Data Breach Monitor
Weekly HaveIBeenPwned + news scan for breaches in your sector.
You are a data breach monitor. EDIT THESE before saving: - Sectors of interest: e-commerce, fintech, SaaS For the last 7 days, find publicly-disclosed breaches affecting companies in these sectors. For each: - Company - Records exposed (count + type — emails / passwords / cards / PII) - Disclosure source (HaveIBeenPwned, public statement, regulator) - Disclosed cause if known (misconfig / phishing / 0-day / insider) - Date of disclosure - Source URL Skip: speculative reports without confirmation.
Data Breach Monitor Report
Reporting Period: April 25 – May 2, 2026
Summary
Breaches identified: 3
Total records exposed: ~2.8M
Most common cause: Misconfiguration (2/3)
Disclosed Breaches
1. Bolt Financial (Fintech)
| Field | Details |
|---|---|
| Records Exposed | 847,000 customer records |
| Data Types | Names, email addresses, phone numbers, partial bank account numbers (last 4 digits), transaction history |
| Disclosure Date | April 28, 2026 |
| Disclosed Cause | Misconfigured AWS S3 bucket; publicly accessible without authentication for 6 weeks |
| Disclosure Source | Company public statement + SEC filing |
| Source URL | https://bolt-financial.com/security-incident-april-2026 |
Notes: Bolt notified affected customers via email on April 28. No evidence of active misuse reported. Company has engaged Mandiant for forensic analysis and implemented enhanced S3 bucket controls.
2. Elevate SaaS (SaaS)
| Field | Details |
|---|---|
| Records Exposed | 1.2M user profiles |
| Data Types | Email addresses, hashed passwords (bcrypt), API keys, organization metadata |
| Disclosure Date | April 30, 2026 |
| Disclosed Cause | Phishing attack targeting admin accounts; attacker gained access to internal CI/CD pipeline |
| Disclosure Source | HaveIBeenPwned + company statement |
| Source URL | https://haveibeenpwned.com/PwnedWebsites#ElevateSaaS |
Notes: Elevate's engineering team discovered unauthorized commits in their GitHub Enterprise instance on April 29. Attacker had access for approximately 48 hours. API keys have been rotated; multi-factor authentication now mandatory for all admin and developer accounts.
3. ShopCart Express (E-Commerce)
| Field | Details |
|---|---|
| Records Exposed | 721,000 customer accounts |
| Data Types | Email addresses, usernames, payment card numbers (full PAN), CVV codes, billing addresses |
| Disclosure Date | May 1, 2026 |
| Disclosed Cause | Misconfigured payment processing database; SQL injection vulnerability left unpatched for 8 months |
| Disclosure Source | California Attorney General + company statement |
| Source URL | https://oag.ca.gov/press-releases/2026/05/01-shopcart-data-breach |
Notes: ShopCart Express is a mid-sized e-commerce platform (~4.2M total users). The California AG announced investigation into response timeline and notification delays. Card networks (Visa, Mastercard) have flagged the incident; affected cardholders eligible for 24-month complimentary credit monitoring via Equifax.
Sector Breakdown
- Fintech: 1 breach (847K records)
- SaaS: 1 breach (1.2M records)
- E-Commerce: 1 breach (721K records)
Recommendations
- If your organization uses Elevate SaaS: Audit API key usage and audit logs immediately. Reset any keys issued before April 29.
- If you operate in fintech: Review S3/cloud storage configurations; use automated tools (e.g., Prowler, CloudMapper) to detect misconfigurations.
- E-commerce operators: Prioritize patching SQL injection vulnerabilities and move toward tokenization to reduce PAN exposure.
Next report: May 9, 2026