At least one government, military, and technology entity in Ukraine
January 30, 2026
•[ APT, vulnerability exploitation, state-sponsored attack ]
Security researchers reported that state-sponsored advanced persistent threat groups exploited a WinRAR vulnerability in real-world attacks that successfully compromised at least one government, military, and technology organization in Ukraine, using malicious archive files to gain unauthorized access to victim systems.
Bumble Inc. (dating app)
January 28, 2026
•[ unauthorized access, internal network, compromised account ]
A contractor account at Bumble was compromised, granting limited unauthorized access to part of the internal network. Bumble stated that no user accounts, profile data, messages, or member databases were accessed.
At least one blockchain developer
January 22, 2026
•[ phishing, blockchain, credential theft ]
IT technicians and blockchain developers were targeted in a phishing campaign attributed to the NGB 3rd Technical Surveillance Bureau (KONNI/APT37), resulting in unauthorized access to end-user systems and the compromise of stored development and infrastructure credentials.
Viafier
January 22, 2026
•[ malware, data leak, unauthorized access ]
The Swiss rail operator Viafier Retica shut down its Vereina car-shuttle online ticket shop after discovering malware on the system. The organization stated that attackers likely accessed the web shop database, which may contain customer and employee contact details and hashed passwords. Users were advised to change passwords used on other services. The incident caused service disruption to online ticket sales while containment and investigation actions were undertaken.
French national bank accounts database (FICOBA) / Ministry of Economy and Finance
January 18, 2026
•[ data leak, stolen credentials, unauthorized access ]
Frances Ministry of Economy and Finance stated that part of the national database listing bank accounts in France was illegally accessed, exposing information linked to about 1.2 million accounts. The ministry said that starting in late January 2026, a malicious actor used stolen credentials belonging to an official to access part of the database. The exposed data includes bank details (RIB/IBAN), identity and address of the account holder, and in some cases a tax identification number. Authorities said they restricted access, stopped the intrusion, and notified banks to warn customers to be vigilant.
Daniel L Kaler DDS PC
January 15, 2026
•[ data leak, unauthorized access, medical information ]
Attackers gained unauthorized access to systems at a Dakota Dunes dental practice and exfiltrated patient records from its databases. The breach exposed personal, medical, and financial information belonging to approximately 27000 individuals.
Victorian Government Schools
January 14, 2026
•[ unauthorized access, data breach, student information ]
The Department of Education in Victoria, Australia notified parents that an unauthorized third party accessed a database holding student account information. According to disclosure reporting, attackers accessed current and former students personal and school-related fields including names, school names, year levels, school-issued email addresses, and encrypted passwords associated with those accounts. The department stated that more sensitive details such as birth dates, home addresses, and phone numbers were not exposed. Authorities and cyber experts were involved, and the department reset student passwords as a precaution, temporarily restricting access until new credentials were issued. At the time of reporting, investigators had not found evidence that the accessed data had been publicly released or shared onward.
Choice Hotels International
January 14, 2026
•[ social engineering, unauthorized access, PII leak ]
An unauthorized person used social engineering to gain access to a Choice Hotels application containing records on franchisees and franchise applicants, exposing names and Social Security numbers.
Town of La Hague
January 13, 2026
•[ intrusion, email compromise, unauthorized access ]
The municipality of La Hague (France) announced it was the victim of an intrusion into its information system that impacted internal email accounts. Upon learning of the incident, the commune reported immediate actions including changing passwords for affected and administrator accounts, temporarily suspending email sending for impacted users, notifying relevant authorities (including ANSSI, CERT-FR, DINUM, CNIL, and local digital authorities), informing partners, and filing a formal complaint with the gendarmerie. Specialized law enforcement units began investigating the incident and its consequences while technical teams and service providers conducted parallel analysis. The announcement emphasized heightened vigilance against suspicious links/attachments and stated the municipality was working to restore system security.
Endesa
January 13, 2026
•[ data breach, unauthorized access, data exfiltration ]
SecurityWeek reported that Spanish energy company Endesa notified customers about a data breach involving unauthorized access to its commercial platform, also impacting customers of its gas distributor Energia XXI. Endesa stated that attackers accessed and likely exfiltrated basic customer identification information, contact details, national identification numbers (DNI), contract information, and payment details including IBANs. The company said passwords were not compromised and that the incident was contained quickly, with additional safeguards implemented and notifications sent to affected customers.
Bruno Fernandes?s X account
January 12, 2026
•[ account takeover, hacking, social media breach ]
Manchester United confirmed that captain Bruno Fernandes X account was hacked after a burst of bizarre posts and messages appeared. The club urged supporters not to engage with any posts or direct messages while access was being restored. Screenshots shared online showed the attacker posting inflammatory jokes and comments, including criticism of INEOS, the company that co-owns the club recently.
American Vanguard
January 10, 2026
•[ data leak, data exfiltration, unauthorized access ]
The Osiris threat group gained unauthorized access to American Vanguard systems in early January 2026 and exfiltrated corporate and financial data. Security reporting and attacker leak listings indicate data theft, though no explicit confirmation of file encryption was reported. Operational impacts appear linked to incident response and remediation activities.
Eurail
January 10, 2026
•[ security breach, data leak, unauthorized access ]
Eurail B.V. (also operating as Interrail) confirmed a security breach that resulted in unauthorized access to customer data. Eurail/Interrail publicly posted notice on January 10, 2026 and began emailing affected customers on January 13, 2026, with the investigation described as ongoing. The companys early review stated that impacted data may include customer order and reservation information along with basic identity and contact details. Where provided, it may also include passport information such as passport number, country of issuance, and expiry date, particularly for customers who received passes through the DiscoverEU program. The report also referenced exposure of bank details and advised customers to remain vigilant for fraud attempts while Eurail monitored for misuse and notified data protection authorities.
Sri Lanka's Public Security Ministry
January 9, 2026
•[ unauthorized access, website compromise, content manipulation ]
Sri Lankas Criminal Investigation Department opened an inquiry after the official website of the Ministry of Public Security showed multiple incidents of abnormal activity consistent with unauthorized access. Police indicated the site may have been compromised and said investigators were working to determine the source and extent of the intrusion. Reporting noted irregularities in how the national emblem was displayed during the affected period, suggesting possible content manipulation. Sri Lanka CERT and the Information and Communication Technology Agency reportedly took steps to restore the website and reinforce security controls while the investigation proceeded.
Apex Legends
January 9, 2026
•[ security incident, account hijacking, gameplay disruption ]
BleepingComputer reported that Apex Legends players experienced a security incident over the weekend beginning at least January 9, 2026, where an external actor hijacked player characters during live matches, attempted to move characters off-map, disconnected players, and altered nicknames. Respawn publicly acknowledged an active security incident and stated that its initial investigation found no evidence that the bad actor could install or execute code (i.e., no RCE/injection) and did not frame the incident as a malware infection. The primary confirmed impact described is disruption of gameplay integrity and player sessions during live matches.
Veenkoloniaal Museum (Veendam)
January 7, 2026
•[ ransomware, unauthorized access, data theft ]
The Veenkoloniaal Museum in Veendam experienced a ransomware incident discovered on January 7, 2026, in which the LockBit group gained unauthorized access to systems. Data was stolen and files were rendered inaccessible, affecting digital records and image archives. Individuals whose personal data was involved were notified. The museum restored systems from backups and declined to negotiate with the attackers.
Global-e
January 7, 2026
•[ data exposure, third-party compromise, unauthorized access ]
Reporting aggregated by DataBreaches.Net indicates Ledger was impacted by a data exposure incident involving its third-party payment processor, Global-e. The report describes an email notification stating that an unauthorized party accessed Global-es cloud system and obtained Ledger customers personal details, including names and contact information associated with orders. The notification did not specify when the access occurred, how many Ledger customers were affected, or whether additional data types (e.g., payment details) were involved. The incident is treated as a third-party compromise affecting Ledger customer data.
At least one hospitality company in Europe
January 5, 2026
•[ phishing, malware, unauthorized access ]
The article reports that Russian-linked threat actors targeted European hospitality companies using phishing emails masquerading as booking inquiries. Victims who opened the attachments triggered malware that displayed a fake blue screen while enabling unauthorized access to internal systems.
Former Minister Ayelet Shaked
January 3, 2026
•[ data leak, unauthorized access, cyber espionage ]
Iran-linked hacking group Handala claimed it breached the mobile phone of former Israeli minister Ayelet Shaked and published roughly 60 photos and videos it said were stolen from her device. The group alleged it held additional messages, documents, and other confidential material and urged followers to expect further releases. The reported effect is limited to alleged unauthorized access and data theft/exposure involving a single political figure, with no operational disruption to organizations reported.
