PayHere – 1,580,249 breached accounts

In late March 2022, the Sri Lankan payment gateway PayHere suffered a data breach that exposed more than 65GB of payment records including over 1.5M unique email addresses. The data also included IP and physical addresses, names, phone numbers, purchase histories and partially obfuscated credit card data (card type, first 6 and last 4 digits plus expiry date). More than a month later, no disclose notice could be found despite the promise of a detailed incident report.