Data Breaches

Attackers compromised DigiCert's support portal via malicious chat attachment, stealing EV code signing certificates. 11 certificates used to sign Zhong Stealer malware.

ShinyHunters threatens to leak 42 million Charter Communications customer records by May 27. The telecom giant confirms incident but disputes data sensitivity claims.

Grafana Labs confirms hackers stole source code through a GitHub token that slipped through rotation after the TanStack supply chain compromise. The company refused to pay the ransom demand.

ShinyHunters leaked 140GB of Zara customer data stolen through compromised Anodot authentication tokens. The breach exposed email addresses, order history, and support tickets from Snowflake and BigQuery integrations.

Armenian GeForce NOW operator GFN.AM suffered a data breach exposing user emails, names, and phone numbers. NVIDIA clarifies its own infrastructure wasn't compromised. ShinyHunters claims credit.

Educational tech giant Instructure confirms data breach affecting Canvas LMS users. ShinyHunters claims 275 million student and teacher records stolen from 9,000 schools, with a May 6 leak deadline.

Trellix, formed from McAfee Enterprise and FireEye merger, disclosed unauthorized access to source code. Forensic investigation ongoing with no evidence of code exploitation.

ShinyHunters breached home security giant ADT via voice phishing to compromise an employee's Okta SSO, stealing 5.5 million customer records from Salesforce.

ShinyHunters claims breach of Canada Life Assurance exposing 5.6 million Salesforce records with PII. Ransom deadline passed April 21, 2026—data leak threatened.

Attackers hijacked Seiko USA's website to post a ransom demand, claiming theft of customer data from the watchmaker's Shopify store. A 72-hour deadline was issued before public release.

Compromised Google Workspace OAuth app 110671459871-30f1spbu0hptbs60cb4vsmv79i7bbvqj breached Vercel, exposing API keys and source code. Hackers demand $2M; audit Workspace apps and rotate credentials.

Booking.com confirms hackers accessed customer reservation data including names, emails, phone numbers, and booking details. Company resets PINs but won't disclose breach scope.

Dutch fitness chain Basic-Fit confirms hackers accessed bank account details, addresses, and personal data for up to 1 million members across six European countries.

A fraudulent Ledger Live app distributed through Apple's Mac App Store stole $9.5M from 50+ victims who entered seed phrases. ZachXBT traced funds to KuCoin.

GTA 6 developer Rockstar Games confirms third-party breach after ShinyHunters stole Snowflake credentials through Anodot. Ransom deadline set for April 14.

AI startup Mercor confirms breach via LiteLLM supply chain attack. Lapsus$ claims 4TB stolen including candidate data, source code, and API keys. Meta pauses contracts.

ShinyHunters compromised SaaS analytics provider Anodot, using stolen authentication tokens to access and exfiltrate data from dozens of Snowflake customers.

World Leaks gang dumps 7TB of sensitive police data including personnel files and Internal Affairs investigations after breaching LA City Attorney's Office.

Attackers stole 50.9 BTC from company wallets after obtaining settlement account credentials. Second security incident for the crypto ATM operator since 2023.

Telehealth company Hims & Hers reveals data breach affecting customer support tickets. ShinyHunters gang exploited Okta SSO to access Zendesk platform.

Solana's Drift Protocol lost $285 million in 2026's largest DeFi hack. TRM Labs attributes the attack to North Korean actors who exploited oracle manipulation and pre-signed transactions.

Die Linke confirms Qilin stole internal data and employee info from party headquarters. Officials suggest attack may be politically motivated hybrid warfare.

Toy giant Hasbro filed an SEC 8-K disclosing unauthorized network access discovered March 28. Systems remain offline with recovery expected to take weeks.

Intesa Sanpaolo hit with $36 million GDPR fine after a single employee accessed 3,573 customer accounts undetected for over two years, including politicians.

API defect in Lloyds, Halifax, and Bank of Scotland apps let users view strangers' transactions including account numbers and NI numbers. Bank paying compensation.

Hackers compromised the European Commission's Amazon cloud infrastructure, claiming to steal 350GB of data including employee databases. Investigation ongoing.

An API vulnerability in AFC Ajax systems let attackers access fan data and transfer 42,000+ season tickets. Club patched after journalists demonstrated the flaw.

K-12 student information system provider Infinite Campus discloses breach affecting school staff data. ShinyHunters issued March 25 ransom deadline after claiming to steal Salesforce records.

Hackers infected a contractor's device to steal Okta credentials, then pivoted to Crunchyroll's Zendesk. Support ticket data for 6.8 million subscribers extracted.

Workplace benefits administrator Navia discloses data breach affecting 2.7 million individuals. Social Security numbers, health plan data, and personal information stolen during December-January intrusion.

Turkish restaurant chain Baydöner confirms breach affecting 3.7 million customers. Data includes 622,000 plaintext passwords and 42,000 national IDs now circulating on forums.

Infutor data breach reportedly exposes 676 million consumer records including Social Security numbers. Misconfigured Elasticsearch database blamed for the exposure.

Canadian BPO giant confirms breach after ShinyHunters claims massive data theft including call recordings, source code, and FBI background checks. Ransom ignored.

British government registry's WebFiling vulnerability let logged-in users access other companies' dashboards since October 2025. Unauthorized filings were possible.

Threat group ShinyHunters exploits misconfigured Salesforce Experience Cloud sites, stealing data from 100+ organizations including 921K records from Aura.com.

Attackers compromised 889 Starbucks Partner Central accounts using fake login portals, exposing employee names, Social Security numbers, and bank details.

Iranian-linked hacktivists claim devastating attack on medical device maker Stryker, weaponizing Intune's remote wipe capability to erase systems in 79 countries.

Ericsson's U.S. subsidiary confirms data theft affecting employees and customers after attackers compromised a service provider. SSNs, medical info, and financial details exposed.

Cognizant subsidiary TriZetto Provider Solutions confirms breach affecting 3.4 million patients. SSNs, Medicare IDs, and health data exposed after attackers went undetected for nearly a year.

Anubis gang claims 170GB of data including passport scans and client agreements from AkzoNobel's US operations. Company says breach contained.

Attacker leverages infostealer-compromised credentials to extort restaurant POS provider HungerRush, sending threatening emails directly to customers demanding response.

FulcrumSec threat actor exploits React2Shell vulnerability to breach LexisNexis AWS infrastructure, leaking 2GB of customer data including .gov email addresses and federal employee records.

A coding error in PayPal Working Capital exposed customer SSNs and business data since July 2025. Unauthorized transactions detected on some affected accounts.

Japanese semiconductor test equipment maker Advantest hit by ransomware on Feb 15. Investigation ongoing as company assesses potential data exposure.

ShinyHunters claims 800,000+ Wynn Resorts employee records including SSNs, salaries, and personal details. Group demands 22 Bitcoin by February 23, exploited Oracle PeopleSoft.