Data Breach

Pharma supplier West Pharmaceutical Services discloses ransomware attack in SEC filing. Attackers exfiltrated data before encrypting systems. Unit 42 investigating.

ShinyHunters leaked 140GB of Zara customer data stolen through compromised Anodot authentication tokens. The breach exposed email addresses, order history, and support tickets from Snowflake and BigQuery integrations.

Armenian GeForce NOW operator GFN.AM suffered a data breach exposing user emails, names, and phone numbers. NVIDIA clarifies its own infrastructure wasn't compromised. ShinyHunters claims credit.

Trellix, formed from McAfee Enterprise and FireEye merger, disclosed unauthorized access to source code. Forensic investigation ongoing with no evidence of code exploitation.

ShinyHunters breached home security giant ADT via voice phishing to compromise an employee's Okta SSO, stealing 5.5 million customer records from Salesforce.

ShinyHunters claims breach of Canada Life Assurance exposing 5.6 million Salesforce records with PII. Ransom deadline passed April 21, 2026—data leak threatened.

New ransomware operation claims Medical Park Hospitals as first victim. 36 Turkish hospitals face data leak threats after 3.3TB exfiltration.

Compromised Google Workspace OAuth app 110671459871-30f1spbu0hptbs60cb4vsmv79i7bbvqj breached Vercel, exposing API keys and source code. Hackers demand $2M; audit Workspace apps and rotate credentials.

Booking.com confirms hackers accessed customer reservation data including names, emails, phone numbers, and booking details. Company resets PINs but won't disclose breach scope.

Dutch fitness chain Basic-Fit confirms hackers accessed bank account details, addresses, and personal data for up to 1 million members across six European countries.

GTA 6 developer Rockstar Games confirms third-party breach after ShinyHunters stole Snowflake credentials through Anodot. Ransom deadline set for April 14.

Ransomware attack on ChipSoft forces 11 Dutch hospitals offline. The vendor manages patient records for most of the Netherlands. Attacker unknown.

AI startup Mercor confirms breach via LiteLLM supply chain attack. Lapsus$ claims 4TB stolen including candidate data, source code, and API keys. Meta pauses contracts.

ShinyHunters compromised SaaS analytics provider Anodot, using stolen authentication tokens to access and exfiltrate data from dozens of Snowflake customers.

World Leaks gang dumps 7TB of sensitive police data including personnel files and Internal Affairs investigations after breaching LA City Attorney's Office.

Attackers stole 50.9 BTC from company wallets after obtaining settlement account credentials. Second security incident for the crypto ATM operator since 2023.

Telehealth company Hims & Hers reveals data breach affecting customer support tickets. ShinyHunters gang exploited Okta SSO to access Zendesk platform.

Toy giant Hasbro filed an SEC 8-K disclosing unauthorized network access discovered March 28. Systems remain offline with recovery expected to take weeks.

Intesa Sanpaolo hit with $36 million GDPR fine after a single employee accessed 3,573 customer accounts undetected for over two years, including politicians.

API defect in Lloyds, Halifax, and Bank of Scotland apps let users view strangers' transactions including account numbers and NI numbers. Bank paying compensation.

Hackers compromised the European Commission's Amazon cloud infrastructure, claiming to steal 350GB of data including employee databases. Investigation ongoing.

An API vulnerability in AFC Ajax systems let attackers access fan data and transfer 42,000+ season tickets. Club patched after journalists demonstrated the flaw.

Hackers infected a contractor's device to steal Okta credentials, then pivoted to Crunchyroll's Zendesk. Support ticket data for 6.8 million subscribers extracted.

Workplace benefits administrator Navia discloses data breach affecting 2.7 million individuals. Social Security numbers, health plan data, and personal information stolen during December-January intrusion.

Turkish restaurant chain Baydöner confirms breach affecting 3.7 million customers. Data includes 622,000 plaintext passwords and 42,000 national IDs now circulating on forums.

Infutor data breach reportedly exposes 676 million consumer records including Social Security numbers. Misconfigured Elasticsearch database blamed for the exposure.

Canadian BPO giant confirms breach after ShinyHunters claims massive data theft including call recordings, source code, and FBI background checks. Ransom ignored.

British government registry's WebFiling vulnerability let logged-in users access other companies' dashboards since October 2025. Unauthorized filings were possible.

Threat group ShinyHunters exploits misconfigured Salesforce Experience Cloud sites, stealing data from 100+ organizations including 921K records from Aura.com.

Attackers compromised 889 Starbucks Partner Central accounts using fake login portals, exposing employee names, Social Security numbers, and bank details.

Cognizant subsidiary TriZetto Provider Solutions confirms breach affecting 3.4 million patients. SSNs, Medicare IDs, and health data exposed after attackers went undetected for nearly a year.

Anubis gang claims 170GB of data including passport scans and client agreements from AkzoNobel's US operations. Company says breach contained.

Attacker leverages infostealer-compromised credentials to extort restaurant POS provider HungerRush, sending threatening emails directly to customers demanding response.

FulcrumSec threat actor exploits React2Shell vulnerability to breach LexisNexis AWS infrastructure, leaking 2GB of customer data including .gov email addresses and federal employee records.

A coding error in PayPal Working Capital exposed customer SSNs and business data since July 2025. Unauthorized transactions detected on some affected accounts.

ShinyHunters claims 800,000+ Wynn Resorts employee records including SSNs, salaries, and personal details. Group demands 22 Bitcoin by February 23, exploited Oracle PeopleSoft.

VIQ Solutions confirms sensitive Australian court data including domestic violence and national security cases accessed by unauthorized Indian subcontractor e24 Technologies.

Attacker impersonating civil servant accessed French FICOBA registry containing 300M+ bank account records. 1.2 million accounts compromised in late January attack.

WormGPT database allegedly leaked on dark web forums, exposing emails, payment data, and subscription details of cybercriminals using the service.

Wiz researchers found Moltbook's Supabase database exposed without authentication, leaking 1.5M API tokens, private messages, and plaintext OpenAI keys.

Odido confirms cyberattack exposed names, IBANs, passport numbers, and personal data of 6.2 million Dutch customers. Services remain operational.

Enriched AT&T breach dataset with 148M Social Security numbers and 133M addresses is circulating privately, creating fresh identity theft and SIM-swap risks.

Flickr discloses a data breach through a third-party email provider vulnerability that exposed names, emails, and IP addresses for up to 35 million users.

Substack's October 2025 breach went undetected for four months. 700,000 users' email addresses and phone numbers were accessed by an unauthorized third party.

The January 2025 ransomware attack on govtech giant Conduent keeps growing—15.4M in Texas, 10.5M in Oregon, with more states still counting.