Biggest Cyber Attacks, Data Breaches, Ransomware Attacks of March 2026

Date

Victim

Summary

Threat Actor

Business Impact

Source Link

March 03, 2026

Paint maker giant AkzoNobel

Paint maker giant AkzoNobel confirms cyber attack on U.S. site

Anubis Ransomware Gang

AkzoNobel confirmed that hackers breached the network of one of its U.S. sites and stole large amounts of internal data, with samples of the stolen files later leaked online, though the company said the incident was contained and the overall impact remained limited.

AkzoNobel Ransomware Attack

March 12, 2026

England Hockey

England Hockey investigating ransomware data breach

AiLock Ransomware Group

England Hockey investigated a cyber attack after a ransomware gang claimed it breached the organization’s network and stole around 129 GB of internal data, threatening to leak the files unless a ransom was paid.

Source: Bleeping Computer

March 18, 2026

Marquis Software Solutions

Ransomware gang stole data of 672,000 people in 2025 cyber attack

Unknown

A ransomware attack on fintech firm Marquis led to the theft of sensitive personal and financial data—such as Social Security numbers, account details, and contact information—impacting approximately 672,000 individuals across multiple banks and credit unions.

Source: Bleeping Computer

March 25, 2026

U.S. companies and organizations

Russian botnet operator linked to major ransomware attacks sentenced in US

Ilya Angelov, a Russian National, helped operate a botnet used by ransomware gangs

The botnet operation enabled ransomware gangs to breach corporate systems and carry out attacks against dozens of U.S. companies, leading to widespread network compromises and significant financial extortion losses.

Source: The Record

March 26, 2026

St Anne’s Catholic School, Southampton

Ransomware: Catholic school closed for days after cyber attack

Unknown

The ransomware attack forced the school to shut down operations for four days after its network was compromised, causing significant disruption to classes and administrative activities.

Source: The BBC

March 30, 2026

Statistics South Africa (Stats SA)

Stats SA confirms data breach, hackers demand ransom

XP95

The attack led to the theft of over 150GB of data from a human resources system, with hackers demanding ransom to prevent the release of hundreds of thousands of sensitive records, raising serious risks of data exposure and misuse.

Stats South Africa Ransomware Attack

Date

Victim

Summary

Threat Actor

Business Impact

Source Link

March 03, 2026

Optimizely

Suspected ShinyHunters’ vishing attack hits Ad Tech firm Optimizely, leaking business information

ShinyHunters

Ad tech company Optimizely experienced a phishing-based intrusion where attackers accessed some internal systems and stole limited business contact information from CRM and internal documents, though sensitive customer data was not compromised and operations continued normally.

Optimizely Data Breach

March 03, 2026

Pathstone Family Office

Pathstone Family Office breached; records stolen

ShinyHunters

Hackers claimed to have breached Pathstone Family Office and stolen around 641,000 records containing sensitive personal information and internal corporate documents, potentially exposing clients to identity theft, fraud, and reputational risks.

Pathstone Family Office Data Breach

March 03,2026

Pedro Sánchez and other Spanish government officials

Spain Govt Data Breach March 04: Pedro Sanchez details allegedly leaked

Unknown

A hacker allegedly leaked personal information—including phone numbers and addresses—linked to Spanish government officials such as Prime Minister Pedro Sánchez, raising concerns about a possible breach of sensitive government-related data while authorities launched an investigation into the incident.

Data Breach of Spanish Govt Officials

March 04, 2026

LexisNexis

LexisNexis says hackers accessed legacy data

FulcrumSec

Hackers gained access to a limited number of servers belonging to LexisNexis and stole millions of records containing mostly legacy data—such as customer names, user IDs, business contact details, support tickets, and other internal information—though the company said its products and services were not affected.

LexisNexis Data Breach

March 04, 2026

Valley Radiology Consultants Medical Group and Nephrology Associates Medical Group

Two California Medical Groups announce data breaches

Unknown

An unauthorized actor accessed the networks of Valley Radiology Consultants Medical Group and Nephrology Associates Medical Group, exposing sensitive patient information such as personal, medical, and insurance data, prompting both organizations to notify affected individuals and strengthen their security measures.

Data Breach at Californian Medical Groups

March 04, 2026

University of Hawaii

Data breach at University of Hawaiʻi Cancer Center impacts 1.2 Million individuals

Unknown

A ransomware attack on the University of Hawaiʻi Cancer Center compromised research systems and exposed sensitive personal data—including Social Security numbers, driver’s license details, and health-related research information—of about 1.2 million individuals.

Source: Securityaffairs.com

March 04, 2026

Cloud Imperium Games

Star Citizen developer draws ire over delayed data breach disclosure

Unknown

A cyber attack on Cloud Imperium Games exposed limited personal data—such as usernames, names, dates of birth, and contact details—after attackers gained read-only access to backup systems, raising concerns among players about phishing risks and the company’s delayed disclosure of the breach.

Cloud Imperium Games Data Breach

March 05, 2026

CIMB

CIMB refutes claims of data breach involving 1.2 mil records

Unknown

Reports circulated online claiming that a dataset containing about 1.2 million records of sensitive customer financial and personal information from CIMB had been leaked, though the bank later stated its investigation found no evidence of a breach and confirmed its systems remained secure.

Source: theedgemalaysia.com

March 06, 2026

Cognizant’s TriZetto

Cognizant TriZetto breach exposes health data of 3.4 million patients

Unknown

Hackers gained unauthorized access to Cognizant’s TriZetto systems and exfiltrated sensitive personal and health insurance information belonging to about 3.4 million patients, exposing data such as names, birth dates, Social Security numbers, and insurance details.

Source: Bleeping Computer

March 09, 2026

Salesforce Aura

ShinyHunters claims ongoing Salesforce Aura data theft attacks

ShinyHunters

The ShinyHunters hacking group claimed it had been exploiting Salesforce Aura/Experience Cloud instances—particularly those with misconfigured public access—to extract sensitive records from targeted organizations by bypassing query limits and scanning exposed sites for accessible data.

Source: Bleeping Computer

March 10, 2026

Ericsson

Thousands Affected by Ericsson Data Breach

Unknown

A cyber incident at a third-party service provider led to unauthorized access to files containing personal information linked to over 15,000 Ericsson employees and customers, exposing sensitive data stored for the company’s U.S. operations.

Source: Security Week

March 11, 2026

Michelin

Michelin confirms data breach linked to Oracle EBS attack

Cl0p Ransomware Group

Tire manufacturer Michelin confirmed that cybercriminals breached its systems through the wider Oracle E-Business Suite hacking campaign and leaked over 300GB of stolen company files, exposing data believed to have been taken from its Oracle EBS environment.

Source: Security Week

March 12, 2026

Care Management Company

Data breach on care management company impacts 5K patients at NYC Health

Unknown

An unauthorized third party breached a care management partner of NYC Health + Hospitals, exposing sensitive personal and protected health information, including Social Security numbers, Medicaid IDs, diagnoses, medications, and treatment details of roughly 5,000 patients.

Care Management Company Data Breach

March 12, 2026

Telus Digital

Telus Digital confirms breach after hacker claims 1 petabyte data theft

ShinyHunters

Canadian outsourcing giant Telus Digital confirmed a security breach after a hacker claimed to have stolen up to 1 petabyte of data, potentially exposing sensitive information tied to its business-process outsourcing operations and clients.

Source: Bleeping Computer

March 13, 2026

CommonSpirit Health

Third-Party Vendor Breach leads to exposure of data at CommonSpirit Health

Unknown

A data breach linked to a third-party vendor exposed sensitive personal and protected health information, such as names, dates of birth, and medical details, of at least 19,000 individuals connected to CommonSpirit Health, prompting investigations and breach notifications.

CommonSpirit Health Data Breach

March 13, 2026

Viking Line

Viking Line confirms data breach linked to third-party supplier

Unknown

Ferry operator Viking Line confirmed that a cybersecurity incident at a third-party supplier exposed customer information of passengers who had placed advance duty-free orders for pickup during their ferry trips.

Viking Line Data Breach

March 13, 2026

Pinnacle Holdings

Pinnacle Holdings data breach claims investigated by Lynch Carpenter

Unknown

An unauthorised attacker accessed Pinnacle Holdings’ network and potentially stole sensitive personal and health information including Social Security numbers, medical records, insurance details, and treatment data, affecting nearly 20,000 individuals.

Pinnacle Holdings data breach

March 13, 2026

Loblaw Companies Limited

Loblaw reports customer data breach after IT network intrusion

Unknown

Hackers infiltrated a non-critical segment of Loblaw Companies Limited’s IT network and accessed basic customer information such as names, phone numbers, and email addresses, prompting the company to log out all users and advise customers to remain alert for phishing attempts.

Source: scworld.com

March 17, 2026

Robotic Surgery Giant, Intuitive

Robotic Surgery Giant Intuitive Discloses Cyber Attack

Unknown

A phishing attack led to unauthorised access to Intuitive’s internal business systems, exposing employee, customer, and corporate data, although its surgical platforms and core operations remained unaffected.

Source: Security Week

March 18, 2026

Identity protection company Aura

Aura confirms data breach exposing 900,000 marketing contacts

ShinyHunters

A phishing attack allowed hackers to access an employee account and exfiltrate roughly 900,000 marketing contact records, exposing names, email addresses, phone numbers, and home addresses linked to Aura’s systems.

Source: Bleeping Computer

March 19, 2026

Navia Benefit Solutions

Navia discloses data breach impacting 2.7 million people

Unknown

An attacker gained unauthorised access to Navia’s systems through an exposed API and accessed sensitive personal and health-related information, including Social Security numbers and account data, affecting approximately 2.7 million individuals.

Source: Bleeping Computer

March 24, 2026

Lockheed Martin

Massive data breach at Lockheed Martin claimed by pro-Iran hacktivist

APT Iran

A pro-Iran hacktivist group claimed it had stolen around 375 TB of sensitive data from Lockheed Martin, including alleged F-35 aircraft blueprints and internal corporate files, and threatened to sell or leak the data unless a ransom exceeding $400 million was paid.

Source: Cybersecurity Dive

March 24, 2026

Mazda Motor Corporation

Mazda confirms limited employee, business partner data breach

Unknown

Hackers exploited a vulnerable internal warehouse management system at Mazda and accessed limited personal data including names, email addresses, and IDs of around 692 employees and business partners, though no customer information was affected.

Source: scworld.com

March 24, 2026

French Education Ministry

Data Breach in French Education Ministry information system hits 243,000 staff

Unknown

An unauthorised breach of the French Education Ministry’s COMPAS system led to the exfiltration of sensitive data including identity details, contact information, and employment-related records affecting approximately 243,000 staff members.

French Education Ministry Data Breach

March 24, 2026

Crunchyroll

Crunchyroll confirms data breach after hacker claims unauthorised access

Unknown

Crunchyroll confirmed that a hacker gained unauthorised access to internal systems through a third-party customer support provider, potentially exposing user data and internal information, though the company said the breach was contained quickly and its core platform remained secure.

Crunchyroll Data Breach

March 25, 2026

Global users whose stolen data was traded on the LeakBase forum

Russia arrests alleged owner of cybercrime forum LeakBase, report says

Unknown

The LeakBase platform facilitated the large-scale trading of stolen credentials, hacking tools, and sensitive data affecting hundreds of thousands of users, enabling widespread cybercrime and account compromise globally.

Arrest of alleged owner of LeakBase

March 25, 2026

Ajax FC fans and supporters

Ajax FC data breach exposes 300,000 fans, hacker steals tickets and stadium ban details.

Unknown

The breach exposed personal data of over 300,000 fans and allowed unauthorized access to accounts, enabling attackers to view sensitive information and even manipulate tickets and stadium bans, creating serious privacy and security risks.

Ajax FC data breach

March 28, 2026

Corewell Health patients

Thousands of Corewell Health patients impacted by 2024 data breach

Unknown

The breach exposed sensitive personal and medical data of around 19,000 patients after a vendor’s network was compromised, raising risks of identity theft and privacy violations despite no confirmed fraud.

Source: cbsnews.com

March 29, 2026

FBI Director Kash Patel

FBI confirms hack of Director Patel's personal email inbox

Handala Hack Team

The hackers breached FBI Director Kash Patel’s personal email inbox and leaked emails, photos, and documents online, exposing personal information and raising concerns over targeted attacks on high-profile officials.

Source: Bleeping Computer

March 30, 2026

European Commission

European Commission downplays ShinyHunters cyber claim

ShinyHunters

The alleged breach involved claims of over 350GB of stolen data from public-facing EU websites, but authorities said the attack was quickly contained with no impact on internal systems and minimal risk to sensitive data.

Source: The Record

March 30, 2026

CareCloud

Healthcare software firm CareCloud informs SEC of potential patient data leak

Unknown

The cyber-attack caused an eight-hour disruption to a patient record system and potentially exposed sensitive electronic health records, creating risks of data leakage along with legal, regulatory, and reputational consequences for the company.

Source: The Record

Date

Victim

Summary

Threat Actor

Business Impact

Source Link

March 03, 2026

Catalyst RCM

Cyber Attack on healthcare RCM vendors may have impacted 140K patients

Everest Ransomware Group

A cyber attack on healthcare revenue cycle management vendor Catalyst RCM exposed sensitive personal, financial, and medical data of nearly 140,000 patients linked to diagnostic firms such as Vikor Scientific, after attackers accessed files through compromised credentials.

Source: healthexec.com

March 05, 2026

Telecommunication service providers in South America

Chinese state hackers target telcos with new malware toolkit

UAT-9244 (China-linked APT group)

China-linked hackers compromised telecommunications providers in South America by deploying a newly discovered malware toolkit that infected Windows, Linux, and network-edge devices to maintain long-term access and conduct cyber-espionage operations.

Source: Bleeping Computer

March 11, 2026

Stryker Corporation

Medtech giant Stryker offline after Iran-linked wiper malware attack

Handala (Iran-linked hacktivist group)

An Iran-linked hacker group launched a destructive wiper attack against medical technology company Stryker, knocking parts of its global network offline and disrupting internal systems, manufacturing, and order processing across its operations.

Stryker Cyber Attack

March 20, 2026

Brightly Software

Data analyst found guilty of extorting Brightly Software of $2.5 million

Cameron Curry

A former data analyst abused his authorized access to steal sensitive corporate and payroll data from Brightly Software and used it to send dozens of extortion emails threatening to leak the information unless a $2.5 million ransom was paid

Source: Bleeping Computer

March 24, 2026

Dutch Ministry of Finance

Dutch Ministry of Finance discloses breach affecting employees

Unknown

Attackers gained unauthorized access to internal systems within the Dutch Ministry of Finance, disrupting some employee operations and workflows, though critical services like tax and customs systems remained unaffected while the incident was investigated.

Source: Bleeping Computer

March 25, 2026

Users of cryptocurrency wallets

New Torg Grabber infostealer malware targets 728 crypto wallets

Unknown

The Torg Grabber malware enabled attackers to steal sensitive data—including crypto wallet credentials, passwords, and files—from hundreds of browser extensions and applications, putting users at risk of financial theft and widespread account compromise.

Source: Bleeping Computer

March 26, 2026

Global users and organizations

Alleged RedLine Malware Administrator Extradited to US

Hambardzum Minasyan

The RedLine infostealer enabled cybercriminals to steal sensitive data—including credentials, financial information, and cryptocurrency wallets—from infected systems worldwide, leading to large-scale account compromises and financial fraud risks.

Alleged RedLine Malware Administrator Extradited to US

March 30, 2026

Cota Co Ltd

Cota Co Ltd confirms cyber attack on the company's system On March 27, checking possible information leakage

Unknown

The cyberattack disrupted internal company systems and prompted an investigation into possible data leakage, raising concerns over unauthorized access and potential exposure of sensitive information.

Source: Reuters

New Ransomware

Summary

New KadNap botnet hijacks ASUS routers to fuel cybercrime proxy network

Attackers infected thousands of ASUS routers and other edge devices with the KadNap malware, turning them into a large botnet used to route malicious traffic through a cybercrime proxy network that helped hide and support further attacks.

LiteLLM Supply Chain Malware

This malware enabled large-scale credential theft, including SSH keys, API tokens, and cloud secrets, giving attackers backdoor access to developer environments and the capacity to compromise entire cloud infrastructures and downstream applications at scale.

Keitaro Malvertising Malware

This campaign infected users through malicious ads and phishing pages, acting as a large-scale malware distribution engine capable of delivering multiple payloads simultaneously to thousands of victims across different sectors.

PRIXMES (APT28 Toolset)

The PRIXMES malware toolkit provided advanced espionage and potential destructive capabilities by leveraging zero-day vulnerabilities, allowing attackers to steal sensitive data, maintain persistence, and disrupt high-value targets such as defense and government systems.

DarkSword iOS Exploit Chain

The DarkSword iOS exploit chain enabled silent, no-click compromise of iOS devices, allowing attackers to deploy malware without user interaction and potentially gain scalable, persistent access to millions of mobile devices. 

Date

New Flaws/Fixes

Summary

March 05, 2026

CVE-2026-20122

CVE-2026-20128

Cisco warned that attackers were actively exploiting newly discovered vulnerabilities in its Catalyst SD-WAN Manager software, which could allow unauthorized access, file overwrite, and exposure of sensitive information on affected systems.

March 10, 2026

CVE-2026-1603

The U.S. Cybersecurity and Infrastructure Security Agency warned that a recently patched vulnerability in Ivanti Endpoint Manager was being actively exploited by attackers to bypass authentication and potentially steal credential data from vulnerable systems.

March 11, 2026

CVE-2025-68613

The U.S. Cybersecurity and Infrastructure Security Agency ordered federal agencies to patch an actively exploited vulnerability in the n8n workflow automation platform that could allow attackers to execute remote code and potentially take full control of affected systems.

March 16, 2026

CVE-2025-47813

CISA warned that a vulnerability in Wing FTP Server was being actively exploited by attackers to disclose sensitive information and potentially aid further compromise of affected servers, urging organizations to patch immediately.

March 19, 2026

CVE-2025-66376

Russian APT28 hackers exploited a high-severity Zimbra vulnerability through stealthy phishing emails to gain remote code execution and steal credentials, session tokens, and mailbox data from targeted Ukrainian government systems.

March 20, 2026

CVE-2026-20131

CISA ordered federal agencies to urgently patch a maximum-severity vulnerability in Cisco Secure Firewall Management Center that could allow unauthenticated attackers to gain root access or execute code on affected systems, warning of the high risk of compromise if left unpatched.

March 23, 2026

CVE-2025-24200,

CVE-2025-24201,

CVE-2025-24202

CISA ordered federal agencies to urgently patch three Apple iOS vulnerabilities tied to the DarkSword exploit chain, which attackers had been actively using in real-world campaigns to steal sensitive data and conduct cyber-espionage operations.

March 26, 2026

CVE-2026-33017

The actively exploited Langflow vulnerability allowed attackers to achieve remote code execution, hijack AI workflows, and steal sensitive data such as credentials and database information from compromised systems.

March 29, 2026

CVE-2024-3027

The file-read vulnerability in the Smart Slider plugin allowed attackers to access sensitive files on affected WordPress sites, potentially exposing confidential data from over 500,000 installations.

News Type

Summary

Report

A wave of cyber operations targeted Iranian apps and websites after U.S.–Israeli strikes, with hackers compromising news sites and a popular religious app to spread anti-government messages while internet connectivity across Iran dropped sharply.

Warning

Canada’s cyber security agency warned that Iranian-linked hackers were very likely to target Canadian critical infrastructure such as water and energy systems in retaliation after Ottawa supported the U.S.–Israel military campaign against Iran.

Report

Security researchers reported a critical vulnerability in VMware Aria Operations that could allow attackers with limited access to escalate privileges and gain root-level control of virtual machines, putting enterprise virtual infrastructure at serious risk if left unpatched.

Warning

The UK’s National Cyber Security Centre warned that companies with operations or supply chains in the Middle East faced a heightened risk of cyber attacks from Iran-linked hackers and hacktivist groups amid escalating regional tensions.

Report

An investigation reported that thousands of Afghans whose personal data was accidentally leaked by the UK Ministry of Defence faced threats, violence, and fear of Taliban reprisals, while many said the British government had failed to properly support or relocate them after the breach.

Report

The Federal Bureau of Investigation confirmed it was investigating a breach involving systems used to manage surveillance and wiretap warrants after detecting suspicious activity on its internal network, though the agency said the issue had already been addressed and details remained limited. 

Warning

The Cybersecurity and Infrastructure Security Agency warned that three Apple iOS vulnerabilities were being actively exploited in spyware and cryptocurrency-theft campaigns using the Coruna exploit kit, urging U.S. federal agencies to patch affected devices.

Warning

The Federal Bureau of Investigation warned that cybercriminals were sending phishing emails impersonating U.S. city and county planning officials to trick individuals and businesses with land-use permit applications into paying fraudulent fees via wire transfers, peer-to-peer payments, or cryptocurrency.

Warning

Dutch intelligence agencies warned that Russian state-backed hackers had been running phishing campaigns to hijack Signal and WhatsApp accounts of government officials, military personnel, and journalists by tricking them into sharing verification codes or PINs to gain access to their private messages.

Report

Google reported that attackers increasingly breached cloud environments by rapidly exploiting newly disclosed vulnerabilities—often remote code execution flaws in third-party software—rather than relying mainly on weak credentials, with some attacks deploying cryptominers within 48 hours of disclosure.

Warning

Hewlett Packard Enterprise warned that multiple vulnerabilities in its Aruba Networking AOS-CX operating system could allow attackers to reset administrator passwords or exploit other flaws to gain elevated access and compromise affected network devices, prompting the company to release security patches.

Report

Attackers compromised Strykers Microsoft environment and remotely wiped tens of thousands of employee devices using legitimate management tools without deploying malware causing widespread operational disruption and forcing the company to shift to manual processes

Report

The UK’s Companies House confirmed that a security flaw in its WebFiling system had exposed sensitive business and director data for months by allowing logged-in users to bypass access controls and view or potentially alter company records.

Report

Researchers reported that the LeakNet ransomware group used ClickFix social engineering and the Deno runtime to execute fileless payloads in memory, helping attackers evade detection and quietly establish access for ransomware deployment.

Report

Researchers reported that crypto platform Bitrefill suffered a cyberattack attributed to North Korea’s Lazarus Group, which resulted in stolen funds and limited exposure of internal systems, though the company said it managed to contain the incident with minimal overall impact.

Warning

The FBI warned that Iran-linked Handala hackers were using Telegram as command-and-control infrastructure to deliver malware, steal data, and maintain access to compromised systems while coordinating attacks through the platform.

Report

The UK sanctioned the Xinbi crypto marketplace for enabling large-scale scam networks by facilitating the sale of stolen data, money laundering, and tools used in global online fraud operations.

Report

The phishing attack briefly compromised internal Dutch police systems, but it was quickly contained with limited impact and no evidence that citizens’ or investigative data was accessed.

Report

The UAE faced an intense surge of up to 700,000 cyberattacks daily driven by regional tensions and AI-powered threats, though most were detected and mitigated before causing major disruption.