Search Results for "unauthorized access"

Awa Bank March 25, 2026 • [ unauthorized access, data leak, test environment exposure ] Awa Bank confirmed that unauthorized access to an OA system test environment caused leakage of 27,745 customer, shareholder, and related-party records.

Ajax FC March 25, 2026 • [ data leak, unauthorized access, PII ] Ajax said a hacker unlawfully gained access to parts of its systems and viewed the email addresses of a few hundred people, as well as names, email addresses, and dates of birth for fewer than 20 people with stadium bans.

Hong Kong Correctional Services Department March 24, 2026 • [ unauthorized access, data breach, personal data leak ] Hong Kong's Correctional Services Department said a hacker illegally accessed its internal Knowledge Management System on March 24, 2026 and then accessed another system containing personal data of about 6,800 current and former staff.

Bitcoin Depot March 23, 2026 • [ unauthorized access, credential theft, cryptocurrency theft ] Bitcoin Depot detected unauthorized access to its IT systems on March 23, 2026; attackers obtained credentials for digital asset settlement accounts and transferred 50.903 Bitcoin, worth about $3.665 million, from company wallets, while customer platforms and data were not affected.

Liberty March 23, 2026 • [ unauthorized access, data leak, personal information ] Liberty notified customers that unauthorized access to personal information had occurred and said the exposed data included names, surnames, and identity numbers, while policies, investments, and services remained secure and operational.

GFN.am March 20, 2026 • [ unauthorized access, data leak, PII ] GFN.am, NVIDIA's regional GeForce NOW alliance partner in Armenia, suffered unauthorized access to partner-operated infrastructure between March 20 and March 28, 2026. The breach affected Armenian GeForce NOW users registered before March 9 and exposed personal account information including names, email addresses, phone numbers, dates of birth, usernames, membership status, and two-factor authentication status. NVIDIA said its own infrastructure was not affected. A forum actor using the ShinyHunters name claimed the breach, but reporting indicates the real ShinyHunters group denied involvement, so the specific perpetrator remains unidentified.

IntraCare March 20, 2026 • [ unauthorized access, extortion, data breach investigation ] IntraCare disclosed unauthorized access to its network on March 20, 2026, while outside reporting linked the incident to a The Gentlemen extortion claim; the organization said it was still investigating what information, if any, was impacted.

Los Angeles City Attorney’s Office March 20, 2026 • [ data leak, unauthorized access, third-party breach ] World Leaks posted an archive of approximately 7.7 TB / 337,000 files after unauthorized access to a third-party discovery-transfer tool used by the Los Angeles City Attorneys Office; the data included LAPD civil litigation discovery files, personnel and disciplinary records, witness information, medical information, and investigative materials, while LAPD said its own systems were not breached.

Dutch Ministry of Finance March 19, 2026 • [ cyberattack, unauthorized access, internal system compromise ] The Record reported that the Dutch Ministry of Finance is investigating a cyberattack that compromised some internal systems. Officials said the breach was flagged on March 19, 2026 after a third party alerted the ministry to suspicious activity, and internal security teams found unauthorized access to several systems used by a department. Authorities said the affected systems were part of the ministrys primary infrastructure and were taken offline quickly once detected. The report did not confirm data theft or identify the attacker; the confirmed impact is internal-system compromise and operational disruption from systems being taken offline during response.

At least one individual March 18, 2026 • [ phishing, malware, social engineering ] Cyber fraudsters in Navi Mumbai impersonated Mahanagar Gas Limited officials and sent malicious WhatsApp files or links that compromised victims' phones and enabled unauthorized access to their bank accounts.

Infinite Campus March 18, 2026 • [ unauthorized access, data leak, account compromise ] An unauthorized actor accessed an Infinite Campus employee's Salesforce account, exposing names and contact information for school staff; Infinite Campus said no student databases were accessed.

Nordstrom March 17, 2026 • [ phishing, cryptocurrency scam, SSO compromise ] Cybernews reported Nordstrom customers received fraudulent emails from an official Nordstrom email address promoting a St. Patricks Day double your crypto scam. Reporting cited a source saying the breach occurred via an Okta SSO to Salesforce compromise, and scam emails were sent using Salesforce Marketing Cloud. Analysis of the scam wallet address indicated the attacker received a little over $5,600 in cryptocurrency.

CareCloud March 16, 2026 • [ unauthorized access, service disruption, electronic health record ] An unauthorized third party temporarily accessed part of CareCloud Health and partially disrupted functionality and data access in one electronic health record environment before service was restored the same evening.

Omi Kenshi Co., Ltd March 16, 2026 • [ unauthorized access, system failure, operational disruption ] On March 16, 2026, Omi Kenshi Co., Ltd. experienced unauthorized external access that caused system failure and suspension of core systems, delaying financial closing procedures.

CareCloud, Inc. March 16, 2026 • [ unauthorized access, network disruption, electronic health records ] CareCloud experienced unauthorized access and a temporary network disruption on March 16, 2026 that partially affected functionality and data access to one of its six electronic health record environments for approximately eight hours.

Los Angeles County Metropolitan Transportation Authority March 16, 2026 • [ unauthorized access, infrastructure disruption, state-sponsored ] Los Angeles County Metropolitan Transportation Authority detected unauthorized activity on March 16, 2026 and restricted parts of its internal network while reviewing and restoring systems. Rail and bus service continued, but some customer-facing services, including arrival information displays and TAP card reload functions, were disrupted. Ababil of Minab claimed responsibility, and Gambit Security linked the operation to Iranian state-associated infrastructure.

Companies House March 13, 2026 • [ data leak, PII exposure, broken access control ] Computer Weekly reported Companies House pulled its WebFiling service offline on Friday, March 13, 2026 after a security issue was discovered that exposed certain data to other logged-in users with an authorized code. Companies House said exposed data included dates of birth, residential addresses, and company addresses, and that it may have been possible to perform unauthorized actions such as changing directors or filing accounts. It stressed that credentials and identity verification data (e.g., passport information) were not exposed and that existing filed documents could not be altered. WebFiling was restored by Monday, March 16, and Companies House urged companies to review filings and report anomalies.

Pivot Health March 13, 2026 • [ unauthorized access, cloud security, health insurance information ] Pivot Health became aware of suspicious activity in its Amazon Web Services environment on or around March 13, 2026. Its investigation determined that an unauthorized actor accessed the AWS environment at various times between February 26, 2026 and March 13, 2026, and that certain information stored in AWS was viewed or copied. The affected data included health insurance and coverage information, identifiers, dates of coverage, and in some cases financial account information. Public reporting did not identify a responsible actor, ransomware, or operational disruption.

Hanover County Public Schools March 11, 2026 • [ ransomware, network data access, personally identifiable information ] Hanover County Public Schools experienced a March 2026 data-security incident that disrupted internet service and multiple school systems. The district later said a malicious actor gained access to network data and attempted to deploy ransomware to encrypt portions of the network, but the access was terminated soon after detection and successful encryption was not confirmed. The district warned that personally identifiable information may have been viewed or accessed.

Loblaw March 10, 2026 • [ data breach, unauthorized access, customer information ] Canadian retailer Loblaw disclosed a data breach after a criminal third party accessed basic customer information. The company said the accessed data included names, email addresses and phone numbers. Loblaw stated its investigation indicated passwords, health information, and credit card data were not compromised, and PC Financial was not impacted. The company did not provide the number of affected customers, the intrusion vector or evidence of ransomware. The confirmed primary effect is unauthorized access to limited customer contact information.

Search Results (unauthorized access)