Full List

Search

Search Results (data theft)

• BCD Travel May 29, 2026 • [ extortion, data leak, data theft ] In May 2026, the corporate travel management company BCD Travel was claimed as a victim of the ShinyHunters "pay or leak" extortion campaign. Data allegedly obtained from BCD was subsequently published publicly in early June and contained 396k unique email addresses. Other exposed data included names, addresses, phone numbers, job titles and employer names, spanning a variety of different data sets including leads, internal staff and support tickets.
• Presidential Office of the Republic of North Macedonia May 21, 2026 • [ insider threat, espionage, data theft ] An unnamed IT administrator in the Presidential Office of the Republic of North Macedonia was reportedly suspected of copying, decrypting, encrypting, and storing confidential state data from presidential administration computer systems, with allegations that the material may have been intended for a foreign intelligence service. Public reporting did not name the administrator, identify the foreign service, quantify the data, or confirm operational disruption.
• Foxconn North American operations May 11, 2026 • [ cyberattack, data theft, operational disruption ] Nitrogen claimed responsibility for a cyberattack against Foxconn and alleged theft of roughly 8TB of data spanning more than 11 million files. Foxconn confirmed that some North American factories suffered a cyberattack and said affected factories were resuming normal production. Public reporting supports operational disruption and alleged large-scale data theft, but does not confirm file encryption, data destruction, or the specific disruption mechanism.
• Standard-Examiner May 2, 2026 • [ ransomware, data leak, cyberattack ] Qilin listed Standard-Examiner on its leak site on May 2, 2026 and claimed responsibility for a cyberattack, threatening to release sensitive data. Separate reporting noted earlier April production difficulties at the newspaper, but the Standard-Examiner had not publicly confirmed ransomware, data theft, or a connection between the printing disruption and Qilin's claim.
• At least one Claude Code user April 30, 2026 • [ malware, fake installer, credential harvesting ] A fake Claude Code installer campaign likely affected many users searching for Anthropic's Claude Code tool, though public reporting did not identify specific victims or quantify the total number infected. The campaign delivered a PowerShell payload that extracted decrypted cookies, saved passwords, and payment data from Chromium-based browsers on infected machines. Public reporting did not identify the specific actor, country, volume of stolen data, or any operational disruption.
• Groupe 3R (Réseau Radiologique Romand) April 30, 2026 • [ ransomware, data theft, healthcare ] On April 30, 2026, Groupe 3R (Rseau Radiologique Romand) was hit by a ransomware attack that reduced system availability and caused some patient examinations to be rescheduled. The incident was reported to the Swiss Federal Cybersecurity Office and a criminal complaint was filed. Akira later claimed responsibility and alleged theft of 48 GB of data, including patient information, employee identification documents, payment details, and corporate records.
• Seiko USA April 18, 2026 • [ defacement, ransomware, data theft ] The Seiko USA websites Press Lounge section was defaced with a ransom message claiming attackers had accessed the companys Shopify backend and stolen its customer database; the claimed data theft was not confirmed.
• Pricon Microelectronics, Inc. April 17, 2026 • [ ransomware, data theft, LockBit 5.0 ] Pricon Microelectronics suffered a ransomware attack affecting some servers; LockBit 5.0 later claimed data theft.
• Guesty April 15, 2026 • [ ransomware, extortion, data theft ] Vect claimed it stole 700GB of Guesty data and was negotiating with the company after a ransomware-related extortion listing.
• Unimed April 14, 2026 • [ unauthorized access, data theft, ransomware ] Unknown attackers gained unauthorized access to parts of Unimed's IT infrastructure on April 14, 2026 and stole patient billing data processed for German hospitals and clinics. Affected institutions included university hospitals in Cologne, Freiburg, Heidelberg, Tbingen, Ulm, Dsseldorf, Mainz, Saarland, Oldenburg, Hannover, Gttingen, and others. Reporting indicated the attackers intended broader system encryption, but this was stopped; hospitals said their clinical systems and patient care were not affected.
• Commune d'Anderlues April 8, 2026 • [ cyberattack, data theft, IT shutdown ] Anderlues suffered a municipal cyberattack resulting in data theft and a broad shutdown of communal IT systems.
• Signature Healthcare Brockton Hospital April 6, 2026 • [ cyberattack, data theft, healthcare ] A cyberattack detected on April 6, 2026 affected information systems at Signature Healthcare and Signature Healthcare Brockton Hospital, triggering downtime procedures, ambulance diversion, chemotherapy cancellations, EHR and patient portal outages, pharmacy prescription-fill disruption, lab delays, and medical-record request disruption; Anubis claimed it stole 2 TB of data, but Signature Healthcare did not confirm data theft.
• Equity Life Indonesia April 4, 2026 • [ ransomware, data theft, data encryption ] The Gentlemen ransomware group claimed responsibility for an attack against Equity Life Indonesia on April 4, 2026, threatening to publish stolen data unless contacted. Independent ransomware trackers listed Equity Life Indonesia under The Gentlemen, and CYFIRMA reported the campaign objective as data theft, data encryption, and financial gain, but public sources did not confirm the exact data volume, affected record count, or operational disruption.
• St. Joseph County April 1, 2026 • [ data breach, cloud security, fax server ] St. Joseph County confirmed a breach of an external cloud-based fax server while disputing Handalas broader 2 TB data-theft claim.
• Chime Financial, Inc. April 1, 2026 • [ cyberattack, data theft, server outage ] Islamic Cyber Resistance in Iraq (313 Team), also referenced as Team 313 or 313 Team, allegedly claimed responsibility online for attacking Chime's servers on April 1, 2026, causing a widespread outage that prevented customers from accessing accounts through the application and website. Lawsuits alleged that the incident also involved theft of sensitive customer information from Chime systems, but public reporting did not confirm the exact data volume, technical vector, or whether Chime independently confirmed the data-theft allegations.
• Adaptavist Group March 31, 2026 • [ unauthorized access, stolen credentials, data theft ] Adaptavist Group detected unauthorized access to some systems in late March 2026 after an intruder used stolen credentials. Adaptavist said the accessed systems contained typical business data such as contact information, contracts, and NDAs; The Gentlemen claimed responsibility and claimed 24 GB of data theft, allegedly including source code, customer records, internal documents, credentials, and production-system references, but Adaptavist did not confirm the full claim.
• Statistics South Africa March 29, 2026 • [ cyber breach, data theft, ransomware ] Stats SA said a cyber breach affected one HR database used for online job applications, while XP95 claimed it stole 453,362 files totaling 154 GB and demanded ransom.
• Goodwill of Greater Grand Rapids March 27, 2026 • [ ransomware, extortion, data theft ] Goodwill of Greater Grand Rapids said an attack disrupted part of its network environment and affected store operations, forcing locations across its West Michigan service area to operate on a cash-only basis, while outside reporting tied the incident to an Interlock ransomware extortion claim alleging theft of 80 GB of data.
• An undislcosed organization March 12, 2026 • [ ransomware, social engineering, data theft ] IBM X-Force described a case where a threat actor remained on a compromised server for more than a week and stole data during an Interlock ransomware intrusion. The attack began with ClickFix social engineering and later deployed a PowerShell backdoor called Slopoly (likely AI-assisted), alongside other components such as NodeSnake and InterlockRAT. The article is a case-study/campaign description and does not name the victim organization or quantify the affected records beyond describing persistence and data theft.
• England Hockey March 12, 2026 • [ ransomware, data leak, extortion ] England Hockey said it is investigating after the AiLock ransomware group listed the organization on its leak site and claimed it stole 129GB of data. England Hockey stated it is working with internal teams and external experts to determine what occurred. Public reporting did not confirm encryption or service disruption; the confirmed effect at reporting time was a data-theft/extortion claim under investigation.