Recent Posts
News•Feb 28, 2026
Connecticut Senate Bill Raises the Stakes on Data Breach Response
Connecticut Senate Bill 117, titled An Act Concerning Breaches of Security Involving Electronic Personal Information, mandates that entities experiencing a massive data breach—defined as affecting at least 100,000 state residents—retain a qualified third‑party forensic examiner. The bill requires a detailed forensic report be submitted to the Attorney General within 90 days of discovery. Non‑compliance triggers civil penalties of $100,000 for small businesses and $500,000 for larger entities. The legislation seeks to tighten breach response and accountability in the state.
By DataBreaches.net
News•Feb 28, 2026
KT, LG Uplus Face Lingering Fallout over Hacking Incidents
Korea's telecom giants KT and LG Uplus are still dealing with the repercussions of recent hacking incidents. KT has extended the deadline for customers to claim early‑termination‑fee refunds to June 30 after many missed the Jan. 31 cutoff. LG Uplus is under investigation for...
By DataBreaches.net
News•Feb 27, 2026
Former Nuance Employee Admits Breaching More than 1.2M Geisinger Patient Records
Max Vance, a former Nuance Communications employee, admitted to illegally extracting protected health information from Geisinger Health System, affecting over 1.2 million patients. The breach continued after his termination, indicating he retained access to the provider’s network. Vance pleaded guilty in...
By DataBreaches.net
News•Feb 27, 2026
South Korean Authorities Accidentally Hand Hackers $4.8M in Crypto
South Korea's National Tax Service mistakenly published a photo containing the mnemonic recovery phrase of a seized cryptocurrency wallet. Hackers used the exposed phrase to transfer approximately $4.8 million worth of digital assets to their own accounts. The blunder underscores a...
By DataBreaches.net
News•Feb 27, 2026
UK Court of Appeal Rules on the Concept of Personal Data in the Context of Data Security
On 19 February 2026 the UK Court of Appeal decided DSG Retail Ltd v The Information Commissioner, holding that a controller’s data‑security duty covers all information it treats as personal, even if an attacker cannot identify individuals. The ruling, based...
By DataBreaches.net
News•Feb 27, 2026
NL: Hackers Had Access to Prison Staff Data for Five Months
Hackers infiltrated the Dutch prisons agency DJI and accessed staff data for at least five months, according to a radio investigation by Argos. The compromised information includes employee email addresses, phone numbers and security certificates. The breach was uncovered after...
By DataBreaches.net
News•Feb 26, 2026
Cisco Says Hackers Have Been Exploiting a Critical Bug to Break Into Big Customer Networks Since 2023
Cisco disclosed that a critical vulnerability in its Catalyst SD‑WAN platform has been actively exploited since 2023. The flaw carries a CVSS rating of 10.0, granting attackers remote code execution and full administrative control. Hackers have used the bug to...
By DataBreaches.net
News•Feb 25, 2026
Clalit Probes Suspected Cyberattack After Iranian-Linked Hackers Leak Patient Files
Clalit Health Services, Israel’s largest HMO, announced it is probing a suspected cyberattack after the Iranian‑linked group Handala claimed to have breached its systems. The hackers released thousands of documents containing patients' personal and medical information on public platforms. Clalit...
By DataBreaches.net
News•Feb 25, 2026
South Korea Considers Updates to Data and Cyber Laws
South Korea is preparing amendments to its Network Act and Personal Information Protection Act after a wave of high‑profile data breaches in telecommunications, retail and finance. The revisions aim to tighten data protection, reinforce security governance, and boost the effectiveness...
By DataBreaches.net
News•Feb 24, 2026
Greater Pittsburgh Orthopaedic Associates Disclosed a 2025 Breach, but Was There Also One in 2024?
Greater Pittsburgh Orthopaedic Associates disclosed a data breach that began around August 10, 2025, affecting tens of thousands of patients. The group reported 35,000 records to HHS in August 2025, but a February 2026 filing to the Maine Attorney General raised the figure...
By DataBreaches.net
News•Feb 24, 2026
Hackers Threaten to Leak 8 Million People’s Stolen Data if Dutch Telecom Odido Won’t Pay Ransom
Dutch telecom operator Odido confirmed a breach by the Shinyhunters cyber‑criminal group, which claims to have exfiltrated data on up to eight million customers. The attackers are demanding more than one million euros in ransom and have issued a final...
By DataBreaches.net
News•Feb 24, 2026
Some Patients Listed as “Charlie Kirk” Or Dead After Major NZ Health App MediMap Hacked
New Zealand health‑tech firm MediMap was forced offline after an unauthorized intrusion altered patient records, including changing names to “Charlie Kirk” and marking individuals as deceased. The breach affected dozens of providers in aged‑care, disability, hospice and community settings, prompting the...
By DataBreaches.net
News•Feb 22, 2026
Top NATO Allies Believe Cyberattacks on Hospitals Are an Act of War. They’re Still Struggling to Fight Back.
A new POLITICO poll reveals that citizens in the United States, Canada and other key NATO allies overwhelmingly consider cyberattacks on hospitals to be acts of war. Despite this public sentiment, NATO’s official response remains measured, emphasizing diplomatic channels and...
By DataBreaches.net
News•Feb 22, 2026
The Hospitality Sector Continues to Be Lucrative Targets
The hospitality sector faced three data breaches this week. Choice Hotels International disclosed a social‑engineering attack that accessed franchisee and applicant records, including names and Social Security numbers, despite multi‑factor authentication. Wynn Resorts is alleged to have had 800,000 employee...
By DataBreaches.net
News•Feb 21, 2026
This Is How You Do It: Dentist Speaks Out After Practice Hit by Cyber Attack
Grange Dental Care in Northern Ireland suffered a cyber attack on Thursday morning, resulting in fraudulent invoice emails being sent from its system. The breach was identified at 9:50 am, and the dentist immediately alerted his IT provider, who halted the...
By DataBreaches.net