Amtrak
April 3, 2026
•[ data leak, ransomware, ShinyHunters ]
In April 2026, the hacking group ShinyHunters claimed they had breached Amtrak. The group typically compromises organisations' Salesforce instances before demanding a ransom and later, if not paid, dumping the data publicly. The exposed data contained over 2M unique email addresses along with names, physical addresses and customer support records.
Statistics South Africa
March 29, 2026
•[ cyber breach, data theft, ransomware ]
Stats SA said a cyber breach affected one HR database used for online job applications, while XP95 claimed it stole 453,362 files totaling 154 GB and demanded ransom.
Jackson County Sheriff's Office
March 27, 2026
•[ ransomware, cyberattack, operational disruption ]
A ransomware attack crippled the Jackson County Sheriff's Office in Indiana, taking computers, Wi-Fi, and reporting systems offline and forcing staff to use temporary manual workarounds.
Goodwill of Greater Grand Rapids
March 27, 2026
•[ ransomware, extortion, data theft ]
Goodwill of Greater Grand Rapids said an attack disrupted part of its network environment and affected store operations, forcing locations across its West Michigan service area to operate on a cash-only basis, while outside reporting tied the incident to an Interlock ransomware extortion claim alleging theft of 80 GB of data.
ZenBusiness
March 27, 2026
•[ data breach, extortion, ransomware ]
In March 2026, the hacker and extortion group "ShinyHunters" claimed to have obtained a substantial corpus of data from ZenBusiness, a business formation and compliance platform. The group claimed the data had been exfiltrated from platforms including Snowflake, Mixpanel and Salesforce, and threatened to publish it if a ransom was not paid. The following month, after claiming payment had not been made, ShinyHunters publicly released the data. The collection amounted to many terabytes across thousands of files that appeared to originate from multiple systems and business functions, including leads, support records and other CRM-related data. The data contained approximately 5M unique email addresses, often accompanied by name and phone number depending on the source file.
The Left Party
March 26, 2026
•[ ransomware, data leak, employee data ]
Die Linke said its federal headquarters IT systems were hit by a ransomware attack on March 26, 2026, causing partial disruption, while outside reporting tied the incident to Qilin and a claim of stolen internal and employee data.
Omax Autos
March 26, 2026
•[ ransomware, cyber security incident, IT infrastructure ]
Omax Autos said its IT department initially suspected a cyber security incident on March 26, 2026, which was later confirmed as a ransomware attack on the company's IT infrastructure; the company said core systems and operations were not impacted.
Aroostook Mental Health Center
March 24, 2026
•[ ransomware, data leak, network disruption ]
Aroostook Mental Health Center said a recent network disruption affected some business operations and temporarily interrupted connectivity, while outside reporting linked the incident to the Qilin ransomware group and a related leak-site extortion claim.
Port of Vigo
March 24, 2026
•[ ransomware, critical infrastructure, logistics ]
A ransomware attack disrupted digital systems at Spain's Port of Vigo, affecting servers used for cargo traffic and other services, locking some equipment, and forcing parts of the port's logistics coordination to shift to manual procedures.
Centrum Medyczne Eskulap
March 24, 2026
•[ ransomware, medical records, encryption ]
Centrum Medyczne Eskulap reported that a ransomware attack on March 24, 2026 encrypted servers dedicated to patient services and blocked access to medical data and medical histories; reporting also said there was a high probability patient data may have been obtained before encryption, but no theft was confirmed.
Neukölln district heating plant
March 20, 2026
•[ ransomware, internal IT systems, accounting ]
Berlin police confirmed a ransomware attack against the Neuklln district heating plant that had been known since March 20, 2026; reporting said internal IT systems including accounting and internal communications were affected, while technical systems and heat supply remained unaffected.
The Gauteng Provincial Governmen
March 17, 2026
•[ ransomware, data leak, data exfiltration ]
Daily Maverick reported a ransomware-as-a-service syndicate calling itself XP95 claimed it stole 3.8TB of data from the Gauteng Provincial Government. The article describes the breach as a major failure of basic cybersecurity infrastructure and governance, with a massive dataset reportedly lifted/exfiltrated and allegedly offered for sale. The report did not provide a definitive public inventory of affected systems or all data elements, but characterized the exposure as potentially spanning personnel, procurement, and other government records at very large scale.
Dekalb County
March 13, 2026
•[ ransomware, email disruption, inmate booking systems ]
A ransomware attack hit the DeKalb County Sheriffs Department and jail in Smithville, Tennessee, disrupting email and inmate booking systems. Officials said the booking program suddenly stopped during an intake early Friday morning, and the sheriff indicated the main server controlling departmental email and booking software (and other functions) was affected. The report did not specify the ransomware group, the intrusion vector, whether data was stolen, or how long services would remain disrupted.
Duffy’s Sports Grill
March 13, 2026
•[ ransomware, system disruption, payment systems ]
Duffys Sports Grill experienced system problems that disrupted card payments and its MVP rewards program at some Florida locations; outside reporting said Qilin claimed responsibility, but no data theft was confirmed publicly.
England Hockey
March 12, 2026
•[ ransomware, data leak, extortion ]
England Hockey said it is investigating after the AiLock ransomware group listed the organization on its leak site and claimed it stole 129GB of data. England Hockey stated it is working with internal teams and external experts to determine what occurred. Public reporting did not confirm encryption or service disruption; the confirmed effect at reporting time was a data-theft/extortion claim under investigation.
An undislcosed organization
March 12, 2026
•[ ransomware, social engineering, data theft ]
IBM X-Force described a case where a threat actor remained on a compromised server for more than a week and stole data during an Interlock ransomware intrusion. The attack began with ClickFix social engineering and later deployed a PowerShell backdoor called Slopoly (likely AI-assisted), alongside other components such as NodeSnake and InterlockRAT. The article is a case-study/campaign description and does not name the victim organization or quantify the affected records beyond describing persistence and data theft.
Trio-Tech subsidiary
March 11, 2026
•[ ransomware, encryption, data breach ]
The Record reported that Trio-Tech International told regulators its subsidiary in Singapore suffered a ransomware attack discovered on March 11, 2026. The filing said the attack led to encryption of files within the subsidiarys network. Trio-Tech took the network offline, notified law enforcement in Singapore, and hired cybersecurity experts to respond. The company said it was still restoring systems and that it was unclear what data may have been taken, but that the subsidiary was in the process of notifying affected parties.
JBS Brasil
March 9, 2026
•[ ransomware, data leak, corporate data ]
A ransomware group calling itself Coinbasecartel claimed it breached JBS Brasil and obtained approximately 3 TB of corporate data. The report noted the actor did not provide verifiable samples or clear technical indicators supporting the claim, and did not describe the specific file types or whether encryption/disruption occurred.
Community College of Beaver County
March 9, 2026
•[ ransomware, cryptolocker, extortion ]
Community College of Beaver County said it was under an encryption-based cryptolocker attack that forced a lockdown of college IT resources, and later outside reporting tied the incident to an Interlock extortion claim alleging theft of 780 GB of data.
The Independent Public Regional Hospital
March 7, 2026
•[ cyberattack, ransomware, data encryption ]
A cyberattack hit the Independent Public Regional Hospital in Szczecin, Poland, overnight on 03/0703/08/2026, forcing staff to revert to paper-based operations. Hospital authorities said the attack encrypted parts of hospital data and blocked access to critical digital records, temporarily disrupting digital operations. Officials stated urgent treatments and admissions continued, but administrative processes were slower while IT teams worked to restore system access.
