Air Cote d'Ivoire
February 8, 2026
•[ cyberattack, data leak, sensitive files ]
Air Cte d'Ivoire confirmed that a cyberattack on February 8, 2026 affected parts of its information system and involved the illegal extraction of sensitive files, prompting business continuity measures and technical support for flights and other operations.
Odido
February 7, 2026
•[ data leak, unauthorized access, customer data theft ]
Odido confirmed that hackers gained unauthorized access to its customer contact system and covertly downloaded large volumes of customer information. Odido said more than 6.2 million customers were affected. The compromised data includes names, phone numbers, postal and email addresses, dates of birth, IBAN bank account numbers, and government-issued ID details such as passport or drivers license numbers and validity dates. The report did not attribute the incident to a specific threat group and did not describe operational disruption beyond the data compromise.
BridgePay Network Solutions
February 7, 2026
•[ ransomware, payment outage, credit card payments ]
Government Technology reported that multiple public-sector entities experienced credit card payment outages after BridgePay Network Solutions suffered a ransomware attack that caused a systemwide outage of its payment services. BridgePay said services remained unavailable while it worked with internal and external specialists and federal authorities (including the U.S. Secret Service and FBI) on investigation and recovery.
Toy Battles
February 6, 2026
•[ data leak, gaming, PII ]
In February 2026, the online gaming community Toy Battles suffered a data breach. The incident exposed 1k unique email addresses alongside usernames, IP addresses and chat logs. Following the breach, Toy Battles self-submitted the data to Have I Been Pwned.
Iranian air missile defense systems
February 6, 2026
•[ cyber warfare, operational cyber effects, missile defense disruption ]
The Record reported that U.S. officials said U.S. military cyber capabilities were used in 2025 to digitally disrupt Iranian air missile defense systems during strikes on nuclear-related sites (Fordo, Natanz, and Isfahan). Officials said the cyber action targeted a separate military system connected to the nuclear sites and helped prevent Iran from launching surface-to-air missiles at U.S. aircraft. The report framed the event as operational cyber effects in support of kinetic action; technical specifics, the exact duration of disruption, and the precise systems/components affected were not publicly detailed.
Another Ukraine
February 6, 2026
•[ DDoS, availability disruption ]
Russian state media reported that the website of the movement Another Ukraine was hit by another DDoS attack, according to the groups Telegram channel. The organization said the site returned to normal operation after the attack. No data theft was described; the reported impact was short-term disruption of availability.
Beacon Mutual Insurance Co.
February 6, 2026
•[ ransomware, data breach, workers' compensation ]
Insurance Journal reported that Rhode Island-based workers compensation insurer Beacon Mutual experienced a ransomware attack and was working to determine what information and which individuals may have been affected. The report indicates an active investigation and response effort, but does not provide a confirmed data-type list, count of affected individuals, or a detailed timeline of intrusion and restoration in the excerpt available.
La Comisi�n Nacional de Seguros y Fianzas (CNSF)
February 6, 2026
•[ data leak, security incident, PII ]
In the case of the National Insurance and Bonding Commission (CNSF) , the regulator reported that on January 30th it registered an information security incident that exposed intermediary identification documents containing data such as name, CURP (Unique Population Registry Code), RFC (Federal Taxpayer Registry), and photograph.
Nippon Medical School Musashi Kosugi Hospital (日本医科大å¦æ¦è”µå°æ‰ç—…院)
February 6, 2026
•[ ransomware, data breach, healthcare ]
Japans Nippon Medical School Musashi Kosugi Hospital disclosed it suffered a ransomware attack after nurse-call terminals malfunctioned and investigation found its nurse-call system servers were attacked. The hospital stated patient personal information stored on the nurse-call system servers was stolen and that the intrusion path was tied to a maintenance VPN device. Public reporting in Japan said attackers demanded a large ransom (reported internationally as about $100 million). The hospital stated it would not comply with the ransom demand and reported that clinical services continued while investigation and recovery actions proceeded.
National Supercomputing Center (NSCC) Tianjin
February 6, 2026
•[ data breach, military, aerospace ]
FlamingChina claimed to have breached the National Supercomputing Center in Tianjin and offered for sale more than 10 petabytes of allegedly stolen data, including claimed military, aerospace, research, and client datasets; the breach was not confirmed by NSCC Tianjin, but experts who reviewed samples said they appeared consistent with data expected from the facility.
Flickr (via an undisclosed third-party provider)
February 5, 2026
•[ data leak, third-party risk, phishing ]
Flickr notified users of a potential data breach after a vulnerability in a system operated by one of its third-party email service providers may have allowed unauthorized access to member information. Flickr said it was alerted on February 5, 2026 and shut down access to the affected system within hours. The company stated that passwords and payment card numbers were not compromised. Exposed data may include real names, email addresses, usernames, account type, IP address, general location, and platform activity; Flickr urged vigilance for phishing and recommended changing passwords on other services if reused.
Spain's Ministry of Science (Ministerio de Ciencia)
February 5, 2026
•[ cyberattack, data leak, IDOR vulnerability ]
Spains Ministry of Science partially shut down IT systems and suspended ongoing administrative procedures following what it called a technical incident, later reported by Spanish media as related to a cyberattack. A threat actor using the alias GordonFreeman claimed responsibility, posted samples, and offered allegedly stolen ministry data for sale. The attacker claimed an IDOR vulnerability enabled credential access and full admin-level access, but BleepingComputer noted it could not independently confirm all claims. The confirmed impact is significant service disruption for citizen/company-facing procedures, with credible indications of data compromise based on posted samples.
University of La Sapienza
February 5, 2026
•[ cyberattack, operational disruption, network shutdown ]
La Sapienza University in Rome reported that its IT infrastructure was targeted by a cyberattack that caused widespread operational disruption. The university announced it ordered an immediate shutdown of network systems as a precaution to protect data integrity and security, and formed a technical task force while notifying authorities. As of the report, the universitys website remained offline and ongoing status updates indicated continued recovery work. Public reporting did not confirm data theft; the primary documented effect is the deliberate shutdown and resulting loss of availability for key university network services.
Network devices in at least one Norwegian organization
February 5, 2026
•[ state-sponsored espionage, network device compromise, telecom ]
The Record reported that Norways Police Security Service (PST) disclosed that the Chinese state-sponsored espionage campaign tracked as Salt Typhoon compromised network devices in Norwegian organizations. PST made the disclosure in its 2026 annual threat assessment and said the actor exploited vulnerable network devices, consistent with a broader telecom/critical infrastructure espionage focus described by allied authorities. The article does not identify specific victim organizations or provide incident-level dates/effects for one named target, so it is best treated as campaign-level reporting rather than a single victim event record.
Italian security cameras
February 5, 2026
•[ DDoS attacks, hacktivism, security cameras ]
Italian reporting stated that pro-Russian hacktivist group NoName057(16) launched DDoS attacks connected to the digital ecosystem around the MilanCortina 2026 Winter Olympics. The reported primary effect is disruption attempts against public-facing online services linked to the event. The article also notes the group displayed content suggesting access to security cameras, but it does not provide sufficient detail to code a separate confirmed camera compromise event; the core confirmed effect described is DDoS activity against websites/services.
Rinku Singh's Facebook account
February 5, 2026
•[ account takeover, hacking, social media breach ]
Indian media reported that cricketer Rinku Singhs Facebook account was hacked, with police stating the cybercrime unit was investigating. The report indicated it was not yet known whether the compromise resulted in financial fraud or other misuse beyond unauthorized access/control of the account. The confirmed effect is account compromise and loss of control of a social media profile; additional impacts were not established in the reporting.
Conpet
February 4, 2026
•[ cyberattack, ransomware, data breach ]
Romanias national oil pipeline operator Conpet said a cyberattack disrupted parts of its technology infrastructure and knocked its website offline earlier in the week, while operational technology systems (including SCADA and telecoms) remained functional and oil transport operations were not affected. Conpet did not confirm a data breach or name the attacker, but the Qilin ransomware group listed Conpet on its leak site and claimed to have stolen nearly one terabyte of data, publishing images of alleged internal documents, financial records, and passport scans. Conpet said it took immediate mitigation steps, worked with national cybersecurity authorities, and filed a criminal complaint.
HubEE
February 4, 2026
•[ security vulnerability, data leak, unauthorized access ]
It wasn't the Service-public.gouv.fr portal itself that was directly hacked, but a key component of its infrastructure: HubEE, the platform responsible for transmitting supporting documents between users and government agencies. For several days, attackers exploited a security vulnerability, navigating the system undetected.
Choisir le Service Public (French civil service recruitment platform)
February 4, 2026
•[ data leak, personal data theft, phishing risk ]
Frances official civil-service recruitment platform Choisir le Service Public disclosed a security incident that resulted in the theft of personal data for 377,418 registered candidates. The stolen dataset includes standard identifiers (name, address, phone, date of birth, email) and more detailed professional/education profile fields that can enable highly targeted phishing and fraud. The platform stated passwords were not compromised and CVs/attachments were not taken. In response, some features (candidate space access and direct-application functionality) were temporarily disabled for several days, authorities were notified, and a complaint was planned.
Hims & Hers Inc.
February 4, 2026
•[ third-party risk, data leak, PII ]
Hackers accessed Hims & Hers third-party ticketing system between February 4 and February 7, 2026, stealing customer support ticket data that primarily included names and email addresses; medical records and healthcare-provider communications were not affected.
