YES Bank / BookMyForex
February 24, 2026
•[ financial fraud, unauthorized transactions, prepaid forex card breach ]
Attackers used compromised YES Bank and BookMyForex prepaid forex card details to conduct unauthorized USD-BRL transactions at multiple merchants. Roughly 5000 customers were affected and about $280000 in fraudulent transactions were processed before the activity was blocked.
The Connecticut Port Authority
January 22, 2026
•[ Business Email Compromise, Phishing, Financial Fraud ]
Connecticut Port Authority officials reported that a subtle change in an email address used to pay a vendor resulted in a fraudulent party receiving more than $16,000 from the quasi-public agency. The report said $16,666 was stolen and that $14,166 of that amount was recovered through an insurance claim. The incident triggered operational changes including renewed focus on encryption and security practices and recurring cybersecurity training. The article did not provide the precise date of the payment, only that it occurred the prior year relative to the January 22, 2026 report.
Warren County
December 12, 2025
•[ phishing, Business Email Compromise (BEC), payment diversion ]
Warren County officials said the county Treasurers Office transmitted two electronic payments to a fraudulent bank account as part of a phishing scheme: one for $2.1 million on December 12, 2025, and another for $1.2 million on December 22, 2025. The incident was investigated by the Warren County Sheriffs Office, which reported identifying a person of interest. At the time of reporting, officials said the $1.2 million payment had been recovered and restored, while the initial loss totaled $3.3 million. The report frames the event as successful payment diversion via phishing/BEC rather than system disruption.
At least one undisclosed retail/consumer-services organisation
October 23, 2025
•[ financial fraud, account compromise, cloud security ]
Threat cluster Jingle Thief compromises cloud accounts at retailers/consumer services to issue high-value gift cards at scale, maintaining persistence (rogue MFA apps, Entra enrollments) and living-off-the-land in M365; activity spiked AprilMay 2025 and is financially motivated fraud rather than service disruption. Campaign-level intel, not a single-victim event.
National prison management platform of the National Penitentiary Administration (ANP)
August 1, 2025
•[ insider threat, financial fraud, unauthorized access ]
A prisoner in the Dej hospital prison hacked tablet/kiosk systems used to access the national inmate-services portal, manipulating requests and financial accounts tied to commissary and sentence-credit workflows. Activity persisted for weeks across multiple institutions before detection; the union and national media detail platform misuse and credential abuse rather than broad IT outages.
PIX banking transaction system
July 4, 2025
•[ cybercrime, financial fraud ]
Police in Brazil arrested a suspect tied to a $100M+ banking hack scheme; article frames it as multi-bank cybercrime operation.
KT Corporation
June 1, 2025
•[ financial fraud, data breach ]
KT told lawmakers its CEO would step down once the unauthorized micropayment breach is resolved. The case involves widespread illicit small-value charges through subscriber accounts, prompting government probes, customer redress, and leadership accountability. Technical details point to abuse of payment flows rather than core network outage; impact is financial and reputational, not operational.
McDonald’s Instagram page
August 21, 2024
•[ social media hack, cryptocurrency scam, rug pull ]
Scammers hack the official McDonalds Instagram page and make off with over $700,000 in Solana after using the fast food giants social media page to promote and rug a memecoin called Grimace.
