Data Breach Roundup (Feb 13 – Feb 19, 2026)

Sex toys maker Tenga says hacker stole customer information

The Japanese company says that an attacker accessed an employee's inbox, which could reveal the names, email addresses, and correspondence including order tails or inquiries. A number of impacted victims was not given. The company reset the employee's password and required 2FA, among other fixes.

Sex toys maker Tenga says hacker stole customer information | TechCrunch

The Japanese sex toy maker said a hacker broke into an employee’s inbox and stole customer names, email addresses, and correspondence, including order details and customer service inquiries.

TechCrunchLorenzo Franceschi-Bicchierai

Fintech lending giant Figure confirms data breach

The "blockchain-based" lending company was a victim of the ShinyHunters ransomware gang via the recent Okta breach. After refusing to pay the ransom, 2.5 GB of data was published, including full names, home addresses, dates of birth, and phone numbers. The company did not offer any further details.

Fintech lending giant Figure confirms data breach | TechCrunch

The company said hackers downloaded “a limited number of files” after breaking into an employee’s account. The hacking group ShinyHunters took responsibility for the breach.

TechCrunchLorenzo Franceschi-Bicchierai

Indian pharmacy chain giant exposed customer data and internal systems

This occurred after a researcher discovered a "super admin" API running on DavaIndia's website. It was reported and closed, but it was active since late 2024 and could've revealed information about patient conditions, medicate, or purchases.

Indian pharmacy chain giant exposed customer data and internal systems | TechCrunch

A backend flaw in web admin dashboards used by one of India’s largest pharmacy chains, exposed thousands of online pharmacy orders.

TechCrunchJagmeet Singh

Canada Goose investigating as hackers leak 600K customer records

Canada Goose is a luxury outerwear brand. The data includes customer names, email addresses, phone numbers, billing & shipping addresses, IP addresses, and order histories as well as partial payment information like last four of the card, brand, and - in some cases - BIN and metadata. Canada Goose insists their system hasn't been breached but that the data is old data. They didn't comment on where this data might have come from even if it was old.

Canada Goose investigating as hackers leak 600K customer records

ShinyHunters, a well-known data extortion group, claims to have stolen more than 600,000 Canada Goose customer records containing personal and payment-related data. Canada Goose told BleepingComputer the dataset appears to relate to past customer transactions and that it has not found evidence of a breach of its own systems.

BleepingComputerAx Sharma

Eurail says stolen traveler data now up for sale on dark web

Eurail is a Netherlands-based company that sells passes for train travel across Europe. According to the article they're still investigating exactly what records were taken and how many customers were impacted, but the compromised server could've included full names, passport details, ID numbers, IBANs, health information, and contact details like email address and phone number.

Eurail says stolen traveler data now up for sale on dark web

Eurail B.V., the operator that provides access to 250,000 kilometers of European railways, confirmed that data stolen in a breach earlier this year is being offered for sale on the dark web.

BleepingComputerBill Toulas

A Vast Trove of Exposed Social Security Numbers May Put Millions at Risk of Identity Theft

This databased - discovered in January by UpGuard - contains at least 3 billion records including email addresses, passwords, and Social Security numbers. It's unclear who it belongs to and appears to have been "cobbled together" from previous data breaches.

A Vast Trove of Exposed Social Security Numbers May Put Millions at Risk of Identity Theft

A database left accessible to anyone online contained billions of records, including sensitive personal data that criminals appear to have not yet exploited.

WIREDLily Hay Newman

Louis Vuitton, Dior, and Tiffany fined $25 million over data breaches

This fine was issued by South Korea over "failing to implement adequate security measures" which resulted in the exposure of the data of over 5.5 million customers last year. That includes names, phone numbers, email addresses, physical addresses, and purchase history.

Louis Vuitton, Dior, and Tiffany fined $25 million over data breaches

South Korea has fined luxury fashion brands Louis Vuitton, Christian Dior Couture, and Tiffany $25 million for failing to implement adequate security measures, which facilitated unauthorized access and the exposure of data belonging to more than 5.5 million customers.

BleepingComputerBill Toulas