Data Breach
In-depth guides and analysis on data breach from the Safeguard engineering team.
11 articles
Carnival Data Breach (May 2026): 5.99M Records Lost via Salesforce Social Engineering
Carnival confirmed a breach affecting nearly 6 million people on May 28, 2026, after an attacker socially engineered an employee into granting access to its IT environment. Here is the verified chain and what defenders should do.
Instructure Canvas Breach (May 2026): Up to 275M Records and a Quiet Settlement
ShinyHunters claimed 3.65 TB and 275 million records from Instructure's Canvas LMS across ~9,000 schools. Instructure confirmed names, emails, student IDs, and user messages were taken, then reportedly paid to make it stop.
Odido Telecom Breach: 6.2M Dutch Customers, Salesforce, and No Compensation (May 2026)
Odido, the Netherlands' largest mobile operator, exposed 6.2 million customers' data, including IBANs and ID details, via a vishing-driven Salesforce intrusion. In May 2026 the company ruled out compensation as mass claims mounted.
Škoda Auto Online Shop Breach (12 May 2026): An E-Commerce Software Flaw and the Credential-Reuse Tail
Škoda Auto disclosed on 12 May 2026 that attackers exploited a vulnerability in its German online shop to steal customer names, contact details, order data, and login credentials. The card data was safe; the credentials are the part that keeps paying out.
Plex Data Breach: 20 Million Users Forced to Reset Passwords
A breach of Plex's systems exposed usernames, emails, and hashed passwords for approximately 20 million users, forcing the streaming platform to trigger a mass password reset.
Twitter Data Breach: 5.4 Million Accounts Exposed Through an API Vulnerability
An API vulnerability in Twitter allowed attackers to link phone numbers and email addresses to Twitter accounts, ultimately exposing data from 5.4 million users — and possibly over 200 million email-account pairs.
Red Cross Data Breach: Attackers Targeted the World's Most Vulnerable People
A sophisticated cyberattack on the International Committee of the Red Cross compromised personal data of over 515,000 highly vulnerable people, including victims of conflict, missing persons, and detained individuals.
Panasonic Data Breach: Four Months of Undetected Network Access
Panasonic disclosed a data breach in November 2021, revealing that attackers had maintained access to its network for over four months before detection — highlighting the persistent challenge of dwell time.
Robinhood Data Breach: Social Engineering Strikes the Trading Platform
A social engineering attack on a Robinhood customer support employee exposed personal data of approximately 7 million users, revealing the persistent vulnerability of human-facing systems.
LinkedIn Data Scraping: 700 Million User Records Sold on the Dark Web
A threat actor scraped data from 700 million LinkedIn users — 93% of the platform's user base — and put it up for sale, reigniting the debate over API abuse and data privacy.
Facebook Data Leak: 533 Million Users Exposed Through a Contact Import Feature
Personal data from 533 million Facebook users across 106 countries was posted on a hacking forum, exposing phone numbers, emails, and personal details scraped through a contact import vulnerability.