April 2026 Data Breaches (So Far)
02 Apr 2026
latest data breach news
As data breaches rise and impact operations across industries globally, organizations face increased pressure to secure their most valuable assets and maintain their security and compliance posture.
With attackers evolving their techniques using AI to come up with more sophisticated, undetectable, and persistent threats, organizations face an increased risk of disrupted operations, compromised data, and lost customer trust.
Let us look at some of the top data breaches of April 2026:
Major Cyber Attacks April 2026
Victim: Vimeo
About
Vimeo is a New York-based video hosting company that was founded in 2004. It is known for its video-sharing, editing, and broadcasting platform.
Industry
Video hosting
What happened?
Vimeo became a target of a breach due to a cyber attack on Anodot, which is a business monitoring services provider. The attack was orchestrated by the ShinyHunters ransomware group.
Impact
The data breach has exposed technical data, video titles, metadata, and Vimeo user and customer data. The exact quantity and nature of data exposed is currently under investigation.
Source
Victim: ADT
About
ADT is a Florida-based security company that was founded in 1874. It was acquired by Apollo Global Management in 2016. It is known for its electronic security, fire protection, and other monitoring & alarm services.
Industry
Physical security
What happened?
ADT became a victim of a ransomware attack that was carried out by the ShinyHunters ransomware group.
Impact
The cyber attack exposed data belonging to 5.5 million people, including their names, addresses, and phone numbers.
Source
Victim: Medtronic
About
Medtronic plc is a Minnesota-based medical device manufacturing company that is known for its healthcare technologies. It is one of the largest medical device companies in the world by revenue, with over 90000 employees across 150 countries.
Industry
Medical Equipment
What happened?
Medtronic became a target of a ransomware attack orchestrated by the ShinyHunters ransomware group.
Impact
The ransomware attack exposed over 9000000 records, including personal information and corporate data.
Source
Victim: Rural Municipality of Gimli
About
The Rural Municipality of Gimli offers information and services to its residents on essential aspects like garbage/landfill, agendas/meetings, business directories, and employment opportunities.
Industry
Public sector
What happened?
The Rural Municipality of Gimli became a target of a cyber attack that impacted its systems. It is working with a security firm to investigate the incident.
Impact
The full nature and impact of the cyber attack are currently under investigation.
Source
Victim: Asian Football Confederation
About
The Asian Football Confederation is a supreme governing authority of football, futsal, and beach soccer in most countries and territories in Asia.
Industry
Sports
What happened?
The AFC became targeted by a cyber attack in which the attackers stole and posted highly sensitive and personal details of members on a dark web forum. It is one of the biggest data breaches in football history.
Impact
The cyber attack exposed the entire database of AFC players (including Cristiano Ronaldo), coaches, and other members, totaling 150,000 members. The exposed data includes passport scans, emails, contract details, and AFC registration files.
Source
Victim: Citizens bank
About
The Citizens Financial Group is a Rhode Island-based bank holding company that was founded in 1828. It operates across multiple states in the U.S., including Connecticut, Maryland, Michigan, and Florida.
Industry
Banking
What happened?
The Citizens Bank became a victim of a data breach due to a cyber attack on a third-party company.
Impact
The data exposed includes customers’ names, addresses, and account numbers belonging to 3.5 million customers.
Source
Victim: Rituals
About
Rituals is an Amsterdam-based cosmetic company that was founded in 2000. It is known for its range of cosmetic products, including those for bath, shower, body care, hair, hands, and feet.
Industry
Cosmetics
What happened?
Rituals disclosed on 22nd April that it became a victim of a breach, and it undertook immediate measures for containment.
Impact
The personal data exposed includes full name, email address, phone number, dates of birth, gender, and home address.
Source
Victim: Sri Lanka Finance Ministry
About
The Ministry of Finance is the maker and implementer of fiscal policy in Sri Lanka. It is responsible for the coordination of fiscal policies, taxation, preparation of the nation’s budget, and financial control.
Industry
Public sector
What happened?
The Ministry of Finance became a target of a cyber attack that compromised some of its systems.
Impact
The cybercriminal siphoned over $2.5 million through the hack. It had a massive negative impact, especially when the country is recovering from a 2022 economic crisis.
Source
Victim: Autovista
About
Autovista is a United Kingdom-based data analytics provider for the automotive sector in Europe. It is known for its advanced data analytics on aspects like vehicle valuations, specifications, and market trends.
Industry
Data analytics
What happened?
Autovista became a victim of a ransomware attack that affected its systems and data in Europe and Australia. The company is working with experts to investigate the impact of the attack.
Impact
The attack disrupted data-driven applications across Eurotax, Schwacke, Glass’s, and Rødboka in Europe and Australia. The nature and quantity of data compromised is currently under investigation.
Source
Victim: Inditex – Zara
About
Industria de Diseño Textil, or Inditex, is a Galicia-based multinational clothing company. It operates over 7200 stores across 93 markets worldwide. It is known for its brands Zara, Bershka, Oysho, Pull&Bear, and Stradivarius.
Industry
Apparel
What happened?
Inditex became a victim of a ransomware attack that was carried out by the ShinyHunters ransomware group.
Impact
The ransomware group has claimed to have stolen over 9 million records, including sensitive PII and internal data. The complete nature and extent of the impact is under investigation.
Source
Victim: 7-Eleven
About
7-Eleven is a Texas-based chain of convenience stores that is a subsidiary of Seven Eleven Japan. It was founded in 1927 and is known for its convenience foods, beverages, and gasoline sold across its stores.
Industry
Retail
What happened?
7-Eleven became a target of a ransomware attack orchestrated by the ShinyHunters ransomware group.
Impact
The ransomware group has claimed to have stolen over 600000 Salesforce records, including PII and other internal corporate data.
Source
Victim: Carnival Corporation
About
Carnival Corporation is a Panama-based cruise line operator that was founded in 1972. It owns over 90vessels across eight brands and operates from headquarters in the U.S. and the U.K.
Industry
Hospitality/Tourism
What happened?
The Carnival Corporation became a victim of a ransomware attack that was carried out by the ShinyHunters ransomware group.
Impact
The ransomware group has claimed to have stolen over 8.7 million records, including PII and internal corporate data.
Source
Victim: KelpDAO
About
KelpDAO (Kelp Decentralized Autonomous Organization) is a platform that lets members buy and sell crypto assets automatically. It was founded by Kelp Labs Ltd., a private blockchain technology startup that created the Kelp protocol.
Industry
Cryptocurrency
What happened?
On 18th April, KelpDAO reported that it detected suspicious activity that forced it to pause its operations and rsETH contracts. rsETH is a token that helps users stake ETH or liquid staking tokens while maintaining liquidity.
Impact
The attack impacted multiple platforms that depend on KelpDAO, causing a financial loss of $292 million to the company.
Source
Victim: Seiko
About
Seiko is a Japanese watchmaker that was founded in 1881 in Tokyo. It is known for its wristwatches, clocks, semiconductors, and electronic devices, and the world’s first commercial quartz wristwatch.
Industry
Watchmaking
What happened?
Attackers hacked SEIKO’s USA website and posted a ransom note on the Press Lounge section. The ransom note contained the details of the data stolen and the ransom.
Impact
As per the attackers’ data breach notification, the data exposed includes names, email addresses, phone numbers, purchase records, transaction details, shipping references, account creation data, and customer notes.
Source
Victim: Minidoka
About
Minidoka Memorial Hospital is a Minidoka County-based not-for-profit hospital that was founded in 1960 to offer the residents of the county access to general and personalized healthcare services.
Industry
Healthcare
What happened?
On 5th April (Easter), Minidoka Memorial Hospital was hit by a cyber attack that impacted some of its systems and operations.
Impact
The nature and quantity of data compromised is currently under investigation. The hackers have claimed to have stolen access keys, source codes, API keys, credentials to internal deployments, and database data.
Source
Victim: Amtrak
About
The National Railroad Passenger Corporation, or Amtrek AMTK, is an American railroad company that was founded in 1971. It operates across all the states except South Dakota and Wyoming.
Industry
Railroad
What happened?
Amtrek became a victim of a ransomware attack that was carried out by the ShinyHunters ransomware group.
Impact
The attack has exposed over 2.1 million records containing email addresses, names, physical addresses, and support tickets.
Source
Victim: Kemper Corporation
About
Kemper Corporation is a Chicago-based insurance provider that was founded in 1990. It offers car insurance, commercial auto, business, life, and other insurance products. The Kemper family has become one of the leading insurance providers in the United States with approximately $12 billion in assets.
Industry
Insurance
What happened?
Kemper Corporation was targeted by a ransomware attack that was carried out by the ShinyHunters ransomware group.
Impact
The ransomware attack exposed over 29GB of data containing over 13 million records, including PII and other corporate data.
Source
Victim: BePrime
About
BePrime is a cybersecurity company based in Mexico serving some of the largest companies in Latin America, like Starbucks, Iberdrola, Arcelor Mittal, and Whirlpool.
Industry
Cybersecurity
What happened?
On April 20th, a cybercriminal posted BePrime’s data on a data breach forum by infiltrating the admin accounts that lacked MFA. The attacker found API keys through the access and took control of 1858 network devices and over 2600 connected devices.
Impact
The data exposed includes 12.6 GB of data, including credentials in plaintext, transaction records, security audit reports, and live surveillance camera access. The data breach exposed its clients, including Iberdrola (a large Spanish energy provider), Whirlpool, and Alsea (the Latin American restaurant operator that runs outlets of Domino’s, Starbucks, and Vips).
Source
Victim: Canada Life Assurance Company
About
Canada Life Assurance Company is a Winnipeg-based company that is known for its insurance and financial services. It was formed in 1891 and is one of the largest insurance companies in Canada.
Industry
Financial services
What happened?
The company became a victim of a ransomware attack that was orchestrated by the ShinyHunters ransomware group.
Impact
The ransomware group has claimed to have exposed over 5.6 million records, including PII.
Source
Victim: France Titres
About
France Titres, or the National Agency for Secure Documents, is a government agency that offers multiple services for the secure issuance and management of documents. It operates under the French Ministry of Interior and is responsible for the management of official identity and registration documents in France, including passports, ID cards, and driver’s licenses
Industry
Public sector
What happened?
On 15th April, France Titres detected suspicious activity in its systems that exposed data from individual and professional accounts.
Impact
The data exposed includes full name, email address, Login ID, Postal address, place of birth, phone number, date of birth, and unique account identifier.
Source
Victim: Vercel
About
Vercel is a San Francisco-based cloud application company that was founded in 2015. It is known for its developer tools, cloud infrastructure solutions, and open-source library for AI product development.
Industry
Edge computing/Web hosting
What happened?
Vercel identified a security incident on 19th April 2026 that involved unauthorized access to Vercel’s systems. Upon investigation, it was found that it was caused by the compromise of Context.ai, a third-party tool used by Vercel.
Impact
The nature and quantity of data compromised is currently under investigation. The hackers have claimed to have stolen access keys, source codes, API keys, credentials to internal deployments, and database data.
Source
Victim: Autovista
About
Autovista is a United Kingdom-based data analytics provider for the automotive sector in Europe. It is known for its advanced data analytics on aspects like vehicle valuations, specifications, and market trends.
Industry
Data analytics
What happened?
Autovista became a victim of a ransomware attack that affected its systems and data in Europe and Australia. The company is working with experts to investigate the impact of the attack.
Impact
The attack disrupted data-driven applications across Eurotax, Schwacke, Glass’s, and Rødboka in Europe and Australia. The nature and quantity of data compromised is currently under investigation.
Source
Victim: Inditex – Zara
About
Industria de Diseño Textil, or Inditex, is a Galicia-based multinational clothing company. It operates over 7200 stores across 93 markets worldwide. It is known for its brands Zara, Bershka, Oysho, Pull&Bear, and Stradivarius.
Industry
Apparel
What happened?
Inditex became a victim of a ransomware attack that was carried out by the ShinyHunters ransomware group.
Impact
The ransomware group has claimed to have stolen over 9 million records, including sensitive PII and internal data. The complete nature and extent of the impact is under investigation.
Source
Victim: 7-Eleven
About
7-Eleven is a Texas-based chain of convenience stores that is a subsidiary of Seven Eleven Japan. It was founded in 1927 and is known for its convenience foods, beverages, and gasoline sold across its stores.
Industry
Retail
What happened?
7-Eleven became a target of a ransomware attack orchestrated by the ShinyHunters ransomware group.
Impact
The ransomware group has claimed to have stolen over 600000 Salesforce records, including PII and other internal corporate data.
Source
Victim: Carnival Corporation
About
Carnival Corporation is a Panama-based cruise line operator that was founded in 1972. It owns over 90vessels across eight brands and operates from headquarters in the U.S. and the U.K.
Industry
Hospitality/Tourism
What happened?
The Carnival Corporation became a victim of a ransomware attack that was carried out by the ShinyHunters ransomware group.
Impact
The ransomware group has claimed to have stolen over 8.7 million records, including PII and internal corporate data.
Source
Victim: KelpDAO
About
KelpDAO (Kelp Decentralized Autonomous Organization) is a platform that lets members buy and sell crypto assets automatically. It was founded by Kelp Labs Ltd., a private blockchain technology startup that created the Kelp protocol.
Industry
Cryptocurrency
What happened?
On 18th April, KelpDAO reported that it detected suspicious activity that forced it to pause its operations and rsETH contracts. rsETH is a token that helps users stake ETH or liquid staking tokens while maintaining liquidity.
Impact
The attack impacted multiple platforms that depend on KelpDAO, causing a financial loss of $292 million to the company.
Source
Victim: Seiko
About
Seiko is a Japanese watchmaker that was founded in 1881 in Tokyo. It is known for its wristwatches, clocks, semiconductors, and electronic devices, and the world’s first commercial quartz wristwatch.
Industry
Watchmaking
What happened?
Attackers hacked SEIKO’s USA website and posted a ransom note on the Press Lounge section. The ransom note contained the details of the data stolen and the ransom.
Impact
As per the attackers’ data breach notification, the data exposed includes names, email addresses, phone numbers, purchase records, transaction details, shipping references, account creation data, and customer notes.
Source
Victim: Minidoka
About
Minidoka Memorial Hospital is a Minidoka County-based not-for-profit hospital that was founded in 1960 to offer the residents of the county access to general and personalized healthcare services.
Industry
Healthcare
What happened?
On 5th April (Easter), Minidoka Memorial Hospital was hit by a cyber attack that impacted some of its systems and operations.
Impact
The cyber attack caused partial disruption of its imaging services and the transfer of emergency patients. The attackers have claimed to have stolen 576.6 GB of data.
Source
Victim: Grinex
About
Grinex is a Kyrgyzstan-based cryptocurrency exchange that facilitates transactions for individuals and businesses in Russia. It is a successor of a cryptocurrency exchange, Garrantex.
Industry
Cryptocurrency
What happened?
Grinex became a victim of a cyber attack. Upon investigation, it was found that it was carried out by a state-sponsored threat group.
Impact
The attack forced Grinex to suspend its operations and caused a financial loss of over $13million. It paused trading, with users unable to access their funds.
Source
Victim: Spring Lake Park School
About
Spring Lake Park School District is a Minnesota-based school district that serves more than 5500 students through 12 schools.
Industry
Education
What happened?
Spring Lake Park School got hit by a ransomware attack on 13th April that forced it to shut down. The school district immediately activated its incident response systems to quickly contain the incident.
Impact
The attack caused significant disruption in the district’s operation, forcing the school district to shut down its systems, which led to the cancellation of classes and school activities.
Source
Victim: Education Authority Ireland
About
The Education Authority is a non-departmental body funded by the Department of Education Northern Ireland that was formed in 2015.
Industry
Public sector
What happened?
The Education Authority of Northern Ireland discovered suspicious activity on school systems. Upon investigation, it was found that there was unauthorized access to personal information linked to specific schools.
Impact
The cyber attack had impacted operations and exposed data across 1060 schools. The exact nature and quantity of data exposed is currently under investigation.
Source
Victim: McGrew Hill
About
McGraw-Hill is an Ohio-based educational publishing company known for educational publications, software, and services to K-12 and higher education. It is a known name among students and educators.
Industry
Publishing
What happened?
McGraw-Hill identified unauthorized access to its systems. It was found upon investigation that the hackers exploited misconfigurations in the Salesforce environment and accessed the company’s internal data. The ShinyHunters ransomware group claimed responsibility for the attack.
Impact
Around 45 million Salesforce records have been exposed, including personally identifiable information
Source
Victim: Rockstar games
About
Rockstar Games is a New York-based video game publishing company that was founded in 1998. It is known for its action-adventure games. It operates through more than 12 studios worldwide in countries including Canada, Scotland, London, and India.
Industry
Video games
What happened?
Rockstar Games became a victim of a ransomware attack that was orchestrated by the ShinyHunters ransomware group.
Impact
The attackers have leaked 78.6 million records, including business and financial data. The exact nature and quantity of data exposed is currently under investigation.SongTrivia2
Source
Victim: Booking.com
About
Booking.com is a Netherlands-based online travel agency that was founded in 1996. It offers lodging reservation services for over 3.4 million properties across over 200 countries.
Industry
Hospitality
What happened?
Booking.com became a victim of a data breach that exposed the data of its customers. On 12th April, it notified its customers that their reservation details were compromised in a breach.
Impact
The data exposed in the breach includes reservation details like full names, addresses, booking dates & details, email addresses, phone numbers, and extra notes/requests made to hotels.
Source
Victim: Basic-Fit
About
Basic-Fit is one of the largest gym chains in Europe with over 1600 clubs. It runs a membership-based model offering its members multiple benefits across all its clubs. It also provides a dedicated Fitness app for its members.
Industry
Fitness
What happened?
Basic-Fit became a target of a cyber attack that compromised the data of its customers. The unauthorized access was detected and contained within minutes of discovery.
Impact
The data exposed in the breach exposed data of 200,000 members in the Netherlands and bank details of 1000000 members.
The company has informed that units across multiple countries have been affected by the attack.
Source
Victim: Brockton Hospital
About
Signature Healthcare Brockton Hospital is a Massachusetts-based hospital that was established in 1897 as a not-for-profit community teaching hospital. It is the oldest and largest facility in Brockton.
Industry
Healthcare
What happened?
Signature Healthcare Brockton Hospital became a victim of a ransomware attack that was orchestrated by the Anubis ransomware group.
Impact
The cyber attack impacted the hospital’s information systems, with the emergency room placed on diversion and ambulances sent to alternative facilities. There were delays in services and patient care.
Source
Victim: Winona County
About
Winona County offers its residents comprehensive information on the agendas and minutes of all board and commission meetings, recycling programs, grievances, and online services.
Industry
Public sector
What happened?
Winona County became a victim of a data breach that forced it to take its main network offline. It is working with the Fifteen Minnesota National Guard IT experts for recovery from the cyber attack. It is the second cyber attack targeting the county in three months.
Impact
The attack forced the county to take its network offline. The nature and quantity of data compromised is currently under investigation.
Source
Victim: ChipSoft
About
ChipSoft is a Netherlands-based software firm that is known for its healthcare software that supports healthcare professionals in efficiently providing care to patients. It offers patient record software to most facilities in the country.
Industry
Healthcare
What happened?
On April 7th, ChipSoft’s website went down, and Z-CERT confirmed that the company had been targeted by a ransomware attack.
Impact
The attack has disrupted ChipSoft’s public-facing services. The complete impact of the cyber attack and the data compromised is currently under investigation.
Source
Victim: Hong Kong Hospital Authority
About
Hong Kong Hospital Authority is a supreme body that governs all the government hospitals and institutes in Hong Kong. It was established in 1990 and has over 43 public hospitals.
Industry
Healthcare
What happened?
The Hospital Authority’s monitoring system detected unauthorized access to patient information and a leak on a third-party platform.
Impact
The data breach has exposed patient data and personal data of over 56000 patients, including their names, genders, dates of birth, dates of visits, and surgical procedure details.
Source
Victim: Mercor
About
Mercor is a California-based Artificial Intelligence company that offers experts to train AI models and chatbots. It was founded in 2023, and its customers include OpenAI and Anthropic.
Industry
Artificial Intelligence
What happened?
Mercor reported that in April, its open source project LiteLLM, which was created by Berrie AI, was breached.
Impact
The data exposed includes Slack data and videos of conversations between Mercor’s contractors and the AI system.
Source
Victim: Gritman, Mosco, and Idaho
About
Gritman is a Madison-based healthcare provider that offers multiple services, including acute care, joint replacement, and telehealth services. It also offers technology for analytics, remote monitoring, and robotic surgery.
Industry
Healthcare
What happened?
Gritman, Idaho, and Mosco became targets of a ransomware attack that caused a massive outage across its clinics in multiple locations.
Impact
The cyber attacks forced the outage of systems and the closure of several offices and clinics. The complete extent of impact is currently under investigation.
Source
Victim: SongTrivia2
About
SongTrivia Inc. is an interactive entertainment and gamified marketing company that was founded in 2018 in Seattle. It is known for its gaming software SongTrivia 2, which is a multiplayer music knowledge game that is synced with multiple streaming platforms.
Industry
Entertainment
What happened?
In April, SongTrivia Inc. discovered that it had become a victim of a ransomware attack and that its data had been published on a data breach forum.
Impact
The data breach has exposed data from 291700 accounts, including their auth tokens, email addresses, avatars, names, passwords, and usernames.
Source
Victim: Alamo Heights School District
About
Alamo Heights is a Texas-based K-12 public school district that serves comprehensive education to students. It focuses on character development and holistic education of students.
Industry
Education
What happened?
Center for Hearing and Communication became a victim of a ransomware attack that was orchestrated by the Interlock group.
Impact
The nature and quantity of data exposed is currently under investigation.
Source
Victim: North Attleboro Public Schools
About
North Attleboro Public Schools is a Massachusetts-based public schools chain that serves K-12 students.
Industry
Education
What happened?
North Attleboro Public Schools discovered suspicious activity on its network, which was confirmed by experts as a a cybersecurity incident.
Impact
The nature and impact of the cyber attack are currently under investigation.
Source
Victim: Drift Protocol
About
Drift Protocol is a United States-based company founded in 2021, known for its future and options trading solution for cryptocurrency.
Industry
Financial
What happened?
On April 1st, Drift Protocol discovered unusual activity on its systems. An investigation revealed that the attack was well-planned in advance ( for at least six months).
Impact
The attack caused a financial loss of over $280 million in user assets. The quantity and nature of information exposed are under investigation.
Source
Victim: The Center for Hearing & Speech
About
Center for Hearing and Speech is a healthcare provider that offers advanced care to patients with hearing loss. It offers a range of comprehensive services for the care of people affected by hearing loss and other listening challenges.
Industry
Healthcare
What happened?
Center for Hearing and Communication became a victim of a ransomware attack that was orchestrated by the Interlock group.
Impact
The nature and quantity of information compromised is currently under investigation.
Source
Victim: National Aerospace Fasteners
About
NAFCO is a Taiwan-based manufacturer of aerospace and industrial fasteners that utilizes advanced technology to produce high-quality fasteners that meet global demands. It is one of the major suppliers to the global aerospace fastener market with over 1000 employees.
Industry
Manufacturing
What happened?
NAFCO became a target of a ransomware attack that was carried out by the Worldleaks ransomware group.
Impact
The nature and quantity of data compromised is currently under investigation.
Source
Victim: Adobe
About
Adobe is a California-based software company that was founded in 1982. It is known for its web design, vector creation, photo editing, and audio & video software. It has major development operations in Newton, Seattle, San Francisco, and Austin.
Industry
Software
What happened?
A threat actor who goes by the name Mr. Racoon has claimed responsibility for the data breach involving a huge quantity of sensitive corporate and customer data.
Impact
The data breach has exposed 13 million customer support tickets, 15000 employee records, internal company documents, and Adobe’s bug bounty program submissions.
Source
Victim: Middlesex County
About
Middlesex County offers multiple services to its citizens, from filing road concern/, tax appeal/environmental complaints to offering them information about recycling practices, parks, and wills.
Industry
Public sector
What happened?
Middlesex County became a victim of a cyber attack on 1st April 2026 that impacted its town and public safety systems.
Impact
The nature and quantity of data compromised are under investigation.
Source
To be continued
In March, we saw how some of the most devastating data breaches impacted some of the biggest companies.
Note: Our list only highlights the breaches that have either occurred in 2026 or reported/disclosed in 2026. All breaches reported in previous years, as of 2026, will be excluded from the list.
Note: Our list only highlights the breaches that have either occurred in 2026 or reported/disclosed in 2026. All breaches reported in previous years, as of 2026, will be excluded from the list.
