Full List

Search

Recent Breaches

• Westfield Mall of the Netherlands March 9, 2026 • [ phishing, data leak, PII ] Westfield Mall of the Netherlands informed customers that unauthorized persons accessed a database containing information for newsletter subscribers and Westfield Club loyalty program members. Reported exposed fields include first and last name, email address, telephone number, postal code, and date of birth. The mall said no financial data was compromised because bank account numbers, credit card details, and passwords were not stored in the affected database. The mall warned of phishing risk, reported the incident to data protection authorities, and URW filed a complaint with competent authorities.
• JBS Brasil March 9, 2026 • [ ransomware, data leak, corporate data ] A ransomware group calling itself Coinbasecartel claimed it breached JBS Brasil and obtained approximately 3 TB of corporate data. The report noted the actor did not provide verifiable samples or clear technical indicators supporting the claim, and did not describe the specific file types or whether encryption/disruption occurred.
• Community College of Beaver County March 9, 2026 • [ ransomware, cryptolocker, extortion ] Community College of Beaver County said it was under an encryption-based cryptolocker attack that forced a lockdown of college IT resources, and later outside reporting tied the incident to an Interlock extortion claim alleging theft of 780 GB of data.
• Baydöner March 8, 2026 • [ data breach, data leak, plaintext passwords ] In March 2026, the Turkish restaurant chain Baydner suffered a data breach which was subsequently published to a public hacking forum. The incident exposed over 1.2M unique email addresses along with names, phone numbers, cities of residence and plaintext passwords. A small number of records also included Turkish national ID number and date of birth. In their disclosure notice, Baydner stated that payment and financial data was not affected.
• The Independent Public Regional Hospital March 7, 2026 • [ cyberattack, ransomware, data encryption ] A cyberattack hit the Independent Public Regional Hospital in Szczecin, Poland, overnight on 03/0703/08/2026, forcing staff to revert to paper-based operations. Hospital authorities said the attack encrypted parts of hospital data and blocked access to critical digital records, temporarily disrupting digital operations. Officials stated urgent treatments and admissions continued, but administrative processes were slower while IT teams worked to restore system access.
• Elecq March 7, 2026 • [ ransomware, data breach, cloud security ] Fleet World reported that EV charging solutions provider Elecq suffered a ransomware attack on its AWS cloud platform discovered on March 7, 2026 after unusual activity. A notice to customers said compromised information included customer names, email addresses, phone numbers, home addresses, and location data. The company stated that no payment/financial information was accessed and that the physical charging devices were not affected and remained secure and operational.
• Aura March 6, 2026 • [ data leak, PII exposure, marketing tool breach ] In March 2026, the online safety service Aura disclosed a data breach that exposed 900k unique email addresses. The data was primarily associated with a marketing tool from a previously acquired company, with fewer than 20k active Aura customers affected. Exposed data included names, phone numbers, physical and IP addresses, and customer service notes. Aura advised that no Social Security numbers, passwords or financial information were compromised.
• FBI surveillance system March 6, 2026 • [ data breach, surveillance system, law enforcement sensitive information ] Reporting stated the White House was working with the FBI, NSA, and CISA to respond to an apparent breach of an FBI surveillance system disclosed to Congress. The system is unclassified but contains law-enforcement sensitive information, including returns from legal process such as pen register and trap-and-trace surveillance returns, and personally identifiable information about subjects of FBI investigations. The report did not identify the attacker, intrusion vector, or the full scope/timeline of access.
• Undisclosed U.S. aerospace and defense firm March 6, 2026 • [ backdoor, data exfiltration, nation-state actor ] SecurityWeek summarized Broadcom Symantec/Carbon Black reporting that Iran-linked MuddyWater (also known as Seedworm/Mango Sandstorm and linked to Irans MOIS) had established presence in multiple organizations networks, including a US airport, a US bank, an NGO operating in the US and Canada, an aerospace and defense contractor, and a software company with a presence in Israel. The report said MuddyWater deployed a new backdoor called Dindoor in several environments and a Python backdoor called Fakeset in others, and attempted to exfiltrate data from the software companys Israeli branch.
• Undisclosed telecom company in South America March 6, 2026 • [ cyberespionage, threat cluster, malware ] Cisco Talos reported a China-linked threat cluster tracked as UAT-9244 has targeted telecommunications infrastructure in South America since 2024, using multiple implants across Windows, Linux, and edge devices. The toolset described includes TernDoor (Windows), PeerTime (Linux), and BruteEntry (edge devices used for mass scanning and brute forcing services like SSH, Postgres, and Tomcat). The report describes tradecraft and malware but does not identify a single named victim organization or a bounded primary-effect incident suitable for a discrete event record.
• Orthopaedic Institute of Western Kentucky March 6, 2026 • [ data breach, third-party vendor, medical records ] Orthopaedic Institute of Western Kentucky disclosed a patient data breach tied to two separate security incidents at its third-party vendor Keystone Technologies. Reporting stated one incident occurred in April 2025 and another occurred between July and August 1, 2025, and that in both cases unauthorized parties accessed files containing patient information. The disclosure indicated the potentially exposed data could include medical records, Social Security numbers, and addresses. No threat actor attribution, precise access method, or affected-patient count was provided in the brief report.
• CFGI March 6, 2026 • [ ransomware, leak, finance ] In March 2026, the financial consulting and advisory firm CFGI was the target of a ShinyHunters "pay-or-leak" extortion campaign. The group subsequently publicised data allegedly obtained from CFGI comprising corporate contact information, including 243k unique email addresses, names, phone numbers and physical addresses.
• Wikimedia Foundation March 5, 2026 • [ JavaScript worm, script injection, vandalism ] A self-propagating JavaScript worm modified user scripts and vandalized Meta-Wiki pages, triggering automated edits that injected hidden scripts and disruptive content. Wikimedia engineers temporarily restricted editing across projects during investigation and cleanup, then reverted malicious changes and restored editing. Reporting indicated nearly 4,000 pages were modified and about 85 users had their common.js files replaced during the incident.
• Soreco March 5, 2026 • [ ransomware, data theft, extortion ] Swiss business software provider Soreco confirmed it was hit by a ransomware attack. The Bravox group claimed responsibility on its leak site and asserted it stole roughly 118.2 GB of Soreco data while attempting to extort the company. Soreco told media that operational impact was minimal and that it did not intend to pay the ransom. Public reporting did not specify the intrusion vector, affected systems, or whether any data was published at the time of reporting.
• Woflow March 5, 2026 • [ supply-chain risk, extortion, data leak ] ShinyHunters claimed it compromised Woflow, an AI-driven merchant data platform, in what was described as a supply-chain risk for major clients. The group threatened to leak data by March 6, 2026 if demands were not met, and claimed it stole internal corporate information, personally identifiable information, and transaction/order details. Reporting noted the group did not provide a verifiable public data sample and Woflow did not provide a public response at the time, so the incident remains an alleged breach based on the extortion claim.
• Uyghur Post March 5, 2026 • [ DDoS attack, availability, website offline ] Uyghur Post was hit by a sustained DDoS attack that knocked the website offline and prevented publication.
• Station Casinos LLC March 5, 2026 • [ unauthorized access, personal information, PII ] Station Casinos LLC identified unauthorized external access to its systems on March 5, 2026 and began notifying affected individuals in May 2026. Public filings confirmed names were exposed and warned that additional personal information may have been compromised, but the company had not publicly confirmed the total number of affected individuals.
• SUCCESS March 4, 2026 • [ data breach, personal information, password hashes ] In March 2026, the personal development and achievement media brand SUCCESS suffered a data breach. The incident exposed 250k unique email addresses along with names, IP addresses, phone numbers and, for a limited number of staff members, bcrypt password hashes. The data also included orders containing physical addresses and the payment method used. In SUCCESS' disclosure notice, they advised their system had also been abused to send offensive newsletters with quotes falsely attributed to contributors.
• Passaic County March 4, 2026 • [ malware, cyberattack, availability disruption ] Passaic County, New Jersey reported a malware attack that disrupted county IT systems and took down phone lines used across government offices. The county first announced the phone outage the morning of March 4 and later confirmed the same day that the outage was caused by a cyberattack. Officials said they were working with federal and state partners to investigate and contain the issue and would provide updates once resolved. No data theft, ransomware demand, or impacted record counts were disclosed in the public statement; the confirmed primary effect is availability disruption affecting communications and IT services.
• Lehigh Carbon Community College March 4, 2026 • [ data breach, IT disruption, campus closure ] Reporting stated that Lehigh Carbon Community College in Pennsylvania suffered a data breach that forced the college to close all campuses for more than a week in early March 2026. After reopening, IT disruptions reportedly persisted (including lack of Wi-Fi and phone service), indicating ongoing recovery and restoration of core services. A trustee publicly attributed the closures to a data breach, but the college did not disclose a threat actor, entry vector, or specific data types in the public reporting cited.