Jung Da-hyun reports: A recent data breach at the National Center for the Rights of the Child (NCRC), exposing sensitive personal records of adoptees, is drawing criticism from overseas adoptee groups and raising questions about the agency’s credibility. The breach, which the NCRC said occurred between April 30 and May 2, came to light when...

Source

The Department of Justice had a pretty good day today in terms of cybercrime. In addition to two men being sentenced for using BlackCat ransomware to try to extort U.S. entities, a German national living in Colombia has now been extradited to the United States on charges that he owned and operated “The Versus Project,”...

Source

France has arrested numerous young hackers in the past decade. You’d think — or hope — that they might have developed an effective diversion program by now. Have they? That’s not to imply that other countries like the U.K. and U.S. have effective diversion programs, because as far as this blogger knows, they don’t have...

Source

Data from Japanese firms indicates that paying ransom is unlikely to enable full recovery of encrypted data. Japan Today reports: At least 222 Japanese companies have paid ransomware attackers in the past, yet about 60 percent of them still failed to recover their data, according to a recent survey. Of 1,107 firms that responded to...

Source

Nogo Mania reports: The football world faces a serious security crisis. A large-scale cyberattack targeted the Asian Football Confederation, exposing sensitive data linked to more than 150,000 players and staff. The breach ranks among the most serious incidents in football history. Reports state that the leaked information includes passport copies, contracts, email addresses, and personal identification data. The...

Source

UNN reports: Moldova’s Cybersecurity Agency has reported a large-scale attack on the country’s main medical database, resulting in damage to around 30% of the information, according to Point, as reported by UNN. The agency’s deputy director said the attackers had been targeting the platform over the past month. The database is a key hub collecting data...

Source

The Bangkok Post reports: The Council of Engineers Thailand has warned about 350,000 members their personal data was stolen when its database was hacked recently, and could be misused. Prof Amorn Pimanmas, a director in the council’s board, said that about a week ago a hacker breached the database containing members’ personal data when it...

Source

Oh Seok-min reports: Personal information of around 100,000 customers has been leaked from a golf course, prompting a police investigation, sources said Sunday. The Korean National Police Agency is probing the case after the website of Lee & Lee Country Club in the county of Gapyeong, about 55 kilometers northeast of Seoul, was hacked, with...

Source

Hyun Su-a reports: Duo Info, South Korea’s top matchmaking company, leaked the personal information of 430,000 members, authorities said. The leaked items went far beyond names and email addresses to include religion, hobbies, height, weight, education and remarriage history. Excluding income and asset information, virtually all of the members’ personal details were exposed externally. The...

Source

Harry Taylor reports: Data from 500,000 people who volunteered their health information to the UK Biobank has been breached and offered for sale online in China. Technology Minister Ian Murray said that information of all half a million members had been listed for sale on the website Alibaba, as he called the breach an “unacceptable abuse” of data. He...

Source

Pierluigi Paganini reports: A leaked database from RAMP gives us a rare look behind the curtain. It shows how cybercrime works when it becomes structured, commercial, and repeatable. Instead of random hackers acting alone, RAMP functioned like a business platform where criminals could sell access, recruit affiliates, advertise ransomware, and negotiate deals in private. What...

Source

Ann-Marie Corvin reports: Cheap tech just keeps on exposing NATO warships. In the latest example, a journalist was able to send a Bluetooth tracker to a Dutch frigate. Just Vervaart, working for regional broadcaster Omroep Gelderland, hid the $5 Bluetooth tracker inside an envelope with a postcard via the military postal service. The reporter followed...

Source

Alberto Payo reports: A cybersecurity company based in Mexico, BePrime, was reportedly the victim of a cyberattack that allegedly resulted in the leak of 12.6 GB of data and access to network infrastructure and video surveillance, according to information published by the supposed attacker on a cybercrime forum. The company, which provides connectivity and security services to large corporations...

Source

Long-term follow-ups are important, and DataBreaches is glad that Alexander Martin points out that at least one NHS Trust is still impacted by the Qilin ransomware attack on Synnovis in 2024. From his reporting: At South London and Maudsley NHS Foundation Trust (SLaM), pathology systems have not been restored as of publication, with the trust...

Source

Daryna Antoniuk reports: Hackers have targeted Ukrainian hospitals and local government bodies in a new espionage campaign using a malware tool dubbed AgingFly, researchers say. Ukraine’s computer emergency response team (CERT-UA) said the activity was carried out by a group tracked as UAC-0247, which launched multiple attacks over the past two months against municipal authorities, clinical hospitals...

Source

Barry O’Connor provides an update on the C2K breach in Northern Ireland: The IT systems in schools targeted in a cyber attack last week have been “largely restored” the Education Authority (EA) has said. All online and IT systems in schools are provided through the C2K network, managed by the EA. The attack left all schools...

Source

Alexander Martin reports: A 16-year-old boy has been arrested in Northern Ireland after a cyberattack disrupted access to educational systems used by potentially hundreds of thousands of students. The boy, who has not been named for legal reasons, was arrested Wednesday in Portadown, County Armagh, on suspicion of offenses under the Computer Misuse Act. The...

Source

There seem to be more news stories about data protection out of Kenya recently. This one appeared on CapitalFM: The Office of the Data Protection Commissioner (ODPC) has found St Luke’s Orthopaedic and Trauma Hospital liable for unlawfully disclosing a patient’s sensitive medical information and ordered it to pay Sh525,000 in compensation. In a ruling...

Kenna Hughes-Castleberry reports: Nine Mexican government agencies were hacked in an artificial intelligence (AI)-driven cyber campaign between December 2025 and mid-February 2026 in what researchers have said should “serve as a wake-up call.” According to researchers at cybersecurity company Gambit Security, a small group of individuals used  Claude Code and OpenAI’s GPT-4.1 to breach both...

Source

The Standard reports: A medical intern at Princess Margaret Hospital has been suspended after allegedly posting photos containing patients’ information on a personal social media account, the Hospital Authority (HA) announced. The incident came to light after a complaint was filed on Friday, prompting the hospital to launch an immediate investigation. A spokesperson for the...