Scholengemeenschap Bonaire (SGB)
February 20, 2026
•[ ransomware, phishing, data theft ]
Antilliaans Dagblad reported that Scholengemeenschap Bonaire (SGB) was hit by an international ransomware attack, discovered internally after multiple servers failed to start. Europol reportedly informed police about the broader international attack around the same time. Initial analysis indicated one data server used mainly for archive files was infected, and a relatively small portion of data on that server was stolen; investigators were assessing whether the stolen archive files included personal data. SGB said regular education operations were not impacted because key systems ran in a secured cloud environment (including student/admin platforms and Microsoft Office), and it stated usernames/passwords were not stolen. The school reported filing a police report and notifying the BES data protection oversight body, and required staff and students to change passwords and remain vigilant for phishing.
UFP Technologies
February 14, 2026
•[ unauthorized access, data theft, operational disruption ]
UFP Technologies disclosed that threat actors gained unauthorized access to its IT systems around February 14, 2026, disrupting billing and delivery label generation and resulting in the theft or destruction of company or company-related data.
Figure
February 12, 2026
•[ social engineering, data leak, extortion ]
Figure Technology Solutions confirmed it suffered a data breach after an employee fell victim to a social engineering attack, with attackers obtaining a limited number of files. SecurityWeek reported that the ShinyHunters group took credit and posted archive files on its leak site; Have I Been Pwned analysis identified roughly 967,000 user records in the leaked data. The exposed information includes names, dates of birth, email addresses, postal addresses, and phone numbers. The reporting frames the incident as data theft/extortion without describing service disruption to Figures lending operations.
Conpet
February 4, 2026
•[ cyberattack, ransomware, data breach ]
Romanias national oil pipeline operator Conpet said a cyberattack disrupted parts of its technology infrastructure and knocked its website offline earlier in the week, while operational technology systems (including SCADA and telecoms) remained functional and oil transport operations were not affected. Conpet did not confirm a data breach or name the attacker, but the Qilin ransomware group listed Conpet on its leak site and claimed to have stolen nearly one terabyte of data, publishing images of alleged internal documents, financial records, and passport scans. Conpet said it took immediate mitigation steps, worked with national cybersecurity authorities, and filed a criminal complaint.
Veenkoloniaal Museum (Veendam)
January 7, 2026
•[ ransomware, unauthorized access, data theft ]
The Veenkoloniaal Museum in Veendam experienced a ransomware incident discovered on January 7, 2026, in which the LockBit group gained unauthorized access to systems. Data was stolen and files were rendered inaccessible, affecting digital records and image archives. Individuals whose personal data was involved were notified. The museum restored systems from backups and declined to negotiate with the attackers.
Apex Spine and Neurosurgery
December 9, 2025
•[ unauthorized access, malware, ransomware ]
An unauthorized actor accessed part of Apex Spine and Neurosurgerys computer network, copied files, and deployed malware that locked files on computer systems. The practice said the incident affected 2,500 individuals.
Svenska Kraftnät
October 25, 2025
•[ ransomware, data breach, critical infrastructure ]
Swedens national power grid operator Svenska Kraftnt experienced a data breach on October 25, 2025, when ransomware group Everest accessed an external file-transfer system and claimed to have stolen roughly 280 GB of data. Electricity transmission operations were not affected.
Xubuntu
October 18, 2025
•[ malware, data theft, supply chain attack ]
Pplware reports the official Xubuntu site was briefly compromised; the torrent download link served a ZIP with a Windows EXE that stole sensitive data (e.g., crypto addresses). Xubuntu removed the page and accelerated infra migration; ISO mirrors were unaffected. Financially motivated malware delivery via a trusted brand.
Hamilton County Sheriff’s Office
April 14, 2025
•[ ransomware, data theft, extortion ]
Ransomware attack by the Qilin group encrypted internal systems and took the Hamilton County (Tennessee) Sheriffs Office website offline; attackers demanded $300,000 and claimed data theft, but no exfiltration has been verified; systems fully restored by early May 2025.
Department of Pensions
April 2, 2025
•[ ransomware, data theft ]
Department reported a ransomware attack first notified to CERT on April 2; officials overhauling systems and advising pensioners, with no detailed disruption reported; treated as data-theft incident pending further specifics.
The Children’s Center of Hamden
December 28, 2024
•[ data breach, data theft, unauthorized network activity ]
In late December 2024, The Childrens Center of Hamden detected unauthorized network activity later linked to the criminal group INC. The attack resulted in theft of sensitive patient and staff information including SSNs and medical records. No encryption reported. Public notice issued August 28 2025.
At least one undisclosed government or financial organization
December 1, 2024
•[ malware, espionage, data theft ]
Kaspersky tracks PassiveNeuron using bespoke Neursite and NeuralExecutor implants, often gaining RCE on exposed Windows servers (e.g., via MSSQL) and then staging modular plugins for stealthy collection through compromised internal servers. Campaign-level report without a single victim suitable for event coding.
ARC Community Services
November 4, 2024
•[ unauthorized activity, data breach, protected health information ]
ARC Community Services disclosed it became aware of unauthorized activity in its network on November 4, 2024 and initiated incident response actions, including taking systems offline until operations could be safely restored. During the ensuing investigation and data review, ARC determined that files containing protected health information (PHI) were taken from its network. The potentially affected PHI varies by individual but may include contact information (name/address), date of birth, medical record number, health information, drivers license number, and financial account information.
Undisclosed Victims In Mena
September 1, 2024
•[ malware, data theft ]
Campaign used Facebook ads and Telegram links to deliver Asyncrat and steal data.
