Data Breach Roundup (Apr 17 - 23, 2026)

Vercel confirms breach as hackers claim to be selling stolen data

Vercel is a cloud platform that provides hosting and deployment infrastructure for developers, with a strong focus on JavaScript frameworks. It's unclear exactly how many people were compromised but the attacker claims to 580 records of employee information such as names and company email address, in addition to access keys, source code, and API keys. Vercel later disclosed that additional breaches predate this initial attack, suggesting the breach may widen in scope as investigation continues.

Vercel confirms breach as hackers claim to be selling stolen dataCloud development platform Vercel has disclosed a security incident after threat actors claimed to have breached its systems and are attempting to sell stolen data.BleepingComputerLawrence Abrams

Seiko USA website defaced as hacker claims customer data theft

The "Press Lounge" section of watchmaker Seiko's website was updated (seemingly by attackers) to claim that the company's Shopify database was stolen. This includes customer names, email addresses, phone numbers, shipping addresses, order history, notes, and more.

Seiko USA website defaced as hacker claims customer data theftThe Seiko USA website was defaced over the weekend, displaying a message from attackers claiming they stole its Shopify customer database and threatening to leak it unless a ransom is paid.BleepingComputerLawrence Abrams

French govt agency confirms breach as hacker offers to sell data

France Titres (also known as Agence nationale des titres sécurisés or ANTS) is an administration under the Ministry of the Interior that manages all identity and registration documents including driver's licenses, national ID cards, passports, and immigration documents. The attack occurred last week and investigation is still ongoing. It's unknown how many individuals were impacted, but attackers claim 19 million records. Stolen could include login ID, full name, email address, date of birth, unique account number, and in some cases postal address, place of birth, and/or phone number.

French govt agency confirms breach as hacker offers to sell dataFrance Titres, the government agency in France for issuing and managing administrative documents has disclosed a data breach after a threat actor claimed the attack and stealing citizen data.BleepingComputerBill Toulas

Cosmetics giant Rituals confirms data breach of customer membership records

The Netherlands-based company said that an "unauthorized download" in April contained customers' full name, date of birth, gender, postal and email address, hone number, preferred Rituals store, and account type. There are no other details at this time.

Cosmetics giant Rituals confirms data breach of customer membership records | TechCrunchThe cosmetics retailer, which counts 41 million customers in its membership data, declined to provide an accurate total number of customers affected.TechCrunchZack Whittaker