Microsoft
In January, Microsoft disclosed a data breach occurring through one of the tech giant's internal customer support databases.
Microsoft said anonymized user analytics, contained in roughly 250 million entries, were exposed. This included email and IP addresses.
Via: ZDNet
US cannabis users
In the same month, researchers found a leaky AWS bucket exposed online that contained the personally identifiable information (PII) of 30,000 individuals linked to the medical and recreational marijuana, including patients.
It is thought that the database belonged to a PoS provider for legal dispensaries across the US.
Via: ZDNet
Estée Lauder
Moving on to February, Estée Lauder was embroiled in a data breach in which 440 million records were compromised, including the exposure of internal company emails and non-consumer email addresses.
Via: Essential Retail

T-Mobile
In March, T-Mobile revealed a security incident in which cyberattackers were able to successfully infiltrate the firm's email services, leading to the compromise of T-Mobile customer and employee information, as well as staff email accounts.
Names, addresses, phone numbers, account numbers, plan information, and billing information may have been stolen.
Via: ZDNet
Marriott
A total of 5.2 million hotel guests were impacted by a data breach in March. Hackers were able to access two accounts belonging to Marriott employees who had access to customer information relating to the hotel chain's loyalty scheme.
A range of PII including names, genders, phone numbers, travel information, and loyalty program data was accessed.
Via: ZDNet
Whisper
In March, Whisper, an anonymous secret-sharing app, was alerted to a security failure that exposed user content and profile information in connection to messages -- including nicknames, stated ages, location data, and group memberships -- caused by a database left open and exposed online.
Via: ZDNet
SBA emergency business loan applicants
The US Small Business Administration (SBA) said in April that approximately 8,000 individuals who had applied for emergency business loans due to COVID-19 disruption were affected by a data breach.
The portal used to apply for the loans may have leaked applicant names, Social Security numbers, physical and email addresses, dates of birth, citizen status, and insurance information.
Via: ZDNet
Nintendo
At the end of April, Nintendo revealed an account hijacking scheme that compromised roughly 160,000 users. Customers claimed that cyberattackers were using their accounts to fraudulently purchase games and Fortnite virtual currency.
A legacy login system, now disabled, was to blame.
Via: ZDNet
easyJet
On May 19, budget airline easyJet said that information belonging to nine million customers may have been exposed, including over 2,200 credit card records, following a cyberattack.
easyJet is now facing an £18 billion class-action lawsuit due to the incident.
Via: ZDNet