In November 2025, the International Kiteboarding Organization suffered a data breach that exposed 340k user records. The data was subsequently listed for sale on a hacking forum and included email addresses, names, usernames and in many cases, the user’s city and country.
In November 2025, Beckett Collectibles experienced a data breach accompanied by website content defacement. The stolen data was later advertised for sale on a prominent hacking forum, with portions subsequently released publicly. The publicly circulating data included more than 500k email addresses reportedly belonging to North American customers, along with a smaller subset containing names, usernames, phone numbers and physical addresses.
In November 2025, Eurofiber France disclosed a data breach of its ticket management platform. Data containing 10k unique email addresses and a smaller number of names and phone numbers was subsequently leaked. A threat actor claiming responsibility for the breach alleges to have additional, more sensitive data including screenshots, VPN configuration files, credentials, source code, certificates, archives, and SQL backup files.
In March 2023, the “AI-first global cloud platform” Vultr disclosed a security incident at a third-party vendor. Dating back to the previous year, the incident was attributed to the ActiveCampaign email marketing service provider and resulted in the exposure of 188k unique email addresses. A small number of records also included name, IP address and country of origin. No Vultr systems or additional customer data were impacted. Vultr subsequently self-submitted the impacted data to HIBP.