Ameriprise
March 2, 2026
•[ extortion, data leak, ShinyHunters ]
In March 2026, the financial services firm Ameriprise Financial was named by the ShinyHunters group in a "pay or leak" extortion campaign. The group claimed possession of more than 200GB of compressed data exfiltrated from Ameriprise's Salesforce environment and internal SharePoint infrastructure, and subsequently published the data after negotiations allegedly failed. The published data contained 500k unique email addresses as well as names, phone numbers, physical addresses and employer information. In their disclosure to state attorneys general, Ameriprise reported 47,876 affected people; the larger email address population represents contacts from Ameriprise's broader operational systems, including internal staff. Ameriprise further advised that they have "implemented heightened monitoring of your account(s) to include enhanced identity verification procedures".
Adelante Soluciones Financieras
March 1, 2026
•[ data leak, unauthorized access, PII ]
Addi identified unauthorized activity on its platform in March 2026 and advised customers that personal information may have been compromised. ShinyHunters later claimed responsibility and published a large trove of personal data allegedly obtained from Addi. DataBreach indexed 67,979,172 rows tied to the breach, while HIBP reported approximately 34 million exposed email addresses and credit-related data points. Public sources did not confirm encryption, data destruction, operational disruption, or a precise intrusion vector.
Department of Homeland Security (DHS)
March 1, 2026
•[ hacktivism, data leak, government contracts ]
DataBreaches summarized reporting that hacktivists calling themselves Department of Peace claimed to have hacked DHS and leaked allegedly stolen documents. The transparency collective DDoSecrets published data described as relating to contracts between DHS, ICE, and more than 6,000 companies (including major defense contractors and large technology firms). The report attributes the source to DHSs Office of Industry Partnership procurement unit; DHS confirmation and the exact intrusion method were not provided in the DataBreaches excerpt.
Murata Manufacturing Co., Ltd.
February 28, 2026
•[ unauthorized access, data leak, IT environment breach ]
Murata Manufacturing confirmed unauthorized third-party access to its IT environment and improper access to data, with later updates identifying possible leakage of employee, associated-person, customer, supplier, stakeholder, and business partner information.
Dienst Justitiële Inrichtingen
February 27, 2026
•[ data leak, vulnerability exploit, internal network access ]
Hackers exploited an Ivanti Endpoint Manager Mobile flaw to access the internal network of the Dutch prisons agency and view staff contact details and security certificates; they also gained access to phones, tablets, and laptops.
Wilhelmsen Ship Management (Norway) AS
February 27, 2026
•[ ransomware, data leak, operational disruption ]
A ransomware incident affected systems on a single Wilhelmsen-managed ship and disrupted that vessels operations. Later reporting said passport and next-of-kin information relating to personnel on that ship was also compromised.
Wagon Mound Public Schools
February 27, 2026
•[ ransomware, virus, extortion ]
Wagon Mound Public Schools said a virus infected its systems and shut down access across the network, and later outside reporting tied the incident to an Interlock ransomware extortion claim alleging theft of 80 GB of staff and student data.
Mexico City Civil Registry
February 26, 2026
•[ data leak, unauthorized access, exfiltration ]
Attackers gained unauthorized access to Mexican government civil registry databases and exfiltrated sensitive records. Stolen data reportedly includes birth certificate information and national identification numbers from Mexico Citys civil registry.
Tamaulipas State Government
February 26, 2026
•[ data leak, citizen records, government registry information ]
Attackers accessed databases belonging to the Tamaulipas state government and exfiltrated sensitive citizen records. The stolen data reportedly includes government registry information and personal identification numbers.
National Tax Service Korea
February 26, 2026
•[ data leak, cryptocurrency, seed phrase exposure ]
South Koreas National Tax Service accidentally published a hardware wallet recovery phrase in a press photo announcing seized assets. An unknown attacker used the exposed seed phrase to transfer roughly $4.8 million in cryptocurrency from the wallet.
Centre for Information Technologies of the State (CTIE)
February 26, 2026
•[ malware, data leak, government ]
CTIE detected malware on a system used to manage government mobile-device access and later said an external actor accessed device-holder information and device characteristics. The temporary loss of mobile access to internal state services resulted from CTIE isolating the affected system as a precaution.
Mexico Tax Authority
February 26, 2026
•[ data leak, unauthorized access, government ]
Attackers accessed Mexican tax authority systems and exfiltrated taxpayer information. The compromised data reportedly includes tax records and taxpayer identification details.
Monterrey Water Utility
February 26, 2026
•[ unauthorized access, data leak, billing information ]
Attackers gained unauthorized access to Monterreys municipal water utility databases and stole internal and customer records. The exposed data reportedly includes billing and account information linked to utility customers.
Clalit Health Services
February 25, 2026
•[ data leak, healthcare breach, cyber attack ]
Handala claimed it breached Clalit Health Services and published patient files and internal documents online; Clalit said it was investigating the incident and that systems were operating normally.
Local 100 chapter of the Transport Workers Union of America
February 24, 2026
•[ ransomware, data leak, identity theft ]
SC Media reported that Qilin claimed to have breached TWU Local 100 (NYC transit union) and published stolen data on its leak site, putting over 41,000 active transit workers and 26,000 retirees at risk of identity theft. The report notes Qilin did not specify how much data was taken, but highlighted that the union retains sensitive employee information such as contact details, salary information, job titles, medical and insurance benefits, and retirement/pension planning information. The report frames the incident as a ransomware groups breach claim with a presumed data-theft/extortion outcome.
LexisNexis Legal & Professional
February 24, 2026
•[ data leak, cloud security breach, vulnerability exploitation ]
FulcrumSec breached LexisNexis Legal & Professional AWS infrastructure through a vulnerable React container and exfiltrated company and customer data. The stolen dataset includes millions of database records and customer account information.
Grand Hotel Taipei
February 21, 2026
•[ cyberattack, data leak, unauthorized access ]
Grand Hotel Taipei reported a cyberattack on its systems and warned that guest reservation information may have been accessed. The potentially exposed data includes guest names and contact details, though the number of affected individuals has not been disclosed.
Russian military drone operators
February 21, 2026
•[ data leak, monitoring systems, drone operators ]
Ukrainian hacktivists from the Fenix cyber analytics center, supported by volunteers of the InformNapalm international intelligence community, compromised accounts of Russian military personnel and gained access to monitoring systems used by attack drone operators.
Telecare Corporation
February 19, 2026
•[ ransomware, data leak, healthcare ]
Qilin claimed responsibility for an attack on Telecare Corporation on February 19, 2026 and threatened to release sensitive healthcare data unless negotiations began. DataBreach indexed 275,644 rows and listed exposed fields including Social Security numbers, dates of birth, email addresses, phone numbers, names, and street addresses. Public reporting did not confirm encryption, data destruction, attacker-caused operational disruption, or the exact intrusion vector.
Del Monte Foods
February 19, 2026
•[ ransomware, data leak ]
PayoutsKING claimed responsibility for an attack on Del Monte Foods, with Ransomware.live listing an estimated attack date of February 19, 2026 and discovery on April 30, 2026. Breachsense reported a 1.2TB leak size, while DataBreach indexed approximately 143,000 rows. Public reporting did not confirm encryption, data destruction, attacker-caused operational disruption, or the exact exposed data fields.
