news

What Happened in the BreachSan Diego Eye Bank, a 501(c)(3) nonprofit that has provided corneal and ocular tissue to restore sight since 1959, discovered in February 2026 that an intruder had compromised its network. Public reporting indicated that the Pear ransomware group — which styles itself as “Pure Extraction And Ransom” (PEAR), infiltrated the eye…

Flickr said a vulnerability in a third-party email service provider’s system on February 5, 2026 may have allowed unauthorized access to certain Flickr user data fields, including names, email addresses, IP addresses, general location, and account activity, while passwords and payment card numbers were not affected.What Happened in the BreachFlickr told users it learned on…

What Happened in the BreachJapan Airlines JAL disclosed that its reservation system for the Same Day Luggage Delivery Service, which allows passengers to send bags from airports to hotels, was infiltrated by a third party and may have leaked personal data of up to 28,000 customers. The unauthorized access targeted the baggage delivery system and…

What Happened in the BreachCommunity Health Clinics Inc., doing business as Terry Reilly Health Services (TRHS) in Nampa, Idaho, disclosed February 9 2026 that a security incident at its billing vendor risked exposing the personally identifiable information of about 5,421 patients. According to TRHS, the breach did not originate on its own systems; instead, it…

Senegal temporarily suspended national identity card production after a cyber incident hit the Directorate of File Automation, while a ransomware group claimed it stole up to 139TB of highly sensitive citizen data.What Happened in the BreachSenegal’s Directorate of File Automation, known as the DAF, announced an “incident” in its information system and said the national…

What Happened in the BreachOn January 30 2026, the European Commission’s central mobile‑device management (MDM) infrastructure detected signs of a cyber‑attack. Investigators said the intrusion may have exposed some staff members’ names and mobile phone numbers but did not compromise the actual mobile devices. CERT‑EU, the cybersecurity team for EU institutions, contained the intrusion and…

A threat actor is claiming to sell a 1.3TB Eurail dataset while Eurail has publicly confirmed that some customer data from its January 2026 security incident is being offered for sale and that a sample has appeared on Telegram.What Happened in the BreachEurail B.V. said a security breach led to unauthorized access to customer data,…

What Happened in the BreachVolvo Group North America reported that a third party breach at Conduent exposed personal data tied to nearly 17,000 Volvo employees and customers, after Conduent’s systems were accessed from Oct 21, 2024 to Jan 13, 2025. Stolen files included names, addresses, Social Security numbers, dates of birth, health insurance details, identification…

Coinbase confirmed that a single contractor improperly accessed customer information inside its support tooling, affecting about 30 customers, after screenshots of an internal support interface briefly appeared on Telegram and were then removed.What Happened in the BreachCoinbase told BleepingComputer that its security team found improper access from one contractor last year and that the access…

What Happened in the BreachCybersecurity researchers from the Cybernews investigative team uncovered an unprotected MongoDB instance on November 11, 2025 that they traced to US based identity verification firm IDMerit. The exposed server, used to store know your customer KYC data, held multiple databases totaling more than 3 billion records and nearly 1 terabyte of…