#data-breach
#data-breach

15 hours ago

Privacy professionals

Crook leaks 468k+ records, claims they pwned Portugal's postal carrier

Information security

Grafana Labs admits all its codebase are belong to someone who popped its GitHub account

Information security

Congress investigates Canvas breach as company pays ransom

Privacy professionals

FleetWave outage takes another turn. Chevin confirms crooks accessed customer data

fromNextgov.com

Canvas breach spotlights cybercriminal appetite for student data

Education technology platforms like Canvas are being targeted for breaches that can expose student data and enable fraud, identity theft, extortion, and further intrusions.

Privacy professionals

BWH Hotels guests warned after reservation data checks out with cybercrooks

15 hours ago

Crook leaks 468k+ records, claims they pwned Portugal's postal carrier

Parcel tracking codes and personal details in a CTT-related leak can enable highly convincing phishing emails and SMS messages.

Grafana Labs admits all its codebase are belong to someone who popped its GitHub account

An attacker stole Grafana Labs’ GitHub codebase and demanded ransom to prevent release, but Grafana decided not to pay.

Congress investigates Canvas breach as company pays ransom

US Congress summoned Instructure CEO Steve Daly to explain two Canvas breaches, including data accessed, containment, notifications, and coordination with federal law enforcement and CISA.

FleetWave outage takes another turn. Chevin confirms crooks accessed customer data

Attackers accessed customer databases and potentially acquired operational data, personal contact details, and payroll numbers during the April FleetWave outage.

fromNextgov.com

Canvas breach spotlights cybercriminal appetite for student data

Education technology platforms like Canvas are being targeted for breaches that can expose student data and enable fraud, identity theft, extortion, and further intrusions.

BWH Hotels guests warned after reservation data checks out with cybercrooks

BWH Hotels reported a third-party breach exposing guest contact and reservation data from October 2025 to April 2026, with no payment details involved.

123,000 Impacted by American Lending Center's Year-Old Breach

A banking and finance data breach involved ransomware, with possible access to sensitive personal information affecting over 123,000 individuals.

3 days ago

Canvas hack: is it ever a good idea to pay a ransom, and what happens to the data?

Instructure reached an agreement with ransomware attackers after student data theft, login page defacement, and assignment delays, with experts suspecting ransom payment.

4 days ago

American Lending Center Data Breach Affects 123,000 Individuals

A California non-bank lender reported a ransomware breach affecting 123,000 people, with potential theft of personal identifiers, and found no evidence of misuse.

Foxconn confirms cyberattack after ransomware crew claims it stole confidential Apple, Nvidia files

A ransomware attack hit Foxconn’s North American operations, disrupting some factories but enabling resumption of normal production after response measures.

fromComputerWeekly.com

ICO fines Cl0p victim South Staffs Water over data breach | Computer Weekly

South Staffordshire Water and its parent received a reduced £964,900 ICO fine after improvements following a Cl0p ransomware attack that exposed data of 600,000 people.

Ransomware Group Takes Credit for Trellix Hack

RansomHouse claimed responsibility for a Trellix breach involving leaked access to internal services and dashboards, while Trellix reported no evidence of source code exploitation.

2 days ago

123,000 Impacted by American Lending Center's Year-Old Breach

A banking and finance data breach involved ransomware, with possible access to sensitive personal information affecting over 123,000 individuals.

3 days ago

Canvas hack: is it ever a good idea to pay a ransom, and what happens to the data?

Instructure reached an agreement with ransomware attackers after student data theft, login page defacement, and assignment delays, with experts suspecting ransom payment.

4 days ago

American Lending Center Data Breach Affects 123,000 Individuals

A California non-bank lender reported a ransomware breach affecting 123,000 people, with potential theft of personal identifiers, and found no evidence of misuse.

Foxconn confirms cyberattack after ransomware crew claims it stole confidential Apple, Nvidia files

A ransomware attack hit Foxconn’s North American operations, disrupting some factories but enabling resumption of normal production after response measures.

fromComputerWeekly.com

ICO fines Cl0p victim South Staffs Water over data breach | Computer Weekly

South Staffordshire Water and its parent received a reduced £964,900 ICO fine after improvements following a Cl0p ransomware attack that exposed data of 600,000 people.

Ransomware Group Takes Credit for Trellix Hack

RansomHouse claimed responsibility for a Trellix breach involving leaked access to internal services and dashboards, while Trellix reported no evidence of source code exploitation.

more#ransomware

7-Eleven Data Breach Confirmed After ShinyHunters Ransom Demand

7-Eleven has started sending out security incident notices revealing that an intrusion into 7-Eleven systems used to store franchisee documents was detected on April 8. According to a notification submitted to the Maine Attorney General's Office, unspecified personal information has been compromised. The exposed information was provided to the company during franchise applications.

Information security

fromInside Higher Ed | Higher Education News, Events and Jobs

Grafana Confirms Breach After Hackers Claim They Stole Data

A compromised GitHub token enabled attackers to download Grafana’s codebase, demand ransom, and threaten leaks, but no customer data was taken and systems were unaffected.

#cybersecurity

Higher education

No, Colleges Can't Just Quit Canvas

Privacy professionals

US lawmakers demand answers from Instructure after Canvas data breaches | TechCrunch

Information security

Cybersecurity Is No Longer a Gatekeeper, But the Engine of Delivery Across Digital Economy

Information security

Government to Scrutinize Instructure Over Canvas Disruption, Data Breach

Hackers tipped off Dutch telco Odido about its own data breach

Odido learned two days late that a February hack caused a massive customer data breach, with phishing access and delayed discovery of stolen data.

Canvas owner secures student data in deal with hacking group

Instructure reached an agreement with ShinyHunters, received returned data, confirmed destruction, and said no customers will be extorted.

fromInside Higher Ed | Higher Education News, Events and Jobs

No, Colleges Can't Just Quit Canvas

A major Canvas data breach compromised 275 million users, disrupted finals, and led to ransom recovery, but experts expect limited long-term market impact.

US lawmakers demand answers from Instructure after Canvas data breaches | TechCrunch

House Homeland Security Committee lawmakers demand Instructure testimony about repeated cyberattacks, stolen student data, response actions, and coordination with CISA.

Cybersecurity Is No Longer a Gatekeeper, But the Engine of Delivery Across Digital Economy

Cybersecurity is a top fast-growing skill and must be integrated into product delivery, since both protection gaps and misconfigured controls can cause outages, breaches, and lost trust.

Government to Scrutinize Instructure Over Canvas Disruption, Data Breach

Instructure faced repeated Canvas intrusions, exploited Free-For-Teacher issues, and is temporarily shutting accounts while the House Homeland Security Committee demands incident details.

Hackers tipped off Dutch telco Odido about its own data breach

Odido learned two days late that a February hack caused a massive customer data breach, with phishing access and delayed discovery of stolen data.

Education

Canvas owner secures student data in deal with hacking group

In Other News: Big Tech vs Canada Encryption Bill, Cisco's Free AI Security Spec, Audi App Flaws

GeForce NOW user data was exposed via a partner breach, while the FCC extended update timelines for covered foreign routers and OpenAI sought EU access to a cyber-focused GPT variant.

#education-technology

5 days ago

Nobody believes the 'criminals and scumbags' who hacked Canvas really deleted stolen student data

Instructure claims stolen data was destroyed and no customers will be extorted, but ransomware researchers doubt deletion and warn further threats are likely.

fromThe Washington Post

US news

Canvas hack exposes schools' vulnerability to cyberattacks

fromTNW | Data-Security

ShinyHunters breach Instructure Canvas LMS, claim 275M users and 3.65TB of student data from 9,000 schools including 44 Dutch institutions

Hackers exploited Instructure’s Canvas systems, stealing 3.65TB of student and staff data from 275M users across thousands of institutions, including private messages.

Hackers deface school login pages after claiming another Instructure hack | TechCrunch

Hackers defaced Canvas login pages for multiple schools and threatened to publish stolen student data unless Instructure reaches a settlement.

5 days ago

Nobody believes the 'criminals and scumbags' who hacked Canvas really deleted stolen student data

Instructure claims stolen data was destroyed and no customers will be extorted, but ransomware researchers doubt deletion and warn further threats are likely.

fromThe Washington Post

US news

Canvas hack exposes schools' vulnerability to cyberattacks

fromTNW | Data-Security

ShinyHunters breach Instructure Canvas LMS, claim 275M users and 3.65TB of student data from 9,000 schools including 44 Dutch institutions

Hackers exploited Instructure’s Canvas systems, stealing 3.65TB of student and staff data from 275M users across thousands of institutions, including private messages.

more#education-technology

Hackers deface school login pages after claiming another Instructure hack | TechCrunch

Hackers defaced Canvas login pages for multiple schools and threatened to publish stolen student data unless Instructure reaches a settlement.

Foxconn Confirms North American Factories Hit by Cyberattack

Foxconn confirmed North American factories were hit by a cyberattack, with affected sites resuming normal production after response measures were activated.

fromwww.bbc.com

International cyber attack disrupts swathe of universities and schools

A ShinyHunters cyberattack disrupted Canvas across thousands of schools, forcing exam postponements and leaving some users unable to access coursework.

fromwww.aljazeera.com

Hacked educational platform partially restored for millions of students

ShinyHunters breached Canvas, stole 3.5 terabytes of student data, threatened release by May 12, and disrupted education during exam season.

fromArs Technica

Chaos erupts as cyberattack disrupts learning platform Canvas amid finals

A cyberattack disrupted Canvas during final exams, exposing personal data, prompting schools to postpone or reschedule exams, and restoring the platform after investigation.

Canvas education platform back online after cyberattack

Canvas access was restored after a major cyberattack disrupted student access worldwide during final exams.

fromFortune

Student hackers get revenge on final exams as 'ShinyHunters' takes down nearly 9,000 schools study software | Fortune

Canvas returned online after a cyberattack disrupted grades, assignments, and course materials for schools and universities during final exams.

Foxconn Confirms North American Factories Hit by Cyberattack

Foxconn confirmed North American factories were hit by a cyberattack, with affected sites resuming normal production after response measures were activated.

fromwww.bbc.com

International cyber attack disrupts swathe of universities and schools

A ShinyHunters cyberattack disrupted Canvas across thousands of schools, forcing exam postponements and leaving some users unable to access coursework.

fromwww.aljazeera.com

Hacked educational platform partially restored for millions of students

ShinyHunters breached Canvas, stole 3.5 terabytes of student data, threatened release by May 12, and disrupted education during exam season.

fromArs Technica

Chaos erupts as cyberattack disrupts learning platform Canvas amid finals

A cyberattack disrupted Canvas during final exams, exposing personal data, prompting schools to postpone or reschedule exams, and restoring the platform after investigation.

Canvas education platform back online after cyberattack

Canvas access was restored after a major cyberattack disrupted student access worldwide during final exams.

fromFortune

Student hackers get revenge on final exams as 'ShinyHunters' takes down nearly 9,000 schools study software | Fortune

Canvas returned online after a cyberattack disrupted grades, assignments, and course materials for schools and universities during final exams.

more#cyberattack

716,000 Impacted by OpenLoop Health Data Breach

Hackers accessed OpenLoop Health systems in early January 2026 and stole personal information of 716,000 individuals, prompting security upgrades and identity monitoring for victims.

Civil servants to protest outside Capita AGM over pension shambles

Members of the Public and Commercial Services (PCS) union will gather outside Capita's AGM at Sheldon Square, London, from 9:45am on May 18 to demand that the government strips the outsourcer of responsibility for administering civil service pensions after months of delays, botched portal launches, missing payments, bereavement failures, and a data breach that exposed members' personal information.

EU data protection

BWH Hotels Says Hackers Had Access to Reservation Data for 6 Months

Emails sent to customers affected by the data breach reveal that the intrusion was discovered on April 22, and an investigation showed that threat actors had access since October 14, 2025.

Privacy professionals

fromThe Verge

Canvas owner reaches 'agreement' with hackers to secure stolen data

Instructure reached an agreement with hackers after a Canvas breach, claiming stolen data was returned and customers will not be extorted.

fromSearch Storage

Attackers targeting storage infrastructure for remote work | TechTarget

Threat actors increasingly target storage infrastructure to access valuable data, disable backups, steal credentials, and spread ransomware impact efficiently.

fromAxios

Canvas outage delays college finals across the country

Universities canceled or rescheduled finals due to a Canvas outage after unauthorized access exposed student information.

Instructure hackers claim they stole data from nearly 9,000 schools - Engadget

ShinyHunters claims it stole data from 8,809 schools via a breach of Instructure’s Canvas, threatening to leak records unless a settlement is negotiated by May 12.

fromInside Higher Ed | Higher Education News, Events and Jobs

Hackers Target Canvas-Again

ShinyHunters sent extortion messages to Canvas users after claiming another breach, demanding private settlement talks and threatening data leaks by May 12, 2026.

fromEngadget

Instructure hackers claim they stole data from nearly 9,000 schools - Engadget

ShinyHunters claims it stole data from 8,809 schools via a breach of Instructure’s Canvas, threatening to leak records unless a settlement is negotiated by May 12.

fromInside Higher Ed | Higher Education News, Events and Jobs

Hackers Target Canvas-Again

ShinyHunters sent extortion messages to Canvas users after claiming another breach, demanding private settlement talks and threatening data leaks by May 12, 2026.

Canvas is down as ShinyHunters threatens to leak schools' data

Canvas learning management platform experienced a major outage following a data breach affecting millions of students, with hacking group ShinyHunters demanding ransom before releasing stolen data.

Canada news

Alberta separatists submit 300,000 signatures to push independence referendum

Alberta separatists submitted over 300,000 signatures for an independence referendum amid a major data breach affecting nearly three million residents.

#instructure

Hackers steal students' data during breach at education tech giant Instructure | TechCrunch

Instructure confirmed a data breach involving students' private information, claimed by the hacking group ShinyHunters.

ShinyHunters claims Instructure breach, data from 275M users stolen

Instructure confirmed a data breach affecting personal data of users, with claims of 275 million individuals' data stolen by the ShinyHunters group.

Hackers steal students' data during breach at education tech giant Instructure | TechCrunch

Instructure confirmed a data breach involving students' private information, claimed by the hacking group ShinyHunters.

ShinyHunters claims Instructure breach, data from 275M users stolen

Instructure confirmed a data breach affecting personal data of users, with claims of 275 million individuals' data stolen by the ShinyHunters group.

Cushman & Wakefield confirms vishing cyberattack

Cushman & Wakefield confirmed a data breach caused by vishing, with two cybercrime groups claiming responsibility for separate attacks.

ShinyHunters claims 119K Vimeo emails in the wild

Over 119,000 Vimeo users' email addresses were compromised due to a breach linked to a third-party analytics vendor.

Vimeo Confirms User and Customer Data Breach

Vimeo confirmed a data breach involving user data theft through a third-party vendor, but no video content or payment information was compromised.

fromTheregister

ShinyHunters claims 119K Vimeo emails in the wild

Over 119,000 Vimeo users' email addresses were compromised due to a breach linked to a third-party analytics vendor.

Vimeo Confirms User and Customer Data Breach

Vimeo confirmed a data breach involving user data theft through a third-party vendor, but no video content or payment information was compromised.

Your architecture is the ceiling on your AI strategy. Here's how to raise it in 90 days

A data breach at Vercel occurred due to an employee's use of a compromised AI tool, highlighting risks in legacy architectures for AI deployment.

fromComputerWeekly.com

Almost half of UK businesses hit by cyber attacks | Computer Weekly

Cyber security threats in the UK are significant, with many organizations experiencing breaches or attacks, highlighting the need for robust security measures.

Dental practice software maker fixes bug that exposed patients' medical records | TechCrunch

A security flaw in Practice by Numbers' patient portal exposed private health records of patients, allowing unauthorized access to sensitive information.

fromWIRED

Exposed Data Illustrates the Nightmare Scenario for a Stalkerware Victim

Stalkerware enables secret surveillance of individuals, leading to severe privacy violations and potential data breaches of sensitive information.

Healthcare

Sandhills Medical Says Ransomware Breach Affects 170,000

Sandhills Medical Foundation experienced a data breach affecting nearly 170,000 individuals due to a ransomware attack discovered on May 8, 2025.

Fresh LiteLLM Vulnerability Exploited Shortly After Disclosure

A critical SQL injection vulnerability in LiteLLM was exploited shortly after disclosure, allowing unauthorized access to sensitive database information.

#uk-biobank

UK politics

UK braces for further leaks after more private health records appear on Chinese website

Confidential health records of UK Biobank volunteers have been listed on Alibaba, prompting government action and raising concerns about data re-identification risks.

EU data protection

UK Biobank Data of 500K Listed for Sale in China

Sensitive UK Biobank data was found for sale on Alibaba, revealing private information of 500,000 participants without names or phone numbers.

UK politics

UK braces for further leaks after more private health records appear on Chinese website

Confidential health records of UK Biobank volunteers have been listed on Alibaba, prompting government action and raising concerns about data re-identification risks.

EU data protection

UK Biobank Data of 500K Listed for Sale in China

Sensitive UK Biobank data was found for sale on Alibaba, revealing private information of 500,000 participants without names or phone numbers.

more#uk-biobank

fromArs Technica

Why a recent supply-chain attack singled out security firms Checkmarx and Bitwarden

Current evidence indicates that this data originated from Checkmarx's GitHub repositories, and that access to those repositories was facilitated through the initial supply chain attack of March 23, 2023.

Information security

ADT Confirms Major Data Breach Exposing Millions of Names, Partial SSNs

ADT's home security systems were not compromised, but customer data including names and partial Social Security numbers was exposed in a data breach.

fromTheregister

Pitney Bowes the latest victim of ShinyHunters' breach-spree

Data breach tracker Have I Been Pwned (HIBP) confirmed the breach on April 27, with 8.2 million unique email addresses included in the dump alongside names, phone numbers, and physical addresses.

Privacy professionals

#medtronic

Medtronic Hack Confirmed After ShinyHunters Threatens Data Leak

Medtronic confirmed a hack by ShinyHunters, claiming millions of records were stolen, but asserts no impact on patient safety or operations.

What the Medtronic Breach Means for Security Experts

Medtronic confirmed a data breach but reported no impact on patient safety or operations due to separate IT networks.

Medtronic Hack Confirmed After ShinyHunters Threatens Data Leak

Medtronic confirmed a hack by ShinyHunters, claiming millions of records were stolen, but asserts no impact on patient safety or operations.

What the Medtronic Breach Means for Security Experts

Medtronic confirmed a data breach but reported no impact on patient safety or operations due to separate IT networks.

Ongoing supply-chain attack targets security, dev tools

Checkmarx's GitHub repository was compromised, leading to a data leak by the Lapsus$ extortion group.

ADT Breach Confirmed: Names, Phone Numbers, and Addresses Exposed

ADT experienced a data breach, with personal information of customers accessed, but no payment information was compromised.

Energy and Water Management Firm Itron Hacked

Itron is investigating unauthorized access to its systems, but operations continue and no significant impact is expected.

fromTheregister

ShinyHunters claim they have cruise giant Carnival's booty

Carnival Corporation faces a significant data breach involving 7.5 million email addresses linked to its Mariner Society loyalty program.