#data-breach
40 articles
Over the past month, ZCyberNews has tracked 41 articles tagged data-breach, published between April 12 and May 12, 2026. The coverage spans 34 high-severity and 6 medium-severity incidents. Threat actors ShinyHunters, Cl0p, and LockBit were observed. Affected sectors include government, healthcare, education, retail, and technology, while impacted regions are North America, Europe, the United States, and France, with additional global reports.
HIGHInstructure Pays ShinyHunters to Halt 3.65TB Canvas Data Leak
ShinyHunters agreed to delete 3.65TB of stolen Canvas data after Instructure paid an undisclosed ransom. The breach affects thousands of schools and universities worldwide.
HIGHŠkoda Discloses Customer Data Breach After Online Shop Hack
Škoda Auto disclosed a data breach after attackers exploited a vulnerability in its e-commerce portal, stealing customer names, addresses, and password hashes.
HIGHUK Fines South Staffordshire Water $1.3M for 2022 Breach
ICO fined South Staffordshire Water £963,900 after Cl0p ransomware gang leaked data of 663,887 customers — phishing attack went undetected for 20 months.
HIGHShinyHunters Breaches Vimeo, Leaks 119K User Records
ShinyHunters leaked a 106GB archive of Vimeo data after breaching Anodot, exposing emails and names of 119,200 users. No credentials or payment info compromised.
HIGHInfrastructure Breach: Hackers Steal Student Data from Canvas Platform
Infrastructure confirmed hackers accessed Canvas user data — names, emails, student IDs, messages — from educational institutions.
HIGHInstructure Breach: Student Data Stolen, Services Disrupted
Instructure disclosed a breach where hackers stole names, emails, student IDs, and messages, and disrupted Canvas platform services. Data leak threats follow.
HIGHMedtronic Discloses Cyberattack on Corporate IT Systems
Medtronic reported unauthorized access to its corporate IT systems in a cyberattack, with no impact on medical devices or patient care operations. Data was compromised.
HIGHPro-Orbán Media Firm Mediaworks Breached by Ransomware Group
Ransomware group claims breach of Mediaworks, a pro-Orbán Hungarian media conglomerate. The firm confirmed unauthorized access and potential data exfiltration on Friday.
HIGHInstructure Data Breach: ShinyHunters Claims Theft
ShinyHunters claims to have stolen data from Instructure, the edtech firm behind Canvas LMS. Instructure confirms a breach involving unauthorized access to certain systems and…
HIGHFrench Police Arrest 15-Year-Old in ANTS Data Breach Probe
French authorities detained a 15-year-old on April 25 for allegedly hacking ANTS, the national ID agency handling passports and driver's licenses.
MEDIUMMoldova Health Agency Breach: Possible Data Theft Confirmed
Moldova's National Health Insurance Company reported a cyberattack that may have exposed limited personal data from its systems, weeks after initial compromise.
HIGHShinyHunters Breaches Medtronic, Steals 9M Records
ShinyHunters claims to have stolen 9 million records from medical device maker Medtronic, including personal information. The group threatens to leak the data.
MEDIUMVimeo Breach Tied to Anodot Vendor Hack, No Video Data Exposed
Vimeo attributed a security incident to a breach at analytics vendor Anodot; hackers accessed internal systems but not video content, logins, or payment data.
HIGHADT Breach: ShinyHunters Steals Data of 5.5 Million
ShinyHunters breached ADT, stealing personal data of 5.5 million individuals — names, emails, phone numbers, and addresses — from internal systems. No payment data compromised.
HIGHADT Breach Exposes Customer Data in Cyber Intrusion
ADT confirmed cybercriminals breached its systems on April 20, 2026, stealing a limited set of customer and prospect data. No financial info or credentials compromised.
HIGHADT Confirms Breach as ShinyHunters Leaks Customer Data
ADT confirmed a data breach after ShinyHunters leaked 30,000+ customer records including names, emails, and account details from a compromised Salesforce instance.
MEDIUMCyberattacks on Firms Cascade to Consumers, Malwarebytes Warns
Malwarebytes analysis shows corporate breaches expose customer PII, enable follow-on fraud, and inflate insurance premiums — affecting even unaffected individuals.
HIGHRituals Cosmetics Breach Exposes Customer Membership Data
Attackers stole personal data from Rituals Cosmetics' My Rituals membership database — names, emails, addresses, and loyalty points. Number of affected customers undisclosed.
HIGHFrench Police Arrest Hacker Behind Dozens of Data Breaches
French authorities arrested a 20-year-old suspected of 48 data breaches targeting public institutions, sports federations, and private companies, seizing equipment and…
HIGHFrance Titres Data Breach Exposes Citizen Information for Sale
France Titres, the French government agency for ID documents, confirms a data breach after a threat actor offers to sell stolen citizen information, including names, addresses, and passport numbers.
HIGHHealthcare Data Breaches in Illinois and Texas Expose 600,000 Patients
Southern Illinois Dermatology, Saint Anthony Hospital, and North Texas Behavioral Health Authority disclose breaches affecting over 600,000 patients, exposing names, SSNs, and medical data.
HIGHSeiko USA Website Defaced, Customer Data Stolen in Ransom Attack
Seiko USA's website was defaced by a hacker claiming theft of its Shopify customer database, including names, emails, and order details for 30,000 individuals, with a ransom demand to prevent public leak.
HIGHVercel Breach Exposes Customer Credentials via Compromised AI Tool
Vercel confirms a breach exposing limited customer credentials after attackers compromised an employee's account via a third-party AI tool, Context.ai. The cloud platform is resetting passwords and API tokens for affected users.
HIGHLos Angeles Police Department Reports 7.7 TB Data Breach
The Los Angeles Police Department reports a breach of 7.7 terabytes and 337,000 files from a city attorney's digital storage system, exposing sensitive law enforcement data.
HIGHVercel Confirms Data Breach After Hackers Attempt to Sell Stolen Information
Vercel disclosed a security breach after threat actors attempted to sell stolen data, including customer account information and internal project details, on a hacking forum. The cloud platform is investigating the scope of the incident.
HIGHMcGraw Hill Breach: ShinyHunters Leaks 13.5M User Records
ShinyHunters published data from 13.5 million McGraw Hill accounts — names, emails, institutional affiliations — stolen from a misconfigured Salesforce instance.
HIGHBooking.com Breach Fuels Sophisticated Hotel Impersonation Scams
A data breach at Booking.com is providing threat actors with detailed guest reservation data, enabling highly convincing scams where attackers impersonate hotels to steal payment details and credentials.
HIGHMcGraw-Hill Data Breach Exposes 13.5 Million Users via Salesforce
Education publisher McGraw-Hill confirms a data breach exposing 13.5 million users' personal data, linked to a misconfigured Salesforce environment. Over 100GB of stolen data has been publicly distributed online following an extortion attempt.
HIGHRansomware Attack Disrupts Automotive Data Giant Autovista Group
Autovista Group, a major European automotive data and analytics firm, confirms a ransomware attack disrupting operations. The company is investigating with external experts, but impact on customer data remains unclear.
HIGHRhysida Ransomware Group Breaches Tennessee Hospital, Exposes 337,000
Cookeville Regional Medical Center confirms a 2025 ransomware attack by the Rhysida group compromised the data of 337,000 individuals after the theft of 500GB of files.
MEDIUMMcGraw-Hill Data Breach Linked to Exploited Salesforce Misconfiguration
McGraw-Hill breached via a misconfigured Salesforce instance — ShinyHunters claim 13.5M user records exposed. Root cause, scope of access, and what educators and SaaS admins should check now.
MEDIUMBasic-Fit Data Breach Exposes Member Data Across European Operations
Basic-Fit, Europe's largest budget fitness chain, confirmed a data breach impacting ~1 million members. Unauthorized access to membership systems exposed personal data across multiple countries.
HIGHBasic-Fit Data Breach Exposes 1 Million Member Records
Hackers breached European gym chain Basic-Fit, accessing personal data of approximately one million members, including names, birthdates, and email addresses.
HIGHBooking.com Confirms Data Breach Exposing Reservation and User Data
Booking.com confirms a data breach exposing sensitive reservation and user data, forcing PIN resets for affected customers.
MEDIUMBooking.com Confirms Data Breach via Social Engineering Attack
Booking.com confirms a data breach where attackers used social engineering to compromise employee accounts and access customer travel booking information. The company states the incident has been contained.
HIGHLAPD Data Breach Exposes 7.7 TB of Sensitive Files via Third-Party System
A data breach at a digital storage system used by the L.A. City Attorney's Office exposed 7.7 TB and over 337,000 files, including sensitive LAPD records. The incident stemmed from a third-party vendor's misconfiguration.
HIGHShinyHunters Breaches Rockstar Games via Third-Party SaaS Platform
ShinyHunters breached Rockstar Games by exploiting the Anodot SaaS platform, accessing the company's Snowflake data environment and threatening to leak stolen data unless a ransom is paid.
HIGHAI-Powered Threat Actor Breaches Mexican Government, Exposes Citizen Data
A sophisticated attacker leveraged AI tools like Claude and ChatGPT to breach nine Mexican government agencies, exfiltrating hundreds of millions of citizen records in a multi-month campaign.
HIGHHims Data Breach Exposes Sensitive Medical and Prescription Data
A breach at telehealth provider Hims & Hers exposed highly sensitive patient health information, including details on prescriptions for weight loss, hair loss, and erectile dysfunction.
HIGHStryker Hit by Cyberattack, Windows Zero-Day Exploited, China Supercomputer Hacked
Medical device giant Stryker confirms a cyberattack, while a patched Windows zero-day is actively exploited and a Chinese supercomputer cluster is breached.
Stay Updated
Get the latest cybersecurity news delivered to your inbox.