All news with #breach tag

🔒 Washington Hotel, a business brand of Fujita Kanko Inc., disclosed a ransomware infection after an intrusion on Friday, February 13, 2026 at 22:00 local time. The company says it immediately disconnected affected servers, formed an internal task force, and engaged external cybersecurity experts to assess impact and coordinate recovery; preliminary findings indicate attackers accessed various business data. Customer records are unlikely to have been exposed because those are held by a separate vendor, but some properties experienced operational effects such as temporarily unavailable credit-card terminals.

🔒 Odido, the largest mobile operator in the Netherlands, disclosed a data breach affecting its customer contact system and potentially impacting up to 6.2 million people. While the company says no passwords, call records or billing data were taken, exposed fields reportedly include names, home and email addresses, IBANs, dates of birth and passport/driver's license numbers. Odido has contained the intrusion, engaged external cybersecurity experts and will contact affected customers directly.

🔒 Ten years after the February 2016 operation that attempted to steal $951 million via fraudulent SWIFT messages, the Bangladesh Bank heist remains a defining case for cyber resiliency. Attackers attributed to the Lazarus Group used spear-phishing, backdoors, keyloggers and printer sabotage to capture credentials and erase audit trails, enabling 35 fraudulent transfer attempts. The incident exposed basic control failures—lack of network segregation, exposed SWIFT systems, and limited endpoint monitoring—and helped drive mandatory measures such as the SWIFT Customer Security Program.

🔍 Canada Goose is investigating after data extortion group ShinyHunters published an archive claiming more than 600,000 customer records tied to past transactions. The 1.67 GB JSON dataset reportedly contains names, emails, phone numbers, billing and shipping addresses, IPs, order histories, and partial payment card data (brands, BINs, last four digits). Canada Goose says it has found no evidence of a breach of its own systems and that no unmasked financial data appears present, while it reviews the dataset to verify accuracy and scope.

🚨 A critical pre-authentication remote code execution vulnerability, CVE-2026-1731, in BeyondTrust Remote Support and Privileged Remote Access appliances is being actively exploited after a proof-of-concept was published. The flaw affects Remote Support ≤25.3.1 and Privileged Remote Access ≤24.3.4 and allows unauthenticated attackers to execute OS commands as the site user. BeyondTrust automatically patched SaaS instances on Feb 2, 2026; on-premises customers must install vendor updates immediately.

🔒 SmarterTools confirmed a network breach by the Warlock (aka Storm-2603) ransomware group after attackers exploited an unpatched SmarterMail instance on January 29, 2026. A single, unpatched VM allowed lateral movement to about a dozen Windows servers across the office network and a secondary QC data center, with hosted SmarterTrack customers most affected. Operators staged tools including Velociraptor and deployed a locker after gaining Active Directory control. SmarterTools urges immediate upgrade to Build 9526 and isolation of mail servers to limit further ransomware deployment.

🔒 BridgePay Network Solutions has confirmed a ransomware attack triggered a system-wide IT outage, according to security alerts published on February 6. Initial forensic work indicates no payment card data appears to have been compromised and that any accessed files were encrypted. The company said it is working with cybersecurity specialists, the FBI and the US Secret Service and that recovery may be lengthy; it will provide regular updates to affected customers and partners.

🔒 The European Commission is investigating a breach after detecting traces of a cyberattack against its mobile device management platform on 30 January. The incident may have exposed some staff names and mobile numbers, but investigators say there is no evidence that individual mobile devices were compromised. The Commission says the affected system was contained and cleaned within nine hours. The activity is believed to be linked to exploitation of Ivanti Endpoint Manager Mobile (EPMM) vulnerabilities.

🔒 Kyle Svara, 26, pleaded guilty in federal court to phishing access codes and hacking nearly 600 Snapchat accounts to steal nude photos that he kept, sold, or traded. Between May 2020 and February 2021 he used social engineering to harvest credentials from roughly 570 victims and accessed at least 59 accounts to download private images. Svara advertised hacking services online, communicated via Kik, and accepted paid jobs including work for former Northeastern coach Steve Waithe. He now faces multiple federal charges, and is scheduled for sentencing on May 18.

⚠️ Romina Mineralbrunnen, producer of Eiszeitquell and Silberbrunnen, is facing a cyberattack that has brought production at its Reutlingen-Rommelsbach bottling sites to a standstill. The company reports that phones and email are currently unreachable, and local reporting indicates production has stopped. Reutlingen police have opened an investigation, but the method of attack and whether data was exfiltrated remain unknown. Operations and deliveries are impacted while the company assesses the situation.

🔒 Rapid7 attributes a late-2025 compromise of the infrastructure hosting Notepad++ to the China-linked actor known as Lotus Blossom. Attackers delivered a previously undocumented backdoor, Chrysalis, via a malicious NSIS installer after hijacking update requests beginning in June 2025; access was terminated on December 2, 2025. Notepad++ patched updater verification in version 8.8.9, migrated hosting, rotated credentials, and responders have published indicators and mitigations.

🔒 A coordinated international law enforcement operation led by Italy’s District Prosecutor’s Office of Catania, with support from Europol, Eurojust and Interpol, dismantled three large illegal IPTV platforms. Authorities seized infrastructure linked to IPTVItalia, migliorIPTV and DarkTV, identified 31 suspects and disrupted servers across Romania and Africa. Investigators report the services illegally retransmitted content from providers such as Sky, DAZN, Netflix and others while using cryptocurrencies and shell companies to obscure proceeds.

🛡️ Orange Cyberdefense compiled a dataset of 418 publicly reported law enforcement actions from 2021 to mid-2025 to clarify how agencies address cybercrime. The study shows extortion (including ransomware), malware, and hacking are the most targeted offenses, while arrests (29%), takedowns (17%) and charges (14%) are the predominant responses. The U.S. DOJ and FBI are most visible, with extensive public–private collaboration supporting operations.

🔒Match Group confirmed a security incident after the ShinyHunters group leaked 1.7 GB of compressed files allegedly containing about 10 million records from Hinge, Match, and OkCupid, along with internal documents. The company says it terminated unauthorized access, is working with external experts, and believes a limited amount of user data was exposed with no indication that login credentials, financial information, or private communications were accessed. Match Group is notifying affected individuals as appropriate and continuing its investigation.

🔒 Marquis Software Solutions says a ransomware attack in August 2025 that disrupted systems serving dozens of U.S. banks and credit unions was enabled by a breach at SonicWall's cloud backup service. Rather than exploiting an unpatched firewall, attackers used configuration data taken from backup files accessed after unauthorized access to the MySonicWall portal, according to Marquis and a third-party investigation. Marquis is evaluating options including seeking recoupment of response costs for itself and affected customers. SonicWall has acknowledged the MySonicWall breach and said a Mandiant probe linked the incident to state-sponsored actors.

🔒 Nike is investigating a potential cyber security incident after the extortion group World Leaks published 1.4 TB of files it claims were stolen from the company. Nike said it takes consumer privacy and data security seriously and is actively assessing the situation. The group claimed nearly 190,000 corporate files but later removed Nike from its leak site, a step often seen during negotiations or after a ransom payment.

🛡️ Morphisec Threat Labs has identified a critical supply-chain compromise of MicroWorld Technologies’ eScan antivirus discovered on 20 January 2026, in which malicious updates were delivered via the vendor's legitimate update infrastructure. The trojanized 32-bit executable, allegedly signed with a compromised certificate, deployed a downloader and a 64-bit backdoor, established persistence and implemented anti-remediation controls to block further updates. Morphisec reported blocking the activity on protected systems and urged immediate investigative and remediation actions for affected organizations.

🔍 US law firm Hagens Berman is investigating alleged security failures at Coupang after a June 2025 breach that may have exposed the personal data of 33.7 million customers. The firm says it is probing why it took nearly six months to detect a former employee’s access and alleges inadequate access protocols. Investors are being urged to join a class action by the February 17 lead-plaintiff deadline. South Korean regulators and police have also opened inquiries, and Coupang has faced executive changes and an order to remove a liability disclaimer from its terms.

🔒 Utrecht-based Eurail BV has confirmed that an unauthorized party accessed its customer database, potentially exposing a range of personal information for Interrail pass holders and some DiscoverEU participants. Affected items may include identification data (first and last name, date of birth, gender), contact details (email, home address, telephone) and passport details (number, issuing country, expiry). The company says the investigation is ongoing and that there is currently no indication the data have been misused or publicly shared; it is advising customers to remain vigilant, change passwords for Rail Planner and related accounts, and consult the provider’s FAQ for guidance.

🔒 Grubhub confirmed unauthorized actors downloaded data from certain systems and said it investigated, halted the activity, and is taking steps to strengthen its security posture. The company stated that financial information and order histories were not affected but declined to answer further questions about timing, affected users, or extortion. Grubhub said it is working with a third-party cybersecurity firm and law enforcement, while sources tell BleepingComputer that threat actors are demanding payment.