Data Breach Roundup (Mar 20 - 26, 2026)
This week saw breaches from anime streaming service Crunchyroll, carmaker Mazda, cybersecurity company HackerOne, and a new hacker group called "Internet Yiff Machine." No, really.
This week saw breaches from anime streaming service Crunchyroll, carmaker Mazda, cybersecurity company HackerOne, and a new hacker group called "Internet Yiff Machine." No, really.
Following their shortening of the deadline to implement post-quantum encryption to 2029, Google today announced the “first phase” of its post-quantum transition.
French newspaper Le Monde was able to locate a French aircraft carrier in real time using publicly available profile information of a French Navy officer on the fitness app Strava.
The security and privacy-focused GrapheneOS stated in an X post that they will “remain usable by anyone around the world without requiring personal information, identification or an account.”
The Information reports that a cybersecurity incident classified as the second-highest severity level Sev 1 occurred due to an AI agent similar to OpenClaw.
Eleven companies have signed an accord to address the growing issue of “online scams and fraud,” with the notable exclusion of Apple.
Steam was used to spread malware via several games, and the FBI Seattle division has announced that they’re seeking information from those affected.
Once more from the "irony" department: an "identity protection" company falling for a phishing attack.
The Black Lotus Team at Lumen has discovered a new malware strain called KadNap that has been creating a botnet of Asus routers since at least August 2025.
This was a busy week for data breaches featuring Starbucks, Loblaw, DOGE, and many more.
Niantic spinoff, Niantic Spatial, used over 30 billion images taken by users of Pokemon Go to train its “visual positioning” system to help robots navigate the world.
Intel’s hardware-accelerated Fully-Homomorphic Encryption chip, Heracles, could bring fully E2EE server-side processing into viability.
The UK’s Companies House alerted the public of a security issue that allowed other users to access “dates of birth, residential addresses and company email addresses.”
Instagram has notified its users that it will no longer support E2EE after May 8, 2026, according to the support page for the feature.
While generation of malicious code, media, and phishing material are already making heavy use of AI, threat actors are “experimenting” with AI agents to automate decision making.
A lighter than normal week, but still we saw LexisNexis, a global paint maker, and more get hit, plus an update to the UH Cancer Center's breach.
Google Threat Intelligence Group has identified a “powerful exploit kit” targeting iPhones running iOS 13.0 to 17.2.1 used by a surveillance company and crypto-stealing sites.
A new quantum decryption algorithm called JVG could significantly reduce the amount of resources needed to decrypt classical RSA encryption that we’ve been relying on for decades.
TikTok told the BBC that it will not be rolling out end-to-end encrypted DMs, citing user safety as a concern.
According to a report by SVD, Meta’s Ray-Ban AI Smart Glasses have been sending sensitive recordings of people, including “bank details, sex and naked people,” to outsourced companies to review and annotate.
Oasis Security discovered a vulnerability in the popular OpenClaw agentic AI software that allows websites to silently bruteforce access to a locally running instance and take it over.