Full List

Search

Recent Breaches

• PSK WIND Technologies April 2, 2026 • [ data breach, hacktivism, server compromise ] Handala claimed it breached PSK WIND Technologies servers and deleted sensitive information tied to Israeli air-defense command-and-control systems.
• The Northern Ireland Education Authority April 2, 2026 • [ cyberattack, personal information, data breach ] The Northern Ireland Education Authority reported a cyberattack on the C2k school IT network that disrupted access and involved targeted access to confidential personal information.
• Coral Bay Nickel Corporation April 2, 2026 • [ ransomware, server encryption, cyberattack ] Coral Bay Nickel suffered ransomware encryption of two servers, but production systems remained unaffected and operations continued.
• DigiCert, Inc. April 2, 2026 • [ social engineering, malicious ZIP file, EV code-signing certificates ] A threat actor used DigiCert's customer support channel on April 2, 2026 to deliver a malicious ZIP file disguised as a customer screenshot, compromising two DigiCert support analyst systems. The attacker used analyst-level access to pivot into DigiCert's internal support portal and obtain initialization codes for approved EV code-signing certificate orders across specific customer accounts. DigiCert revoked 60 associated certificates by April 17, including 27 explicitly linked to the threat actor and 11 reported as used to sign Zhong Stealer malware; the specific perpetrator was not publicly identified.
• Rituals April 1, 2026 • [ data breach, unauthorized access, PII ] Rituals confirmed that an unauthorized download of My Rituals membership data occurred in April 2026, affecting customers in Europe, the United Kingdom, and the United States. The downloaded data included names, dates of birth, gender, postal and email addresses, phone numbers, preferred store locations, and account types; Rituals did not disclose the exact number of affected members, and reporting stated that passwords and payment data were not accessed.
• St. Joseph County April 1, 2026 • [ data breach, cloud security, fax server ] St. Joseph County confirmed a breach of an external cloud-based fax server while disputing Handalas broader 2 TB data-theft claim.
• At least one spyware-targeted WhatsApp user April 1, 2026 • [ spyware, malware, social engineering ] WhatsApp said about 200 users were tricked into installing a fake WhatsApp app containing spyware.
• National Health Insurance Company (CNAM) April 1, 2026 • [ cyberattack, data exfiltration, health insurance ] CNAM confirmed a cyberattack that may have resulted in limited data exfiltration from Moldovas health insurance database.
• At least one Facebook Business account owner April 1, 2026 • [ phishing, account takeover, credential harvesting ] The AccountDumpling phishing campaign, linked to Vietnamese criminal actors, abused Google AppSheet as a phishing relay to send authenticated phishing emails impersonating Meta/Facebook support. The phishing pages harvested Facebook Business account credentials, recovery information, 2FA codes, and identity documents, enabling account takeover and resale through an illicit storefront. Reporting mapped roughly 30,000 compromised accounts across more than 50 countries.
• Chime Financial, Inc. April 1, 2026 • [ cyberattack, data theft, server outage ] Islamic Cyber Resistance in Iraq (313 Team), also referenced as Team 313 or 313 Team, allegedly claimed responsibility online for attacking Chime's servers on April 1, 2026, causing a widespread outage that prevented customers from accessing accounts through the application and website. Lawsuits alleged that the incident also involved theft of sensitive customer information from Chime systems, but public reporting did not confirm the exact data volume, technical vector, or whether Chime independently confirmed the data-theft allegations.
• Belgrade School District April 1, 2026 • [ malware, system restoration, data breach investigation ] Belgrade School District confirmed that malware infected certain network systems, causing technology problems and requiring isolation, removal, security work, and restoration of affected systems. The district said known malware had been removed, but crews were still working to bring affected systems back online and restoration was expected to continue into June. The incident appears distinct from the separate Canvas/Instructure breach because public reporting describes malware in Belgrade School District's own network systems, not unauthorized access to Instructure's Canvas LMS. The district was investigating whether personal information belonging to students or staff was affected, but no confirmed data exposure, encryption, ransomware group, or named perpetrator was reported.
• Centre of Registers April 1, 2026 • [ stolen credentials, unauthorized access, database breach ] Attackers used stolen or misused login credentials assigned to authorized institutions to access Lithuania's Centre of Registers databases and extract more than 600,000 records from the Real Estate Register and Legal Entities Register. Lithuanian authorities suspected foreign-country involvement, but no specific country or actor was publicly confirmed.
• Charter Communications, Inc. April 1, 2026 • [ vishing, data leak, employee records ] ShinyHunters claimed it breached Charter Communications on April 1, 2026 through a vishing attack that compromised an employee Microsoft Entra account and enabled access to Charter's Salesforce instance. BleepingComputer and Have I Been Pwned reported that the later published dataset exposed 4.9 million unique email addresses/accounts, along with names, phone numbers, and physical addresses; a subset of approximately 85,000 internal employee-directory records also included job titles. Public reporting did not confirm encryption, data destruction, or operational disruption.
• Axios Javascript Client Library March 31, 2026 • [ supply chain attack, account takeover, malware ] A threat actor hijacked the npm account of Axios's lead maintainer and published malicious versions 1.14.1 and 0.30.4 with a hidden dependency that deployed a RAT on systems that installed the packages; the poisoned versions were later removed.
• Town of Pepperell March 31, 2026 • [ cyberattack, public safety, municipal systems ] A cyberattack impacted Pepperell's employee computer systems and public safety departments, knocking out certain business phone lines and disrupting some municipal and dispatch-related systems while 911 service remained operational.
• Hallmark March 31, 2026 • [ data leak, extortion, support tickets ] In March 2026, Hallmark suffered an alleged breach and subsequent extortion after attackers gained access to data stored within Salesforce. The data was later published after the extortion deadline passed, exposing 1.7M unique email addresses across both Hallmark and the Hallmark+ streaming service, along with names, phone numbers, physical addresses and support tickets.
• Adaptavist Group March 31, 2026 • [ unauthorized access, stolen credentials, data theft ] Adaptavist Group detected unauthorized access to some systems in late March 2026 after an intruder used stolen credentials. Adaptavist said the accessed systems contained typical business data such as contact information, contracts, and NDAs; The Gentlemen claimed responsibility and claimed 24 GB of data theft, allegedly including source code, customer records, internal documents, credentials, and production-system references, but Adaptavist did not confirm the full claim.
• Remita Payment Services Ltd March 31, 2026 • [ data exfiltration, KYC documents, database leak ] Remita Payment Services Ltd was named in Nigerian data-protection investigations after ByteToBreach claimed to have exfiltrated approximately 3 TB of data from Remita-linked systems, including KYC documents, databases, logs, backups, source code, password hashes, and customer and employee records. The Nigeria Data Protection Commission served notices of investigation on April 1, 2026, and the claimed data theft remains under investigation.
• Świętokrzyskie Rehabilitation Center March 31, 2026 • [ ransomware, encryption, personal data ] witokrzyskie Rehabilitation Center reported a ransomware attack that encrypted personal-data files and may have exposed data.
• Patriot Regional Emergency Communications Center March 31, 2026 • [ cyberattack, service disruption, emergency services ] A cyberattack disrupted non-emergency and business telephone lines for police, fire, and EMS departments in Pepperell, Dunstable, Townsend, and Ashby; 911 service remained functional and no private user information was reported compromised.