Full List

Search

Recent Breaches

• Mastodon (mastodon.social) April 20, 2026 • [ DDoS attack, service disruption, 313 Team ] Mastodons flagship mastodon.social server was hit by a DDoS attack on April 20, 2026, making the instance unusable at times and causing much of the site to become inaccessible. Mastodon implemented countermeasures by 9:05 a.m. ET and restored access within a couple of hours, while warning that instability could continue as the attack was ongoing; SC Media reported that 313 Team claimed responsibility.
• Nordenta April 20, 2026 • [ ransomware, data leak ] The Danish dental supplier Nordenta was listed on the Kairos ransomware leak site around April 20, 2026, and Computerworld reported on April 22 that the company had been hit by ransomware. Kairos claimed to have stolen 1.68 TB of data and used the leak-site post to pressure company executives, but the specific data categories and operational impact were not confirmed in the reviewed sources.
• ADT Inc. April 20, 2026 • [ vishing, social engineering, data breach ] ShinyHunters compromised an ADT employee Okta SSO account through vishing, used the account to access ADTs Salesforce instance, and stole personal information later assessed by Have I Been Pwned as affecting 5.5 million individuals.
• BePrime April 20, 2026 • [ unauthorized access, missing MFA, credential leak ] BePrime, a managed cybersecurity services provider in Mexico, was breached in April 2026 after attackers accessed administrator accounts lacking MFA, exfiltrating 12.6 GB of data that included plaintext credentials, client penetration testing reports, Cisco Meraki API keys controlling 1,858 network devices, and live surveillance camera feeds from client offices.
• Canada Life April 20, 2026 • [ extortion, data leak, phishing ] In April 2026, Canada Life was the victim of a "pay or leak" extortion campaign by the ShinyHunters group. The group subsequently published the data which contained over 200k unique email addresses along with names, phone numbers, physical addresses and, in some cases, customer support tickets. In their disclosure notice, Canada Life advised that "it is a small proportion of our customers who may have been impacted". In the wake of the incident, Canada Life also published an alert cautioning customers to be wary of phishing attacks, a pattern often seen after the public release of breached data.
• SailPoint, Inc. April 20, 2026 • [ unauthorized access, source code leak, third-party vulnerability ] SailPoint disclosed unauthorized access to a subset of its GitHub repositories on April 20, 2026. The company said the unauthorized activity was quickly terminated, a vulnerability in a third-party application was remediated, and there was no evidence that customer data in production or staging environments was accessed or that services were interrupted. SailPoint did not publicly name the threat actor or disclose the type or volume of repository data that may have been compromised.
• Vercel April 19, 2026 • [ unauthorized access, OAuth compromise, third-party risk ] Vercel confirmed unauthorized access to internal systems after a compromised third-party AI OAuth app was used to access a Vercel employee Google Workspace account.
• Kelp DAO April 19, 2026 • [ DDoS, RPC poisoning, Cryptocurrency theft ] NGB 3rd Technical Surveillance Bureau (TraderTraitor) compromised and poisoned LayerZero RPC infrastructure, launched a DDoS to force failover to the poisoned nodes, and delivered a malicious instruction that drained 116,500 rsETH, worth roughly $292 million, from Kelp DAO.
• Carnival April 18, 2026 • [ phishing, extortion, data leak ] In April 2026, the notorious hacking collective ShinyHunters claimed they had obtained a substantial volume of data belonging to the Carnival cruise operator and attempted to extort the organisation to prevent the data from being leaked. The following week, the group published the data publicly, which contained 8.7M records with 7.5M unique email addresses. The data contained fields indicating it related to the Mariner Society loyalty program run by Holland America, a cruise line brand under Carnival, and included names, dates of birth, genders and data relating to status within the loyalty program. Carnival acknowledged a phishing incident involving a single user account and advised they were working to better understand the scope of the unauthorised activity.
• Seiko USA April 18, 2026 • [ defacement, ransomware, data theft ] The Seiko USA websites Press Lounge section was defaced with a ransom message claiming attackers had accessed the companys Shopify backend and stolen its customer database; the claimed data theft was not confirmed.
• Aman Resorts April 18, 2026 • [ extortion, data leak, PII ] ShinyHunters named Aman Resorts in an April 2026 pay-or-leak extortion campaign and claimed compromise of over 500,000 Salesforce CRM records containing PII. DataBreach indexed 294,871 rows, while Have I Been Pwned reported over 200,000 unique email addresses and said the leaked data also included names, phone numbers, physical addresses, dates of birth, nationalities, spouse names, and VIP status codes. Public sources did not confirm encryption, data destruction, or operational disruption.
• University of Cambridge April 17, 2026 • [ phishing, credential theft, account compromise ] Students and staff received phishing emails appearing to come from compromised University of Cambridge accounts; related messages contained links designed to steal login credentials and enable further account compromise.
• The Canada Life Assurance Company April 17, 2026 • [ unauthorized access, data leak, personal information ] The Canada Life Assurance Company confirmed unauthorized access through an employee account that exposed personal information for up to 70,000 people.
• South Korean Ministry of Foreign Affairs April 17, 2026 • [ DDoS attack, service disruption, cyberattack ] South Koreas Ministry of Foreign Affairs website was briefly disrupted by a DDoS attack and restored the same day.
• Medtronic April 17, 2026 • [ data leak, unauthorized access, personal records ] ShinyHunters listed Medtronic on its leak site on April 17, 2026, claiming theft of more than 9 million personal records and terabytes of corporate information; Medtronic confirmed unauthorized access to corporate IT systems but had not confirmed data theft.
• Pricon Microelectronics, Inc. April 17, 2026 • [ ransomware, data theft, LockBit 5.0 ] Pricon Microelectronics suffered a ransomware attack affecting some servers; LockBit 5.0 later claimed data theft.
• Adams County, Mississippi April 17, 2026 • [ ransomware, government services, outdated systems ] Adams County, Mississippi suffered a ransomware attack on April 17, 2026, after an outdated computer in the sanitation department allowed hackers to spread through the county network. The attack locked employees out of key services including court records, car tag payments, and public records processing; about 70% of systems were back online by the time of reporting, but full recovery was still underway.
• Adumo (Lesaka unit) April 16, 2026 • [ source code leak, payment system data, dark web ] Adumo investigated claims that technical payment-system data and source code were offered for sale on a dark-web forum.
• Zara April 15, 2026 • [ extortion, data leak, third-party risk ] In April 2026, the fashion brand Zara was among a number of organisations targeted by the ShinyHunters extortion group as part of their "pay or leak" campaign. The group claimed the breach was related to a compromise of the Anodot analytics platform and subsequently published a terabyte of data allegedly including 95M support ticket records. The data contained 197k unique email addresses alongside product SKUs, order IDs and the market the support ticket originated in. Zara's parent company Inditex advised that the incident didn't affect passwords or payment information.
• Agence nationale des titres sécurisés (ANTS) April 15, 2026 • [ unauthorized access, data leak, identity document theft ] On April 15, 2026, ANTS, also known as France Titres, detected unauthorized access to the ants.gouv.fr portal. The agency confirmed a data breach involving citizen identity-document portal data, while breach3d claimed to have stolen up to 19 million records and offered them for sale; ANTS did not specify the total number of affected citizens.