Search & browse the archive

DataBreaches.net · Jun 26, 2026 · International

Russian Hackers Behind the $2.5 Billion Jaguar Land Rover Cyberattack, Investigators Say

Rex Edison reports A single cyberattack dented an entire country’s GDP. The Cyber Monitoring Centre estimates that the ransomware assault on Jaguar Land Rover cost the UK economy £1.9 billion — roughly $2.5 billion — rippling through more than 5,000 businesses and dragging car production to levels not seen since 1952. The Bank of England flagged the damage in its economic outlook. Now, after months... Source

Who should care: Cybersecurity · Privacy officers · Administrators

DataBreaches.net · Jun 26, 2026 · International

First Circuit Affirms Dismissal of Data Breach Class Action for Lack of Traceable Injury

Melanie Conroy of Pierce Atwood LLP writes: The First Circuit recently affirmed dismissal of a putative data breach class action against Bayamón Medical Center (BMC), holding that the plaintiff failed to plausibly allege that her injuries were traceable to the healthcare provider’s 2019 ransomware attack. In Santos-Pagán v. Bayamón Medical Center, the court concluded that allegations... Source

Who should care: Cybersecurity · Privacy officers · Administrators

BleepingComputer · Jun 26, 2026 · International

Polymarket customers lose $3 million in supply-chain attack

Polymarket says it will fully reimburse customers who lost an estimated $3 million after hackers injected a malicious script into the platform's frontend following a breach at a third-party vendor. [...]

Who should care: Cybersecurity · Privacy officers · Administrators

Politico — Tech · Jun 26, 2026 · International

Online safety coalition urges House to reject KIDS Act compromise

Children’s online safety groups are pressing House lawmakers to oppose the bipartisan measure, arguing that it weakens safeguards.

Who should care: Cybersecurity · Privacy officers · Administrators

The Record · Jun 26, 2026 · International

Russia used social engineering to breach prominent messaging accounts, Ukraine says

Ukraine's SBU described a long-running Russian operation that used fake tech-support workers to persuade people to hand over credentials to their messaging apps.

Who should care: Cybersecurity · Privacy officers · Administrators

HIPAA Journal · Jun 26, 2026 · US Federal

Okanogan Behavioral Healthcare Settles Class Action Data Breach Lawsuit

Okanogan Behavioral Healthcare, a Washington-based mental and behavioral health provider, has reached a class action settlement following a data breach that exposed patient information. The settlement resolves claims brought by affected individuals whose personal and health data was compromised.

Why this matters: Breaches at behavioral health providers are particularly sensitive, as exposed data can include mental health diagnoses, treatment histories, and substance use records — information that carries stigma and potential consequences for employment, custody, or insurance if disclosed.

Who should care: Cybersecurity · Privacy officers · Administrators · Lawyers · Compliance · Healthcare professionals

Schneier on Security · Jun 26, 2026 · International

One Million Passports Leaked Online

A database of almost a million passports from around the world was leaked online. Note what happened. A high-value credential—a passport—was used in an ancillary low-value authentication system: ID verification for cannabis dispensaries. And it’s the low-value system that got hacked, putting the high-value credential at risk.

Who should care: Cybersecurity · Privacy officers · Administrators

Phone Scam Exposed MSG’s Internal Dossiers on Facial Recognition Critics

A phone scam inadvertently revealed that Madison Square Garden Entertainment had compiled detailed internal dossiers on individuals who publicly criticized its facial recognition program, exposing the scope of the company's tracking of its opponents.

Why this matters: Private venues quietly building profiles on critics of their surveillance practices raises serious civil liberties concerns — chilling free speech and suggesting facial recognition programs may be paired with broader retaliatory monitoring of dissenting individuals.

Who should care: Cybersecurity · Privacy officers · Administrators · General readers · Policy

BBC — Tech · Jun 25, 2026 · International

Teens who hacked TfL were known to police years before cyber-attack

Owen Flowers and Thalha Jubair were convicted for their roles in the attack, which led to large costs for Transport for London.

Who should care: Cybersecurity · Privacy officers · Administrators

WIRED — AI · Jun 25, 2026 · International

Why Amazon Dropped Its OpenAI Movie, Data Center Workers Fight Back, and Meta Leaks Employee Data

The decision by Amazon-owned MGM Studios to drop the OpenAI movie is just part of AI and film industries becoming increasingly intertwined. On Uncanny Valley, we look at where this is all headed.

Who should care: Cybersecurity · Privacy officers · Administrators · General readers · AI governance · Policy

DataBreaches.net · Jun 25, 2026 · International

Colorado Health Network Notifies Patients of Last Year’s Breach—But Key Details Remain Undisclosed

In August 2025, DataBreaches added the Colorado Health Network (CHN) to our non-public worksheets after threat actors called Cephalus added the provider to its’ dark web leak site with a claim that they had acquired 900 GB of data. Cephalus disappeared from public view days later, and never leaked the data on any server that... Source

Who should care: Cybersecurity · Privacy officers · Administrators

IAPP · Jun 25, 2026 · International

Notes from the Asia-Pacific region: Breach could spark shift in New Zealand privacy law

Notes from the Asia-Pacific region: Breach could spark shift in New Zealand privacy law  IAPP

Who should care: Cybersecurity · Privacy officers · Administrators · General readers · Policy

DataBreaches.net · Jun 25, 2026 · International

No need to hack when it’s leaking: Dialog edition

Yes, another entry in our “no need to hack when it’s leaking” archives, and another example of entities trying to excuse their security failures by claiming they were “hacked.” Danny Bradbury cuts to the chase: Some organizations exist to be exclusive. They’re invite-only, and discreet, the kind of place where the membership directory is the... Source

Who should care: Cybersecurity · Privacy officers · Administrators

DataBreaches.net · Jun 25, 2026 · International

Ukraine’s National Postal Service Ukrposhta Hacked Overnight

Kyiv Post reports: Ukrposhta, Ukraine’s national postal service, announced system malfunctions following a cyberattack overnight going into Thursday. In a brief update, the state-run postal service said it is working to restore operations and would provide updates as they become available. “Due to a nighttime hostile attack on IT systems, the Ukrposhta application is temporarily malfunctioning,”... Source

Who should care: Cybersecurity · Privacy officers · Administrators

HIPAA Journal · Jun 25, 2026 · US Federal

Bradford Health Services; Bradford Health Partners Settle Data Breach Lawsuit

Bradford Health Services and Bradford Health Partners have reached a settlement in litigation stemming from a December 2023 cybersecurity incident that compromised patient data held by the Alabama-based behavioral health provider network.

Why this matters: Breaches at behavioral health organizations carry heightened sensitivity, as exposed records can include mental health, substance use, and treatment details — information whose disclosure may carry lasting personal, professional, or legal consequences for affected individuals.

Who should care: Cybersecurity · Privacy officers · Administrators · Lawyers · Compliance · Healthcare professionals

TechCrunch — Privacy · Jun 25, 2026 · International

Cellebrite said it cut off Russia, but Russia used its tools anyway

Security researchers found evidence that Russian authorities hacked the iPhone of a political opponent using a phone-unlocking device made by Cellebrite, even after the company said it would stop selling to Putin’s government.

Who should care: Cybersecurity · Privacy officers · Administrators

BleepingComputer · Jun 24, 2026 · International

Malicious Edge extension abuses Native Messaging as bridge to malware

A malicious Microsoft Edge extension dubbed 'Edgecution' has been used in a ransomware attack to escape the browser sandbox and deploy a Python-based backdoor. [...]

Who should care: Cybersecurity · Privacy officers · Administrators

HIPAA Journal · Jun 24, 2026 · US Federal

Hillcrest Convalescent Center Settles Class Action Data Breach Litigation

Hillcrest Convalescent Center, a skilled nursing and rehabilitation facility in Durham, North Carolina, has reached a settlement in a class action lawsuit stemming from a data breach affecting patient information.

Why this matters: Healthcare facilities hold among the most sensitive personal data — medical histories, diagnoses, and financial details — making breaches particularly consequential for vulnerable patients who had little choice but to share that information to receive care.

Who should care: Cybersecurity · Privacy officers · Administrators · Healthcare professionals · Compliance

DataBreaches.net · Jun 24, 2026 · International

Tata Electronics confirms cyberattack as hackers leak data

Bill Toulas reports: Tata Electronics has confirmed in a statement to BleepingComputer that it was the target of a cyberattack that impacted parts of its IT infrastructure. The company emphasizes that its operations continued to run normally and were not affected by the incident. […] While Tata Electronics has not disclosed the threat actor’s identity,... Source

Who should care: Cybersecurity · Privacy officers · Administrators

Hackers leak facial recognition records tied to millions of Madison Square Garden visitors

A hacker group has leaked a trove of facial recognition records linked to millions of people who visited Madison Square Garden, exposing biometric data collected by the venue's controversial surveillance system.

Why this matters: Biometric data is uniquely sensitive — unlike passwords, faces cannot be changed. This breach illustrates the compounding risk when venues mass-collect facial recognition data on the public, turning attendance at a concert or game into a permanent, exploitable identity record.

Who should care: Cybersecurity · Privacy officers · Administrators · General readers · Policy

MSG Data Breach Lawsuit Puts Dolan’s Facial Recognition/Data Fight in Spotlight

A lawsuit targeting Madison Square Garden over a data breach has drawn renewed attention to owner James Dolan's broader use of facial recognition technology and the data practices surrounding it, raising questions about how biometric information collected at venues is stored and secured.

Why this matters: The case highlights the risks individuals face when venues collect biometric data without robust safeguards — a breach doesn't just expose names or emails, but potentially immutable physical identifiers that cannot be changed if compromised.

Who should care: Cybersecurity · Privacy officers · Administrators · Lawyers · Compliance · General readers · Policy

EDPS · Jun 15, 2026 · EU

Managing Shadow AI’s Hidden Data Breach Risk

Managing Shadow AI’s Hidden Data Breach Risk francesco Mon, 06/15/2026 - 09:25 Mon, 06/15/2026 - 12:00 The use of unauthorised AI tools that can expose personal data, create regulatory blind spots, and open security vulnerabilities. 1 Read blogpost by Wojciech Wiewiórowski

Who should care: Cybersecurity · Privacy officers · Administrators · Lawyers · Compliance · General readers · AI governance · Policy

Cybersecurity, data privacy and AI may leave employers legally exposed

Cybersecurity, data privacy and AI may leave employers legally exposed  HR Dive

Who should care: Cybersecurity · Privacy officers · Administrators · General readers · AI governance · Policy

Krebs on Security · Jun 10, 2026 · International

Who Runs the Ransomware Group ‘The Gentlemen?’

A cybercrime group known as The Gentlemen has emerged as the second most active ransomware gang by victim count, rapidly attracting a talented pool of hackers through an aggressive recruitment strategy that promises affiliates 90 percent of any ransom paid by victims. This post examines clues pointing to a real life identity for the administrator of The Gentlemen ransomware group.

Who should care: Cybersecurity · Privacy officers · Administrators