As summer arrives, so have the news headlines announcing multiple data breaches and leaks throughout the month of May. Read on for all the latest.

Huge Breach Affects Tech Giants like Google, Meta, Snapchat, and Apple

A massive, publicly accessible database containing more than 184 million unique passwords has been discovered online, exposing credentials for everything from social media accounts to banking and government portals. The database was left unprotected (no encryption, no log-in required) and included log-in credentials for platforms like Google, Microsoft, Facebook, Instagram, Snapchat, Roblox, and more.

The database has since been taken offline, but it’s believed the stolen data was collected using infostealer malware — a type of malicious software that silently harvests data from infected devices. Rather than breaching the companies directly, these tools target individual users and data from their devices.

Some affected companies, like Snapchat, have stated there is no evidence of a breach in their systems, supporting the theory that the data was harvested from users rather than hacked from platforms. Users are urged to enable multi-factor authentication (MFA), avoid reusing passwords across sites, and consider using a password manager to store strong, unique credentials. In the meantime, investigations are ongoing.

Alleged Facebook Data Breach Could Affect 1.2 Billion Users

A hacker is claiming to have scraped a staggering 1.2 billion user records from Facebook. The alleged breach, advertised on a dark web forum, includes a vast range of personal data: user IDs, names, phone numbers, email addresses, locations, usernames, birthdays, and gender details.

The threat actor behind the post claims the dataset is newly compiled, not just a recycled leak from previous breaches. The data was reportedly collected by abusing a Facebook API — a technique hackers have previously used to harvest public and semi-public information from the platform at scale. While Meta, Facebook’s parent company, did not directly deny the scraping, it dismissed the leak as old news: “This is not a new claim. We disclosed this years ago and have taken steps to prevent similar incidents from happening since.” Nonetheless, experts warn that this could be one of the largest data scraping incidents involving Facebook.

Protect Yourself with Trend Micro ScamCheck

Data breaches and the leaking of users’ personal info to the dark web always leads to an increase in phishing scams. Introducing Trend Micro ScamCheck! Available for both Android and iOS, ScamCheck offers comprehensive protection from the latest deception:

• Scam Check: Instantly analyze emails, texts, URLs, screenshots, and phone numbers with our AI-powered scam detection technology. Stay secure and scam-free.
• SMS Filter & Call Block: Say goodbye to unwanted spam and scam calls and messages. Minimize daily disruptions and reinforce your defenses against phishing.
• Deepfake Scan: Detect deepfakes in real-time during video calls, alerting you if anyone is using AI face-swapping technology to alter their appearance.
• Web Guard: Surf the web safely, protected from malicious websites and annoying ads.

To download Trend Micro ScamCheck or to learn more, click the button below.

AT&T Data Leak May Have Exposed 31 Million Customer Records

A hacker is claiming to have leaked data belonging to 31 million AT&T customers, including names, tax IDs, IP addresses, and contact details. The dataset was posted on a popular hacking forum, but researchers say there’s not enough evidence yet to confirm the full scale of the breach.

The sample shared includes detailed personal information from a single user — such as full name, address, date of birth, and device IDs — raising concerns about privacy risks if the full dataset is real. Researchers estimate over 3 million users could be affected based on the sample’s structure. If verified, the leak could fuel identity theft, financial fraud, and social engineering attacks. AT&T has not yet confirmed whether the data is authentic. The company previously disclosed a major breach last April involving data stolen from a third-party cloud provider.

Coinbase Hit By Rogue Insider Leak

Coinbase has confirmed that a data leak stemming from an insider threat affected 69,461 users — far more than the “less than one percent” it initially suggested. A filing with the Maine Attorney General revealed that overseas customer support contractors began leaking user data on December 26, 2024. The breach wasn’t discovered until May 11, 2025, when the company received a $20 million extortion demand.

The rogue contractors were reportedly bribed to hand over names, contact details, partial Social Security numbers, and in some cases, masked banking data and ID images. Coinbase stressed that no user funds were stolen, and that its wallet infrastructure remained secure. Estimated costs from the breach could reach up to $400 million, according to an SEC filing.

British Retailers, M&S and Co-op, Suffer Major Data Breaches

British retailer Marks & Spencer (M&S) faces a potential £300 million ($402 million) profit loss after a cyberattack disrupted operations and forced its online retail systems offline, with disruptions expected through July. The attack involved DragonForce ransomware, which encrypted virtual machines across M&S’s 1,400 stores and stole customer data before halting online orders.

Other UK retailers, including Co-op and Harrods, have also been targeted by affiliates linked to the Scattered Spider cybercriminal community using DragonForce ransomware. Co-op confirmed a breach exposing personal data of current and former members after attackers used social engineering to reset an employee’s password and steal Active Directory data. The UK National Cyber Security Centre has issued guidance to help retailers strengthen defenses amid this wave of attacks. Investigations remain ongoing.

Safeguard Your Identity

Trend Micro is here to have your back in 2025. We would encourage readers to head over to our ID Protection portal, which has been designed to meet the security and privacy threats we now all face. With ID Protection, you can:

• Safeguard your social media accounts against hackers
• Receive alerts if your personal info gets leaked
• Protect against online threats, such as phishing scams
• Stop sites from collecting privacy-compromising data
• Create, store, and manage strong, tough-to-hack passwords.

What’s even better is that you can enjoy a 7-day free trial of ID Protection‘s paid version, so that you can take advantage of all its awesome features and start securing your identity and privacy today! Why not give it a go today?

As ever, if you’ve found this article an interesting or helpful read, please SHARE it with friends and family to help keep the online community secure and protected. Also, please consider clicking the LIKE button or sharing your experience in a comment below. Here’s to a secure 2025!