When Trusted Names Are Hacked: A Look at the Latest Major Data Breaches

The latest wave of data breaches sends a clear message: trusted organizations across every sector are being targeted. In January alone, millions of records have been exposed across media, healthcare, government, education, technology, and consumer services. Household names like Condé Nast, Covenant Health, and the Illinois Department of Human Services, as well as platforms such as BreachForums, GSPlatformCo Inc., Monroe University and even food delivery giant Grubhub joined the growing list of victims.

 

In this blog post, we’ll explain what happened in these recent cyberattacks, the types of personal information that were exposed, and key terms to help you understand the risks. After all, knowledge is power!

 

Condé Nast 

 

Organization Description:
Condé Nast is a global mass media company known for publishing iconic brands like Vogue, The New Yorker, GQ, and Vanity Fair, operating across print, digital, video, and social platforms.

 

Breach Size: 2.3 million subscriber records 

 

Data Exposed:
In late December 2025, a hacker claiming the name “Lovely” posted a large database of about 2.3 million WIRED subscriber records on a hacking forum after allegedly breaking into Condé Nast’s systems. The leaked data includes things like email addresses, subscriber IDs, and in many cases names, phone numbers, physical addresses, and even birthdays for people who subscribed to WIRED (one of Condé Nast’s media publications) over the years. 

 

Covenant Health 

 

Organization Description:
Covenant Health is a large not-for-profit healthcare network, offering a wide range of hospital, clinical, and home health services, focused on improving community health. 

 

Breach Size: 478,000 people 

 

Data Exposed:
In May 2025, Covenant Health suffered a large cyberattack that exposed sensitive patient data after a hacker broke into its computer systems. Investigators later found that nearly 478,000 patients’ records were accessed, including data like full names, addresses, dates of birth, Social Security numbers, medical record numbers, health insurance details, and even treatment information such as diagnoses and dates of care.

 

 

Illinois Department of Human Services 

 

Organization Description:
The Illinois Department of Human Services (IDHS) is a state government agency that helps people in Illinois get basic support and care. It runs programs that provide financial help, mental health services, disability support, family assistance, and job resources to help residents live more stable and independent lives.

 

Breach Size: 704,000 people 

 

Data Exposed:
In late 2025 the Illinois Department of Human Services (IDHS) accidentally exposed the personal and health-related information of nearly 700,000 residents online because internal planning maps were left publicly viewable due to incorrect privacy settings. These maps were meant for internal use but stayed accessible on a public mapping website for years before the problem was found. The exposed data included addresses, case numbers, and demographic details for over 672,000 people in Medicaid and Medicare Savings Programs, and for about 32,000 people in the Division of Rehabilitation Services their names, addresses, case status, and referral information were visible.

 

BreachForums 

 

Organization Description:
BreachForums is an English language hacking forum. 

 

Breach Size: 324,000 accounts 

 

Data Exposed:
In January 2026, the notorious BreachForums hacking forum suffered a data breach when someone leaked its user database online. That database included simple details like usernames, registration info, and IP addresses, and in some versions even private messages and hashed passwords tied to those accounts. Because this forum was used by people involved in cybercrime, the leak doesn’t just show site data — it gives outsiders a window into the identities and activity of users who thought they were hidden, and that information could be used by law enforcement or other hackers to trace.

 

GSPlatformCo Inc. 

 

Organization Description:
GSPlatformCo Inc. is a company that handles payments for online businesses. It processes customer payments, manages billing, and taxes. 

 

Breach Size: 537,877 people 

 

Data Exposed:
In late November 2025, GSPlatformCo Inc. discovered that unauthorized people had accessed one of its data systems. As a result, names, contact details (like email or phone), demographic info, account info, and some transaction records may have been exposed. 

 

GrubHub 

 

Organization Description:
Grubhub is an American online and mobile food ordering and delivery marketplace. 

 

Breach Size: Undisclosed 

 

Data Exposed:
In the recent breach affecting Grubhub, hackers were able to access and download data from the company’s internal systems. The incident appears linked to a wider cybersecurity issue involving stolen access tokens from other platforms, and the attackers are reportedly trying to extort the company by threatening to release stolen data from older Salesforce and support system records.

 

Monroe University 

 

Organization Description:
Monroe University is a private, for-profit college that offers undergraduate, graduate, and continuing education programs. 

 

Breach Size: 320,000 people 

 

Data Exposed:
Monroe University’s computer systems were hacked and left open to outsiders for about two weeks, giving attackers a chance to copy a huge amount of sensitive information stored on the school’s network. This stolen data may include names, dates of birth, Social Security numbers, driver’s license and passport numbers, medical and health insurance details, email or account login info, student records, and even bank account information. 

 

Hacking & Phishing News 

 

Exploit 

An exploit is when attackers take advantage of a weakness in software or a system to break in and gain access they shouldn’t have. For example, if a website’s login page has a flaw that lets hackers bypass authentication or run hidden code, attackers can use that vulnerability to sneak into the system and steal data. In the GSPlatformCo Inc. breach, attackers likely leveraged an exploit to get into the company’s systems and access customer records, exposing names, contact details, and transaction information. In this case, exploiting weaknesses in how systems were set up or protected was the key step that let hackers move from the outside to inside, exposing sensitive data.

 

Marketplace Leak 

A marketplace leak refers to a situation where data that was being bought, sold, or traded on underground hacking forums or illicit marketplaces end up being exposed publicly, rather than staying hidden within that criminal community. An example of this is the BreachForums breach, where the forum’s own database was leaked online instead of remaining behind the site’s supposed secrecy walls. Because marketplaces like BreachForums are places where stolen data is exchanged, a leak there not only exposes the forum’s users but can also make the very stolen information being traded suddenly accessible to anyone, increasing the risk that that data will be further misused or circulated beyond the original criminal buyers.

 

With IDSeal®, protecting your personal information means staying ahead of the growing list of data breaches making headlines. Our protection goes beyond basic monitoring by focusing on early detection, proactive identity theft protection, and expert recovery support when it matters most. We continuously scan for exposed personal data across the dark web, data broker sites, and people-finder databases, and with our Personal Data Removal tool, we work to remove your information before cybercriminals can exploit it. 

 

Stay up to date on the latest data breaches, cybersecurity threats, and identity theft trends by following us on social media. More importantly, take action now to protect your identity and financial future.