From government agencies to AI startups, April saw several notable data breaches. Here, Security magazine reviews 10 of those stories that caught traction last month.

1. Mercor

Mercor, the AI startup working with notable organizations such as Meta, Anthropic, and OpenAI, reportedly lost four terabytes of data in a breach. A LiteLLM supply-chain incident led to this breach. Security experts say this incident highlights how connecting data to AI models via proxies (such as LiteLLM) creates sensitive blind spots. 

Learn more about the Mercor breach. 

2. FBI Surveillance System Breach

An FBI surveillance system was breached, potentially exposing FBI criminal probes and targets of FBI surveillance. Early investigations suspected Chinese government-affiliated hackers, and cybersecurity experts point out this event and the Salt Typhoon telecommunications hack in 2024. 

Learn more about the FBI breach. 

3. Chinese Supercomputer Hacking

A state-run Chinese supercomputer allegedly had 10 petabytes of data stolen from it. The compromised information is sensitive in nature, and may include classified defense documents, missile schematics and more. 

Learn more about the potential supercomputer breach. 

4. Booking.com

Customer booking information was breached, potentially leading to compromise of: 

• Names
• Emails 
• Phone numbers

Learn more about the Booking.com breach. 

5. LAPD Hacking

The Los Angeles Police Department (LAPD) had sensitive records exposed after a breach of the L.A. City Attorney’s Office. Seven terabytes of data were exposed, including sensitive information such as witness name and unredacted criminal complaints. 

Learn more about the LAPD breach. 

6. McGraw Hill

A Salesforce database misconfiguration reportedly led to the McGraw Hill breach, which was carried out by the threat actor group known as ShinyHunters. The group claims to have stolen 45 million records. 

Learn more about the McGraw Hill breach.

7. Vercel

A third-party AI tool led to the breach of Vercel, as the threat actor was able to access additional environments through this tool, highlighting the potential risks of AI tools in the enterprise. The organization states that a limited amount of customers were impacted.

Learn more about the Vercel breach.

8. French Government Agency Breach

ANTS, the French government agency storing citizens’ personal data (such as ID cards, passports and driving licenses) faced a breach that exposed sensitive information. While initial reports suggested 19 million records were stolen, newer reports suggest the number may be somewhere between 12 million and 18 million. 

Learn more about the ANTS breach. 

9. ADT

ADT’s data breach exposed personal information such as names, phone numbers, and addresses. In some instances, additional information was compromised. However, the company has found no evidence of payment information being exposed.  

Learn more about the ADT breach. 

10. Medtronic 

Medical equipment manufacturer Medtronic faced a breach of its corporate IT systems; however, the organization maintains other systems and operations are unaffected. ShinyHunters claimed responsibility for this attack. 

Learn more about the Medtronic breach.