Incidents in sector:

Technology

Data breachUnknownMay 20, 2026

GitHub hit by a cyberattack, nearly 4,000 internal private repositories leaked

GitHub, the development platform used by millions of developers worldwide, confirmed having been the victim of a cyberattack that

Victim: GitHub

RansomwareContainedMay 13, 2026

Foxconn Nitrogen ransomware breach (2026)

The Nitrogen ransomware group claimed on its dark-web leak site that it had stolen over 11 million files from Foxconn's North American facilities, including confidential information belonging to customers Apple, Dell, Google, Intel, Nvidia, and Sony. Foxconn said affected factories were resuming normal production.

Victim: Foxconn (Hon Hai Precision Industry)

Data breachRansom paidMay 1, 2026

Instructure Canvas LMS ShinyHunters breach (2026)

ShinyHunters exploited Canvas's Free-For-Teacher account programme to exfiltrate 3.65 TB of data spanning approximately 275 million users across nearly 9,000 schools — names, email addresses, student IDs, and some private messages between students and teachers. Instructure reportedly paid the ransom and the data was destroyed.

Victim: Instructure (Canvas LMS)
Loss: $10.0M
Records: 275.0M

OtherUnknownApril 24, 2026

STOR Solutions: a hacker claims access to 120,000 UPS units and the datacenter's systems

A hacker claims to have compromised the infrastructure of the STOR datacenter, presented as hosting cloud services as well as technical systems linked

Victim: STOR Solutions

Data breachUnknownApril 19, 2026

Vercel: security incident confirmed after a leak claim

Vercel, a cloud platform popular in the JavaScript ecosystem and creator of Next.js, has confirmed a security incident involving unauthorised

Victim: Vercel

RansomwareUnknownApril 7, 2026

Synergy: a key player in data and cloud in France hit by ransomware

Synergy France, a company specialising in data and cloud solutions, is reportedly currently being targeted by a ransomware-type cyberattack. The company

Victim: Synergy

OtherUnknownMarch 27, 2026

European Union: cyberattack on the Europa platform

The European Commission has revealed that it was the victim of a cyberattack on 25 March 2026, targeting its cloud infrastructure used to host the

Victim: European Union

Data breachUnknownJanuary 29, 2026

126,998 Reseau.site customers affected by a data leak

Customers of Reseau.site, a SaaS management platform for retailers and craftspeople, are affected by a confirmed leak impacting nearly 127,000 profiles. The incident exposes…

Victim: Reseau.site
Records: 127.0K

Insider threatContainedNovember 29, 2025

Coupang insider data breach (2025)

A former Coupang employee accessed personal data on 33.7 million customer accounts of South Korea's largest e-commerce platform. Coupang announced a $1.17 billion compensation plan; its head of Korean e-commerce resigned.

Victim: Coupang
Loss: $1.17B
Records: 33.7M

Supply chainstolenFebruary 21, 2025

Bybit cold wallet heist

Lazarus operators substituted the implementation contract during a routine Safe multisig transaction, draining ~$1.5 billion in ETH and staked-ETH derivatives from Bybit's Ethereum cold wallet — the largest single cryptocurrency theft in history.

Victim: Bybit
Loss: $1.50B

RansomwareRansom paidJune 18, 2024

CDK Global BlackSuit ransomware (2024)

BlackSuit operators encrypted CDK Global's dealer-management platform, knocking ~15,000 North American car dealerships offline for nearly two weeks. A second attack hit on day two of recovery. Industry losses estimated at over $1 billion; CDK reportedly paid a $25 million ransom.

Victim: CDK Global
Loss: $1.00B

RansomwareRansom paidJune 8, 2024

KADOKAWA / Niconico BlackSuit ransomware (2024)

Phishing access let BlackSuit (Russian-linked) encrypt KADOKAWA's infrastructure and the Niconico video-sharing platform, taking services offline for two months. KADOKAWA paid ~$2.9M in cryptocurrency — and BlackSuit leaked the stolen 1.5 TB anyway.

Victim: KADOKAWA Corporation
Loss: $2.9M
Records: 254.2K

Credential stuffingContainedMay 30, 2024

Snowflake customer-account credential-stuffing campaign (UNC5537, 2024)

A threat cluster tracked as UNC5537 / ShinyHunters used credentials harvested by infostealer malware to log into ~160 Snowflake customer tenants that lacked MFA. Victims included AT&T, Ticketmaster, Santander, LendingTree, Advance Auto Parts, Neiman Marcus, and Bausch Health. Ticketmaster alone exposed data for ~560 million users.

Victim: Snowflake customer tenants (~160 organisations: AT&T, Ticketmaster, Santander, LendingTree, Advance Auto Parts, Neiman Marcus, Bausch Health, et al.)
Records: 560.0M

RansomwareContainedJanuary 17, 2024

Schneider Electric Sustainability Business Cactus ransomware (2024)

Cactus ransomware operators hit Schneider Electric's Sustainability Business division, taking the Resource Advisor consulting platform offline and exfiltrating approximately 1.5 TB of data — including passport scans and signed NDAs from customers like Hilton, PepsiCo, and Walmart.

Victim: Schneider Electric — Sustainability Business division

RansomwareContainedDecember 8, 2023

Westpole LockBit ransomware — Italian PA outage (2023)

LockBit 3.0 encrypted the data centres of Italian cloud provider Westpole, taking down PA Digitale's Urbi platform — which serves 1,300 Italian public administrations including 540 municipalities, the Quirinale presidency, ISTAT, the Bank of Italy, and the Ministry of Environment. Payroll, citizen services, and local-government workflows were degraded for weeks.

Victim: Westpole / PA Digitale (Urbi platform)

Credential stuffingResolvedOctober 6, 2023

23andMe credential-stuffing breach

Attackers used credentials reused from prior breaches to access 23andMe accounts, then leveraged the 'DNA Relatives' feature to scrape ancestry and genetic profile data on 6.9 million users from compromised relatives' connections.

Victim: 23andMe Holding Co.
Loss: $50.0M
Records: 6.9M

RansomwareContainedMay 23, 2023

Xplain Play ransomware and Swiss federal documents leak (2023)

Play ransomware breached Swiss IT services provider Xplain, exfiltrating 1.3 million files. Approximately 65,000 documents belonging to the Swiss Federal Administration — including classified content, personal data, and readable passwords — were published on Play's dark-web leak site in June 2023.

Victim: Xplain (Swiss IT services provider to the Federal Administration)
Records: 1.3M

EspionageContainedMay 15, 2023

Microsoft Storm-0558 signing-key theft and US government email access (2023)

China-based Storm-0558 forged authentication tokens using a stolen Microsoft consumer signing key and read email at approximately 25 organisations — including the US State Department, the Department of Commerce, and the U.S. Ambassador to China. The 'cascade of errors' that enabled it became a defining case for cloud-provider key custody.

Victim: Microsoft customers (US State Department, Department of Commerce, ~25 organisations)

Data breachContainedAugust 8, 2022

LastPass two-stage breach and customer vault theft (2022)

An August 2022 source-code theft from one LastPass developer's laptop chained into a November 2022 compromise of a DevOps engineer's personal computer — yielding access to backups of customer password vaults. Federal investigators later linked LastPass-stolen vaults to a $150 million crypto heist.

Victim: LastPass

private-keypartially-recoveredMarch 23, 2022

Ronin Bridge heist

Lazarus operators compromised five of nine Ronin validator nodes and forged withdrawal signatures, draining 173,600 ETH and 25.5 million USDC (~$625M) — the largest cryptocurrency theft on record at the time.

Victim: Sky Mavis / Axie Infinity / Ronin Network
Loss: $625.0M

Supply chainContainedJuly 2, 2021

Kaseya VSA supply-chain ransomware (REvil)

REvil affiliates exploited a SQL injection zero-day in Kaseya's VSA remote-management platform to push ransomware to ~60 MSPs and through them to ~1,500 downstream organisations. The largest supply-chain ransomware attack on record.

Victim: Kaseya VSA customers (~60 MSPs, ~1,500 downstream organisations)
Loss: $200.0M

RansomwareContainedFebruary 9, 2021

CD Projekt Red HelloKitty ransomware and source-code theft (2021)

HelloKitty ransomware encrypted CD Projekt Red devices and exfiltrated source code for Cyberpunk 2077, The Witcher 3, Gwent, and an unreleased version of The Witcher 3. CDPR refused to pay; the data was auctioned and reportedly sold to a private buyer.

Victim: CD Projekt Red

Supply chainContainedDecember 13, 2020

SolarWinds SUNBURST supply-chain compromise (Cozy Bear)

Russian SVR operators trojanized SolarWinds Orion build infrastructure, distributing a backdoored update to 18,000 customers including the U.S. Treasury, Commerce, DHS, State, and Energy departments. The defining state cyberespionage operation of the decade.

Victim: SolarWinds (Orion customers — ~18,000 organisations including 9 U.S. federal agencies and Microsoft, FireEye, Mimecast)
Loss: $100.00B

RansomwareRansom paidJuly 23, 2020

Garmin WastedLocker ransomware (Evil Corp)

Evil Corp deployed the WastedLocker ransomware against Garmin, taking flyGarmin aviation services, Garmin Connect, and inReach satellite messaging offline for five days. Garmin paid an estimated $10M ransom despite OFAC sanctions on Evil Corp.

Victim: Garmin Ltd.
Loss: $30.0M

private-keystolenJanuary 26, 2018

Coincheck NEM heist

Tokyo-based cryptocurrency exchange Coincheck lost 523 million NEM tokens (~$530M at the time) from a hot wallet that had no multi-signature protection. The largest single crypto-exchange theft at the time — later attributed to North Korea's Lazarus Group.

Victim: Coincheck Inc.
Loss: $530.0M

Data breachResolvedSeptember 22, 2016

Yahoo data breaches (3 billion accounts)

Two separate breaches — disclosed in 2016 but stretching back to 2013 and 2014 — exposed every Yahoo account in existence. Three billion accounts: the largest single-company data exposure in history.

Victim: Yahoo!
Loss: $470.0M
Records: 3.00B