Welcome to DBD. On March 8th 2026, DBD celebrated it's sixth anniversary and 
Dentons Senior Analyst, Washington D.C.
Welcome to this week's Data Breaches Digest, a catalogue of links concerning Data Breaches and Cyber Security that were published on the Internet during the period between 27th April and 3rd May 2026.29th April
Americans lose $2.1 billion to Facebook scams, an eightfold jump since 2020
Barrier to hacking drops as AI and dark web tools let anyone launch cyberattacks, Europol warns
CISA Adds Actively Exploited ConnectWise and Windows Flaws to Known Exploited Vulnerabilities (KEV)
Estée Lauder reaches proposed settlement in Canada data breach class action
Europol's Internet Organised Crime Threat Assessment (IOCTA) 2026 report flags shift to industrialised cybercrime powered by AI, ransomware and data theft
Identity discovery: The overlooked lever in strategic risk reduction
India: CERT-In Warns of AI-Driven Cyber Threat Surge, MSMEs at Highest Risk
Industrial manufacturing tops Digitain cyber risk ranking
LiteLLM CVE-2026-42208 SQL Injection Exploited within 36 Hours of Disclosure
One git push from disaster: this fundamental GitHub flaw could’ve compromised the world’s code
Phishing scam targeting expectant women masquerades as Malaysian government aid scheme
Phoenix Rising: Exposing the PhaaS Kit Behind Global Mass Phishing Campaigns
Protecting U.S. Critical Infrastructure as Global Tensions Rise
Ransomware posts rise 22% as leak sites proliferate
Resilience report finds manufacturing leads global cyberattack targets, with ransomware dominating losses
ShinyHunters Ransomware strikes Vimeo and Carnival Corporation
Stolen patient data from Dutch firm ChipSoft destroyed after cyberattack
UK Biobank data breach exposes half a million records
28th April
$2.4 billion utilities company Itron reports internal network security breach
2025 Saw Fewer Healthcare Breaches Than 2024
150,000+ football passports leaked weeks before FIFA World Cup
ADT Confirms Major Data Breach Exposing Millions of Names, Partial SSNs
ADT data breach affects 5.5 million customers as hackers begin leaking stolen info online
AI, Encryption, and Crypto Power New Wave of Global Cybercrime
Alleged China-Linked Hacker Extradited To U.S. By Italy
Alleged Chinese hacker extradited to US over cyberattacks targeting COVID-19 research
Alleged Chinese State Hacker Extradited to US
Alleged Chinese state-backed hacker extradited from Italy to US over COVID-era cyber espionage case
Alleged 'Hafnium' hacker-for-hire extradited to the United States
Ameriprise data breach hits 48,000 customers
Australia and New Zealand (ANZ) Organizations Are in the Ransomware Crosshairs - What the Dark Web Is Telling Us
Australia scam losses rise as reports fall in 2025
Bank of Scotland customers in new data breach fear as Lloyds pays out £200,000
Brazilian LofyGang Resurfaces After Three Years With Minecraft LofyStealer Campaign
Broken VECT 2.0 ransomware acts as a data wiper for large files
Canada’s first SMS blaster case leads to three arrests
Carnival Corporation Investigating Possible Ransomware Attack
Checkmarx confirms LAPSUS$ hackers leaked its stolen GitHub data
China-linked hackers led phishing campaigns targeting journalists and activists, researchers say
Chinese National Extradited Over Silk Typhoon Cyber Campaign
Chinese National Xu Zewei Extradited for HAFNIUM Cyberattacks, Appears in US Court for 9-Count Indictment
Chinese Silk Typhoon Hacker Extradited to U.S. Over COVID Research Cyberattacks
Chinese spear-phishing campaign targets NASA employees
Chinese-Backed Smishing Rings Scale Credential Theft via SMS and Over-the-Top (OTT) Apps
ClickUp Data Leak Exposes Enterprise Emails for Over a Year
ClickUp Hardcoded API Key Exposes Almost 1,000 Customer Emails, Including Government and Corporate Giants
Credit Technologies Data Breach Potentially Exposes Personal Information of Individuals
Critical Unpatched Flaw Leaves Hugging Face LeRobot Open to Unauthenticated RCE
Cyberattacks in Spain: What small businesses should know
Cybersecurity Incident Strikes Contractor Handling Jurong Region Line (JRL) MRT Stations and NEWater Factory 3 Projects
Even cybersecurity researchers are exposing secrets in their arXiv LaTeX source
Ex-Ransomware Negotiator Pleads Guilty to Extorting U.S. Victims, $10 Million in Assets Seized
Feuding Ransomware Groups Leak Each Other's Data
Fidelity to pay $1.25 million over 2024 data breach affecting 77,000 customers
French police arrest 21-year-old "HexDex" hacker over 100 alleged data breaches
Germany suspects Russia behind signal phishing attack on top Government officials
Germany Suspects Russia Is Behind Signal Phishing That Targeted Top Officials
Gmail Users Warned About Sophisticated AI-Driven Phishing Attacks
Green Imaging Data Breach Exposes Patient Medical and Personal Information
Guardz Warns MSPs of Cloud Ransomware and Business Email Compromise (BEC) Risks
Hackers are exploiting a critical LiteLLM pre-auth SQLi flaw
Hackers exploit Robinhood account creation tool to launch worrying phishing scam
Has your Signal account been hacked in the latest phishing attacks?
Have you asked Ryanair for compensation? Your bank details could now be for sale
How to Recognize and Avoid Phishing Attacks in 2026
Hugging Face LeRobot Vulnerability Enables Unauthenticated Remote Code Execution Attacks
Industrial Control Systems (ICS) intrusion detection has blind spots that complicate plant security
Inside an OPSEC Playbook: How Threat Actors Evade Detection
Iranian APT OilRig Hides Malware Config Inside Google Drive Image
Isle of Man: Manx Telecom notifies customers of data breach
Italy extradites Chinese hacker accused of spying during Covid-19 pandemic to US
Kamasers DDoS Botnet With Loader Capabilities Attacking Organizations to Deploy Ransomware
Lloyds Bank compensates another 1,625 customers after ‘alarming’ data breach
Medical Device Maker Medtronic Announces Data Breach
Medtronic Confirms Breach After Hackers Claim 9 Million Records Theft
Medtronic confirms cyberattack on corporate IT systems amid claims of massive data theft
Medtronic Confirms Data Breach After ShinyHunters Claims
Medtronic Confirms Data Breach, No Impact on Operations or Patient Safety
Microsoft Confirms Active Exploitation of Windows Shell CVE-2026-32202
Microsoft Patches Entra ID Role Flaw That Enabled Service Principal Takeover
Missouri Democrats Call for Investigation Following School Voucher Data Breach
Missouri Lawmakers Clash Over Massive School Voucher Data Breach
Monumental Sports & Entertainment Data Breach Affects 10k
MP David Davis's website hit by suspected cyber attack
MP Sir David Davis's website shut down in suspected cyber attack
Navigator360 has suffered a hacker attack: more than 93 GB have been stolen
New Bank of Scotland data breach fears as 80,000 more customers hit by IT glitch
New DHL Phishing Scam Uses 11-Step Attack Chain to Steal Passwords
New Linux FIRESTARTER Backdoor Targets Cisco Firepower Devices
New phishing scam targets your Fear of Missing Out (FOMO) with fake party invitations
No Metrics Are Better Than Bad Metrics in the Security Operations Center (SOC), Says National Cyber Security Centre (NCSC)
North Korean Hackers Target Crypto Firms with ClickFix and AI-Made Zoom Lures
Notepad++ Releases 8.9.4 Patch to Fix String Injection Vulnerability (CVE-2026-3008) in 8.9.3
Over 500,000 Lloyds customers hit by data breach - yet bank finds zero fraud cases
Pack2TheRoot: 12-Year-Old Linux PackageKit Flaw Enables Full Compromise
Paragon is not collaborating with Italian authorities probing spyware attacks, report says
Phishing Emails That Look Real Target Robinhood Users via Gmail Dot Alias Feature
Phishing scam targeting Robinhood via Gmail: the alias trick deceives users with flawless emails
Police arrest 10 suspected members of Black Axe cybercrime gang
Pro-Iran hacker group claims release of 2,379 US Marines’ data in Persian Gulf
Ransomware accounts for 90% of cyber losses in manufacturing
Ransomware Turf War as 0APT and KryBit Groups Trade Blows
Researchers Discover Critical GitHub CVE-2026-3854 RCE Flaw Exploitable via Single Git Push
Robinhood Phishing Emails Target Users via Account Creation Flaw
Robinhood Users Targeted by Gmail Dot Trick Phishing Attack
Robinhood Vulnerability Exploited for Phishing Attacks
Security researcher claims ClickUp vulnerability is leaking customer data
ShinyHunters claims it stole 1.4 million records from Udemy
Signal Phishing Campaign Targets German Officials in Suspected Russian Operation
Signal to roll out anti-phishing safeguards following account takeovers
Signal warns users after Russian hackers compromise accounts
Silk Typhoon: Hacker extradited to the US for “COVID espionage”
Sophisticated Phishing Attack Targets Microsoft Teams Users
Study warns cost-cutting use of generative AI could increase cyber-attack risks
Targeted Covid-19 research: Chinese state-sponsored hacker arrested by FBI after Italy extradition
The intricate balancing act of cyber resilience
The metrics killing your Security Operations Centre (SOC), and what to use instead
Third-party cyber risks emerge as weak link for banks after data breach concerns
Ukrainian police detain hackers suspected of stealing thousands of Roblox accounts for resale
US reportedly charges Scattered Spider hacker arrested in Finland
US state privacy fines reached $3.425 billion in 2025
US Supreme Court appears split over controversial use of ‘geofence’ search warrants
VECT: Ransomware by design, Wiper by accident
VECT 2.0 Ransomware Irreversibly Destroys Files Over 131KB on Windows, Linux, ESXi
VECT Ransomware: When Paying is Not a Recovery Strategy and Won't Get Your Files Back
Vect ransomware actually destructive wiper malware
Video service Vimeo confirms Anodot breach exposed user data
Video site Vimeo blames security incident on Anodot breach
Vimeo Confirms User and Customer Data Breach
Vimeo faces extortion demands from ShinyHunters: “pay or leak”
Weeks After Remita, Sterling Bank Hack, More Nigerian Institutions Succumb to Data Breaches
Why Secure Data Movement Is the Zero Trust Bottleneck Nobody Talks About
Why Unofficial Download Sources Are Still a Security Risk in 2026
27th April
82 Chrome Extensions Found Selling User Data, 6.5 Million Users Affected
500,000 UK volunteers’ medical data listed for sale on Alibaba
Abu Dhabi Department of Finance Super Admin Access Sale
ADT Breach Confirmed: Names, Phone Numbers, and Addresses Exposed
ADT Breach Exposes Data of 5.5 Million Customers, ShinyHunters Likely Behind Attack
ADT Confirms Data Breach After Extortion Attempt by ShinyHunters
ADT confirms data breach after ShinyHunters threatens data leak
ADT confirms new data breach after hacking group threatens record leak
ADT Data Breach Exposes Sensitive Personal Information for 5.5 Million Accounts
AI startup Mercor faces mass litigation following data breach
Alleged Silk Typhoon hacker extradited to US for cyberespionage
Americans lost over $2.1 billion to social media scams in 2025
Amtrak data breach exposes millions of customer records
Attackers Chain Flaws to Backdoor CODESYS Applications and Deploy Malicious Code
Attackers use Microsoft Teams, fake mailbox repair utility to breach organizations
BlackFile Group Targets Retail and Hospitality with Vishing Attacks
BlackFile hackers target retail, hospitality with vishing and data extortion
Canada arrests three for operating “SMS blaster” device in Toronto
CARE Clinic Data Breach Potentially Exposed PHI
Carnival Corp. probes alleged data breach
Carnival Corporation Targeted in Ransomware Attack
Carnival Cruise Line Faces Ransom Demand From Hacker: Warns Online Claims May Be Inaccurate
Carnival Investigates Potential Data Breach Affecting Millions Of Cruisers
Checkmarx Confirms GitHub Repository Data Posted on Dark Web After March 23rd Attack
China-Backed Groups are Using Massive Botnets in Espionage, Intrusion Campaigns
Chinese spy posed as researcher in spear-phishing campaign targeting NASA to steal defense software
Client information data breach costs Fidelity $1.25 million in Massachusetts fine
Consumers lost $2.1 Billion to social media scams in 2025, Federal Trade Commission (FTC) reports
Critical Gemini CLI Vulnerability Enables Remote Code Execution Attacks
Critical infrastructure giant Itron says it was hacked
Crypto thieves ramping up attacks on Apple users
CTM360 Exposes Global GovTrap Campaign With 11,000+ Fake Government Portals Targeting Citizens Worldwide
Cyber crooks got Robinhood to send phishing emails to its own users
Device codes are the new frontier for phishing as Barracuda detects 7 million attacks in four weeks
Ellipal Cryptocurrency Wallet Suffers Alleged Data Breach
Extradition Drama: Italian Government Approves Chinese Hacker's Transfer to U.S.
Fake Android Apps Distributing Spyware, Linked to Italian Surveillance Vendor IPS
Fake CAPTCHA International Revenue Share Fraud (IRSF) Scam and 120 Keitaro Campaigns Drive Global SMS, Crypto Fraud
Family Federation for World Peace and Unification (FFWPU) and Tongil Group Face Extensive Data Breach
FBI, Indonesian Authorities Team to Take Down Site Ripping Off Users for Millions
Fidelity Fined $1.25 Million Over Client Data Breach
Fidelity to Pay $1.25 Million Over 2024 Data Breach
Fidelity to Pay $1.25 Million to Settle Massachusetts Claims From 2024 Data Breach
Former FBI Deputy Cyber Chief Calls for Terrorism Classification for Healthcare Ransomware Actors
Former Ransomware Negotiator Pleads Guilty to Aiding Attackers
French passport-and-ID portal taken offline after cyber-attack, causing application backlog
French police arrest hacker ‘HexDex’ for alleged widespread data theft
Garmin cyberattack disrupts online services, no evidence of customer data breach
Germany accuses Russia of targeting top politicians in Signal phishing attack
Germany blames Russia for Signal phishing attacks on MPs
Germany suspects Russia is behind Signal phishing that targeted top officials
GlassWorm malware attacks return via 73 OpenVSX "sleeper" extensions
Google users receive $30 bills after fake CAPTCHA scammed them into sending premium text messages
Hacker who allegedly carried out cyberattacks for China is extradited to U.S.
Hackers claim millions of records stolen in ADT breach
Hackers got data on 5.5 million ADT customers by phishing, report says
Hackers impersonate Microsoft Teams help desk to breach corporate networks
Home security giant ADT data breach affects 5.5 million people
How account takeover is reshaping higher-education cyber risk
How to Prepare for GenAI-Driven Threats and Ransomware Attacks
India: CERT-In warns of AI-driven cyber attack risks
International Tensions: Extradition of Chinese Hacker Xu to U.S. Sparks Controversy
Italy: Extradition decree signed for Chinese hacker arrested at Malpensa Airport
Italy extradites alleged Chinese hacker to US accused of spying for Beijing during COVID-19 pandemic
Italy extradites alleged Chinese state hacker to US
Italy extradites Chinese hacker to US
Italy extradites Chinese national wanted by US for alleged hacking
Italy extradites ‘dangerous foreign hacker’ from China wanted by US authorities
Italy plans to send ‘wanted’ Chinese hacker to US authorities
Itron discloses cyberattack after unauthorized access to internal systems
Itron, Inc. Discloses Data Breach After Hackers Accessed Internal Systems
Itron IT Breach: Unauthorized Access Detected on Internal Network
Jeff Honeycutt Insurance Agency Data Breach Exposes Client Info
Kent District Library blames ‘ransomware’ for closures
Korea's Fair Trade Commission (FTC) Orders Coupang, Naver to Revise Unfair Data Breach Clauses
LAPSUS$ Claims Vodafone UK Breach in New Alleged Cyberattack
Lee & Lee Country Club Personal Data Breach...Possible Involvement of North Korean Hackers
Linux ELF Malware Generator Evades Machine Learning (ML) Detection Using Semantic-Preserving Changes
Litecoin Hit by Zero-Day Vulnerability, Triggers 13-Block Reorganization
Maryland property search tool is back online, nearly two weeks after cyber attack
Medical device giant Medtronic confirms data breach incident
Medtronic confirms breach after hackers claim 9 million records theft
Medtronic Data Breach Exposes Millions of Records
Medtronic reports data breach on corporate IT systems
Microsoft Store App Vibing.exe Accused of Harvesting Screens, Audio, and Clipboard Data
Money launderer for crypto thieves given 5-year sentence
Money launderer linked to $230 Million crypto heist gets 70 months in prison
Morocco’s road safety agency warns of fake website used for phishing scam
Most Cybersecurity Professionals Feel Undervalued and Underpaid
Multiple OpenClaw Vulnerabilities Enable Policy Bypass and Host Override Attacks
Narteks Tekstil A.S. Suffers Krybit Ransomware Attack
Nessus Agent Vulnerability on Windows Allows Arbitrary Code Execution as SYSTEM
Netflix Phishing Scams: They’re More Dangerous Than You Think
Now a ransomware turns quantum computing safe in encryption
One ransomware crew now drives half of all cyber claims
Operation TrustTrap Reveals 16,800 Fake Domains Exploiting User Trust
PhantomCore Exploits TrueConf Vulnerabilities to Breach Russian Networks
Proof-of-Concept (PoC) Exploit Released for Critical Metabase Enterprise RCE Vulnerability
PyPI package with 1.1 Million monthly downloads hacked to push infostealer
Qilin Ransomware claims to have breached Inspira, Muller, A&A, Longwood, Exclusive, Istarpal
Ransomware attacks affect 2 senior care providers
Ransomware hackers are now targeting victims with an Infrastructure driven Approach
Researchers Identify Fast16 Sabotage Malware That Pre-Dates Stuxnet
Researchers Uncover 73 Fake VS Code Extensions Delivering GlassWorm v2 Malware
Robinhood account creation flaw abused to send phishing emails
Robinhood suffers phishing attempt ahead of quarterly earnings
Russia suspected of targeting senior officials in major cyberattacks
ShinyHunters group claims massive data theft from home security provider ADT
ShinyHunters Leaks Data of Udemy, Zara, 7-Eleven in Salesforce Linked Breach
South Texas Oncology and Hematology Pays $1.1 Million to Settle Data Breach Lawsuit
Sri Lanka: Banks alert customers to phishing attacks
Supreme Court signals location data searches should require a warrant
Synmosa Biopharma Hit by Dragonforce Ransomware Attack
Tennessee becomes second state to ban cryptocurrency ATMs over scam concerns
Texas Tech University Health Sciences Center says 2024 breach impacted 813,892 patients
The $700 million question: How cyber risk became a market cap problem
The AI criminal mastermind is already hiring on gig platforms
‘This was not an isolated incident’: Chinese national exposed by NASA investigation in serial defense software theft phishing campaign that lasted years
Toronto Police Bust Mobile Smishing Network Targeting Thousands
Two researchers stumble on pre-Stuxnet malware that may have targeted Iran's nuclear program
U.S. utility giant Itron discloses a security breach
Udemy Data Breach Results in 1.4 Million Accounts Leaked by ShinyHunters
Uganda Ministry of Agriculture (MAAIF) Suffers Data Breach
UK Biobank data breach exposes medical records of 500,000 people
UNC6692 Hackers Exploit Microsoft Teams to Deploy SNOW Malware
US Sanctions Target Cambodian Scam Network Leaders
Utilities Tech Supplier Itron Discloses Cyber-Attack, Operations Unaffected
Vidar Infostealer Spreads via Fake CAPTCHAs, Hides in JPEG and TXT Files
What the Medtronic Breach Means for Security Experts
Why Energy Infrastructure Is Cybersecurity’s Next Frontier
Widely Used Browser Extensions Selling User Data
Your adblocker might be tracking you: researchers flag dozens of browser extensions openly selling data
Your Identity and Access Management (IAM) was built for humans, AI agents don’t care
Welcome to last week's ROC Report, an exclusive summary of Ransomware Operator's global victims that were claimed during the period between 13th April and 19th April 2026, kindly assisted by our partners.
