Scotia-Glenville Central School District Facebook page
March 29, 2026
•[ Account Takeover, Social Media Hijacking, Unauthorized Access ]
A malicious actor gained administrative control of the Scotia-Glenville Central School District Facebook page through a hacked non-district account used by its communications specialist and posted inappropriate videos and replies while posing as the district; the district said its internal servers and data systems were not compromised.
Ajax FC
March 25, 2026
•[ data leak, unauthorized access, PII ]
Ajax said a hacker unlawfully gained access to parts of its systems and viewed the email addresses of a few hundred people, as well as names, email addresses, and dates of birth for fewer than 20 people with stadium bans.
Hong Kong Correctional Services Department
March 24, 2026
•[ unauthorized access, data breach, personal data leak ]
Hong Kong's Correctional Services Department said a hacker illegally accessed its internal Knowledge Management System on March 24, 2026 and then accessed another system containing personal data of about 6,800 current and former staff.
Liberty
March 23, 2026
•[ unauthorized access, data leak, personal information ]
Liberty notified customers that unauthorized access to personal information had occurred and said the exposed data included names, surnames, and identity numbers, while policies, investments, and services remained secure and operational.
IntraCare
March 20, 2026
•[ unauthorized access, extortion, data breach investigation ]
IntraCare disclosed unauthorized access to its network on March 20, 2026, while outside reporting linked the incident to a The Gentlemen extortion claim; the organization said it was still investigating what information, if any, was impacted.
Dutch Ministry of Finance
March 19, 2026
•[ cyberattack, unauthorized access, internal system compromise ]
The Record reported that the Dutch Ministry of Finance is investigating a cyberattack that compromised some internal systems. Officials said the breach was flagged on March 19, 2026 after a third party alerted the ministry to suspicious activity, and internal security teams found unauthorized access to several systems used by a department. Authorities said the affected systems were part of the ministrys primary infrastructure and were taken offline quickly once detected. The report did not confirm data theft or identify the attacker; the confirmed impact is internal-system compromise and operational disruption from systems being taken offline during response.
Infinite Campus
March 18, 2026
•[ unauthorized access, data leak, account compromise ]
An unauthorized actor accessed an Infinite Campus employee's Salesforce account, exposing names and contact information for school staff; Infinite Campus said no student databases were accessed.
At least one individual
March 18, 2026
•[ phishing, malware, social engineering ]
Cyber fraudsters in Navi Mumbai impersonated Mahanagar Gas Limited officials and sent malicious WhatsApp files or links that compromised victims' phones and enabled unauthorized access to their bank accounts.
Nordstrom
March 17, 2026
•[ phishing, cryptocurrency scam, SSO compromise ]
Cybernews reported Nordstrom customers received fraudulent emails from an official Nordstrom email address promoting a St. Patricks Day double your crypto scam. Reporting cited a source saying the breach occurred via an Okta SSO to Salesforce compromise, and scam emails were sent using Salesforce Marketing Cloud. Analysis of the scam wallet address indicated the attacker received a little over $5,600 in cryptocurrency.
CareCloud
March 16, 2026
•[ unauthorized access, service disruption, electronic health record ]
An unauthorized third party temporarily accessed part of CareCloud Health and partially disrupted functionality and data access in one electronic health record environment before service was restored the same evening.
Companies House
March 13, 2026
•[ data leak, PII exposure, broken access control ]
Computer Weekly reported Companies House pulled its WebFiling service offline on Friday, March 13, 2026 after a security issue was discovered that exposed certain data to other logged-in users with an authorized code. Companies House said exposed data included dates of birth, residential addresses, and company addresses, and that it may have been possible to perform unauthorized actions such as changing directors or filing accounts. It stressed that credentials and identity verification data (e.g., passport information) were not exposed and that existing filed documents could not be altered. WebFiling was restored by Monday, March 16, and Companies House urged companies to review filings and report anomalies.
Loblaw
March 10, 2026
•[ data breach, unauthorized access, customer information ]
Canadian retailer Loblaw disclosed a data breach after a criminal third party accessed basic customer information. The company said the accessed data included names, email addresses and phone numbers. Loblaw stated its investigation indicated passwords, health information, and credit card data were not compromised, and PC Financial was not impacted. The company did not provide the number of affected customers, the intrusion vector or evidence of ransomware. The confirmed primary effect is unauthorized access to limited customer contact information.
Bitrefill
March 1, 2026
•[ cyberattack, data breach, cryptocurrency theft ]
Bitrefill disclosed that a March 1, 2026 cyberattack originating from a compromised employee laptop enabled attackers to obtain legacy credentials, access a snapshot containing production secrets, and escalate into parts of Bitrefills infrastructure. The attackers accessed parts of the database and some cryptocurrency wallets, leading to theft of funds and misuse of gift card inventory/supply flows. Bitrefill reported exposure of about 18,500 purchase records containing customer email addresses, IP addresses, and cryptocurrency payment addresses; for about 1,000 purchases, customer names were also potentially exposed (stored encrypted, but the attackers may have obtained decryption keys). Bitrefill said it shut down systems to isolate the incident, worked with security experts/on-chain analysts/law enforcement, and assessed the method as consistent with Lazarus/BlueNoroff activity.
Dienst Justitiële Inrichtingen
February 27, 2026
•[ data leak, vulnerability exploit, internal network access ]
Hackers exploited an Ivanti Endpoint Manager Mobile flaw to access the internal network of the Dutch prisons agency and view staff contact details and security certificates; they also gained access to phones, tablets, and laptops.
Mexico City Civil Registry
February 26, 2026
•[ data leak, unauthorized access, exfiltration ]
Attackers gained unauthorized access to Mexican government civil registry databases and exfiltrated sensitive records. Stolen data reportedly includes birth certificate information and national identification numbers from Mexico Citys civil registry.
Monterrey Water Utility
February 26, 2026
•[ unauthorized access, data leak, billing information ]
Attackers gained unauthorized access to Monterreys municipal water utility databases and stole internal and customer records. The exposed data reportedly includes billing and account information linked to utility customers.
Mexico Tax Authority
February 26, 2026
•[ data leak, unauthorized access, government ]
Attackers accessed Mexican tax authority systems and exfiltrated taxpayer information. The compromised data reportedly includes tax records and taxpayer identification details.
National Tax Service Korea
February 26, 2026
•[ data leak, cryptocurrency, seed phrase exposure ]
South Koreas National Tax Service accidentally published a hardware wallet recovery phrase in a press photo announcing seized assets. An unknown attacker used the exposed seed phrase to transfer roughly $4.8 million in cryptocurrency from the wallet.
Centre for Information Technologies of the State (CTIE)
February 26, 2026
•[ malware, data leak, government ]
CTIE detected malware on a system used to manage government mobile-device access and later said an external actor accessed device-holder information and device characteristics. The temporary loss of mobile access to internal state services resulted from CTIE isolating the affected system as a precaution.
MediMap
February 22, 2026
•[ data integrity, unauthorized access, healthcare breach ]
MediMap was taken offline after an unauthorized user altered patient records, including names, ages, living status, and facility assignments, disrupting medication management across New Zealand providers. Some of the records were changed to designate the patient as dead or have them name changed to Charlie Kirk.
