The week in breach news

March 04, 2026

For the second straight week, exposed user data is dominating headlines as massive troves of personal information continue to spill across industries. Nearly 1 billion user records were reportedly exposed in three major cyber incidents involving Canadian retail giant Canadian Tire, European DIY retailer ManoMano and U.S.-based automotive marketplace CarGurus.

North America

Canadian Tire

Industry: Retail Exploit: Hacking

More than 42 million user accounts were reportedly affected during the October 2025 data breach at Canadian retail giant Canadian Tire.

The incident was discovered on October 2, 2025, when the company identified unauthorized access to its e-commerce database, marking one of the largest retail data breaches in Canada. At the time, Canadian Tire stated that the compromised data included names, email addresses, dates of birth, encrypted passwords and, in some cases, partial credit card numbers. Last week, breach notification site Have I Been Pwned updated the associated dataset, reporting that more than 42 million records were impacted during the incident, including over 38 million unique email addresses.

According to the website, the leaked data also includes addresses, phone numbers and gender information in addition to what the company initially disclosed. Canadian Tire has not yet publicly confirmed the updated number of affected individuals.

Source

How it could affect your business

Exposing a dataset this large creates fertile ground for phishing and social engineering campaigns, as attackers can use verified names, email addresses and personal details to craft highly targeted messages. Businesses should strengthen user awareness so customers and employees are better equipped to recognize and report suspicious outreach before credentials or financial information are compromised.

Europe

ManoMano

Industry: Retail Exploit: Third-Party Data Breach

In yet another cyber incident exposing a massive volume of user data, roughly 38 million people were likely impacted by a data breach at European DIY retail chain ManoMano.

The attack, which occurred in January, was disclosed this week as ManoMano began notifying potentially affected customers. The company said the exposure stemmed from a compromised subcontractor in its customer service department. While ManoMano did not specify which platform was affected, reports indicate that attackers accessed its Zendesk instance used for customer support.

Meanwhile, a threat actor called Indra claimed responsibility on the hacking forum BreachForums, stating that approximately 43 GB of data was stolen. The actor alleges the data includes information tied to 37.8 million user accounts, more than 900,000 service tickets and over 13,000 attachments.

Source

How it could affect your business

Retail chains remain attractive targets because they store vast amounts of customer data, including contact details, purchase histories and support records. To reduce risk, organizations should enforce strict third-party access controls, regularly audit vendor security practices and limit access to sensitive systems based on role and necessity. Continuous monitoring and clear incident response plans can also help contain exposure if a subcontractor or third-party platform is compromised.

North America

CarGurus

Industry: Automotive Exploit: Ransomware & Malware

Compromised user data continues to be the theme of the week as millions of CarGurus users may have had their personal and financial information exposed after a threat actor group published a massive dataset allegedly stolen from the U.S.-based automotive marketplace.

The ransomware group ShinyHunters added CarGurus to its Tor-based leak site, claiming it stole personally identifiable information (PII) and internal corporate data. While the group initially stated it had taken 1.7 million records, it later released a 6.1 GB archive reportedly containing data tied to approximately 12.4 million accounts. The leaked information allegedly includes email addresses, IP addresses, full names, phone numbers, physical addresses, user account IDs, finance pre-qualification data, finance application outcomes, dealer account details and subscription information.

CarGurus has since confirmed the incident and launched an investigation with the assistance of a leading independent cybersecurity firm.

Source

How it could affect your business

The growing number of attacks targeting user data underscores the need to treat customer service and support platforms as critical infrastructure rather than peripheral systems. Organizations should restrict and monitor access to these platforms, enforce strong authentication controls and regularly audit third-party integrations to reduce the risk of large-scale data exposure.

United States

TWU Local 100

Industry: Government & Public Sector Exploit: Ransomware & Malware

The ransomware group Qilin has added the Transport Workers Union of America (TWU) Local 100 chapter to its data leak site, claiming it breached the organization and published all stolen data on the dark web.

TWU Local 100 represents tens of thousands of transportation workers in and around New York City. While the ransomware group has not disclosed the volume or type of data taken, reports suggest the incident may have impacted the personally identifiable information (PII) and protected health information (PHI) of approximately 67,000 active and retired members.

Source

How it could affect your business

As discussed earlier, individuals should remain alert for highly convincing phishing emails that attempt to trick them into sharing login credentials or authorizing fraudulent transactions. Businesses can further reduce risk by leveraging dark web monitoring tools to identify exposed credentials and sensitive data early, helping prevent account compromise and limit downstream threats.

United States

Hennessy Advisors, Inc

Industry: Finance Exploit: Hacking

Hennessy Advisors, Inc., a California-based investment firm, announced a cybersecurity incident that impacted the personal information of more than 12,000 individuals.

According to a filing with the Office of the Maine Attorney General, the incident occurred on March 30, 2025, through an external system breach. During the incident, an unauthorized individual gained access to the company’s network and may have acquired records containing personally identifiable information (PII), including names combined with driver’s license numbers and financial account details.

Source

How it could affect your business

Incidents like this reinforce the growing importance of securing customer data as a core business priority. Beyond regulatory obligations, protecting sensitive information is essential to prevent financial losses, avoid costly remediation efforts and preserve customer trust, which can be difficult to rebuild after a breach.

Like what you're reading?

Subscribe now to get security news and information in your inbox every week

Upcoming webinars & events

Join our upcoming events and webinars for expert insights, practical strategies and the latest cybersecurity trends.

Network Detective Pro Tech Jam: Finding risk before the attacker does

March 25, 2026 11:00 AM EDT

Maintaining real-time visibility into network risk can be challenging as IT environments become more complex and cyberthreats become more sophisticated. In this session, discover how Network Detective Pro streamlines and automates IT assessments to uncover misconfigurations, legacy systems and exposure points attackers commonly exploit.

Register Now

Top 10 pentest findings attackers love to exploit

March 12, 2026 2:00 PM EDT

Explore the top 10 penetration test findings attackers rely on most, based on insights from the last 50,000 network penetration tests conducted by Vonahi. These are not rare zero-day exploits but recurring weaknesses actively present in real-world IT environments, many of which traditional scanning tools continue to miss.

Register Now