Take action on the latest cybersecurity events
Cybersecurity advisories and events as they happen, with a clear action you can take.
published: yesterday
Amtrak's customer data, including 2.1 million unique emails and support ticket details, was leaked by the ShinyHunters group after a social engineering attack compromised the company's Salesforce environment.
published: yesterday
Ameriprise Financial Inc. disclosed a data breach affecting 47,876 individuals after an unauthorized person accessed stored files in March 2026, exposing Social Security numbers and financial account details.
Hotel Curracloe in Ireland reported a third-party data breach at its booking provider, GuestDiary.com, which led to targeted phishing attacks against guests via WhatsApp and email.
published: yesterday
Aligned Orthopedic Partners reports a data breach involving unauthorized access to its email environment between November and December 2025, potentially exposing sensitive personal and protected health information.
Impac Mortgage Holdings disclosed a data breach that exposed the Social Security numbers of 19,253 individuals after an unknown actor accessed its systems in early 2024. The company waited two years after discovery to notify the public and is now offering credit monitoring services.
published: yesterday
Inditex, the parent company of Zara, reports a data breach involving unauthorized access to customer transaction databases hosted by a former third-party technology provider. Commercial interaction records were exposed, but Inditex claims that sensitive personal data, passwords, and financial information are secure.
Georgia Heritage Federal Credit Union suffered a ransomware attack in early 2025 that exposed the personal, financial, and medical data of over 43,000 individuals. The breach involved an external system compromise and led to a year-long investigation before the credit union began notifying affected members in January 2026.
published: April 18, 2026
Standard Bank and its subsidiary Liberty suffered a data breach where a threat actor named "Rootboy" claims to have exfiltrated 1.2TB of data from internal administrative systems. The leak includes customer IDs, account numbers, and contact information, though core banking systems remained secure.
published: April 18, 2026
Nobu Restaurant Group reported a data breach to the Texas Attorney General following a 71 GB ransomware attack by the Akira group that allegedly exposed SSNs, passports, and medical information.
published: April 16, 2026
Express patched an Insecure Direct Object Reference (IDOR) vulnerability on its website that allowed unauthorized access to customer personal information and order history through sequential URLs. The exposure included names, addresses, and partial credit card data, with some records appearing in public search engine results.