Los Angeles Metro restricted access to its internal IT systems after detecting unauthorized activity, disrupting some passenger information services and TAP card reload options. While trains and buses continued to operate normally, riders were advised to use physical TAP kiosks while the agency investigates; ransomware.live listed Los Angeles as a target of the group “Worldleaks” on 2026-03-20. #LosAngelesMetro #Worldleaks #TAP
Category: Cyber Attack
Lucas County, Ohio reported a cybersecurity incident in mid-March 2026 that disrupted part of its network and took key public portals offline. External cybersecurity experts were engaged and the county implemented preventive measures, but the exact attack vector and whether data were compromised have not been disclosed. #LucasCounty #lucasohus
Intoxalock’s servers have been offline since March 14 following a cyberattack, preventing customers from calibrating their ignition interlock devices. The company is offering a ten-day recalibration extension and will cover direct towing fees, though the extension does not immediately apply in Arkansas, Massachusetts, Michigan, and Washington. #Intoxalock #IgnitionInterlockDevices
A threat actor known as Blastoize has posted a partial download of corporate documents from Knownsec, republishing material from a November 2025 breach that exposed over 12,000 classified files revealing offensive cyber tools, hardware attack vectors, global target lists, and government collaboration. The cache includes RAT source code for multiple platforms,…
A threat actor using the handle Shinchan claims to be selling the full user database for Daryn Online, Kazakhstanโs largest online education platform, allegedly exposing about 4 million user records totaling over 1 GB. The dataset reportedly includes names, birthdates, contact details, passwords and multiple authentication tokens that could enable account…
Threat actor Spirigatito claims to have breached Tanzania’s BRELA systems on February 4, 2026, exfiltrating 10.2 million records that include data on approximately 8 million individuals and multiple government and corporate registries. The actor is selling the stolen information via a custom marketplace that breaks the data into six curated databases…
Mir Vahid Hassantabar (Vahid Online) has been allegedly doxxed by the Handala Hack Team, which accuses him of acting as a mercenary under Israeli security direction. The group claims to have leaked Hassantabarโs identity details and a 180,000-member subscriber database with phone numbers, while threatening missile strikes and mass arrests via…
The Sinobi ransomware group claims to have breached multiple US-based organizations and updated its extortion portal to list alleged victims. Posted screenshots indicate network encryption, proof of access, and exfiltration of internal file shares, financial records including QuickBooks data, contracts, and system and security configurations. #Sinobi #InterpackNorthwest #SummaEnergy #Teco #McAfeeToolAndDie #EcoSoundBuilders…
On March 14โ15, 2026, the ICT infrastructure of Matten municipality was targeted in a cyberattack that disrupted systems and led to some files being encrypted. External experts and authorities were engaged to restore services, perform forensic analysis, and preserve evidence; no data was successfully stolen or published, and the encrypted files were recovered. #MattenMunicipality #mattench
Russell Cellular, a major U.S.-based Verizon Authorized Retailer with over 750 locations, has allegedly been compromised in a massive breach exposing more than 6.3 million customer records. The alleged 61 GB database spanning 209 tables is being offered for sale on a hacker forum for $1,200 and reportedly contains personal details,…
Giveth, a decentralized Ethereum donation platform, has allegedly been compromised, with an unauthorized party claiming to sell a database containing information on over 42,000 customers. The purported leak exposes extensive user profiles and on-chain transaction records, including names, emails and verification status, locations, social handles, avatar URLs and ENS names, wallet…
Koiride.com, an airport transfer and transportation provider, has reportedly been breached after an individual posted a database of 47 million records for sale for $1,000 on a cybercrime forum. The alleged leak contains extensive driver and passenger information including names, emails, phone numbers (including WhatsApp), physical addresses, vehicle and license details…
Rostova Organization, working with the Vect ransomware group, claims to have breached Usha International Limited and listed corporate and employee databases for sale on a dark web forum after alleging the company refused to negotiate a $10,000 extortion demand. The actors say the compromise includes personal, financial, employment and Active Directory…
Coopsana, a Colombian healthcare provider, is reported to have been breached after a threat actor listed a database of 1.1 million records on a hacker forum. The data allegedly includes patients’ full medical appointment histories and personal information and is being offered for sale for $350. #Coopsana #CoopsanaDatabase…
The Akira ransomware group claims to have breached Pilana Group (TRITCON), a Czech company with nearly 90 years of experience producing industrial knives and parts for the wood processing, recycling, and metalworking industries. Akira alleges it exfiltrated about 93GB of corporate files, including employee personal documents, client records, financial documents, contracts,…