Resources
In-depth analysis of significant data breaches and cyber incidents. Understand what happened, who was affected, and what your organisation can learn from each event.
Disclaimer
These advisories summarise publicly reported cybersecurity incidents for educational purposes. All information is sourced from publicly available reports and may include claims that are unverified or disputed. See individual advisories for full source citations and disclaimers.
Showing 58 of 58 advisories
Healthcare / Academic Research · United States · March 2026
Analysis of the University of Hawai'i Cancer Center ransomware attack affecting up to 1.24 million individuals. Legacy research data from the 1990s exposed including SSNs.
Legal / Information Services · United States · March 2026
Analysis of the LexisNexis cloud breach exposing 2GB of legal and government client data.
Retail / Grocery · Canada · March 2026
Analysis of the Loblaw Companies data breach where hackers accessed customer contact information from Canada’s largest food and pharmacy retailer, which operates 2,400+ stores.
Data Brokerage / Identity Verification · United States · March 2026
Analysis of the Infutor data exposure affecting approximately 677 million records of US consumer data, including Social Security Numbers, reportedly caused by a misconfigured Elasticsearch database.
Business Process Outsourcing / Technology Services · Canada · March 2026
Analysis of the TELUS Digital breach where ShinyHunters allegedly stole close to 1 petabyte of data, reportedly including BPO customer data for 28 companies, using credentials from the Salesloft Drift breach.
Manufacturing / Chemicals · Netherlands · March 2026
Analysis of the Anubis ransomware attack on AkzoNobel where the group claims to have stolen 170GB of data including passport scans and confidential agreements from the global paints and coatings manufacturer.
Telecommunications · Netherlands · March 2026
Analysis of the Odido data breach affecting over 6 million individuals in the Netherlands. Social engineering attack bypassed MFA and exposed customer data including IBANs and identity document metadata.
Healthcare / Medical Devices · United States · March 2026
Analysis of the Handala group’s destructive wiper attack on Stryker Corporation, which reportedly wiped up to 200,000 devices across 79 countries using the company’s own Microsoft Intune platform.
Healthcare IT / Revenue Management · United States · March 2026
Analysis of the TriZetto Provider Solutions data breach affecting over 3.4 million patients. An 11-month unauthorised access to healthcare claims processing systems exposed SSNs and health data.
Technology / Entertainment · United States · March 2026
Analysis of Roku's second data breach in two years affecting 576,000 customer accounts.
Travel / Hospitality · Mexico · March 2026
Analysis of the MexiTravels data leak exposing approximately 1.98 million travel reservation records. SQL database dump published on dark web forums.
Education / Government / Arts · Norway · March 2026
Analysis of the Den kulturelle skolesekken (DKS) data breach in Norway exposing approximately 1.3 million records from the national cultural education programme.
Identity Verification / Fintech · Global · February 2026
Analysis of the IDMerit KYC data exposure affecting approximately 1 billion identity verification records across 26 countries due to a misconfigured MongoDB database.
Technology / Social Media · Global · February 2026
Analysis of the Flickr data exposure via third-party breach including user IP addresses and locations.
Government IT Services / Healthcare · United States · February 2026
Analysis of the Conduent ransomware breach affecting over 25 million individuals including government benefits recipients. SafePay group claimed to have exfiltrated 8TB of data.
Government / International · European Union · February 2026
Analysis of the European Commission staff data exposure via exploited Ivanti Endpoint Manager Mobile vulnerability.
Automotive / E-commerce · United States · February 2026
Analysis of the CarGurus data breach reportedly exposing 12.4 million user records including hashed passwords.
Government · Senegal · February 2026
Analysis of the claimed Senegal government biometric database breach by Green Blood Group with 139TB of identity data.
Food Service / Retail · United States · February 2026
Analysis of the Panera Bread data breach with 5.1 million customer accounts leaked by ShinyHunters after failed extortion attempt.
Healthcare · United States · February 2026
Analysis of the Terry Reilly Health Services breach via TriZetto supply chain cascade exposing SSNs and health data.
Financial Services / Government · France · February 2026
Analysis of the FICOBA breach exposing 1.2 million French bank account records from the national registry.
Healthcare · United States · February 2026
Analysis of the San Diego Eye Bank ransomware attack exposing patient and donor data.
Fintech / Blockchain · United States · February 2026
Analysis of the Figure Technology breach affecting 967,000 users via social engineering by the ShinyHunters group.
Retail / Apparel · Global · February 2026
Analysis of the Adidas licensing partner breach exposing 815,000 rows of data including plaintext passwords.
Information Management · United States · February 2026
Analysis of the Iron Mountain extortion attempt claiming 1.4TB of data from the records management company.
Government / Regulatory · Netherlands · February 2026
Analysis of the Dutch Data Protection Authority breach via Ivanti vulnerability - the data privacy regulator itself compromised.
Fintech · Australia · February 2026
Analysis of the youX breach exposing 444,538 Australian borrowers' government IDs and driver's licences.
Utilities · United States · February 2026
Analysis of the Bryan Texas Utilities ransomware attack disrupting billing services for 70,000 customers.
Fintech / Payments · United States · February 2026
Analysis of the PayPal credential-stuffing attack affecting 34,942 users with SSN exposure over a 5-month period.
Media / Technology · United States · February 2026
Analysis of the Substack breach exposing subscriber email addresses and phone numbers.
Aviation / Travel · Japan · February 2026
Analysis of the Japan Airlines breach affecting 28,000 customers via unauthorised access to luggage delivery reservation system.
Media / Entertainment · Luxembourg · February 2026
Analysis of the RTL Group breach exposing 27,000 employees' contact and job details.
Automotive / Manufacturing · United States · February 2026
Analysis of the Volvo Group breach affecting 17,000 employees via the Conduent/SafePay ransomware supply chain attack.
Technology · Global · February 2026
Analysis of the Microsoft Outlook add-in credential theft affecting 4,000 user accounts.
Fintech / Cryptocurrency · Global · February 2026
Analysis of the Coinbase insider threat exposing 30 individuals' KYC data and crypto wallet balances.
Hospitality / Gaming · United States · February 2026
Analysis of the Wynn Resorts ransomware attack exposing customer and corporate data.
Retail / Consumer · United States · January 2026
Analysis of the Under Armour data breach with 72 million customer records allegedly leaked by the Everest ransomware group after a failed extortion attempt.
Social Media · Global · January 2026
Analysis of the alleged Instagram data leak of 17.5 million accounts. Meta denies the breach occurred and the claims remain unverified.
Dating / Social Media · Global · January 2026
Analysis of the alleged Match Group breach reportedly exposing 10 million records from Hinge, Match.com, and OkCupid via claimed compromise of marketing analytics partner.
Technology / Business Intelligence · United States · January 2026
Analysis of the Crunchbase data breach exposing 2 million records including internal documents and contracts.
Telecommunications · United States · January 2026
Analysis of the Brightspeed data breach affecting over 1 million customers with partial payment card information exposed.
Financial Services / Regulatory · Canada · January 2026
Analysis of the CIRO breach affecting 750,000 people at Canada's investment regulatory organisation via phishing attack.
Government / Social Services · United States · January 2026
Analysis of the Illinois DHS data exposure affecting 705,017 individuals due to a system misconfiguration exposing public assistance data.
Healthcare · United States · January 2026
Analysis of the Vida Y Salud breach affecting 34,504 individuals with SSNs and medical data exposed.
Healthcare / Dental · United States · January 2026
Analysis of the 360 Dental PC ransomware attack affecting 11,273 individuals.
Travel / Transportation · Europe · January 2026
Analysis of the Eurail breach with passport and customer data allegedly offered for sale on the dark web.
Government / Law Enforcement · United States · January 2026
Analysis of the ICE and Border Patrol insider leak exposing 4,500 law enforcement workers' details.
Healthcare · United States · January 2026
Analysis of the Mid Michigan Medical Billing ransomware attack by Qilin group affecting 28,185 individuals.
Healthcare / Dental · United States · January 2026
Analysis of the Pecan Tree Dental ransomware attack by Sinobi group affecting 13,300 individuals.
Retail / Apparel · United States · January 2026
Analysis of the Nike data breach with 1.4TB of internal design and manufacturing data claimed stolen by WorldLeaks.
Healthcare / Mental Health · United States · January 2026
Analysis of the Jefferson-Blount Mental Health Authority ransomware attack by Medusa group affecting 30,434 individuals.
Financial Services · United States · January 2026
Analysis of the Wakefield & Associates ransomware attack by Akira group affecting 31,751 individuals.
Fintech / Cryptocurrency · Global · January 2026
Analysis of the Ledger/Global-e breach exposing crypto wallet customer data including physical addresses and order details.
Healthcare · United States · January 2026
Analysis of the Avosina Healthcare ransomware attack by Qilin group affecting 44,425 individuals.
Healthcare · United States · January 2026
Analysis of the LifeLong Medical Care breach affecting 70,000 individuals via hacking at a business associate.
Healthcare · United States · January 2026
Analysis of the Clinic Service Corporation breach affecting 82,331 individuals' health data.
Government / Social Services · United States · January 2026
Analysis of the Minnesota DHS insider threat incident affecting 303,965 individuals' personal and protected information.
Healthcare · United States · January 2026
Analysis of the Central Ozarks Medical Center breach affecting 11,818 individuals' health data.
Try widening your selection or clearing the filters.
A breach advisory is an in-depth, plain-English analysis of a significant, publicly reported data breach or cyber incident. Each advisory summarises what happened, who was affected, the likely attack vector, and the practical lessons other organisations can draw from the event.
Our research team prioritises incidents by scale, sector relevance, novelty of the attack technique, and how much other defenders can learn from them. We focus on incidents that have been publicly disclosed through reputable reporting, regulatory filings, or the affected organisation's own notifications.
Advisories are compiled solely from publicly available information for educational purposes and do not imply fault or negligence. If you represent an organisation featured here and believe any detail requires correction, email hello@scrutex.ai and our team will review it promptly.