Full List

Search

Recent Breaches

• Pivot Health March 13, 2026 • [ unauthorized access, cloud security, health insurance information ] Pivot Health became aware of suspicious activity in its Amazon Web Services environment on or around March 13, 2026. Its investigation determined that an unauthorized actor accessed the AWS environment at various times between February 26, 2026 and March 13, 2026, and that certain information stored in AWS was viewed or copied. The affected data included health insurance and coverage information, identifiers, dates of coverage, and in some cases financial account information. Public reporting did not identify a responsible actor, ransomware, or operational disruption.
• Crunchyroll March 12, 2026 • [ data breach, data leak, PII ] In March 2026, the anime streaming service Crunchyroll suffered a data breach alleged to have impacted 6.8M users. The exposed data is reported to have originated from the company's Zendesk support system where "name, login name, email address, IP address, general geographic location and the contents of the support tickets" were exposed. A subset of 1.2M email addresses from an alleged 2M record dataset being sold was later provided to HIBP.
• Telus Digital March 12, 2026 • [ Data breach, Credential theft, Cloud security ] Telus Digital confirmed a security incident after ShinyHunters claimed it stole nearly 1 petabyte of data in a multi-month breach. Reporting stated ShinyHunters said it gained initial access using Google Cloud Platform credentials found in data stolen in the Salesloft/Drift breach, and that Telus was not negotiating. At publication, Telus Digital had not been added to the actors leak site in the cited report, and specific data categories and affected individuals were not publicly enumerated in the DataBreaches summary.
• England Hockey March 12, 2026 • [ ransomware, data leak, extortion ] England Hockey said it is investigating after the AiLock ransomware group listed the organization on its leak site and claimed it stole 129GB of data. England Hockey stated it is working with internal teams and external experts to determine what occurred. Public reporting did not confirm encryption or service disruption; the confirmed effect at reporting time was a data-theft/extortion claim under investigation.
• An undislcosed organization March 12, 2026 • [ ransomware, social engineering, data theft ] IBM X-Force described a case where a threat actor remained on a compromised server for more than a week and stole data during an Interlock ransomware intrusion. The attack began with ClickFix social engineering and later deployed a PowerShell backdoor called Slopoly (likely AI-assisted), alongside other components such as NodeSnake and InterlockRAT. The article is a case-study/campaign description and does not name the victim organization or quantify the affected records beyond describing persistence and data theft.
• Iraqi Ministry of Foreign Affairs email account March 12, 2026 • [ cyber espionage, phishing, intelligence collection ] Proofpoint reported a surge in Iran-linked and conflict-themed cyber espionage activity targeting governments, diplomats, and organizations across the Middle East, often using compromised government email accounts to deliver phishing lures and collect intelligence. Check Point analysis cited overlaps between Iran-linked actors (including MuddyWater and Void Manticore/Handala) and cybercrime tools and infrastructure. This is campaign-level reporting without a single named victim incident and bounded primary-effect metrics.
• Crunchyroll March 12, 2026 • [ data leak, malware, third-party risk ] The Record reported an unidentified threat actor claimed to have breached a Telus employee account in India (a business process vendor for Crunchyroll with access to support tickets). The attacker said they infected the employee device with malware and stole about 100GB of data from Crunchyrolls ticketing system. The outlet reported samples included IP addresses, email addresses, and other information related to customer service tickets. Screenshots showed access to Crunchyrolls platforms including Slack, Zendesk, and Google Workspace; the hacker claimed the breach occurred on March 12, 2026 and that access was revoked within 24 hours.
• One Syrian government email account March 12, 2026 • [ phishing, credential harvesting, account compromise ] Proofpoint also observed activity from a cluster tracked as UNK_NightOwl that sent phishing emails to a Middle Eastern government ministry using both a compromised Syrian government account and an attacker-controlled address. The emails referenced the escalating conflict and directed recipients to a domain spoofing Microsoft OneDrive that hosted an Outlook Web App-style credential harvesting page before redirecting victims to a legitimate conflict monitoring site.
• Verifone March 11, 2026 • [ hacktivism, data breach claim, cyber attack ] Cybernews reported that the pro-Iranian hacktivist group Handala claimed it attacked two US multinationals with ties to Israelpayments firm Verifone and medical technology firm Strykerframing the actions as retaliation. Verifone denied the breach claims. The article describes actor claims and escalation risk, but does not provide independently verified evidence of successful compromise or confirmed stolen data for either company in the reporting.
• Michelin March 11, 2026 • [ data breach, zero-day exploitation, hacking campaign ] Michelin confirmed it was impacted by the Oracle E-Business Suite (EBS) hacking campaign, which SecurityWeek reports was claimed by Cl0p and involved exploitation of an Oracle EBS zero-day. Michelin stated that hackers accessed some files, but said only a small, localized volume of data was affected and it contained no sensitive or technical IT information; the company also said there was no ransomware and no impact on its global systems, and that corrective actions were effective. SecurityWeek reported the cybercriminals publicly released more than 315GB of archives allegedly stolen from Michelin, with a file-tree review indicating at least some data originated from an Oracle EBS environment.
• Trio-Tech subsidiary March 11, 2026 • [ ransomware, encryption, data breach ] The Record reported that Trio-Tech International told regulators its subsidiary in Singapore suffered a ransomware attack discovered on March 11, 2026. The filing said the attack led to encryption of files within the subsidiarys network. Trio-Tech took the network offline, notified law enforcement in Singapore, and hired cybersecurity experts to respond. The company said it was still restoring systems and that it was unclear what data may have been taken, but that the subsidiary was in the process of notifying affected parties.
• Hanover County Public Schools March 11, 2026 • [ ransomware, network data access, personally identifiable information ] Hanover County Public Schools experienced a March 2026 data-security incident that disrupted internet service and multiple school systems. The district later said a malicious actor gained access to network data and attempted to deploy ransomware to encrypt portions of the network, but the access was terminated soon after detection and successful encryption was not confirmed. The district warned that personally identifiable information may have been viewed or accessed.
• Albania’s parliament March 10, 2026 • [ cyberattack, email disruption, system compromise ] The Record reported Albanias parliament said it was targeted by a sophisticated cyberattack intended to delete data and compromise internal systems. Parliament stated its main systems and website remained operational, but internal email services used by the parliamentary administration were temporarily suspended, disrupting both incoming and outgoing communications. Local media reported staff and lawmakers could not access computers and email systems for several hours. The report does not confirm data theft; the confirmed primary effect is temporary internal email disruption.
• Loblaw March 10, 2026 • [ data breach, unauthorized access, customer information ] Canadian retailer Loblaw disclosed a data breach after a criminal third party accessed basic customer information. The company said the accessed data included names, email addresses and phone numbers. Loblaw stated its investigation indicated passwords, health information, and credit card data were not compromised, and PC Financial was not impacted. The company did not provide the number of affected customers, the intrusion vector or evidence of ransomware. The confirmed primary effect is unauthorized access to limited customer contact information.
• Israeli surveillance cameras March 10, 2026 • [ espionage, security cameras, password security ] Israels National Cyber Directorate stated it had identified dozens of Iranian breaches into security cameras for espionage purposes since the start of the regional war. The directorate said it was alerting hundreds of camera owners and urged the public to change passwords and update software to reduce both national and personal security risk.
• Slavia Insurance March 10, 2026 • [ data breach, medical records, vendor error ] Czech insurer Slavia pojiovna reported that attackers obtained about 150 GB of sensitive data, including insurance documents, medical records, and direct communications with clients. The companys spokesperson attributed the incident to an error by a supplier/vendor and said the issue was detected by Slavias security systems and remediation steps were underway to prevent recurrence. Public reporting did not identify the attacker or provide counts of affected clients, but indicated the stolen data types are sensitive and could enable fraud or targeted extortion/phishing.
• At least one Dutch government official March 9, 2026 • [ social engineering, phishing, state-sponsored hackers ] Dutch intelligence services warned that Russian state hackers are attempting to gain access to large numbers of Signal and WhatsApp accounts belonging to senior officials, military personnel, and civil servants worldwide. The campaign uses social engineering to trick users into revealing verification and PIN codes, including posing as a Signal support chatbot. The report notes Dutch government employees have also been targeted and, in some cases, compromised. This is campaign/advisory reporting rather than a single discrete victim event.
• The City of Arab March 9, 2026 • [ phishing, BEC, social engineering ] GovTech reported that the City of Arab, Alabama was hit by a socially engineered phishing/BEC-style fraud in which perpetrators impersonated a legitimate officer of the contractor (FITE Construction) and induced the city to issue a fraudulent payment of $432,739.21 to an unauthorized entity. City leaders stated the fraud was detected internally and triggered a broader investigation. The report focuses on financial loss via social engineering rather than system disruption or data theft.
• Perm parking payment system March 9, 2026 • [ DDoS attack, service disruption, cyberattack ] The Record reported that the Russian city of Perm restored its parking payment system after a cyberattack the prior week knocked the service offline for several days, temporarily making parking free. Local officials said the disruption was caused by a large-scale DDoS attack that overwhelmed the citys automated parking payment infrastructure. No data theft was described; the primary effect was service availability disruption.
• Undisclosed cryptocurrency organization March 9, 2026 • [ cryptocurrency, social engineering, cloud compromise ] The Hacker News reported (citing Google Cloud) that North Korea-linked UNC4899 conducted a sophisticated 2025 cloud compromise targeting an unnamed cryptocurrency organization, stealing millions in cryptocurrency. The intrusion began with social engineering that tricked a developer into downloading a malicious archive for a supposed open-source collaboration; the developer then transferred the file to a work device via AirDrop. After malicious Python code executed and a binary masquerading as kubectl ran, the attackers pivoted into the cloud environment and abused legitimate DevOps workflows to harvest credentials, escape container confines, and tamper with Cloud SQL databases to modify financial logic enabling theft. This is coded as a confirmed successful intrusion with financial theft.