Data Breaches

Play button connected by dotted line to an analytics chart, which leaks a red line to a stolen envelope icon, representing ShinyHunters exploiting Anodot's API to breach Vimeo user data.

Data Breaches

Vimeo Confirms Data Breach via Third-Party Vendor Anodot — ShinyHunters Attributed

Vimeo has confirmed a data breach affecting portions of its user database following a compromise at Anodot, a third-party analytics vendor. The breach has been attributed to ShinyHunters, which exploited trusted API connections between Anodot and its enterprise clients to access Vimeo's environment without directly targeting Vimeo'

29 Apr 2026

Cracked browser window exposing API key with email icons leaking outward, representing ClickUp hardcoded API key flaw exposing enterprise and government data.

Data Breaches

ClickUp Hardcoded API Key Exposed Enterprise and Government Emails for Over a Year With No Fix

A hardcoded third-party API key embedded in ClickUp's publicly accessible website JavaScript exposed hundreds of corporate and government email addresses — along with thousands of internal product development flags — for more than a year with no authentication required to access the data. ClickUp has not issued a public statement.

29 Apr 2026

Minimalist vector: A cracked white shield with a "muted" or "unmasked" figure behind it, representing the loss of anonymity.

Data Breaches

Senators Seek Answers After Hack Exposes Millions of “Anonymous” Crime and Student Safety Tips

U.S. Senators are demanding transparency from Navigate360 following claims that a hacker exfiltrated over 8 million confidential records from the P3 Global Intel platform, potentially unmasking tipsters and exposing decades of sensitive law enforcement and school safety data. WASHINGTON, D.C. — A massive cybersecurity incident at P3 Global Intel,

28 Apr 2026

Minimalist vector on lime green: A white hard hat icon with a blue "digital lock" symbol, representing construction-sector cybersecurity.

Data Breaches

Cybersecurity Incident at Contractor Building JRL MRT Stations and NEWater Factory 3

A Singapore-linked contractor, Shanghai Tunnel Engineering Co (Singapore), has suffered a cybersecurity incident compromising digital project data for the Jurong Region Line (JRL) and Changi NEWater Factory 3. While operational control systems remain secure, the breach has prompted the Land Transport Authority (LTA) and Public Utilities Board (PUB) to suspend

28 Apr 2026

Minimalist vector on deep purple background: A silhouette of a telephone handset with a digital file folder leaking binary data.

Data Breaches

BlackFile Actively Extorting Data-Theft Victims in Retail and Hospitality

A new extortion gang known as BlackFile, linked to the broader criminal network “The Com,” has been targeting retail and hospitality organizations since February 2026, using vishing-to-fake-SSO-phishing chains to steal credentials, exfiltrate SaaS data, and demand seven-figure ransom payments. ARLINGTON, VIRGINIA — A surge in sophisticated voice-phishing (vishing) attacks has put

27 Apr 2026

White line art on deep teal: a medical stethoscope icon with a digital "broken link" symbol, representing the PII risk of the Medtronic corporate data breach.

Data Breaches

Medtronic Confirms Breach After Hackers Claim 9 Million Records Theft

Medtronic says an unauthorized party accessed data in “certain corporate IT systems,” validating claims by the ShinyHunters extortion group that it stole more than 9 million records of personally identifiable information from the medical-device giant. DUBLIN, IRELAND — Medtronic, the global heavyweight in medical technology, has officially moved from investigation to

27 Apr 2026

Minimalist white line art on a golden yellow background showing an interlocking four-part grid forming a diamond in the center, representing utility infrastructure components.

Data Breaches

American Utility Firm Itron Discloses Breach of Internal IT Network

Itron Inc. (NASDAQ: ITRI), a leading smart-meter and utility-technology provider, has disclosed a limited-scope cyberattack on its internal systems, confirming unauthorized access but saying operations and customer systems show no material disruption. LIBERTY LAKE, WASHINGTON — Itron Inc., a global heavyweight in the smart-metering and grid-management sector, has formally disclosed a

26 Apr 2026

Minimalist white line art of a stylized blade of grass silhouette with a digital fishing hook snagged on it, overlaid on a solid Grass Green background.

Data Breaches

Incransom Targets TruGreen in Major Ransomware Attack

Ransomware group Incransom has targeted TruGreen, a major lawn-care and consumer-services provider, in a double-extortion attack that threatens the leaking of sensitive customer and operational data. MEMPHIS, TN — On April 22, 2026, the ransomware collective known as Incransom publicly claimed responsibility for a compromise of TruGreen Limited Partnership (trugreen.com)

25 Apr 2026

Minimalist white line art of a medical cross silhouette with a digital padlock icon centered inside, overlaid on a solid Deep Navy background.

Data Breaches

Kettering Health Ransomware Attack: 1.7 Million Patients Exposed

The delayed 2026 notification of a massive 1.7-million-record exposure at Kettering Health highlights the "long tail" of healthcare ransomware, where the clinical recovery of a hospital often precedes the true regulatory and legal fallout by nearly a year. DAYTON, OH — A 2025 ransomware attack on Ohio-based Kettering

25 Apr 2026

Minimalist white line art of a graduation cap silhouette with a digital fishing hook snagged on the tassel, overlaid on a solid Dark Green background.

Data Breaches

ShinyHunters Hits Udemy: 1.4M Records After ADT Breach

Same group behind ADT 10M breach claims 1.4M Udemy users via SaaS vishing. Education sector PII and corporate data at risk. April 27 leak deadline looms. SAN FRANCISCO, CA — Less than a week after the ADT data breach exposed 10 million records, the notorious threat collective ShinyHunters has claimed

25 Apr 2026

Data Breaches

ADT Data Breach: ShinyHunters Steals Millions from Security Giant

America's largest home security provider confirms breach after vishing attackers claim 10M customer records. Okta SSO → Salesforce attack chain exposes PII and partial SSNs. BOCA RATON, FL — In a stinging blow to the world’s most recognized name in physical security, ADT Inc. (NASDAQ: ADT) has confirmed a

25 Apr 2026

Minimalist white line art of a medical caduceus inside a digital shield being struck by a lightning bolt, overlaid on a solid Teal background.

Settlements

OCR Fines $1.17M: HIPAA Failures Enabled 427K Patient Ransomware Breaches

HHS cracks down on four healthcare entities after risk analysis failures allowed PYSA and other ransomware to encrypt servers and exfiltrate patient data. WASHINGTON, D.C. — In a decisive move against systemic negligence in the medical sector, the HHS Office for Civil Rights (OCR) has announced a collective $1.165

24 Apr 2026

See all