Last updated 1 month ago
In December 2025, Condé Nast experienced a data breach affecting 2,364,431 WIRED magazine user accounts. The breach exposed user data from multiple Condé Nast brands, with the most recent compromised records dating to September 2025. The published dataset represents a subset of the broader Condé Nast user information allegedly obtained by the threat actor.
The breach involved unauthorized access to Condé Nast systems, resulting in the exfiltration of email addresses and display names for all affected users. For a smaller subset of accounts, the compromise extended to full names, phone numbers, dates of birth, gender information, and precise geographic data including complete physical addresses. The data publication occurred in December 2025, approximately three months after the most recent compromised records.
No specific threat actor attribution was provided in the disclosure. The breach represents a significant exposure of personally identifiable information across Condé Nast's media properties, with WIRED magazine users comprising the publicly identified affected population.
Unauthorized access to parent company Condé Nast systems
This breach demonstrates the risk of centralized data repositories in media conglomerates, where a single compromise at the parent company level exposed user data across multiple brands. The inclusion of sensitive PII like dates of birth and physical addresses for a subset of users indicates inconsistent data collection and storage practices across properties. The three-month gap between the most recent compromised records and public disclosure suggests potential detection or monitoring deficiencies in identifying unauthorized data access.
Sign in to join the discussion.
Company
Industry
Location
Disclosed
Records Affected
Attack Vector