Search Results for "data leak"

Medical Practice of Dr. Richard Swift January 12, 2026 • [ malware, cyberattack, data leak ] DataBreaches reported on a class action lawsuit alleging that a Manhattan plastic surgery practice run by Dr. Richard Swift was compromised by a malware-related cyberattack in 2025 and that sensitive patient information was posted online. The suit alleged that a site hosted outside the U.S. displayed personal identifiers and medical record details for at least 22 patients, and that affected patients only learned about the breach after attackers contacted them directly. DataBreaches noted the same threat actors were linked to attacks on other plastic surgery practices and described a recurring pattern where attackers approached patients with demands in exchange for removing posted information. Public reporting did not confirm whether the practice paid, and the article noted the leak site later appeared offline.

At least one organization in Mexico January 12, 2026 • [ data leak, leak portals, cybercrime ] During 2025, the data of 74 Mexican organizations was exposed on leak portals used by criminal groups, a figure that doubles the 37 cases registered in 2024

Target January 12, 2026 • [ data leak, source code theft, internal documentation ] BleepingComputer reported that multiple current and former Target employees confirmed that source code and documentation posted online by a threat actor match real internal systems. Employees cited internal system names, platform references, and CI/CD tooling elements in the leaked sample that aligned with Targets development environment, and an internal communication referenced an accelerated security change restricting access to Targets Enterprise Git server shortly after the outlet contacted the company. The incident as described involves alleged theft and publication of internal repositories and development documentation rather than an outage or consumer-facing service disruption.

Congressional Staff email platform January 11, 2026 • [ cyber intrusion, state-backed hacking, email compromise ] TechStory reported that a cyber intrusion linked to the China-associated group known as Salt Typhoon compromised email systems used by staff supporting multiple powerful U.S. House committees (including foreign affairs, intelligence, and defense-related panels). The report said the intrusions were detected in December 2025, but investigators were still determining how long access persisted, what data was viewed or extracted, and whether any lawmakers personal accounts were affected. U.S. agencies and House offices were described as offering limited public comment while investigations continued, and China was reported as denying allegations of state-backed hacking.

American Vanguard January 10, 2026 • [ data leak, data exfiltration, unauthorized access ] The Osiris threat group gained unauthorized access to American Vanguard systems in early January 2026 and exfiltrated corporate and financial data. Security reporting and attacker leak listings indicate data theft, though no explicit confirmation of file encryption was reported. Operational impacts appear linked to incident response and remediation activities.

Eurail January 10, 2026 • [ security breach, data leak, unauthorized access ] Eurail B.V. (also operating as Interrail) confirmed a security breach that resulted in unauthorized access to customer data. Eurail/Interrail publicly posted notice on January 10, 2026 and began emailing affected customers on January 13, 2026, with the investigation described as ongoing. The companys early review stated that impacted data may include customer order and reservation information along with basic identity and contact details. Where provided, it may also include passport information such as passport number, country of issuance, and expiry date, particularly for customers who received passes through the DiscoverEU program. The report also referenced exposure of bank details and advised customers to remain vigilant for fraud attempts while Eurail monitored for misuse and notified data protection authorities.

Nissan Motor Corporation (Nissan Motor Co., Ltd.) January 10, 2026 • [ ransomware, data leak, extortion ] HackRead reported that the Everest ransomware group claimed it breached Nissan Motor Corporation and stole about 900GB of internal data. The article said the group posted the allegation on its leak site on January 10, 2026 and shared screenshots and directory listings suggesting access to internal operational documents, data extracts, and dealership-related records. Everest reportedly threatened to publish the data if Nissan did not respond within a set timeframe. Nissan had not publicly confirmed the claim at the time of reporting.

Betterment January 9, 2026 • [ social engineering, phishing, data leak ] In January 2026, the automated investment platform Betterment confirmed it had suffered a data breach attributed to a social engineering attack. As part of the incident, Betterment customers received fraudulent crypto-related messages promising high returns if funds were sent to an attacker-controlled cryptocurrency wallet. The breach exposed 1.4M unique email addresses, along with names and geographic location data. A subset of records also included dates of birth, phone numbers, and physical addresses. In its disclosure notice, Betterment stated that the incident did not provide attackers with access to customer accounts and did not expose passwords or other login credentials.

Betterment January 9, 2026 • [ social engineering, data leak, phishing ] TechCrunch reported that Betterment confirmed hackers accessed some of its systems on January 9, 2026 through a social engineering attack involving third-party platforms used for marketing and operations. Betterment said the attackers accessed customer personal information including names, email and postal addresses, phone numbers, and dates of birth, and used that access to send fraudulent scam notifications to users. The company said it detected and revoked unauthorized access the same day, launched an investigation with external help, and stated its ongoing investigation indicated no customer accounts were accessed and no passwords or login credentials were compromised. Betterment did not disclose how many customers were affected.

Free Speech Union (FSU) January 9, 2026 • [ data leak, hacktivism, donor exposure ] Cybernews reported that the UK-based Free Speech Union (FSU) was hacked by trans activists and that the names of people who donated 50 or more were publicly listed online. The dataset was made available via Distributed Denial of Secrets (DDoSecrets). The article frames the attack as politically motivated (protest/ideological retaliation) and describes the outcome as exposure of supporter identities; it does not confirm the full set of leaked fields beyond donor names and the donation-threshold context, nor does it describe service disruption at the organization.

Cressi January 8, 2026 • [ ransomware, data leak, leak site ] Cybernews reported that the ransomware group Qilin claimed responsibility for an attack on Cressi, an Italian diving equipment manufacturer, by posting a ransom entry on its leak site on January 8, 2026. The report notes that at that stage it was unclear what data (if any) had been accessed or exfiltrated and that the group had not published data samples or set a countdown timer. As reported, the main confirmed indicator is the groups claim and listing on the leak site; independent confirmation of encryption, downtime, or data theft was not provided in the article.

Instagram January 7, 2026 • [ data leak, scraping ] In January 2026, data allegedly scraped via an Instagram API was posted to a popular hacking forum. The dataset contained 17M rows of public Instagram information, including usernames, display names, account IDs, and in some cases, geolocation data. Of these records, 6.2M included an associated email address, and some also contained a phone number. The scraped data appears to be unrelated to password reset requests initiated on the platform, despite coinciding in timeframe. There is no evidence that passwords or other sensitive data were compromised.

Panera Bread January 7, 2026 • [ ransomware, data leak ] In January 2026, Panera Bread suffered a data breach that exposed 14M records. After an attempted extortion failed, the attackers published the data publicly, which included 5.1M unique email addresses along with associated account information such as names, phone numbers and physical addresses. Panera Bread subsequently confirmed that "the data involved is contact information" and that authorities were notified.

Iberia Airlines January 7, 2026 • [ infostealer, malware, credential theft ] TechRadar and HackRead summarized Hudson Rock research describing a campaign in which an actor using the alias Zestix (aka Sentap) leveraged credentials harvested by infostealer malware (e.g., RedLine, Lumma, Vidar) to access corporate cloud instances where multi-factor authentication was not enforced. Reporting stated the attacker obtained and attempted to auction or sell large volumes of sensitive corporate files from roughly 50 enterprises worldwide, with at least one victim reportedly losing on the order of 139GB of data. Specific victim impacts vary by organization, and the timing of initial credential theft was not fully specified.

CRRC MA January 7, 2026 • [ credential theft, information-stealer malware, initial access broker ] Reporting summarizing Hudson Rock research described an initial access broker believed to be an Iranian national operating under the aliases Zestix and Sentap who repeatedly accessed enterprise file repositories using credentials harvested by information-stealer malware (including RedLine, Lumma, and Vidar). Instead of exploiting a single company-specific vulnerability, the actor leveraged stolen usernames/passwords (some sitting in logs for years) to log into cloud/file-transfer environments lacking multi-factor authentication. The actor was described as exfiltrating large volumes of sensitive corporate data (examples referenced include aviation safety manuals, energy/utility mapping and infrastructure files, and medical/police-related records), then auctioning datasets or selling access on closed forums. Because the article describes a cross-victim pattern/campaign rather than one named-victim incident, this record is coded at the campaign level for a single-actor series of breaches.

NMCV Business LLC January 6, 2026 • [ information-stealer malware, initial access broker, credential harvesting ] SecurityWeek summarized Hudson Rock findings that dozens of major breaches were tied to a single initial access broker using credentials harvested by information-stealer malware (RedLine, Lumma, Vidar). The actor (Zestix/Sentap) was described as using stolen employee credentials to access enterprise file-transfer or file-sharing instances (ShareFile, OwnCloud, Nextcloud), with the lack of MFA being the key enabling control failure. The reporting characterized the actor as both stealing data and monetizing it by selling datasets and/or selling access on closed Russian-language forums, with victim organizations spanning aerospace, government infrastructure, legal, robotics, healthcare and other sectors.

Australian NBN January 6, 2026 • [ Initial Access Broker, Information-stealer malware, RedLine ] SecurityWeek summarized Hudson Rock findings that dozens of major breaches were tied to a single initial access broker using credentials harvested by information-stealer malware (RedLine, Lumma, Vidar). The actor (Zestix/Sentap) was described as using stolen employee credentials to access enterprise file-transfer or file-sharing instances (ShareFile, OwnCloud, Nextcloud), with the lack of MFA being the key enabling control failure. The reporting characterized the actor as both stealing data and monetizing it by selling datasets and/or selling access on closed Russian-language forums, with victim organizations spanning aerospace, government infrastructure, legal, robotics, healthcare and other sectors. Because the report is multi-victim and campaign-focused rather than a single victims disclosure, this record is captured as a single-actor campaign entry.

UrbanX.io January 6, 2026 • [ data leak, initial access broker, information-stealer malware ] SecurityWeek reported that Hudson Rock linked dozens of major breaches to a single initial access broker operating under the aliases Zestix and Sentap. The actor is described as using credentials harvested via information-stealer malware (including RedLine, Lumma, and Vidar) from infected employee devices to log into enterprise file-transfer/file-sharing environments such as ShareFile, OwnCloud, and Nextcloud when MFA was missing. After gaining access, the actor allegedly exfiltrated sensitive corporate data and monetized it by selling datasets or access on closed Russian-language forums, with victim organizations spanning sectors such as aerospace, government infrastructure, legal services, and robotics.

Netstar Australia January 5, 2026 • [ ransomware, data leak, financial data ] Netstar Australia, a Melbourne-based telematics and GPS fleet tracking provider, was named on a ransomware leak site in December 2025 by the Black Shrantac ransomware group. The threat actors alleged they compromised Netstars systems and stole customer, financial, and database information, claiming roughly 800GB of data and posting sample files said to include internal records related to staff, tax, equipment, and customers. Public reporting noted that Netstar had not provided a detailed public statement confirming the claims at the time of publication.

Bolttech January 5, 2026 • [ ransomware, data leak, extortion ] Cybernews reported that the Everest ransomware group claimed to have stolen about 186GB of data from Bolttech (a global insurance infrastructure platform) and demanded ransom. The group claimed the dataset includes employee/agent account details (emails, names, roles, identifiers), customer information and contact details, policy data, mortgage-related records, insured property addresses, and financial parameters/identifiers. The group posted samples and a countdown timer on its leak site, threatening to publish the data if Bolttech did not respond. The article notes the claim was based on the leak-site post and that confirmation from Bolttech was being sought.

Search Results (data leak)