Date
Victim
Summary
Threat Actor
Business Impact
Source Link
April 1, 2026
Mercor
Mercor says it was hit by cyber attack tied to compromise of open-source LiteLLM project
TeamPCP (supply chain compromise) and Lapsus$ (claimed data theft)
The supply chain attack compromised Mercor through the LiteLLM library, potentially exposing sensitive company data, including source code, databases, and credentials while impacting thousands of organisations relying on the same software.
April 1, 2026
CareCloud, Inc. and its patients/users
On March 24, 2026, CareCloud filed a report with the SEC regarding a network outage in its Health division that affected one of six EHR systems for approximately eight hours around March 16.
Unknown
The incident caused a network disruption in CareCloud’s health systems and potentially exposed sensitive patient data, putting affected individuals at risk of identity theft and fraud while investigations into data access continued.
April 1, 2026
Cisco Systems
Cisco source code stolen in Trivy-linked dev environment breach
TeamPCP
The attackers breached Cisco’s internal development environment using stolen credentials, leading to the theft of source code, exposure of AWS keys, and unauthorised access to internal systems and customer-related repositories, raising risks of further compromise.
Source: Bleeping Computer
April 3, 2026
European Commission and multiple EU entities
CERT-EU: European Commission hack exposes data of 30 EU entities
TeamPCP
The cloud-based breach exposed sensitive data from at least 30 EU entities, including emails, usernames, and internal information, after attackers infiltrated the European Commission’s hosting environment and exfiltrated data without disrupting services.
Source: Bleeping Computer
April 7, 2026
Jones Day
Jones Day confirms data breach after hackers leak client files online
Silent ransom group
The phishing-based breach allowed hackers to access and leak sensitive client files linked to at least 10 clients, exposing confidential legal data and raising risks of reputational damage and potential misuse of sensitive information.
April 7, 2026
Snowflake customers
Snowflake customers hit in data theft attacks after SaaS integrator breach
ShinyHunters
The breach of a SaaS integration provider allowed attackers to steal authentication tokens and use them to access and exfiltrate sensitive data from multiple Snowflake customer environments, leading to widespread data theft and potential extortion risks.
Source: Bleeping Computer
April 8, 2026
Eurail B.V.
Passport numbers for more than 300,000 leaked during December Eurail data breach
Unknown
The breach exposed personal data,including names and passport numbers, of over 300,000 travelers after hackers accessed Eurail’s systems, with the stolen information later being offered for sale on the dark web, increasing risks of identity theft and fraud.
Source: The Record
April 8, 2026
Los Angeles City Attorney’s Office (affecting Los Angeles Police Department data)
Breach exposes LAPD files stored in city attorney system
World Leaks
The breach exposed around 7.7TB of sensitive LAPD data, including personnel records, witness details, and medical information after hackers accessed a city attorney system, raising serious privacy and safety concerns for officers and individuals involved in cases.
Source: The Record
April 08, 2026
China’s supercomputers
A hacker has allegedly breached one of China’s supercomputers and is attempting to sell a trove of stolen data
FlamingChina
The cyber attack allegedly led to the theft of more than 10 petabytes of sensitive data including defence research and classified scientific information creating major national security concerns and exposing weaknesses in critical infrastructure protection
Source: CNN.com
April 13, 2026
Basic-Fit
Hack at Dutch gym chain Basic-Fit exposes customer data in several EU countries
Unknown
The breach attack exposed personal and financial data of around 1 million gym members across multiple European countries after hackers breached internal systems and downloaded sensitive information, increasing risks of fraud and phishing.
Source: The Record
April 13, 2026
Booking.com
Booking.com confirms hackers accessed customers data
Unknown
The breach allowed unauthorised access to customer booking data including names contact details and reservation information which was later used in phishing attacks to target users and potentially compromise their accounts and personal information.
Source: Tech Crunch
April 13, 2026
Rockstar Games
Stolen Rockstar Games analytics data leaked by extortion gang
ShinyHunters
The breach led to the theft and public leak of internal analytics data including game metrics and user behavior insights, exposing business sensitive information and creating extortion pressure on the company despite no impact on players or operations.
Source: Bleeping Computer
April 14, 2026
McGraw-Hill
McGraw-Hill confirms data breach following extortion threat
ShinyHunters
The breach allowed attackers to access a limited set of internal data through a Salesforce misconfiguration and use it for extortion threats, creating risks of data exposure and reputational damage despite no access to sensitive customer or student information.
Source: Bleeping Computer
April 20, 2026
Ameriprise Financial Services
Ameriprise Data Breach Impacts More Than 47,000 People
Unknown
The data breach exposed sensitive personal information of 47,876 customers after an unauthorised actor accessed internal data, increasing risks of identity theft and financial fraud for affected individuals.
April 20, 2026
Bol.com
Dutch ecommerce site Bol.com investigates claims of a data breach
Unknown
The incident raised concerns after a dataset allegedly containing around 400,000 customer records was put up for sale online, potentially exposing personal and account details and increasing risks of phishing and fraud, although the company said there was no confirmed breach or system compromise.
Source: techzine.eu
April 21, 2026
Vercel (via breach at Context AI)
App host Vercel confirms security incident; says customer data was stolen via breach at Context AI
Unknown
The breach allowed hackers to access internal systems and steal customer data, including API keys, source code, and database information after compromising a third-party AI tool, raising concerns about wider downstream risks across multiple organisations.
Source: Tech Crunch
April 21, 2026
Canada Life
Hackers accessed personal information of 70,000 people in Canada Life data breach
ShinyHunters
The breach exposed personal information including names, dates of birth, addresses, gender, and income details of up to 70,000 individuals after attackers accessed systems through a compromised employee account, increasing risks of identity theft and targeted fraud.
April 21, 2026
Gonets satellite communication system (Russia)
Ukrainian hackers breach internal data of Russia’s Starlink-like Gonets system
Ukrainian hackers (pro-Ukraine cyber units)
The cyber attack exposed sensitive internal communications and operational data from Russia’s Gonets satellite system after Ukrainian hackers gained access to internal accounts, potentially revealing infrastructure details and intelligence linked to military and state users.
April 22, 2026
France Titres (Agence Nationale des Titres Sécurisés – ANTS)
France Titres data breach: 19 million records allegedly stolen
breach3d
The breach potentially exposed sensitive personal data such as names, birth details, contact information, and account identifiers of millions of individuals, significantly increasing risks of phishing, identity theft, and large-scale social engineering attacks.
April 23, 2026
Vercel
Vercel says some of its customers’ data was stolen prior to its recent hack
Unknown
The breach revealed that hackers had already accessed and stolen some customer data before the incident was detected, indicating a broader compromise that exposed sensitive information and increased risks for affected users.
Source: Tech Crunch
April 23, 2026
Rituals Cosmetics
Luxury cosmetics giant Rituals discloses data breach
Unknown
The breach exposed customer membership data including names, contact details, and demographic information after attackers accessed and downloaded records from Rituals’ loyalty database, increasing risks of phishing and targeted scams despite no financial data being compromised.
April 24, 2026
Udemy
ShinyHunters claim Udemy data theft
ShinyHunters
Udemy faced a large-scale data breach claim in which ShinyHunters said they stole 1.4 million user and instructor records, exposing email addresses, names, phone numbers, physical addresses, employer details, and instructor payout information, creating significant phishing, fraud, and identity theft risks for affected users.
Source: cybernews.com
April 24, 2026
UK Biobank
UK Biobank data breach raises concerns over healthcare data security
Unknown
The breach led to sensitive health and genetic data of around 500,000 individuals being exposed and even listed for sale online, raising serious privacy concerns and prompting authorities to suspend access and investigate the incident.
Source: Cyber Express
April 24, 2026
Coupang
South Korea says Coupang data breach probe affects US security talks
Unknown
The massive data breach involving tens of millions of users escalated beyond a corporate incident, straining U.S.–South Korea relations and delaying key security and defence discussions due to legal and political tensions surrounding the investigation.
Source: Investing.com
April 24, 2026
ADT Inc.
ADT confirms data breach after ShinyHunters leak threat
ShinyHunters
ADT confirmed that attackers accessed and stole customer and prospective customer data, exposing personal information such as names, phone numbers, and addresses, while triggering an internal investigation and containment efforts after the intrusion was discovered.
Source: Bleeping Computer
April 27, 2026
Medtronic
Medtronic confirms breach after hackers claim 9 million records theft
ShinyHunters
Medtronic confirmed that attackers breached parts of its corporate IT environment and accessed internal data, with hackers claiming to have stolen around 9 million records, forcing the company to launch containment and forensic investigations, although patient care, products, and operations remained unaffected.
Source: Bleeping Computer
April 28, 2026
Vimeo
Vimeo confirms user and customer data breach
ShinyHunters
Vimeo confirmed that attackers accessed customer email addresses, technical data, and video metadata through a compromised third-party vendor, exposing user information but without disrupting platform operations or affecting login credentials and payment data.
Source: Security Week
April 28, 2026
Pitney Bowes
Pitney Bowes becomes the latest victim of ShinyHunters breach spree
ShinyHunters
Pitney Bowes confirmed that attackers accessed business customer records in its Salesforce CRM environment after a phishing-led account compromise, exposing millions of contact records and creating risks of phishing, fraud, and customer data misuse, though its core systems remained unaffected.
Source: The Register
April 29, 2026
Amtrak
Amtrak data breach exposes millions of customer records
ShinyHunters
Amtrak suffered a large-scale data breach in which attackers apparently gained access to millions of customer records, exposing names, email addresses, physical addresses, and support ticket histories, increasing the risk of highly targeted phishing and identity-based fraud against travelers.
April 30, 2026
Movistar Perú
Movistar Peru data breach impacts 4 million users
Dedale
Movistar Perú suffered a large-scale data exposure affecting nearly 4 million users, with leaked names, phone numbers, national IDs, birth dates, and telecom plan details, increasing the risk of phishing, identity theft, and SIM-swapping fraud against customers.
Source: escudodigital.com
April 30, 2026
National Health Insurance Company of Moldova (CNAM)
Moldova’s health insurance agency reports possible data leak after cyber attack
Unknown
Moldova’s health insurance agency reported that a cyber attack may have exposed sensitive patient and payment records affecting roughly one-third of its healthcare database, raising serious privacy risks for insured citizens even though medical services continued without disruption.
Source: The Record Media
Stephan is the sports journalist for the Maple Grove Report.
