January 2026 Data Breaches and Exposures Roundups
Two security-news roundups highlighted a broad set of unrelated cyber incidents rather than a single cohesive event. Security Magazine summarized seven January 2026 breach/exposure headlines and cited the Identity Theft Resource Center’s 2025 Data Breach Report, which reported 2025 as the highest year on record for breach counts while victim notices fell 79% year-over-year, suggesting a shift away from 2024-style “mega-breaches” toward more frequent, targeted theft of high-value data.
Among the incidents called out were the alleged theft and public release of roughly 860 GB of Target internal source code and developer documentation (posted to Gitea), a breach of BreachForums that exposed metadata for about 324,000 associated individuals (e.g., usernames, emails, registration dates, IP addresses), and an ICE data leak involving an uploaded database that reportedly exposed sensitive information on personnel (including roughly 2,000 agents and 150 supervisors). Separately, The Cyber Express weekly roundup described a cyberattack disrupting Spain’s Ministry of Science, Innovation, and Universities, forcing a partial IT shutdown and temporary closure of its electronic headquarters, and also covered AI/policy items (e.g., OpenAI controlled access for cyber defense models), reinforcing that the reporting was a multi-topic digest rather than a single incident narrative.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
1 event from the most recent confirmed update back to the earliest known activity.
Story first reported
Initial story creation
Sources
2 references tracked. Mallory keeps watching after this page renders.
See the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Healthcare and public-sector data breaches and breach-related litigation
Multiple organizations reported **unauthorized access and data exposure events** affecting large populations, with several incidents tied to third-party systems or business associates. The Minnesota Department of Human Services notified nearly **304,000** people after a user associated with a licensed healthcare provider accessed demographic records in the *MnChoices* system (managed by vendor **FEI Systems**) beyond what was authorized; most impacted records were demographic data, with a smaller subset including some medical information and, for some, the last four digits of SSNs. Monroe University reported a **December 2024** intrusion with data exfiltration affecting about **320,973** individuals, with exposed data potentially including SSNs, government IDs, financial account information, and health/insurance data; notification letters began in early January 2026. Separately, Mid Michigan Medical Billing Service disclosed a **March 2025** cyberattack that exposed PHI for **28,185** individuals across healthcare clients, and VillageCareMAX reported a breach involving business associate **TMG Health** (details referenced as part of a broader business-associate breach update). Other items in the set describe distinct, unrelated security stories rather than the same incident: an underground-market sale of **Raaga** user data (10.2M records, including passwords stored as **unsalted MD5 hashes**), a settlement in litigation tied to the **Veradigm** breach (over 2M patients; **$10.5M** class-action settlement), and a **ransomware** incident at **Valley Eye Associates** where a group identified as **Qilin** claimed exfiltration (139 GB) and published data. Additional references include commentary on UK government handling of an **Afghan data breach** (spreadsheet emailed outside the MoD and use of an injunction) and broader analysis of healthcare breach trends and UK ambulance-service breach reporting; these provide context but do not describe the same specific event as the Minnesota DHS or other named incidents.
Mar 21, 2026
Weekly Cybersecurity Roundups Covering Breaches, Zero-Days, and AI-Driven Threats
Two weekly “roundup” articles summarized a broad set of security developments rather than a single incident. Reported items included **data breaches** (e.g., PayPal, SpyX, California Cryobank), **active exploitation of multiple vulnerabilities** (including a **Google Chrome 0-day** and critical issues in products such as *BeyondTrust*, *Ivanti EPMM*, *Splunk Enterprise*, and *Windows Admin Center*), and **ransomware activity** (e.g., **Hellcat** reportedly breaching Ascom’s ticketing infrastructure and exfiltrating ~44GB of data). The digest also highlighted availability risk via a reported **Cloudflare** global outage attributed to a cascading password-rotation failure. The week-in-review content also mixed security news with interviews and tool/project updates, including discussion of the evolving CISO role amid **agentic AI**, the release of *REMnux v8* (malware analysis distro) with AI integration, and commentary on “harvest now, decrypt later” **quantum** risk. It additionally referenced separate security headlines such as a **firmware-level Android backdoor** on tablets and a **Dell zero-day** reportedly exploited since 2024, but did not provide a unified, single-event narrative across the items.
Mar 21, 2026
Weekly Cybersecurity Roundups Highlighting New Vulnerabilities and Incidents
Multiple outlets published **weekly cybersecurity roundups** summarizing a mix of vulnerability disclosures, ransomware/breach reporting, and policy developments rather than a single discrete incident. TechTarget highlighted a surge in reported vulnerabilities (citing **48,000+ new CVEs in 2025**) and called out several high-impact issues, including a **critical ServiceNow weakness** tied to weak authentication in the legacy *Virtual Agent* chatbot that became more dangerous when paired with agentic AI (*Now Assist*), potentially enabling impersonation and **admin-level access** into connected enterprise systems. Other roundup coverage aggregated unrelated security events across sectors. Sherpa Intelligence’s “Five for Friday” compiled items including ransomware claims (e.g., **Everest** targeting Nissan; **Nightspire** claiming an attack on a Hyatt Place property) and breach reporting (e.g., a **Korean Air** employee-data breach attributed to **Clop**). The Cyber Express weekly roundup similarly mixed disparate topics (platform policy changes around AI abuse, senior government appointments, and national-level connectivity disruptions), reinforcing that the common thread is **curation of multiple stories** rather than new primary reporting on one specific cyber event.
Mar 21, 2026