Data Breaches

The EU's executive arm is investigating a breach of its Amazon Web Services account that exposed Europa.eu infrastructure, the second cloud incident to hit the institution in 2026.

Sony's anime streaming service confirmed a breach of customer service ticket data after a threat actor compromised a Telus International support agent's credentials, claiming to have stolen 100 GB of user data.

Attackers stole 15.8 million patient files, including doctors' notes with HIV status and sexual orientation, from a French health-tech vendor already fined for mishandling medical data.

Bug bounty platform HackerOne confirms 287 employees had Social Security numbers and personal data exposed through a BOLA vulnerability at benefits administrator Navia, part of a broader breach affecting 2.7 million people.

Telus Digital confirmed a breach after ShinyHunters claimed to have stolen up to one petabyte of data using cloud credentials obtained in a prior third-party compromise.

The ShinyHunters cybercrime group says it exploited misconfigured Salesforce Experience Cloud guest accounts to steal data from nearly 400 organizations using a modified version of Mandiant's AuraInspector tool.

Threat actor FulcrumSec exploited the React2Shell vulnerability in LexisNexis AWS infrastructure, exfiltrating 3.9 million records and claiming access to 400,000 user profiles including U.S. government personnel.

A ransomware attack on government services giant Conduent exposed SSNs, medical records, and health insurance data for at least 25 million Americans across multiple states.

Substack disclosed a breach that went undetected for four months, with a hacker leaking email addresses, phone numbers, and internal metadata for hundreds of thousands of users on BreachForums.