Sensitive Personal Data Exposed in DC Health Link and Doxbin Breaches
DC Health Link and Doxbin were added as sensitive breach incidents after large datasets containing personal information were exposed online. DC Health Link disclosed a breach discovered in March 2023 after data was reportedly posted to a well-known breach forum, exposing about 48,000 unique email addresses alongside names, genders, dates of birth, home addresses, phone numbers, and Social Security numbers; the posting was linked in reporting to IntelBroker.
Doxbin, a doxing website, was also listed for a breach affecting more than 370,000 unique email addresses after data from January 2022 leaked. The exposed records included account details such as usernames, password hashes, and browser user agents, as well as highly sensitive victim information contained in doxes, including names, physical addresses, and phone numbers. Both incidents were classified as sensitive, meaning the compromised data is not publicly searchable through the breach-notification service.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
5 events from the most recent confirmed update back to the earliest known activity.
Have I Been Pwned adds DC Health Link breach as a sensitive incident
Have I Been Pwned listed the DC Health Link breach and marked it as sensitive due to the nature of the exposed personal data, making it non-publicly searchable through the service.
Have I Been Pwned adds Doxbin breach as a sensitive incident
Have I Been Pwned listed the Doxbin breach and marked it as sensitive, meaning the compromised data is not publicly searchable through the service.
DC Health Link data is posted on a breach forum
After the March 2023 breach discovery, the stolen DC Health Link dataset was posted publicly on a well-known data breach forum. The posting was referenced in connection with the name IntelBroker.
DC Health Link discovers data breach
In March 2023, DC Health Link discovered a data breach affecting data later reported to include 48,000 unique email addresses and highly sensitive personal information such as names, genders, dates of birth, home addresses, phone numbers, and Social Security numbers.
Doxbin suffers breach exposing accounts and dox records
In January 2022, the doxing website Doxbin suffered a data breach. The exposed data included more than 370,000 email addresses, usernames, password hashes, browser user agents, and sensitive personal information contained in posted doxes such as names, physical addresses, and phone numbers.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
2 references tracked. Mallory keeps watching after this page renders.
See the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Multiple Consumer Data Exposures: IDMerit Database Leak, youX Intrusion, and Substack User Data Access
Cybersecurity researchers reported a major exposure at **IDMerit**, an AI-driven identity verification provider, after discovering an unsecured, internet-accessible **MongoDB** instance containing **over 3 billion records** (over 1TB). Exposed data reportedly included full names, addresses, dates of birth, national ID numbers, phone numbers, and email addresses; researchers estimated roughly **~1 billion** records contained sensitive data (with duplicates likely inflating the total). The dataset was described as global in scope, affecting individuals across **26 countries**, with large volumes attributed to the **US, Mexico, and the Philippines**, creating downstream risk for **identity fraud, account takeover, phishing, and SIM-swap** activity. Separately, Australian finance technology platform **youX** confirmed an **unauthorized third-party access** incident, after which a hacker claimed theft of data tied to **444,528** Australian borrowers and additional loan-application and identity data (including driver’s licence numbers, addresses, and credit/banking-related information), plus customer/staff details associated with broker organizations. **Substack** also confirmed unauthorized access to **limited user data** (including email addresses, phone numbers, and internal account metadata) that occurred in **October 2025** but was only identified on **Feb. 3, 2026**; Substack stated **passwords and payment card/financial data were not accessed**, but the extended detection gap raised concerns about monitoring and dwell time.
Mar 21, 2026
Healthcare Data Breaches and Patient Data Exposure Reports
Multiple organizations reported or were alleged to have suffered **data breaches involving sensitive personal and health information**. Telehealth provider **Call-On-Doc** was allegedly breached in early December, with a hacking-forum listing claiming exfiltration of **1,144,223 patient records** including contact details and highly sensitive visit metadata (e.g., *medical category/condition*, including STD-related entries), though the company had not publicly commented at the time of reporting. Separately, **Laurel Health Centers** (a Federally Qualified Health Center network in Northern Pennsylvania) reported **unauthorized access to its email environment** from July 11–25, 2025; emails and attachments may have been viewed or copied, potentially exposing a wide range of PHI/PII (including SSNs, insurance/Medicare data, diagnostic/treatment information, and some financial data). Laurel stated it took time to confirm the threat actor was fully removed, completed mailbox review by Dec. 30, 2025, and then began notifying affected individuals and offering credit monitoring. Outside healthcare delivery, the **Civil Service Employees Association (CSEA)** labor union reported a May intrusion (May 3–31) resulting in theft of data for **47,000+ members**, including names and **Social Security numbers**, and said it took systems offline, reset passwords, and implemented additional security controls; it reported no evidence of misuse but advised vigilance for identity theft. A separate HIPAA Journal item summarized academic research on **insider risk**—finding many students would hypothetically sell patient data for money—which is not tied to a specific breach incident but underscores the broader threat environment for healthcare data.
Mar 21, 2026
National Public Data Breach Exposed Social Security Numbers and Personal Records
National Public Data disclosed a security incident affecting a large repository of consumer background-check and people-search information, with exposed data reported to include highly sensitive personal identifiers such as **Social Security numbers**, names, mailing addresses, and other profile details. The company published a breach notice on its website, while an individual notification letter filed with the California Attorney General indicates affected residents were formally notified that their information may have been involved. The incident drew attention because the compromised records appear to involve data commonly used for identity verification and fraud, increasing the risk of **identity theft**, account takeover, and social-engineering abuse. The notification materials show the breach response included direct notice to impacted individuals and guidance on protective steps such as monitoring accounts and credit activity, underscoring the seriousness of the exposure for consumers whose records were held by the data broker.
May 26, 2026