Incindent List - 2026 2025 2024 2023 2021 2020 2019 2018
DATE |
NAME |
Info | CATEG. |
WEB |
| 14.5.26 | GM agrees to $12.75M California settlement over sale of drivers’ data | California Attorney General Rob Bonta announced a proposed $12.75 million settlement agreement with General Motors (GM) over allegations that the company violated the California Consumer Privacy Act (CCPA). | Incindent | BleepingComputer |
| 10.5.26 | NVIDIA confirms GeForce NOW data breach affecting Armenian users | NVIDIA has confirmed in a statement for BleepingComputer that GeForce NOW user information has been exposed in a data breach. | Incindent | BleepingComputer |
| 10.5.26 | Zara data breach exposed personal information of 197,000 people | Hackers who gained access to the databases of Spanish fast-fashion retailer Zara stole data belonging to more than 197,000 customers, according to data breach notification service Have I Been Pwned. | Incindent | BleepingComputer |
| 10.5.26 | Former govt contractor convicted for wiping dozens of federal databases | A 34-year-old Virginia man was found guilty of conspiring to destroy dozens of government databases after getting fired from his job as a federal contractor. | Incindent | BleepingComputer |
| 10.5.26 | Canvas login portals hacked in mass ShinyHunters extortion campaign | The ShinyHunters extortion gang has breached education technology giant Instructure again, this time exploiting another vulnerability to deface Canvas login portals for hundreds of colleges and universities. | Incindent | BleepingComputer |
| 10.5.26 | DAEMON Tools devs confirm breach, release malware-free version | Disc Soft Limited, the maker of DAEMON Tools Lite, confirmed that the software had been trojanized in a supply chain attack and released a new, malware-free version. | Incindent | BleepingComputer |
| 10.5.26 | Instructure hacker claims data theft from 8,800 schools, universities | The hacker behind a breach at education technology giant Instructure claims to have stolen 280 million data records for students and staff from 8,809 colleges, school districts, and online education platforms. | Incindent | BleepingComputer |
| 9.5.26 | Student hacked Taiwan high-speed rail to trigger emergency brakes | A 23-year-old university student in Taiwan was arrested for interfering with the TETRA communication system used by the country's high-speed railway network (THSR). | Incindent | BleepingComputer |
| 9.5.26 | Vimeo data breach exposes personal information of 119,000 people | The ShinyHunters extortion gang stole personal information belonging to over 119,000 people after hacking the Vimeo online video platform in April, according to data breach notification service Have I Been Pwned. | Incindent | BleepingComputer |
| 9.5.26 | Instructure confirms data breach, ShinyHunters claims attack | Educational tech giant Instructure has confirmed that data was stolen in a cyberattack, with the ShinyHunters extortion gang claiming responsibility. | Incindent | BleepingComputer |
| 5.5.26 |
TeamPCP Weekly Analysis: 2026-W18 (2026-04-27 through 2026-05-03) |
The most significant development of the week was the April 29 to 30 Mini Shai-Hulud worm, a self-propagating supply chain campaign that compromised four official SAP npm packages, two PyTorch Lightning PyPI versions, two intercom-client npm versions, and the intercom-php |
Incindent | SANS |
| 3.5.26 | 15-year-old detained over French govt agency data breach | French authorities have detained a 15-year-old suspected of selling data stolen in a cyberattack on France Titres (ANTS), the country's agency for issuing and managing administrative documents. | Incindent | BleepingComputer |
| 3.5.26 | Official SAP npm packages compromised to steal credentials | Multiple official SAP npm packages were compromised in what is believed to be a TeamPCP supply-chain attack to steal credentials and authentication tokens from developers' systems. | Incindent | |
| 2.5.26 | Hackers arrested for hijacking and selling 610,000 Roblox accounts | The Ukrainian police have arrested three individuals who hacked more than 610,000 Roblox gaming accounts and sold them for a profit of $225,000. | Incindent | BleepingComputer |
| 2.5.26 | Home security giant ADT data breach affects 5.5 million people | The ShinyHunters extortion group stole the personal information of 5.5 million individuals after breaching the systems of home security giant ADT earlier this month, according to data breach notification service Have I Been Pwned. | Incindent | |
| 2.5.26 | Medtronic confirms breach after hackers claim 9 million records theft | Medical device giant Medtronic disclosed last week that hackers breached its network and accessed data in "certain corporate IT systems." | Incindent | |
| 2.5.26 | American utility firm Itron discloses breach of internal IT network | Itron, Inc. has disclosed, via an 8-K filing with the U.S. Securities and Exchange Commission (SEC), a cybersecurity incident in which an unauthorized third party accessed certain internal systems. | Incindent | |
| 2.5.26 | ADT confirms data breach after ShinyHunters leak threat | Home security giant ADT has confirmed a data breach after the ShinyHunters extortion group threatened to leak stolen data unless a ransom is paid. | Incindent | |
| 26.4.26 | Bitwarden CLI npm package compromised to steal developer credentials | The Bitwarden CLI was briefly compromised after attackers uploaded a malicious @bitwarden/cli package to npm containing a credential-stealing payload capable of spreading to other projects | Incindent | |
| 26.4.26 | New Checkmarx supply-chain breach affects KICS analysis tool | Hackers have compromised Docker images, VSCode and Open VSX extensions for the Checkmarx KICS analysis tool to harvest sensitive data from developer environments. | Incindent | BleepingComputer |
| 26.4.26 | Cosmetics giant Rituals discloses data breach affecting customers | Dutch cosmetics giant Rituals disclosed a data breach after attackers stole the personal information of an undisclosed number of customers from its "My Rituals" membership database. | Incindent | BleepingComputer |
| 23.4.26 | Vercel confirms breach as hackers claim to be selling stolen data | Cloud development platform Vercel has disclosed a security incident after threat actors claimed to have breached its systems and are attempting to sell stolen data. | Incindent | |
| 23.4.26 | Vercel Finds More Compromised Accounts in Context.ai-Linked Breach | Vercel on Wednesday revealed that it has identified an additional set of customer accounts that were compromised as part of a security incident that | Incindent | The Hacker News |
| 19.4.26 | Data breach at edtech giant McGraw Hill affects 13.5 million accounts | The ShinyHunters extortion group has leaked data from 13.5 million McGraw Hill user accounts, stolen after breaching the company's Salesforce environment earlier this month. | Incindent | |
| 18.4.26 | Over 100 Chrome Web Store extensions steal user accounts, data | More than 100 malicious extensions in the official Chrome Web Store are attempting to steal Google OAuth2 Bearer tokens, deploy backdoors, and carry out ad fraud. | Incindent | |
| 18.4.26 | McGraw-Hill confirms data breach following extortion threat | Education company McGraw-Hill has confirmed in a statement to BleepingComputer that hackers exploited a Salesforce misconfiguration and accessed its internal data. | Incindent | |
| 18.4.26 | European Gym giant Basic-Fit data breach affects 1 million members | Dutch fitness giant Basic-Fit announced that hackers breached its systems and gained access to information belonging to a million of its customers. | Incindent | |
| 18.4.26 | Stolen Rockstar Games analytics data leaked by extortion gang | Rockstar Games has suffered a data breach linked to a recent security incident at Anodot, with the ShinyHunters extortion gang now leaking the stolen data on its data leak site. | Incindent | |
| 18.4.26 | New Booking.com data breach forces reservation PIN resets | Booking.com has confirmed via a statement to BleepingComputer that it has detected unauthorized access to its systems that has exposed sensitive reservation and user data. | Incindent | BleepingComputer |
| 17.4.26 | Operation PowerOFF Seizes 53 DDoS Domains, Exposes 3 Million Criminal Accounts | An international law enforcement operation has taken down 53 domains and arrested four people in connection with commercial distributed denial-of- | Incindent | The Hacker News |
| 12.4.26 | Eurail says December data breach impacts 300,000 individuals | Eurail B.V., a European travel operator that provides digital passes covering 33 national railways, says attackers stole the personal information of over 300,000 individuals in a December 2025 data breach. | Incindent | |
| 6.4.26 | TeamPCP Supply Chain Campaign: Update 006 - CERT-EU Confirms European Commission Cloud Breach, Sportradar Details Emerge, and Mandiant Quantifies Campaign at 1,000+ SaaS Environments | This is the sixth update to the TeamPCP supply chain campaign threat intelligence report, "When the Security Scanner Became the Weapon" (v3.0, March 25, 2026). Update 005 covered developments through April 1, including the first confirmed victim disclosure (Mercor AI), Wiz's post-compromise cloud enumeration findings, DPRK attribution of the axios compromise, and LiteLLM's release resumption after Mandiant's forensic audit. This update covers intelligence from April 1 through April 3, 2026. | Incindent | SANS |
| 6.4.26 | TeamPCP Supply Chain Campaign: Update 005 - First Confirmed Victim Disclosure, Post-Compromise Cloud Enumeration Documented, and Axios Attribution Narrows | This is the fifth update to the TeamPCP supply chain campaign threat intelligence report, "When the Security Scanner Became the Weapon" (v3.0, March 25, 2026). Update 004 covered developments through March 30, including the Databricks investigation, dual ransomware operations, and AstraZeneca data release. This update consolidates two days of intelligence through April 1, 2026. | Incindent | SANS |
| 6.4.26 | TeamPCP Supply Chain Campaign: Update 004 - Databricks Investigating Alleged Compromise, TeamPCP Runs Dual Ransomware Operations, and AstraZeneca Data Released | This is the fourth update to the TeamPCP supply chain campaign threat intelligence report, "When the Security Scanner Became the Weapon" (v3.0, March 25, 2026). Update 003 covered developments through March 28, including the first 48-hour pause in new compromises and the campaign's shift to monetization. This update consolidates intelligence from March 28-30, 2026 -- two days since our last update. | Incindent | SANS |
| 6.4.26 | TeamPCP Supply Chain Campaign: Update 003 - Operational Tempo Shift as Campaign Enters Monetization Phase With No New Compromises in 48 Hours | This is the third update to the TeamPCP supply chain campaign threat intelligence report, "When the Security Scanner Became the Weapon" (v3.0, March 25, 2026). Update 002 covered developments through March 27, including the Telnyx PyPI compromise and Vect ransomware partnership. This update covers developments from March 27-28, 2026. | Incindent | SANS |
| 6.4.26 | TeamPCP Supply Chain Campaign: Update 002 - Telnyx PyPI Compromise, Vect Ransomware Mass Affiliate Program, and First Named Victim Claim | This is the second update to the TeamPCP supply chain campaign threat intelligence report, "When the Security Scanner Became the Weapon" (v3.0, March 25, 2026). Update 001 covered developments through March 26. This update covers developments from March 26-27, 2026. | Incindent | SANS |
| 6.4.26 | TeamPCP Supply Chain Campaign: Update 001 - Checkmarx Scope Wider Than Reported, CISA KEV Entry, and Detection Tools Available | This is the first update to the TeamPCP supply chain campaign threat intelligence report, "When the Security Scanner Became the Weapon" (v3.0, March 25, 2026). That report covers the full campaign from the February 28 initial access through the March 24 LiteLLM PyPI compromise. This update covers developments since publication. | Incindent | SANS |
| 6.4.26 | Hims & Hers warns of data breach after Zendesk support ticket breach | Telehealth giant Hims & Hers Health is warning that it suffered a data breach after support tickets were stolen from a third-party customer service platform. | Incindent | BleepingComputer |
| 6.4.26 | CERT-EU: European Commission hack exposes data of 30 EU entities | The European Union's Cybersecurity Service (CERT-EU) has attributed the European Commission cloud hack to the TeamPCP threat group, saying the resulting breach exposed the data of at least 29 other Union entities. | Incindent | BleepingComputer |
| 4.4.26 | Cisco source code stolen in Trivy-linked dev environment breach | Cisco has suffered a cyberattack after threat actors used stolen credentials from the recent Trivy supply chain attack to breach its internal development environment and steal source code belonging to the company and its customers. | Incindent | BleepingComputer |
| 4.4.26 | Healthcare tech firm CareCloud says hackers stole patient data | Healthcare IT firm CareCloud has disclosed a data breach incident that exposed sensitive data and caused a network disruption lasting approximately eight hours. | Incindent | |
| 4.4.26 | New RoadK1ll WebSocket implant used to pivot on breached networks | A newly identified malicious implant named RoadK1ll is enabling threat actors to quietly move from a compromised host to other systems on the network. | Incindent | BleepingComputer |
| 1.4.26 | European Commission confirms data breach after Europa.eu hack | The European Commission has confirmed a data breach after its Europa.eu web platform was hacked in a cyberattack claimed by the ShinyHunters extortion gang. | Incindent | |
| 1.4.26 | FBI confirms hack of Director Patel's personal email inbox | The Handala hackers associated with Iran have breached the personal email account of FBI Director Kash Patel and published photos and documents. | Incindent | |
| 29.3.26 | Ajax football club hack exposed fan data, enabled ticket hijack | Dutch professional football club Ajax Amsterdam (AFC Ajax) disclosed that a hacker exploited vulnerabilities in its IT systems and accessed data belonging to a few hundred people. | Incindent | |
| 28.3.26 | Popular LiteLLM PyPI package backdoored to steal credentials, auth tokens | The TeamPCP hacking group continues its supply-chain rampage, now compromising the massively popular "LiteLLM" Python package on PyPI and claiming to have stolen data from hundreds of thousands of devices during the attack. | Incindent | |
| 28.3.26 | HackerOne discloses employee data breach after Navia hack | Bug bounty platform HackerOne is notifying hundreds of employees that their data was stolen after attackers hacked Navia, one of its U.S. benefits administrators. | Incindent | |
| 28.3.26 | Infinite Campus warns of breach after ShinyHunters claims data theft | Infinite Campus, a widely used K-12 student information system, is warning customers of a data breach following an extortion attempt by a threat actor. | Incindent | BleepingComputer |
| 28.3.26 | Dutch Ministry of Finance discloses breach affecting employees | The Dutch Ministry of Finance confirmed on Monday that some of its systems were breached in a cyberattack detected last week. | Incindent | |
| 28.3.26 | Mazda discloses security breach exposing employee and partner data | Mazda Motor Corporation (Mazda) announced that information belonging to its employees and business partners had been exposed in a security incident detected last December. | Incindent | BleepingComputer |
| 26.3.26 | Crunchyroll probes breach after hacker claims to steal 6.8M users' data | Popular anime streaming platform Crunchyroll is investigating a breach after hackers claimed to have stolen personal information for approximately 6.8 million people. | Incindent | |
| 22.3.26 | Ex-data analyst stole company data in $2.5M extortion scheme | A North Carolina man was found guilty of extorting a D.C.-based technology company while still being employed as a data analyst contractor. | Incindent | |
| 22.3.26 | Navia discloses data breach impacting 2.7 million people | Navia Benefit Solutions, Inc. (Navia) is informing nearly 2.7 million individuals of a data breach that exposed their sensitive information to attackers. | Incindent | |
| 21.3.26 | Aura confirms data breach exposing 900,000 marketing contacts | Identity protection company Aura has confirmed that an unauthorized party gained access to nearly 900,000 customer records containing names and email addresses. | Incindent | |
| 19.3.26 | UK’s Companies House confirms security flaw exposed business data | Companies House, a British government agency that operates the registry for all U.K. companies, says its WebFiling service is back online after it was closed on Friday to fix a security flaw that exposed companies' information since October 2025. | Incindent | |
| 15.3.26 | Poland's nuclear research centre targeted by cyberattack | Poland's National Centre for Nuclear Research (NCBJ) says hackers targeted its IT infrastructure, but the attack was detected and blocked before causing any impact. | Incindent | |
| 15.3.26 | Starbucks discloses data breach affecting hundreds of employees | Starbucks has disclosed a data breach affecting hundreds of employees after threat actors gained access to their Starbucks Partner Central accounts. | Incindent | |
| 15.3.26 | Canadian retail giant Loblaw notifies customers of data breach | Still, out of an abundance of caution, Loblaw says it has automatically logged out all customers from their accounts. Account holders who need to access the company's digital services will have to log in again. | Incindent | |
| 15.3.26 | England Hockey investigating ransomware data breach | England Hockey, the governing body for field hockey in England, is investigating a potential data breach after the AiLock ransomware gang listed it as a victim on its data leak site. | Incindent | |
| 15.3.26 | Telus Digital confirms breach after hacker claims 1 petabyte data theft | Canadian business process outsourcing giant Telus Digital has confirmed it suffered a security incident after threat actors claimed to have stolen nearly 1 petabyte of data from the company in a multi-month breach. | Incindent | |
| 12.3.26 | Ericsson US discloses data breach after service provider hack | Ericsson Inc., the U.S. subsidiary of Swedish networking and telecommunications giant Ericsson, says attackers have stolen data belonging to over 15,000 employees and customers after hacking one of its service providers. | Incindent | |
| 8.3.26 | Cognizant TriZetto breach exposes health data of 3.4 million patients | TriZetto Provider Solutions, a healthcare IT company that develops software and services used by health insurers and healthcare providers, has suffered a data breach that exposed the sensitive information of over 3.4 million people. | Incindent | |
| 8.3.26 | FBI investigates breach of surveillance and wiretap systems | The U.S. Federal Bureau of Investigation (FBI) confirmed on Thursday that it's investigating a breach that affected systems used to manage surveillance and wiretap warrants. | Incindent | |
| 5.3.26 | LexisNexis confirms data breach as hackers leak stolen files | American data analytics company LexisNexis Legal & Professional has confirmed to BleepingComputer that hackers breached its servers and accessed some customer and business information. | Incindent | |
| 5.3.26 | Star Citizen game dev discloses breach affecting user data | Cloud Imperium Games (CIG), the game developer behind Star Citizen and Squadron 42, says attackers breached systems containing some users' personal information in January. | Incindent | |
| 5.3.26 | UH Cancer Center data breach affects nearly 1.2 million people | The University of Hawaii confirmed that a ransomware gang stole the data of nearly 1.2 million individuals in August 2025 after breaching its Cancer Center's Epidemiology Division. | Incindent | |
| 1.3.26 | European DYI chain ManoMano data breach impacts 38 million customers | DIY store chain ManoMano is notifying customers of a data breach personal data, which was caused by hackers compromising a third-party service provider. | Incindent | |
| 1.3.26 | Olympique Marseille confirms 'attempted' cyberattack after data leak | French professional football club Olympique de Marseille has confirmed a cyberattack after a threat actor claimed on Monday that it breached the club's systems earlier this month. | Incindent | |
| 28.2.26 | Wynn Resorts confirms employee data breach after extortion threat | Wynn Resorts has confirmed that a hacker stole employee data from its systems after the company was listed on the ShinyHunters extortion gang's data leak site. | Incindent | |
| 28.2.26 | CarGurus data breach exposes information of 12.4 million accounts | The ShinyHunters extortion group has published personal information in more than 12 million records allegedly stolen from CarGurus, a U.S.-based digital auto platform. | Incindent | |
| 28.2.26 | Ad tech firm Optimizely confirms data breach after vishing attack | New York-based ad tech company Optimizely has notified an undisclosed number of customers of a data breach after threat actors compromised some of its systems in a voice phishing attack. | Incindent | |
| 22.2.26 | Data breach at French bank registry impacts 1.2 million accounts | The French Ministry of Finance has published an announcement informing of a cybersecurity incident that has impacted 1.2 million accounts. | Incindent | |
| 22.2.26 | PayPal discloses data breach that exposed user info for 6 months | PayPal is notifying customers of a data breach after a software error in a loan application exposed their sensitive personal information, including Social Security numbers, for nearly 6 months last year. | Incindent | |
| 22.2.26 | Data breach at fintech firm Figure affects nearly 1 million accounts | Hackers have stolen the personal and contact information of nearly 1 million accounts after breaching the systems of Figure Technology Solutions, a self-described blockchain-native financial technology company. | Incindent | |
| 19.2.26 | Eurail says stolen traveler data now up for sale on dark web | Eurail B.V., the operator that provides access to 250,000 kilometers of European railways, confirmed that data stolen in a breach earlier this year is being offered for sale on the dark web. | Incindent | |
| 19.2.26 | Canada Goose investigating as hackers leak 600K customer records | ShinyHunters, a well-known data extortion group, claims to have stolen more than 600,000 Canada Goose customer records containing personal and payment-related data. Canada Goose told BleepingComputer the dataset appears to relate to past customer transactions and that it has not found evidence of a breach of its own systems. | Incindent | |
| 15.2.26 | Louis Vuitton, Dior, and Tiffany fined $25 million over data breaches | South Korea has fined luxury fashion brands Louis Vuitton, Christian Dior Couture, and Tiffany $25 million for failing to implement adequate security measures, which facilitated unauthorized access and the exposure of data belonging to more than 5.5 million customers. | Incindent | |
| 15.2.26 | Romania's oil pipeline operator Conpet confirms data stolen in attack | Romania's national oil pipeline operator, Conpet S.A., confirmed that the Qilin ransomware gang stole company data in an attack last week. | Incindent | |
| 15.2.26 | Odido data breach exposes personal info of 6.2 million customers | Dutch telecommunications provider Odido is warning that it suffered a cyberattack that reportedly exposed the personal data of 6.2 million customers. | Incindent | |
| 13.2.26 | npm’s Update to Harden Their Supply Chain, and Points to Consider | In December 2025, in response to the Sha1-Hulud incident, npm completed a major authentication overhaul intended to reduce supply-chain attacks. While | Incindent | The Hacker News |
| 12.2.26 | Volvo Group North America customer data exposed in Conduent hack | Volvo Group North America disclosed that it suffered an indirect data breach stemming from the compromise of IT systems at American business services giant Conduent, of which Volvo is a customer. | Incindent | |
| 12.2.26 | Hackers breach SmarterTools network using flaw in its own software | SmarterTools confirmed last week that the Warlock ransomware gang breached its network after compromising an email system, but did not impact business applications or account data. | Incindent | |
| 12.2.26 | Men charged in FanDuel scheme fueled by thousands of stolen identities | Two Connecticut men face federal charges for allegedly defrauding FanDuel and other online gambling sites of $3 million over several years using the stolen identities of approximately 3,000 victims. | Incindent | |
| 8.2.26 | Man pleads guilty to hacking nearly 600 women’s Snapchat accounts | An Illinois man pleaded guilty to hacking nearly 600 women's Snapchat accounts to steal nude photos that he kept, sold, or traded online, including accounts he compromised at the request of a former university track coach who was later convicted of sextortion. | Incindent | |
| 8.2.26 | Flickr discloses potential data breach exposing users' names, emails | Photo-sharing platform Flickr is notifying users of a potential data breach after a vulnerability at a third-party email service provider exposed their real names, email addresses, IP addresses, and account activity. | Incindent | |
| 8.2.26 | Newsletter platform Substack notifies users of data breach | Newsletter platform Substack is notifying users of a data breach after attackers stole their email addresses and phone numbers in October 2025. | Incindent | |
| 8.2.26 | Data breach at fintech firm Betterment exposes 1.4 million accounts | Hackers stole email addresses and other personal information from 1.4 million accounts after breaching the systems of automated investment platform Betterment in January. | Incindent | |
| 7.2.26 | Iron Mountain: Data breach mostly limited to marketing materials | Iron Mountain, a leading data storage and recovery services company, says that a recent breach claimed by the Everest extortion gang is limited to mostly marketing materials. | Incindent | |
| 7.2.26 | Panera Bread breach impacts 5.1 million accounts, not 14 million customers | The data breach notification service Have I Been Pwned says that a data breach at the U.S. food chain Panera Bread affected 5.1 million accounts, not 14 million customers as previously reported. | Incindent | |
| 7.2.26 | NationStates confirms data breach, shuts down game site | NationStates, a multiplayer browser-based game, has confirmed a data breach after taking its website offline earlier this week to investigate a security incident. | Incindent | |
| 3.2.26 | Match Group breach exposes data from Hinge, Tinder, OkCupid, and Match | Match Group, the owner of multiple popular online dating services, Tinder, Match.com, Meetic, OkCupid, and Hinge, confirmed a cybersecurity incident that compromised user data. | Incindent | |
| 3.2.26 | Not a Kids Game: From Roblox Mod to Compromising Your Company | Seemingly harmless game mods can hide infostealer malware that quietly steals identities. Flare shows how Roblox mods can turn a home PC infection into corporate compromise. | Incindent | |
| 3.2.26 | France fines unemployment agency €5 million over data breach | The French data protection authority fined the national employment agency €5 million (nearly €6 million) for failing to secure job seekers' data, which allowed hackers to steal the personal information of 43 million people. | Incindent | |
| 3.2.26 | eScan confirms update server breached to push malicious update | MicroWorld Technologies, the maker of the eScan antivirus product, has confirmed that one of its update servers was breached and used to distribute an unauthorized update later analyzed as malicious to a small subset of customers earlier this month. | Incindent | |
| 3.2.26 | Nike investigates data breach after extortion gang leaks files | Nike is investigating what it described as a "potential cyber security incident" after the World Leaks ransomware gang leaked 1.4 TB of files allegedly stolen from the sportswear giant. | Incindent | |
| 3.2.26 | Have I Been Pwned: SoundCloud data breach impacts 29.8 million accounts | Hackers have stolen the personal and contact information belonging to over 29.8 million SoundCloud user accounts after breaching the audio streaming platform's systems. | Incindent | |
| 25.1.26 | Okta SSO accounts targeted in vishing-based data theft attacks | Okta is warning about custom phishing kits built specifically for voice-based social engineering (vishing) attacks. BleepingComputer has learned that these kits are being used in active attacks to steal Okta SSO credentials for data theft. | Incindent | |
| 25.1.26 | Hackers breach Fortinet FortiGate devices, steal firewall configs | Fortinet FortiGate devices are being targeted in automated attacks that create rogue accounts and steal firewall configuration data, according to cybersecurity company Arctic Wolf. | Incindent | |
| 25.1.26 | Online retailer PcComponentes says data breach claims are fake | PcComponentes, a major technology retailer in Spain, has denied claims of a data breach on its systems impacting 16 million customers, but confirmed it suffered a credential stuffing attack. | Incindent | |
| 25.1.26 | Hacker admits to leaking stolen Supreme Court data on Instagram | A Tennessee man has pleaded guilty to hacking the U.S. Supreme Court's electronic filing system and breaching accounts at the AmeriCorps U.S. federal agency and the Department of Veterans Affairs. | Incindent | |
| 25.1.26 | Jordanian pleads guilty to selling access to 50 corporate networks | A Jordanian man has pleaded guilty to operating as an "access broker" who sold access to the computer networks of at least 50 companies. | Incindent | |
| 25.1.26 | CIRO confirms data breach exposed info on 750,000 Canadian investors | The Canadian Investment Regulatory Organization (CIRO) confirmed that the data breach it suffered last year impacts about 750,000 Canadian investors. | Incindent | |
| 18.1.26 | Grubhub confirms hackers stole data in recent security breach | Food delivery platform Grubhub has confirmed a recent data breach after hackers accessed its systems, with sources telling BleepingComputer the company is now facing extortion demands. | Incindent | |
| 18.1.26 | France fines Free Mobile €42 million over 2024 data breach incident | The French data protection authority (CNIL) has imposed cumulative fines of €42 million on Free Mobile and its parent company, Free, for inadequate protection of customer data against cyber threats. | Incindent | |
| 18.1.26 | Cloud marketplace Pax8 accidentally exposes data on 1,800 MSP partners | Cloud marketplace and distributor Pax8 has confirmed that it mistakenly sent an email to fewer than 40 UK-based partners containing a spreadsheet with internal business information, including MSP customer and Microsoft licensing data. | Incindent | |
| 18.1.26 | Victorian Department of Education says hackers stole students’ data | The Department of Education in Victoria, Australia, notified parents that attackers gained access to a database containing the personal information of current and former students. | Incindent | |
| 18.1.26 | Monroe University says 2024 data breach affects 320,000 people | Monroe University revealed that threat actors stole the personal, financial, and health information of over 320,000 people after breaching its systems in a December 2024 cyberattack. | Incindent | |
| 18.1.26 | Central Maine Healthcare breach exposed data of over 145,000 people | A data breach last year at Central Maine Healthcare (CMH) exposed sensitive information of more than 145,000 individuals. | Incindent | |
| 18.1.26 | Belgian hospital AZ Monica shuts down servers after cyberattack | Belgian hospital AZ Monica was forced to shut down all servers, cancel scheduled procedures, and transfer critical patients earlier today due to a cyberattack. | Incindent | |
| 17.1.26 | Target's dev server offline after hackers claim to steal source code | Hackers are claiming to be selling internal source code belonging to Target Corporation, after publishing what appears to be a sample of stolen code repositories on a public software development platform. After BleepingComputer notified Target, the files were taken offline and the retailer's developer Git server was inaccessible. | Incindent | |
| 17.1.26 | Spanish energy giant Endesa discloses data breach affecting customers | Spanish energy provider Endesa and its Energía XXI operator are notifying customers that hackers accessed the company's systems and accessed contract-related information, which includes personal details. | Incindent | |
| 17.1.26 | Prevent cloud data leaks with Microsoft 365 access reviews | Microsoft 365 has made file sharing effortless, but that convenience often leaves organizations with little visibility into who can access sensitive data. Tenfold explains how access reviews for shared cloud content can help organizations regain visibility, reduce unnecessary permissions, and prevent data leaks in Microsoft 365. | Incindent | |
| 17.1.26 | Instagram denies breach amid claims of 17 million account data leak | Instagram says it fixed a bug that allowed threat actors to mass-request password reset emails, amid claims that data from more than 17 million Instagram accounts was scraped and leaked online. | Incindent | |
| 17.1.26 | California bans data broker reselling health data of millions | The California Privacy Protection Agency (CalPrivacy) has taken action against the Datamasters marketing firm that sold the health and personal data of millions of users without being registered as a data broker. | Incindent | |
| 12.1.26 | Researchers Uncover Service Providers Fueling Industrial-Scale Pig Butchering Fraud | Cybersecurity researchers have shed light on two service providers that supply online criminal networks with the necessary tools and infrastructure to fuel the pig butchering-as-a- | Incindent | The Hacker News |
| 11.1.26 | BreachForums hacking forum database leaked, exposing 324,000 accounts | The latest incarnation of the notorious BreachForums hacking forum has suffered a data breach, with its user database table leaked online. | Incindent | |
| 11.1.26 | Illinois Department of Human Services data breach affects 700K people | The Illinois Department of Human Services (IDHS), one of Illinois' largest state agencies, accidentally exposed the personal and health data of nearly 700,000 residents due to incorrect privacy settings. | Incindent | |
| 11.1.26 | Illinois man charged with hacking Snapchat accounts to steal nude photos | U.S. prosecutors have charged an Illinois man with orchestrating a phishing operation that allowed him to hack the Snapchat accounts of nearly 600 women to steal private photos and sell them online | Incindent | |
| 9.1.26 | Sedgwick confirms breach at government contractor subsidiary | Claims administration and risk management company Sedgwick has confirmed that its federal contractor subsidiary, Sedgwick Government Solutions, was the victim of a security breach. | Incindent | |
| 9.1.26 | Cloud file-sharing sites targeted for corporate data theft attacks | A threat actor known as Zestix has been offering to corporate data stolen from dozens of companies likely after breaching their ShareFile, Nextcloud, and OwnCloud instances. | Incindent | |
| 9.1.26 | US broadband provider Brightspeed investigates breach claims | Brightspeed, one of the largest fiber broadband companies in the United States, is investigating security breach and data theft claims made by the Crimson Collective extortion gang. | Incindent | |
| 9.1.26 | Ledger customers impacted by third-party Global-e data breach | Ledger is informing some customers that their personal data has been exposed after hackers breached the systems of third-party payment processor Global-e. | Incindent | |
| 9.1.26 | NordVPN denies breach claims, says attackers have "dummy data" | NordVPN denied allegations that its internal Salesforce development servers were breached, saying that cybercriminals obtained "dummy data" from a trial account on a third-party automated testing platform. | Incindent | |
| 4.1.26 | Covenant Health says May data breach impacted nearly 478,000 patients | The Covenant Health organization has revised to nearly 500,000 the number of individuals affected by a data breach discovered last May. | Incindent | |
| 3.1.26 | Disney will pay $10 million to settle children's data privacy lawsuit | A federal judge has approved an order requiring Disney to pay a $10 million civil penalty to settle claims that it violated the Children's Online Privacy Protection Act by mislabeling videos and allowing data collection for targeted advertising. | Incindent | |
| 3.1.26 | Coupang to split $1.17 billion among 33.7 million data breach victims | Coupang, the largest retailer in South Korea, announced $1.17 billion (1.685 trillion Won) total compensation for the 33.7 million customers whose information was exposed in the data breach discovered last month. | Incindent | |
| 3.1.26 | Coupang to split $1.17 billion among 33.7 million data breach victims | Coupang, the largest retailer in South Korea, announced $1.17 billion (1.685 trillion Won) total compensation for the 33.7 million customers whose information was exposed in the data breach discovered last month. | Incindent | |
| 3.1.26 | Korean Air data breach exposes data of thousands of employees | Korean Air experienced a data breach affecting thousands of employees after Korean Air Catering & Duty-Free (KC&D), its in-flight catering supplier and former subsidiary, was recently hacked. | Incindent | |
| 3.1.26 | Hacker claims to leak WIRED database with 2.3 million records | A hacker claims to have breached Condé Nast and leaked an alleged WIRED database containing more than 2.3 million subscriber records, while also warning that they plan to release up to 40 million additional records for other Condé Nast properties. | Incindent | |
| 3.1.26 | Massive Rainbow Six Siege breach gives players billions of credits | Ubisoft's Rainbow Six Siege (R6) suffered a breach that allowed hackers to abuse internal systems to ban and unban players, manipulate in-game moderation feeds, and grant massive amounts of in-game currency and cosmetic items to accounts worldwide. | Incindent |