The Data Breach Brief: Week of November 26, 2025

The following data breaches have been announced this week—make sure you’re in the know.

If you received a data breach notice regarding any of the breaches listed below, act now and contact Morgan & Morgan for a free and confidential case evaluation to see how we may be able to help.

Macy’s

Macy’s suffered a data breach when its internal systems were accessed, and sensitive data may have been exfiltrated. The Macy’s data breach is part of a wider series of coordinated attacks executed by the cyberterrorist group Cl0p, which has been exploiting a vulnerability in Oracle E-Business Suite. Based on similar attacks within this Oracle exploitation campaign, the stolen materials may include:

• Customer records, including contact information and transaction histories
• Point of sale environment documentation and operational logs
• Supply chain, inventory, and vendor management files
• Employee information, payroll data, and HR documents
• Corporate financial records and reporting files
• Internal communications and confidential business documents
• System configuration information used for administrative access

SitusAMC

SitusAMC, which provides technology for over a thousand commercial and real estate financiers, has confirmed it suffered a data breach on November 12. It is unconfirmed what exact data has been compromised, but it could include:

Client Corporate Data

• Accounting Records
• Legal Agreements

Customer Data

• Names
• Addresses 
• Social Security Numbers

Healthcare Therapy Services

Healthcare Therapy Services reported that it suffered a data breach when an unauthorized party accessed and copied certain information from its network around April 29, 2025. The data breach involves sensitive confidential information, including:

• Full Name
• Social Security Number
• Financial Account Information
• Driver’s License Number
• Medical Information

GlobalLogic

GlobalLogic discovered unauthorized access to its internal systems in 2025. The attackers reportedly gained access to sensitive files containing personal identifiable information (PII) of current and former employees. The compromised data may include:

• Names
• Addresses
• Social Security numbers
• Dates of birth
• Employment-related information
• Financial or banking details used for payroll

If you or a loved one were affected by any of these data breaches, you may be entitled to compensation. Take action today and contact Morgan & Morgan for a free and confidential case evaluation.