Toy Battles
February 6, 2026
•[ data leak, gaming, PII ]
In February 2026, the online gaming community Toy Battles suffered a data breach. The incident exposed 1k unique email addresses alongside usernames, IP addresses and chat logs. Following the breach, Toy Battles self-submitted the data to Have I Been Pwned.
Tulsa International Airport
January 31, 2026
•[ ransomware, data leak, internal documents ]
Qilin ransomware gang claimed responsibility for a ransomware attack on Tulsa International Airport and posted leaked internal documents; airport confirmed incident but not the attribution.
Association Nationale des Premiers Secours
January 30, 2026
•[ data breach, PII, legacy system ]
In January 2026, a data breach impacting the French non-profit Association Nationale des Premiers Secours (ANPS) was posted to a hacking forum. The breach exposed 5.6k unique email addresses along with names, dates of birth and places of birth. ANPS self-submitted the data to HIBP and advised the incident was traced back to a legacy system and did not impact health data, financial information or passwords.
Ttareungyi (Seoul public bike-sharing service)
January 30, 2026
•[ data breach, PII exposure, data leak ]
Approximately 4500000 user records including user IDs and mobile phone numbers were exposed in a data breach affecting Seouls public bike-sharing service Ttareungyi; authorities stated the timing of the exposure was under investigation, and no attacker attribution had been confirmed at the time of reporting.
Multiple organizations with exposed MongoDB databases
January 30, 2026
•[ MongoDB, data breach, ransomware ]
A threat actor actively accessed, queried, and ransacked more than 1400 publicly exposed MongoDB application servers, exfiltrating data and leaving ransom notes demanding payment in exchange for deletion or non-disclosure of the stolen information.
At least one government, military, and technology entity in Ukraine
January 30, 2026
•[ APT, vulnerability exploitation, state-sponsored attack ]
Security researchers reported that state-sponsored advanced persistent threat groups exploited a WinRAR vulnerability in real-world attacks that successfully compromised at least one government, military, and technology organization in Ukraine, using malicious archive files to gain unauthorized access to victim systems.
Match Group Inc. (Tinder, Hinge, OkCupid)
January 29, 2026
•[ data leak, cybercrime, ShinyHunters ]
A cybercrime group calling itself ShinyHunters claimed responsibility for accessing and leaking limited user and internal data from Match Group platforms. Match Group confirmed a security incident but stated that passwords, financial information, and private messages were not compromised.
Embark Studios (Arc Raiders & The Finals servers)
January 28, 2026
•[ DDoS attacks, server disruption, gameplay instability ]
Embark Studios confirmed that the multiplayer games ARC Raiders and The Finals were hit by extensive, coordinated DDoS attacks that disrupted servers, leading to connection drops, lag, and gameplay instability for players worldwide.
Bumble Inc. (dating app)
January 28, 2026
•[ unauthorized access, internal network, compromised account ]
A contractor account at Bumble was compromised, granting limited unauthorized access to part of the internal network. Bumble stated that no user accounts, profile data, messages, or member databases were accessed.
City of New Britain
January 28, 2026
•[ ransomware, cyberattack, infrastructure disruption ]
City of New Britain municipal systems were taken offline following a ransomware attack that disrupted internal networks and communications, prompting coordination with federal and state authorities to restore services.
Euroxx Securities S.A.
January 27, 2026
•[ cyberattack, defensive shutdown, system shutdown ]
Cyberattack on Euroxx prompted a defensive system shutdown; no disruption or data loss confirmed.
Concello de Sanxenxo (Spanish Municipality)
January 26, 2026
•[ ransomware, data encryption, bitcoin ]
A ransomware attack encrypted thousands of administrative documents at the Concello de Sanxenxo, prompting a $5,000 Bitcoin ransom demand. The city refused to pay and is restoring systems from backups; the incident disrupted internal municipal operations and required a formal complaint to the Guardia Civil.
Ukrainian Armed Forces digital platforms (Sonata messenger)
January 26, 2026
•[ hacktivism, cyber operations, denial of service ]
Hacktivists disrupted a secure messaging platform used by the Ukrainian Armed Forces, blocking communications as part of cyber operations linked to the RussiaUkraine conflict.
Vladimir Bread Factory
January 26, 2026
•[ cyberattack, operational disruption, delivery disruption ]
A cyberattack knocked offline internal digital systems at a Russian bread factory, disrupting order processing and deliveries while production lines continued operating.
Delta (Russian Security and Alarm Services Company)
January 26, 2026
•[ cyberattack, service disruption, state-sponsored attack ]
A cyberattack attributed to a hostile foreign state disrupted Deltas alarm and vehicle services for thousands of users. No customer data compromise confirmed.
Enviro-Hub Holdings Ltd.
January 25, 2026
•[ ransomware, server breach ]
Enviro-Hub Holdings Ltd. disclosed a ransomware attack targeting group servers; company reported no material operational impact.
Waltio
January 24, 2026
•[ data leak, extortion, cryptocurrency ]
French crypto tax platform Waltio reported being targeted by the ShinyHunters group, which claimed to possess personal data for nearly 50,000 users and threatened to leak users 2024 tax reports unless a ransom was paid. Waltio stated that its services and production systems remained secure and that no sensitive banking credentials or crypto access data was compromised. The incident primarily involves alleged data theft and extortion threats rather than service disruption, with the full scope of stolen fields not detailed in the summary.
Winona County
January 23, 2026
•[ ransomware, forensics, emergency services ]
Winona County, Minnesota reported responding to a ransomware incident that impacted its computer network. The county engaged third-party cybersecurity and forensics specialists and coordinated with local, state, and federal law enforcement. While emergency services such as 911, fire, and emergency response operations were reported to remain operational, the incident was significant enough that county leadership declared a local emergency. Further technical details, including the ransomware variant, extent of disruption across departments, and whether data was stolen, were not provided in the brief public update.
Crunchbase
January 23, 2026
•[ vishing, social engineering, credential theft ]
Reporting on an Okta SSO vishing (voice-phishing) campaign, ShinyHunters reportedly confirmed to a researcher that it conducted the campaign and launched a new dark web leak site. According to the report, ShinyHunters claimed that multiple victims had their data posted after refusing extortion demands, naming Crunchbase, SoundCloud, and Betterment as initial examples. The incident reflects social-engineering-driven credential theft leading to unauthorized access and data theft, followed by extortion and publication of alleged victim data.
At least one blockchain developer
January 22, 2026
•[ phishing, blockchain, credential theft ]
IT technicians and blockchain developers were targeted in a phishing campaign attributed to the NGB 3rd Technical Surveillance Bureau (KONNI/APT37), resulting in unauthorized access to end-user systems and the compromise of stored development and infrastructure credentials.
