Resource: Privacy Law Directory — Codamail
Codamail has launched a Privacy Law Directory that maps data‑protection, surveillance and intelligence frameworks across 21 jurisdictions, including the United States, the European Union and key international partners. The resource is organized around the Five, Nine and Fourteen Eyes intelligence alliances, revealing how intercepted communications flow between governments. It highlights a pervasive pattern: privacy statutes chiefly shield domestic citizens while granting agencies broad exemptions to collect foreign traffic. The directory also exposes the parallel commercial data‑broker ecosystem that operates largely outside judicial oversight, adding a second layer of privacy risk.
Romanian Hacker Faces up to 7 Years for Breaching Oregon Emergency Management Department
A 45‑year‑old Romanian national, Catalin Dragomir, pleaded guilty to breaching Oregon’s Department of Emergency Management in June 2021 and selling the compromised access for roughly $3,000 in Bitcoin. The hacker also infiltrated ten additional U.S. companies, generating at least $250,000...
San Jose Slow to Tell Workers About Data Breach
San Jose city officials disclosed that a lost USB drive may have exposed Social Security numbers of current and former employees. The breach occurred on Jan. 9, but the city delayed notifying affected workers, providing no estimate of how many were...
Loan Applications, Drivers Licences, Personal Data of 440k Aussies Exposed After Hacker Hits Sydney Finance Tech Company youX
Australian fintech platform youX confirmed an unauthorized intrusion that exposed personal data of approximately 440,000 Australians. The stolen information includes loan applications, driver’s licence details and other identifying data. The breach was disclosed following the company’s internal investigation and reported...
HHS OCR Settles HIPAA Security Rule Investigation with Top of the World Ranch Treatment Center
The U.S. Department of Health and Human Services Office for Civil Rights settled with Top of the World Ranch Treatment Center after a phishing attack exposed ePHI for 1,980 patients. OCR fined the provider $103,000 and imposed a two‑year corrective...
Meriden, Connecticut Shuts Down City Internet After Disruption Attempt
Meriden, Connecticut, temporarily shut down its municipal internet and public Wi‑Fi after detecting an attempted cyber disruption. The city’s IT department isolated the network within minutes, limiting impact to non‑essential municipal operations while emergency services remained functional. Police have opened...
University of Mississippi Medical Center Closes All Clinics in Wake of Cyberattack
The University of Mississippi Medical Center (UMMC) suffered a severe cybersecurity breach on Thursday, forcing multiple IT systems offline, including its Epic electronic medical records platform. The outage crippled access to patient data, prompting the Jackson‑based health system to shut...
Data Protection Failures on Moldovan Portals Leave Citizens at Risk
Moldovan job‑seeker portal cariere.gov.md exposed 7,758 applicant dossiers, including personal IDs, medical forms and criminal records, due to a lack of authentication. The data were accessible simply by altering a URL parameter, revealing nearly 19,000 JSON files. After a researcher...
Nigerian Man Sentenced to Eight Years in Prison for Computer Intrusion and Theft
A Nigerian national living in Mexico was sentenced to eight years in federal prison and ordered to pay $1.39 million in restitution for a five‑year scheme that compromised Massachusetts tax‑preparation firms. Using phishing emails and Warzone RAT malware, he harvested taxpayer...
Oklahoma Cheyenne and Arapaho Tribes Say Ransomware Disrupted Tribal Systems
The Cheyenne and Arapaho Tribes of Oklahoma were hit by a ransomware attack that forced the shutdown of their computer networks, halting email, phone services and some tribal operations. Tribal Governor Reggie Wassana confirmed the disruption while recovery efforts began....
Montana Hospital Restores Phones as Cyber-Related Network Disruptions Persist
Livingston HealthCare in Montana announced that its phone system has been fully restored after a recent cybersecurity incident forced the hospital to shut down communications and other network services. The disruption, first reported on Feb. 13, stemmed from a potential...
Marietta Also Affected by BridgePay Ransomware Attack.
The BridgePay Network Solutions ransomware attack disrupted the City of Marietta’s online credit‑card processing, halting business‑license payments on February 6, 2026. BridgePay’s forensic review found no payment‑card data was compromised, and the ransomware group remains unidentified. The city is deploying a temporary,...
He Tried to Extort the Dutch Police. It Didn’t Work Out Well for Him.
A 40‑year‑old man from Ridderkerk attempted to extort the Dutch police by demanding something in exchange for returning compromised files. Police intercepted the scheme and arrested him on Thursday evening around 7:00 PM. The arrest was reportedly triggered by a procedural...
Nevada Unveils New Statewide Data Classification Policy Months After Cyberattack
Nevada’s Governor’s Technology Office unveiled a statewide data classification policy, introducing four distinct categories—public, sensitive, confidential, and restricted. The initiative follows a costly ransomware attack that disrupted state systems and cost roughly $1.5 million in response. Agencies must now assign a...
Guernsey Medical Practice Sanctioned After Cyber Criminals Access Patient Data Through Email Account
Guernsey’s Data Protection Authority has sanctioned First Contact Health after a phishing attack compromised an employee’s email, exposing confidential patient data. The breach was discovered by the practice, which reported it to authorities, but regulators found the organization lacked adequate...
New “Kurd Hackers Forum” Focuses on Middle Eastern Data Breaches and Leaks
A new online community called the Kurd Hacker Forum has emerged, focusing on data breaches across Iran, Syria, and Turkey. The clear‑net site, registered on Jan 28 2026, mirrors the layout of BreachForums and hosts threads in English and Kurdish. It currently...
It’s 2026, but Hospitals Still Haven’t Prevented Snooping in Celebrities’ Records
A Michigan hospital, likely McLaren Northern Michigan, is accused by internet personality Josh Clarke of allowing staff to view his medical records, take selfies in his treatment area, and conceal his presence on a notice board. Clarke’s video alleges that...
FCC Cybersecurity Alert and Recommendations to Communications Providers
On January 29, 2026 the Federal Communications Commission released public notice DA 26‑96, urging all communications providers to adopt a set of cybersecurity best practices aimed at thwarting ransomware attacks. The notice, issued by the FCC’s Public Safety and Homeland Security...
Hospital Employee Snooped in 98 Patient Records, Saskatchewan Privacy Commissioner Finds
A Saskatchewan privacy commissioner confirmed that a unit clerk at Dr. F.H. Wigmore Regional Hospital accessed their own health record and those of 98 other patients 102 times between July 2024 and June 2025. The employee disclosed private details to a coworker and a...
Several Dutch Agencies Suffer Major Data Breach
Several Dutch government agencies, including the Data Protection Authority (AP) and the Council for Justice, suffered a data breach after a vulnerability in Ivanti Endpoint Manager was exploited. Unauthorized actors accessed personal information of agency employees, exposing names, contact details,...
Hong Kong Plans to Revive Privacy Law Requiring Firms to Report Data Breaches
Hong Kong’s privacy commissioner announced plans to revive mandatory data‑breach reporting after a 2024 pause over business‑environment concerns. The government will consult lawmakers this year on amendments to the Personal Data (Privacy) Ordinance, introducing phased implementation and penalties for non‑compliance....
Nitrogen’s Ransomware Can’t Be Decrypted — Even by Nitrogen
A recent government advisory highlights that the Nitrogen ransomware family cannot be decrypted, even by its own operators. Victims who pay the ransom receive no guarantee of a working decryption key, and recovered files may remain corrupted. The warning underscores...
Legal Threat: DMCA Notice to SuspectFile Is Refuted, but It Never Should Have Happened
SuspectFile journalist Marco A. De Felice faced a baseless DMCA takedown demand from The Hacker News’ law firm after publishing a Black Basta investigation sourced from independent journalist Valéry Rieß‑Marche. The firm, Dennemeyer & Associates, insisted on copyright infringement despite clear evidence that no material...
OIG Audit of Hospital’s Cybersecurity Finds Vulnerabilities in Common Web Applications
The U.S. Department of Health and Human Services Office of the Inspector General audited a large southeastern hospital and identified security gaps in four internet‑accessible web applications. The hospital, a 300‑bed facility that relies on the HITRUST Common Security Framework...
Berlin Hospitals Threatened by Spate of Attacks
Berlin’s Hospital Association has warned of a surge in unexplained incidents targeting hospitals, ranging from drone incursions and cyberattacks to forced entries and arson. Intelligence agencies have classified at least some of these events as potential security threats, prompting heightened...
Two Ivy League Universities Had Donor Information Breaches. Will Donors Be Notified?
Harvard University disclosed a November phishing attack that exposed alumni, donor and limited staff data, while the University of Pennsylvania confirmed a ShinyHunters intrusion that accessed Salesforce, SAP and other systems, compromising roughly 1.2 million students, alumni and donors. Both breaches...
Don’t Panic: 0apt’s Listings and Data Leaks Are Fakes — Researchers
Researchers at DataBreach.com have uncovered that the new ransomware‑style group 0apt is not delivering real stolen data. The site lists high‑profile companies, but each download streams infinite random bits generated by /dev/random, producing only white noise. The tactic creates the...
Former Nuance Communications Employee Facing More Charges in 2023 Geisinger Data Breach Case
Former Nuance Communications employee Max Vance has been hit with two additional false‑statement counts after a superseding indictment revealed he lied to FBI agents about downloading protected health information. The indictment follows his original charge of unlawfully accessing data belonging...
Ransomware Attack Compromised 377,000 People’s Social Security and Driver’s License Numbers From Texas Gas Station and Convenience Store Chain
A ransomware group infiltrated Gulshan Management Services, the operator of about 150 Handi Plus and Handi Stop gas stations across Texas, exposing personal data of 377,082 individuals. The attackers accessed the network through a phishing email and remained undetected for several days,...
Threats: Results of a Pilot Survey on Threats, and a New Category on DataBreaches.net
A pilot survey of 112 security researchers and journalists was conducted from December 20 2025 to January 18 2026 to gauge legal and criminal threats they face. The study reveals that many respondents encounter litigation warnings, criminal investigations, and intimidation from cyber‑criminals. Findings are...
RINA Accountants & Advisors Is Creating $400K Settlement Fund to Settle Lawsuit over 2022 Data Breach
RINA Accountants & Advisors, a U.S. accounting firm, has agreed to establish a $400,000 settlement fund to resolve a class‑action lawsuit stemming from a 2022 data breach. The breach exposed client‑sensitive information, prompting legal action from affected parties. The settlement...
Comcast Agrees to $117.5 Million Settlement to Resolve Lawsuits over 2023 Citrix Bleed Data Breach
Comcast has reached a $117.5 million settlement to resolve 24 class‑action lawsuits stemming from the 2023 Citrix Bleed data breach, which potentially exposed personal information of more than 30 million current and former customers. A federal judge in the Eastern District...
StopICE Hacked: Names And Locations of Over 100k Users Were Sent to the FBI, ICE and HSI
The anti‑ICE activist platform StopICE suffered a massive data breach, exposing personal details of over 100,000 registered users. Hackers accessed names, login credentials, phone numbers and precise GPS locations, then transmitted the information to the FBI, ICE and Homeland Security...
When the GDPR Is Weaponized to Shut Journalists up, Don’t Go Silently Into that Dark Night
Journalists across the US and Europe face escalating legal attacks, from arrests to super‑injunctions, aimed at silencing critical reporting. A new EU SLAPP report shows 167 lawsuits filed in 2024, with Italy, Germany and Serbia leading, and two‑thirds initiated by...
BD: 14,000 Journos’ Personal Data Leaked Online
Bangladesh Election Commission’s online accreditation portal inadvertently displayed the personal data of roughly 14,000 journalists. The leak included National ID numbers, mobile numbers, and full application documents submitted for election accreditation and vehicle stickers. The flaw surfaced on Saturday afternoon...
Investigation Into Data Breach Involving Blue Cross Blue Shield Members Could Head to Court
Blue Cross Blue Shield of Montana disclosed a cyber incident that may have exposed the protected health information of up to 462,000 members through its third‑party vendor Conduent. The breach was discovered on July 1, 2025, investigated internally, and reported to the...
SK Telecom Rejects Consumer Agency’s Compensation Settlement over Personal Data Leak
South Korea's SK Telecom, after acknowledging a massive personal data leak, is fighting a $91 million regulator fine and has turned down a consumer‑agency settlement proposal. The breach exposed millions of customers' personal information, prompting intense regulatory scrutiny. SK Telecom's legal...
Trump Sues IRS and the Treasury for $10 Billion Because His Tax Returns Were Leaked
The 2023 leak orchestrated by former Booz Allen consultant Charles Littlejohn exposed tax returns for an estimated 400,000 affluent Americans, a cache that quickly landed on the desks of the New York Times and ProPublica. Littlejohn’s guilty plea in 2023 and subsequent...
Ex-Google Engineer Guilty of Stealing AI Tech for Chinese Firm
A federal jury in Northern California found former Google engineer Linwei Ding guilty of 14 counts of economic espionage and trade‑secret theft. Ding allegedly exfiltrated 1,255 internal documents—about 14,000 pages—related to Google’s AI chip technology between May 2022 and January 2024. He...
You’re Not Paranoid: Lawyers ARE Coming to Get You.
Comstar LLC, an ambulance billing vendor, suffered a March 2022 ransomware attack that exposed the protected health information of roughly 585,621 individuals. Federal regulators settled for $75,000, while Connecticut and Massachusetts AGs imposed a combined $515,000 penalty and a detailed...
UK Plans Sweeping Overhaul of Policing Amid Surge in Online Crimes
The UK government announced a sweeping reform of policing that will create a new National Police Service, modeled after the FBI, to lead the fight against cybercrime, fraud and other internet‑enabled offenses. The proposal consolidates responsibilities currently spread across dozens...
Savannah Best Buy Employee Says ‘Hacker Group’ Blackmailed Him Into Theft Ring Scheme
Best Buy employee Dorian Allen, 20, was sentenced to jail after police say he helped a group of suspected shoplifters leave a Savannah store with over $40,000 in merchandise. Allen alleges an online hacker group blackmailed him, threatening to expose personal...
Fresh Breach — Lena Health Breach Preview — Full Leak Coming Soon
Lena Health suffered a massive data breach exposing over 2,100 patients' protected health information, including full identifiers, medical records, and 19,542 audio recordings stored in an unencrypted public S3 bucket. The leak also revealed API keys, staff credentials, and discharge...
Hungarian and Romanian Police Detain Young Hackers over Fake Threat Calls
Hungarian police, working with Romanian authorities, detained four young hackers suspected of orchestrating false and intimidating phone calls to law‑enforcement units. The investigation, launched in mid‑July 2025 after multiple police departments reported receiving threatening calls, uncovered a coordinated scheme that...
Call-On-Doc Allegedly Had a Breach Affecting More than 1 Million Patients. They’ve yet to Comment.
Telehealth platform Call‑On‑Doc is accused of a data breach that may have exposed more than 1.1 million patient records, according to a listing on a hacking forum. The alleged leak includes personal identifiers, contact details, medical conditions and payment amounts, with...
Microsoft Gave FBI Keys To Unlock Encrypted Data, Exposing Major Privacy Concern
Microsoft complied with an FBI search warrant, providing BitLocker recovery keys stored on its cloud for three Guam laptops tied to a Covid unemployment fraud investigation. The devices were protected by BitLocker, Microsoft’s default full‑disk encryption, whose recovery keys can...
NL: Police Warned About Security Hole Used by Russian Hackers in Major Theft of Police Data
Dutch police were warned in 2022 about inherent risks in Microsoft’s M365 cloud, yet a Russian cyber‑espionage group exploited those gaps in September 2024. By compromising an officer’s email account, the hackers exfiltrated contact details, profile photos and personal data of...
Kazakhstan Considers Criminal Liability for Mass Leaks of Personal Data
Kazakhstan is drafting legislation to impose criminal liability for mass leaks of personal data, as proposed by the Ministry of Artificial Intelligence and Digital Development. The same proposal would dramatically increase administrative fines for organizations that fail to meet information‑security...
Hong Kong Issues Code of Practice Under the Protection of Critical Infrastructures (Computer Systems) Ordinance
On 1 January 2026 Hong Kong’s Office of the Commissioner of Critical Infrastructure (Computer‑system Security) released a Code of Practice (CoP) under the Protection of Critical Infrastructures (Computer Systems) Ordinance, which also took effect that day. The CoP translates the Ordinance’s high‑level...
Alerted to a Breach in November, Advanced Family Surgery Center Remains Publicly Silent
Advanced Family Surgery Center, part of Covenant Health, was notified by the Genesis hacking group on November 26 2025 that its systems had been compromised and 100 GB of sensitive data—including protected health information—had been exfiltrated. Genesis later posted a file‑tree on a...