Charter
May 23, 2026
•[ extortion, data leak, ShinyHunters ]
In May 2026, the telecommunications company Charter Communications (the parent company behind the consumer broadband and cable brand Spectrum) was named by the ShinyHunters group in a "pay or leak" extortion campaign. The group later published the data, which exposed 4.9M unique email addresses along with names, phone numbers and physical addresses. A subset of approximately 85k records originating from an internal employee directory also included job titles. Charter confirmed the incident, but stated that no sensitive personal information or customer proprietary network information (CPNI) was exfiltrated.
Gelatissimo
April 27, 2026
•[ data leak, ransomware, financial data ]
DragonForce listed Australian gelato franchiser Gelatissimo on its leak site around April 27, 2026 and claimed to have stolen more than 350 GB of data, with other reporting specifying 352.24 GB. The claimed data included sensitive employee data, financial details, operational information, and executive contact details, and the group threatened publication unless the company responded; reviewed reporting did not confirm encryption or operational disruption.
The Left Party
March 26, 2026
•[ ransomware, data leak, employee data ]
Die Linke said its federal headquarters IT systems were hit by a ransomware attack on March 26, 2026, causing partial disruption, while outside reporting tied the incident to Qilin and a claim of stolen internal and employee data.
Missouri State Government Employee Self-Service
December 31, 2025
•[ unauthorized access, forensic investigation, financial fraud prevention ]
Missouris Office of Administration temporarily shut down the Employee Self-Service portal to contain suspicious activity and support a forensic investigation. The agency said the incident was highly localized and involved 47 accounts, and that fraud protection systems detected the unauthorized activity and prevented unauthorized transactions. Reporting noted the issue centered on an unauthorized attempt to access workers deferred savings account information and that the portal remained offline while the state worked to restore service before the next pay date, with contingency plans for pay stubs and W-2 access if downtime continued.
Hyundai AutoEver America
February 22, 2025
•[ data leak, employee data, PII exposure ]
Hyundai AutoEver America, an IT services affiliate of Hyundai Motor Group based in Orange County, California, reported that Undetermined attackers gained unauthorized access to its IT environment between February 22 and March 2, 2025, with the incident discovered on March 1. Forensic investigation and U.S. state regulator filings indicate that personal information stored in employment related systems was exposed, including names, Social Security numbers, and drivers license details. Subsequent updates clarified that approximately 2,000 primarily current and former employees of Hyundai AutoEver America and Hyundai Motor America were notified. The company engaged external cybersecurity experts, cooperated with law enforcement, and is offering two years of credit monitoring while stressing that no connected vehicle data or broader customer information appears to have been affected.
Pro Medicus
January 7, 2025
•[ data leak, email compromise, employee data ]
Pro Medicus disclosed that it investigated unauthorized access by an unknown third party to a single email inbox in July 2025. The company said it engaged external cybersecurity experts, secured the inbox, and contained the incident. Its analysis concluded the access was isolated to one mailbox and did not provide access to any client systems or patient data; it also stated there was no operational impact or financial loss. Pro Medicus reported that PII for approximately 100 current and former employees could potentially have been accessed and that the affected individuals were notified.
Ahold Delhaize USA Services, LLC
November 5, 2024
•[ ransomware, unauthorized access, employee data ]
Ahold Delhaize USA detected unauthorized access to U.S. business systems on November 56, 2024. The incident disrupted some U.S. brand, pharmacy, e-commerce, and internal systems, and INC Ransom later claimed responsibility. Ahold Delhaize said files were taken from internal U.S. business systems and later disclosed that 2,242,521 individuals were affected, mostly current and former employees, dependents, and beneficiaries; DataBreach indexed 417,907 rows tied to the breach. The company said customer payment and pharmacy systems were not believed to have been affected.
NewsBank
June 20, 2024
•[ data leak, employee data, class action ]
Employee data breach at NewsBank discovered around July 1, 2024; investigation found unauthorized access June 20July 1, 2024 to systems holding employee PII (names, SSNs, DL, financial/credit-debit data; possible medical info). Class action reported Feb 20, 2025; no actor publicly identified.
VisitFaroeIslands.com
March 4, 2023
•[ defacement, data leak, employee data ]
The SeigedSec hacking group claims to have defaced the tourist website for the Faroe Islands '" a self-governing territory of the Kingdom of Denmark '" and to have stolen employee data and other sensitive information.
