First Advantage Corporation Data Breach Exposes SSNs and Driver's Licenses
First Advantage Corporation, a global background screening company, experienced a cybersecurity incident in November 2025. An unauthorized actor gained access to a single employee's email inbox within its Drug & Occupational Health Screening Unit through a sophisticated phishing attack. The attacker downloaded the contents of the inbox, potentially exposing sensitive personal information for 4,669 individuals. This data included names, Social Security numbers, driver's license numbers, email addresses, and passwords to Profile Advantage accounts. First Advantage began notifying affected individuals on or about May 29, 2026.
Signal context
First seen: May 29, 2026
Last updated: Jun 24, 2026
Status: Public signal
Key points
- Cybersecurity incident in November 2025, discovered November 17, 2025.
- Phishing attack compromised an employee's email inbox.
- Unauthorized actor downloaded email inbox contents.
Signal analysis
BetaThis analysis groups the signal by industry, likely incident action and impacted security area. It helps compare this signal with other published signals without treating the labels as final determinations.
Sector: Health Care and Social Assistance
Likely country: Location not provided
The feed marks multiple actor roles. Treat this as a review signal rather than a final attribution.
- Source type: outside the affected organization
- Source type: possible insider or internal misuse
Impact area: Confidentiality
Likely asset: User or customer data
- 13 signals in the same sector
- 66 signals with the same likely impact area
- 1 signal linked to this organization/domain
External sources
Related signals
Grouped by why the signal is relevant.
Healthtech firm Xsolis suffers data breach impacting 1.4 million people
Healthcare technology company Xsolis disclosed a data breach affecting nearly 1.4 million individuals. The incident stemmed from a targeted phishing attack on January 20, 2026, which led to unauthorized access to a limited portion of the Xsolis environment. Attackers accessed files containing customer information, including names, addresses, dates of birth, health insurance information, Social Security numbers, and medical treatment information. Xsolis is a U.S.-based firm providing AI-powered software for healthcare organizations.
Horizon Family Medical Group Data Breach
Reports emerged on June 18, 2026, of a possible data breach at Horizon Family Medical Group, a medical provider in New York's Hudson Valley region. Threat actor Incransom claimed to have stolen 7 TB of data, including medical information such as diagnoses, prescriptions, treatments, and lab results.
Council of Europe Hacked by ShinyHunters, 297 GB of Data Stolen
The notorious extortion group ShinyHunters claimed to have hacked the Council of Europe, stealing nearly 300 gigabytes of data, including employee personal information, payroll data, CVs, and medical records. The group threatened to leak the data if negotiations were not initiated.
iRhythm Holdings Identifies Data Breach via Third-Party Applications
iRhythm Holdings, Inc., a digital healthcare company, identified unauthorized activity on certain third-party-hosted business applications on June 8, 2026. A threat actor subsequently claimed to have obtained proprietary data, patient protected health information (PHI), and other personal information, demanding payment to prevent public disclosure. The company confirmed that some data was exfiltrated. The attack was attributed to social engineering. iRhythm stated that its clinical and medical device systems, patient safety, operations, and financial reporting systems were not affected, and no payment card or financial account data was involved.
SoFi Hong Kong Confirms Third-Party Data Breach
SoFi Hong Kong, a subsidiary of the U.S.-based financial technology company SoFi, confirmed a data breach after unauthorized access was gained to a customer information database managed by a third-party vendor. The incident was detected on April 30, 2026, and publicly disclosed on June 8, 2026. The compromised data included names, dates of birth, addresses, email addresses, phone numbers, and employment and education information. The company stated that no account passwords or financial account numbers were reportedly exposed. The attack involved social engineering and exploitation of third-party vendor access. SoFi Hong Kong advised customers to remain vigilant for phishing attempts and suspicious activity.
Ultrahuman Data Breach Exposes Customer Wellness Data
Wearable health-tech startup Ultrahuman confirmed a data breach where hackers accessed customer wellness data through credentials stolen from an employee's malware-infected laptop. Approximately 0.1% of its user base was affected.