Welcome to DBD. Cybercrime made global headlines in 2025. Attacks on well-known brands and organisations raised public awareness of the severity, frequency and impact of cyber attacks. Ransomware attacks were the highest ever recorded, and 2026 could be worse, as cyber criminals continue to extort their victims, with little chance of being brought to justice. It's a dangerous world out there, so please be extra vigilant and mindful of the risks and threats. Wishing you all the best for the New Year. Thanks again for all your support. Stay safe. :)
Dentons Senior Analyst, Washington D.C.
Welcome to this week's Data Breaches Digest, a catalogue of links concerning Data Breaches and Cyber Security that were published on the Internet during the period between 2nd February and 8th February 2026.4th February
7 Data Breaches, Exposures to Know About
AI Drives Doubling of Phishing Attacks in a Year
Alpine ENT Discloses 2024 Data Breach Impacting Over 65,000 People
Arbitrum Governance X Account Compromised in Targeted Phishing Campaign
Arsink Android spyware campaign hits 45,000 devices across Asia and the Middle East
Auto finance fraud is costing dealers up to $20,000 per incident
China-Linked Amaranth-Dragon Exploits WinRAR Flaw in Espionage Campaigns
Chinese Mustang Panda Used Fake Diplomatic Briefings to Spy on Officials
Chrome Add-On Caught Stealing Amazon Commissions
CISA Adds Actively Exploited SolarWinds Web Help Desk RCE to Known Exploited Vulnerabilities (KEV) Catalog
CISA warns of five-year-old GitLab flaw exploited in attacks
Coupang CEO questioned by police over alleged data breach cover-up
Data breach compensation offer ‘is major progress’, says Police Federation for Northern Ireland (PFNI)
Did a renowned hacker help Jeffrey Epstein get ‘dirt on other people’?
EDR killer tool uses signed kernel driver from forensic software
Employee responsible for ‘non-malicious’ data breach loses dismissal case
Epstein’s files expose valid passwords, Redditors hacking into accounts
Everest Ransomware breaches Iron Mountain only to exfiltrate data
Exposed AWS Credentials Lead to AI-Assisted Cloud Breach in 8 Minutes
Financial Services Commission (FSC) seeks telecom data to curb voice phishing in South Korea
Foxit Releases Security Updates for PDF Editor Cloud XSS Vulnerabilities
From scam parks to execution chambers: China’s hardline tactics against cross-border cyber fraud
Interlock Ransomware Exploits Zero-Day in Gaming Anti-Cheat Driver to Disable EDR, AV
‘It defies belief’: Names of Police Service of Northern Ireland (PSNI) officers published on court website in new breach
Major malware adds Linux variant, thousands of hosting servers infected
Major vulnerabilities found in Google Looker, putting self-hosted deployments at risk
Microsoft and Google Platforms Abused in New Enterprise Cyberattacks
Microsoft Warns Python Infostealers Target macOS via Fake Ads and Installers
Millions installed these AI apps, but researchers warn of leaked user locations
Missouri school districts targeted in recent phishing email scam
Navigating the AI Revolution in Cybersecurity: Risks, Rewards, and Evolving Roles
New Amaranth Dragon cyberespionage group exploits WinRAR flaw
New Technical Markers Reveal Expanding ShadowSyndicate Cybercriminal Infrastructure
Northern Ireland: Police officer names published on courts website
Okta users warned as ShinyHunters expand vishing wave
Phonesack Group Allegedly Breached: Xekong Energy Project Data Leaked
Poland Detains Defense Ministry Employee on Suspicion of Spying for Russian and Belarusian Intelligence
Privilege Disruption: The Key Choke Point for Cyber Deterrence
Qilin Ransomware Breaches RC Collecting, PSTECHLTD, Jingchang, and Medasa
Ransomware Attacks Have Surged 30% Since Q4 2025
Report shows records number of data breaches in 2025
Rise in data breaches across UK ambulance services
Service Provider Breach Impacts 130,000 Customers of 1st MidAmerica Credit Union
ShinyHunters Alleged Data Breach Targets Ivy League: 2 Million Records Stolen from Harvard University and the University of Pennsylvania
ShinyHunters Breaches Harvard and UPenn: Millions of Records Exposed
SolarWinds Web Help Desk Vulnerability Actively Exploited
South Korea: Professional Man Avoids 1.8 Billion Won Voice Phishing Scam
SystemBC Infections Exceed 10,000, Including Systems Linked to Government Hosting
The Double-Edged Sword of Non-Human Identities
The most popular cyberattack in South Africa
The retail ransomware opportunity
Two Asian cyber-attacks in Tokio Marine HCC's top 10 cyber incidents for 2025
Two Critical Flaws in n8n AI Workflow Automation Platform Allow Complete Takeover
Universal £7,500 payout offered to Police Service of Northern Ireland (PSNI) staff over major data breach
Universal offer made to Police Service of Northern Ireland (PSNI) data breach plaintiffs
US senator demands AT&T and Verizon CEOs testify over Salt Typhoon telecom hack
3rd February
8.7 billion records spilled: Inside the massive Chinese data leak
9 million Android phones hijacked worldwide in hacker network
AI Governance in Cybersecurity: Building Trust and Resilience in the Age of Intelligent Security
AI-Assisted Cloud Intrusion Compromises AWS Environment in 8 Minutes, Highlights New Cloud Security Threats
Apple Pay Phishing Campaign Targets Users With Fake Fraud Alerts
Apple users are being targeted by a coordinated Apple Pay phishing campaign
APT28 Uses Microsoft Office CVE-2026-21509 in Espionage-Focused Malware Attacks
Attackers allege 1.4TB data breach at Iron Mountain
Attackers Imitate Dropbox To Launch Credential-Harvesting Phishing Attacks
Australian data not compromised as part of cyber attack on Distinctive Systems
Bangladesh: Data breach a threat to journalist safety
Bayada Home Health Care Affected by Doctor Alliance Data Breach
Belgian school cyberattack shifts pressure onto families
Berchem School Hit by Cyberattack as Hackers Target Parents With €50 Ransom Demand
Beware of Fake Dropbox Phishing Attack that Harvest Login Credentials
Bumble, Match Group Hit by Data Security Incident, ShinyHunters Claims Responsibility
California city turns off Flock cameras after company shared data without authorization
Can IT Infrastructure seizures by Law Enforcement stop Ransomware spread
Canada Computers says customer information compromised during data breach
Capital Health Agrees to $4.5M Settlement Over Cyberattack and Data Breach
Centric Health Data Breach Impacts 6,855 Patients
CISA flags critical SolarWinds RCE flaw as exploited in attacks
CISA orders federal agencies to patch exploited SolarWinds bug by Friday
CISA updated ransomware intel on 59 bugs last year without telling defenders
Coinbase confirms insider breach linked to leaked support tool screenshots
Critical vLLM Flaw Exposes Millions of AI Servers to Remote Code Execution
Cyber Risk Enters 2026 as a Board-Level Priority
Cyber-attack halts planning applications and house sales in London's richest borough
Cybercrime Unit of Paris Prosecutors Raid Elon Musk’s X Offices in France
Docker Fixes Critical Ask Gordon AI Flaw Allowing Code Execution via Image Metadata
DockerDash Ask Gordon AI Vulnerability Exposes Supply Chain Risks as Meta-Context Injection Compromises AI Integrity
DockerDash Exposes AI Supply Chain Weakness In Docker's Ask Gordon
Epstein Files: FBI Informant Claims Jeffrey Epstein's 'Personal Hacker' Sold Zero-Day Exploits to Hezbollah
EU privacy authorities skeptical of Brussels AI plan that would allow easier use of personal data
Everest Ransomware Claims 90GB Data Theft Involving Legacy Polycom Systems
Exposed AWS Credentials Lead to AI-Assisted Cloud Breach in 8 Minutes
Fake ELTA Delivery Texts Target Greek Consumers
Fancy Bear’s latest dance: Microsoft Office flaw fuels cyberattacks in Ukraine and EU
Federal Motor Carrier Safety Administration (FMCSA) warns of ‘aggressive’ phishing campaign targeting fleets
Federal Motor Carrier Safety Administration (FMCSA) warns of ‘aggressive’ phishing scam targeting carriers
Five Single Sign-On Best Practices to Reduce Access Risk in 2026
French Police Raid X Offices as Grok Investigations Grow
French Police Raid X Paris Office, Summon Musk Over Grok Deepfakes
French prosecutors raid X offices, summon Musk over Grok deepfakes
Hacker Claims Huge Breach Of Spain's Tax Data
Hackers exploit critical React Native Metro bug to breach dev systems
Hackers Exploit Metro4Shell RCE Flaw in React Native CLI npm Package
Hackers Leak 5.1 Million Panera Bread Records
Here's how to be safer as physical crypto attacks grow, deepfake extortion is next
Homeland Security is trying to force tech companies to hand over data about Trump critics
How Banks Can Protect Their Most Valuable Asset: Customers
How to turn on Private DNS Mode on Android - and why it's a must for security
HP subsidiary allegedly breached by Everest ransomware gang
Hundreds of Malicious Crypto Trading Add-Ons Found in Moltbot/OpenClaw
I installed Moltbot. How do I protect my data?
INC Ransomware Breaches H-Behbehani Brothers and Blystone & Bailey
India’s Supreme Court to WhatsApp: ‘You cannot play with the right to privacy’
Iron Mountain: Data breach mostly limited to marketing materials
January’s biggest data breaches exposed
Kensington and Chelsea Council to make first housing benefit payment since cyber attack
M&S attackers hit German insurance giant HanseMerkur
Malta: Gozo Channel hit by cyber attack, ferry operations not affected
Meet Moltbook, the Social Platform Where AI Agents Talk and Humans Watch
Microsoft Windows moves to disable NTLM, a common attack vector for hackers
Moltbook data breach exposes API tokens and emails, cybersecurity firm Wiz reveals
Moltbook Hacked: Data Breach Exposes 35,000 Emails
NationStates confirms data breach after player gained unauthorized server access
Negotiating with Scattered Lapsu$ Hunters discouraged
Neurological Associates Data Breach: PHI and PII of 13,500 Patients Exposed
New Britain Ransomware Attack Disrupts City Systems, FBI Investigating
New Password-Stealing Phishing Campaign Targets Corporate Dropbox Credentials
New Phishing Scheme Targets Motor Carriers, Federal Motor Carrier Safety Administration (FMCSA) Warns
Northern Ireland: Every police officer given £7,500 compensation offer for data breach scandal that put entire workforce's personal info in hands of dissident republicans
Notepad++ Hijacking Incident Deploying Backdoor, Linked to Lotus Blossom Group Campaign
Notepad++ Hosting Breach Attributed to China-Linked Lotus Blossom Hacking Group
Notepad++ supply chain attack: Researchers reveal details, IoCs, targets
Notepad++ update system compromised in potential state-sponsored attack
Oakley Relocation Data Breach Exposes Social Security Numbers
Op Neusploit: Russian APT28 Uses Microsoft Office Flaw in Malware Attacks
Open-source attacks move through normal development workflows
Panera Bread data breach affects 5.1 million accounts, not 14 million
Panera Bread data breach much more serious than we thought - over 5 million customers were hit, new reports claim
Phishing scam targets Livonia students with fake job offers
Poland detains defense ministry employee on suspicion of spying for Russia
Police Service of Northern Ireland (PSNI) data breach victims offered £7,500 compensation payment
Police Service of Northern Ireland (PSNI) officers affected by data breach to receive £7,500
Police Service of Northern Ireland (PSNI) officers and staff affected by data breach offered £7,500 compensation each
Police Service of Northern Ireland (PSNI) officers to get £7,500 each in compensation over data breach
Police Service of Northern Ireland (PSNI) staff offered £7,500 compensation over data breach
Precipio Data Breach Exposes 150 GB of PHI and PII
Qilin ransomware gang claims breach of Tulsa International Airport, posts alleged data samples
Ransomware gangs focus on winning hearts and minds
Ransomware surge prompts Federal Communications Commission (FCC) guidance for stronger telecom security practices
Recent ICO Data Breach Enforcement Emphasizes the Importance of a Robust Breach Response
Remote encryption spearheads ransomware tactics
Researchers Warn of New “Vect” RaaS Variant
Russian hackers are exploiting recently patched Microsoft Office vulnerability (CVE-2026-21509)
Russian state hackers exploit new Microsoft Office flaw in attacks on Ukraine, EU
Service Employees International Union Local 1 (SEIU Local 1) Data Breach Exposes Social Security Numbers
SharePoint phishing campaign rages: fake invitations lead to compromised Microsoft accounts
ShinyHunters Claims Massive Panera Bread Data Breach
ShinyHunters tease Coinbase by flashing allegedly stolen data on Telegram
SoFi Data Breach Affects 38,049 in Washington
Sophisticated Apple Pay Phishing Scheme Exploits User Trust Through Multi-Channel Attack Vector
Spyware Vendor’s Pall Mall Claims Trigger Civil Society Backlash
SQL Injection Flaw Affects 40,000 WordPress Sites
Step Finance says compromised execs' devices led to $40M crypto theft
Stop Treating Patches Like They’re Riskier Than Ransomware
Substack Data Breach Leads to Leak of Nearly 700,000 Records
The ‘Invisible Risk’: 1.5 Million Unmonitored AI Agents Threaten Corporate Security
The new face of phishing: Why traditional defenses are failing your customers in 2026
This Is Why “Auto-Update” Is a Hacker’s Favorite Feature
Title Guaranty Data Breach Exposes 50GB of Sensitive Info Including SSNs
UK Information Commissioner’s Office (ICO) Launches Investigation into X Over AI Generated Non-Consensual Sexual Imagery
UK investigating first suspected breach of cyber sanctions
UK privacy watchdog probes Grok over AI-generated sexual images
Union State Bank Data Breach Exposes Personal Information of Customers
Universidad Autónoma de Sinaloa (UAS) Data Breach Affects Thousands
University of Pennsylvania’s October data breach impacted fewer than 10 people, despite hackers’ claims it was 1.2 million
Vibe-Coded Moltbook Exposes User Data, API Keys and More
Wave of Citrix NetScaler scans use thousands of residential proxies
What is CryptoLocker ransomware and how can you protect yourself?
Why Crypto Phishing Has Become More Sophisticated Than Malware
Why Smart People Fall For Phishing Attacks
X offices raided in France as UK opens fresh investigation into Grok
2nd February
1st MidAmerica Data Breach Affects 131,000 Members
AI is flooding Identity and Access Management (IAM) systems with new identities
Alleged Data Breach Targets Spain’s Ministry of Science, Innovation, and Universities
Alpine ENT Data Breach Impacts 65,648 Individuals Exposing PII and PHI
Android RAT Uses Hugging Face to Host Malware
Anywhere Real Estate Data Breach Exposes Social Security Numbers
Autonomous AI Agents Emerge As Cybercrime’s New Operating System
BreachForums Breach Exposes Names of 324K Cybercriminals, Upends the Threat Intel Game
Britain and Japan Join Forces on Cybersecurity and Strategic Minerals
Canada Computers & Electronics reveals data breach - customer data exposed, here's what we know
Canada Computers confirms data breach exposing customer personal and credit card information
Canada Computers data breach exposes guest checkout customers’ card details
Canada Computers says customer information compromised during data breach
City of Muscatine warns about phishing scam targeting local businesses
CrossCurve Bridge Hacked for $3 Million After Smart Contract Validation Vulnerability Exploited
Crypto Losses Hit Nearly $370 Million in January 2026 as Phishing Scams Surge
Crypto Exploits Hit Nearly $400 Million in January as Phishing Dominates Losses
Crypto Losses Surge to $370 Million in January, Phishing Dominates
Crypto Theft Jumps to $370 Million in January as Phishing Dominates Losses
Deatak Inc. Targeted by Play Ransomware Attack
December 2025 Healthcare Data Breach Report
DragonForce Ransomware Hits T&M Electric and Mullinax Ford
Encountered fraud messages in the UAE? Here’s what you need to know
Epstein allegedly had a “personal hacker,” was into cyberwar and malware
eScan Antivirus Update Servers Compromised to Deliver Multi-Stage Malware
Everest Ransomware Breaches Iron Mountain, Polycom, Hosokawa Micron, Shinwa, SIGMA, Acu Trans, and Stellium
Exploit Pack Breach: Full Repository of Exploits and Shellcodes Leaked
Fancy Bear Exploits Microsoft Office Flaw in Ukraine, EU Cyber-Attacks
Federal Communications Commission (FCC) urges telecoms to boost cybersecurity amid growing ransomware threat
Flaw in Broadcom Wi-Fi Chipsets Illuminates Importance of Wireless Dependability and Business Continuity
Former Google Engineer Found Guilty of Stealing AI Secrets
From Clawdbot to OpenClaw: This viral AI agent is evolving fast - and it's nightmare fuel for security pros
Gibraltar: Data breach undermined police integrity, judge says, as officers fined £5,000 each
Hackers attempt to extort parents after school refuses to pay ransom fee
Hackers claim 1.4 TB theft from Iron Mountain, major data management company
Hackers exploit vishing to bypass MFA at Okta
Hackers have attacked a Belgian school and are demanding €50 for every child
Hackers share chip photos allegedly stolen from HP subsidiary, Poly
Hackers who hit OkCupid, Bumble, and Crunchbase bypass security with a simple trick: a phone call
Hackers Wipe MongoDB Databases and Leave Ransom Notes in Active Attacks
HCIactive Data Breach Exposes Sensitive Personal Data of Over 3 Million Individuals
How state-sponsored attackers hijacked Notepad++ updates
Hugging Face Repositories Abused in New Android Malware Campaign
Ivanti Issues Urgent Fix for Critical Zero-Day Flaws Under Active Attack
Jeffrey Epstein employed a private hacker, new documents reveal
Jeffrey Epstein’s alleged ‘personal hacker’ revealed in DOJ documents
Major health provider data breach may have affected thousands more people - over 700k now thought to have been hit
Malicious ‘Mac Cleaner’ Ads On Google Redirect Users To Phishing Nightmares
Malicious MoltBot skills used to push password-stealing malware
Mandiant Reports ShinyHunters Extortion Tactics, Vishing, and SSO Compromise Target Cloud Environments
Massive 31.4 Tbps DDoS attack breaks records: How the 'apex' of botnets could be weaponizing your home devices
Michigan Sugar Data Breach Affects 16,689 People
Moltbook: fear data breach, not an AI apocalypse
Multi-channel phishing drives new defense strategies for Philippines firms
National Security Agency (NSA) Publishes New Zero Trust Implementation Guidelines
NationStates confirms data breach, shuts down game site
New Britain, Connecticut, Works to Recover from Cyber Attack
New GlassWorm attack targets macOS via compromised OpenVSX extensions
New Punishing Owl Hacker Group Targeting Networks of Russian Government Security Agency
Notepad++ hijacked by suspected state-sponsored hackers
Notepad++ hit by Chinese state-sponsored group, injecting malware into updates
Notepad++ Official Update Mechanism Hijacked to Deliver Malware to Select Users
Notepad++ update feature hijacked by Chinese state hackers for months
Notepad++ Update Hijacking Linked to Hosting Provider Compromise
Notepad++ Updates Delivered Malware After Hosting Provider Breach
Nova Biomedical Reports Data Breach Affecting More Than 10,000 People
Nuneaton school fully operational after recovery from cyber attack
Open VSX Registry Deploys GlassWorm Malware via Four Malicious Extension Versions
Open VSX Supply Chain Attack Used Compromised Dev Account to Spread GlassWorm
OpenClaw Bug Enables One-Click Remote Code Execution via Malicious Link
OpenClaw is a security nightmare - 5 red flags you shouldn't ignore (before it's too late)
Over 1,400 MongoDB Databases Ransacked by Threat Actor
Panera Bread breach affected 5.1 Million accounts
Panera Bread breach impacts 5.1 million accounts, not 14 million customers
PDF phishing attack leads to stolen Dropbox credentials
Phishing Scam Uses Clean Emails and PDFs to Steal Dropbox Logins
Punishing Owl Hacker Group Targets Russian Government Networks
Qatar: National Cyber Security Agency issues binding decision against sports company due to personal data breach
Qilin Attacks Stephenson Ziegenhorn & Bernard, Sprokkit, INGUS, JCM Agricola
Ransomware report notes fourth quarter 2025 attack surge
Ransomware Strikes Rome's Leading University
Ransomware Without Encryption: Why Pure Exfiltration Attacks Are Surging
Research Says Gen Z Is Nearly 3 Times More Vulnerable To Phishing Than Boomers, Here’s Why
Researchers Find 341 Malicious ClawHub Skills Stealing Data from OpenClaw Users
Rome: Hacker attack on Sapienza University, several systems affected and blocked
Russian APT28 Exploit Zero-Day Hours After Microsoft Discloses Office Vulnerability
Russian Hacker Alliance Launches Large-Scale Cyberattack On Denmark
Russian hackers exploit recently patched Microsoft Office bug in attacks
Russian ransomware hackers allegedly hit Tulsa airport in cyberattack, dump private files online as proof
San Juan Andes Health System Data Breach Exposes Patient Photos
Scottish Council Had “Gaps in Cybersecurity” Prior to Cyber-attack
ShinyHunters flip the script on MFA in new data theft attacks
ShinyHunters Leads Surge in Vishing Attacks to Steal SaaS Data
ShinyHunters-Branded Extortion Activity Expands, Escalates
Spain Ministry of Universities Data Breach
Spyware maker is hijacking diplomatic efforts to limit commercial hacking, civil society warns
State-Aligned Actors Exploit Unrest with RedKitten AI-Accelerated Campaign Targeting Iranian Protests
Taiwan HVAC Engineering Association Data Breach by Hexvior Group
The Noise in the Silence: Unmasking CISA's Hidden KEV Ransomware Updates
Top ‘Trusted’ Platforms are Key Attack Surfaces
Tulsa Airport Tech Teams Contain Ransomware Attack
Was Your Data Exposed in the Latest Under Armour Breach? Here’s What You Should Do
Where National Security Agency (NSA) zero trust guidance aligns with enterprise reality
WoundTech Data Breach Exposes 160,000 Sensitive Patient Records
Welcome to last month's DLR Report, an exclusive presentation of Data-Leaking Ransomware Operator's Global and US Victims that were claimed between 1st January and 31st January 2026.
Welcome to last week's ROC Report, an exclusive summary of Ransomware Operator's global victims that were claimed during the period between 19th January and 25th January 2026, kindly assisted by our partners.