Trimaco (founded in 1906) is a manufacturer and worldwide distributor of surface protection and cleaning supplies to the construction, home improvement, and marine industries. Trimaco corporate office is located in 2300 Gateway Centre Blvd Ste 200, Morrisville, North Carolina, 27560, United States and has 224 employees. The total amount of data leakage is 228.10 GBβ. The leaked data includes personal data of employees, access to work accounts, email newsletters, certificates, licenses, manuals, presentations of new products, technical and lab documentation, financial statements, accounting, invoices, customer, supplier and partner documentation, insurance agreements, confidential information and reporting, import and export data, as well as all contracts and agreements from 2014 to the current period.
π«
Trindel Insurance Fund β organization providing fiscal stability and effective risk control for Northern California Rural Counties. The Fundβs office is located at 51 Arbuckle Court, Weaverville, CA 96093.
Formed over 40 years ago by two counties to address an insurance crisis, Trindel now serves 12 member counties through a blend of banking and self-insurance pooling. The Fund operates under a Board of Directors, with two representatives from each county, and an executive committee elected annually. Day-to-day operations are managed by an Executive Director and a team of risk management professionals.
πΊπΈ US 51 Arbuckle Court, Weaverville, CA 96093
Trindel Insurance Fund β organization providing fiscal stability and effective risk control for Northern California Rural Counties. The Fundβs office is located at 51 Arbuckle Court, Weaverville, CA 96093.
Formed over 40 years ago by two counties to address an insurance crisis, Trindel now serves 12 member counties through a blend of banking and self-insurance pooling. The Fund operates under a Board of Directors, with two representatives from each county, and an executive committee elected annually. Day-to-day operations are managed by an Executive Director and a team of risk management professionals.
πΊπΈ US 51 Arbuckle Court, Weaverville, CA 96093
π«
JP Express is a large transport company providing cargo transportation. JP Express corporate office is located in PO Box 819, Deer Park, New York, 11729, United States and has 260 employees. The total amount of data leakage is 77.40 GB. (61,8 GB arc) The leaked data includes personal information of employees, driverβs licenses, photos, resumes, employment contracts, access to work accounts, email newsletters, certificates, licenses, financial statements, accounting, invoices, customer documentation, insurance agreements, logistics reports, confidential information and cargo reports, destinations and addresses, reports on completed trips, as well as all contracts and agreements of the company. πΊπΈ
βοΈ
JP Express is a large transport company providing cargo transportation. JP Express corporate office is located in PO Box 819, Deer Park, New York, 11729, United States and has 260 employees. The total amount of data leakage is 77.40 GB. (61,8 GB arc) The leaked data includes personal information of employees, driverβs licenses, photos, resumes, employment contracts, access to work accounts, email newsletters, certificates, licenses, financial statements, accounting, invoices, customer documentation, insurance agreements, logistics reports, confidential information and cargo reports, destinations and addresses, reports on completed trips, as well as all contracts and agreements of the company. πΊπΈ
βοΈ
π«
McFarland Commercial Insurance Services
McFarland Commercial Insurance Services β a company providing commercial insurance services in California since 2002. The companyβs office is located at 833 Mistletoe Lane, Suite 102, Redding, CA 96002. The total amount of data leakage is 22 GB (arc). The leak includes employees' personal data, access to work accounts, email correspondence, logins and passwords, insurance licenses, client databases, financial records, accounting documents, invoices, contracts, commercial proposals, as well as confidential client and supplier data.
Redding City Hall, California, US πΊπΈ
McFarland Commercial Insurance Services
McFarland Commercial Insurance Services β a company providing commercial insurance services in California since 2002. The companyβs office is located at 833 Mistletoe Lane, Suite 102, Redding, CA 96002. The total amount of data leakage is 22 GB (arc). The leak includes employees' personal data, access to work accounts, email correspondence, logins and passwords, insurance licenses, client databases, financial records, accounting documents, invoices, contracts, commercial proposals, as well as confidential client and supplier data.
Redding City Hall, California, US πΊπΈ
Dutch police with FBI support shut down AVCheck virus testing service
Dutch police, with support from the US and Finland, blocked the AVCheck service
πΉ AVCheck allowed checking if commercial antiviruses detected the virus. This is a key step before an attack.
πΉ Related services Cryptor.biz and Crypt.guru were also disabled (one seized, the other not working).
πΉ Undercover agents posing as clients participated in the operation.
Law enforcement shut down AVCheck servers and seized a user database containing their information (including usernames, email addresses, payment details, and more).
βοΈ An authorization script was modified to activate webcams and determine locations.
Exercise caution and refrain from visiting.
Dutch police, with support from the US and Finland, blocked the AVCheck service
πΉ AVCheck allowed checking if commercial antiviruses detected the virus. This is a key step before an attack.
πΉ Related services Cryptor.biz and Crypt.guru were also disabled (one seized, the other not working).
πΉ Undercover agents posing as clients participated in the operation.
Law enforcement shut down AVCheck servers and seized a user database containing their information (including usernames, email addresses, payment details, and more).
βοΈ An authorization script was modified to activate webcams and determine locations.
Exercise caution and refrain from visiting.
π2
π«
eVent Medical β a company founded in March 2000 by respiratory therapists and engineers specializing in high-performance, cost-effective ventilators.
The companyβs data breach includes 32 GB of leaked documents, primarily containing financial records related to equipment purchases and sales, as well as internal transaction details, vendor agreements, and procurement contracts.
60 Empire Dr, Lake Forest, CA 92630, United States πΊπΈ
π½ βοΈ
eVent Medical β a company founded in March 2000 by respiratory therapists and engineers specializing in high-performance, cost-effective ventilators.
The companyβs data breach includes 32 GB of leaked documents, primarily containing financial records related to equipment purchases and sales, as well as internal transaction details, vendor agreements, and procurement contracts.
60 Empire Dr, Lake Forest, CA 92630, United States πΊπΈ
π½ βοΈ
π«
Automha (founded in 1979) is a company that develops automated data storage systems for warehouses. Automha's corporate office is located at Via Emilia, 6, Azzano San Paolo, Lombardy, 24052, Italy and has 114 employees. The total volume of leaked data is 308.9 GB. The leaked data includes personal data of employees, access to work accounts, email newsletters, certificates, licenses, financial statements, accounting records, invoices, customer documentation, confidential information and reporting, data on the contents of warehouses and storage facilities, a list of owners and regular customers.
π½
Automha (founded in 1979) is a company that develops automated data storage systems for warehouses. Automha's corporate office is located at Via Emilia, 6, Azzano San Paolo, Lombardy, 24052, Italy and has 114 employees. The total volume of leaked data is 308.9 GB. The leaked data includes personal data of employees, access to work accounts, email newsletters, certificates, licenses, financial statements, accounting records, invoices, customer documentation, confidential information and reporting, data on the contents of warehouses and storage facilities, a list of owners and regular customers.
π½
On January 21, 2026, the Clop group claimed responsibility for the attack on mcmathlaw.com.
McMath Woods P.A. (allegedly founded in 1953, Little Rock, Arkansas. Actual documents confirm activity since 2006) β a personal injury and consumer protection law firm. Staff: 7 partners + associated attorneys (12+ employees total). Offices in Little Rock and Fayetteville.
Leaked archive size: 855 GB
More than 350 GB is useless junk (police bodycam videos, police photos, etc.)
What leaked:
* Personal data of clients (including medical records) and employees
* Documentation of 5,000+ personal injury claims
* Internal correspondence and case strategy
* Financials, accounting, invoices, contracts, fee data
* Access to work accounts and corporate email
* Insurance payout databases, expert reports, client lists
* Litigation records and unpublished rulings
π Publication status:
The dataset has been published in open access.
π«
McMath Woods P.A. (allegedly founded in 1953, Little Rock, Arkansas. Actual documents confirm activity since 2006) β a personal injury and consumer protection law firm. Staff: 7 partners + associated attorneys (12+ employees total). Offices in Little Rock and Fayetteville.
Leaked archive size: 855 GB
More than 350 GB is useless junk (police bodycam videos, police photos, etc.)
What leaked:
* Personal data of clients (including medical records) and employees
* Documentation of 5,000+ personal injury claims
* Internal correspondence and case strategy
* Financials, accounting, invoices, contracts, fee data
* Access to work accounts and corporate email
* Insurance payout databases, expert reports, client lists
* Litigation records and unpublished rulings
π Publication status:
The dataset has been published in open access.
π«
On January 25, 2026, the ransomware group Clop claimed responsibility for the attack on excelas1.com.
Excelas LLC (founded in 2005, Cleveland, Ohio, USA) is a medical-legal company that provides medical record analysis and organization services for insurance firms, lawyers, and healthcare institutions. The company has 35 employees.
Total leaked archive size: 250 GB
What leaked:
* Medical records and patient medical histories
* Personal data of employees and patients
* Legal documentation related to medical claims and lawsuits
* Internal correspondence and case strategy
* Contracts, invoices, financial statements
* Access to work accounts and corporate email
* Insurance payout databases and expert reports
The full leak has been published.
Excelas LLC (founded in 2005, Cleveland, Ohio, USA) is a medical-legal company that provides medical record analysis and organization services for insurance firms, lawyers, and healthcare institutions. The company has 35 employees.
Total leaked archive size: 250 GB
What leaked:
* Medical records and patient medical histories
* Personal data of employees and patients
* Legal documentation related to medical claims and lawsuits
* Internal correspondence and case strategy
* Contracts, invoices, financial statements
* Access to work accounts and corporate email
* Insurance payout databases and expert reports
The full leak has been published.
π
Date: January 21, 2026
(date of Clop group's public claim)
π¦ Attacker: Clop ransomware group
π― Compromised domain: KCDWORLDWIDE.COM
π’ About the company:
KCD Worldwide is an international communications agency specializing in PR, event production, and digital marketing for the fashion, beauty, and luxury goods industries. The company has offices in New York, London, and Paris and works with leading global brands and designers.
π¦ Total leaked archive size: ~ 6.79 TB
π What leaked:
β’ Contracts and commercial proposals
β’ Personal data of employees and freelancers
β’ Applicant resumes
β’ Event plans and promotional materials
β’ Installation and fashion show schematics
β’ Financial documentation β mostly useless garbage like taxi and hotel receipts
πΈ Leak highlight:
The majority of the leak consists of photo materials. But if you look at them β don't be surprised that the company refused to pay the ransom. Because the photographers working for this company have two left hands. π€·ββοΈ
π½
(date of Clop group's public claim)
π¦ Attacker: Clop ransomware group
π― Compromised domain: KCDWORLDWIDE.COM
π’ About the company:
KCD Worldwide is an international communications agency specializing in PR, event production, and digital marketing for the fashion, beauty, and luxury goods industries. The company has offices in New York, London, and Paris and works with leading global brands and designers.
π¦ Total leaked archive size: ~ 6.79 TB
π What leaked:
β’ Contracts and commercial proposals
β’ Personal data of employees and freelancers
β’ Applicant resumes
β’ Event plans and promotional materials
β’ Installation and fashion show schematics
β’ Financial documentation β mostly useless garbage like taxi and hotel receipts
πΈ Leak highlight:
The majority of the leak consists of photo materials. But if you look at them β don't be surprised that the company refused to pay the ransom. Because the photographers working for this company have two left hands. π€·ββοΈ
π½
π¨ In early 2026, Match Group, the owner of major dating apps, faced two major incidents: a hacker attack and a regulatory settlement with US authorities. Here's what you need to know.
1οΈβ£ Data breach (January 2026)
The hacker group ShinyHunters breached Match Group's systems using a vishing (voice phishing) attack.
β Hackers tricked an employee into giving up login credentials for Okta (single sign-on platform).
β This allowed access to internal dashboards and the AppsFlyer marketing platform.
What was stolen:
β«οΈ ~85,000 user email addresses
β«οΈ ~2 million mobile advertising IDs (MAIDs)
β«οΈ Internal documents, OkCupid logs, Hinge subscription transaction data
Important: passwords, financial data, and personal chat history were not compromised.
β οΈ Main risk: phishing emails sent to the leaked email addresses.
2οΈβ£ FTC settlement (March 2026)
The US Federal Trade Commission reached a settlement with OkCupid (a Match Group subsidiary) over hidden data sharing.
1οΈβ£ Data breach (January 2026)
The hacker group ShinyHunters breached Match Group's systems using a vishing (voice phishing) attack.
β Hackers tricked an employee into giving up login credentials for Okta (single sign-on platform).
β This allowed access to internal dashboards and the AppsFlyer marketing platform.
What was stolen:
β«οΈ ~85,000 user email addresses
β«οΈ ~2 million mobile advertising IDs (MAIDs)
β«οΈ Internal documents, OkCupid logs, Hinge subscription transaction data
Important: passwords, financial data, and personal chat history were not compromised.
β οΈ Main risk: phishing emails sent to the leaked email addresses.
2οΈβ£ FTC settlement (March 2026)
The US Federal Trade Commission reached a settlement with OkCupid (a Match Group subsidiary) over hidden data sharing.
π FROST BANK DATA LEAK
π Incident date: April 20, 2026
(date of data sample publication by the Everest group)
π¦ Attacker: Everest ransomware group (Russian-speaking RaaS operation)
π― Affected organization: Frost Bank β a major bank headquartered in San Antonio, Texas, with branches across the state
π₯ Customers affected: Over 250,000 people (according to hackers)
π What leaked (based on data samples):
β’ Full customer names
β’ Social Security numbers (SSN)
β’ Tax Identification Numbers (TIN)
β’ Home addresses
β’ Income and taxable amount data
β’ Mortgage interest rates
β’ Investment profits
β οΈ Important note: Experts from Cybernews who analyzed the data samples could not confirm with absolute certainty that the data belongs to Frost Bank.
π’ Bank's official position:
A Frost Bank representative stated that a third-party vendor notified the bank of "unauthorized access to their systems." According to the bank, its own systems were not compromised.
βοΈ Legal consequences:
The law firm Goldenberg Schneider, LPA is investigating the incident and is already accepting inquiries from affected customers to assess their rights to compensation.
π Publication status:
Data samples were published on the Dark Web. The total volume of the leaked archive has not been disclosed at this time.
π Update as of April 27, 2026:
The notice about this leak has been removed from the Everest group's website.
π Incident date: April 20, 2026
(date of data sample publication by the Everest group)
π¦ Attacker: Everest ransomware group (Russian-speaking RaaS operation)
π― Affected organization: Frost Bank β a major bank headquartered in San Antonio, Texas, with branches across the state
π₯ Customers affected: Over 250,000 people (according to hackers)
π What leaked (based on data samples):
β’ Full customer names
β’ Social Security numbers (SSN)
β’ Tax Identification Numbers (TIN)
β’ Home addresses
β’ Income and taxable amount data
β’ Mortgage interest rates
β’ Investment profits
β οΈ Important note: Experts from Cybernews who analyzed the data samples could not confirm with absolute certainty that the data belongs to Frost Bank.
π’ Bank's official position:
A Frost Bank representative stated that a third-party vendor notified the bank of "unauthorized access to their systems." According to the bank, its own systems were not compromised.
βοΈ Legal consequences:
The law firm Goldenberg Schneider, LPA is investigating the incident and is already accepting inquiries from affected customers to assess their rights to compensation.
π Publication status:
Data samples were published on the Dark Web. The total volume of the leaked archive has not been disclosed at this time.
π Update as of April 27, 2026:
The notice about this leak has been removed from the Everest group's website.
π INCIDENT: ANSTECHINC.COM
π Date: February 10, 2026
(date of Clop group's public claim)
π― Compromised domain: ANSTECHINC.COM
π’ About the company:
A US-based company.
π¦ Total leaked archive size: 232 (259) GB
π What leaked:
β’ Contracts and commercial proposals
β’ Personal data of employees (fewer than 10 people)
β’ Financial documentation
β’ Credit card statements
β’ Candidate resumes
!?! β’ Product photos and prices from a small retail chain !?! (160 GB of garbage)
β’ Certificates of Insurance
β οΈ Leak status:
The full leak has been published β which is quite expected, because the archive contains nothing valuable enough to pay for.
π€· The only mystery about this little outfit is that it amounts to nothing.
I think these idiots were hacked just for laughs.
π Date: February 10, 2026
(date of Clop group's public claim)
π― Compromised domain: ANSTECHINC.COM
π’ About the company:
A US-based company.
π¦ Total leaked archive size: 232 (259) GB
π What leaked:
β’ Contracts and commercial proposals
β’ Personal data of employees (fewer than 10 people)
β’ Financial documentation
β’ Credit card statements
β’ Candidate resumes
!?! β’ Product photos and prices from a small retail chain !?! (160 GB of garbage)
β’ Certificates of Insurance
β οΈ Leak status:
The full leak has been published β which is quite expected, because the archive contains nothing valuable enough to pay for.
π€· The only mystery about this little outfit is that it amounts to nothing.
I think these idiots were hacked just for laughs.
π1
π INCIDENT: MCDONALD'S INDIA
π Incident date: January 20, 2026
(date of Everest group's dark web claim)
π― Affected organization: McDonald's India β Indian subsidiary of the fast-food giant. Operates through two entities: Connaught Plaza Restaurants (North & East) and Hardcastle Restaurants (West & South)
π¦ Alleged leaked archive size: 861 GB
π What allegedly leaked (according to hackers):
β’ Financial reports and audit trails
β’ Pricing data
β’ Sensitive internal communications
β’ Contact database of investors and partners from the US, UK, Singapore, and India
β’ Internal store-level data including manager names and contact numbers for dozens of outlets
β’ Customer personal data
β’ Access to accounting/ERP systems (month-by-month directory breakdown)
β οΈ Leak status:
The full leak has been published.
π Context (previous incidents):
β’ 2017: ~2.2 million customer records leaked via McDelivery app
β’ 2024: API vulnerabilities in delivery system allowed ordering for $0.01, order hijacking, and driver tracking (fixed in September)
π Incident date: January 20, 2026
(date of Everest group's dark web claim)
π― Affected organization: McDonald's India β Indian subsidiary of the fast-food giant. Operates through two entities: Connaught Plaza Restaurants (North & East) and Hardcastle Restaurants (West & South)
π¦ Alleged leaked archive size: 861 GB
π What allegedly leaked (according to hackers):
β’ Financial reports and audit trails
β’ Pricing data
β’ Sensitive internal communications
β’ Contact database of investors and partners from the US, UK, Singapore, and India
β’ Internal store-level data including manager names and contact numbers for dozens of outlets
β’ Customer personal data
β’ Access to accounting/ERP systems (month-by-month directory breakdown)
β οΈ Leak status:
The full leak has been published.
π Context (previous incidents):
β’ 2017: ~2.2 million customer records leaked via McDelivery app
β’ 2024: API vulnerabilities in delivery system allowed ordering for $0.01, order hijacking, and driver tracking (fixed in September)
π‘ FLYBOYS FLIGHT CENTER DATA BREACH
π― Organization: FlyBoys Flight Center (USA)
π Leak volume: 5.41 GB
π Incident date: July 2024
π¦ Attacker: Medusa ransomware group
π Content: According to the source, the archive contains training programs, courses, certificates, financial reports, and other internal documentation.
π Publication status: The data was published on Medusa's leak site in July 2024. A 5.41 GB file archive is currently in open access.
π― Organization: FlyBoys Flight Center (USA)
π Leak volume: 5.41 GB
π Incident date: July 2024
π¦ Attacker: Medusa ransomware group
π Content: According to the source, the archive contains training programs, courses, certificates, financial reports, and other internal documentation.
π Publication status: The data was published on Medusa's leak site in July 2024. A 5.41 GB file archive is currently in open access.
π TOKOPARTS.COM DATA BREACH β 79 GB
π― Organization: Tokoparts (PT Suku Cadang Oto Sejahtera) β Indonesian auto parts supplier
π Volume: 79 GB, 29,425 files
π Data period: 2020β2026
π What leaked:
β’ Financial reports: P&L, balance sheets for 2024β2025, consolidation package for Mitsubishi Corporation (April 10, 2026)
β’ Banking data: BCA and MUFG statements, all transactions
β’ Taxes: SPT PPh 21,23,26 filings, VAT (PPN) for 2022β2024
β’ Customer database: 463 corporate clients, 11,272 invoices, AR outstanding 10.5 billion IDR (87% overdue)
β’ Orders: 33,041 orders from 381 buyers (66 fields per record)
β’ Delivery documents: 15,000+ photos of delivery slips (signatures, addresses, couriers) β latest dated April 7, 2026
β’ Supplier pricing: Toyota, Honda, Mitsubishi, Mercedes-Benz, Shell, Denso, Isuzu, Mazda, and others
β’ Active NDAs: with Mitsubishi Corp (valid until June 2026), with MUC Consulting (perpetual term)
β’ Personal data: passport of President Director (Japanese national), KTP IDs, bank account details of supplier directors, data of 20+ Tokoparts employees
β’ SAP HANA, WMS, supply chain data, business plans, forecasts
β οΈ Note: All three NDAs were active at the time of the breach. Data includes documents submitted to Mitsubishi Corporation just days before publication.
π Status: 79 GB archive is publicly available.
π― Organization: Tokoparts (PT Suku Cadang Oto Sejahtera) β Indonesian auto parts supplier
π Volume: 79 GB, 29,425 files
π Data period: 2020β2026
π What leaked:
β’ Financial reports: P&L, balance sheets for 2024β2025, consolidation package for Mitsubishi Corporation (April 10, 2026)
β’ Banking data: BCA and MUFG statements, all transactions
β’ Taxes: SPT PPh 21,23,26 filings, VAT (PPN) for 2022β2024
β’ Customer database: 463 corporate clients, 11,272 invoices, AR outstanding 10.5 billion IDR (87% overdue)
β’ Orders: 33,041 orders from 381 buyers (66 fields per record)
β’ Delivery documents: 15,000+ photos of delivery slips (signatures, addresses, couriers) β latest dated April 7, 2026
β’ Supplier pricing: Toyota, Honda, Mitsubishi, Mercedes-Benz, Shell, Denso, Isuzu, Mazda, and others
β’ Active NDAs: with Mitsubishi Corp (valid until June 2026), with MUC Consulting (perpetual term)
β’ Personal data: passport of President Director (Japanese national), KTP IDs, bank account details of supplier directors, data of 20+ Tokoparts employees
β’ SAP HANA, WMS, supply chain data, business plans, forecasts
β οΈ Note: All three NDAs were active at the time of the breach. Data includes documents submitted to Mitsubishi Corporation just days before publication.
π Status: 79 GB archive is publicly available.
π BEST PRICE FINANCIAL SERVICES DATA BREACH
π Incident date: July 23β25, 2025
π¦ Attacker: Everest ransomware group
π― Affected organization: Best Price Financial Services β a UK-based independent financial services provider, regulated by the Financial Conduct Authority (FCA). The company offers life insurance, income protection, critical illness coverage, and operates an online price comparison tool.
π What leaked (based on initial publication):
β’ Internal documents (screenshots published on dark web leak site)
β’ Potentially client data, internal communications, financial records
β οΈ Important note: The full dataset has been published.
π Publication status: The victim was added to Everest's dark web leak site on July 25, 2025.
βοΈ Regulatory consequences: As an FCA-regulated financial services provider, the company handles sensitive client financial data. A full leak could trigger regulatory fines and client compensation claims.
π Incident date: July 23β25, 2025
π¦ Attacker: Everest ransomware group
π― Affected organization: Best Price Financial Services β a UK-based independent financial services provider, regulated by the Financial Conduct Authority (FCA). The company offers life insurance, income protection, critical illness coverage, and operates an online price comparison tool.
π What leaked (based on initial publication):
β’ Internal documents (screenshots published on dark web leak site)
β’ Potentially client data, internal communications, financial records
β οΈ Important note: The full dataset has been published.
π Publication status: The victim was added to Everest's dark web leak site on July 25, 2025.
βοΈ Regulatory consequences: As an FCA-regulated financial services provider, the company handles sensitive client financial data. A full leak could trigger regulatory fines and client compensation claims.
π CITIZENS BANK DATA BREACH
π Incident date: April 2026
π¦ Attacker: Everest ransomware group
π― Organization affected: Citizens Bank (major U.S. bank, corporate HQ in Providence, Rhode Island)
π₯ Customers affected (bank's statement): "several thousand"
π Attackers' claim: ~3.4 million records (bank calls this figure "generally inaccurate")
π What leaked (per Citizens Bank's official statement):
β’ Customer names
β’ Home addresses
β’ Bank account numbers (data found on a paper check)
β Social Security numbers (SSN) β NOT compromised
Customer class-action lawsuits claim that credit card numbers and passport numbers may also have been affected, but there is no official confirmation from the bank.
π Publication status:
The publication timer on Everest's leak site has been reset twice. As of now, no public links to the stolen data have been released.
π Note: The breach occurred at a third-party vendor, not within Citizens Bank's own network.
π Incident date: April 2026
π¦ Attacker: Everest ransomware group
π― Organization affected: Citizens Bank (major U.S. bank, corporate HQ in Providence, Rhode Island)
π₯ Customers affected (bank's statement): "several thousand"
π Attackers' claim: ~3.4 million records (bank calls this figure "generally inaccurate")
π What leaked (per Citizens Bank's official statement):
β’ Customer names
β’ Home addresses
β’ Bank account numbers (data found on a paper check)
β Social Security numbers (SSN) β NOT compromised
Customer class-action lawsuits claim that credit card numbers and passport numbers may also have been affected, but there is no official confirmation from the bank.
π Publication status:
The publication timer on Everest's leak site has been reset twice. As of now, no public links to the stolen data have been released.
π Note: The breach occurred at a third-party vendor, not within Citizens Bank's own network.
π NISSAN MOTOR CORPORATION DATA BREACH
π Incident date: January 10, 2026 (attackers' public disclosure)
π¦ Attacker: Everest ransomware group
π― Organization affected: Nissan Motor Corporation (Japanese automaker, North American operations β USA and Canada)
π₯ Affected (attackers' claim): 900β910 GB of data (17+ million VIN numbers)
Based on DataBreach.com analysis of leaked files:
β’ 17,119,482 VIN numbers
β’ 4,193,509 full names
β’ 4,055,146 postal addresses
β’ 2,685,720 phone numbers
β’ 2,045,754 email addresses
β’ 2,736 dates of birth
β οΈ IMPORTANT NOTE:
The breach occurred at a third-party vendor (GCSSD) that serviced Nissan and Infiniti dealerships in North America β not at Nissan itself.
π Incident date: January 10, 2026 (attackers' public disclosure)
π¦ Attacker: Everest ransomware group
π― Organization affected: Nissan Motor Corporation (Japanese automaker, North American operations β USA and Canada)
π₯ Affected (attackers' claim): 900β910 GB of data (17+ million VIN numbers)
Based on DataBreach.com analysis of leaked files:
β’ 17,119,482 VIN numbers
β’ 4,193,509 full names
β’ 4,055,146 postal addresses
β’ 2,685,720 phone numbers
β’ 2,045,754 email addresses
β’ 2,736 dates of birth
β οΈ IMPORTANT NOTE:
The breach occurred at a third-party vendor (GCSSD) that serviced Nissan and Infiniti dealerships in North America β not at Nissan itself.
π INCIDENT: ITARCHITECHS.COM
π Attacker's claim date: February 10, 2026 (Clop group)
π Data publication date: February 14, 2026
π― Compromised domain: ITARCHITECHS.COM
π’ About the company: Technology services provider / IT company based in the United States.
π¦ Total leaked archive size: 52.2 GB
π What leaked:
β’ Contracts and commercial proposals
β’ Financial documentation
β’ Internal corporate documents
β’ Employee personal data
β’ Technical documentation and configurations
β’ Client information
β’ Operational data
β οΈ Leak status: Fully published. As of now, 52.2 GB of data is publicly available.
π Attacker's claim date: February 10, 2026 (Clop group)
π Data publication date: February 14, 2026
π― Compromised domain: ITARCHITECHS.COM
π’ About the company: Technology services provider / IT company based in the United States.
π¦ Total leaked archive size: 52.2 GB
π What leaked:
β’ Contracts and commercial proposals
β’ Financial documentation
β’ Internal corporate documents
β’ Employee personal data
β’ Technical documentation and configurations
β’ Client information
β’ Operational data
β οΈ Leak status: Fully published. As of now, 52.2 GB of data is publicly available.