Synergy France
April 8, 2026
•[ ransomware, data leak, cyberattack ]
The Gentlemen ransomware group claimed responsibility for a cyberattack against Synergy France on April 8, 2026 and threatened to publish sensitive data unless the company contacted the group. ComputerWeekly later described The Gentlemen as an emerging ransomware player responsible for a large volume of attacks in 2026.
My Lovely AI
April 7, 2026
•[ data breach, NSFW, AI-generated content ]
In April 2026, the NSFW AI girlfriend platform My Lovely AI suffered a data breach that exposed over 100k users. The data included user-created prompts and links to the resulting AI-generated images, along with a small number of Discord and X usernames.
ChipSoft
April 7, 2026
•[ ransomware, healthcare, data breach ]
Embargo ransomware hit ChipSoft on April 7, 2026, disrupting its website and digital healthcare services, causing hospitals to disconnect or take ChipSoft-connected systems offline, and stealing medical personal data from several Dutch healthcare institutions; ChipSoft later said the stolen data had been destroyed.
Undisclosed Australian organization
April 7, 2026
•[ ransomware, Medusa ransomware, data exfiltration ]
Microsoft reported that Storm-1175, a financially motivated cybercrime actor linked to Medusa ransomware, heavily impacted organizations in Australia, the United Kingdom, and the United States by exploiting vulnerable web-facing systems, exfiltrating data, and deploying ransomware. This row represents the undisclosed Australian victim component of the country-level coding approach.
Undisclosed United Kingdom organization
April 7, 2026
•[ ransomware, data exfiltration, cybercrime ]
Microsoft reported that Storm-1175, a financially motivated cybercrime actor linked to Medusa ransomware, heavily impacted organizations in Australia, the United Kingdom, and the United States by exploiting vulnerable web-facing systems, exfiltrating data, and deploying ransomware. This row represents the undisclosed United Kingdom victim component of the country-level coding approach.
Undisclosed United States organization
April 7, 2026
•[ ransomware, cybercrime, data exfiltration ]
Microsoft reported that Storm-1175, a financially motivated cybercrime actor linked to Medusa ransomware, heavily impacted organizations in Australia, the United Kingdom, and the United States by exploiting vulnerable web-facing systems, exfiltrating data, and deploying ransomware. This row represents the undisclosed United States victim component of the country-level coding approach.
ChipSoft
April 7, 2026
•[ ransomware, data breach, healthcare ]
ChipSoft was hit by a ransomware attack on April 7, 2026, causing hosted patient-facing and provider-facing digital services to be disconnected or taken offline while the company investigated and restored systems. ChipSoft later confirmed that personal and medical patient data from some Dutch healthcare customers had been stolen and said the stolen data was destroyed and not published.
LegionProxy
April 6, 2026
•[ data breach, email addresses, password hashes ]
In April 2026, the commercial residential and ISP proxy network LegionProxy suffered a data breach. The incident exposed 10k email addresses, bcrypt password hashes, names and purchases.
Winona County
April 6, 2026
•[ ransomware, data leak, government ]
Winona County, Minnesota experienced a ransomware attack that began April 6, 2026 and was discovered April 7. Officials took affected systems offline, declared a local emergency, requested Minnesota National Guard assistance, and notified the FBI. Later reporting confirmed cybercriminals released information taken from the county network; emergency services and 911 remained operational, while vital statistics and DMV systems were among those impacted.
Signature Healthcare Brockton Hospital
April 6, 2026
•[ cyberattack, data theft, healthcare ]
A cyberattack detected on April 6, 2026 affected information systems at Signature Healthcare and Signature Healthcare Brockton Hospital, triggering downtime procedures, ambulance diversion, chemotherapy cancellations, EHR and patient portal outages, pharmacy prescription-fill disruption, lab delays, and medical-record request disruption; Anubis claimed it stole 2 TB of data, but Signature Healthcare did not confirm data theft.
Undisclosed critical infrastructure organization
April 6, 2026
•[ Chinese-nexus intrusions, critical infrastructure, lateral movement ]
Darktrace reported Chinese-nexus intrusions affecting critical infrastructure organizations, with some high-value intrusions involving lateral movement before data exfiltration.
The McLamb Group, Inc.
April 6, 2026
•[ data leak, PII, Social Security numbers ]
PEAR claimed The McLamb Group, Inc. on its leak site with an estimated attack date of April 6, 2026. DataBreach indexed 124,203 rows and listed exposed fields including Social Security numbers, dates of birth, email addresses, phone numbers, names, and street addresses. Public reporting did not confirm encryption, data destruction, attacker-caused operational disruption, or the exact intrusion vector.
Minidoka Memorial Hospital
April 5, 2026
•[ cyber attack, healthcare, operational disruption ]
A cyber incident on Easter morning limited imaging services at Minidoka Memorial Hospital in Rupert, Idaho, leading to temporary emergency patient transfers; internal systems were affected but patient care continued, and imaging was fully restored by midnight on April 19, 2026.
Taiwan High Speed Rail Corporation
April 5, 2026
•[ radio interference, TETRA communications, software-defined radio ]
A 23-year-old university student identified by the surname Lin allegedly interfered with Taiwan High Speed Rail's TETRA radio communications system using software-defined radio equipment and handheld radios. The unauthorized General Alarm signal triggered emergency braking or emergency stop procedures, affecting four high-speed trains for approximately 48 minutes. Public reporting did not identify data theft, ransomware, or a financial motive.
Shine Aviation
April 4, 2026
•[ data leak, employee credentials, employee records ]
Anubis claimed on April 4, 2026 that it obtained 57 GB, or more than 68,000 files, from Geraldton-based Shine Aviation, including alleged employee credentials and records, access-card scans, operational documentation, and aircraft-related certificates; the claim was not independently verified.
Anodot
April 4, 2026
•[ data breach, token theft, unauthorized access ]
ShinyHunters allegedly breached Anodot, causing its data connectors to stop working and enabling downstream customer cloud-data access through stolen tokens.
Equity Life Indonesia
April 4, 2026
•[ ransomware, data theft, data encryption ]
The Gentlemen ransomware group claimed responsibility for an attack against Equity Life Indonesia on April 4, 2026, threatening to publish stolen data unless contacted. Independent ransomware trackers listed Equity Life Indonesia under The Gentlemen, and CYFIRMA reported the campaign objective as data theft, data encryption, and financial gain, but public sources did not confirm the exact data volume, affected record count, or operational disruption.
Amtrak
April 3, 2026
•[ data leak, ransomware, ShinyHunters ]
In April 2026, the hacking group ShinyHunters claimed they had breached Amtrak. The group typically compromises organisations' Salesforce instances before demanding a ransom and later, if not paid, dumping the data publicly. The exposed data contained over 2M unique email addresses along with names, physical addresses and customer support records.
Hong Kong Hospital Authority (Kowloon East Cluster)
April 3, 2026
•[ data leak, unauthorized retrieval, patient data ]
The Hospital Authority detected unauthorized retrieval and leakage of patient data from the Kowloon East Cluster on April 3, 2026, affecting more than 56,000 patients; internal checks did not indicate a cyberattack, and police and privacy regulators were notified.
SongTrivia2
April 2, 2026
•[ data breach, data leak, password hashes ]
In April 2026, the music trivia platform SongTrivia2 suffered a data breach that was subsequently published to a public hacking forum. The data contained a total of 291k unique email addresses sourced from either Google OAuth logins or accounts created on the site, the latter also containing bcrypt password hashes. The data also included names, usernames and avatars.
