Centre of Registers
April 1, 2026
•[ stolen credentials, unauthorized access, database breach ]
Attackers used stolen or misused login credentials assigned to authorized institutions to access Lithuania's Centre of Registers databases and extract more than 600,000 records from the Real Estate Register and Legal Entities Register. Lithuanian authorities suspected foreign-country involvement, but no specific country or actor was publicly confirmed.
Mercor
March 24, 2026
•[ supply-chain compromise, data leak, source code theft ]
Mercor confirmed it was affected by the LiteLLM supply-chain compromise linked to TeamPCP. Lapsus$ claimed to have stolen more than 4 TB of Mercor data, including a 200+ GB database, nearly 1 TB of source code, and 3 TB of videos and other information; TechCrunch reviewed a sample containing Slack data, ticketing data, and apparent contractor-video material, while Mercor said it contained and remediated the incident and was investigating with outside forensics experts.
Tamaulipas State Government
February 26, 2026
•[ data leak, citizen records, government registry information ]
Attackers accessed databases belonging to the Tamaulipas state government and exfiltrated sensitive citizen records. The stolen data reportedly includes government registry information and personal identification numbers.
Saudi Games 2024 Registration Platform
June 22, 2025
•[ data leak, hacktivism, database breach ]
Pro-Iranian hacktivist group Cyber Fattah claimed access to the Saudi Games 2024 registration platform backend (phpMyAdmin), leaking SQL dumps with thousands of athlete and visitor recordspassport and ID scans, medical forms, IBANsand staff/government credentials as a protest against Saudi authorities.
