Search Results for "extortion"

Soreco March 5, 2026 • [ ransomware, data theft, extortion ] Swiss business software provider Soreco confirmed it was hit by a ransomware attack. The Bravox group claimed responsibility on its leak site and asserted it stole roughly 118.2 GB of Soreco data while attempting to extort the company. Soreco told media that operational impact was minimal and that it did not intend to pay the ransom. Public reporting did not specify the intrusion vector, affected systems, or whether any data was published at the time of reporting.

Woflow March 5, 2026 • [ supply-chain risk, extortion, data leak ] ShinyHunters claimed it compromised Woflow, an AI-driven merchant data platform, in what was described as a supply-chain risk for major clients. The group threatened to leak data by March 6, 2026 if demands were not met, and claimed it stole internal corporate information, personally identifiable information, and transaction/order details. Reporting noted the group did not provide a verifiable public data sample and Woflow did not provide a public response at the time, so the incident remains an alleged breach based on the extortion claim.

Woflow March 4, 2026 • [ data breach, extortion, PII ] In March 2026, the AI-driven merchant data platform Woflow was named as a victim by the ShinyHunters data extortion group. The group subsequently published tens of thousands of files allegedly obtained from the company, comprising more than 2TB of data. The trove included hundreds of thousands of email addresses, names, phone numbers and physical addresses, with the data indicating it related to Woflow customers and, in turn, the customers of merchants using their platform.

Ameriprise March 2, 2026 • [ extortion, data leak, ShinyHunters ] In March 2026, the financial services firm Ameriprise Financial was named by the ShinyHunters group in a "pay or leak" extortion campaign. The group claimed possession of more than 200GB of compressed data exfiltrated from Ameriprise's Salesforce environment and internal SharePoint infrastructure, and subsequently published the data after negotiations allegedly failed. The published data contained 500k unique email addresses as well as names, phone numbers, physical addresses and employer information. In their disclosure to state attorneys general, Ameriprise reported 47,876 affected people; the larger email address population represents contacts from Ameriprise's broader operational systems, including internal staff. Ameriprise further advised that they have "implemented heightened monitoring of your account(s) to include enhanced identity verification procedures".

Wagon Mound Public Schools February 27, 2026 • [ ransomware, virus, extortion ] Wagon Mound Public Schools said a virus infected its systems and shut down access across the network, and later outside reporting tied the incident to an Interlock ransomware extortion claim alleging theft of 80 GB of staff and student data.

Local 100 chapter of the Transport Workers Union of America February 24, 2026 • [ ransomware, data leak, identity theft ] SC Media reported that Qilin claimed to have breached TWU Local 100 (NYC transit union) and published stolen data on its leak site, putting over 41,000 active transit workers and 26,000 retirees at risk of identity theft. The report notes Qilin did not specify how much data was taken, but highlighted that the union retains sensitive employee information such as contact details, salary information, job titles, medical and insurance benefits, and retirement/pension planning information. The report frames the incident as a ransomware groups breach claim with a presumed data-theft/extortion outcome.

CarGurus February 14, 2026 • [ data breach, extortion, data leak ] In February 2026, the automotive marketplace CarGurus was the target of a data breach attributed to the threat actor ShinyHunters. Following an attempted extortion, the data was published publicly and contained more than 12M email addresses across multiple files including user account ID mappings, finance pre-qualification application data and dealer account and subscription information. Impacted data also included names, phone numbers, physical and IP addresses, and auto finance application outcomes.

Odido February 12, 2026 • [ data breach, extortion, data leak ] In February 2026, Dutch telco Odido was the victim of a data breach and subsequent extortion attempt. Shortly after, 1M records containing 317k unique email addresses were published, followed by further releases exposing an additional 371k and then 833k unique email addresses, with the latter also including passport, drivers licence and European national ID numbers. The exposed data includes names, physical addresses, phone numbers, bank account numbers and customer service notes. Odido has published a disclosure notice advising that impacted data may also include dates of birth and government-issued identity document numbers.

Odido February 12, 2026 • [ data breach, extortion, PII ] In February 2026, Dutch telco Odido was the victim of a data breach and subsequent extortion attempt. Shortly after, a total of 6M unique email addresses were published across four separate data releases over consecutive days. The exposed data includes names, physical addresses, phone numbers, bank account numbers, dates of birth, customer service notes and passport, drivers licence and European national ID numbers. Odido has published a disclosure notice including an FAQ to support affected customers.

Figure February 12, 2026 • [ social engineering, data leak, extortion ] Figure Technology Solutions confirmed it suffered a data breach after an employee fell victim to a social engineering attack, with attackers obtaining a limited number of files. SecurityWeek reported that the ShinyHunters group took credit and posted archive files on its leak site; Have I Been Pwned analysis identified roughly 967,000 user records in the leaked data. The exposed information includes names, dates of birth, email addresses, postal addresses, and phone numbers. The reporting frames the incident as data theft/extortion without describing service disruption to Figures lending operations.

Odido February 12, 2026 • [ data breach, extortion, data leak ] In February 2026, the Dutch telco Odido was the victim of a data breach and subsequent extortion attempt. Following the incident, 1M records containing 317k unique email addresses was published publicly, with a threat by the attackers to continue leaking more data in the following days. The data also included names, physical addresses, phone numbers, bank account numbers and notes about customers left by service operators. Odido has published a disclosure notice detailing the extent of the incident, providing an FAQ and advising the incident also impacted dates of birth, passport and drivers licence numbers.

Nippon Medical School Musashi Kosugi Hospital (æ—¥æœ¬åŒ»ç§‘å¤§å¦æ¦è”µå°æ‰ç—…é™¢) February 6, 2026 • [ ransomware, data breach, healthcare ] Japans Nippon Medical School Musashi Kosugi Hospital disclosed it suffered a ransomware attack after nurse-call terminals malfunctioned and investigation found its nurse-call system servers were attacked. The hospital stated patient personal information stored on the nurse-call system servers was stolen and that the intrusion path was tied to a maintenance VPN device. Public reporting in Japan said attackers demanded a large ransom (reported internationally as about $100 million). The hospital stated it would not comply with the ransom demand and reported that clinical services continued while investigation and recovery actions proceeded.

Iron Mountain February 3, 2026 • [ unauthorized access, extortion, compromised credentials ] Iron Mountain said a breach claim by the Everest extortion gang was limited to access to a single folder on a file-sharing server that primarily contained marketing materials. The company stated that a single compromised login credential was used, the credential was deactivated, and there was no ransomware or malware involvement beyond the unauthorized access. Iron Mountain also said no other systems were breached and that no customer confidential or sensitive information was involved.

Onze-Lieve-Vrouwinstituut Pulhof February 2, 2026 • [ ransomware, encryption, extortion ] Belgian media reported that OLV Pulhof in Berchem was hacked and its servers were encrypted, consistent with a ransomware incident. The attackers demanded payment and reportedly threatened to publish personal data of students and staff if the ransom was not paid. In a follow-up, school leadership said they had no information that data had actually been leaked at that time and that they were closely monitoring the situation with responders. The incident primarily produced disruption through system encryption and extortion pressure; confirmed data exposure was not established in the referenced update.

Waltio January 24, 2026 • [ data leak, extortion, cryptocurrency ] French crypto tax platform Waltio reported being targeted by the ShinyHunters group, which claimed to possess personal data for nearly 50,000 users and threatened to leak users 2024 tax reports unless a ransom was paid. Waltio stated that its services and production systems remained secure and that no sensitive banking credentials or crypto access data was compromised. The incident primarily involves alleged data theft and extortion threats rather than service disruption, with the full scope of stolen fields not detailed in the summary.

CarMax January 24, 2026 • [ data breach, extortion, data leak ] In January 2026, data allegedly sourced from US automotive retailer CarMax was published online following a failed extortion attempt. The data included 431k unique email addresses along with names, phone numbers and physical addresses.

Crunchbase January 23, 2026 • [ vishing, social engineering, credential theft ] Reporting on an Okta SSO vishing (voice-phishing) campaign, ShinyHunters reportedly confirmed to a researcher that it conducted the campaign and launched a new dark web leak site. According to the report, ShinyHunters claimed that multiple victims had their data posted after refusing extortion demands, naming Crunchbase, SoundCloud, and Betterment as initial examples. The incident reflects social-engineering-driven credential theft leading to unauthorized access and data theft, followed by extortion and publication of alleged victim data.

Medical Practice of Dr. Richard Swift January 12, 2026 • [ malware, cyberattack, data leak ] DataBreaches reported on a class action lawsuit alleging that a Manhattan plastic surgery practice run by Dr. Richard Swift was compromised by a malware-related cyberattack in 2025 and that sensitive patient information was posted online. The suit alleged that a site hosted outside the U.S. displayed personal identifiers and medical record details for at least 22 patients, and that affected patients only learned about the breach after attackers contacted them directly. DataBreaches noted the same threat actors were linked to attacks on other plastic surgery practices and described a recurring pattern where attackers approached patients with demands in exchange for removing posted information. Public reporting did not confirm whether the practice paid, and the article noted the leak site later appeared offline.

Nissan Motor Corporation (Nissan Motor Co., Ltd.) January 10, 2026 • [ ransomware, data leak, extortion ] HackRead reported that the Everest ransomware group claimed it breached Nissan Motor Corporation and stole about 900GB of internal data. The article said the group posted the allegation on its leak site on January 10, 2026 and shared screenshots and directory listings suggesting access to internal operational documents, data extracts, and dealership-related records. Everest reportedly threatened to publish the data if Nissan did not respond within a set timeframe. Nissan had not publicly confirmed the claim at the time of reporting.

Brightspeed January 5, 2026 • [ cybersecurity event, extortion, data breach ] Brightspeed said it is investigating reports of a cybersecurity event after the Crimson Collective extortion group claimed it breached the company and stole personal data tied to more than one million residential customers. Reporting described the attackers claimed dataset as including names, emails, phone numbers, postal addresses, user account information linked to session or user IDs, payment history, partial payment card information, and appointment or order records containing customer information. Brightspeed publicly stated it takes security seriously and is investigating the reports and would keep customers, employees, and authorities informed as it learns more.

Search Results (extortion)