A data breach involving your personal information can leave you feeling vulnerable and overwhelmed. We’ve gathered resources to keep you better informed and protected. Stay calm and take the right steps to protect your identity, online accounts, and finances after a data breach.
One billion customer records were allegedly stolen from a Salesforce database of 39 companies, including Qantas, McDonald’s, and AeroMexico. The hacker group behind the incident is threatening to expose the records if ransom demands are not met.
The stolen information could include Social Security numbers, passport numbers, names, and birth dates. If exploited, criminals can use this information to commit identity theft.
Data breaches occur when someone illegally accesses confidential or sensitive data, like personally identifiable information, and exposes or misuses it. The risks depend on what’s been compromised: leaked email addresses or phone numbers can lead to an uptick in spam and scams, while a stolen Social Security number could leave you dealing with the consequences of identity theft for years.
Targeted scams
After a data breach, stolen personal details can end up for sale on dark web hacker forums, leading to more spam, targeted phishing attacks, and scams. And the more data criminals have, the more convincing their tricks — like a vishing call that uses your real name or account details to sound legitimate.
Identity theft
When personal data such as Social Security numbers are exposed, criminals can use it to commit identity theft. Pretending to be you, they could open fraudulent credit card accounts, apply for loans, commit crimes in your name, or drain your bank account. Victims may face long-term financial problems, reputational damage, and credit score drops.
Hacked accounts
If hackers get their cursor on your login credentials, they can take over your accounts and lock you out. From making unauthorized purchases to scamming your friends or selling your details on the dark web, the damage can spread fast, especially if you reuse the same password across multiple sites.
Data breaches are gold mines for hackers, fraudsters, and identity thieves. Learn more in this episode of Unlocking the Truth.
If you suspect your data was exposed in a breach, what you do next is critical. Start by determining what data was exposed — just your email address, or your SSN, medical records, and login credentials, too? A data breach checker can help you find out.
Next, take action to protect your accounts by changing your passwords and turning on 2FA. Be on high alert for phishing attacks. You may also want to freeze your credit or issue a fraud alert.
Monitoring for signs of identity theft doesn’t have to be painful. Install Norton 360 with LifeLock for identity alerts, credit monitoring, and powerful device protection — all in one place
Data breaches happen when cybercriminals find a way into protected systems — usually by tricking people through social engineering, hacking into systems, or abusing legitimate access.
Phishing
Phishing attacks rely on social engineering tricks to fool an organization’s employees into revealing sensitive information, downloading spyware, or giving hackers access to confidential databases. Deceptive phishing messages often arrive via email, but SMS phishing, voice phishing, and QR code phishing are common, too.
Cyberattacks
Cybercriminals can exploit weaknesses in software and networks to gain unauthorized access to data. They use tools and techniques like malware, hacking, ransomware, and brute-force attacks to compromise potentially massive volumes of information.
Insider threats
Data breaches can also stem from within an organization. Someone having a bad day could forward sensitive information to the wrong person or leave their company laptop unlocked in a cafe. When sensitive data is exposed by accident, it’s usually called a data leak. Alternatively, a disgruntled employee could compromise data on purpose — for profit, revenge, or just out of spite.
Data breaches make the headlines more often than we’d like. Here are some of the most recent chapters in the inglorious history of data breaches.
In September 2025, Kering, the parent company of luxury brands like Gucci, Balenciaga, and Alexander McQueen, announced a data breach that exposed the personal information of around 7.4 million customers worldwide. The hackers have been identified as the Shiny Hunters group. The stolen information included names, email addresses, home addresses, phone numbers, and spending records.
In October 2025, 5CA, a third-party vendor providing services to Discord, reported a breach that affected approximately 70,000 Discord users. Data that may have been exposed included, among other records, names, Discord usernames, emails, billing information, IP addresses, and images of government IDs used in age verification procedures.
In July 2025, TransUnion, one of the three major credit reporting companies, suffered a data breach that exposed millions of customers’ personal information. Hackers stole sensitive data from a third-party application used for customer support, which includes names, birthdates, and Social Security numbers.
Nearly 16 million PayPal users’ credentials were allegedly posted for sale on the dark web around August 2025. While PayPal disputes this is the result of a recent breach, stating the allegations relate to a 2022 security incident, hackers claim the exposed info includes email addresses and plaintext passwords obtained in May 2025.
Over 16 billion login credentials of Apple, Facebook, and Google users were allegedly exposed around June 2025, potentially making it one of the largest data breaches in history. They were originally stolen using information-stealing malware — malicious software that gathers all the data it can find on a stored device and compiles it.
National Public Data, a data broker that provided online background checks and fraud prevention services, shut down in 2024 in the aftermath of a major data breach that left 2.9 billion records of 170 million people exposed. Leaked data included full names, Social Security numbers, mailing addresses, email addresses, and phone numbers.
Nearly 90 million AT&T customer records were breached in 2024, including full names, Social Security numbers, addresses, phone numbers, and email addresses. In early summer 2025, security experts discovered that these records had been re-packaged and put up for sale on the dark web again.
Learn how to stay safer online and help protect your digital privacy.
Want more?
Follow us for all the latest news, tips, and updates.