Bitrefill
March 1, 2026
•[ cyberattack, data breach, cryptocurrency theft ]
Bitrefill disclosed that a March 1, 2026 cyberattack originating from a compromised employee laptop enabled attackers to obtain legacy credentials, access a snapshot containing production secrets, and escalate into parts of Bitrefills infrastructure. The attackers accessed parts of the database and some cryptocurrency wallets, leading to theft of funds and misuse of gift card inventory/supply flows. Bitrefill reported exposure of about 18,500 purchase records containing customer email addresses, IP addresses, and cryptocurrency payment addresses; for about 1,000 purchases, customer names were also potentially exposed (stored encrypted, but the attackers may have obtained decryption keys). Bitrefill said it shut down systems to isolate the incident, worked with security experts/on-chain analysts/law enforcement, and assessed the method as consistent with Lazarus/BlueNoroff activity.
Bitrefill
March 1, 2026
•[ data breach, cryptocurrency theft, PII leak ]
Bitrefill published a post-mortem stating it was attacked on March 1, 2026 and attributed the activity to North Koreas Lazarus Group. The breach was discovered after suspicious purchasing patterns suggested gift card stock and supplier supply lines were being exploited. Bitrefill said attackers accessed about 18,500 purchase records containing customer email addresses, crypto payment addresses, and metadata including IP addresses. The attackers also drained some Bitrefill cryptocurrency wallets and transferred funds to attacker-controlled wallets; the company did not disclose the amount stolen and said it would absorb the losses.
Choice Hotels International
January 14, 2026
•[ social engineering, unauthorized access, PII leak ]
An unauthorized person used social engineering to gain access to a Choice Hotels application containing records on franchisees and franchise applicants, exposing names and Social Security numbers.
University of Pennsylvania
October 30, 2025
•[ data breach, ransomware, donor records ]
In October 2025, the University of Pennsylvania was the victim of a data breach followed by a ransom demand, largely affecting its donor database. After the incident, the attackers sent inflammatory emails to some victims. The data was later published online in February 2026 and included 624k unique email addresses alongside names and physical addresses. For some donor records, additional personal information was exposed, including gender and date of birth. A small subset of records also contained religion, spouse name, estimated income and donation history.
Ontario Health atHome
April 13, 2025
•[ ransomware, data exfiltration, healthcare ]
Ontario Medical Supply (OMS), a vendor supporting Ontario Health atHomes home care supply operations, experienced a ransomware incident in 2025. Reporting described earliest observed access on March 17, 2025, followed by ransomware payload execution on April 13, 2025, after which OMS systems failed and the organization was locked out of a significant portion of servers. Internal reporting referenced impacts to roughly 200,000 patients and indicated breached data included names, contact information, and medical supplies/equipment ordered. OMS later stated only a limited amount of incomplete data was exfiltrated and said it found no evidence of misuse at the time of its statement.
Muah.AI
September 17, 2024
•[ data breach, PII leak, AI prompts ]
In September 2024, the "AI girlfriend" website Muah.AI suffered a data breach. The breach exposed 1.9M email addresses alongside prompts to generate AI-based images. Many of the prompts were highly sexual in nature, with many also describing child exploitation scenarios.
TheNaturalOnline.com
August 14, 2014
•[ data breach, credit card theft, PII leak ]
TheNaturalOnline.com is compromised by an unknown attacker, who gains access to names, addresses, email addresses, phone numbers, passwords, credit and debit cards, expiration dates and CVV codes.
