Search Results for "unauthorized access"

DentaQuest May 23, 2026 • [ data leak, extortion, healthcare ] In May 2026, the dental benefits administrator DentaQuest was the target of a ShinyHunters "pay or leak" extortion campaign that resulted in the group publicly publishing hundreds of gigabytes of data allegedly obtained from the company. The data included 2.6M unique email addresses along with names, addresses and phone numbers. Much of the data appeared in healthcare enrollment files (ASC X12 transaction sets) with some containing Medicaid IDs, while additional data appeared in member records and related files. DentaQuest acknowledged "a cybersecurity incident involving unauthorized access to a limited portion of our network", and advised they had contained the attack and mitigated the threat.

Undisclosed Vietnamese ministry-level agency 2 May 22, 2026 • [ data breach, cyberattack, unauthorized access ] Vietnamese cybersecurity authorities said hackers infiltrated one of two ministry-level agency systems containing millions of user records. VNCERT investigated the incidents on May 21-22, 2026, and reported that existing SOC monitoring systems at the affected agencies failed to detect the attacks.

Kinsmen Foundation May 22, 2026 • [ unauthorized access, data leak, contact information ] The Kinsmen Foundation, which runs Saskatchewan's TeleMiracle fundraiser, disclosed unauthorized access to certain applications on its systems. The incident was contained, regular operations and services were not affected, and the foundation said contact information and email addresses may have been exposed. The foundation notified law enforcement, engaged third-party experts, and said impacted donors would be contacted through Cyberscout.

Central Board of Secondary Education May 21, 2026 • [ unauthorized access, payment gateway vulnerability, price manipulation ] The CBSE revaluation portal's payment system was hit by an unauthorized malicious attack linked to the HDFC payment gateway integration when the portal went live. Approximately 50 students gained unauthorized access or were affected after displayed fee amounts were manipulated, causing payable amounts in some cases to range from Re 1 to nearly Rs 67,000-68,000. Public reporting did not identify the individuals or confirm theft of student data.

Presidential Office of the Republic of North Macedonia May 21, 2026 • [ insider threat, espionage, data theft ] An unnamed IT administrator in the Presidential Office of the Republic of North Macedonia was reportedly suspected of copying, decrypting, encrypting, and storing confidential state data from presidential administration computer systems, with allegations that the material may have been intended for a foreign intelligence service. Public reporting did not name the administrator, identify the foreign service, quantify the data, or confirm operational disruption.

Grafana Labs May 11, 2026 • [ source code leak, extortion, compromised credentials ] Grafana Labs confirmed that a cybercrime group used a compromised GitHub token to access its GitHub repositories and download its codebase and internal GitHub repository content. The attackers demanded ransom to prevent disclosure, but Grafana said customer production systems, Grafana Cloud, customer operations, customer data, and personal information from production systems were not compromised.

Škoda Auto May 11, 2026 • [ data leak, vulnerability exploitation, unauthorized access ] Attackers exploited a vulnerability in koda Auto's online shop software and gained temporary unauthorized access to the shop system. koda said customer names, addresses, contact details, order details, account information, and password hashes may have been accessed, but credit card data was not stored in the system. The company took the online shop offline for containment, patched the vulnerability, reviewed security controls, notified authorities, and retained external forensic experts; the specific threat actor was not identified.

Trellix May 5, 2026 • [ source code leakage, unauthorized access, cyberattack ] Trellix disclosed unauthorized access to a portion of its source code repository in May 2026. RansomHouse later claimed responsibility and published screenshots as proof of access. Trellix said it had found no evidence that its source-code release or distribution process was affected or that its source code had been exploited. Public reporting did not confirm encryption, data destruction, operational disruption, or customer data exposure.

Braintrust May 4, 2026 • [ unauthorized access, API keys, cloud security ] Braintrust confirmed unauthorized access to an internal AWS account on May 4, 2026 that likely exposed customer org-level AI-provider API keys used to access cloud-based AI models. Braintrust locked down the compromised account, audited and restricted related systems, rotated internal secrets, and instructed customers to rotate affected keys.

webhostingnz.com May 1, 2026 • [ API token compromise, authentication bypass, unauthorized access ] A fullaccess API token was added to a cPanel account for webhostingnz.com server rosie.whsl206.com, giving an attacker control of the account for several hours. The client area and server login were unavailable for ~6hours, and the provider did not shut down the server. The incident is linked to the cPanel authentication bypass vulnerability (CVE202641940).

Instructure April 29, 2026 • [ unauthorized access, data leak, PII ] Instructure detected unauthorized access to part of its Canvas environment on April 29, 2026. The incident exposed user identifying information and messages from affected institutions; Instructure stated that core learning data, course content, submissions, credentials, passwords, dates of birth, government identifiers, and financial information were not compromised.

Marutake Co., Ltd. April 28, 2026 • [ ransomware, unauthorized access, system outage ] Marutake Co., Ltd., a Japanese pharmaceutical and medical-supplies wholesaler, confirmed that a system outage was caused by ransomware resulting from unauthorized external access. As of its May 8, 2026 third notice, some servers remained impaired, some normal operations were difficult, and full restoration was expected to take considerable time, though the company was using alternative measures to maintain stable supply. Public Japanese security reporting linked the confirmed incident to a The Gentlemen leak-site claim, but Marutake stated that external leakage of personal information had not been confirmed.

Vimeo April 28, 2026 • [ unauthorized access, data leak, stolen data ] Vimeo confirmed that an unauthorized actor accessed certain user and customer data through the Anodot breach; ShinyHunters later leaked 106GB of stolen data affecting 119,200 email addresses.

Generation Life Limited April 27, 2026 • [ cyber incident, unauthorized access, third-party service provider ] Generation Life disclosed a contained cyber incident on April 27, 2026 involving an unauthorized party gaining access to part of its system through a third-party service provider. The company said the incident was quickly contained, core investment systems remained secure, services continued operating normally, and there was no evidence of unauthorized transactions. Qilin later claimed responsibility and alleged access to some Generation Life data, but public reporting did not confirm the scope, data types, encryption, or operational disruption.

East Inc. April 24, 2026 • [ unauthorized access, internal network, leak-site ] East Inc. confirmed that it detected unauthorized third-party access to its internal network on April 24, 2026. The company reported the incident to police and relevant authorities and engaged outside security specialists, while stating that external information leakage had not been confirmed. Public Japanese security reporting later linked the confirmed incident to a The Gentlemen leak-site claim, but did not confirm data publication or operational disruption.

Anthropic April 21, 2026 • [ unauthorized access, third-party vendor breach, data leak ] A private online group reportedly gained unauthorized access to Anthropics limited-release Claude Mythos Preview model through a third-party vendor environment.

Banco Rendimento April 21, 2026 • [ security incident, unauthorized access, banking ] Banco Rendimento identified and contained a security incident on April 21, 2026 affecting some client-access channels and accounts; the bank isolated the threat, restored operations the following day, and reported the incident to Brazilian authorities.

BePrime April 20, 2026 • [ unauthorized access, missing MFA, credential leak ] BePrime, a managed cybersecurity services provider in Mexico, was breached in April 2026 after attackers accessed administrator accounts lacking MFA, exfiltrating 12.6 GB of data that included plaintext credentials, client penetration testing reports, Cisco Meraki API keys controlling 1,858 network devices, and live surveillance camera feeds from client offices.

SailPoint, Inc. April 20, 2026 • [ unauthorized access, source code leak, third-party vulnerability ] SailPoint disclosed unauthorized access to a subset of its GitHub repositories on April 20, 2026. The company said the unauthorized activity was quickly terminated, a vulnerability in a third-party application was remediated, and there was no evidence that customer data in production or staging environments was accessed or that services were interrupted. SailPoint did not publicly name the threat actor or disclose the type or volume of repository data that may have been compromised.

Vercel April 19, 2026 • [ unauthorized access, OAuth compromise, third-party risk ] Vercel confirmed unauthorized access to internal systems after a compromised third-party AI OAuth app was used to access a Vercel employee Google Workspace account.

Search Results (unauthorized access)