Portend Breaches

La Mutuelle Familiale March 17, 2026 • [ cyberattack, service disruption, investigation ] La Mutuelle Familiale disclosed a cyberattack detected on March 17, 2026 that temporarily disrupted multiple member and back-office services while investigations continued; no perpetrator or data theft was publicly confirmed.

Police Nationale (France) training platform users March 17, 2026 • [ data breach, hacking, government ] 01net reported that data relating to French police personnel was stolen after the e-campus training platform was hacked.

Outpost24 March 16, 2026 • [ phishing, DKIM, social engineering ] SecurityWeek reported that a C-level executive at Outpost24 was targeted with a sophisticated phishing attempt that used a DKIM-signed email, trusted redirection infrastructure, compromised servers, and Cloudflare-protected phishing pages. Outpost24s subsidiary Specops Software said it detected and blocked the attack early before any systems were compromised or users impacted.

At least one member of the Ukrainian armed forces March 16, 2026 • [ espionage, spyware, phishing ] The Record reported researchers attributed a new espionage campaign targeting Ukrainian organizations to the Russia-linked group Laundry Bear (Void Blizzard), active since at least 2024. The campaign used spyware embedded in documents themed around Starlink satellite terminals and a well-known Ukrainian charity. The article is campaign reporting (multiple targets) and does not provide a single named victim incident with bounded impact metrics.

At least one KakaoTalk user March 16, 2026 • [ malware, account takeover, cyberattack ] Yonhap/The Korea Times reported a North Korea-linked group used stolen KakaoTalk accounts to distribute malware in recent cyberattacks, highlighting a new propagation tactic. Reporting said the threat actors compromise victims, gain access to KakaoTalk desktop accounts, and then use that trusted messaging channel to push malicious payloads to selected contacts.

CareCloud March 16, 2026 • [ unauthorized access, service disruption, electronic health record ] An unauthorized third party temporarily accessed part of CareCloud Health and partially disrupted functionality and data access in one electronic health record environment before service was restored the same evening.

Roan and Eurocamp March 16, 2026 • [ data breach, phishing, supply chain attack ] Roan and Eurocamp disclosed that an unauthorized third party exploited a vulnerability in a third-party technology provider on March 16, 2026 and stole guest booking data later used in WhatsApp scam attempts; no encryption was reported.

CareCloud, Inc. March 16, 2026 • [ unauthorized access, network disruption, electronic health records ] CareCloud experienced unauthorized access and a temporary network disruption on March 16, 2026 that partially affected functionality and data access to one of its six electronic health record environments for approximately eight hours.

Omi Kenshi Co., Ltd March 16, 2026 • [ unauthorized access, system failure, operational disruption ] On March 16, 2026, Omi Kenshi Co., Ltd. experienced unauthorized external access that caused system failure and suspension of core systems, delaying financial closing procedures.

Los Angeles County Metropolitan Transportation Authority March 16, 2026 • [ unauthorized access, infrastructure disruption, state-sponsored ] Los Angeles County Metropolitan Transportation Authority detected unauthorized activity on March 16, 2026 and restricted parts of its internal network while reviewing and restoring systems. Rail and bus service continued, but some customer-facing services, including arrival information displays and TAP card reload functions, were disrupted. Ababil of Minab claimed responsibility, and Gambit Security linked the operation to Iranian state-associated infrastructure.

COMPAS (French Ministry of Education) March 15, 2026 • [ data leak, intrusion, personal information ] An intrusion into the French Education Ministry's COMPAS system exposed personal information linked to approximately 243,000 trainees and permanent education staff.

Intoxalock March 14, 2026 • [ cyberattack, denial of service, DDoS ] DataBreaches summarized local reporting that a cyberattack shut down Intoxalocks nationwide breathalyzer interlock system, preventing affected drivers from starting vehicles because server-side systems were down. Intoxalock stated hackers were flooding its servers to stop them from functioning. The outage affected device-related services such as installations, removals, calibrations, and account access across 46 states. The company stated user data was secure and did not disclose whether a ransom demand was made; no public claim of responsibility was noted at publication.

City of Minot Water Treatment Plant March 14, 2026 • [ ransomware, critical infrastructure, utilities ] Minot, North Dakota officials confirmed a ransomware event impacted a server at the citys water treatment plant on March 14, 2026. The city said the water treatment plant and broader water system remained operational and safe, with no interruption to water service reported.

Divine Skins March 13, 2026 • [ data breach, unauthorised access, data leak ] In March 2026, the League of Legends custom skins service Divine Skins suffered a data breach. The incident was disclosed via the service's Discord server, where Divine Skins stated that an unauthorised third party accessed part of its systems, deleted all skins from the database and exposed email addresses and usernames. The data also contained a history of purchases made by users.

Dekalb County March 13, 2026 • [ ransomware, email disruption, inmate booking systems ] A ransomware attack hit the DeKalb County Sheriffs Department and jail in Smithville, Tennessee, disrupting email and inmate booking systems. Officials said the booking program suddenly stopped during an intake early Friday morning, and the sheriff indicated the main server controlling departmental email and booking software (and other functions) was affected. The report did not specify the ransomware group, the intrusion vector, whether data was stolen, or how long services would remain disrupted.

Romanian Ministry of Foreign Affairs March 13, 2026 • [ DDoS, cyberattack, service interruption ] Romanias Ministry of Foreign Affairs stated that a distributed denial-of-service (DDoS) attack targeted the eviza.mae.ro and econsulat.ro platforms on the afternoon of March 13 and into the start of the night of March 14, 2026. MAE said protective equipment and specialists significantly reduced the impact and that systems were functioning normally afterward. The ministry stated DDoS attacks do not imply data compromise and that no sensitive information was accessed, but services were slowed and briefly inaccessible.

Companies House March 13, 2026 • [ data leak, PII exposure, broken access control ] Computer Weekly reported Companies House pulled its WebFiling service offline on Friday, March 13, 2026 after a security issue was discovered that exposed certain data to other logged-in users with an authorized code. Companies House said exposed data included dates of birth, residential addresses, and company addresses, and that it may have been possible to perform unauthorized actions such as changing directors or filing accounts. It stressed that credentials and identity verification data (e.g., passport information) were not exposed and that existing filed documents could not be altered. WebFiling was restored by Monday, March 16, and Companies House urged companies to review filings and report anomalies.

Duffy’s Sports Grill March 13, 2026 • [ ransomware, system disruption, payment systems ] Duffys Sports Grill experienced system problems that disrupted card payments and its MVP rewards program at some Florida locations; outside reporting said Qilin claimed responsibility, but no data theft was confirmed publicly.

Bonifraterskie Medical Center March 13, 2026 • [ ransomware, data leak, personal data ] Bonifraterskie Medical Center reported a ransomware attack that encrypted part of its server infrastructure and likely exposed personal data.

Medica Publishing Co., Ltd March 13, 2026 • [ ransomware, data leak, personal information ] A ransomware attack encrypted Medica Publishings systems on March 13, 2026, halting order processing, shipping, and customer inquiries, and the company later confirmed leakage of some personal and transaction-related information.

Recent Breaches