Woflow
March 5, 2026
•[ supply-chain risk, extortion, data leak ]
ShinyHunters claimed it compromised Woflow, an AI-driven merchant data platform, in what was described as a supply-chain risk for major clients. The group threatened to leak data by March 6, 2026 if demands were not met, and claimed it stole internal corporate information, personally identifiable information, and transaction/order details. Reporting noted the group did not provide a verifiable public data sample and Woflow did not provide a public response at the time, so the incident remains an alleged breach based on the extortion claim.
Tehran traffic cameras
March 3, 2026
•[ hacking, surveillance, espionage ]
DataBreaches summarized reporting alleging Israeli intelligence hacked or accessed a very large portion of Tehrans traffic camera network over multiple years to track senior Iranian officials, including Ayatollah Ali Khamenei. The reporting claimed real-time camera data (including cameras around Khameneis compound) was encrypted and transmitted to servers in Israel and used to build pattern of life intelligence, such as where security teams parked vehicles.
AkzoNobel
March 3, 2026
•[ ransomware, data leak, internal correspondence ]
AkzoNobel confirmed a security incident at one of its U.S. sites after the Anubis ransomware group published a partial leak. AkzoNobel stated the incident was contained and limited to the affected site. The leak samples described in reporting included confidential client agreements, internal email correspondence, technical specification sheets, material testing documents, and contact data such as email addresses and phone numbers, as well as passport scans.
Department of Homeland Security (DHS)
March 1, 2026
•[ hacktivism, data leak, government contracts ]
DataBreaches summarized reporting that hacktivists calling themselves Department of Peace claimed to have hacked DHS and leaked allegedly stolen documents. The transparency collective DDoSecrets published data described as relating to contracts between DHS, ICE, and more than 6,000 companies (including major defense contractors and large technology firms). The report attributes the source to DHSs Office of Industry Partnership procurement unit; DHS confirmation and the exact intrusion method were not provided in the DataBreaches excerpt.
Wilhelmsen Ship Management (Norway) AS
February 27, 2026
•[ ransomware, data leak, operational disruption ]
A ransomware incident affected systems on a single Wilhelmsen-managed ship and disrupted that vessels operations. Later reporting said passport and next-of-kin information relating to personnel on that ship was also compromised.
Dienst Justitiële Inrichtingen
February 27, 2026
•[ data leak, vulnerability exploit, internal network access ]
Hackers exploited an Ivanti Endpoint Manager Mobile flaw to access the internal network of the Dutch prisons agency and view staff contact details and security certificates; they also gained access to phones, tablets, and laptops.
Wagon Mound Public Schools
February 27, 2026
•[ ransomware, virus, extortion ]
Wagon Mound Public Schools said a virus infected its systems and shut down access across the network, and later outside reporting tied the incident to an Interlock ransomware extortion claim alleging theft of 80 GB of staff and student data.
Mexico City Civil Registry
February 26, 2026
•[ data leak, unauthorized access, exfiltration ]
Attackers gained unauthorized access to Mexican government civil registry databases and exfiltrated sensitive records. Stolen data reportedly includes birth certificate information and national identification numbers from Mexico Citys civil registry.
Monterrey Water Utility
February 26, 2026
•[ unauthorized access, data leak, billing information ]
Attackers gained unauthorized access to Monterreys municipal water utility databases and stole internal and customer records. The exposed data reportedly includes billing and account information linked to utility customers.
Mexico Tax Authority
February 26, 2026
•[ data leak, unauthorized access, government ]
Attackers accessed Mexican tax authority systems and exfiltrated taxpayer information. The compromised data reportedly includes tax records and taxpayer identification details.
Tamaulipas State Government
February 26, 2026
•[ data leak, citizen records, government registry information ]
Attackers accessed databases belonging to the Tamaulipas state government and exfiltrated sensitive citizen records. The stolen data reportedly includes government registry information and personal identification numbers.
National Tax Service Korea
February 26, 2026
•[ data leak, cryptocurrency, seed phrase exposure ]
South Koreas National Tax Service accidentally published a hardware wallet recovery phrase in a press photo announcing seized assets. An unknown attacker used the exposed seed phrase to transfer roughly $4.8 million in cryptocurrency from the wallet.
Centre for Information Technologies of the State (CTIE)
February 26, 2026
•[ malware, data leak, government ]
CTIE detected malware on a system used to manage government mobile-device access and later said an external actor accessed device-holder information and device characteristics. The temporary loss of mobile access to internal state services resulted from CTIE isolating the affected system as a precaution.
Clalit Health Services
February 25, 2026
•[ data leak, healthcare breach, cyber attack ]
Handala claimed it breached Clalit Health Services and published patient files and internal documents online; Clalit said it was investigating the incident and that systems were operating normally.
LexisNexis Legal & Professional
February 24, 2026
•[ data leak, cloud security breach, vulnerability exploitation ]
FulcrumSec breached LexisNexis Legal & Professional AWS infrastructure through a vulnerable React container and exfiltrated company and customer data. The stolen dataset includes millions of database records and customer account information.
Local 100 chapter of the Transport Workers Union of America
February 24, 2026
•[ ransomware, data leak, identity theft ]
SC Media reported that Qilin claimed to have breached TWU Local 100 (NYC transit union) and published stolen data on its leak site, putting over 41,000 active transit workers and 26,000 retirees at risk of identity theft. The report notes Qilin did not specify how much data was taken, but highlighted that the union retains sensitive employee information such as contact details, salary information, job titles, medical and insurance benefits, and retirement/pension planning information. The report frames the incident as a ransomware groups breach claim with a presumed data-theft/extortion outcome.
Grand Hotel Taipei
February 21, 2026
•[ cyberattack, data leak, unauthorized access ]
Grand Hotel Taipei reported a cyberattack on its systems and warned that guest reservation information may have been accessed. The potentially exposed data includes guest names and contact details, though the number of affected individuals has not been disclosed.
Russian military drone operators
February 21, 2026
•[ data leak, monitoring systems, drone operators ]
Ukrainian hacktivists from the Fenix cyber analytics center, supported by volunteers of the InformNapalm international intelligence community, compromised accounts of Russian military personnel and gained access to monitoring systems used by attack drone operators.
Undisclosed contractor supporting National Bank of Ukraine numismatic online store
February 19, 2026
•[ data leak, supply chain attack, cyberattack ]
Attackers breached an undisclosed contractor supporting the National Bank of Ukraine's numismatic online store, potentially exposing customer registration and delivery data; the online store was temporarily taken offline while the incident was investigated.
Fundação Getúlio Vargas
February 19, 2026
•[ ransomware, data-extortion, data leak ]
TecMundo reported that ransomware/data-extortion group Dragonforce listed Fundao Getulio Vargas (FGV) as a purported victim and claimed a compromise of 1.52 TB of data, posting images of documents as proof and setting a countdown (typical extortion deadline) for publication if ransom is not paid. TecMundo said it reviewed sample documents that appeared to include internship registration forms, personnel/event records, and project proposals. FGV responded that it had experienced service/provider instability that was resolved and that it had no confirmation of system intrusion or data exfiltration, stating that anonymous dark web postings were not proof.
