Welcome to Issue #1. Every week, we scan hundreds of cybersecurity sources and translate the hacks, leaks, and breaches into plain English — because you deserve to know when companies holding your data let hackers in. No jargon. No fluff. Just the facts, what they mean for you, and what to do about it.
ADT — Home Security
CRITICAL
ADT was hit by hacking group ShinyHunters. Over 5.5 million customer accounts stolen — names, email addresses, phone numbers, and home addresses now circulating on the dark web.
🎒 Put simply
The company you pay to protect your home just leaked where you live to criminals. A thief broke into the security guard's office and stole everyone's home addresses.
Names & addresses
Email & phone
5.5M customers
⚠️ Phishing risk HIGH
SEIKO — Watchmaker USA
HIGH
Attackers hacked SEIKO's USA website and posted a ransom note. Stolen: customer names, emails, phone numbers, purchase records, transaction details, and shipping addresses.
🎒 Put simply
A thief broke into SEIKO's back room and stole a list of every customer, what they bought, and where they live. Now holding it for ransom on the internet.
Purchase history
Shipping addresses
Online shoppers
Salesforce via Gainsight
HIGH
A third-party app called Gainsight was compromised, affecting data from over 200 companies including Atlassian and Verizon. Classic supply chain attack — one key, 200 doors.
🎒 Put simply
Hackers broke into the locksmith who makes keys for 200 businesses and grabbed copies of everyone's keys at once. Same playbook as the 2013 Target hack — 13 years later.
200+ companies
Verizon · Atlassian
Supply chain attack
Rituals — Beauty & Wellness
MEDIUM
Rituals cosmetics disclosed a breach exposing names, emails, phone numbers, dates of birth, gender, and home addresses of loyalty customers.
🎒 Put simply
If you shop at Rituals, a hacker now knows your name, birthday, where you live, and how to contact you. Enough to convincingly impersonate you.
Dates of birth
Home addresses
Loyalty customers
241 days
Average time before a company notices they've been hacked.
Hackers can be inside a company's systems reading your data for over 8 months before anyone knows. By the time you get the breach letter, the damage was done months ago.
$50
The price of a stolen employee login on the dark web.
Hackers don't always break through walls — they buy the front door key. "Initial Access Brokers" specialize in selling stolen company logins to other criminals.
11/day
Data breaches publicly disclosed every single day in America.
And that's just the reported ones. Right now there are likely dozens of companies whose systems have been broken into that you won't hear about for six more months.
This week's story
2013
The Target Hack: How Hackers Stole 40 Million Credit Cards Through a Heating Company
It was the week before Christmas, 2013. Americans were flooding Target stores for holiday shopping. Unbeknownst to anyone, hackers had been silently sitting inside Target's payment systems for three weeks — skimming the card info of every single person who swiped at a register.
Here's the wild part: they didn't get in through Target. They got in through Fazio Mechanical — a small Pennsylvania company that handled Target's refrigeration and HVAC systems. The hackers stole Fazio's credentials and walked right through Target's back door. By the time it was over, 40 million credit cards and 70 million customer records had been stolen. Target's CEO resigned. Over $200 million in damages.
The lesson
A chain is only as strong as its weakest link. The most sophisticated hackers find the side door — a vendor, a contractor, a third-party app. Exactly what happened with Salesforce this week through Gainsight. Same playbook, 13 years later.
🔒
Freeze your credit
Free at Equifax, Experian & TransUnion. Stops new accounts from being opened in your name.
🔑
Use a password manager
Bitwarden is free. One unique password per site means one breach doesn't unlock everything.
📧
Check HaveIBeenPwned
Visit haveibeenpwned.com — enter your email to see every breach it's appeared in. Free.
🚨
Enable login alerts
Turn on 2FA and login notifications on every account holding financial or health data.
Partner
Want to remove your personal info from the internet? DeleteMe continuously scrubs your name, address, and phone from data broker sites.
Learn more →
Get Real-Time Breach Alerts
Upgrade to Pro — we'll notify you the moment a company you use gets hacked. Add companies you bank with, shop at, or trust with your health data. $99/year.
Upgrade to Pro — $99/yr