Nordenta
April 20, 2026
•[ ransomware, data leak ]
The Danish dental supplier Nordenta was listed on the Kairos ransomware leak site around April 20, 2026, and Computerworld reported on April 22 that the company had been hit by ransomware. Kairos claimed to have stolen 1.68 TB of data and used the leak-site post to pressure company executives, but the specific data categories and operational impact were not confirmed in the reviewed sources.
Seiko USA
April 18, 2026
•[ defacement, ransomware, data theft ]
The Seiko USA websites Press Lounge section was defaced with a ransom message claiming attackers had accessed the companys Shopify backend and stolen its customer database; the claimed data theft was not confirmed.
Adams County, Mississippi
April 17, 2026
•[ ransomware, government services, outdated systems ]
Adams County, Mississippi suffered a ransomware attack on April 17, 2026, after an outdated computer in the sanitation department allowed hackers to spread through the county network. The attack locked employees out of key services including court records, car tag payments, and public records processing; about 70% of systems were back online by the time of reporting, but full recovery was still underway.
Pricon Microelectronics, Inc.
April 17, 2026
•[ ransomware, data theft, LockBit 5.0 ]
Pricon Microelectronics suffered a ransomware attack affecting some servers; LockBit 5.0 later claimed data theft.
Kemper
April 15, 2026
•[ ransomware, social engineering, extortion ]
In April 2026, the American insurance holding company Kemper Corporation was named by the ShinyHunters ransomware group in a "pay or leak" extortion campaign. The attackers allegedly accessed Kemper's Salesforce environment via social engineering as part of a broader campaign targeting hundreds of organisations using the same method. The group later published tens of gigabytes of data they claimed included internal directory data, Salesforce records and Stripe payment logs. Among the 269k unique email addresses were names, phone numbers, physical addresses and partial payment card data including the last 4 digits, expiry dates and card brands. Kemper confirmed the incident and stated they had engaged third-party cybersecurity experts and notified law enforcement.
Guesty
April 15, 2026
•[ ransomware, extortion, data theft ]
Vect claimed it stole 700GB of Guesty data and was negotiating with the company after a ransomware-related extortion listing.
Gastroenterology & Hepatology of CNY
April 14, 2026
•[ ransomware, data-extortion, healthcare ]
Exitium claimed responsibility for a ransomware and data-extortion attack against Gastroenterology & Hepatology of CNY on April 14, 2026, claiming it had encrypted systems and threatened to sell patient records if its demands were not met. DataBreach.com later indexed 196,959 rows associated with the leak, while other public reporting described Exitium's claim as involving approximately 167,303 patient records.
Unimed
April 14, 2026
•[ unauthorized access, data theft, ransomware ]
Unknown attackers gained unauthorized access to parts of Unimed's IT infrastructure on April 14, 2026 and stole patient billing data processed for German hospitals and clinics. Affected institutions included university hospitals in Cologne, Freiburg, Heidelberg, Tbingen, Ulm, Dsseldorf, Mainz, Saarland, Oldenburg, Hannover, Gttingen, and others. Reporting indicated the attackers intended broader system encryption, but this was stopped; hospitals said their clinical systems and patient care were not affected.
Spring Lake Park School District
April 12, 2026
•[ ransomware, system shutdown, cyberattack ]
Spring Lake Park Schools discovered on April 12, 2026 that an outside actor had accessed some district systems in a suspected ransomware incident; the district shut down systems defensively to prevent further access, causing class, childcare, community education, and after-school activity cancellations while recovery proceeded.
Autovista
April 11, 2026
•[ ransomware, service disruption, containment ]
Autovista reported a ransomware incident identified on April 11, 2026 that affected certain systems in Europe and Australia and caused service disruption for customers. The company implemented containment measures, worked with external forensic experts to validate systems before restoration, and later reported many products and services were partially or fully restored.
Saver
April 9, 2026
•[ ransomware, personal data, operational disruption ]
Saver was hit by ransomware on April 9, disrupting systems and phone lines while attackers accessed servers containing personal data.
Athénée Royal d'Izel
April 9, 2026
•[ ransomware, encryption, service disruption ]
The local server of Athne Royal d'Izel was encrypted during a ransomware attack on the morning of April 9, 2026, affecting the online school platform for meal payments and attendance; quick isolation prevented personal data theft and restoration from backups was underway.
Rx Management
April 8, 2026
•[ ransomware, data leak, healthcare ]
INC Ransom listed Australian pharmacy management firm Rx Management on its leak site on April 8, 2026 and threatened to publish more than 180 GB of allegedly stolen data; the data types and full extent were not publicly verified.
Synergy France
April 8, 2026
•[ ransomware, data leak, cyberattack ]
The Gentlemen ransomware group claimed responsibility for a cyberattack against Synergy France on April 8, 2026 and threatened to publish sensitive data unless the company contacted the group. ComputerWeekly later described The Gentlemen as an emerging ransomware player responsible for a large volume of attacks in 2026.
City of Ardmore
April 8, 2026
•[ ransomware, phishing, data leak ]
On April 8, 2026, ransomware encrypted Ardmore police/internal servers after a phishing email; the incident was contained within hours, and information tied to criminal complaints and investigations, including names, addresses, and phone numbers, may have been exposed.
Undisclosed United States organization
April 7, 2026
•[ ransomware, cybercrime, data exfiltration ]
Microsoft reported that Storm-1175, a financially motivated cybercrime actor linked to Medusa ransomware, heavily impacted organizations in Australia, the United Kingdom, and the United States by exploiting vulnerable web-facing systems, exfiltrating data, and deploying ransomware. This row represents the undisclosed United States victim component of the country-level coding approach.
Undisclosed Australian organization
April 7, 2026
•[ ransomware, Medusa ransomware, data exfiltration ]
Microsoft reported that Storm-1175, a financially motivated cybercrime actor linked to Medusa ransomware, heavily impacted organizations in Australia, the United Kingdom, and the United States by exploiting vulnerable web-facing systems, exfiltrating data, and deploying ransomware. This row represents the undisclosed Australian victim component of the country-level coding approach.
Undisclosed United Kingdom organization
April 7, 2026
•[ ransomware, data exfiltration, cybercrime ]
Microsoft reported that Storm-1175, a financially motivated cybercrime actor linked to Medusa ransomware, heavily impacted organizations in Australia, the United Kingdom, and the United States by exploiting vulnerable web-facing systems, exfiltrating data, and deploying ransomware. This row represents the undisclosed United Kingdom victim component of the country-level coding approach.
ChipSoft
April 7, 2026
•[ ransomware, data breach, healthcare ]
ChipSoft was hit by a ransomware attack on April 7, 2026, causing hosted patient-facing and provider-facing digital services to be disconnected or taken offline while the company investigated and restored systems. ChipSoft later confirmed that personal and medical patient data from some Dutch healthcare customers had been stolen and said the stolen data was destroyed and not published.
ChipSoft
April 7, 2026
•[ ransomware, healthcare, data breach ]
Embargo ransomware hit ChipSoft on April 7, 2026, disrupting its website and digital healthcare services, causing hospitals to disconnect or take ChipSoft-connected systems offline, and stealing medical personal data from several Dutch healthcare institutions; ChipSoft later said the stolen data had been destroyed.
