Full List

Search

Recent Breaches

• Kentwood Public Schools April 30, 2026 • [ malware, insider threat, network disruption ] A student deployed malicious software that interfered with Kentwood Public Schools network, causing districtwide WiFi connectivity loss, which was later isolated and restored with help from external experts.
• Advanced Diagnostic Imaging April 30, 2026 • [ ransomware, electronic medical records, healthcare ] Columbia Surgical Partners said it was unable to access electronic medical records after its parent company, Advanced Diagnostic Imaging, was hit by a reported ransomware attack. Available reporting confirms EHR-access disruption at Columbia Surgical Partners, but does not publicly confirm a responsible ransomware group, data theft, ransom demand, restoration timeline, or whether other ADI systems or sites were affected.
• At least one Claude Code user April 30, 2026 • [ malware, fake installer, credential harvesting ] A fake Claude Code installer campaign likely affected many users searching for Anthropic's Claude Code tool, though public reporting did not identify specific victims or quantify the total number infected. The campaign delivered a PowerShell payload that extracted decrypted cookies, saved passwords, and payment data from Chromium-based browsers on infected machines. Public reporting did not identify the specific actor, country, volume of stolen data, or any operational disruption.
• Undisclosed Pakistani government entity April 30, 2026 • [ cyber espionage, Shadow-Earth-053, Microsoft Exchange ] Shadow-Earth-053, a China-aligned espionage cluster, was reported to have compromised an undisclosed Pakistani government environment by exploiting unpatched Microsoft Exchange and IIS servers, deploying web shells and ShadowPad, collecting credentials, and exporting mailbox contents.
• Undisclosed Thai government entity April 30, 2026 • [ espionage, vulnerability exploitation, web shells ] Shadow-Earth-053, a China-aligned espionage cluster, was reported to have compromised an undisclosed Thai government environment by exploiting unpatched Microsoft Exchange and IIS servers, deploying web shells and ShadowPad, collecting credentials, and exporting mailbox contents.
• Undisclosed Indian government entity April 30, 2026 • [ espionage, web shell, ShadowPad ] Shadow-Earth-053, a China-aligned espionage cluster, was reported to have compromised an undisclosed Indian government environment by exploiting unpatched Microsoft Exchange and IIS servers, deploying web shells and ShadowPad, collecting credentials, and exporting mailbox contents.
• Undisclosed Myanmar government entity April 30, 2026 • [ cyber espionage, vulnerability exploitation, web shells ] Shadow-Earth-053, a China-aligned espionage cluster, was reported to have compromised an undisclosed Myanmar government environment by exploiting unpatched Microsoft Exchange and IIS servers, deploying web shells and ShadowPad, collecting credentials, and exporting mailbox contents.
• Undisclosed Malaysian government entity April 30, 2026 • [ espionage, vulnerability exploitation, unpatched software ] Shadow-Earth-053, a China-aligned espionage cluster, was reported to have compromised an undisclosed Malaysian government environment by exploiting unpatched Microsoft Exchange and IIS servers, deploying web shells and ShadowPad, collecting credentials, and exporting mailbox contents.
• Undisclosed Sri Lankan government entity April 30, 2026 • [ cyber espionage, Shadow-Earth-053, unpatched servers ] Shadow-Earth-053, a China-aligned espionage cluster, was reported to have compromised an undisclosed Sri Lankan government environment by exploiting unpatched Microsoft Exchange and IIS servers, deploying web shells and ShadowPad, collecting credentials, and exporting mailbox contents.
• Undisclosed Taiwanese government entity April 30, 2026 • [ espionage, state-sponsored, web shells ] Shadow-Earth-053, a China-aligned espionage cluster, was reported to have compromised an undisclosed Taiwanese government environment by exploiting unpatched Microsoft Exchange and IIS servers, deploying web shells and ShadowPad, collecting credentials, and exporting mailbox contents.
• Undisclosed Polish defense-sector organization April 30, 2026 • [ espionage, web shells, ShadowPad ] Shadow-Earth-053, a China-aligned espionage cluster, was reported to have compromised an undisclosed Polish defense-sector organization by exploiting unpatched Microsoft Exchange and IIS servers, deploying web shells and ShadowPad, collecting credentials, and exporting mailbox contents.
• Liberty Mutual Insurance April 30, 2026 • [ data-extortion, data leak, personal information ] Everest Group claimed responsibility for a data-extortion attack against Liberty Mutual Insurance on April 30, 2026 and began leaking what it claimed was more than 108 GB of stolen data, including policyholder personal, financial, and insurance information. Public reporting did not confirm encryption, deletion, or operational disruption.
• Groupe 3R (Réseau Radiologique Romand) April 30, 2026 • [ ransomware, data theft, healthcare ] On April 30, 2026, Groupe 3R (Rseau Radiologique Romand) was hit by a ransomware attack that reduced system availability and caused some patient examinations to be rescheduled. The incident was reported to the Swiss Federal Cybersecurity Office and a criminal complaint was filed. Akira later claimed responsibility and alleged theft of 48 GB of data, including patient information, employee identification documents, payment details, and corporate records.
• Florida East Coast Railway April 30, 2026 • [ data-extortion, data leak, PII ] PayoutsKing claimed responsibility for a data-extortion attack against Florida East Coast Railway on April 30, 2026 and threatened to leak sensitive data unless negotiations were initiated. DataBreach.com later indexed 16,668 rows associated with the breach, including names, email addresses, and phone numbers. Public sources did not confirm successful encryption or operational disruption.
• Tessco Technologies April 30, 2026 • [ ransomware, data exfiltration, data leak ] On April 30, 2026, the ransomware group PayoutsKing claimed to have exfiltrated and encrypted 615GB of data from Tessco Technologies, a U.S. wireless communications products distributor, including contact information for over 100,000 individuals and Salesforce records for more than 500,000 customers.
• Instructure April 29, 2026 • [ unauthorized access, data leak, PII ] Instructure detected unauthorized access to part of its Canvas environment on April 29, 2026. The incident exposed user identifying information and messages from affected institutions; Instructure stated that core learning data, course content, submissions, credentials, passwords, dates of birth, government identifiers, and financial information were not compromised.
• Developers using compromised Lightning and Intercom packages April 29, 2026 • [ software supply-chain attack, malware, credential harvesting ] TeamPCP conducted a Mini Shai-Hulud software supply-chain attack by injecting credential-stealing malware into Lightning Python versions 2.6.2 and 2.6.3, intercom-client npm versions 7.0.4 and 7.0.5, and intercom-php 5.0.2. The malware harvested secrets from developer and CI/CD environments and created more than 1,800 GitHub repositories containing stolen credentials.
• Advanta Genetics LLC April 29, 2026 • [ data leak, healthcare, PII ] Advanta Genetics LLC, a Texas clinical and molecular diagnostics laboratory, was listed by Aurora on April 29, 2026. Aurora claimed access to patient, provider, employee, financial, legal/regulatory, and proprietary company data. DataBreach.com indexed 280,802 rows containing Social Security numbers, birthdates, email addresses, phone numbers, names, and street addresses. Public reporting noted that Advanta had not confirmed the full scope of Aurora's claims and did not confirm encryption or operational disruption.
• Vimeo April 28, 2026 • [ extortion, data leak, third-party breach ] In April 2026, the ShinyHunters extortion group listed Vimeo on their extortion portal as part of their "pay or leak" campaign. They subsequently published hundreds of gigabytes of data, predominantly consisting of video titles, technical data and metadata. The data also included 119k unique email addresses, sometimes accompanied by names. Vimeo attributed the exposure to a breach of Anodot, a third-party analytics vendor, and advised the incident does not include "Vimeo video content, valid user login credentials, or payment card information".
• Individual Filipino pensioner April 28, 2026 • [ vishing, phishing, malware ] A 68-year-old Filipino pensioner received a fraudulent call claiming to be from the Social Security System and was sent a Viber link to a fake app. After installation, malware hijacked his Android phone, froze the screen and power button, and allowed thieves to drain three bank accounts and two e-wallets, stealing more than 1 million.