Public breach reports where government issued ids were listed among exposed data types.
JCPenney suffered a data breach in June 2026 when ShinyHunters exploited a zero-day vulnerability in Oracle PeopleSoft, exposing personal and HR data for approximately 368,000 current and former employees.
DentaQuest, a dental benefits administrator, had data on approximately 2.6 million individuals publicly leaked by the ShinyHunters group following an extortion campaign in May 2026.
Colombian fintech company Addi suffered a breach in March 2026 affecting over 34 million accounts, exposing financial, identity, and credit-related personal data after the ShinyHunters group claimed responsibility and published the stolen data.
Turkish restaurant chain Baydöner suffered a data breach in March 2026 exposing over 1.2 million customer records including names, email addresses, phone numbers, and plaintext passwords.