Threat Intelligence
A Stalker's Own Database Exposed 86,859 Surveillance Images
The operator who installed the spyware was the one who left the cloud bucket open.
Policy & Government
Sham NPI Numbers Pulled 300,000 Records From Epic, Lawsuit Alleges
The breach didn't need a hack. It needed an interoperability framework that took fake clinics at their word.
Trending
France Arrests 15-Year-Old "breach3d" for Hacking ANTS National ID Agency — 11.7 Million Accounts Exposed
A 15-year-old operating as "breach3d" breached France's ANTS national ID agency exposing 11.7 million accounts with passport and driver's license data — and listed 12–19 million records for sale on criminal forums.
Trending
Massachusetts Fines Fidelity $1.25M for IDOR Breach That Exposed 77,000 Customers' SSNs and Financial Records
Massachusetts Secretary Galvin fined Fidelity Brokerage Services $1.25M after a three-day IDOR vulnerability allowed any authenticated user to access other customers' SSNs, credit card numbers, and medical records — plus a secondary failure to notify affected individuals.
Ransomware
Inc Ransom Ransomware Breach at Sandhills Medical Exposes 169,017 Patients — Notified 12 Months Later
Sandhills Medical Foundation discloses a ransomware breach by Inc Ransom affecting 169,017 patients — nearly 12 months after the attack was detected and 10 months after stolen data was published publicly.
Data Breaches
Personal Data of Entire Dutch Town Stolen in Municipal Cyberattack
The municipality of Epe confirms a massive exfiltration event impacting nearly all 32,000 residents; authorities offer free identity document replacements as theft concerns mount. EPE, NETHERLANDS — The municipality of Epe has officially confirmed that a cyberattack first detected in March 2026 resulted in the theft of personal data belonging
Data Breaches
Citizens Bank Hit With Two Federal Lawsuits After Everest Ransomware Attack
Following our initial report on the Everest ransomware group's claims, Citizens Financial Group now faces a dual-front battle as federal litigation arrives in Rhode Island. PROVIDENCE, RI — The legal fallout from the Everest ransomware group’s alleged breach of Citizens Bank has accelerated with the filing of two
Data Breaches
South Korea Fines Matchmaking Giant Duo $815K After 427K Users' Weight, Religion, Assets Leaked
PIPC's record penalty cites an employee workstation hack, a 72-hour reporting delay, and nonexistent database security controls. SEOUL, South Korea — South Korea’s Personal Information Protection Commission (PIPC) has levied a record 1.21 billion KRW ($815,000) fine against Duo, the nation’s largest matchmaking service, following
Data Breaches
Fragile Privacy: Rituals Confirms Customer Data Theft in Latest European Retail Attack
International cosmetics giant Rituals has notified members of its "MyRituals" program that their personal information was unlawfully downloaded following a targeted breach of its customer systems. Amsterdam, Netherlands — Rituals Cosmetics, the Amsterdam-founded wellness and beauty brand, has become the latest high-profile victim in a wave of cyberattacks targeting
Data Breaches
The Single Point of Failure: Canada Life Breach Impacts 70,000 Individuals
Canada Life has confirmed a significant data breach after hackers successfully exploited a single employee account to access a high-value Salesforce environment, exposing the sensitive personal information of thousands. Winnipeg, MB — Canada Life, one of the nation's largest insurance and financial services providers, has begun notifying approximately 70,
Data Breaches
Systemic Fragility: Humana Discloses Second Major Data Breach in Two Months
Insurance giant Humana has begun notifying customers across Texas and five other states of a significant data breach, marking the second time in 60 days that the company has confirmed the exposure of sensitive patient information. LOUISVILLE, KY — Humana Inc., one of the largest health insurance providers in the United
Data Breaches
Nightclub Giant RCI Hospitality Reports Data Breach Impacting Corporate and Customer Records
RCI Hospitality Holdings, Inc., the dominant operator of upscale nightclubs and sports bars across the United States, has confirmed a cybersecurity incident that resulted in unauthorized access to sensitive internal and client information. HOUSTON, TX — RCI Hospitality Holdings, Inc. (Nasdaq: RICK) has formally disclosed a data breach following an investigation