Full List

Search

Search Results (data leak)

• McGraw Hill April 10, 2026 • [ data breach, extortion, misconfiguration ] In April 2026, education company McGraw Hill confirmed a data breach following an extortion attempt. Attributed to a Salesforce misconfiguration, the company stated the incident exposed "a limited set of data from a webpage hosted by Salesforce on its platform". More than 100GB of data was later publicly distributed, containing 13.5M unique email addresses across multiple files, with additional fields such as name, physical address and phone number appearing inconsistently across some records.
• Synergy France April 8, 2026 • [ ransomware, data leak, cyberattack ] The Gentlemen ransomware group claimed responsibility for a cyberattack against Synergy France on April 8, 2026 and threatened to publish sensitive data unless the company contacted the group. ComputerWeekly later described The Gentlemen as an emerging ransomware player responsible for a large volume of attacks in 2026.
• City of Ardmore April 8, 2026 • [ ransomware, phishing, data leak ] On April 8, 2026, ransomware encrypted Ardmore police/internal servers after a phishing email; the incident was contained within hours, and information tied to criminal complaints and investigations, including names, addresses, and phone numbers, may have been exposed.
• 7-Eleven April 8, 2026 • [ unauthorized access, data leak, ransom ] 7-Eleven discovered on April 8, 2026 that an unauthorized third party accessed systems used to store franchisee documents. ShinyHunters claimed responsibility, claimed theft of more than 600,000 Salesforce records, and leaked a 9.4 GB archive after ransom demands were not met; Have I Been Pwned identified 185,300 exposed individuals in the leaked data.
• Rx Management April 8, 2026 • [ ransomware, data leak, healthcare ] INC Ransom listed Australian pharmacy management firm Rx Management on its leak site on April 8, 2026 and threatened to publish more than 180 GB of allegedly stolen data; the data types and full extent were not publicly verified.
• Pitney Bowes April 8, 2026 • [ phishing, extortion, data leak ] Pitney Bowes identified unauthorized access to certain records in its Salesforce customer relationship management environment on April 9, 2026, after a phishing attack compromised an employee email account the previous night. ShinyHunters claimed to have obtained Pitney Bowes data as part of a broader extortion campaign and later released data containing 8.2 million unique email addresses, names, phone numbers, physical addresses, and some employee job-title records. Irish reporting separately confirmed that 137 Revenue Commissioners employees were affected through the Pitney Bowes supplier breach, with professional contact details exposed but no Revenue passwords or taxpayer data stolen.
• 7-Eleven April 8, 2026 • [ extortion, data leak, ShinyHunters ] In April 2026, 7-Eleven was the victim of a "pay or leak" extortion campaign by ShinyHunters, with the data later published that month. The incident exposed 185k unique email addresses, along with names, physical addresses, dates of birth and phone numbers. A small number of records also contained additional exposed data fields. The company later advised the breach was limited to "certain 7-Eleven systems used to store franchisee documents", a statement consistent with the exposed data.
• Dígitro Tecnologia April 8, 2026 • [ database leak, source code leak, internal files ] CTIR Gov warned that databases, source-code repositories, and internal files from Dgitro Tecnologia were published by DDoSecrets.
• Winona County April 6, 2026 • [ ransomware, data leak, government ] Winona County, Minnesota experienced a ransomware attack that began April 6, 2026 and was discovered April 7. Officials took affected systems offline, declared a local emergency, requested Minnesota National Guard assistance, and notified the FBI. Later reporting confirmed cybercriminals released information taken from the county network; emergency services and 911 remained operational, while vital statistics and DMV systems were among those impacted.
• The McLamb Group, Inc. April 6, 2026 • [ data leak, PII, Social Security numbers ] PEAR claimed The McLamb Group, Inc. on its leak site with an estimated attack date of April 6, 2026. DataBreach indexed 124,203 rows and listed exposed fields including Social Security numbers, dates of birth, email addresses, phone numbers, names, and street addresses. Public reporting did not confirm encryption, data destruction, attacker-caused operational disruption, or the exact intrusion vector.
• Shine Aviation April 4, 2026 • [ data leak, employee credentials, employee records ] Anubis claimed on April 4, 2026 that it obtained 57 GB, or more than 68,000 files, from Geraldton-based Shine Aviation, including alleged employee credentials and records, access-card scans, operational documentation, and aircraft-related certificates; the claim was not independently verified.
• Hong Kong Hospital Authority (Kowloon East Cluster) April 3, 2026 • [ data leak, unauthorized retrieval, patient data ] The Hospital Authority detected unauthorized retrieval and leakage of patient data from the Kowloon East Cluster on April 3, 2026, affecting more than 56,000 patients; internal checks did not indicate a cyberattack, and police and privacy regulators were notified.
• Amtrak April 3, 2026 • [ data leak, ransomware, ShinyHunters ] In April 2026, the hacking group ShinyHunters claimed they had breached Amtrak. The group typically compromises organisations' Salesforce instances before demanding a ransom and later, if not paid, dumping the data publicly. The exposed data contained over 2M unique email addresses along with names, physical addresses and customer support records.
• SongTrivia2 April 2, 2026 • [ data breach, data leak, password hashes ] In April 2026, the music trivia platform SongTrivia2 suffered a data breach that was subsequently published to a public hacking forum. The data contained a total of 291k unique email addresses sourced from either Google OAuth logins or accounts created on the site, the latter also containing bcrypt password hashes. The data also included names, usernames and avatars.
• Charter Communications, Inc. April 1, 2026 • [ vishing, data leak, employee records ] ShinyHunters claimed it breached Charter Communications on April 1, 2026 through a vishing attack that compromised an employee Microsoft Entra account and enabled access to Charter's Salesforce instance. BleepingComputer and Have I Been Pwned reported that the later published dataset exposed 4.9 million unique email addresses/accounts, along with names, phone numbers, and physical addresses; a subset of approximately 85,000 internal employee-directory records also included job titles. Public reporting did not confirm encryption, data destruction, or operational disruption.
• Hallmark March 31, 2026 • [ data leak, extortion, support tickets ] In March 2026, Hallmark suffered an alleged breach and subsequent extortion after attackers gained access to data stored within Salesforce. The data was later published after the extortion deadline passed, exposing 1.7M unique email addresses across both Hallmark and the Hallmark+ streaming service, along with names, phone numbers, physical addresses and support tickets.
• Parque Eólico Toabré March 31, 2026 • [ cyberattack, data leak, ransomware ] Everest claimed responsibility for a cyberattack against Parque Elico Toabr on March 31, 2026 and threatened to release sensitive data. La Estrella de Panam later listed Parque Elico Toabr among Panamanian technology incidents dated May 9, 2026, and other dark-web monitoring reported an alleged 175GB database leak. Public reporting did not confirm encryption, data destruction, operational disruption, or compromise of wind-farm control systems.
• Eholo Health March 30, 2026 • [ data leak, vulnerability exploitation, medical records ] XP95 claimed it stole 165 GB of data from Eholo Health, including more than 1.1 million medical notes and personal information tied to 601,308 users, after exploiting a vulnerability in the company's systems.
• Caja de Seguro Social (CSS) March 27, 2026 • [ unauthorized intrusion, data leak, medical records ] Caja de Seguro Social (CSS), Panama's public social security and healthcare institution, reported a possible unauthorized intrusion on March 27, 2026 while stating that web services remained operational. The Gentlemen later claimed responsibility for the hack and alleged publication or sale of 3 TB of data, including medical histories, pension records, loan documents, signatures, phone numbers, and radiology files, with the group claiming the medical and pension databases covered 80% of Panama's population.
• ZenBusiness March 27, 2026 • [ data breach, extortion, ransomware ] In March 2026, the hacker and extortion group "ShinyHunters" claimed to have obtained a substantial corpus of data from ZenBusiness, a business formation and compliance platform. The group claimed the data had been exfiltrated from platforms including Snowflake, Mixpanel and Salesforce, and threatened to publish it if a ransom was not paid. The following month, after claiming payment had not been made, ShinyHunters publicly released the data. The collection amounted to many terabytes across thousands of files that appeared to originate from multiple systems and business functions, including leads, support records and other CRM-related data. The data contained approximately 5M unique email addresses, often accompanied by name and phone number depending on the source file.