In May 2015, DataBreaches reported that on April 30, 2015, the Department of Justice had announced the indictment of twin brothers Muneeb and Sohaib Akhter of Virginia. The twins. who were 23 years old, were indicted on charges of aggravated identity theft, conspiracy to commit wire fraud, conspiracy to access a protected computer without authorization,...

Source

Dan Diamond and Clara Ence Morse report: The Trump administration inadvertently exposed the Social Security numbers of health care providers in a database powering a new Medicare portal, The Washington Post found. The Centers for Medicare and Medicaid Services (CMS) last year created a directory to help seniors look up which doctors and medical providers accept...

Source

France has arrested numerous young hackers in the past decade. You’d think — or hope — that they might have developed an effective diversion program by now. Have they? That’s not to imply that other countries like the U.K. and U.S. have effective diversion programs, because as far as this blogger knows, they don’t have...

Source

DataBreaches missed this one, but The Daily Hodl didn’t. They reported on March 31: A US state tax agency has placed taxpayers’ personal info at risk by missing an extended data breach that lasted 18 months. The Oklahoma Tax Commission (OTC) says the breach happened between July 2024 and December 2025, per a new filing with the...

Source

Kenna Hughes-Castleberry reports: Nine Mexican government agencies were hacked in an artificial intelligence (AI)-driven cyber campaign between December 2025 and mid-February 2026 in what researchers have said should “serve as a wake-up call.” According to researchers at cybersecurity company Gambit Security, a small group of individuals used  Claude Code and OpenAI’s GPT-4.1 to breach both...

Source

There are insider breaches, and then there are fourth-degree felonies and other possible charges if public records are destroyed improperly or without a lawful purpose. KVIA in New Mexico reports: The City of Anthony released a letter to KVIA on Saturday stating that the previous administration had allegedly committed several wrong-doings and the City is...

Source

I posted the following article this morning over on PogoWasRight.org, but I have had so many people sending me links to stories about this news that I guess I should have posted it here, too, as a future data breach. by Amanda Seitz and Maia Rosenfeld April 8, 2026 The Trump administration is quietly seeking...

Source

Lorenzo Franceschi-Bicchierai reports: Cybercriminals have allegedly stolen a large amount of sensitive internal documents from the Los Angeles Police Department and leaked the data online. The stolen data included police officer personnel files, internal affairs investigations, and discovery documents that can include unredacted criminal complaints and personal information, such as witness names and medical data, according...

Source

When criminals store or host data on U.S. servers, victims may get lucky. This is one of those situations. Matthew Sockol reports that data from the town of Apex in North Carolina had been stolen in an attempted ransomware attack in July 2024. The data of approximately 22,000 residents had reportedly never appeared on the...

Source

Jan Vermeulen reports: Statistics South Africa has become the latest government entity to fall victim to a ransomware attack by the emerging cybercrime group known as XP95. The threat actors claim to have successfully breached the agency responsible for conducting South Africa’s census, as well as producing and disseminating other official statistics, like the Consumer...

Source

Did you sign up for the new White House app? Don’t use it until you read this, because it puts your privacy and data security at risk. Patrick Quirk takes an impressive technical piece and distills it for those of us who are not developers or coders. His article is based on original research by...

Source

From a report on cyber.netsecops.io: Executive Summary A debilitating ransomware attack has completely crippled the IT operations of the Jackson County Sheriff’s Office in Indiana. The attack, which struck last week, has rendered the department’s entire computer network, including all PCs, Wi-Fi, and critical reporting systems, unusable. […] Technical Analysis Initial Access Vector: The likely initial access vector...

Source

Gary Fineout reports:  Sen. Rick Scott is suing a major government contractor for damages after his tax returns were leaked along with other prominent and wealthy figures, including President Donald Trump. The Florida Republican on Monday filed a lawsuit against Booz Allen Hamilton, a management and technology consulting company, and a former employee of the contractor who...

Source

Alex Stevensson reports: Thousands of devices owned by the Luxembourg public sector found to be infected with malware at the end of February have since been updated and secured, digitalisation minister Stéphanie Obertin has said. The security breach was confirmed on 27 February but details were scant at the time, with LSAP deputy Ben Polidori...

Source

The Daily Journal reports: Days after a cybersecurity breach that was “widely impacting city services,” the city of Foster City has moved its network offline, an action that disrupted its phone and email systems outside of emergency response, according to the city. City staff cannot make or receive calls or respond to emails but will...

Source

Theresa Defino of the Health Care Compliance Association reports: Calling the proposal “unprecedented in its scope and lack of specificity,” CVS Health—owner of Aetna—is among a chorus of firms and organizations opposing a renewed effort by the Office of Personnel Management (OPM) to establish what CVS termed a “wholesale collection of vast amounts of granular...

Source

Anthony Segaert reports: A western Sydney council is communicating with anonymous hackers by sending Dropbox links into a chatroom, after it suffered a major data breach. In October last year, Fairfield Council’s servers – which contained personal, financial and property information about councillors, ratepayers, residents and staff – were illegally accessed by hackers, who are...

Source

From the Nonprofit Tech Support: When the City of Hamilton suffered a ransomware attack on February 25, 2024, it marked a sobering milestone in Canadian municipal cybersecurity. The attack crippled roughly 80% of Hamilton’s network, impacting services from business licensing to the fire department’s records. Attackers demanded an $18.5 million ransom, which the city refused...

Source

Sergiu Gatlan reports: Hackers part of APT28, a state-backed threat group linked to Russia’s military intelligence service (GRU), are exploiting a Zimbra Collaboration Suite (ZCS) vulnerability in attacks targeting Ukrainian government entities. This high-severity security flaw (tracked as CVE-2025-66376 and patched in early November) stems from a stored cross-site scripting (XSS) that unauthenticated attackers can exploit to gain remote...

Source

Mikael Thalen reports: A California resident had an urgent message for the police. A family tied to Mexico’s notorious Sinaloa drug cartel was trafficking hundreds of pounds of marijuana at a time, and the tipster knew how the police could apprehend these “highly violent” people who “always carry weapons.” Equally urgent to the tipster: secrecy....

Source