Welcome to DBD. On March 8th 2026, DBD celebrated it's sixth anniversary and 
Dentons Senior Analyst, Washington D.C.
Welcome to this week's Data Breaches Digest, a catalogue of links concerning Data Breaches and Cyber Security that were published on the Internet during the period between 23rd March and 29th March 2026.24th March
3.1 Million Impacted by QualDerm Data Breach
32% of top-exploited vulnerabilities are over a decade old
Alleged Cyberattack on Crunchyroll Exposes Risks in Outsourced Systems
Anime streaming giant Crunchyroll says hacker stole data related to customer service tickets
Armenian ManyChat Database Breach Exposes 352k User Records
Attackers are handing off access in 22 seconds
Citrix Urges Immediate Patching for Critical NetScaler Vulnerabilities
Citrix Urges Patching Critical NetScaler Flaw Allowing Unauthenticated Data Leaks
Columbus nonprofit organization announces data breach of its computer network
Critical NetScaler ADC, Gateway flaw may soon be exploited (CVE-2026-3055)
Crunchyroll confirms data breach after hacker claims unauthorized access
Crunchyroll investigates major data breach after hackers claim to access 6.8 million user records
Crunchyroll reassures users about data breach
Crunchyroll Responds to Claims of Data Breach
Dangerous iPhone hack code now leaked on GitHub - users urged to patch now
DarkSword iPhone Exploit Kit Newer Version Leaks on GitHub, Exposing iOS Users to Spyware
DarkSword iPhone Exploit Leaked Online, Hundreds of Millions at Risk
Data breach in French Education Ministry information system hits 243,000 staff
Defion Security Data Breach: ESXi Hosts Compromised
Down the rabbit hole: Operation Alice dismantles 373,000 dark web sites in global sting
Duffy’s Sports Grill Hit by Ransomware Attack; Customers Left Without Credit Card Processing for Days
Dutch Finance Ministry probing cyber breach affecting internal systems
Dutch Ministry of Finance discloses breach affecting employees
Enterprise Cybersecurity Software Fails 20% of the Time
Extortion Group Claims It Hacked AstraZeneca
FBI Warns of Iran’s Handala Hack Group Using Fake Apps to Spy on Windows Users
Federal Communications Commission (FCC) bans foreign-made routers from US market over ‘unacceptable risk’
Federal Communications Commission (FCC) bans import of new consumer routers made overseas, citing security risks
Federal Communications Commission (FCC) blocks foreign-made routers from US market over national security fears
Foster City declares emergency after cyberattack forces city computer system offline for days
Foster City declares state of emergency following ransomware attack
FriendlyDealer Scam Mimics App Stores to Push Gambling Platforms, Some Impersonate Mr. Beast Affiliations
Gcore Radar report reveals 150% surge in DDoS attacks year-on-year
Ghost Campaign Uses 7 npm Packages to Steal Crypto Wallets and Credentials
GitHub just made it much harder to ship a vulnerable pull request
Gunra Ransomware Attack Breaches BKK Sky and Trio-Tech International
Hacker walks away with $24.5 million after breaching Resolv DeFi platform
HackerOne demands clarity after delayed breach warning from Navia
HackerOne discloses employee data breach after Navia hack
Hackers Use Fake Resumes to Steal Enterprise Credentials and Deploy Crypto Miner
Handala Group Tied to Iranian Hack‑and‑Leak Operations, FBI Reveals
Infinite Campus warns of breach after ShinyHunters claims data theft
Inside Pay2Key: Technical Analysis of a Linux Ransomware Variant
Iran linked hackers using Telegram to steal data, FBI issues alert
Iran-Linked Hackers Use Messaging Platform to Target Dissidents and Journalists
Iran-linked ransomware gang targeted US healthcare organization amid military conflict
Iran tries to portray cyberwar victory against Israel despite physical setbacks
Kaplan data breach exposes personal information of more than 230,000 people
Liberty hit by data breach after unauthorised system access
Liberty Insurance Discloses Data Breach Affecting Customer Info
Marion Military Institute Ransomware Attack by Worldleaks
Marquis Cyber Attack Affected Over 672,000, Akira Ransomware Gang Exonerated
Mazda Confirms Data Breach Impacting Employee Partner Data
Mazda Data Breach Exposing Employee and Partner Records Via System Vulnerability
Mazda investigates data breach following vulnerability in internal IT system
Mazda Says Employee, Partner Information Stolen in Cyberattack
Millions of Anonymous Student and Crime Tips Exposed in Major Data Breach
New ‘DarkSword’ Leak Puts Millions of iPhones at Risk After Initial Attack
New data and US watchdog rank routers as “the most hackable device”
New law enables Hong Kong police to demand passwords
New Npm 'Ghost Campaign' Uses Fake Install Logs to Hide Malware
Oracle Issues Emergency Patch for Critical Flaw Enabling Remote Code Execution
OVHcloud Data Breach: Millions of Customers and Websites Exposed
OVHcloud founder denies hacker claims of massive data breach
Pay2Key Iranian-Linked Ransomware is Back, Back Again
Ransomware Attacks Against the US: 2026 Insights
Ransomware groups surge as July attacks hit Singapore
Ransomware has changed: So should recovery
Ransomware Inc. and the startup approach to cybercrime
Resolv DeFi Breach Results in $24.5 Million Theft and Minting of $80 Million of Uncollateralized USR
Resolv gives hacker 72 hours to return stolen $25 million
Resolv Offers 10% Bounty to Hacker After $25 Million Stablecoin Exploit
Russian Access Broker Gets Nearly 7 Years for Enabling Millions in Ransomware Extortion
Russian Access Broker Jailed for Facilitating Ransomware Attacks Targeting U.S. Companies
Russian access broker sentenced to over 6 years in prison for ransomware schemes
Russian ‘Chubaka.kor’ Hacker Gets 81 Months In Indianapolis Ransomware Case
Russian Citizen Gets Almost 7 Years in Prison for Facilitating Dozens of Ransomware Attacks in U.S.
Russian Hacker Sentenced to 7 Years in Indiana Court
Russian hacker who helped Yanluowang ransomware gang gets nearly 7-year prison sentence
Russian Initial Access Broker Handed 81-Month Sentence
Russian initial access broker helped ransomware gangs extort millions, sentenced to 81 months
Russian initial access broker who fed ransomware crews gets 81 months in US prison
Russian sentenced to jail for his part in ransomware attacks
Scammers run circles around sideloading restrictions with fake app stores
Signal Phishing Attack: Digital Evidence Points to Russia
Silver Fox Cyber Campaigns Show Shift Toward Dual Espionage
Singapore firms face world’s highest ransomware risk
South Africa: Insurer Liberty hit by data breach
South Africa: Liberty hit by data breach
Standard Bank hit with data breach at Liberty
Surviving ransomware: Best practices to safeguard your business
Tax Search Ads Deliver ScreenConnect Malware Using Huawei Driver to Disable EDR
TeamPCP Hacks Checkmarx GitHub Actions Using Stolen CI Credentials
Trio-Tech Subsidiary Hit by Ransomware Attack, Data Leak Raises Concerns
Tycoon2FA Operators Resume Cloud Account Phishing Following Infrastructure
U.S. Sentences Russian Hacker to 6.75 Years for Role in $9 Million Ransomware Damage
U.S. State and Local Government Under Ransomware: 2025–2026 Trend Analysis
UK businesses hit by cyber breaches as phishing rises
Uncle Sam closes the door on all new foreign-made routers
US jails Russian national linked to ransomware crew behind bold breach of Cisco systems
Washington Department of Licensing (DOL) hid License Express data breach for six years, lawsuit claims
Who are ShinyHunters and what is Telus Digital? Crunchyroll data breach explained. Here's how much and what kind of Sony anime streamer user data was stolen and what should users do now
Yanluowang ransomware access broker gets 81 months in prison
23rd March
1 in 2 security leaders say they're not ready for AI attacks - 4 actions to take now
3.7 Million Records Exposed, Many Belonging to Sears Home Services
Akeela Data Breach Settlement Gets First Nod from the Court
An AI-powered phishing campaign has compromised hundreds of organizations
Anime fans' credit cards might be stolen from Sony streamer Crunchyroll
AstraZeneca Alleged Data Breach by LAPSUS$ Group
AstraZeneca Data Breach: What You Need to Know
AstraZeneca Data Breach Allegedly Claimed by LAPSUS$ as Internal Data Access Reported
AstraZeneca Data Breach Claimed by LAPSUS$ Hackers
Balance Autism Settles Class Action Data Breach Lawsuit
California-based semiconductor testing company reports ransomware attack to Securities and Exchange Commission (SEC)
Charlotte-Mecklenburg Students Targeted by Phishing Scam
Chip Services Firm Trio-Tech Says Subsidiary Hit by Ransomware
CISA orders feds to patch DarkSword iOS flaws exploited attacks
CISA Orders US Government to Patch Maximum Severity Cisco Flaw
Criminal prints millions in Resolv stablecoin, crashes its price 70%
Crunchyroll Alleged Data Breach: What Do Users Need to Know?
Crunchyroll Breach: Hackers Claim 100GB of User Data Stolen
Crunchyroll Data Breach: Cybersecurity Sources Report 100GB Leak
Crunchyroll Data Breach? Personal Details Like Emails, Credit Cards, And More Reportedly Leaked Online
Crunchyroll Data Breach - Threat Actor Claims Exfiltration of 100 GB of User Data
Crunchyroll Data Breach Allegedly Exposes 100 GB of User Data
Crunchyroll Data Breach Exposes Customer Information via Telus, Reports Say
Crunchyroll Faces Possible Data Breach
Crunchyroll Officially Responds to Data Breach With New Statement
Crunchyroll probes breach after hacker claims to steal 6.8 Million users' data
Crunchyroll responds to data breach claims and promises to investigate the alleged cyber attack: "We are aware...and working closely with leading cyber security experts"
Crunchyroll Suffers Major Data Breach; 100 GB Of Sensitive User Information Stolen
‘Cyber Attack Uncovered’: Admin Accounts Hijacked via CVE-2025-32975 in Quest KACE SMA
Data breach at large South African insurance and investment company
Department of Justice (DOJ) Disrupts Botnets, But DDoS Threats Remain, Security Pros Warn
Department of Justice (DOJ) takes down hacker group who targeted Stryker Group
Education company Kaplan reports data breach impacting more than 230,000
Energetika Ljubljana Data Breach Exposes Energy Infrastructure Files
Ethical hacker takes responsibility for Malta Gaming Authority data breach
Fairfield Council takes legal action after major data breach, uses Dropbox to contact hackers
Fake “Pudgy World” Site Lures Gamers Into Handing Over Crypto Wallet Passwords
Faster attacks and ‘recovery denial’ ransomware reshape threat landscape
FBI says Iranian hackers are using Telegram to steal data in malware attacks
FBI warns of Handala hackers using Telegram in malware attacks
FBI warns of Russian, Iranian cyber activity involving messaging platforms
Foster City Cyberattack Disrupts Services, Raises Data Breach Fears
France’s National Jobs Agency Hit With $5.4M Fine After Massive Data Breach Exposes 36.8 Million People
German hacker claims responsibility for Malta regulator breach, threatens data leak
German security researcher claims Malta regulator data breach
Global Crackdown Dismantles 4 Botnets Behind Major DDoS Attacks
Google Reinvents Android Sideloading to Thwart Scammers
Government of Chile Ley Lobby Portal Data Breach
Hacker group behind Stryker attack forced to 'reorganise' after key figures killed in military action
Hacker Targets Malta Gaming Authority, Alleges Crime Links
Hackers claim 500GB data theft in cyberattack on Namibia Airports Company
Hackers Claim to Have Breached Streaming Service CrunchyRoll’s Data
Hackers Exploit CVE-2025-32975 (CVSS 10.0) to Hijack Unpatched Quest KACE SMA Systems
Harper Executive Group Data Breach Affects 5,672: PHI and PII Exposed
High-Tech Sector Overtakes Finance as Top Target for Cyber-Attacks, Mandiant Reports
In Ohio County, Phishing Attack May Have Led to a Data Breach
Iran-Linked Hacker Group Targets Middle East Energy Firms Through Supply Chain Attacks
Korea Police Issue Urgent Phishing Alert Over Middle East Crisis Scams
LAPSUS$ claims major data theft from pharma giant AstraZeneca
LAPSUS$ Hackers Claim Breach of AstraZeneca’s Internal Systems
Lapsus$ Hackers disclose more about AstraZeneca Data Breach
Major Cybersecurity Threats to Watch in 2026: Prevent Ransomware Attacks with Expert Strategies
Malta Gaming Authority (MGA) Data Breach Claim Raises Security and Integrity Questions
Mazda discloses security breach exposing employee and partner data
Mazda Suffered a Data Breach Affecting 692 People in Thailand
Microsoft Warns IRS Phishing Hits 29,000 Users, Deploys Remote Monitoring and Management Tool (RMM) Malware
Microsoft Warns of New IRS-Based Phishing Attacks
Million-dollar hacker who targeted US businesses from South Africa jailed in America, faces deportation
Most Cybersecurity Staff Don’t Know How Fast They Could Stop a Cyber-Attack on AI Systems
Mutual of America Data Breach Exposes PII Including SSNs
Navia Benefit Solutions data breach impacted over 2.6 million individuals
Navia Data Breach Hits 2.7 Million People, Exposing Sensitive Personal Data
New CanisterWorm Targets Kubernetes Clusters, Deploys “Kamikaze” Wiper
NIST updates its DNS security guidance for the first time in over a decade
North Korean Hacker Lands Remote IT Job, Caught After VPN Slip
North Korean Hackers Abuse VS Code Auto-Run Tasks to Deploy StoatWaffle Malware
One Operator, 373,000 Dark Web Sites, and a Criminal Business Built on Selling Nothing
Operation Alice Takes Down 370,000+ Dark Web Sites
Oracle issues emergency fix for pre-auth RCE in Identity Manager (CVE-2026-21992)
Over 511,000 End-of-Life Microsoft Internet Information Services (IIS) Servers Exposed Online
Pellenc Ransomware Attack: Alp-001 Group Claims Data Breach
Pharma giant AstraZeneca claimed by hackers, with source code on the table
Police Shut Down 373,000 Dark Web Sites in Single-Operator Cybercrime-as-a-Service (CaaS) and Child Sexual Abuse Material (CSAM) Network
Police warn Korea of phishing exploiting Middle East crisis anxiety
Police Warn Potential Tipsters About Alleged CrimeStoppers Data Breach
Prefeitura Municipal de Caieiras Data Breach Exposes Citizen PII
Ransomware Gangs Broaden EDR Killer Methods Past Driver Exploits
Ransomware's New Era: Moving at AI Speed
Rogers Communications & Fido Data Breach Exposes Records
Russia-linked malware operation collapses after security failures, developer’s arrest
Russian hackers go after high-value targets through Signal
Russian hacker group 'Fancy Bear' found in Serbian military institutions
Russian hackers target Signal users in phishing campaign, FBI and CISA warn
San Felipe-Del Rio Consolidated Independent School District (CISD) Outage: Internal Network Systems Impacted, Including Internet and Phones
Serbian Ministry of Defense targeted by Russian state hackers
ShinyHunters Attack Hits Infinite Campus and Ameriprise
Shubert Organization Data Breach on Telecharge Platform
Signal is being targeted by Russian hackers in a huge new phishing campaign, FBI says
Sitting ducks: over 500K outdated Windows web servers are exposed online
Smooth criminals talking their way into cloud environments, Google says
Someone has publicly leaked an exploit kit that can hack millions of iPhones
TeamPCP deploys Iran-targeted wiper in Kubernetes attacks
The devices winning the race to get hacked in 2026
The Philippines: Alleged Department of Public Works and Highways (DPWH) 50GB data breach under probe
The phone call is the new phishing email
The Race to Build Better Cybersecurity: How Governments and Private Firms Are Responding to Rising Cybercrime
The Weaponization of Ransomware and DDoS: Navigating Geopolitical Risk and Building Corporate Resilience
Trends set to shape Singapore’s cybersecurity landscape
Trio-Tech’s Singapore subsidiary hit by ransomware attack, stolen data published online
Trivy Hack Spreads Infostealer via Docker, Triggers Worm and Kubernetes Wiper
Trivy Supply Chain Attack Expands With New Compromised Docker Images
Trivy supply-chain attack spreads to Docker, GitHub repositories
Tycoon 2FA Fully Operational Despite Law Enforcement Takedown
Tycoon2FA phishing platform returns after recent police disruption
Tycoon2FA Phishing Service Resumes Activity Post-Takedown
UK’s essential services under constant cyberattacks as bosses fear for public data
US chip testing firm shrugged off ransomware hit as minor - then came the data leak
US sentences Nigerian national to 7 years in $6 million email fraud scheme
US soldier sentenced for helping North Korean IT workers
US, Germany, Canada disrupt botnets that infected millions of devices
Was Your Personal Information Sold in Washington Department of Licensing (DOL) Data Breach? Lawsuit Claims It Might Have
Watch out for suspicious Microsoft Azure Monitor alerts - it could be this shifty new callback phishing attack
Who is the German hacker claiming responsibility for the Malta Gaming Authority (MGA) breach?
Why Companies Shouldn’t Pay Ransomware Demands
Your AI agents are moving sensitive data. Do you know where?
Welcome to last week's ROC Report, an exclusive summary of Ransomware Operator's global victims that were claimed during the period between 9th March and 15th March 2026, kindly assisted by our partners.
