Search Results for "data leak"

University of Nottingham June 9, 2026 • [ cyber attack, extortion, data leak ] In June 2026, the University of Nottingham was the target of a cyber attack, later linked to a ShinyHunters "pay or leak" extortion campaign. Tens of gigabytes of data were subsequently published online and included 455k unique email addresses along with extensive personal information including names, addresses, phone numbers, ethnicities, disabilities, passport numbers and information relating to academic enrolments and fee payments. In a post about the incident, the university advised that the breach affected both "current students, and alumni".

Atlas Menu May 30, 2026 • [ data breach, gaming, data leak ] In May 2026, the GTA V and CS2 cheat service Atlas Menu suffered a data breach. An attacker claimed to have gained access to all Atlas systems and published the service's database to a public GitHub repository. The incident exposed 64k unique email addresses along with usernames, IP addresses, support tickets and passwords stored as bcrypt hashes.

BCD Travel May 29, 2026 • [ extortion, data leak, data theft ] In May 2026, the corporate travel management company BCD Travel was claimed as a victim of the ShinyHunters "pay or leak" extortion campaign. Data allegedly obtained from BCD was subsequently published publicly in early June and contained 396k unique email addresses. Other exposed data included names, addresses, phone numbers, job titles and employer names, spanning a variety of different data sets including leads, internal staff and support tickets.

MyPillow May 25, 2026 • [ ransomware, data leak, financial data ] Play claimed it breached MyPillow and stole private company, employee, financial, and client documents. After CEO Mike Lindell denied the breach, the group published approximately 9.8GB of internal files, reportedly including payroll records, tax forms, bank statements, audit files, and client invoices.

Charter May 23, 2026 • [ extortion, data leak, ShinyHunters ] In May 2026, the telecommunications company Charter Communications (the parent company behind the consumer broadband and cable brand Spectrum) was named by the ShinyHunters group in a "pay or leak" extortion campaign. The group later published the data, which exposed 4.9M unique email addresses along with names, phone numbers and physical addresses. A subset of approximately 85k records originating from an internal employee directory also included job titles. Charter confirmed the incident, but stated that no sensitive personal information or customer proprietary network information (CPNI) was exfiltrated.

DentaQuest May 23, 2026 • [ data leak, extortion, healthcare ] In May 2026, the dental benefits administrator DentaQuest was the target of a ShinyHunters "pay or leak" extortion campaign that resulted in the group publicly publishing hundreds of gigabytes of data allegedly obtained from the company. The data included 2.6M unique email addresses along with names, addresses and phone numbers. Much of the data appeared in healthcare enrollment files (ASC X12 transaction sets) with some containing Medicaid IDs, while additional data appeared in member records and related files. DentaQuest acknowledged "a cybersecurity incident involving unauthorized access to a limited portion of our network", and advised they had contained the attack and mitigated the threat.

Baker Distributing May 23, 2026 • [ data extortion, data leak, ShinyHunters ] In May 2026, the HVAC/R wholesale distributor Baker Distributing Company was added to the ShinyHunters data extortion group's "pay or leak" site. In early June, the group publicly published data they claimed had been obtained from Baker's SharePoint and Salesforce infrastructure including 103k unique email addresses along with names, physical addresses, phone numbers and tickets relating to the company's HVAC contractor customer base. The exposed data was largely corporate contact and support information with limited sensitivity.

Kinsmen Foundation May 22, 2026 • [ unauthorized access, data leak, contact information ] The Kinsmen Foundation, which runs Saskatchewan's TeleMiracle fundraiser, disclosed unauthorized access to certain applications on its systems. The incident was contained, regular operations and services were not affected, and the foundation said contact information and email addresses may have been exposed. The foundation notified law enforcement, engaged third-party experts, and said impacted donors would be contacted through Cyberscout.

Koa Glass Co., Ltd. May 17, 2026 • [ ransomware, cyberattack, encryption ] Koa Glass Co., Ltd., a Japanese glass-container manufacturer, publicly reported on May 26, 2026 that some of its internal servers had been encrypted after a third-party ransomware cyberattack. The company said it was working with outside specialists to determine the cause, scope, and recovery path, and that it had not confirmed external data leakage at the time of disclosure. Public Japanese security reporting linked the confirmed incident to a The Gentlemen leak-site claim.

Advanced Diagnostic Imaging, P.C. d/b/a AdvancedHEALTH May 16, 2026 • [ data leak, ransomware, healthcare ] DragonForce listed AdvancedHEALTH on its leak site on May 16, 2026 and claimed to have stolen 390 GB of data, including 2.3 million lines of patient data, partner agreements, management, payroll, and HR files. Public reporting noted that AdvancedHEALTH had not confirmed the full scope of DragonForce's claim.

Raise the Bottom May 15, 2026 • [ substance use disorder treatment, addiction recovery, behavioral health services ] Raise the Bottom, an Idaho substance use disorder treatment organization, was listed in a breach involving 57,507 indexed rows. DataBreach identified exposed names, email addresses, and phone numbers; BreachSense attributed the breach to CMD and described Raise the Bottom as an Idaho-based addiction recovery, counseling, and behavioral health services provider.

WholeHealth Chicago May 15, 2026 • [ data leak, PII, cyberattack ] Cmdorganization claimed responsibility for a cyberattack against WholeHealth Chicago on May 15, 2026. DataBreach later indexed 36,409 rows allegedly tied to the breach, including dates of birth, email addresses, phone numbers, and names. Public sources did not confirm file encryption, operational disruption, or a precise intrusion vector.

Sistema Bancario Softbank May 11, 2026 • [ data leak, source code exposure, dark web ] Sistema Bancario Softbank was listed among the most severe Panamanian incidents in a Vecert Analyzer intelligence report cited by La Estrella de Panam. The incident was dated May 11, 2026 and described as compromising corporate and financial structures, with exposed data appearing in dark-web forums. Outside OSINT reporting attributed the leak to V0lt4r0x and referenced alleged source-code exposure for a Softbank banking system used in Latin America, but public reporting did not confirm the specific intrusion vector, encryption, data destruction, or operational disruption.

Škoda Auto May 11, 2026 • [ data leak, vulnerability exploitation, unauthorized access ] Attackers exploited a vulnerability in koda Auto's online shop software and gained temporary unauthorized access to the shop system. koda said customer names, addresses, contact details, order details, account information, and password hashes may have been accessed, but credit card data was not stored in the system. The company took the online shop offline for containment, patched the vulnerability, reviewed security controls, notified authorities, and retained external forensic experts; the specific threat actor was not identified.

Cushman & Wakefield May 5, 2026 • [ vishing, extortion, data leak ] In May 2026, the real estate services firm Cushman & Wakefield was the target of a "pay or leak" extortion campaign by the ShinyHunters group. Following the threat, the group publicly published data they alleged had been obtained from the firm, consisting mostly of C&W email addresses along with tens of thousands of external email addresses and corporate contact records. The exposed data was primarily business information, including names, job titles, company addresses and phone numbers.

Braintrust May 4, 2026 • [ unauthorized access, API keys, cloud security ] Braintrust confirmed unauthorized access to an internal AWS account on May 4, 2026 that likely exposed customer org-level AI-provider API keys used to access cloud-based AI models. Braintrust locked down the compromised account, audited and restricted related systems, rotated internal secrets, and instructed customers to rotate affected keys.

Oriental Diamond Co., Ltd. May 4, 2026 • [ ransomware, cyberattack, data leak ] Oriental Diamond Co., Ltd. confirmed that on May 4, 2026 a third party used ransomware in a cyberattack against a company-managed server, encrypting system data and causing business stoppage. The company reported possible leakage of names, addresses, and phone numbers, said bank account, credit card, and My Number information were not included, and stated that it would stop using the VPN path identified as the intrusion route. Public Japanese security reporting linked the confirmed incident to a The Gentlemen leak-site claim.

Red Radimagen May 3, 2026 • [ data leak, health-sector, medical records ] Red Radimagen was listed among the Panamanian health-sector entities directly affected by data exposure in a Vecert Analyzer intelligence report cited by La Estrella de Panam. The incident was dated May 3, 2026. Outside OSINT reporting attributed the Radimagen leak to ohmydays, linked the actor to Waxx Org., and referenced exposed medical or patient-related records from an unsecured server, but public reporting did not confirm encryption, data destruction, or operational disruption.

Cushman & Wakefield May 3, 2026 • [ vishing, PII, data leak ] Cushman & Wakefield confirmed a vishing-related security breach in May 2026 after ShinyHunters and Qilin separately listed the company. ShinyHunters claimed theft of more than 500,000 Salesforce records containing PII and internal corporate data and later reportedly published a 50GB Salesforce-linked dataset after negotiations failed. DataBreach indexed 2,198,033 rows associated with the breach. Public sources did not confirm encryption or operational disruption.

Standard-Examiner May 2, 2026 • [ ransomware, data leak, cyberattack ] Qilin listed Standard-Examiner on its leak site on May 2, 2026 and claimed responsibility for a cyberattack, threatening to release sensitive data. Separate reporting noted earlier April production difficulties at the newspaper, but the Standard-Examiner had not publicly confirmed ransomware, data theft, or a connection between the printing disruption and Qilin's claim.

Search Results (data leak)