Wilhelmsen Ship Management (Norway) AS
February 27, 2026
•[ ransomware, data leak, operational disruption ]
A ransomware incident affected systems on a single Wilhelmsen-managed ship and disrupted that vessels operations. Later reporting said passport and next-of-kin information relating to personnel on that ship was also compromised.
Dienst Justitiële Inrichtingen
February 27, 2026
•[ data leak, vulnerability exploit, internal network access ]
Hackers exploited an Ivanti Endpoint Manager Mobile flaw to access the internal network of the Dutch prisons agency and view staff contact details and security certificates; they also gained access to phones, tablets, and laptops.
KPMG Israel
February 27, 2026
•[ hacktivism, DDoS, website defacements ]
Industrial Cyber summarized Intel 471 analysis that USIsrael strikes on Iran triggered a surge of hacktivist activity and claims of DDoS, website defacements, and breach allegations. The most impacted regions during Feb 27Mar 6, 2026 were reported as Israel, Kuwait, and Jordan, with Bahrain, Qatar, and the UAE also in the top ten; the most targeted industries included national government, aerospace/defense, and technology. The article describes broad, multi-actor retaliation dynamics (including pro-Russian and pro-Iranian collectives) rather than one discrete confirmed cyber event against a single named target.
Wagon Mound Public Schools
February 27, 2026
•[ ransomware, virus, extortion ]
Wagon Mound Public Schools said a virus infected its systems and shut down access across the network, and later outside reporting tied the incident to an Interlock ransomware extortion claim alleging theft of 80 GB of staff and student data.
Mexico City Civil Registry
February 26, 2026
•[ data leak, unauthorized access, exfiltration ]
Attackers gained unauthorized access to Mexican government civil registry databases and exfiltrated sensitive records. Stolen data reportedly includes birth certificate information and national identification numbers from Mexico Citys civil registry.
Monterrey Water Utility
February 26, 2026
•[ unauthorized access, data leak, billing information ]
Attackers gained unauthorized access to Monterreys municipal water utility databases and stole internal and customer records. The exposed data reportedly includes billing and account information linked to utility customers.
Mexico Tax Authority
February 26, 2026
•[ data leak, unauthorized access, government ]
Attackers accessed Mexican tax authority systems and exfiltrated taxpayer information. The compromised data reportedly includes tax records and taxpayer identification details.
Michoacán State Government
February 26, 2026
•[ data breach, citizen identification data, government registry records ]
Attackers accessed databases belonging to the Michoacn state government and stole sensitive administrative records. The compromised information reportedly includes citizen identification data and government registry records.
Tamaulipas State Government
February 26, 2026
•[ data leak, citizen records, government registry information ]
Attackers accessed databases belonging to the Tamaulipas state government and exfiltrated sensitive citizen records. The stolen data reportedly includes government registry information and personal identification numbers.
National Tax Service Korea
February 26, 2026
•[ data leak, cryptocurrency, seed phrase exposure ]
South Koreas National Tax Service accidentally published a hardware wallet recovery phrase in a press photo announcing seized assets. An unknown attacker used the exposed seed phrase to transfer roughly $4.8 million in cryptocurrency from the wallet.
Centre for Information Technologies of the State (CTIE)
February 26, 2026
•[ malware, data leak, government ]
CTIE detected malware on a system used to manage government mobile-device access and later said an external actor accessed device-holder information and device characteristics. The temporary loss of mobile access to internal state services resulted from CTIE isolating the affected system as a precaution.
Ngong Ping 360
February 26, 2026
•[ ransomware, data breach, internal network compromise ]
Ngong Ping 360 said an attacker stole personal data from its internal network and made a ransom demand. The company said the affected network was separate from cable car operations and electronic payment systems.
Peak Software Systems
February 26, 2026
•[ ransomware, service outage, payment processing ]
Peak Software Systems said attackers encrypted parts of its infrastructure and disrupted the Sportsman recreation-registration platform, causing outages in online signups, rentals, and some payment processing for customer cities.
KomikoAI
February 25, 2026
•[ data breach, PII, AI prompts ]
In February, the AI-powered comic generation platform KomikoAI suffered a data breach. The incident exposed 1M unique email addresses along with names, user posts and the AI prompts used to generate content. The exposed data enables the mapping of individual AI prompts to specific email addresses.
Lovora
February 25, 2026
•[ data breach, personal information, email addresses ]
In February 2026, the couples and relationship app Lovora allegedly suffered a data breach that exposed 496k unique email addresses. The data also included users display names and profile photos, along with other personal information collected through use of the app. The apps maker, Plantake, did not respond to multiple attempts to contact them about the incident.
Clalit Health Services
February 25, 2026
•[ data leak, healthcare breach, cyber attack ]
Handala claimed it breached Clalit Health Services and published patient files and internal documents online; Clalit said it was investigating the incident and that systems were operating normally.
YES Bank / BookMyForex
February 24, 2026
•[ financial fraud, unauthorized transactions, prepaid forex card breach ]
Attackers used compromised YES Bank and BookMyForex prepaid forex card details to conduct unauthorized USD-BRL transactions at multiple merchants. Roughly 5000 customers were affected and about $280000 in fraudulent transactions were processed before the activity was blocked.
LexisNexis Legal & Professional
February 24, 2026
•[ data leak, cloud security breach, vulnerability exploitation ]
FulcrumSec breached LexisNexis Legal & Professional AWS infrastructure through a vulnerable React container and exfiltrated company and customer data. The stolen dataset includes millions of database records and customer account information.
Undisclosed Middle East entity
February 24, 2026
•[ ransomware, cyberattack, data breach ]
Symantec and Carbon Black linked Lazarus to a Medusa ransomware attack against an undisclosed Middle East entity; the same reporting noted an unsuccessful attempt against a U.S. healthcare organization, which is not coded here as a successful event.
Local 100 chapter of the Transport Workers Union of America
February 24, 2026
•[ ransomware, data leak, identity theft ]
SC Media reported that Qilin claimed to have breached TWU Local 100 (NYC transit union) and published stolen data on its leak site, putting over 41,000 active transit workers and 26,000 retirees at risk of identity theft. The report notes Qilin did not specify how much data was taken, but highlighted that the union retains sensitive employee information such as contact details, salary information, job titles, medical and insurance benefits, and retirement/pension planning information. The report frames the incident as a ransomware groups breach claim with a presumed data-theft/extortion outcome.
