Portend Breaches

Choice Hotels International January 14, 2026 • [ social engineering, unauthorized access, PII leak ] An unauthorized person used social engineering to gain access to a Choice Hotels application containing records on franchisees and franchise applicants, exposing names and Social Security numbers.

At least one organization in North America January 13, 2026 • [ SEO poisoning, backdoored installers, vulnerabilities ] It summarizes NCC Group findings about activity linked to a threat group called Silver Fox (including SEO poisoning used to distribute backdoored installers for widely used software and infections observed dating back to July 2025) and separately describes four vulnerabilities in the Johnson Controls PowerG building security radio protocol that could enable interception, impersonation, message replay, and broader compromise within radio range if unpatched or poorly mitigated.

Town of La Hague January 13, 2026 • [ intrusion, email compromise, unauthorized access ] The municipality of La Hague (France) announced it was the victim of an intrusion into its information system that impacted internal email accounts. Upon learning of the incident, the commune reported immediate actions including changing passwords for affected and administrator accounts, temporarily suspending email sending for impacted users, notifying relevant authorities (including ANSSI, CERT-FR, DINUM, CNIL, and local digital authorities), informing partners, and filing a formal complaint with the gendarmerie. Specialized law enforcement units began investigating the incident and its consequences while technical teams and service providers conducted parallel analysis. The announcement emphasized heightened vigilance against suspicious links/attachments and stated the municipality was working to restore system security.

AZ Monica January 13, 2026 • [ cyberattack, operational disruption, healthcare ] AZ Monica hospital in Antwerp reported a cyberattack discovered around 6:30 a.m. after staff observed a serious IT failure. As a precaution, the hospital shut down all servers across both campuses (Deurne and Antwerp/Harmonie), and law enforcement opened an investigation with the cyber crime unit on site. Because clinicians could not access electronic patient records, the hospital postponed non-urgent care and maintained emergency care at a reduced level. Reporting stated at least 70 planned operations were cancelled, roughly 70 patients were sent home, and seven patients were transferred to other hospitals as a precaution. Public reporting did not confirm encryption, ransom demands, or data theft, focusing primarily on operational disruption and patient-care impact.

ICE List site January 13, 2026 • [ denial-of-service attack, data leak, personal information ] A website known as ICE List, operated by Netherlands-based immigration activist Dominick Skinner and described as dedicated to leaking personal information about U.S. immigration and border personnel, went offline following a denial-of-service attack on the evening of January 13, 2026. Reporting said the outage occurred shortly after media coverage that Skinner planned to publish additional personal data allegedly obtained from a whistleblower. Skinner stated it was only possible to speculate on who directed the attack but claimed a large amount of traffic appeared to come from Russia, consistent with bot traffic intended to overwhelm the site and disrupt access.

Armenian Government January 13, 2026 • [ Data Leak, Cybercrime, Alleged Breach ] Reporting stated that a forum user using the alias dk0m offered for sale what was described as a large dataset of Armenian government-related data, allegedly obtained by accessing a government notification system used to distribute official communications (legal and administrative notices). The seller advertised the dataset for $2,500 and claimed it contained about 8 million records related to official notifications, including communications involving police and judicial bodies. Armenian officials opened an investigation, while a government-linked communications body publicly denied that government email infrastructure was breached and suggested any access may have involved another state platform. Because the incident is described as an allegation under investigation without independent confirmation of access or data theft, it is recorded as an alleged event rather than a confirmed cyberattack.

Endesa January 13, 2026 • [ data breach, unauthorized access, data exfiltration ] SecurityWeek reported that Spanish energy company Endesa notified customers about a data breach involving unauthorized access to its commercial platform, also impacting customers of its gas distributor Energia XXI. Endesa stated that attackers accessed and likely exfiltrated basic customer identification information, contact details, national identification numbers (DNI), contract information, and payment details including IBANs. The company said passwords were not compromised and that the incident was contained quickly, with additional safeguards implemented and notifications sent to affected customers.

Waterloo Regional Health Network January 13, 2026 • [ personal health information, third-party security incident, data breach ] Waterloo Regional Health Network notified patients that a third-party security incident affecting its connection to the Health Report Manager service may have exposed personal health information for approximately 150,000 patients who received care between April 2025 and January 2026. WRHN said the incident occurred outside WRHNs internal systems, was contained within hours on January 13, and no misuse was believed likely.

MediCopy Services, Inc. January 13, 2026 • [ unauthorized access, data leak, healthcare ] An unauthorized actor accessed MediCopy Services' cloud-based file-sharing platform on January 13, 2026, and downloaded files related to release-of-information requests for certain Deaconess patients, including patients of Deaconess Henderson Hospital, Deaconess Union County Hospital, and surrounding clinics. Deaconess stated that its own IT systems and electronic medical record system were not impacted.

Medical Practice of Dr. Richard Swift January 12, 2026 • [ malware, cyberattack, data leak ] DataBreaches reported on a class action lawsuit alleging that a Manhattan plastic surgery practice run by Dr. Richard Swift was compromised by a malware-related cyberattack in 2025 and that sensitive patient information was posted online. The suit alleged that a site hosted outside the U.S. displayed personal identifiers and medical record details for at least 22 patients, and that affected patients only learned about the breach after attackers contacted them directly. DataBreaches noted the same threat actors were linked to attacks on other plastic surgery practices and described a recurring pattern where attackers approached patients with demands in exchange for removing posted information. Public reporting did not confirm whether the practice paid, and the article noted the leak site later appeared offline.

At least one organization in Mexico January 12, 2026 • [ data leak, leak portals, cybercrime ] During 2025, the data of 74 Mexican organizations was exposed on leak portals used by criminal groups, a figure that doubles the 37 cases registered in 2024

Organized Crime and Corruption Reporting Project (OCCRP) January 12, 2026 • [ DDoS, botnet, distributed denial-of-service ] OCCRP reported its website was targeted by a sophisticated distributed denial-of-service (DDoS) attack beginning on Monday and still ongoing as of January 13, 2026. The organization said the assault appeared to involve a large international botnet and adaptive tactics, suggesting a coordinated effort with a human element responding to defenses. Recent infrastructure upgrades reportedly prevented a complete outage; however, readers could experience slower access and additional verification steps designed to block automated traffic. OCCRP stated the source of the attack had not been identified and framed the incident as an attempt to make its investigative reporting inaccessible by overwhelming online services rather than compromising internal data systems.

Undisclosed Taiwanese healthcare organization #5 January 12, 2026 • [ ransomware, cyber intrusion, data exfiltration ] The CrazyHunter ransomware group conducted a cyber intrusion against a healthcare organization in Taiwan by exploiting application-layer access, resulting in unauthorized access and data exfiltration. Security reporting confirms the victim as one of multiple Taiwanese healthcare entities affected, though specific organizational details were not publicly disclosed.

Target January 12, 2026 • [ data leak, source code theft, internal documentation ] BleepingComputer reported that multiple current and former Target employees confirmed that source code and documentation posted online by a threat actor match real internal systems. Employees cited internal system names, platform references, and CI/CD tooling elements in the leaked sample that aligned with Targets development environment, and an internal communication referenced an accelerated security change restricting access to Targets Enterprise Git server shortly after the outlet contacted the company. The incident as described involves alleged theft and publication of internal repositories and development documentation rather than an outage or consumer-facing service disruption.

Bruno Fernandes?s X account January 12, 2026 • [ account takeover, hacking, social media breach ] Manchester United confirmed that captain Bruno Fernandes X account was hacked after a burst of bizarre posts and messages appeared. The club urged supporters not to engage with any posts or direct messages while access was being restored. Screenshots shared online showed the attacker posting inflammatory jokes and comments, including criticism of INEOS, the company that co-owns the club recently.

Congressional Staff email platform January 11, 2026 • [ cyber intrusion, state-backed hacking, email compromise ] TechStory reported that a cyber intrusion linked to the China-associated group known as Salt Typhoon compromised email systems used by staff supporting multiple powerful U.S. House committees (including foreign affairs, intelligence, and defense-related panels). The report said the intrusions were detected in December 2025, but investigators were still determining how long access persisted, what data was viewed or extracted, and whether any lawmakers personal accounts were affected. U.S. agencies and House offices were described as offering limited public comment while investigations continued, and China was reported as denying allegations of state-backed hacking.

Langley Twigg Law January 11, 2026 • [ cyberattack, data breach, malware ] Langley Twigg Law (Napier, New Zealand) stated it was hit by a cyberattack on January 11, 2026. The firm said digital forensics and cyber specialists confirmed a malicious third-party launched a virus on its IT network, which was not protected by its cybersecurity software at the time. The firm reported the attacker extracted a portion of data from its file server containing internal operational information and some client documents. Langley Twigg said it disconnected its network from the internet, notified the Privacy Commissioner and police, and was working to determine exactly what information was affected before contacting impacted clients.

Various small Brazilian ISPs January 11, 2026 • [ DDoS attacks, SSH keys, security breach ] Huge Networks' infrastructure and private SSH keys were used by an unknown adversary to launch DDoS attacks against multiple small Brazilian internet service providers. The company denied involvement, attributing the activity to a security breach discovered in January 2026.

Pecan Tree Dental, PLLC January 11, 2026 • [ data breach, data exfiltration, personally identifiable information ] Pecan Tree Dental, PLLC, a dental practice in Grand Prairie, Texas, discovered a cybersecurity incident on January 11, 2026. Sinobi claimed responsibility and claimed to have exfiltrated 250 GB of data. HHS/OCR-style reporting listed 13,300 affected individuals, while DataBreach.com indexed 24,504 rows containing Social Security numbers, email addresses, and phone numbers. Public reporting did not confirm successful encryption or operational disruption.

American Vanguard January 10, 2026 • [ data leak, data exfiltration, unauthorized access ] The Osiris threat group gained unauthorized access to American Vanguard systems in early January 2026 and exfiltrated corporate and financial data. Security reporting and attacker leak listings indicate data theft, though no explicit confirmation of file encryption was reported. Operational impacts appear linked to incident response and remediation activities.

Recent Breaches