Breach disclosures, data exposure incidents
A recent Qualys report indicates that a significant percentage of businesses experienced cloud-related breaches in the past year, with misconfigured services being a primary concern. The study also found that a large proportion of virtual machines across AWS, GCP, and Azure exhibit misconfigured resources.
Automotive data provider Autovista has confirmed a ransomware attack is disrupting its services across Europe and Australia. The company has engaged external help to recover from the incident, and some of its customer organizations are advising their staff to block inbound emails from Autovista.
The healthcare industry is experiencing a significant surge in cyberattacks, including phishing, ransomware, and web application attacks, exacerbated by the increased reliance on remote service delivery. Cybercriminals are targeting healthcare organizations for their sensitive patient and corporate data, with many providers struggling to cope due to under-resourcing and vulnerable systems.
Cryptocurrency exchange Kraken has been targeted by hackers who gained access through an insider breach. The attackers are now extorting Kraken by threatening to release videos of internal systems that contain client data.
Education company McGraw-Hill has confirmed a data breach resulting from hackers exploiting a misconfiguration in Salesforce. The attackers gained access to internal data and subsequently issued an extortion threat.
A fake Ledger Live application was discovered on Apple's App Store, which masqueraded as the legitimate cryptocurrency wallet software. This malicious app successfully defrauded 50 victims out of approximately $9.5 million in cryptocurrency within a short period.
Basic-Fit, Europe's largest gym chain, has reported a data breach affecting approximately 1 million members. Hackers gained access to sensitive information including names, dates of birth, and bank account details.
RCI Hospitality, a nightclub operator, has reported a data breach stemming from an Insecure Direct Object Reference (IDOR) vulnerability within its RCI Internet Services. This vulnerability led to the exposure of data belonging to contractors.
European gym chain Basic-Fit has announced a data breach that exposed the personal information of approximately one million members. Hackers gained unauthorized access to the company's systems, compromising customer data. The breach is currently under investigation.
Rockstar Games has experienced a data breach stemming from a security incident at its analytics provider, Anodot. The ShinyHunters extortion gang has subsequently leaked the stolen data on their platform.
Booking.com has confirmed a data breach resulting from unauthorized access to its systems, exposing sensitive reservation and user data. The incident necessitated the reset of reservation PINs for affected users to mitigate potential risks. The company is investigating the full scope of the breach and working to enhance its security measures.
Booking.com has informed customers that their reservation data, including names, contact details, dates, and hotel messages, may have been accessed by unauthorized individuals. This incident highlights ongoing challenges for large travel platforms in securing sensitive user information.
Booking.com has reported that hackers gained access to user information. The company stated that the issue has since been contained, but did not specify the number of customers affected.
An international law enforcement operation involving the US, UK, and Canada has successfully disrupted multimillion-dollar cryptocurrency theft schemes. The operation resulted in the identification of over $45 million in stolen cryptocurrency and the freezing of $12 million.
Basic-Fit, a major European gym chain, has confirmed that a cyberattack resulted in the theft of sensitive data belonging to approximately one million members. The stolen information includes names, addresses, dates of birth, and bank details, although passwords were not compromised.
The threat actor group ShinyHunters claims to have accessed data belonging to Rockstar Games, threatening to leak it unless a ransom is paid. They allege the breach occurred through a third-party tool used by Rockstar, which may have been compromised, potentially impacting Snowflake metrics.
An international law enforcement operation has uncovered over 20,000 victims of cryptocurrency fraud in Canada, the UK, and the US. The crackdown targeted cryptocurrency investment scams, leading to multiple arrests and the seizure of digital assets.
Hungary's government has exposed nearly 800 state login credentials, including those linked to defense and NATO, due to weak password practices. The credentials were found in breach data, raising significant security concerns.
Threat actors have successfully breached the telehealth company Hims, potentially gaining access to highly sensitive Protected Health Information (PHI). This data could include details about users' physical conditions such as baldness, obesity, and impotence. The article explores the potential implications and misuse of this stolen personal health data.
An investigation by Bellingcat revealed that passwords for nearly 800 Hungarian government email accounts, including those in national security roles, have been exposed online. The breaches are attributed to poor email hygiene, with officials using weak and easily guessable passwords.
Microsoft has reported that a financially motivated threat actor known as Storm-2755 is targeting Canadian employees through "payroll pirate" attacks. This group hijacks employee accounts to intercept salary payments by manipulating payroll systems.
Dutch healthcare software vendor ChipSoft has been targeted by a ransomware attack, leading to the shutdown of its website and digital patient services. The attack has disrupted access for healthcare providers and patients relying on ChipSoft's solutions. The extent of the data breach and the specific ransomware group responsible are still under investigation.
Chevin Fleet Solutions has taken parts of its FleetWave software offline due to a cybersecurity incident, affecting UK and US customers. This has resulted in a major outage for the fleet management SaaS platform, leaving customers unable to access their systems.
Zephyr Energy plc has lost approximately £700,000 due to a cyber incident where attackers successfully rerouted a payment intended for a contractor to their own account. The company is now attempting to recover the funds after the breach compromised their payment process.
Eurail B.V., a European travel operator, experienced a data breach in December 2025 where attackers stole personal information belonging to over 300,000 individuals. The stolen data includes names, email addresses, phone numbers, and passport details. Eurail is notifying affected individuals and has launched an investigation.
Hackers stole the names and passport numbers of approximately 300,000 individuals from the European travel company Eurail's network in December 2025. This breach has led to a significant data exposure event affecting a large number of people.
Attackers stole approximately $3.6 million worth of Bitcoin from the crypto wallets of Bitcoin Depot, a major operator of Bitcoin ATMs. The breach occurred last month, and the company is investigating the incident while working to secure its systems. This incident highlights the ongoing security risks within the cryptocurrency and ATM sector.
A hacker exploited stolen credentials to access Bitcoin ATM operator wallets and transfer over 50 bitcoin, amounting to $3.6 million. The incident highlights the risks associated with compromised credentials in financial cryptocurrency operations.
A threat actor known as UNC6783 is targeting business process outsourcing (BPO) providers to steal corporate support tickets from companies using Zendesk. This actor has already successfully compromised several BPO companies, allowing them to access sensitive information from their clients.
Cyber-fraudsters are increasingly targeting mobile-first regions like Latin America, exploiting compromised devices for rapid account takeovers and fund transfers. This trend highlights the agility of cybercriminals and the challenge for financial institutions to keep pace with fraudulent activities.
The FBI received over 1 million cybercrime complaints in 2025, with total reported losses approaching $21 billion. Investment, Business Email Compromise (BEC), and tech support scams were identified as the most financially damaging types of cybercrime.
Signature Healthcare, a Massachusetts hospital, has been hit by a cyberattack that has disrupted its services. The attack has forced the hospital to divert ambulances and has prevented pharmacies from filling prescriptions. The full extent of the disruption and the nature of the attack are still under investigation.
ChipSoft, a Dutch healthcare software vendor, has experienced a ransomware attack that has taken its website offline. While the website is down, the company has confirmed that email services are still functioning.
Cybercrime losses exceeded $20 billion globally last year. In related news, authorities have disrupted an APT28 router botnet used to intercept email logins, Iran has been implicated in hacking US PLCs, and a wave of exploitation has targeted ComfyUI and Flowise AI servers.
Americans lost a record $21 billion to cybercrime in the past year, according to the FBI. This surge was largely fueled by investment scams, business email compromise, tech support fraud, and data breaches.
Over a dozen companies have experienced data theft following a breach at a SaaS integration provider, where attackers stole authentication tokens. These compromised tokens were then used to access Snowflake accounts and exfiltrate data from affected customers. The breach highlights the supply chain risk associated with third-party integrations and compromised credentials.
While organizations focus on preventing major data breaches, the persistent costs associated with recurring credential incidents are often overlooked. These ongoing credential issues can significantly impact an organization's financial health and operational efficiency, even if they don't always make headlines.
Wynn Resorts has disclosed that approximately 21,000 employees were affected by a data breach attributed to the ShinyHunters hacking group. The company believes a ransom was likely paid to prevent further data leaks.
The Drift Protocol has stated that the recent $280 million hack was not a simple exploit but a sophisticated, six-month-long operation. Attackers established a "functioning operational presence" within the Drift ecosystem, suggesting an insider threat or long-term infiltration rather than a remote vulnerability.
A $285 million hack on the decentralized exchange Drift, which occurred on April 1, 2026, has been traced back to a six-month social engineering operation initiated by the Democratic People's Republic of Korea (DPRK) in the fall of 2025. The operation was described as highly targeted and meticulously planned by Drift.
Sensitive gate security codes for U.S. Customs and Border Protection (CBP) facilities were reportedly exposed through publicly accessible flashcards on the Quizlet platform. The leaked information includes facility codes that could potentially aid unauthorized access or provide insights into operational security.
The European Commission has confirmed a significant data breach resulting from a supply chain attack involving the Trivy vulnerability scanner. Hackers exfiltrated over 300GB of data from the Commission's AWS environment, which included personal information.
Hims & Hers Health has announced a data breach resulting from the compromise of support tickets held by its third-party customer service platform, Zendesk. Attackers gained access to customer information through this breach. The company is notifying affected individuals and taking steps to secure their data.
The German political party Die Linke has confirmed a data breach following a ransomware attack attributed to the Qilin ransomware group. The attack has led to an IT systems outage and threats of sensitive data leakage.
CERT-EU has attributed a significant data breach of the Europa.eu platform to a supply chain attack on Aqua Security's Trivy vulnerability scanner. The attackers exploited a misconfiguration in Trivy's GitHub Actions environment to gain access to AWS credentials, which they then used to steal 350 GB of data. This stolen data was subsequently leaked on the dark web.
The cybercriminal group TeamPCP has been involved in supply chain attacks, and the situation has become more complex as other hacking groups like ShinyHunters and Lapsus$ are now taking credit for related breaches. This infighting and claim-staking are creating confusion and potentially increasing the impact for affected organizations.
This article covers several distinct security incidents. These include a data leak affecting ChatGPT, the discovery of an Android rootkit, and a ransomware attack targeting a water facility. Additionally, it briefly mentions a Symantec vulnerability, an anti-ClickFix mechanism in macOS, and the FBI hack being classified as a major incident.
T-Mobile has clarified details regarding a recent data breach, stating it involved an insider and had a limited impact. The telecommunications company provided this information to SecurityWeek.
North Korean hackers successfully drained $285 million from the Drift cryptocurrency protocol in just 10 seconds. The attackers achieved this by preparing specific infrastructure, utilizing nonce-based transactions, and gaining control of an administrator key, which allowed them to access five vaults.
Solana-based decentralized exchange Drift reported a loss of approximately $285 million due to a security incident on April 1, 2026. Attackers exploited a novel method involving durable nonces to gain unauthorized access and seize administrative control of Drift's Security Council. The attack is reportedly linked to North Korea (DPRK).
