{
"$type": "site.standard.document",
"bskyPostRef": {
"cid": "bafyreigp6hlcpid74levy5s5knznn7gfdovn2tozfmdcipqis63fftnxiy",
"uri": "at://did:plc:awj2q63kg2v3k5xwsjh2uoe3/app.bsky.feed.post/3mhjpop5i4u72"
},
"coverImage": {
"$type": "blob",
"ref": {
"$link": "bafkreiasn22vmlhcxhci2sbjlk5w43sblmy5vmfqooqy3idtrsostzyija"
},
"mimeType": "image/jpeg",
"size": 238809
},
"description": "Once more from the \"irony\" department: an \"identity protection\" company falling for a phishing attack.",
"path": "/news/2026/03/20/data-breach-roundup-mar-13-19-2026/",
"publishedAt": "2026-03-20T23:54:49.000Z",
"site": "https://www.privacyguides.org",
"tags": [
"UK’s Companies House confirms security flaw exposed business dataCompanies House, a British government agency that operates the registry for all U.K. companies, says its WebFiling service is back online after it was closed on Friday to fix a security flaw that exposed companies’ information since October 2025.BleepingComputerSergiu Gatlan",
"Sears Exposed AI Chatbot Phone Calls and Text Chats to Anyone on the WebCustomer conversations with chatbots can include contact information and personal details that make it easier for scammers to launch phishing attacks and commit fraud.WIREDLily Hay Newman",
"Marquis: Ransomware gang stole data of 672K people in cyberattackMarquis, a Texas-based financial services provider, revealed this week that a ransomware gang stole the data of over 670,000 individuals in an August 2025 cyberattack that also disrupted operations at 74 banks across the United States.BleepingComputerSergiu Gatlan",
"Aura confirms data breach exposing 900,000 marketing contactsIdentity protection company Aura has confirmed that an unauthorized party gained access to nearly 900,000 customer records containing names and email addresses.BleepingComputerBill Toulas",
"Navia discloses data breach impacting 2.7 million peopleNavia Benefit Solutions, Inc. (Navia) is informing nearly 2.7 million individuals of a data breach that exposed their sensitive information to attackers.BleepingComputerBill Toulas"
],
"textContent": "## UK’s Companies House confirms security flaw exposed business data\n\nCompanies House is a British government agency that operates the registry for all U.K. companies. There was a flaw that allowed users to view the dashboards of other companies, which could reveal data including dates of birth, home addresses, and email addresses. This leak could've impacted as many as five million companies over five months, allowing attackers to change data or export records.\n\nUK’s Companies House confirms security flaw exposed business dataCompanies House, a British government agency that operates the registry for all U.K. companies, says its WebFiling service is back online after it was closed on Friday to fix a security flaw that exposed companies’ information since October 2025.BleepingComputerSergiu Gatlan\n\n## Sears Exposed AI Chatbot Phone Calls and Text Chats to Anyone on the Web\n\nProlific security researcher Jeremy Fowler discovered three databases from Sears exposed to the public which contained 3.7 million chat logs and 1.4 million audio files (with transcripts) from Sears' Home Services customer service chatbot \"Samantha.\" Some of the chats contained detailed personal information like names, phone numbers, home addresses, appliances owned, and information on delivery appointments and repairs.\n\nSears Exposed AI Chatbot Phone Calls and Text Chats to Anyone on the WebCustomer conversations with chatbots can include contact information and personal details that make it easier for scammers to launch phishing attacks and commit fraud.WIREDLily Hay Newman\n\n## Marquis: Ransomware gang stole data of 672K people in cyberattack\n\nMarquis is a Texas-based financial services provider, providing digital marketing, data analytics, compliance, and CRM services to more than 700 banks, credit unions, and mortgage lenders across the United States. This incident occurred in August 2025 and impacted names, dates of birth, addresses, phone numbers, Social Security numbers, Taxpayer Identification Numbers, and financial account information.\n\nMarquis: Ransomware gang stole data of 672K people in cyberattackMarquis, a Texas-based financial services provider, revealed this week that a ransomware gang stole the data of over 670,000 individuals in an August 2025 cyberattack that also disrupted operations at 74 banks across the United States.BleepingComputerSergiu Gatlan\n\n## Aura confirms data breach exposing 900,000 marketing contacts\n\nAura is an \"identity protection\" company that sells products to consumers like identity theft protection, credit and fraud monitoring, and online security tools like phishing protection. Ironically, an employee fell for a voice phishing attack and exposed the of current and former customers. This included full names, email addresses, home addresses, and phone numbers. The company is claiming only about 35,000 customers were compromised and that the rest were a marketing email list they acquired in 2021.\n\nAura confirms data breach exposing 900,000 marketing contactsIdentity protection company Aura has confirmed that an unauthorized party gained access to nearly 900,000 customer records containing names and email addresses.BleepingComputerBill Toulas\n\n## Navia discloses data breach impacting 2.7 million people\n\nNavia provides software and customer services for Flexible Spending Accounts (FSA), Health Savings Accounts (HSA), Health Reimbursement Arrangements (HRA), Commuter Benefits and COBRA Services. The breached data includes full name, date of birth, Social Security number, phone number, email address, participation in HRA, FSA information, and COBRA enrollment information.\n\nNavia discloses data breach impacting 2.7 million peopleNavia Benefit Solutions, Inc. (Navia) is informing nearly 2.7 million individuals of a data breach that exposed their sensitive information to attackers.BleepingComputerBill Toulas",
"title": "Data Breach Roundup (Mar 13-19, 2026)",
"updatedAt": "2026-03-20T23:54:49.000Z"
}