Full List

Search

Recent Breaches

• Livingston HealthCare February 13, 2026 • [ cybersecurity incident, network disruption, system outage ] Livingston HealthCare reported a potential cybersecurity incident that disrupted phone systems and network services and led the hospital to take certain systems offline while recovery continued.
• EBR Systems February 13, 2026 • [ network disruption, unauthorized access, patient health data ] EBR Systems experienced a network disruption around February 13, 2026 and later determined that certain information stored on its network, including a limited amount of patient health data, was subject to unauthorized access; the incident was contained and did not cause material business disruption.
• Odido February 12, 2026 • [ data breach, extortion, data leak ] In February 2026, the Dutch telco Odido was the victim of a data breach and subsequent extortion attempt. Following the incident, 1M records containing 317k unique email addresses was published publicly, with a threat by the attackers to continue leaking more data in the following days. The data also included names, physical addresses, phone numbers, bank account numbers and notes about customers left by service operators. Odido has published a disclosure notice detailing the extent of the incident, providing an FAQ and advising the incident also impacted dates of birth, passport and drivers licence numbers.
• Odido February 12, 2026 • [ data breach, extortion, data leak ] In February 2026, Dutch telco Odido was the victim of a data breach and subsequent extortion attempt. Shortly after, 1M records containing 317k unique email addresses were published, followed by further releases exposing an additional 371k and then 833k unique email addresses, with the latter also including passport, drivers licence and European national ID numbers. The exposed data includes names, physical addresses, phone numbers, bank account numbers and customer service notes. Odido has published a disclosure notice advising that impacted data may also include dates of birth and government-issued identity document numbers.
• Odido February 12, 2026 • [ data breach, extortion, PII ] In February 2026, Dutch telco Odido was the victim of a data breach and subsequent extortion attempt. Shortly after, a total of 6M unique email addresses were published across four separate data releases over consecutive days. The exposed data includes names, physical addresses, phone numbers, bank account numbers, dates of birth, customer service notes and passport, drivers licence and European national ID numbers. Odido has published a disclosure notice including an FAQ to support affected customers.
• Werkstatt Bremen February 12, 2026 • [ ransomware, cyberattack ] Following a cyberattack on a municipal company in Bremen , the IT systems of the police evidence unit were also affected. The public prosecutor's office is investigating, a spokesperson said, confirming reports from Radio Bremen and the "Weser Kurier." The attack involved ransomware.
• Figure February 12, 2026 • [ social engineering, data leak, extortion ] Figure Technology Solutions confirmed it suffered a data breach after an employee fell victim to a social engineering attack, with attackers obtaining a limited number of files. SecurityWeek reported that the ShinyHunters group took credit and posted archive files on its leak site; Have I Been Pwned analysis identified roughly 967,000 user records in the leaked data. The exposed information includes names, dates of birth, email addresses, postal addresses, and phone numbers. The reporting frames the incident as data theft/extortion without describing service disruption to Figures lending operations.
• LIGA.net February 12, 2026 • [ DDoS, intrusion attempts, vulnerability probing ] Ukrainian outlet LIGA.net reported it was experiencing massive DDoS attacks and ongoing intrusion attempts for five days. The organization said attacks originated primarily from China, Russia, and Vietnam and that attackers were systematically probing for vulnerabilities to access internal site management systems. LIGA.net stated no unauthorized access to internal systems occurred and that readers might encounter additional verification steps or temporary difficulty accessing the site due to heightened defenses.
• An undislosed organization February 11, 2026 • [ ransomware, persistence, evasion ] BleepingComputer reported that a member of the Crazy ransomware gang abused legitimate employee monitoring software and the SimpleHelp remote support tool to maintain persistence, evade detection, and prepare for ransomware deployment in victim networks.
• Optimizely February 11, 2026 • [ voice-phishing, social engineering, data leak ] Attackers associated with the ShinyHunters cybercriminal group used a voice-phishing social engineering attack to gain access to Optimizelys internal systems and CRM environment. Approximately 10,000 client organizations were affected, with exposed data including business contact information such as names, email addresses, and phone numbers.
• Singtel February 10, 2026 • [ cyber espionage, telecom infrastructure, network data exfiltration ] Singapore confirmed that China-linked cyber espionage group UNC3886 targeted the countrys telecom infrastructure, including Singtel. The government said attackers gained limited access to parts of telecom systems, did not disrupt services, and did not access personal data, but did exfiltrate a small amount of technical (network-related) data to advance operational objectives.
• StarHub February 10, 2026 • [ cyber espionage, state-sponsored, data exfiltration ] Singapore confirmed that China-linked cyber espionage group UNC3886 targeted the countrys telecom infrastructure, including StarHub. The government said attackers gained limited access to parts of telecom systems, did not disrupt services, and did not access personal data, but did exfiltrate a small amount of technical (network-related) data to advance operational objectives.
• M1 February 10, 2026 • [ cyber espionage, telecom infrastructure, technical data exfiltration ] Singapore confirmed that China-linked cyber espionage group UNC3886 targeted the countrys telecom infrastructure, including M1. The government said attackers gained limited access to parts of telecom systems, did not disrupt services, and did not access personal data, but did exfiltrate a small amount of technical (network-related) data to advance operational objectives.
• Simba Telecom February 10, 2026 • [ cyber espionage, network data exfiltration, telecom infrastructure ] Singapore confirmed that China-linked cyber espionage group UNC3886 targeted the countrys telecom infrastructure, including Simba Telecom. The government said attackers gained limited access to parts of telecom systems, did not disrupt services, and did not access personal data, but did exfiltrate a small amount of technical (network-related) data to advance operational objectives.
• An undislosed cryptocurrency company February 10, 2026 • [ malware, cryptocurrency, AI-generated video ] BleepingComputer reported that North Korean threat actor UNC1069 ran tailored campaigns using AI-generated video and the ClickFix technique to deliver malware for macOS and Windows to targets in the cryptocurrency sector, with a financially motivated objective.
• Gyrovague.com blog February 10, 2026 • [ DDoS, Denial of Service, malicious script ] Cybernews reported that Archive.today (archive.ph / archive.is mirrors) embedded a hidden script that turns visitors into participants in a DDoS attack against the Finnish travel blogger site Gyrovague.com. The script is triggered while visitors solve a CAPTCHA and repeatedly hits Gyrovagues search function with randomized requests to defeat caching and increase resource load. The article frames the attack as a personal vendetta tied to a prior OSINT/doxxing blog post about Archive.todays operator, and notes the operator acknowledged the DDoS and issued additional threats. This is coded as a confirmed disruptive denial-of-service action targeting the bloggers site availability/performance.
• WormGPT February 10, 2026 • [ data leak, AI hacking platform, user emails ] Cybernews reported that user details for the AI hacking platform WormGPT appeared on a data leak forum. The poster claimed they obtained the data earlier in February 2026 and that about 19,000 WormGPT users were affected. The leaked dataset was described as including user emails, payment data, subscription information, user IDs, and other account details. The reporting indicated the forum post included a sample and that the authors credibility and the sample supported the breach claim; WormGPTs operators did not confirm the incident in the article.
• York City February 10, 2026 • [ ransomware, cyberattack, ransom payment ] Reporting summarized in secondary coverage stated that York Citys cyberattack (described as a major incident that crippled the citys digital infrastructure) led to a $500,000 ransom payment made by the citys insurance company to overseas hackers, according to a former mayor. The report described the payment as roughly half of the initial demand and framed it as necessary to regain control of systems.
• Ersten Group February 9, 2026 • [ stalkerware, data leak, scraping ] A hacktivist scraped more than half-a-million payment records from a provider of consumer-grade stalkerware phone surveillance apps, exposing customer email addresses and partial payment information. The records include payments for phone-tracking services like Geofinder and uMobix and social-media monitoring services like Peekviewer, and the dataset also includes transaction records from Xnspy. The incident is a data exposure affecting customers who paid for surveillance services, not necessarily the surveilled victims.
• At least one European official February 9, 2026 • [ social engineering, scams, QR-code device linking ] Social engineering against Signal users using fake support scams and QR-code device linking to spy on targets.