Liberty Mutual Insurance
April 30, 2026
•[ data-extortion, data leak, personal information ]
Everest Group claimed responsibility for a data-extortion attack against Liberty Mutual Insurance on April 30, 2026 and began leaking what it claimed was more than 108 GB of stolen data, including policyholder personal, financial, and insurance information. Public reporting did not confirm encryption, deletion, or operational disruption.
Udemy
April 24, 2026
•[ data leak, extortion, cybercrime ]
In April 2026, online training company Udemy was the victim of a pay or leak extortion attempt perpetrated by the ShinyHunters group. The data was subsequently leaked publicly and contained 1.4M unique email addresses belonging to customers and instructors. The data also included names, physical addresses, phone numbers, employer information and instructor payout methods including PayPal, cheque and bank transfer.
Pitney Bowes
April 20, 2026
•[ extortion, data leak, hacking collective ]
In April 2026, the hacking collective ShinyHunters claimed to have obtained data from Pitney Bowes as part of a broader extortion campaign that also named several other organisations. After negotiations allegedly failed, the group publicly released the data which included 8.2M unique email addresses, along with names, phone numbers and physical addresses. A subset of the data also included Pitney Bowes employee records with job titles.
The Canada Life Assurance Company
April 17, 2026
•[ unauthorized access, data leak, personal information ]
The Canada Life Assurance Company confirmed unauthorized access through an employee account that exposed personal information for up to 70,000 people.
Council of Engineers Thailand
April 15, 2026
•[ data breach, personal information, database security ]
A hacker breached the Council of Engineers Thailand member database while data was being transferred between servers, stealing personal information of approximately 350,000 engineers.
The Northern Ireland Education Authority
April 2, 2026
•[ cyberattack, personal information, data breach ]
The Northern Ireland Education Authority reported a cyberattack on the C2k school IT network that disrupted access and involved targeted access to confidential personal information.
Eholo Health
March 30, 2026
•[ data leak, vulnerability exploitation, medical records ]
XP95 claimed it stole 165 GB of data from Eholo Health, including more than 1.1 million medical notes and personal information tied to 601,308 users, after exploiting a vulnerability in the company's systems.
City of Martinsville
March 25, 2026
•[ data breach, personal information, municipal computer systems ]
The City of Martinsville disclosed that, on or about March 25, 2026, its technology team became aware of disruptions to municipal computer systems and took steps to stop the incident. Early reporting said some services in the city municipal building could be delayed or limited for the rest of the week. The city later said personal information may have been accessed by the perpetrators, but public reporting did not identify the threat actor, confirm ransomware or encryption, specify the disruption mechanism, or quantify the affected data.
Liberty
March 23, 2026
•[ unauthorized access, data leak, personal information ]
Liberty notified customers that unauthorized access to personal information had occurred and said the exposed data included names, surnames, and identity numbers, while policies, investments, and services remained secure and operational.
Le Centre national des œuvres universitaires et scolaires
March 23, 2026
•[ data leak, data exfiltration, personal information ]
The Cnous said data was exfiltrated from its mesrdv.etudiant.gouv.fr appointment platform, exposing personal information from student social-services and housing appointments taken over the past ten years.
COMPAS (French Ministry of Education)
March 15, 2026
•[ data leak, intrusion, personal information ]
An intrusion into the French Education Ministry's COMPAS system exposed personal information linked to approximately 243,000 trainees and permanent education staff.
Medica Publishing Co., Ltd
March 13, 2026
•[ ransomware, data leak, personal information ]
A ransomware attack encrypted Medica Publishings systems on March 13, 2026, halting order processing, shipping, and customer inquiries, and the company later confirmed leakage of some personal and transaction-related information.
Station Casinos LLC
March 5, 2026
•[ unauthorized access, personal information, PII ]
Station Casinos LLC identified unauthorized external access to its systems on March 5, 2026 and began notifying affected individuals in May 2026. Public filings confirmed names were exposed and warned that additional personal information may have been compromised, but the company had not publicly confirmed the total number of affected individuals.
SUCCESS
March 4, 2026
•[ data breach, personal information, password hashes ]
In March 2026, the personal development and achievement media brand SUCCESS suffered a data breach. The incident exposed 250k unique email addresses along with names, IP addresses, phone numbers and, for a limited number of staff members, bcrypt password hashes. The data also included orders containing physical addresses and the payment method used. In SUCCESS' disclosure notice, they advised their system had also been abused to send offensive newsletters with quotes falsely attributed to contributors.
Lovora
February 25, 2026
•[ data breach, personal information, email addresses ]
In February 2026, the couples and relationship app Lovora allegedly suffered a data breach that exposed 496k unique email addresses. The data also included users display names and profile photos, along with other personal information collected through use of the app. The apps maker, Plantake, did not respond to multiple attempts to contact them about the incident.
youX
February 15, 2026
•[ unauthorized access, data leak, exfiltration ]
youX (Australian finance technology platform) confirmed unauthorized access by a third party after a threat actor released data it claimed to have obtained during the incident. Public reporting said youX had flagged an IT security incident about a week earlier and that personal information may have been compromised. External threat reporting associated the incident with a large-scale exfiltration claim (hundreds of gigabytes) affecting borrowers and broker organizations, consistent with data-theft extortion behavior. The companys public statements centered on incident response actions, engagement with external experts, and regulatory notification while it worked to determine the precise scope and which individuals and organizations were impacted.
Cloud Imperium Games (CIG)
January 21, 2026
•[ unauthorized access, data breach, personal information ]
Cloud Imperium Games disclosed that on January 21, 2026 it was targeted by a sophisticated attack that resulted in unauthorized access to some backup systems with limited access to users basic account details. The company said impacted data included metadata, contact details, username, date of birth, and name. It stated the access was read-only and that no passwords or financial/payment information were stored in or accessible from the affected systems, and it had no indication the data had been leaked publicly at the time of disclosure.
Zealthy
January 16, 2026
•[ data leak, health information, personal information ]
Records advertised as Zealthy data were offered for sale online in January 2026, with sample files showing patient personal and health information; Zealthy had not publicly confirmed the incident in the reporting reviewed.
ICE List site
January 13, 2026
•[ denial-of-service attack, data leak, personal information ]
A website known as ICE List, operated by Netherlands-based immigration activist Dominick Skinner and described as dedicated to leaking personal information about U.S. immigration and border personnel, went offline following a denial-of-service attack on the evening of January 13, 2026. Reporting said the outage occurred shortly after media coverage that Skinner planned to publish additional personal data allegedly obtained from a whistleblower. Skinner stated it was only possible to speculate on who directed the attack but claimed a large amount of traffic appeared to come from Russia, consistent with bot traffic intended to overwhelm the site and disrupt access.
Tokyo FM Broadcasting Co., LTD
January 1, 2026
•[ data leak, personal information, telemetry ]
HackRead reported that on January 1, 2026 an actor using the alias victim claimed to have breached Tokyo FMs private computer systems and stolen data exceeding three million records. The stolen dataset was described as containing personal details (full names, birthdays, email addresses) plus technical telemetry (IP addresses and user-agent strings). The actor also claimed to have obtained internal system login IDs and information related to individuals jobs. The report emphasized that the claim was listed as pending verification at the time of publication, but Tokyo FM was described as investigating the allegation.