Winona County
April 6, 2026
•[ ransomware, data leak, government ]
Winona County, Minnesota experienced a ransomware attack that began April 6, 2026 and was discovered April 7. Officials took affected systems offline, declared a local emergency, requested Minnesota National Guard assistance, and notified the FBI. Later reporting confirmed cybercriminals released information taken from the county network; emergency services and 911 remained operational, while vital statistics and DMV systems were among those impacted.
Equity Life Indonesia
April 4, 2026
•[ ransomware, data theft, data encryption ]
The Gentlemen ransomware group claimed responsibility for an attack against Equity Life Indonesia on April 4, 2026, threatening to publish stolen data unless contacted. Independent ransomware trackers listed Equity Life Indonesia under The Gentlemen, and CYFIRMA reported the campaign objective as data theft, data encryption, and financial gain, but public sources did not confirm the exact data volume, affected record count, or operational disruption.
Amtrak
April 3, 2026
•[ data leak, ransomware, ShinyHunters ]
In April 2026, the hacking group ShinyHunters claimed they had breached Amtrak. The group typically compromises organisations' Salesforce instances before demanding a ransom and later, if not paid, dumping the data publicly. The exposed data contained over 2M unique email addresses along with names, physical addresses and customer support records.
Coral Bay Nickel Corporation
April 2, 2026
•[ ransomware, server encryption, cyberattack ]
Coral Bay Nickel suffered ransomware encryption of two servers, but production systems remained unaffected and operations continued.
Parque Eólico Toabré
March 31, 2026
•[ cyberattack, data leak, ransomware ]
Everest claimed responsibility for a cyberattack against Parque Elico Toabr on March 31, 2026 and threatened to release sensitive data. La Estrella de Panam later listed Parque Elico Toabr among Panamanian technology incidents dated May 9, 2026, and other dark-web monitoring reported an alleged 175GB database leak. Public reporting did not confirm encryption, data destruction, operational disruption, or compromise of wind-farm control systems.
Świętokrzyskie Rehabilitation Center
March 31, 2026
•[ ransomware, encryption, personal data ]
witokrzyskie Rehabilitation Center reported a ransomware attack that encrypted personal-data files and may have exposed data.
Statistics South Africa
March 29, 2026
•[ cyber breach, data theft, ransomware ]
Stats SA said a cyber breach affected one HR database used for online job applications, while XP95 claimed it stole 453,362 files totaling 154 GB and demanded ransom.
ZenBusiness
March 27, 2026
•[ data breach, extortion, ransomware ]
In March 2026, the hacker and extortion group "ShinyHunters" claimed to have obtained a substantial corpus of data from ZenBusiness, a business formation and compliance platform. The group claimed the data had been exfiltrated from platforms including Snowflake, Mixpanel and Salesforce, and threatened to publish it if a ransom was not paid. The following month, after claiming payment had not been made, ShinyHunters publicly released the data. The collection amounted to many terabytes across thousands of files that appeared to originate from multiple systems and business functions, including leads, support records and other CRM-related data. The data contained approximately 5M unique email addresses, often accompanied by name and phone number depending on the source file.
Goodwill of Greater Grand Rapids
March 27, 2026
•[ ransomware, extortion, data theft ]
Goodwill of Greater Grand Rapids said an attack disrupted part of its network environment and affected store operations, forcing locations across its West Michigan service area to operate on a cash-only basis, while outside reporting tied the incident to an Interlock ransomware extortion claim alleging theft of 80 GB of data.
Jackson County Sheriff's Office
March 27, 2026
•[ ransomware, cyberattack, operational disruption ]
A ransomware attack crippled the Jackson County Sheriff's Office in Indiana, taking computers, Wi-Fi, and reporting systems offline and forcing staff to use temporary manual workarounds.
Omax Autos
March 26, 2026
•[ ransomware, cyber security incident, IT infrastructure ]
Omax Autos said its IT department initially suspected a cyber security incident on March 26, 2026, which was later confirmed as a ransomware attack on the company's IT infrastructure; the company said core systems and operations were not impacted.
The Left Party
March 26, 2026
•[ ransomware, data leak, employee data ]
Die Linke said its federal headquarters IT systems were hit by a ransomware attack on March 26, 2026, causing partial disruption, while outside reporting tied the incident to Qilin and a claim of stolen internal and employee data.
ARC Dialysis LLC
March 25, 2026
•[ ransomware, data leak, Personally Identifiable Information (PII) ]
PEAR claimed responsibility for a cyberattack against ARC Dialysis LLC, an independent U.S. dialysis provider, with ransomware-monitoring sources listing an estimated attack date of March 25, 2026 and discovery on April 7, 2026. DataBreach later indexed 310,566 rows allegedly tied to the breach, including Social Security numbers, dates of birth, emails, phone numbers, names, and street addresses. Public sources did not confirm file encryption, operational disruption, or a precise intrusion vector.
Aroostook Mental Health Center
March 24, 2026
•[ ransomware, data leak, network disruption ]
Aroostook Mental Health Center said a recent network disruption affected some business operations and temporarily interrupted connectivity, while outside reporting linked the incident to the Qilin ransomware group and a related leak-site extortion claim.
Centrum Medyczne Eskulap
March 24, 2026
•[ ransomware, medical records, encryption ]
Centrum Medyczne Eskulap reported that a ransomware attack on March 24, 2026 encrypted servers dedicated to patient services and blocked access to medical data and medical histories; reporting also said there was a high probability patient data may have been obtained before encryption, but no theft was confirmed.
Port of Vigo
March 24, 2026
•[ ransomware, critical infrastructure, logistics ]
A ransomware attack disrupted digital systems at Spain's Port of Vigo, affecting servers used for cargo traffic and other services, locking some equipment, and forcing parts of the port's logistics coordination to shift to manual procedures.
Alamo Heights Independent School District
March 23, 2026
•[ ransomware, network attack ]
Alamo Heights ISD suffered a ransomware-related network attack that left the district without Internet access for nearly a week.
Neukölln district heating plant
March 20, 2026
•[ ransomware, internal IT systems, accounting ]
Berlin police confirmed a ransomware attack against the Neuklln district heating plant that had been known since March 20, 2026; reporting said internal IT systems including accounting and internal communications were affected, while technical systems and heat supply remained unaffected.
Berkadia
March 19, 2026
•[ ransomware, finance, technology ]
In March 2026, the commercial real estate finance company Berkadia was the target of a ShinyHunters "pay or leak" extortion campaign. The group subsequently published data they alleged was taken from Berkadia's Salesforce instance, including over 300k unique email addresses as well as names, physical addresses and phone numbers, among other data.
Infinite Campus
March 18, 2026
•[ ransomware, leak, technology ]
In March 2026, the student information system Infinite Campus was targeted in a ShinyHunters "pay or leak" extortion campaign. The group subsequently published data they alleged was taken from Infinite Campus, containing 137k unique email addresses along with names, phone numbers, physical addresses and support tickets. Infinite Campus subsequently sent notifications, advising that the exposed data largely consisted of "names and contact information for school staff" and that "the majority is directory information commonly found on school websites".
