Analysis of the Dropbox Sign (ex-HelloSign) breach: API key attack chain, exfiltration of 68 million accounts, impact on eSignature certificates and GDPR notification obligations.
The ShinyHunters group is threatening to publish Rockstar Games Snowflake data on April 14, 2026. The breach allegedly runs through Anodot, a third-party AI analytics provider. Another supply chain attack case.
Hackers claim the compromise of several major Colombian banks on April 8, 2026, publishing samples of customer data online. Risk analysis, regulatory obligations, and lessons for the financial sector.
The Qilin ransomware group breached Covenant Health (Michigan, 16 hospitals) and exfiltrated data on 480,000 patients. Analysis of HIPAA notification obligations, Qilin's threat profile, and the rise of ransomware in healthcare in 2026.
On March 28, 2026, Hasbro discovered unauthorized access to its systems. External cybersecurity specialists were brought in and some systems taken offline. The full scope of the incident is still being determined.
The Dutch Ministry of Finance confirms a breach detected on March 19, 2026. Third European institution hit in March after the European Commission.
Anime streaming platform Crunchyroll (Sony) was breached on March 12, 2026. 100 GB of data exfiltrated via a compromised TELUS employee.
ShinyHunters compromised Infinite Campus via a Salesforce account on March 18, 2026. The system manages data for 11 million students across 3,200 US school districts.
The European Commission's AWS account was compromised, highlighting cloud security risks for government institutions and the shared responsibility model.
Ransomware group Qilin claims an attack on Malaysia Airlines. Passenger bookings, HR files, vendor contracts, and internal communications compromised.
Navia Benefit Solutions reveals a breach exposing 2.7 million records including Social Security numbers. Analysis of notification obligations and compliance lessons.
On March 11, 2026, TELUS Digital suffered a ransomware attack claimed by ShinyHunterz, compromising 1 petabyte of data. Incident analysis and takeaways.