Newsletter platform Substack has confirmed a data breach in an email to users. The company said that in October, an “unauthorized third party” accessed user data, including email addresses, phone numbers, and other unspecified “internal metadata.”
Substack specified that more sensitive data, such as credit card numbers, passwords, and other financial information, was unaffected. In an email sent to users, Substack chief executive Chris Best said that the company identified the issue in February that allowed someone to access its systems.
Read more…
Source: TechCrunch News
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- European Commission probes intrusion into staff mobile management backend
February 9, 2026
Brussels is digging into a cyber break-in that targeted the European Commission’s mobile device management systems, potentially giving intruders a peek inside the official phones carried by EU staff. Identified by CERT-EU, the bloc’s computer emergency response team responsible for defending EU institutions, the intrusion was detected on January 30 and affected infrastructure associated with centrally ...
- Photo-Sharing Platform Flickr Issues Data Breach Warning
February 6, 2026
It’s not been the greatest start to February as far as data breaches are concerned. Substack has confirmed it has been hacked, and now Flickr has issued a warning to users concerning a data breach vulnerability that might have leaked their personal data. Although it’s unknown how many users may have been affected at this stage, ...
- Substack confirms data breach affects users’ email addresses and phone numbers
February 5, 2026
Newsletter platform Substack has confirmed a data breach in an email to users. The company said that in October, an “unauthorized third party” accessed user data, including email addresses, phone numbers, and other unspecified “internal metadata.” Substack specified that more sensitive data, such as credit card numbers, passwords, and other financial information, was unaffected. In an ...
- Data breach at govtech giant Conduent balloons, affecting millions more Americans
February 5, 2026
A data breach at government technology giant Conduent appears to affect far more people than first disclosed, with the number of victims potentially stretching to dozens of millions of people across the United States. The January 2025 ransomware attack, which knocked out Conduent’s operations for several days, is now known to affect at least 15.4 million ...
- New Jersey health system agrees to pay $4.5M in data breach settlement
February 3, 2026
Capital Health, a health care provider with multiple locations in New Jersey and Pennsylvania, will pay $4.5 million as part of a settlement over a 2023 data breach that compromised the private information of patients, former patients and employees. In a statement, the company said the stolen information included names, addresses, social security numbers, dates of ...
- Northern Ireland: PSNI officers affected by data breach to receive £7,500
February 3, 2026
Almost 10,000 police officers and staff affected by a huge data breach in Northern Ireland are to get a payment of at least £7,500 each. The details of all the PSNI’s serving officers and civilian staff were inadvertently published as part of a response to a Freedom of Information (FOI) request in August 2023. The database ...