1,700 Dutch police officers get reminder not to access files without legitimate purpose
Dutch Police reports: Nearly 1,700 police officers will receive a letter in the coming period because they used police systems when there was likely no need to do so. These colleagues were looking for information about the violent death of 17-year-old Lisa from Abcoude. The letter is primarily intended to remind police officers of the… […]
Israeli spies ‘hacked every traffic camera in Tehran to plot killing of Iran’s Ayatollah Ali Khamenei’
Maira Butt reports: Israeli spies hacked nearly every traffic camera in Tehran for years in order to monitor the movements of Ayatollah Ali Khamenei in an unprecedented intelligence-gathering campaign, according to a report. Officials surveilled highly trained and loyal security guards, bodyguards and drivers of senior Iranian officials to pick up on their “pattern of life”, the Financial Times reported. This real-time data, including from cameras focused… […]
Congress finds data brokers cost consumers tens of billions of dollars
A congressional investigation estimates broker breaches have cost consumers $20 billion in identity theft. Major brokers now promise to make it easier to opt out of their databases. By: Colin Lecher Breaches at data brokers have cost American consumers more than $20 billion, Congress’s Joint Economic Committee revealed Friday as part of an investigation triggered… […]
Evoke Wellness at Hilliard updates its breach notification
On February 27, external counsel for OCAT, LLC dba Evoke Wellness at Hilliard (“Evoke”), submitted a breach notification to the Maine Attorney General’s Office. The sample notification letter submitted with it claims that the Ohio addiction treatment center learned of an incident on August 7, 2025: On August 7, 2025, OCAT became aware of unauthorized… […]
Data from Insight Hospital and Medical Center Leaked on Dark Web
On or about January 26, 2026, Insight Hospital and Medical Center (“Insight”) in Chicago issued a substitute notice. It states that in September 2025, Insight learned of unusual activity within its network. An investigation subsequently determined that an unauthorized individual accessed the network between August 22, 2025 and September 11, 2025. As of the date… […]
Wisconsin k-12 district hit by weeklong outage
Dysruption Hub reports: A reported “cyber incident” left the Denmark School District in the Village of Denmark, Wisconsin, without internet access for five school days, forcing teachers and students to rely on paper-based workarounds, according to a local news report. But that “cyberincident” appears to be a cyberattack by INC Ransom, or so the gang… […]
Project Compass: first operational results against The Com network
Europol reports: In its first year of operation, Project Compass has delivered concrete operational results against “The Com”, a decentralised extremist network targeting minors and vulnerable individuals both online and offline. Since January 2025, Project Compass has contributed to: 4 victims safeguarded 30 perpetrators arrested 62 identified and partially identified victims 179 identified and partially… […]
Hacktivists claim to have hacked Homeland Security to release ICE contract data
Lorenzo Franceschi-Bicchierai reports: A group of hacktivists calling themselves “Department of Peace” claimed to have hacked the Department of Homeland Security (DHS), leaking allegedly stolen documents online. On Sunday, the nonprofit transparency collective DDoSecrets published data relating to contracts between DHS, Immigration and Customs Enforcement (ICE), and more than 6,000 companies, including defense contractors Anduril, L3Harris, Raytheon,… […]
Shutdown Stalls Compliance Plans for Cyber Breach Reporting Rule
Cassandre Coyer reports: A partial government shutdown threatens to further derail a key federal cybersecurity agency’s incident reporting rule—and delay answers that companies need to comply. The Department of Homeland Security shutdown, now entering its third week, may push back the finish line for a Biden-era rule that would create stringent disclosure requirements for critical infrastructure entities after… […]
CISA Releases New Guidance on Assembling Multi-Disciplinary Insider Threat Management Teams
Ashley Nyquist, Ashden Fein, Caleb Skeath, John Webster Leslie, Matthew Harden, Catherine McGrath, and Samar Amidi of Covington and Burling write: On January 28, 2026, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) published a new resource on Assembling a Multi-Disciplinary Insider Threat Management Team.The guidance is intended to assist critical infrastructure stakeholders, which includes private… […]
South Korean Police Lose Seized Crypto By Posting Password Online
Kyle Torpey reports: South Korea’s National Tax Service seized crypto assets during recent enforcement actions against 124 high-value tax evaders, but now, a large chunk of that crypto cash has been lost. The operation originally resulted in the confiscation of crypto holdings worth about 8.1 billion won, or roughly $5.6 million. However, officials later issued… […]
Connecticut Senate Bill Raises the Stakes on Data Breach Response
Hayley Steele and Gregory Szewczyk of Ballard Spahr write: A new bill introduced in Connecticut—Connecticut Senate Bill 117, An Act Concerning Breaches of Security Involving Electronic Personal Information—would create mandatory forensic examination requirements for entities that experience a “massive breach of security,” defined as a data breach affecting at least 100,000 Connecticut residents, and imposes… […]
Court Refuses to Slice Up CiCi’s Cyber Extortion Coverage
Andrea DeField and S. Alice Weeks of Hunton Andrews Kurth write: In the rarely litigated space of cyber insurance, the Northern District of Texas issued a win for cyber policyholders this week, offering a clear reminder to insurers that if they want to restrict coverage, they must draft the policy to clearly do so. In CiCi… […]
Israel plunges Iran into darkness with largest cyberattack in history during attack against Iran
The Jerusalem Post reports: As fighter jets and cruise missiles struck IRGC command centers, a parallel front reportedly paralyzed the Islamic Republic from within. Reports on Saturday, February 28, 2026, indicated that Iran entered an almost complete digital fog, in what appeared to be a large-scale cyberattack accompanying Operation “Roar of the Lion.” Critical infrastructure, official news sites,… […]
Leaked Odido data exposes sensitive information
In contrast to entities and courts that try to chill reporting, look at coverage of the Odido breach, where Dutch news outlets are not censored from informing the public about the scope of the breach. As seen on NL Times: A second batch of stolen customer data from Dutch telecom company Odido has revealed highly sensitive information… […]
KT, LG Uplus face lingering fallout over hacking incidents
Lee Gyu-lee reports: Korea’s two major telecom companies, KT and LG Uplus, continue to grapple with the fallout over hacking incidents and data breaches that triggered customer departures and mounting pressure for tougher sanctions. KT has extended the deadline for customers to apply for early termination fee refunds after complaints that some users were unable… […]
Hackers steal medical details of 15 million in France
Third-party vendors/business associates continue to be responsible for huge breaches involving patient data. Rébecca Frasquet and Chloé Rabs of AFP report: France’s health ministry said Friday that administrative details and medical notes on more than 15 million people had been hacked. The announcement came only days after officials warned that the details of 1.2 million… […]
Former Nuance employee admits breaching more than 1.2M Geisinger patient records
John Beauge reports the latest update in the case of Max Vance, also known as Andre J. Burk. Vance had been employed by Nuance Communications, a business associate of Geisinger Health. After his employment was terminated, he was still able to access Geisinger patient data. Geisinger detected the breach and notified Nuance. Now Beauge reports:… […]
South Korean Authorities Accidentally Hand Hackers $4.8M in Crypto
Kenrodgers Fabian reports: A security blunder hit South Korea as the National Tax Service accidentally exposed a crypto wallet’s recovery key, leading to a $4.8 million theft. The incident happened when the tax authority published a press release photo showing the mnemonic phrase for a seized wallet. This phrase, essentially the master password for virtual… […]
Hacker Used Anthropic’s Claude to Steal Sensitive Mexican Data
Andrew Martin and Caroline Millan report: A hacker exploited Anthropic PBC’s artificial intelligence chatbot to carry out a series of attacks against Mexican government agencies, resulting in the theft of a huge trove of sensitive tax and voter information, according to cybersecurity researchers. The unknown Claude user wrote Spanish-language prompts for the chatbot to act as… […]
UK Court of Appeal Rules on the Concept of Personal Data in the Context of Data Security
Sam Jungyun Choi, Jadzia Pierce, and Paul Maynard of Covington and Burling write: On February 19, 2026, the UK Court of Appeal handed down its decision in DSG Retail Limited v The Information Commissioner [2026] EWCA Civ 140. The Court ruled that a controller’s data security duty applies to all personal data for which it acts as… […]
NL: Hackers had access to prison staff data for five months
Dutch News reports: Hackers had access to data from the Dutch prisons agency DJI for at least five months, according to an investigation by radio programme Argos. Cyber criminals could see e-mail addresses, phone numbers and security certificates of staff at the agency, Argos said, which may increase the risk of extortion or blackmail. The hackers… […]
Cisco says hackers have been exploiting a critical bug to break into big customer networks since 2023
Zack Whittaker reports: Cisco says hackers have been exploiting a bug in one of its popular networking products used by large enterprises for at least three years, prompting the U.S. government and its allies to urge organizations to take action. The bug, which has a maximum-rated vulnerability severity score of 10.0, allows hackers to remotely break… […]
Extorting the Extorters? Moscow man accused of posing as FSB officer to extort Conti ransomware gang
Daryna Antoniuk reports: A Moscow resident has been accused of trying to extort money from the notorious Conti ransomware group by posing as an officer of Russia’s Federal Security Service (FSB), according to local media reports. Russian outlet RBC, citing sources familiar with the investigation, reported on Wednesday that the suspect, Ruslan Satuchin, allegedly presented himself as… […]
Clalit probes suspected cyberattack after Iranian-linked hackers leak patient files
Or Hadar reports: Clalit Health Services, the largest health maintenance organization in Israel, said it is investigating a suspected cyberattack after an Iranian-linked hacking group claimed it breached the insurer’s systems and published thousands of documents containing personal information of patients. The hacking group, calling itself “Handala,” has published thousands of documents online, including medical… […]
South Korea considers updates to data and cyber laws
Charmian Aw, Paul Otto, and Ciara O’Leary of Hogan Lovells write: Recent large‑scale data breaches across major sectors in Korea, including across the telecommunications, retail, and finance sector, have prompted swift and coordinated response from lawmakers and regulators. The National Assembly and relevant government agencies are advancing legislative amendments and updating regulatory measures to strengthen… […]
UAE claims it stopped ‘terrorist’ ransomware attack
Jonathan Greig reports: The United Arab Emirates said it stopped a ransomware attack this weekend that allegedly targeted the country’s digital infrastructure. The country’s Cyber Security Council published a statement on Saturday that said they “successfully thwarted organized cyberattacks of a terrorist nature that targeted the country’s digital infrastructure and vital sectors in an attempt… […]
Wynn Resorts Confirms Data Breach After Hackers Remove It From Leak Site
Eduard Kovacs reports that the Wynn Resorts listing on the ShinyHunters leak site, previously noted on this site, has been removed, suggesting that the resort paid an extortion demand to get data deleted. “The unauthorized third party has stated that the stolen data has been deleted,” the company said in an emailed statement. “We are… […]
Attackers Can Own Your Network in a Matter of Minutes
Jai Vijayan reports: In 2025, cybercriminals needed less time to move from break-in to lateral movement across a network than it takes to watch a typical sitcom. An analysis by CrowdStrike of threat activity last year found attackers took just 29 minutes on average to pivot to other systems after gaining an initial foothold in… […]
Greater Pittsburgh Orthopaedic Associates disclosed a 2025 breach, but was there also one in 2024?
Greater Pittsburgh Orthopaedic Associates (GPOA) recently began notifying patients of a breach that occurred on or about August 10, 2025. Although their notification letter to patients does not indicate that this was an incident involving encryption, on August 20, 2025, Ransomhouse had added GPOA to its dark web leak site. Their listing indicated that GPOA… […]
Lazarus hackers adopt Medusa ransomware for extortion campaigns, targeting healthcare and nonprofits
Anna Ribeiro reports: A joint investigation by the Symantec and Carbon Black Threat Hunter teams details evidence that operators linked to the Lazarus hacker group are deploying Medusa ransomware in ongoing extortion campaigns targeting the U.S. healthcare sector and a Middle East entity, indicating the North Korean threat cluster continues ransomware-driven extortion campaigns despite prior U.S. indictments…. […]
Korean cops charge teens over bike hire breach that exposed data on 4.62M riders
Connor Jones reports: Two South Korean teenagers were this week charged with breaching Seoul’s public bike service, Ttareungyi. Identified only as Persons A and B, the pair, now of high school age, allegedly carried out the attack on Ttareungyi in June 2024 and stole data belonging to most of the service’s registered users. Officials said… […]
Hackers threaten to leak 8 million people’s stolen data if Dutch telecom Odido won’t pay ransom
Daniel Verlaan reports: The cybercriminal group Shinyhunters is responsible for hacking Odido. On the dark web, Odido is being pressured to pay the ransom—over a million euros. “This is your final warning,” the hackers write. “Otherwise, we will leak the data.” Shinyhunters confirmed to RTL Nieuws that it was behind the hack and has shown… […]
Some patients listed as “Charlie Kirk” or dead after major NZ health app MediMap hacked
1News reports: A digital medical records data company has been taken offline after some patient records were modified. Some users’ information had been changed, including to say they were deceased. MediMap is used by some health providers in aged care, disability, hospice and the community to accurately record medication doses. Read more at 1News. MediMap… […]
Top NATO allies believe cyberattacks on hospitals are an act of war. They’re still struggling to fight back.
Maggie Miller, Dana Nickel and Antoaneta Roussi report: NATO countries’ restrained response to hybrid attacks is at odds with public opinion, new polling shows: Broad swaths of the public in key allied countries say actions such as cyberattacks on hospitals should be considered acts of war. The POLITICO Poll, conducted in the United States, Canada,… […]
The hospitality sector continues to be lucrative targets
The hospitality sector has long been a target of hackers, and it’s a global problem. Here are three recent attacks in the news this week: In the U.S.: Choice Hotels International disclosed a breach affecting franchisees and applicants. Its notification letter states that a “skilled person used social engineering” to gain access on January 14,… […]
Ukrainian hackers uncover how Russian drone operators are using Belarus
As seen on InformNapalm: On February 18, 2026, Ukrainian President Volodymyr Zelenskyy imposed sanctions against Belarusian dictator Alyaksandr Lukashenka for his role in escalating and prolonging Russia’s aggressive war against Ukraine. One of the stated reasons is that in the second half of 2025, Russia deployed a system of repeaters for the control of attack… […]
This is how you do it: Dentist speaks out after practice hit by cyber attack
This could be the smallest breach DataBreaches has reported recently, and yet we are covering it instead of other, much bigger breaches that will undoubtedly generate lots of headlines. Why? Because it represents a refreshing example of quick response and transparency. Dr. Joe McEnhill, owner of Grange Dental Care, said the breach occurred on Thursday… […]
Discord’s age verification data has a frontend leak — now what?
Interesting Engineering reports: A newly uncovered flaw in Discord’s age verification rollout has added fresh pressure to the company’s 2026 compliance plans. Security researchers recently found that frontend components tied to identity vendor Persona were accessible on the open web, prompting debate over how securely the platform handles sensitive age checks. The discovery surfaced on… […]
Update Chrome now: Zero-day bug allows code execution via malicious webpages
Pieter Arntz reports: Google has issued a patch for a high‑severity Chrome zero‑day, tracked as CVE‑2026‑2441, a memory bug in how the browser handles certain font features that attackers are already exploiting. CVE-2026-2441 has the questionable honor of being the first Chrome zero-day of 2026. Google considered it serious enough to issue a separate update of the stable… […]
Hospitals at Risk of BeyondTrust Ransomware Hacks
Marianne Kolbasuk McGee reports: U.S. federal authorities and industry officials are urging hospitals and clinics to address a critical flaw in BeyondTrust Remote Support and Privileged Remote Access software, which if exploited, could give an attacker a foothold inside a corporate network. The U.S. Department of Health and Human Services in an alert Thursday warned… […]
Resource: Privacy Law Directory — Codamail
Regular readers of my companion privacy-oriented site, PogoWasRight.org, may recall that the site recently noted The Data Broker Directory: Who has your data, where they got it, and who they sell it to by Codamail’s Stephen K. Gielda of Packetderm. Instead of taking a well-deserved break after all the work he did to compile that… […]
Romanian hacker faces up to 7 years for breaching Oregon emergency management department
Jonathan Greig reports: A 45-year-old Romanian national pleaded guilty this week to hacking into computers at Oregon’s Department of Emergency Management in June 2021 and selling the access he obtained for $3,000 worth of Bitcoin. Catalin Dragomir also hacked into 10 other U.S. companies, causing financial losses of at least $250,000. He was arrested in… […]
A single compromised account gave hackers access to 1.2 million French banking records
Emma Woollacott reports: Credentials stolen from a single government official enabled threat actors to access a French national database containing data on more than 1.2 million bank accounts. The attackers were able to access the Fichier des Comptes Bancaires et Assimilés (FICOBA) database, which contains files on all bank accounts opened in France. Stolen credentials… […]