How many cybersecurity events occurred during the first week of 2026?

During the week between December 29, 2025, and January 5, 2026, there were a total of 26 cybersecurity events: 7 advisory/vulnerability events and 19 incident/data breach events.

What was the largest data breach in the first week of 2026?

The largest data breach was the Illinois Department of Human Services incident, which exposed data of 705,017 individuals out of approximately 700,000 affected people.

How many individuals were impacted by data breaches in week 1 of 2026?

A total of 1,055,699 individuals were impacted across 9 incidents that reported breach numbers. This represents a decrease from 2.8 million impacted individuals in week 52 of 2025. The actual number is likely higher as not all incidents report the number of affected individuals.

Which industries were most affected by security incidents during the week?

Healthcare was the most affected industry with 5 incidents, followed by Finance with 3 incidents. Other affected sectors included Consulting/Professional Services, IT/Software/Technology, and Government (each with 2 incidents), and Utilities, Education, Insurance, Transport/Logistics, and Aviation (each with 1 incident).

What were the main types of security threats reported in week 1 of 2026?

The week saw multiple critical vulnerabilities including flaws in Apache NuttX RTOS, GNU Wget2, Apache StreamPipes, SmarterMail, and XSpeeder devices. Incidents included numerous data breaches, ransomware attacks (Akira, Qilin, TridentLocker), malware distribution, and DDoS attacks. The primary incident causes were malware/ransomware attacks and third-party compromises.

Knowledge

State of (in)security - Week 1, 2026

published: Jan. 5, 2026

Take action: Make sure all MongoDB database servers are isolated from the internet and accessible from trusted networks only. Then patch ASAP! If you can't update your MongoDB instance immediately, disable zlib compression.

Learn More

In the week between Dec. 29, 2025, midnight and Jan. 5, 2026, midnight we witnessed a total of:

7 advisory/vulnerability events
19 incident/data breach events

Week over Week comparison of week 1 2026 vs week 52 2025:

We also shared 1 practical knowledge items

Total impacted individuals via the events of the week

There were a total of 1,055,699 impacted individuals across 9 incidents, with the largest breach being the Illinois Department of Human Services leaks data of 700,000 people incident exposing 705,017 individuals. Since not all incidents report a number of impacted individuals, the real number is definitely higher than that.

Cause breakdown of incidents

Cause	Number of incidents
Malware, Ransomware and Related Attacks	1
Third Party Compromise	1

Industry breakdown of incidents

Industry	Number of incidents
Healthcare	5
Finance	3
Consulting/Professional Services	2
IT/Software/Technology	2
Government	2
Utilities	1
Education	1
Insurance	1
Transport/Logistics	1
Aviation	1

Read the Event Details of the Week

Knowledge

active exploit | Massive Data Exposure as Attackers Exploit MongoBleed Vulnerability

Vulnerabilities

critical vulnerability | Apache NuttX RTOS memory flaw exposes IoT devices to remote crashes
critical vulnerability | Critical GNU Wget2 flaw allows attackers to overwrite sensitive files
critical vulnerability | Critical privilege escalation flaw in Apache StreamPipes allows admin takeover
critical vulnerability | Critical SmarterMail flaw allows unauthenticated remote code execution
critical vulnerability | Critical zero-day flaw reported in XSpeeder devices
critical vulnerability | IBM patches critical authentication bypass flaw in API Connect
critical vulnerability | WHILL electric wheelchairs vulnerable to remote bluetooth hijacking

Incidents

critical vulnerability | Hacktivist group disrupt La Poste and La Banque Postale with second DDoS attack
data breach | People's Community Clinic reports data breach
data breach | Hackers claim breach of Pickett and Associates, offers for sale US utility infrastructure data
data breach | Melcher & Prescott Insurance reports data breach exposing customer data
data breach | Abri Credit Union reports data breach that went undetected for 18 months
data breach | Illinois Department of Human Services leaks data of 700,000 people
data breach | Neighbourly social network offline after claims of data breach
data breach | Austin Associates reports a data breach exposing SSNs and financial records
data breach | Korean Air reports third party data breach exposing 30,000 employee records
data breach | Greater St. Louis Oral & Maxillofacial Surgery Reports Email Breach and Patient Data Exposure
data breach | European Space Agency reports breach of external engineering servers
data breach | ManageMyHealth investigates breach of New Zealand patient portal
data breach | First Rehabilitation Resources reports email data breach
malware | EmEditor website compromised to distribute Infostealer malware
ransomware | Inha University Hit by Ransomware Attack; 650GB of Data Allegedly Stolen
ransomware | TridentLocker Ransomware claims attack on Sedgwick Government Solutions
ransomware | Akira Ransomware Group claims breach of MetroWest Community Federal Credit Union
ransomware | Appalachian Community Federal Credit Union hit by cyberattack claimed by Qilin ransomware gang
ransomware | Richmond Behavioral Health Authority reports ransomware attack exposing data of 113,000 people

Read More
State of (in)security - Week 21, 2023
State of (in)security - Week 13, 2024
CyFox vs Stremio - a primer in risk …
State of (in)security - Week 9, 2026
State of (in)security - Week 2, 2024