{
"$type": "site.standard.document",
"bskyPostRef": {
"cid": "bafyreidl4pt55y3ojvafsmgcewmrpyhnfbl7pvhpo57smwz5o4anoq4jgq",
"uri": "at://did:plc:awj2q63kg2v3k5xwsjh2uoe3/app.bsky.feed.post/3mmheqxkzsow2"
},
"coverImage": {
"$type": "blob",
"ref": {
"$link": "bafkreighhqvqsyohe3u5qj37az7q6rsmjzxdcya5r36mpt5ej3vejtwete"
},
"mimeType": "image/jpeg",
"size": 359788
},
"description": "This week had some particularly noteworthy breaches including facial recognition systems, fingerprint scans, and Trump Mobile.",
"path": "/news/2026/05/22/data-breach-roundup-may-15-21-2026/",
"publishedAt": "2026-05-22T16:39:53.000Z",
"site": "https://www.privacyguides.org",
"tags": [
"A hotel check-in system left a million passports and driver’s licenses open for anyone to see | TechCrunchThe tech company that maintains the hotel check-in system set its cloud storage to public, allowing anyone to access customers’ data without a password.TechCrunchZack Whittaker",
"NYC Health + Hospitals says hackers stole medical data and fingerprints during breach affecting at least 1.8 million people | TechCrunchThe New York public healthcare system said hackers stole personal and medical data, and scans of biometrics — including fingerprints — in one of the largest recorded breaches of 2026.TechCrunchZack Whittaker",
"7-Eleven confirms data breach claimed by the ShinyHunters gangConvenience store chain giant 7-Eleven confirmed that its systems were breached in a cyberattack claimed by the ShinyHunters extortion group last month.BleepingComputerSergiu Gatlan",
"Customers say Trump Mobile is leaking their personal information | TechCrunchTrump Mobile is leaking customers’ email and home addresses but has not responded to people alerting the company of the data exposure, according to two YouTubers who said they verified that their leaked data is authentic.TechCrunchLorenzo Franceschi-Bicchierai"
],
"textContent": "## A hotel check-in system left a million passports and driver’s licenses open for anyone to see\n\nTabiq is a used in several hotels in Japan and primarily relies on facial recognition and document scanning to check in arriving guests. The data was exposed because the Amazon S3 bucket used by Tabiq was set to public and required no password. It's unclear how that happened since S3 buckets are set to private by default.\n\nA hotel check-in system left a million passports and driver’s licenses open for anyone to see | TechCrunchThe tech company that maintains the hotel check-in system set its cloud storage to public, allowing anyone to access customers’ data without a password.TechCrunchZack Whittaker\n\n## NYC Health + Hospitals says hackers stole medical data and fingerprints during breach affecting at least 1.8 million people\n\nThis breach took place between November 2025 and February 2026 and was the result of an unnamed third-party vendor breach. Exposed data varies by individual but includes patients’ health insurance plan and policy information, medical information (such as diagnoses, medications, tests, and imagery), billing, claims, and payment information. Other government-issued identity documents including Social Security numbers, passports, and driver’s licenses were also compromised. The notice also said that \"precise geolocation data\" was taken, but did not elaborate.\n\nNYC Health + Hospitals says hackers stole medical data and fingerprints during breach affecting at least 1.8 million people | TechCrunchThe New York public healthcare system said hackers stole personal and medical data, and scans of biometrics — including fingerprints — in one of the largest recorded breaches of 2026.TechCrunchZack Whittaker\n\n## 7-Eleven confirms data breach claimed by the ShinyHunters gang\n\n7-Eleven, the global convenience store chain, experienced a breach in early April. Unfortunately they haven't disclosed hardly any information such as number of victims or what data was stolen. ShinyHunters claimed the breach and claimed to have 600,000 records from Salesforce, containing \"PII and other internal corporate data.\"\n\n7-Eleven confirms data breach claimed by the ShinyHunters gangConvenience store chain giant 7-Eleven confirmed that its systems were breached in a cyberattack claimed by the ShinyHunters extortion group last month.BleepingComputerSergiu Gatlan\n\n## Customers say Trump Mobile is leaking their personal information\n\nTrump Mobile is Trump's upcoming branded mobile phone and service. Two YouTubers who preordered the devices for review purposes were contacted by a source who claimed to have discovered the leak, and provided their personal information to prove it. The researcher said he saw \"mailing address, email address, you know, everything short of credit card number.\" Trump Mobile has not responded to any communications and the leak remains unfixed.\n\nCustomers say Trump Mobile is leaking their personal information | TechCrunchTrump Mobile is leaking customers’ email and home addresses but has not responded to people alerting the company of the data exposure, according to two YouTubers who said they verified that their leaked data is authentic.TechCrunchLorenzo Franceschi-Bicchierai",
"title": "Data Breach Roundup (May 15 - 21, 2026)",
"updatedAt": "2026-05-22T16:39:53.886Z"
}