Eurail
January 10, 2026
•[ security breach, data leak, unauthorized access ]
Eurail B.V. (also operating as Interrail) confirmed a security breach that resulted in unauthorized access to customer data. Eurail/Interrail publicly posted notice on January 10, 2026 and began emailing affected customers on January 13, 2026, with the investigation described as ongoing. The companys early review stated that impacted data may include customer order and reservation information along with basic identity and contact details. Where provided, it may also include passport information such as passport number, country of issuance, and expiry date, particularly for customers who received passes through the DiscoverEU program. The report also referenced exposure of bank details and advised customers to remain vigilant for fraud attempts while Eurail monitored for misuse and notified data protection authorities.
Nissan Motor Corporation (Nissan Motor Co., Ltd.)
January 10, 2026
•[ ransomware, data leak, extortion ]
HackRead reported that the Everest ransomware group claimed it breached Nissan Motor Corporation and stole about 900GB of internal data. The article said the group posted the allegation on its leak site on January 10, 2026 and shared screenshots and directory listings suggesting access to internal operational documents, data extracts, and dealership-related records. Everest reportedly threatened to publish the data if Nissan did not respond within a set timeframe. Nissan had not publicly confirmed the claim at the time of reporting.
Betterment
January 9, 2026
•[ social engineering, phishing, data leak ]
In January 2026, the automated investment platform Betterment confirmed it had suffered a data breach attributed to a social engineering attack. As part of the incident, Betterment customers received fraudulent crypto-related messages promising high returns if funds were sent to an attacker-controlled cryptocurrency wallet. The breach exposed 1.4M unique email addresses, along with names and geographic location data. A subset of records also included dates of birth, phone numbers, and physical addresses. In its disclosure notice, Betterment stated that the incident did not provide attackers with access to customer accounts and did not expose passwords or other login credentials.
Betterment
January 9, 2026
•[ social engineering, data leak, phishing ]
TechCrunch reported that Betterment confirmed hackers accessed some of its systems on January 9, 2026 through a social engineering attack involving third-party platforms used for marketing and operations. Betterment said the attackers accessed customer personal information including names, email and postal addresses, phone numbers, and dates of birth, and used that access to send fraudulent scam notifications to users. The company said it detected and revoked unauthorized access the same day, launched an investigation with external help, and stated its ongoing investigation indicated no customer accounts were accessed and no passwords or login credentials were compromised. Betterment did not disclose how many customers were affected.
Sri Lanka's Public Security Ministry
January 9, 2026
•[ unauthorized access, website compromise, content manipulation ]
Sri Lankas Criminal Investigation Department opened an inquiry after the official website of the Ministry of Public Security showed multiple incidents of abnormal activity consistent with unauthorized access. Police indicated the site may have been compromised and said investigators were working to determine the source and extent of the intrusion. Reporting noted irregularities in how the national emblem was displayed during the affected period, suggesting possible content manipulation. Sri Lanka CERT and the Information and Communication Technology Agency reportedly took steps to restore the website and reinforce security controls while the investigation proceeded.
Apex Legends
January 9, 2026
•[ security incident, account hijacking, gameplay disruption ]
BleepingComputer reported that Apex Legends players experienced a security incident over the weekend beginning at least January 9, 2026, where an external actor hijacked player characters during live matches, attempted to move characters off-map, disconnected players, and altered nicknames. Respawn publicly acknowledged an active security incident and stated that its initial investigation found no evidence that the bad actor could install or execute code (i.e., no RCE/injection) and did not frame the incident as a malware infection. The primary confirmed impact described is disruption of gameplay integrity and player sessions during live matches.
Free Speech Union (FSU)
January 9, 2026
•[ data leak, hacktivism, donor exposure ]
Cybernews reported that the UK-based Free Speech Union (FSU) was hacked by trans activists and that the names of people who donated 50 or more were publicly listed online. The dataset was made available via Distributed Denial of Secrets (DDoSecrets). The article frames the attack as politically motivated (protest/ideological retaliation) and describes the outcome as exposure of supporter identities; it does not confirm the full set of leaked fields beyond donor names and the donation-threshold context, nor does it describe service disruption at the organization.
At least one organization in Southeastern Europe
January 8, 2026
•[ cyber espionage, vulnerability exploitation, SSH brute force ]
BleepingComputer reported on Cisco Talos research describing a sophisticated China-nexus actor tracked as UAT-7290 targeting telecommunications providers, historically in South Asia and recently expanded into Southeastern Europe. The group was described as conducting extensive reconnaissance and using one-day exploits plus target-specific SSH brute force to compromise public-facing edge devices for initial access and privilege escalation. Talos reported the actor deploys a primarily Linux-based malware suite (with occasional Windows implants) and establishes Operational Relay Box (ORB) infrastructure that can be used by other China-aligned threat actors. The report is campaign-level and does not enumerate a single named victim breach event date.
Undisclosed strategic advisory firm in the US
January 8, 2026
•[ spearphishing, QR codes, credential theft ]
An FBI flash alert described North Korea-linked Kimsuky (APT43) using spearphishing emails that contain QR codes to lure recipients to fake questionnaires, secure-drive links, or login pages, with the goal of stealing credentials or session tokens and hijacking cloud identities. The warning said the observed targeting includes U.S. organizations involved in North Korea policy/research/analysis such as NGOs, think tanks, academic institutions, strategic advisory firms, and government entities. The alert included examples (e.g., a June 2025 conference-invite lure) and explained that QR-driven flows can bypass traditional email controls by shifting the interaction to unmanaged mobile devices.
Cressi
January 8, 2026
•[ ransomware, data leak, leak site ]
Cybernews reported that the ransomware group Qilin claimed responsibility for an attack on Cressi, an Italian diving equipment manufacturer, by posting a ransom entry on its leak site on January 8, 2026. The report notes that at that stage it was unclear what data (if any) had been accessed or exfiltrated and that the group had not published data samples or set a countdown timer. As reported, the main confirmed indicator is the groups claim and listing on the leak site; independent confirmation of encryption, downtime, or data theft was not provided in the article.
At least one Telecom company in South Asia
January 8, 2026
•[ espionage, malware, threat intelligence ]
The Hacker News summarized Cisco Talos research attributing espionage-focused intrusions to a China-nexus actor tracked as UAT-7290. The campaign reportedly targets telecom entities in South Asia and Southeastern Europe, performing extensive reconnaissance followed by compromise activity that can lead to deployment of malware families including RushDrop, DriveSwitch, and SilentRaid. The article is threat-intelligence reporting focused on actor behavior, tooling, and geographic targeting, and it does not provide a bounded, single victim incident record with confirmed impact metrics (e.g., downtime or specific data stolen) for one named organization.
Truebit
January 8, 2026
•[ cryptocurrency theft, smart contract exploit, blockchain security ]
The Record reported that hackers stole more than $26 million in cryptocurrency from the Truebit platform on Thursday (January 8, 2026). Truebit said it became aware of a security incident involving one or more malicious actors and urged users not to interact with the affected smart contract. Blockchain security firms tracked 8,535 ETH taken (reported as about $26.44 million). The report frames the event as a major early-2026 crypto theft affecting Truebits on-chain assets, with ongoing law-enforcement contact and incident response actions mentioned, but without detailing the precise exploit mechanism in the article text provided.
Instagram
January 7, 2026
•[ data leak, scraping ]
In January 2026, data allegedly scraped via an Instagram API was posted to a popular hacking forum. The dataset contained 17M rows of public Instagram information, including usernames, display names, account IDs, and in some cases, geolocation data. Of these records, 6.2M included an associated email address, and some also contained a phone number. The scraped data appears to be unrelated to password reset requests initiated on the platform, despite coinciding in timeframe. There is no evidence that passwords or other sensitive data were compromised.
Panera Bread
January 7, 2026
•[ ransomware, data leak ]
In January 2026, Panera Bread suffered a data breach that exposed 14M records. After an attempted extortion failed, the attackers published the data publicly, which included 5.1M unique email addresses along with associated account information such as names, phone numbers and physical addresses. Panera Bread subsequently confirmed that "the data involved is contact information" and that authorities were notified.
Universidad Nacional Autónoma de México
January 7, 2026
•[ unauthorized intrusion, incident response, system downtime ]
Universidad Nacional Autnoma de Mxico confirmed an unauthorized intrusion into a small number of its information systems in early January 2026. The university stated that five systems were affected and temporarily taken offline as a precautionary measure, that incident response protocols were activated, and that there was no evidence of theft or extraction of personal data belonging to students, faculty, or staff at the time of reporting.
Metro Pet Vet
January 7, 2026
•[ ransomware, data breach, technical difficulties ]
A Lancaster County veterinary practice (Metro Pet Vet) reported it was hit by a ransomware attack after several days of technical issues. The office said Monday and Tuesday it experienced major technical difficulties, including its router stopping, and by Wednesday morning ransomware was detected and the practice lost access to its server. Staff reported they could not access pet vaccine and medication histories and had to operate like 40 years ago using paper while continuing to treat animals and relying on an app for scheduling. The practice stated no credit card or Social Security information was stored on the affected server, but client phone numbers and addresses were stored there, and it expected recovery work to continue into the following week.
Veenkoloniaal Museum (Veendam)
January 7, 2026
•[ ransomware, unauthorized access, data theft ]
The Veenkoloniaal Museum in Veendam experienced a ransomware incident discovered on January 7, 2026, in which the LockBit group gained unauthorized access to systems. Data was stolen and files were rendered inaccessible, affecting digital records and image archives. Individuals whose personal data was involved were notified. The museum restored systems from backups and declined to negotiate with the attackers.
Anchorage Police Department via Whitebox Technologies
January 7, 2026
•[ security incident, third-party risk, data migration ]
Anchorage Police Department reported it took immediate containment actions after being alerted on January 7, 2026 to a security incident affecting one of its technology service providers, Whitebox Technologies (a data migration firm). According to reporting cited in the post, the Citys IT department shut down the relevant Anchorage Police Department servers and disabled the vendors access along with all third-party service provider access while incident response work continued. As of the report date, no ransomware group had publicly claimed responsibility and there was no public statement from the vendor. Public reporting did not confirm whether any APD data was accessed or exfiltrated, but it confirms operational disruption via server shutdown and access suspension.
Global-e
January 7, 2026
•[ data exposure, third-party compromise, unauthorized access ]
Reporting aggregated by DataBreaches.Net indicates Ledger was impacted by a data exposure incident involving its third-party payment processor, Global-e. The report describes an email notification stating that an unauthorized party accessed Global-es cloud system and obtained Ledger customers personal details, including names and contact information associated with orders. The notification did not specify when the access occurred, how many Ledger customers were affected, or whether additional data types (e.g., payment details) were involved. The incident is treated as a third-party compromise affecting Ledger customer data.
Iberia Airlines
January 7, 2026
•[ infostealer, malware, credential theft ]
TechRadar and HackRead summarized Hudson Rock research describing a campaign in which an actor using the alias Zestix (aka Sentap) leveraged credentials harvested by infostealer malware (e.g., RedLine, Lumma, Vidar) to access corporate cloud instances where multi-factor authentication was not enforced. Reporting stated the attacker obtained and attempted to auction or sell large volumes of sensitive corporate files from roughly 50 enterprises worldwide, with at least one victim reportedly losing on the order of 139GB of data. Specific victim impacts vary by organization, and the timing of initial credential theft was not fully specified.
