Date
Victim
Summary
Threat Actor
Business Impact
Source Link
March 03, 2026
Optimizely
Suspected ShinyHunters’ vishing attack hits Ad Tech firm Optimizely, leaking business information
ShinyHunters
Ad tech company Optimizely experienced a phishing-based intrusion where attackers accessed some internal systems and stole limited business contact information from CRM and internal documents, though sensitive customer data was not compromised and operations continued normally.
March 03, 2026
Pathstone Family Office
Pathstone Family Office breached; records stolen
ShinyHunters
Hackers claimed to have breached Pathstone Family Office and stolen around 641,000 records containing sensitive personal information and internal corporate documents, potentially exposing clients to identity theft, fraud, and reputational risks.
March 03,2026
Pedro Sánchez and other Spanish government officials
Spain Govt Data Breach March 04: Pedro Sanchez details allegedly leaked
Unknown
A hacker allegedly leaked personal information—including phone numbers and addresses—linked to Spanish government officials such as Prime Minister Pedro Sánchez, raising concerns about a possible breach of sensitive government-related data while authorities launched an investigation into the incident.
March 04, 2026
LexisNexis
LexisNexis says hackers accessed legacy data
FulcrumSec
Hackers gained access to a limited number of servers belonging to LexisNexis and stole millions of records containing mostly legacy data—such as customer names, user IDs, business contact details, support tickets, and other internal information—though the company said its products and services were not affected.
March 04, 2026
Valley Radiology Consultants Medical Group and Nephrology Associates Medical Group
Two California Medical Groups announce data breaches
Unknown
An unauthorized actor accessed the networks of Valley Radiology Consultants Medical Group and Nephrology Associates Medical Group, exposing sensitive patient information such as personal, medical, and insurance data, prompting both organizations to notify affected individuals and strengthen their security measures.
March 04, 2026
University of Hawaii
Data breach at University of Hawaiʻi Cancer Center impacts 1.2 Million individuals
Unknown
A ransomware attack on the University of Hawaiʻi Cancer Center compromised research systems and exposed sensitive personal data—including Social Security numbers, driver’s license details, and health-related research information—of about 1.2 million individuals.
Source: Securityaffairs.com
March 04, 2026
Cloud Imperium Games
Star Citizen developer draws ire over delayed data breach disclosure
Unknown
A cyber attack on Cloud Imperium Games exposed limited personal data—such as usernames, names, dates of birth, and contact details—after attackers gained read-only access to backup systems, raising concerns among players about phishing risks and the company’s delayed disclosure of the breach.
March 05, 2026
CIMB
CIMB refutes claims of data breach involving 1.2 mil records
Unknown
Reports circulated online claiming that a dataset containing about 1.2 million records of sensitive customer financial and personal information from CIMB had been leaked, though the bank later stated its investigation found no evidence of a breach and confirmed its systems remained secure.
Source: theedgemalaysia.com
March 06, 2026
Cognizant’s TriZetto
Cognizant TriZetto breach exposes health data of 3.4 million patients
Unknown
Hackers gained unauthorized access to Cognizant’s TriZetto systems and exfiltrated sensitive personal and health insurance information belonging to about 3.4 million patients, exposing data such as names, birth dates, Social Security numbers, and insurance details.
Source: Bleeping Computer
March 09, 2026
Salesforce Aura
ShinyHunters claims ongoing Salesforce Aura data theft attacks
ShinyHunters
The ShinyHunters hacking group claimed it had been exploiting Salesforce Aura/Experience Cloud instances—particularly those with misconfigured public access—to extract sensitive records from targeted organizations by bypassing query limits and scanning exposed sites for accessible data.
Source: Bleeping Computer
March 10, 2026
Ericsson
Thousands Affected by Ericsson Data Breach
Unknown
A cyber incident at a third-party service provider led to unauthorized access to files containing personal information linked to over 15,000 Ericsson employees and customers, exposing sensitive data stored for the company’s U.S. operations.
Source: Security Week
March 11, 2026
Michelin
Michelin confirms data breach linked to Oracle EBS attack
Cl0p Ransomware Group
Tire manufacturer Michelin confirmed that cybercriminals breached its systems through the wider Oracle E-Business Suite hacking campaign and leaked over 300GB of stolen company files, exposing data believed to have been taken from its Oracle EBS environment.
Source: Security Week
March 12, 2026
Care Management Company
Data breach on care management company impacts 5K patients at NYC Health
Unknown
An unauthorized third party breached a care management partner of NYC Health + Hospitals, exposing sensitive personal and protected health information, including Social Security numbers, Medicaid IDs, diagnoses, medications, and treatment details of roughly 5,000 patients.
March 12, 2026
Telus Digital
Telus Digital confirms breach after hacker claims 1 petabyte data theft
ShinyHunters
Canadian outsourcing giant Telus Digital confirmed a security breach after a hacker claimed to have stolen up to 1 petabyte of data, potentially exposing sensitive information tied to its business-process outsourcing operations and clients.
Source: Bleeping Computer
March 13, 2026
CommonSpirit Health
Third-Party Vendor Breach leads to exposure of data at CommonSpirit Health
Unknown
A data breach linked to a third-party vendor exposed sensitive personal and protected health information, such as names, dates of birth, and medical details, of at least 19,000 individuals connected to CommonSpirit Health, prompting investigations and breach notifications.
March 13, 2026
Viking Line
Viking Line confirms data breach linked to third-party supplier
Unknown
Ferry operator Viking Line confirmed that a cybersecurity incident at a third-party supplier exposed customer information of passengers who had placed advance duty-free orders for pickup during their ferry trips.
March 13, 2026
Pinnacle Holdings
Pinnacle Holdings data breach claims investigated by Lynch Carpenter
Unknown
An unauthorised attacker accessed Pinnacle Holdings’ network and potentially stole sensitive personal and health information including Social Security numbers, medical records, insurance details, and treatment data, affecting nearly 20,000 individuals.
March 13, 2026
Loblaw Companies Limited
Loblaw reports customer data breach after IT network intrusion
Unknown
Hackers infiltrated a non-critical segment of Loblaw Companies Limited’s IT network and accessed basic customer information such as names, phone numbers, and email addresses, prompting the company to log out all users and advise customers to remain alert for phishing attempts.
Source: scworld.com
March 17, 2026
Robotic Surgery Giant, Intuitive
Robotic Surgery Giant Intuitive Discloses Cyber Attack
Unknown
A phishing attack led to unauthorised access to Intuitive’s internal business systems, exposing employee, customer, and corporate data, although its surgical platforms and core operations remained unaffected.
Source: Security Week
March 18, 2026
Identity protection company Aura
Aura confirms data breach exposing 900,000 marketing contacts
ShinyHunters
A phishing attack allowed hackers to access an employee account and exfiltrate roughly 900,000 marketing contact records, exposing names, email addresses, phone numbers, and home addresses linked to Aura’s systems.
Source: Bleeping Computer
March 19, 2026
Navia Benefit Solutions
Navia discloses data breach impacting 2.7 million people
Unknown
An attacker gained unauthorised access to Navia’s systems through an exposed API and accessed sensitive personal and health-related information, including Social Security numbers and account data, affecting approximately 2.7 million individuals.
Source: Bleeping Computer
March 24, 2026
Lockheed Martin
Massive data breach at Lockheed Martin claimed by pro-Iran hacktivist
APT Iran
A pro-Iran hacktivist group claimed it had stolen around 375 TB of sensitive data from Lockheed Martin, including alleged F-35 aircraft blueprints and internal corporate files, and threatened to sell or leak the data unless a ransom exceeding $400 million was paid.
Source: Cybersecurity Dive
March 24, 2026
Mazda Motor Corporation
Mazda confirms limited employee, business partner data breach
Unknown
Hackers exploited a vulnerable internal warehouse management system at Mazda and accessed limited personal data including names, email addresses, and IDs of around 692 employees and business partners, though no customer information was affected.
Source: scworld.com
March 24, 2026
French Education Ministry
Data Breach in French Education Ministry information system hits 243,000 staff
Unknown
An unauthorised breach of the French Education Ministry’s COMPAS system led to the exfiltration of sensitive data including identity details, contact information, and employment-related records affecting approximately 243,000 staff members.
March 24, 2026
Crunchyroll
Crunchyroll confirms data breach after hacker claims unauthorised access
Unknown
Crunchyroll confirmed that a hacker gained unauthorised access to internal systems through a third-party customer support provider, potentially exposing user data and internal information, though the company said the breach was contained quickly and its core platform remained secure.
March 25, 2026
Global users whose stolen data was traded on the LeakBase forum
Russia arrests alleged owner of cybercrime forum LeakBase, report says
Unknown
The LeakBase platform facilitated the large-scale trading of stolen credentials, hacking tools, and sensitive data affecting hundreds of thousands of users, enabling widespread cybercrime and account compromise globally.
March 25, 2026
Ajax FC fans and supporters
Ajax FC data breach exposes 300,000 fans, hacker steals tickets and stadium ban details.
Unknown
The breach exposed personal data of over 300,000 fans and allowed unauthorized access to accounts, enabling attackers to view sensitive information and even manipulate tickets and stadium bans, creating serious privacy and security risks.
March 28, 2026
Corewell Health patients
Thousands of Corewell Health patients impacted by 2024 data breach
Unknown
The breach exposed sensitive personal and medical data of around 19,000 patients after a vendor’s network was compromised, raising risks of identity theft and privacy violations despite no confirmed fraud.
Source: cbsnews.com
March 29, 2026
FBI Director Kash Patel
FBI confirms hack of Director Patel’s personal email inbox
Handala Hack Team
The hackers breached FBI Director Kash Patel’s personal email inbox and leaked emails, photos, and documents online, exposing personal information and raising concerns over targeted attacks on high-profile officials.
Source: Bleeping Computer
March 30, 2026
European Commission
European Commission downplays ShinyHunters cyber claim
ShinyHunters
The alleged breach involved claims of over 350GB of stolen data from public-facing EU websites, but authorities said the attack was quickly contained with no impact on internal systems and minimal risk to sensitive data.
Source: The Record
March 30, 2026
CareCloud
Healthcare software firm CareCloud informs SEC of potential patient data leak
Unknown
The cyber-attack caused an eight-hour disruption to a patient record system and potentially exposed sensitive electronic health records, creating risks of data leakage along with legal, regulatory, and reputational consequences for the company.
Source: The Record
Stephan is the sports journalist for the Maple Grove Report.
