Editor's Message

Welcome to DBD. On March 8th 2026, DBD celebrated it's sixth anniversary and PRiSM celebrated it's third anniversary. Both projects have made a huge impact on my life and I'd like to thank each and everyone of you who have supported me, with special thanks to those individuals and communities who have helped me build up my knowledge on cybercrime and ransomware over the years. Thanks again for all your continued support. Stay safe. :)

“Data Breaches Digest and its PRiSM portal provide Dentons Global Security Team with valuable insights into the ransomware landscape, from the latest incidents to trends over time, as well as the ability to customize visual analytics. Timely reports and tracking by Data Breaches Digest help inform cyber intelligence for the world’s largest law firm and thus our cybersecurity posture across more than 80 countries worldwide.”
Dentons Senior Analyst, Washington D.C.

Monday, 11 May 2026

Data Breaches Digest - Week 20 2026

Welcome to this week's Data Breaches Digest, a catalogue of links concerning Data Breaches and Cyber Security that were published on the Internet during the period between 11th May and 17th May 2026.


13th May

122 Australian Schools & Universities Impacted In Data Breach Affecting Millions

AI and phishing-as-a-service drive increase in email attacks

AI fuels rise in phishing attacks

Android Adds Intrusion Logging for Sophisticated Spyware Forensics

Android pushes new scam, theft, and AI protections in 2026 update wave

Apple Enables Encrypted RCS Messaging Between iPhone and Android

Bring Your Own Vulnerable Driver (BYOVD) Attacks Help Ransomware Gangs Bypass Endpoint Defenses

Canvas Cyberattack: Instructure Pays ShinyHunters Ransom, US House Committee Asks for Investigation

Canvas owner reaches deal with ShinyHunters after global data breach

Chinese hacker suspect extradited to South Korea over $32m theft targeting BTS’ Jungkook and others

Critical Exim GnuTLS Flaw Enables Remote Code Execution

Critical Fortinet FortiSandbox Flaw Enables Remote Code Execution

Cybersecurity Is No Longer a Gatekeeper, But the Engine of Delivery Across Digital Economy

Fake Income Tax email alert! ‘SilverFox’ hackers target Indians with dangerous malware

Fallout from the ransomware attack on Canvas used by thousands of universities

Fewer Groups Now Drive Majority of Global Attacks

FIFA World Cup 2026: Cyber Attack Single Point Risk

Fortinet Patches Critical RCE Vulnerabilities in FortiSandbox and FortiAuthenticator

Foxconn confirms cyberattack after hackers claim theft of Apple data

Foxconn Confirms Cyberattack on North American Facilities, Production Hit

Foxconn confirms Ransomware Attack

Foxconn Hit by Ransomware Attack Claiming Theft of Apple Project Data

From Exposure to Action: How to Operationalize Identity Risk Intelligence

GemStuffer Abuses 150+ RubyGems to Exfiltrate Scraped U.K. Council Portal Data

Google Boosts Android Security With AI-Powered Protections

Google Detects AI-Created Exploit, Thwarts ‘Mass Exploitation Operation’

Hacker Actively Laundering Stolen Crypto After Exploiting Liquidity Provider for $6,700,000

Hackers tipped off Dutch telco Odido about its own data breach

Hackers Upgrade ClickFix Attacks Using Decade-Old Python SOCKS5 Proxy Tool

Here’s why Odido didn’t pay a ransom in the recent cyberattack

India Ranks Top in APAC Cyber Attacks Amid 165% Ransomware Surge

India tops APAC ransomware target list as cyberattacks surge 165% in Q1 2026

International Anti-Ransomware Day 2026: Strengthening Cyber Resilience Against Evolving Threats

Meta employees revolt over AI mouse-tracking software installed on work computers

Microsoft Fixes 17 Critical Flaws in May Patch Tuesday

Microsoft May 2026 Patch Tuesday: Many fixes, but no zero-days

Microsoft May 2026 Patch Tuesday Fixes 120 Vulnerabilities, No Zero-Day Exploits Reported

Microsoft on pace to break annual vulnerability record as AI-driven patch wave takes hold

Microsoft Patches 138 Vulnerabilities, Including DNS and Netlogon RCE Flaws

Microsoft’s agentic security system found four critical Windows RCE flaws

Pro-Iran hackers claim cyberattack on Spotify, cite ‘revenge’ for Khamenei's killing

Ransomware: Over Half of CISOs Would Consider Paying Ransom to Hackers

Ransomware Gangs Use BYOVD and EDR Killers to Disable Security Tools

Ransomware hits Australian networks faster than ever before

Ransomware shifts to fewer groups as Thailand targeted

Regulator fines water company almost £1 million for cybersecurity failures

Skoda Auto Carmaker Discloses Online Shop Intrusion Potentially Impacting Customer Data

Skoda issues data breach alert for its online shop: hackers accessed customer information

Slovakian Admin of Dark Web Kingdom Market Jailed for 16 Years in US

Sophos 2026 Report Details Escalating Security Threats: Identity Security Breaches Cost $1.6 Million

South Korea: Chinese Hacker Ringleader Extradited for 38 Billion Won Theft

South Staffs Water fined almost £1 Million after IT hack and data breach

The hidden risk of non-human identities in AI adoption

When backups become the target: Why your recovery plan needs a rethink

When the Ransomware Gang Gets Hacked: What the Gentlemen Leak Reveals About Modern Ransomware Risk

Why Australia's ransomware spike misses the bigger story

Why Canadian Telecom Providers Are Prime Targets for Cyberattacks

Wiping 96 US government databases after being fired may cost ex-hackers two decades in prison

12th May - International Anti-Ransomware Day

1.2 Million messaging app profiles leaked online: Were you impacted?

‘Agreement’ with hackers resolves data breach on Canvas learning platform

AI drives ransomware surge, experts urge faster defence

AI-Accelerated Ransomware Is Reshaping Risk for Financial Institutions

Amazon Quick authorization bypass let users reach blocked AI chat agents

American Lending Center Data Breach: 123,158 Individuals Impacted

Android will hang up on banking scammers for you - how its new anti-spoofing feature works

Apple supplier Foxconn confirms ransomware attack affected North American factories

Attackers Combine ClickFix With PySoxy Proxying to Maintain Persistence

Attackers Use Fake OpenAI Model to Push Credential-Stealing Malware

Australian firms urged to rethink ransomware defences

Banco Bilbao Vizcaya Argentaria (BBVA) haunted by fresh leak claims as customer banking data resurfaces online

Belmont Surgery Data Breach Exposes Sensitive Health Information

Binance stops $10.5B in fraud with AI, but the AI scam profits tell a different story

Biometric Authentication is Easier to Fake Than You Think

Canvas breach: 'Agreement' made with hackers over stolen data

Canvas breach ends in ransom deal, but student phishing risk remains

Canvas Data Breach: Instructure Reaches Deal With ShinyHunters To Return User Data

Canvas developer Instructure says 'agreement' reached with hackers

Canvas hack: Company pays criminals to delete students' stolen data

Canvas Hack Aftermath: Owner Instructure Reaches Deal With Hacker Group

Canvas Hackers ShinyHunters Say Their Official Domain Was Suspended

Canvas now admits it paid hackers after finals-week cyberattack - but is student data truly safe?

Canvas owner reaches ‘agreement’ with threat actors after data breach

Canvas owner struck a deal with hackers who breached its education platform twice

Canvas parent settles with hacker group that stole user data

Canvas platform strikes deal with hackers to delete students’ stolen data

Canvas reaches agreement with hacking group over massive data breach

Canvas Secures Data with Hacker's Agreement

Caveat Canvas: ShinyHunters Hacks The Education Sector

Checkmarx Jenkins AST Plugin Compromised by TeamPCP Using Credentials Stolen in the Trivy Supply Chain Attack

Class-action suit targets global commercial real estate firm for failing to protect client info during massive data breach

Congressman launches inquiry into how food retailers use surveillance pricing

Cushman & Wakefield Confirms Data Breach Impacting Over 310,000 Accounts

Cushman & Wakefield Data Breach Exposes 310,431 User Accounts

CVE-2026-41940 Vulnerability in cPanel Exploited to Steal Credentials

Dark web kingdom operator sentenced to 16 years as leading marketplace falls

EdTech Firm Instructure Pays Ransom as U.S. House Starts Investigation

Edtech giant Instructure strikes deal with ShinyHunters hackers prior to ransomware deadline

Education platform pays off hacker who shut down site during finals week

End‑to‑End Encrypted RCS Messaging Arrives Across iPhone and Android

Experts urge better scrutiny of cloud services after Canvas data breach

Fake Claude Code Installer Targets Developers With Browser Credential Stealer

Fake Invitation Phishing Is Becoming a Remote Access Problem for CISOs

Financial Foundations Data Breach: Social Security Numbers Exposed

Fortinet warns of critical RCE flaws in FortiSandbox and FortiAuthenticator

Foxconn confirms cyberattack after ransomware crew claims it stole confidential Apple, Nvidia files

Foxconn confirms cyberattack impacting North American factories

Foxconn Hit by Major Cyberattack as Ransomware Group Claims Theft of 8TB of Data

Foxconn Ransomware Attack Shows Nothing Is Safe Forever

General Motors to pay $12.75 million over driver data sales

Germany busts rebooted dark marketplace Crimenetwork selling drugs, forged documents

GhostLock Attack: Windows API Misuse Enables Ransomware-Like System Lockdown Without Encryption

Google Blocks AI-Driven Cyberattack in First Known Attempt at Mass Exploitation

Google Detects First Potentially AI-Generated Zero-Day Exploit

Google Drive loophole lets blocked malware reach Gmail, puts billions at risk

Google Says Hackers Used AI to Build Zero-Day Exploit

Google Thwarts Hacker Plan to Exploit AI for Mass Cyberattacks

Hacker breached Skoda’s online store and stole customer data

Hackers accessed BWH Hotels reservation system for months

Hackers claim 11 Million files from major Apple and Nvidia partner days after Wisconsin plant suffers “IT outage”

How AI and phishing-as-a-service are changing the email threat landscape

How to tell if your email address, passwords have been exposed

Hundreds of open-source packages, including TanStack and Mistral, compromised in fresh wave of supply chain attacks

Information Commissioner’s Office (ICO) fines water company £1m over data breach affecting 630,000 people

Information Commissioner’s Office (ICO) fines UK water company over major customer data breach

Information Commissioner’s Office (ICO) issues fine of nearly £1m against South Staffordshire Plc and South Staffordshire Water Plc following major cyber attack and data breach

Institute of Public Accountants (IPA) members hit by data breach

Instructure pays ransom after Canvas incident as Congress announces investigation

Instructure Pays Ransom to Resolve Canvas Data Breach Affecting 275 Million Users

Instructure reaches agreement with hacker after data breach, global outage

Instructure reaches 'agreement' with ShinyHunters to stop data leak

Instructure Reaches Ransom Agreement with ShinyHunters to Stop 3.65TB Canvas Leak

Instructure strikes deal with hackers who breached it twice

Instructure took a risky approach to recover stolen Canvas data

iOS 26.5 Brings Default End-to-End Encrypted RCS Messaging Between iPhone and Android

JetBrains TeamCity vulnerability allows privilege escalation, API exposure (CVE-2026-44413)

Kaspersky 2026 Ransomware Report Details Shifting Threats, as Attacks Decline and Tactics Change

Malicious Hugging Face Repository Typosquats OpenAI

Microsoft May 2026 Patch Tuesday fixes 120 flaws, no zero-days

Mini Shai-Hulud Hits TanStack npm Packages

Mini Shai-Hulud Worm Compromises TanStack, Mistral AI, Guardrails AI & More Packages

New Exim BDAT Vulnerability Exposes GnuTLS Builds to Potential Code Execution

New TrickMo Variant Uses TON C2 and SOCKS5 to Create Android Network Pivots

New York Life Data Breach Exposes Sensitive PHI and PII

NVIDIA confirms GeForce NOW data breach, pledges full support for investigation

Odido rules out compensation after massive cyberattack affecting 6.2 million accounts

On Anti-Ransomware Day, some good news arrives for cyber defenders

OpenLoop Health Data Breach Confirmed at 716,000 Individuals

Operation HumanitarianBait Uses Fake Aid Documents to Deploy Python Spyware

Oracle EBS data breach compromised close to 6,000 Informa employees

Over 1 Million Baby Monitors, Security Cameras Exposed Through Meari Flaws

Ransom deal reached with Canvas hackers who stole student and teacher data

Ransomware attacks near record as groups consolidate

Ransomware Hackers Crash Finals Season

Ransomware in 2026: Resilience replaces prevention as new cyber imperative

Ransomware Power Shifts to Fewer, Bigger Groups in 2026 productnation

Ransomware sector reconsolidating as Qilin, LockBit, and The Gentlemen expand influence in Q1 2026

Regina entertainment venues affected by cyber attack

RubyGems Suspends New Signups After Hundreds of Malicious Packages Are Uploaded

SAP fixes critical vulnerabilities in Commerce Cloud and S/4HANA

School Learning Company Reaches Deal with Hackers in Ransomware Attack

Shai Hulud attack ships signed malicious TanStack, Mistral npm packages

Signal adds security warnings for social engineering, phishing attacks

Six new dnsmasq vulnerabilities open the door to DNS cache poisoning, local root

Å koda confirms unauthorized access to its online shop

Å koda warns of customer data breach after online shop hack

South Staffordshire Water Fined £1m After Data Breach

State of ransomware in 2026

Stealthy hackers exploit cPanel flaw in active backdoor campaign (CVE-2026-41940)

Stolen Canvas data was “returned” after hacker agreement, Instructure says

Stolen information returned to Canvas and allegedly deleted from hacker logs

Taiwan's cybersecurity market shifts toward managed services as ransomware pressure mounts

The Canvas Breach Shows What Happens When SaaS Platforms Become Identity Infrastructure

The Exception Economy: When Security Teams Stop Protecting and Start Negotiating

The hidden smart fridge risks that emerge years after purchase

The Risks of AI Agents as High-Privilege Users That Never Pause

The State of Identity Security 2026: Identity is the new perimeter

Threat Actors Leverage Vercel’s AI Tools to Mass‑Produce Realistic Phishing Sites

Threat Actors Use Vercel AI to Mass-Produce Phishing

Three separate lawsuits filed against Instructure after data breach

U.S. bank disclose security lapse after sharing customer data with AI app

UK fines water supplier $1.3 Million for exposing data of 664k customers

UK water firm fined £1 Million after running Windows Server 2003

UK Water Supplier Fined Nearly £1 Million After Hackers Roamed Networks for Almost 2 Years

US government seeks Instructure testimony on massive Canvas cyberattack

Water firm fined after customers' details hacked

West Pharmaceutical Services Hit by Disruptive Ransomware Attack

West Pharmaceutical warns of ransomware attack impacting business operations

“When you watch Netflix, Netflix watches you”: Texas sues streaming giant for spying on kids

Why Agentic AI Is Security's Next Blind Spot

Why Ransomware Attacks Are Increasing in UK Businesses

‘You deserved more consistent communication from us, and we didn’t deliver’: Instructure CEO issues apology over Canvas cyber attack disruption

11th May

9-Year-Old Dirty Frag Vulnerability Enables Root Access on Linux Systems

AI cyber attack threatens global financial crisis, warns International Monetary Fund

AI-Driven Cybercrime Spikes: Ransomware Victims Up 389% in New Fortinet Study

Australia: Deadline set by cybercriminal group looms as some institutions regain Canvas access

Australian toy distributor listed by M3rx ransomware

Back-to-Back Ransomware Attacks on Ed Tech Firm Attract Congressional Scrutiny

Binance says AI security systems prevented $10.5 billion in user losses from crypto scams, phishing

Bulgaria: Authorities bust AI-assisted mass phishing scheme

BWH Hotels guests warned after reservation data checks out with cybercrooks

California Hits General Motors With Record $12.75 Million CCPA Privacy Settlement

Capsule Security Analysis Details Scope of Vulnerable AI Agent Attack Surface

China-linked New York robotics firm issues fix after hacker remotely hijacks thousands of lawn mowers

cPanel CVE-2026-41940 Under Active Exploitation to Deploy Filemanager Backdoor

Criminal case opened in Poland after hacker attack on Belarusian online library kamunikat.org

Cyber attack disrupts swathe of universities, schools in US, Canada, Australia

Cyber-crime increasingly coming with threats of physical violence

Data after the breach: Economics of the dark web

Data Breach Disrupts Georgia Universities During Final Exams

Data breach fears for schools and universities grow after suspected ransom note

Deconstructing the Canvas (Instructure) Data Breach: What Happened and What Should Your Institution Do Next?

Dirty Frag: Linux kernel hit by second major security flaw in two weeks

Fake Claude Code Page Pushes PowerShell Stealer at Devs

Fake income tax emails target Indians: Kaspersky warns of ‘SilverFox’ hacker attack

Fake OpenAI Privacy Filter Repo Hits #1 on Hugging Face, Draws 244K Downloads

Fake TronLink Extension Targets TRON Users in Phishing Scam

Fine of nearly £1 million issued against South Staffordshire Plc and South Staffordshire Water Plc following major cyber attack and data breach

Fortinet Warns AI Is Accelerating Global Cybercrime as Ransomware Victims Surge 389%

General Motors (GM) agrees to $12.75 Million California settlement over sale of drivers’ data

GhostLock Attack Leverages Windows file-sharing to Lock Files Access Like Ransomware

Global report finds businesses hide vast majority of ransomware attacks

Google Ads and Claude.ai Shared Chats Abused to Distribute Mac Malware

Google catches “first AI-assisted zero-day” as well as autonomous Android malware

Google researchers uncover criminal zero-day exploit likely built with AI

Google says criminals used AI-built zero-day in planned mass hack spree

Google Says Hackers Used AI to Develop a Zero-Day Exploit

Google says it likely thwarted effort by hacker group to use AI for ‘mass exploitation event’

Hackers Exploit Vercel GenAI to Mass-Produce Convincing Phishing Sites

Hackers Observed Using AI to Develop Zero-Day for the First Time

Hackers pushing innovation in AI-enabled hacking operations, Google says

Hackers Used AI to Develop First Known Zero-Day 2FA Bypass for Mass Exploitation

Hackers used AI to develop zero-day exploit for web admin tool

Hogan Transports Data Breach Exposes Personal Information Including Social Security Numbers

Hong Kong: Cross-border data breach alerts in place, says Digital Policy Office

Identity security firm SailPoint discloses GitHub repository breach

Information Commissioner’s Office (ICO) fines Cl0p victim South Staffs Water over data breach

Information Commissioner’s Office (ICO) fines South Staffordshire Water £963,900 over significant data protection failures

Information Commissioner’s Office (ICO) fines Staffordshire water provider over serious cyber attack

Instagram messaging encryption removed, and privacy advocates are pushing back

Instructure Canvas hack update: Breach involved a specific teacher account type and interrupted finals

Instructure confirms hackers used Canvas flaw to deface portals

Iran’s cyberwar targets ordinary Americans. We need to dismantle the hacker network

Kaspersky Warns of Phishing Attacks Via Compromised Amazon Simple Email Service Accounts

LayerZero Apologizes After Lazarus Group Hacker Attack

LayerZero blames victims for $292 million hack, but apologizes as clients leave

Linux developers weigh emergency “killswitch” for vulnerable kernel functions

Mac Users Warned Over Fake Claude Install Instructions

March 2026 Healthcare Data Breach Report

Millions of Android users tricked into paying for fake call logs

MTN Ghana Warns Customers Against Phishing Link Scams

National Savings and Investments (NS&I) phishing attacks surge as Premium Bonds provider blocks 132,000 malicious emails

New Congoleum Data Breach: Personal Information of 4k Individuals Exposed

New GhostLock tool abuses Windows API to block file access

Nvidia GeForce NOW data breach confirmed - but luckily most of us will be safe, here's why

Official CheckMarx Jenkins package compromised with infostealer

OpenLoop Health Data Breach Affects 716,000 Individuals

Police Shut Relaunched Crimenetwork Dark Web Marketplace

Police take down relaunched criminal marketplace with 22,000 users, €3.6 million in revenue

Poor security left hackers inside water company network for nearly two years

Pro-Iranian hacker group claims to expose identities of Israeli special forces officers

Ransomware hackers are now threatening to indulge in Physical Harm or Violence

Rapid7 links Chaos ransomware campaign to Iranian state-sponsored MuddyWater espionage operation

Renegade recovers $190K after hacker returns 90% of stolen funds

Romanian Man Faces Up to 30 Years in US Prison Over Vishing Scams

Rushed Patches Follow Broken Embargo on New Linux Kernel Vulnerabilities

School app Canvas breach hits during finals

Schools negotiate with hackers following Canvas data breach

Second Canvas data breach causes major disruptions for schools, colleges

Security teams are turning to AI to survive alert overload

ShinyHunters Escalates Canvas Extortion with School by School Ransom Campaign

Skoda Data Breach Hits Online Shop Customers

Soomgo reports hacker extortion to authorities, probes possible data leak in Korea

South Korea: Former Police Officer Sentenced for Voice Phishing Money Laundering

Tables Turned: Gentlemen Ransomware Group Suffers Data Leak

TeamPCP Compromises Checkmarx Jenkins AST Plugin Weeks After KICS Supply Chain Attack

Texas sues Netflix over alleged data practices that create ‘surveillance machinery’ without user consent

The scam economy has found its AI upgrade

The State of Ransomware - Q1 2026

TrickMo Android banker adopts TON blockchain for covert comms

TrickMo Variant Routes Android Trojan Traffic Through TON

‘Truly terrifying’: Alberta voter data breach raises fears for Canada’s electoral integrity

Two more Hong Kong educational institutions hit by Canvas learning platform data breach

Uber hid drivers’ data rights, Dutch watchdog rules, stands by €10 Million penalty

UK water company allowed hackers to lurk undetected for nearly two years, regulator finds

Universities worldwide still struggling with fallout from Canvas cyber attack

Unoaerre Ransomware Attack Disrupts Manufacturing Operations

Venmo privacy redesign changes the default of post visibility

Water company's leaky security earns near-£1 Million fine

We investigated the Vodafone data leak: Here is what hackers claim they stole

What is device token phishing?

What is Digital Invitation Scam and here's how to safeguard yourself from such cyber threats

What It Costs to Hire a Hacker on the Dark Web in 2026

Why Did the Renegade Hacker Return $190K in Stolen Crypto?

Why was Canvas hacked? Identity of the hacker explored as 275 million users impacted

Zara Data Breach Impacts Nearly 200,000 Customers

Zara data breach saw 197,000 people have information exposed - but luckily, hackers may not have accessed private info

Zara global data breach exposes information on nearly 200,000 customers

Zara Owner Inditex Confirms Customer Data Breach Affecting Nearly 200,000 People

Posted by at
Labels: