Odido
February 12, 2026
•[ data breach, extortion, data leak ]
In February 2026, the Dutch telco Odido was the victim of a data breach and subsequent extortion attempt. Following the incident, 1M records containing 317k unique email addresses was published publicly, with a threat by the attackers to continue leaking more data in the following days. The data also included names, physical addresses, phone numbers, bank account numbers and notes about customers left by service operators. Odido has published a disclosure notice detailing the extent of the incident, providing an FAQ and advising the incident also impacted dates of birth, passport and drivers licence numbers.
Odido
February 12, 2026
•[ data breach, extortion, data leak ]
In February 2026, Dutch telco Odido was the victim of a data breach and subsequent extortion attempt. Shortly after, 1M records containing 317k unique email addresses were published, followed by further releases exposing an additional 371k and then 833k unique email addresses, with the latter also including passport, drivers licence and European national ID numbers. The exposed data includes names, physical addresses, phone numbers, bank account numbers and customer service notes. Odido has published a disclosure notice advising that impacted data may also include dates of birth and government-issued identity document numbers.
Endesa
January 13, 2026
•[ data breach, unauthorized access, data exfiltration ]
SecurityWeek reported that Spanish energy company Endesa notified customers about a data breach involving unauthorized access to its commercial platform, also impacting customers of its gas distributor Energia XXI. Endesa stated that attackers accessed and likely exfiltrated basic customer identification information, contact details, national identification numbers (DNI), contract information, and payment details including IBANs. The company said passwords were not compromised and that the incident was contained quickly, with additional safeguards implemented and notifications sent to affected customers.
Netstar Australia
January 5, 2026
•[ ransomware, data leak, financial data ]
Netstar Australia, a Melbourne-based telematics and GPS fleet tracking provider, was named on a ransomware leak site in December 2025 by the Black Shrantac ransomware group. The threat actors alleged they compromised Netstars systems and stole customer, financial, and database information, claiming roughly 800GB of data and posting sample files said to include internal records related to staff, tax, equipment, and customers. Public reporting noted that Netstar had not provided a detailed public statement confirming the claims at the time of publication.
Bolttech
January 5, 2026
•[ ransomware, data leak, extortion ]
Cybernews reported that the Everest ransomware group claimed to have stolen about 186GB of data from Bolttech (a global insurance infrastructure platform) and demanded ransom. The group claimed the dataset includes employee/agent account details (emails, names, roles, identifiers), customer information and contact details, policy data, mortgage-related records, insured property addresses, and financial parameters/identifiers. The group posted samples and a countdown timer on its leak site, threatening to publish the data if Bolttech did not respond. The article notes the claim was based on the leak-site post and that confirmation from Bolttech was being sought.
Esquire Brands
January 2, 2026
•[ ransomware, data leak, extortion ]
Cybernews reported that Esquire Brands (a childrens footwear maker operating several brands/licenses) was posted on the Play ransomware leak site, with attackers threatening to publish stolen data shortly thereafter. According to the leak-site post summarized in the article, the attackers claimed they obtained client documents, payroll data, and finance information. The report frames the incident as data theft with extortion leverage (typical double-extortion posture).
Alpine Lumber
December 14, 2025
•[ ransomware, data leak, personally identifiable information ]
Alpine Lumbers posted notice states that on December 22, 2025 it determined certain network devices were encrypted with ransomware. The companys investigation found that between December 14 and December 22, 2025 an unauthorized actor viewed and obtained files stored on a file server. Alpine completed its file review and determined on February 5, 2026 that the affected files included employment-purpose information such as names, addresses, Social Security numbers, dates of birth, and health insurance plan enrollment information, and may also have included policy numbers, medical information, government IDs, financial account data, and payment card data. Alpine stated it notified law enforcement and began mailing letters and offering credit monitoring.
Advanced Family Surgery Center (AFSC)
November 26, 2025
•[ data leak, healthcare, protected health information ]
Threat actors identifying as Genesis claimed they compromised Advanced Family Surgery Center (AFSC) in Oak Ridge, Tennessee, and later added the organization to their leak site, asserting that about 100 GB of data had been exfiltrated from company file servers. The reported dataset included healthcare data, personal data, financial data, user folders, and operational files. The reporting outlet reviewed sample files and indicated they contained protected health information such as patient names, dates of birth, full Social Security numbers, dates of service, physician details, and insurance information. At the time of reporting, no official public notification by the provider had been located.
Legal Practice Board of Western Australia
October 2, 2025
•[ ransomware, data leak, health data ]
Ransomware attack in May led to compromise of additional data beyond initial disclosure; impacted info includes health, financial, and personal data.
Canadian Tire
October 2, 2025
•[ data breach, retail, PII ]
In October 2025, retailer Canadian Tire was the victim of a data breach that exposed almost 42M records. The data contained 38M unique email addresses along with names, phone numbers and physical addresses. Passwords were stored as PBKDF2 hashes and for a subset of records, dates of birth and partial credit card data were also included (card type, expiry and masked card number). In its disclosure notice, Canadian Tire advised that the incident did not impact bank account information or loyalty program data.
Thayer Hotel at West Point
September 19, 2025
•[ unauthorized access, data breach, personally identifiable information ]
On 19 September 2025 the Thayer Hotel at West Point experienced unauthorized access to its computer systems, prompting a forensic investigation and containment measures. The hotel later confirmed that an Undetermined actor accessed systems holding data on roughly 33,053 individuals and that exposed information could include names, dates of birth, postal addresses, Social Security numbers, drivers license and passport numbers, state IDs, email addresses and some medical or financial data for guests and employees. A formal Notice of Data Security Incident dated 31 October 2025 describes the breach, and law firms have begun investigating potential claims while the hotel offers credit monitoring through Kroll.
Undisclosed Southeast Asian conglomerate
July 1, 2025
•[ intrusion, data exfiltration, corporate data ]
The Osiris threat group conducted a prolonged intrusion against an undisclosed Southeast Asian conglomerate beginning in mid-2025, resulting in the exfiltration of large volumes of sensitive corporate and financial data. The incident is documented through security research and attacker leak site claims, without confirmation of ransomware encryption.
