Multiple organizations with exposed MongoDB databases
January 30, 2026
•[ MongoDB, data breach, ransomware ]
A threat actor actively accessed, queried, and ransacked more than 1400 publicly exposed MongoDB application servers, exfiltrating data and leaving ransom notes demanding payment in exchange for deletion or non-disclosure of the stolen information.
Valtori (Finnish Government ICT Centre) mobile device management service
January 30, 2026
•[ data breach, mobile device management, zero-day vulnerability ]
Valtori reported a data breach identified on January 30, 2026 in the mobile device management service it provides to Finlands government shared ICT services. Valtori said the attacker accessed information used to operate the service, including names, work email addresses, phone numbers, and device details, and that investigation later found the scope could involve a substantially larger number of users (about 50,000). Valtori stated no data stored directly on mobile devices was compromised. The root cause was described as exploitation of a zero-day vulnerability in a commercial mobile management product, compounded by the systems failure to permanently delete historical data.
CarMax
January 24, 2026
•[ data breach, extortion, data leak ]
In January 2026, data allegedly sourced from US automotive retailer CarMax was published online following a failed extortion attempt. The data included 431k unique email addresses along with names, phone numbers and physical addresses.
PcComponentes
January 22, 2026
•[ data breach, investigation, customer data ]
TechRadar reported that the PC-components retailer PcComponentes was looking into online claims of a breach while the company denied that a confirmed customer data breach had occurred. The article focused on the investigation and the companys public position. In the accessible page text used here, there was no definitive disclosure of an attacker, a verified data set, or a confirmed number of affected customers, so the impact to customer data is coded as undetermined.
Kyowon Group
January 14, 2026
•[ ransomware, service outage, data exfiltration ]
Kyowon Group, a large South Korean conglomerate with major education/publishing and digital services operations, confirmed a ransomware incident after initially describing a suspected attack that caused service outages. In a follow-up update, the company stated the incident occurred in January around 10 a.m. and that an attacker exfiltrated data from its systems. Reporting cited Korean media indicating the event may have impacted a substantial portion of Kyowons infrastructure (roughly 600 of 800 servers) and that there are millions of registered accounts, though Kyowon said it was still determining whether stolen data included customer information. The company said it notified relevant authorities (including KISA), engaged security experts, and worked to restore services while conducting a detailed investigation into scope and data exposure.
Victorian Government Schools
January 14, 2026
•[ unauthorized access, data breach, student information ]
The Department of Education in Victoria, Australia notified parents that an unauthorized third party accessed a database holding student account information. According to disclosure reporting, attackers accessed current and former students personal and school-related fields including names, school names, year levels, school-issued email addresses, and encrypted passwords associated with those accounts. The department stated that more sensitive details such as birth dates, home addresses, and phone numbers were not exposed. Authorities and cyber experts were involved, and the department reset student passwords as a precaution, temporarily restricting access until new credentials were issued. At the time of reporting, investigators had not found evidence that the accessed data had been publicly released or shared onward.
Choice Hotels International
January 14, 2026
•[ social engineering, unauthorized access, PII leak ]
An unauthorized person used social engineering to gain access to a Choice Hotels application containing records on franchisees and franchise applicants, exposing names and Social Security numbers.
Town of La Hague
January 13, 2026
•[ intrusion, email compromise, unauthorized access ]
The municipality of La Hague (France) announced it was the victim of an intrusion into its information system that impacted internal email accounts. Upon learning of the incident, the commune reported immediate actions including changing passwords for affected and administrator accounts, temporarily suspending email sending for impacted users, notifying relevant authorities (including ANSSI, CERT-FR, DINUM, CNIL, and local digital authorities), informing partners, and filing a formal complaint with the gendarmerie. Specialized law enforcement units began investigating the incident and its consequences while technical teams and service providers conducted parallel analysis. The announcement emphasized heightened vigilance against suspicious links/attachments and stated the municipality was working to restore system security.
Endesa
January 13, 2026
•[ data breach, unauthorized access, data exfiltration ]
SecurityWeek reported that Spanish energy company Endesa notified customers about a data breach involving unauthorized access to its commercial platform, also impacting customers of its gas distributor Energia XXI. Endesa stated that attackers accessed and likely exfiltrated basic customer identification information, contact details, national identification numbers (DNI), contract information, and payment details including IBANs. The company said passwords were not compromised and that the incident was contained quickly, with additional safeguards implemented and notifications sent to affected customers.
Langley Twigg Law
January 11, 2026
•[ cyberattack, data breach, malware ]
Langley Twigg Law (Napier, New Zealand) stated it was hit by a cyberattack on January 11, 2026. The firm said digital forensics and cyber specialists confirmed a malicious third-party launched a virus on its IT network, which was not protected by its cybersecurity software at the time. The firm reported the attacker extracted a portion of data from its file server containing internal operational information and some client documents. Langley Twigg said it disconnected its network from the internet, notified the Privacy Commissioner and police, and was working to determine exactly what information was affected before contacting impacted clients.
Metro Pet Vet
January 7, 2026
•[ ransomware, data breach, technical difficulties ]
A Lancaster County veterinary practice (Metro Pet Vet) reported it was hit by a ransomware attack after several days of technical issues. The office said Monday and Tuesday it experienced major technical difficulties, including its router stopping, and by Wednesday morning ransomware was detected and the practice lost access to its server. Staff reported they could not access pet vaccine and medication histories and had to operate like 40 years ago using paper while continuing to treat animals and relying on an app for scheduling. The practice stated no credit card or Social Security information was stored on the affected server, but client phone numbers and addresses were stored there, and it expected recovery work to continue into the following week.
Brightspeed
January 5, 2026
•[ cybersecurity event, extortion, data breach ]
Brightspeed said it is investigating reports of a cybersecurity event after the Crimson Collective extortion group claimed it breached the company and stole personal data tied to more than one million residential customers. Reporting described the attackers claimed dataset as including names, emails, phone numbers, postal addresses, user account information linked to session or user IDs, payment history, partial payment card information, and appointment or order records containing customer information. Brightspeed publicly stated it takes security seriously and is investigating the reports and would keep customers, employees, and authorities informed as it learns more.
LawPavilion
January 1, 2026
•[ data breach, unauthorized access, data leak ]
Unauthorized actors accessed systems associated with the Nigerian legal technology platform LawPavilion and exposed a database containing user account information affecting approximately 63,000 users, with no reported operational disruption.
ManoMano
January 1, 2026
•[ data breach, third-party compromise, PII ]
ManoMano disclosed that hackers compromised a third-party customer service provider in January 2026 and unlawfully extracted customer account-related personal data and customer service interaction data affecting 38 million individuals.
WhiteDate
December 29, 2025
•[ data breach, data leak, personal information ]
In December 2025, the dating website "for a Europid vision" WhiteDate suffered a data breach that was subsequently leaked online, initially exposing 6.1k unique email addresses. The leaked data included extensive personal information such as physical appearance, income, education and IQ. A more comprehensive dataset was later provided to HIBP, containing usernames, IP addresses, private messages, phpBB password hashes and a total of 20k unique email addresses.
Romanian Waters (Administrația Națională Apele Române)
December 20, 2025
•[ ransomware, IT disruption, critical infrastructure ]
Romanias national water authority, Romanian Waters, suffered a ransomware incident that began on December 20, 2025 and disrupted IT services across the organization. Romanias National Cyber Security Directorate (DNSC) reported the event affected approximately 1,000 computer systems, including workstations, email services, and web servers, and spread from the main office to 10 of 11 regional river management branches. The disruption took down key digital tools such as domain services and GIS mapping, and the agencys public website remained offline while updates were shared through other channels. Authorities stated that operational technology supporting dams and flood defenses remained safe and that field staff continued critical functions manually.
APOIA.se
December 16, 2025
•[ data breach, data leak, PII exposure ]
In December 2025, a database of the Brazilian crowdfunding platform APOIA.se was posted to an online forum. In January 2026, the company confirmed it had suffered a data breach. The incident exposed 451k unique email addresses along with names and physical addresses.
Apex Spine and Neurosurgery
December 9, 2025
•[ unauthorized access, malware, ransomware ]
An unauthorized actor accessed part of Apex Spine and Neurosurgerys computer network, copied files, and deployed malware that locked files on computer systems. The practice said the incident affected 2,500 individuals.
Undisclosed Canon U.S.A. subsidiary
November 25, 2025
•[ vulnerability exploit, data breach ]
A Canon U.S.A. subsidiary was compromised in the Oracle EBS hacking campaign, where attackers exploited an application server vulnerability. Canon reported that the incident was limited to a single web server and that no Canon data had been leaked as of the latest update.
