Threats Tagged 'data-breach'

Healthcare technology company Xsolis, Inc. disclosed a data breach affecting approximately 1.4 million individuals. The breach resulted from a targeted phishing attack detected on January 22, 2026, which allowed unauthorized access to files containing personal and protected health information. Compromised data includes names, dates of birth, addresses, Social Security numbers, health insurance details, and medical treatment information. The company is not aware of any misuse of the stolen information. The incident was publicly disclosed in early June 2026 and added to the US Department of Health and Human Services data breach tracker.

Maine's official data breach notification portal allowed anyone to submit breach disclosures without verification, leading to fake breach reports being publicly posted. Notably, fraudulent notices impersonating Discord and VRChat were submitted, causing these companies to publicly deny the incidents. The portal has been taken offline while the Maine Attorney General's office reviews the situation. This lack of authentication in the submission process risks misinformation, reputational damage, and public panic.

Kodak confirmed a data breach involving unauthorized access to a limited amount of company data. The ShinyHunters extortion gang claimed responsibility, stating they stole over 2.2 million records containing customer personally identifiable information (PII) and internal corporate data. Kodak is investigating the incident with external cybersecurity experts and cooperating with law enforcement. The company has not disclosed how the attackers gained access or whether the internal network was breached. ShinyHunters has a history of targeting multiple organizations and extorting data. Kodak has not yet provided details on remediation or mitigation.

SoFi has confirmed a data breach involving unauthorized access to a database at a third-party vendor supporting its Hong Kong subsidiary, SoFi Securities (Hong Kong) Limited. The breach was discovered on April 30, 2026, and the investigation is ongoing, with the company not yet knowing the full scope or specific data exposed. SoFi has engaged a third-party cybersecurity firm to respond and has implemented additional safeguards and monitoring. Customers have been advised to remain vigilant for phishing and suspicious activity, update passwords, enable two-factor authentication, and monitor accounts closely. The company has not disclosed the number of affected customers or the identity of the vendor involved. Support contact information has been provided for affected customers.