dutch civil servants working on tech laws to US government

Microsoft allegedly shared emails, minutes, and invitations without redacting information required under GDPR such as names. It's unclear what the context of the data sharing was.

https://cybernews.com/tech/microsoft-dutch-data/

A security lapse at prison pay phone service Pay Tel publicly exposed over 300K callers’ driver’s licenses

This was an exposed Microsoft Azure server that had no password protection. The researcher who found this said that text messages, handwritten notes, and financial records were also exposed. The server has since been secured but Pay Tel hasn't acknowledged it publicly.

Government24 Personal Data Leak Caused by Negligence: Ministry of the Interior and Safety Fined Over 200 Million Won

This is an update to a breach in South Korea from 2024 where the personal data of 1,233 individuals was leaked due to "source code development errors." The data included names, dates of birth, academic records, graduation certifiates, and more.

Trump Mobile confirms it exposed customers’ personal data, including phone numbers and home addresses

A small update to a story from last week. Trump Mobile has finally acknowledge that they were leaking customer data. They are blaming a third-party provider and claim that no content or financial information was leaked, and no network, systems, or infrastructure were breached. They have not issued notifications yet.

7-Eleven data breach exposes personal information of 185,000 people

Last week we learned that popular convenience chain 7-Eleven had suffered a data breach in April, but little else. We now know the number impacted as well as a better idea of the data: names, dates of birth, unique email addresses, pone numbers, and physical addresses.