Hong Kong Plans to Revive Privacy Law Requiring Firms to Report Data Breaches
Hong Kong’s privacy commissioner announced plans to revive mandatory data‑breach reporting after a 2024 pause over business‑environment concerns. The government will consult lawmakers this year on amendments to the Personal Data (Privacy) Ordinance, introducing phased implementation and penalties for non‑compliance. The proposal seeks to boost breach transparency while balancing economic impact.
Nitrogen’s Ransomware Can’t Be Decrypted — Even by Nitrogen
A recent government advisory highlights that the Nitrogen ransomware family cannot be decrypted, even by its own operators. Victims who pay the ransom receive no guarantee of a working decryption key, and recovered files may remain corrupted. The warning underscores...
Legal Threat: DMCA Notice to SuspectFile Is Refuted, but It Never Should Have Happened
SuspectFile journalist Marco A. De Felice faced a baseless DMCA takedown demand from The Hacker News’ law firm after publishing a Black Basta investigation sourced from independent journalist Valéry Rieß‑Marche. The firm, Dennemeyer & Associates, insisted on copyright infringement despite clear evidence that no material...
OIG Audit of Hospital’s Cybersecurity Finds Vulnerabilities in Common Web Applications
The U.S. Department of Health and Human Services Office of the Inspector General audited a large southeastern hospital and identified security gaps in four internet‑accessible web applications. The hospital, a 300‑bed facility that relies on the HITRUST Common Security Framework...
Berlin Hospitals Threatened by Spate of Attacks
Berlin’s Hospital Association has warned of a surge in unexplained incidents targeting hospitals, ranging from drone incursions and cyberattacks to forced entries and arson. Intelligence agencies have classified at least some of these events as potential security threats, prompting heightened...
Two Ivy League Universities Had Donor Information Breaches. Will Donors Be Notified?
Harvard University disclosed a November phishing attack that exposed alumni, donor and limited staff data, while the University of Pennsylvania confirmed a ShinyHunters intrusion that accessed Salesforce, SAP and other systems, compromising roughly 1.2 million students, alumni and donors. Both breaches...
Don’t Panic: 0apt’s Listings and Data Leaks Are Fakes — Researchers
Researchers at DataBreach.com have uncovered that the new ransomware‑style group 0apt is not delivering real stolen data. The site lists high‑profile companies, but each download streams infinite random bits generated by /dev/random, producing only white noise. The tactic creates the...
Former Nuance Communications Employee Facing More Charges in 2023 Geisinger Data Breach Case
Former Nuance Communications employee Max Vance has been hit with two additional false‑statement counts after a superseding indictment revealed he lied to FBI agents about downloading protected health information. The indictment follows his original charge of unlawfully accessing data belonging...
Ransomware Attack Compromised 377,000 People’s Social Security and Driver’s License Numbers From Texas Gas Station and Convenience Store Chain
A ransomware group infiltrated Gulshan Management Services, the operator of about 150 Handi Plus and Handi Stop gas stations across Texas, exposing personal data of 377,082 individuals. The attackers accessed the network through a phishing email and remained undetected for several days,...
Threats: Results of a Pilot Survey on Threats, and a New Category on DataBreaches.net
A pilot survey of 112 security researchers and journalists was conducted from December 20 2025 to January 18 2026 to gauge legal and criminal threats they face. The study reveals that many respondents encounter litigation warnings, criminal investigations, and intimidation from cyber‑criminals. Findings are...
RINA Accountants & Advisors Is Creating $400K Settlement Fund to Settle Lawsuit over 2022 Data Breach
RINA Accountants & Advisors, a U.S. accounting firm, has agreed to establish a $400,000 settlement fund to resolve a class‑action lawsuit stemming from a 2022 data breach. The breach exposed client‑sensitive information, prompting legal action from affected parties. The settlement...
Comcast Agrees to $117.5 Million Settlement to Resolve Lawsuits over 2023 Citrix Bleed Data Breach
Comcast has reached a $117.5 million settlement to resolve 24 class‑action lawsuits stemming from the 2023 Citrix Bleed data breach, which potentially exposed personal information of more than 30 million current and former customers. A federal judge in the Eastern District...
StopICE Hacked: Names And Locations of Over 100k Users Were Sent to the FBI, ICE and HSI
The anti‑ICE activist platform StopICE suffered a massive data breach, exposing personal details of over 100,000 registered users. Hackers accessed names, login credentials, phone numbers and precise GPS locations, then transmitted the information to the FBI, ICE and Homeland Security...
When the GDPR Is Weaponized to Shut Journalists up, Don’t Go Silently Into that Dark Night
Journalists across the US and Europe face escalating legal attacks, from arrests to super‑injunctions, aimed at silencing critical reporting. A new EU SLAPP report shows 167 lawsuits filed in 2024, with Italy, Germany and Serbia leading, and two‑thirds initiated by...
BD: 14,000 Journos’ Personal Data Leaked Online
Bangladesh Election Commission’s online accreditation portal inadvertently displayed the personal data of roughly 14,000 journalists. The leak included National ID numbers, mobile numbers, and full application documents submitted for election accreditation and vehicle stickers. The flaw surfaced on Saturday afternoon...
Investigation Into Data Breach Involving Blue Cross Blue Shield Members Could Head to Court
Blue Cross Blue Shield of Montana disclosed a cyber incident that may have exposed the protected health information of up to 462,000 members through its third‑party vendor Conduent. The breach was discovered on July 1, 2025, investigated internally, and reported to the...
SK Telecom Rejects Consumer Agency’s Compensation Settlement over Personal Data Leak
South Korea's SK Telecom, after acknowledging a massive personal data leak, is fighting a $91 million regulator fine and has turned down a consumer‑agency settlement proposal. The breach exposed millions of customers' personal information, prompting intense regulatory scrutiny. SK Telecom's legal...
Trump Sues IRS and the Treasury for $10 Billion Because His Tax Returns Were Leaked
The 2023 leak orchestrated by former Booz Allen consultant Charles Littlejohn exposed tax returns for an estimated 400,000 affluent Americans, a cache that quickly landed on the desks of the New York Times and ProPublica. Littlejohn’s guilty plea in 2023 and subsequent...
Ex-Google Engineer Guilty of Stealing AI Tech for Chinese Firm
A federal jury in Northern California found former Google engineer Linwei Ding guilty of 14 counts of economic espionage and trade‑secret theft. Ding allegedly exfiltrated 1,255 internal documents—about 14,000 pages—related to Google’s AI chip technology between May 2022 and January 2024. He...
You’re Not Paranoid: Lawyers ARE Coming to Get You.
Comstar LLC, an ambulance billing vendor, suffered a March 2022 ransomware attack that exposed the protected health information of roughly 585,621 individuals. Federal regulators settled for $75,000, while Connecticut and Massachusetts AGs imposed a combined $515,000 penalty and a detailed...
UK Plans Sweeping Overhaul of Policing Amid Surge in Online Crimes
The UK government announced a sweeping reform of policing that will create a new National Police Service, modeled after the FBI, to lead the fight against cybercrime, fraud and other internet‑enabled offenses. The proposal consolidates responsibilities currently spread across dozens...
Savannah Best Buy Employee Says ‘Hacker Group’ Blackmailed Him Into Theft Ring Scheme
Best Buy employee Dorian Allen, 20, was sentenced to jail after police say he helped a group of suspected shoplifters leave a Savannah store with over $40,000 in merchandise. Allen alleges an online hacker group blackmailed him, threatening to expose personal...
Fresh Breach — Lena Health Breach Preview — Full Leak Coming Soon
Lena Health suffered a massive data breach exposing over 2,100 patients' protected health information, including full identifiers, medical records, and 19,542 audio recordings stored in an unencrypted public S3 bucket. The leak also revealed API keys, staff credentials, and discharge...
Hungarian and Romanian Police Detain Young Hackers over Fake Threat Calls
Hungarian police, working with Romanian authorities, detained four young hackers suspected of orchestrating false and intimidating phone calls to law‑enforcement units. The investigation, launched in mid‑July 2025 after multiple police departments reported receiving threatening calls, uncovered a coordinated scheme that...
Call-On-Doc Allegedly Had a Breach Affecting More than 1 Million Patients. They’ve yet to Comment.
Telehealth platform Call‑On‑Doc is accused of a data breach that may have exposed more than 1.1 million patient records, according to a listing on a hacking forum. The alleged leak includes personal identifiers, contact details, medical conditions and payment amounts, with...
Microsoft Gave FBI Keys To Unlock Encrypted Data, Exposing Major Privacy Concern
Microsoft complied with an FBI search warrant, providing BitLocker recovery keys stored on its cloud for three Guam laptops tied to a Covid unemployment fraud investigation. The devices were protected by BitLocker, Microsoft’s default full‑disk encryption, whose recovery keys can...
NL: Police Warned About Security Hole Used by Russian Hackers in Major Theft of Police Data
Dutch police were warned in 2022 about inherent risks in Microsoft’s M365 cloud, yet a Russian cyber‑espionage group exploited those gaps in September 2024. By compromising an officer’s email account, the hackers exfiltrated contact details, profile photos and personal data of...
Kazakhstan Considers Criminal Liability for Mass Leaks of Personal Data
Kazakhstan is drafting legislation to impose criminal liability for mass leaks of personal data, as proposed by the Ministry of Artificial Intelligence and Digital Development. The same proposal would dramatically increase administrative fines for organizations that fail to meet information‑security...
Hong Kong Issues Code of Practice Under the Protection of Critical Infrastructures (Computer Systems) Ordinance
On 1 January 2026 Hong Kong’s Office of the Commissioner of Critical Infrastructure (Computer‑system Security) released a Code of Practice (CoP) under the Protection of Critical Infrastructures (Computer Systems) Ordinance, which also took effect that day. The CoP translates the Ordinance’s high‑level...
Alerted to a Breach in November, Advanced Family Surgery Center Remains Publicly Silent
Advanced Family Surgery Center, part of Covenant Health, was notified by the Genesis hacking group on November 26 2025 that its systems had been compromised and 100 GB of sensitive data—including protected health information—had been exfiltrated. Genesis later posted a file‑tree on a...
SK Telecom Files Lawsuit to Revoke Record 135 Bln-Won Fine over Data Breach
South Korea’s largest mobile carrier, SK Telecom, has filed a lawsuit with the Seoul Administrative Court to overturn a record 135 billion‑won (US$91 million) fine imposed by the Personal Information Protection Commission for a massive data breach. The breach, disclosed belatedly, exposed...
How Crypto Criminals Stole $700 Million From People – Often Using Age-Old Tricks
Crypto criminals are increasingly buying stolen consumer databases to pinpoint high‑net‑worth individuals and siphon cryptocurrency. A breach at luxury conglomerate Kering exposed millions of shopper records, which a hacker purchased for $300,000 and cross‑referenced with other leaks. Using the combined...
UK: Secret Gagging Order Should Not Have Been Used to Cover up Afghan Data Breach, Sir Ben Wallace Says
Former defence secretary Sir Ben Wallace criticised the use of a secret gagging order to conceal a massive data breach at the Ministry of Defence that exposed the personal details of thousands of Afghan collaborators. The breach occurred after an...
2025: Double the Breaches, but Less Patient Data Compromised
In 2025 the healthcare sector saw breach incidents more than double, yet the total number of patient records exposed dropped sharply. The Fortified Health Security report, based on HHS OCR data, its own NIST Cybersecurity Framework assessments, and incident‑response experience,...
UK: North West Ambulance Service’s Increased Breach Reports May Reflect Better Reporting
North West Ambulance Service NHS Trust disclosed nearly 400 data‑breach incidents over the past three years, with reports climbing from 75 breaches in 2022/23 to 143 the following year and 172 in the most recent period. Confidentiality failures dominated, accounting...
4 in 5 Small Businesses Had Cyberscams Last Year, Almost Half Were AI Powered
A recent Identity Theft Resource Center survey shows that four out of five small businesses experienced a cyber‑scam or breach in the past year, with almost half of those attacks powered by artificial intelligence. The study found that 38% of...
Japanese Nuclear Regulator Employee Loses Phone Containing Sensitive Info in China
Japan’s Nuclear Regulation Authority disclosed that an employee lost a government‑issued smartphone while on a personal trip to China in November. The device contained a database of contact information for senior nuclear officials, plant operators, and emergency responders, classified as...
A Faceless Hacker Stole My Therapy Notes – Now My Deepest Secrets Are Online Forever
Finnish psychotherapy provider Vastaamo suffered a massive data breach, exposing personal and therapy records of about 33,000 patients. Hackers contacted victims, demanding Bitcoin payments under threat of publishing the sensitive information. In September 2025, a Helsinki court released the alleged...
Jordanian Man Admits Selling Unauthorized Access to Computer Networks of 50 Companies
Jordanian national Feras Albashiti, operating under several aliases, pleaded guilty in U.S. federal court to acting as an access broker. He sold unauthorized network credentials for at least 50 companies to an undercover officer in May 2023, receiving payment in...
Act Now: Survey on Threats Researchers and Journalists Experience Ends January 18
A new survey by DataBreaches.net and Zack Whittaker seeks to document threats faced by cybersecurity researchers and journalists, closing on January 18. The call follows recent high‑profile incidents, including an FBI raid on Washington Post reporter Hannah Natanson and court‑ordered injunctions that...
Website that Leaked Thousands of ICE Agents’ Personal Information Is Down After DDoS Attack
A Netherlands‑based activist’s site, ICE List, which published personal details of thousands of Immigration and Customs Enforcement and Border Patrol officers, was knocked offline by a large‑scale distributed denial‑of‑service attack on Tuesday. The site’s founder, Dominick Skinner, believes the assault...
HHS OCR Comments on Its 2026 Priorities
The HHS Office for Civil Rights (OCR) released its 2026 enforcement roadmap, highlighting four priority areas: continuing the HIPAA Privacy Rule Right of Access initiative, expanding the Security Rule Risk Analysis to broader risk management, intensifying hacking and ransomware actions,...
JPMorgan Claims Ex-Advisor In Fla. Stole Trade Secrets To Poach Clients For LPL
JPMorgan has filed a federal lawsuit seeking a temporary restraining order against former private‑client advisor Kevin J. Sercia. The bank alleges Sercia accessed roughly 175 client profiles on its Advisor Central system after hours and stole confidential information to solicit...
Data Protection Agency Tells Coupang to Stop Publishing Unconfirmed Information About Data Breach
South Korea’s Personal Information Protection Commission (PIPC) has ordered e‑commerce giant Coupang to stop publishing its own findings about a recent data breach that exposed personal information of millions of users. The regulator warned that unverified disclosures could mislead consumers...
Eurail Passengers Taken for a Ride as Data Breach Spills Passports, Bank Details
Eurail confirmed a data breach that exposed personal information of customers, particularly those who received passes through the EU‑funded DiscoverEU programme. The breach potentially includes passport numbers, issuance details, and bank information, though direct‑purchase customers’ passports were not stored visually....
Personal Details of Thousands of Border Patrol and ICE Agents Allegedly Leaked in Huge Data Breach
A whistleblower allegedly released personal data on roughly 4,500 ICE and Border Patrol employees, including about 2,000 frontline agents, after the Jan. 7 shooting of Renee Nicole Good. The leak, posted on the volunteer‑run ICE List site, contains names, work emails,...
NY: Southold Laserfiche Access Remains Suspended After Cyberattack
Southold, New York, has kept its Laserfiche online record‑keeping system offline for more than six weeks after a cyberattack on Nov. 24 compromised its servers. The town announced that public access will remain suspended with no clear restoration timeline. To remediate,...
Antwerp’s AZ Monica Hospital Hit by Cyber Attack
AZ Monica hospital in Antwerp suffered a cyber attack on Tuesday, forcing a shutdown of computer systems at its Deurne and Harmonie campuses. The breach was detected at 6:30 am, prompting staff to power down servers and initiate an investigation by...
Armenia Probes Alleged Sale of 8 Million Government Records on Hacker Forum
Armenian authorities have launched a probe after a hacker identified as dk0m claimed to be selling eight million government records on a dark‑web forum. The data allegedly originates from a state notification system that distributes legal and administrative notices. Officials...
Massive Cyberattack on Polish Power System in December Failed, Minister Says
Poland’s power grid endured its biggest cyberattack in years during the last week of December, according to Energy Minister Milosz Motyka. The operation attempted to sever communication links between renewable energy installations and distribution operators, but was ultimately thwarted with...
