Full List

Search

Recent Breaches

• University of Nottingham June 9, 2026 • [ cyber attack, extortion, data leak ] In June 2026, the University of Nottingham was the target of a cyber attack, later linked to a ShinyHunters "pay or leak" extortion campaign. Tens of gigabytes of data were subsequently published online and included 455k unique email addresses along with extensive personal information including names, addresses, phone numbers, ethnicities, disabilities, passport numbers and information relating to academic enrolments and fee payments. In a post about the incident, the university advised that the breach affected both "current students, and alumni".
• Atlas Menu May 30, 2026 • [ data breach, gaming, data leak ] In May 2026, the GTA V and CS2 cheat service Atlas Menu suffered a data breach. An attacker claimed to have gained access to all Atlas systems and published the service's database to a public GitHub repository. The incident exposed 64k unique email addresses along with usernames, IP addresses, support tickets and passwords stored as bcrypt hashes.
• BCD Travel May 29, 2026 • [ extortion, data leak, data theft ] In May 2026, the corporate travel management company BCD Travel was claimed as a victim of the ShinyHunters "pay or leak" extortion campaign. Data allegedly obtained from BCD was subsequently published publicly in early June and contained 396k unique email addresses. Other exposed data included names, addresses, phone numbers, job titles and employer names, spanning a variety of different data sets including leads, internal staff and support tickets.
• Afghanistan Ministry of Finance May 29, 2026 • [ spear-phishing, malware, XenoRAT ] SideCopy, a suspected Pakistan-linked threat group, targeted Afghanistan's Ministry of Finance and provincial revenue and finance directorates with spear-phishing emails containing a malicious ZIP/LNK file in Pashto. When executed, the malware chain installed XenoRAT, enabling long-term remote access, spying on infected computers, and additional malicious activity.
• MyPillow May 25, 2026 • [ ransomware, data leak, financial data ] Play claimed it breached MyPillow and stole private company, employee, financial, and client documents. After CEO Mike Lindell denied the breach, the group published approximately 9.8GB of internal files, reportedly including payroll records, tax forms, bank statements, audit files, and client invoices.
• Chelan County Government May 24, 2026 • [ malware, cyberattack, network shutdown ] Chelan County, Washington reported that malware was detected on county government systems around 10 a.m. on May 24, 2026, affecting all county departments. As a precaution, the county voluntarily shut down network access, computers, and telephone systems across departments while IT staff worked with security partners to restore systems; 911 and emergency services remained available. Public reporting did not identify the threat actor, confirm ransomware, report data theft, or confirm whether any personal data was compromised.
• Charter May 23, 2026 • [ extortion, data leak, ShinyHunters ] In May 2026, the telecommunications company Charter Communications (the parent company behind the consumer broadband and cable brand Spectrum) was named by the ShinyHunters group in a "pay or leak" extortion campaign. The group later published the data, which exposed 4.9M unique email addresses along with names, phone numbers and physical addresses. A subset of approximately 85k records originating from an internal employee directory also included job titles. Charter confirmed the incident, but stated that no sensitive personal information or customer proprietary network information (CPNI) was exfiltrated.
• DentaQuest May 23, 2026 • [ data leak, extortion, healthcare ] In May 2026, the dental benefits administrator DentaQuest was the target of a ShinyHunters "pay or leak" extortion campaign that resulted in the group publicly publishing hundreds of gigabytes of data allegedly obtained from the company. The data included 2.6M unique email addresses along with names, addresses and phone numbers. Much of the data appeared in healthcare enrollment files (ASC X12 transaction sets) with some containing Medicaid IDs, while additional data appeared in member records and related files. DentaQuest acknowledged "a cybersecurity incident involving unauthorized access to a limited portion of our network", and advised they had contained the attack and mitigated the threat.
• Baker Distributing May 23, 2026 • [ data extortion, data leak, ShinyHunters ] In May 2026, the HVAC/R wholesale distributor Baker Distributing Company was added to the ShinyHunters data extortion group's "pay or leak" site. In early June, the group publicly published data they claimed had been obtained from Baker's SharePoint and Salesforce infrastructure including 103k unique email addresses along with names, physical addresses, phone numbers and tickets relating to the company's HVAC contractor customer base. The exposed data was largely corporate contact and support information with limited sensitivity.
• Kinsmen Foundation May 22, 2026 • [ unauthorized access, data leak, contact information ] The Kinsmen Foundation, which runs Saskatchewan's TeleMiracle fundraiser, disclosed unauthorized access to certain applications on its systems. The incident was contained, regular operations and services were not affected, and the foundation said contact information and email addresses may have been exposed. The foundation notified law enforcement, engaged third-party experts, and said impacted donors would be contacted through Cyberscout.
• Almerys May 22, 2026 • [ data breach, healthcare, personally identifiable information ] Almerys, a French third-party health payments processor, suffered a May 2026 breach involving its online coverage authorization portal used by healthcare professionals and facilities. Reporting said hackers gained access to the portal and that a threat actor later advertised more than 44 million Almerys-linked records and more than 15 million unique French Social Security numbers for sale. Almerys reportedly took the affected portal offline as a containment measure; no named actor, encryption, data destruction, or attacker-caused operational disruption was confirmed.
• Undisclosed Vietnamese ministry-level agency 2 May 22, 2026 • [ data breach, cyberattack, unauthorized access ] Vietnamese cybersecurity authorities said hackers infiltrated one of two ministry-level agency systems containing millions of user records. VNCERT investigated the incidents on May 21-22, 2026, and reported that existing SOC monitoring systems at the affected agencies failed to detect the attacks.
• Based Apparel May 21, 2026 • [ malware, infostealer, social engineering ] Based Apparel's merchandise website was compromised and used to present visitors with a fake Cloudflare-style verification prompt that attempted to trick macOS users into running commands that installed infostealer malware. Reporting described the malware as commodity infostealer/Trojan activity intended to steal credentials and passwords. The website was taken offline after the compromise was reported; no confirmed theft of Based Apparel data or visitor data was publicly reported.
• Presidential Office of the Republic of North Macedonia May 21, 2026 • [ insider threat, espionage, data theft ] An unnamed IT administrator in the Presidential Office of the Republic of North Macedonia was reportedly suspected of copying, decrypting, encrypting, and storing confidential state data from presidential administration computer systems, with allegations that the material may have been intended for a foreign intelligence service. Public reporting did not name the administrator, identify the foreign service, quantify the data, or confirm operational disruption.
• Central Board of Secondary Education May 21, 2026 • [ unauthorized access, payment gateway vulnerability, price manipulation ] The CBSE revaluation portal's payment system was hit by an unauthorized malicious attack linked to the HDFC payment gateway integration when the portal went live. Approximately 50 students gained unauthorized access or were affected after displayed fee amounts were manipulated, causing payable amounts in some cases to range from Re 1 to nearly Rs 67,000-68,000. Public reporting did not identify the individuals or confirm theft of student data.
• Village of Chase May 19, 2026 • [ Business Email Compromise (BEC), Fraud, Financial Loss ] A vendors email account was compromised, causing the Village of Chase to send a payment to fraudulent bank details, resulting in a loss of $44,536; most of the funds were recovered and the loss was covered by prioryear surplus.
• Undisclosed Arizona dermatology clinic May 18, 2026 • [ healthcare data breach, medical data, HHS breach tracker ] A small dermatology clinic in Arizona was reported in the HHS breach tracker as having suffered a healthcare data breach. The initial public figure of 3 million affected individuals was later corrected in the HHS tracker to 500 individuals; the clinic name, breach method, exposed data fields, and threat actor were not reported.
• E-Control Systems May 18, 2026 • [ ransomware, data-extortion, IoT ] The Gentlemen ransomware group publicly claimed responsibility for a data-extortion attack against E-Control Systems, a California-based IoT-powered wireless temperature-monitoring technology company, on May 18, 2026 and threatened to publish sensitive data unless negotiations began. Public reporting did not confirm encryption, deletion, operational disruption, or the specific data volume.
• GitHub May 18, 2026 • [ poisoned extension, data breach, internal repositories ] GitHub confirmed that attackers compromised an employee device through a poisoned Visual Studio Code extension and exfiltrated approximately 3,800 internal repositories. TeamPCP claimed responsibility and reportedly offered the stolen data for sale, while GitHub said customer repositories and external enterprise customer data were not impacted.
• Delano Public Schools May 18, 2026 • [ ransomware, network compromise, service disruption ] Delano Public Schools experienced a network compromise discovered after unauthorized activity caused ransom messages to print throughout the district. The district shut down internet access while experts tested systems and canceled classes on May 20, 2026. Public reporting did not confirm data theft or successful encryption.