DEphoto, a U.K. photo business, suffered a data breach on Christmas Day, exposing personal information of 555,952 customers and credit card details of 16,213 records. The threat actor, 0mid16B, claims to have exfiltrated hundreds of gigabytes of data, including photos and customer information, and is threatening to sell the database and leak the rest. Despite being notified on December 25th, DEphoto allegedly failed to address the security breach, leading to a second attack on December 29th.