MyPillow
May 25, 2026
•[ ransomware, data leak, financial data ]
Play claimed it breached MyPillow and stole private company, employee, financial, and client documents. After CEO Mike Lindell denied the breach, the group published approximately 9.8GB of internal files, reportedly including payroll records, tax forms, bank statements, audit files, and client invoices.
Pitney Bowes
April 20, 2026
•[ extortion, data leak, hacking collective ]
In April 2026, the hacking collective ShinyHunters claimed to have obtained data from Pitney Bowes as part of a broader extortion campaign that also named several other organisations. After negotiations allegedly failed, the group publicly released the data which included 8.2M unique email addresses, along with names, phone numbers and physical addresses. A subset of the data also included Pitney Bowes employee records with job titles.
Shine Aviation
April 4, 2026
•[ data leak, employee credentials, employee records ]
Anubis claimed on April 4, 2026 that it obtained 57 GB, or more than 68,000 files, from Geraldton-based Shine Aviation, including alleged employee credentials and records, access-card scans, operational documentation, and aircraft-related certificates; the claim was not independently verified.
Charter Communications, Inc.
April 1, 2026
•[ vishing, data leak, employee records ]
ShinyHunters claimed it breached Charter Communications on April 1, 2026 through a vishing attack that compromised an employee Microsoft Entra account and enabled access to Charter's Salesforce instance. BleepingComputer and Have I Been Pwned reported that the later published dataset exposed 4.9 million unique email addresses/accounts, along with names, phone numbers, and physical addresses; a subset of approximately 85,000 internal employee-directory records also included job titles. Public reporting did not confirm encryption, data destruction, or operational disruption.
Remita Payment Services Ltd
March 31, 2026
•[ data exfiltration, KYC documents, database leak ]
Remita Payment Services Ltd was named in Nigerian data-protection investigations after ByteToBreach claimed to have exfiltrated approximately 3 TB of data from Remita-linked systems, including KYC documents, databases, logs, backups, source code, password hashes, and customer and employee records. The Nigeria Data Protection Commission served notices of investigation on April 1, 2026, and the claimed data theft remains under investigation.
Sterling Bank Plc
March 18, 2026
•[ CVE-2025-55182, remote code execution, data leak ]
ByteToBreach exploited CVE-2025-55182 in Sterling Banks internet-facing pilot infrastructure on March 18, 2026, gaining unauthenticated remote code execution, conducting internal reconnaissance, and publishing artefacts that Web Security Lab assessed as technically substantiating compromise of customer and employee records.
Starbucks
January 19, 2026
•[ phishing, credential theft, data breach ]
Starbucks disclosed a data breach affecting nearly 900 employees after attackers accessed Partner Central (the employee portal used to manage personal details, payroll, and benefits). Starbucks detected the incident on February 6, 2026 and said attackers obtained employee credentials through a phishing attack using fake websites mimicking the Partner Central portal. The company stated unauthorized access to employee accounts occurred between January 19 and February 11, 2026. Starbucks said some employees personal information may have been accessed,including names, Social Security numbers, dates of birth, and bank account and routing numbers, and that affected employees were offered identity-protection services.
Ungava Tulattavik Health Centre (UTHC)
January 11, 2025
•[ cyberattack, data leak, healthcare ]
Ungava Tulattavik Health Center in Kuujjuaq (Nunavik, Quebec) disclosed it was the victim of a cyberattack in November 2025. The centre said the attack was blocked upon detection, but warned that files containing clinical and administrative information related to some people who use the health centre and some employees may have been stolen. The centre established a crisis unit, deployed enhanced surveillance/security tools, and worked with the Sret du Qubec, the Nunavik Regional Board of Health and Social Services, and Sant Qubecs Cyber Defence Operational Centre during the investigation. Officials advised users and employees to monitor bank accounts and watch for suspicious emails or calls while the incident response and review continued.
