Data Breach Roundup (Feb 6 – Feb 12, 2026)

Flickr discloses potential data breach exposing users' names, emails

Photo-sharing app Flickr is reporting a possible data breach after a vulnerability was found in a third-party email service provider. The incident impacts real names, email addresses, IP addresses, and account activity. There are virtually no other details at this time.

Flickr discloses potential data breach exposing users’ names, emailsPhoto-sharing platform Flickr is notifying users of a potential data breach after a vulnerability at a third-party email service provider exposed their real names, email addresses, IP addresses, and account activity.BleepingComputerSergiu Gatlan

European Commission discloses breach that exposed staff data

This was made possibly when their mobile device management (MDM) platform was hacked. The EC says there's no evidence devices themselves were compromised but names, business email addresses, and phone numbers were impacted. The article notes that the Finnish Ministry of Finance also reported a breach of up to 50,000 users that appears to be possibly be related.

European Commission discloses breach that exposed staff dataThe European Commission is investigating a breach after finding evidence that its mobile device management platform was hacked.BleepingComputerSergiu Gatlan

Hacktivist scrapes over 500,000 stalkerware customers’ payment records

It appears this all came from the same vendor, called Struktura, but in turn impacted several apps. It exposed email addresses and partial payment information, though TechCrunch was able to call up invoices in some cases.

Exclusive: Hacktivist scrapes over 500,000 stalkerware customers’ payment recordsMore than half-a-million people who bought access to phone surveillance and social media snooping apps had their email address and partial payment card numbers published online.TechCrunchZack Whittaker, Lorenzo Franceschi-Bicchierai

The Sumsub Incident and the Future of Cloud Compliance

Sumsub is a third-party European KYC vendor who does identity verification for banks, crypto, gambling, and other similar services. According to this post, the initial breach happened mid-2024 but was only just detected this year. While IDs are safe, they did still expose names, email address, and phone numbers for an unspecified "subset of accounts." Thanks to the forum user who shared this, or else it wouldn't have ended up in my feed.

The Sumsub Incident and the Future of Cloud Compliance - Fincrime CentralThe Sumsub security incident demonstrates the inherent data breach risk when using third party cloud providers for identity verification and transaction monitoring services.Fincrime Centraladmin

Odido data breach exposes personal info of 6.2 million customers

Odido is one of the largest telcos and ISPs in the Netherlands, at one point falling under the T-Mobile umbrella but now no longer affiliated (as far as I can tell). The breach impacted full name, address, mobile number, customer number, email address, IBAN, date of birth, and ID data (such as passport or driver's license number).

Odido data breach exposes personal info of 6.2 million customersDutch telecommunications provider Odido is warning that it suffered a cyberattack that reportedly exposed the personal data of 6.2 million customers.BleepingComputerLawrence Abrams

Romania's oil pipeline operator Conpet confirms data stolen in attack

This article was light on specifics, but said that the Qilin ransomware gang claims to have nearly 1TB of Conpet's internal documents, and proved it by providing - among other things - passport scans and "financial information." We'll post updates if we hear any.

Romania’s oil pipeline operator Conpet confirms data stolen in attackRomania’s national oil pipeline operator, Conpet S.A., confirmed that the Qilin ransomware gang stole company data in an attack last week.BleepingComputerIonut Ilascu