Breach disclosures, data exposure incidents
Dashlane experienced a brute-force attack where attackers attempted to access user accounts. The company's security systems automatically locked accounts to prevent further unauthorized access and limited the number of encrypted vault downloads that could be initiated.
Password manager Dashlane has reported a brute-force attack that resulted in the encrypted vaults of fewer than 20 personal plan users being downloaded. The attack, which occurred on May 31, 2026, targeted the company's two-factor authentication (2FA) system.
Spanish police have arrested an individual accused of leaking sensitive data belonging to government employees from several important state organizations. Among the affected entities was the National Cybersecurity Institute (INCIBE). The investigation is ongoing to determine the full extent of the data leak and identify any accomplices.
Hackers exploited Meta's AI support bot to gain unauthorized access to Instagram accounts, including those of the Obama White House and the U.S. Space Force Chief Master Sergeant. Instructions circulating on Telegram guided users on how to trick the AI into resetting account passwords, leading to the brief defacement of these accounts with pro-Iranian content.
The GTA cheat service Atlas Menu has been hacked, with the attacker publishing a database of 64,000 user records to GitHub. The attacker alleges that Atlas Menu was spying on users via screenshots.
Password manager Dashlane has suspended customer accounts due to a surge in brute-force attacks. The company's automated security measures triggered the suspensions to protect user data from unauthorized access.
California's Attorney General has filed a lawsuit against 23andMe following a 2023 data breach that exposed customer health and genetic information. The lawsuit alleges that the company failed to implement adequate security measures to protect this sensitive data.
Several cybersecurity incidents have been reported, including a data breach affecting Trump Mobile customers, a phishing campaign targeting the 2026 FIFA World Cup, and CISA's response to recent supply chain attacks.
California's Attorney General has sued 23andMe, alleging the genetics company downplayed a massive data breach that occurred in 2023. The lawsuit claims 23andMe paid a ransom to the attacker after the breach, which exposed sensitive DNA data.
The notorious ShinyHunters extortion group has leaked over 42 million records allegedly stolen from Charter Communications in April. This data breach could potentially impact nearly 5 million individuals.
The California Attorney General has filed a lawsuit against 23andMe, alleging the company failed to adequately protect user data following a significant data breach in 2023. The lawsuit was filed against Chrome Holding Co., the entity 23andMe rebranded under after its bankruptcy filing.
A North Carolina man has been sentenced to over 10 years in prison for selling the personal data of more than 7 million elderly Americans. This data was reportedly used by Jamaican scammers for fraudulent activities.
ShinyHunters has claimed responsibility for a data breach at telecommunications company Charter, resulting in the exposure of 4.9 million customer records. While Charter asserts that no sensitive data was compromised, the leaked information includes customer names, addresses, phone numbers, and email addresses.
The ShinyHunters extortion gang has claimed responsibility for a data breach at Charter Communications, impacting approximately 4.9 million accounts. Personal information was stolen from these accounts during a hack that occurred in early April.
A data breach at Carnival has exposed the personal information of nearly 6 million customers. This incident puts affected individuals at risk of identity theft.
A Romanian national has been sentenced to 56 months in federal prison for hacking into an Oregon state government computer network. The individual was also responsible for cyberattacks against dozens of other U.S. victims.
Carnival Corporation has confirmed that the ShinyHunters group stole 6 million customer records following a data breach in April. This incident is part of a larger crime spree attributed to the group this year.
Carnival Corporation has confirmed a data breach that impacted nearly 6 million individuals. The breach was initially claimed by the ShinyHunters extortion gang in April 2026.
A company CEO admitted to filling a file share with inappropriate content and then calling for help after deleting it. The incident came to light alongside a separate story about a missing school iPad that reappeared after being used to upload a video to YouTube.
Following a cyberattack on Canvas, a learning management system, which led to a significant student data breach, a parent has become a determined advocate for cybersecurity awareness. The incident involved the threat actor group ShinyHunters and the malware GOLD CRYSTAL.
A data leak involving 5.8 million records of Uruguayan citizens has been attributed to cybercriminals targeting government agencies. This incident highlights a trend of Latin American cybercriminals actively pursuing and monetizing sensitive government and citizen data.
Catalin Dragomir, a Romanian national, has been sentenced to prison in the United States for selling access to an Oregon state government network. He previously pleaded guilty to the charges.
Dutch police have arrested a 35-year-old man in connection with the cyberattack on the professional football club Ajax Amsterdam earlier this year. The arrest is part of an ongoing investigation into the incident.
GitHub's internal repositories were compromised through a phishing attack that targeted employees. The attackers gained access to sensitive code, including internal tools, credentials, and some customer data. GitHub is working with law enforcement and is implementing additional security measures.
Charter Communications has confirmed a data breach following a threat from the ShinyHunters extortion group to leak stolen data. The breach reportedly impacts approximately 500,000 customers. Charter has stated they are working with law enforcement and are focused on mitigating the impact on their customers.
MyPillow is facing a ransomware attack and the perpetrators are demanding payment. The company is reportedly considering its options, including whether to pay the ransom or not. This situation draws parallels to the company's previous legal battles regarding election integrity claims.
A data breach affecting 7-Eleven has potentially impacted around 185,000 individuals. The stolen information, leaked by the group ShinyHunters, includes sensitive personal details such as email addresses, names, physical addresses, and dates of birth.
Lithuanian authorities are investigating a significant data leak impacting over 600,000 entries from national data registers. The government suspects foreign actors may be involved in the incident.
The ShinyHunters extortion gang has reportedly stolen personal information belonging to over 183,000 individuals by hacking into 7-Eleven's systems in April. This data breach was disclosed by the data breach notification service Have I Been Pwned, indicating a significant exposure of customer data.
The Oncology Institute has disclosed a data breach that occurred through a third-party vendor. The identity of the specific vendor has not been revealed, though TriZetto has been suggested as a possibility.
A data breach at Radiology Associates of Richmond has impacted approximately 266,000 individuals. Threat actors gained access to systems and stole files containing patient names and protected health information. This incident highlights ongoing cybersecurity risks within the healthcare sector.
DocketWise has experienced a data breach impacting approximately 143,000 individuals. Attackers gained access to sensitive information, including names, addresses, Social Security numbers, financial details, and medical data, by accessing third-party partner repositories.
Members of the U.S. Congress are demanding answers from CISA following a report that a contractor intentionally leaked AWS GovCloud keys and sensitive agency data on GitHub. CISA is reportedly still working to contain the breach and invalidate the compromised credentials.
Two former executives of a call-tracking company have pleaded guilty to aiding a large-scale tech support scam. They admitted to providing services that helped these scammers continue their fraudulent operations, which defrauded individuals globally.
A contractor for the Cybersecurity & Infrastructure Security Agency (CISA) accidentally leaked highly privileged AWS GovCloud account credentials and internal CISA system details to a public GitHub repository. Security experts have described this incident as one of the most significant government data leaks in recent history.
A tech enthusiast claims the Trump Mobile website was leaking sensitive customer data. The vulnerability reportedly allowed anyone to access thousands of people's information by sending a simple HTTP request.
Apple has successfully blocked over $11 billion in fraudulent App Store transactions in the past six years. This figure includes more than $2.2 billion in potentially fraudulent transactions identified in 2025. These efforts highlight a significant ongoing battle against financial fraud within digital marketplaces.
Plaintext passwords of 46,000 Myspace93 users have been leaked following a breach in 2021. The leakage is attributed to compromised or malicious insiders who exposed the unencrypted credentials and email addresses.
A former employee's dormant user account was exploited by hackers to gain control of a city's water systems. This breach highlights the critical importance of promptly disabling accounts for departed employees.
GitHub has confirmed a data breach where an attacker, identified as TeamPCP, stole approximately 4,000 internal repositories. The breach involved the unauthorized access and exfiltration of source code from GitHub's systems.
An analysis of cybersecurity incidents revealed that process and cultural issues, rather than technical vulnerabilities, are the primary drivers of data breaches. Government leaders noted that despite existing state laws aimed at improving cyber hygiene, persistent problems and a lack of visibility continue to hinder effective security.
GitHub has confirmed a significant security breach affecting approximately 3,800 internal repositories. Attackers gained access through a compromised employee device using a "poisoned" VS Code extension, leading to the exfiltration of source code.
A Grafana data breach occurred because a GitHub workflow token was not rotated after a prior attack on TanStack. This oversight allowed unauthorized access, leading to the data exposure.
GitHub has confirmed a security incident where the TeamPCP hacking group gained access to approximately 3,800 internal repositories. The breach occurred after a GitHub employee installed a compromised VS Code extension.
GitHub has confirmed a security incident where approximately 3,800 internal repositories were compromised. The breach occurred after a GitHub employee installed a malicious VS Code extension, which subsequently led to the unauthorized access of these repositories. The investigation is ongoing to understand the full scope and impact of the incident.
Grafana Labs reported a breach of its GitHub environment, exposing public and private source code, as well as internal repositories. The company stated that investigations found no evidence of customer production systems or operations being compromised.
GitHub is investigating a potential breach of its internal repositories after the TeamPCP hacker group claimed to have accessed around 4,000 private code repositories. The attackers stated that they did not exfiltrate sensitive data such as customer data or credentials. GitHub confirmed they are actively investigating the claims.
GitHub is investigating a claim by the threat actor TeamPCP that they breached approximately 4,000 internal repositories. TeamPCP is reportedly selling GitHub's source code and internal organization information on a cybercrime forum. GitHub has stated there is currently no evidence of customer information being compromised.
A malicious VS Code extension has been discovered that allowed attackers to clone private GitHub repositories. The compromised repositories were reportedly offered for sale on a criminal forum, highlighting a significant supply chain security risk.
Verizon's 2026 Data Breach Investigations Report highlights a significant increase in exploits used for initial access in breaches, accounting for 31%. The report indicates that enterprises are struggling to keep pace with the rapid development of vulnerabilities and the speed at which they are exploited.
