January 2026 Data Breaches (So Far)
08 Jan 2026
Top data breaches of January 2026
The year 2025 proved that attackers have advanced not just in terms of speed but also in the unpredictability of their attacks. They have become more organized, leveraging readily advanced AI-driven tools and subscription-based models to carry out massive campaigns.
With only a few days into January 2026, we are already witnessing some of the most consequential data breaches.
Let us explore some of the top data breaches of January 2026.
Top data breaches of January 2026
Victim: European Space Agency (ESA)
About
The European Space Agency is an amalgamation of 23 international organizations dedicated to space exploration. It is based in Paris and has a staff of over 3000 people.
Industry
Research
What happened?
The European Space Agency confirmed that it became a victim of a cyber attack that compromised its servers used for collaborative engineering solutions within the scientific community.
Impact
The nature and the quantity of data compromised are still under investigation. However, some breach forums have reported that over 200 GB of data was stolen, including API tokens, Bitbucket repositories, and source codes.
Source
Victim: Eros Elevators
About
Eros is a 1947-founded elevator manufacturing company that is based in India. It offers a range of installation, maintenance, and upgradation services for several types of elevators, including passenger, freight, hospital, home, and automobile elevators.
Industry
Manufacturing
What happened?
LockBit5 ransomware group targeted Eros Elevators. The cyber attack has caused a serious disruption to its data and operations.
Impact
The nature and quantity of the data compromised is still under investigation by cybersecurity experts.
Source
Victim: Sugawara Laboratories
About
Sugawara Laboratories is a Japan-based manufacturer and supplier of industrial measuring equipment, including strobe application devices, torque dynamometers, and bearing inspection systems.
Industry
Manufacturing
What happened?
The Quilin ransomware group disclosed that it targeted multiple organizations in its recent data leak website on January 2nd, 2026, including Sugawara Laboratories.
Impact
The nature and quantity of data compromised are still under investigation by cybersecurity experts.
Source
Victim: CSV Group
About
CSV Group is an Italy-based carpentry, painting, and fabrication services provider that specializes in providing structural and industrial metalwork services to industrial and civil sectors.
Industry
Manufacturing
What happened?
On January 2nd, 2026, the Quilin ransomware group disclosed on its data leak website that it targeted the CSV group and had stolen its information.
Impact
The nature and quantity of data compromised is currently under investigation.
Source
Victim: 3GH Informatica Integral
About
3GH Informatica Integral is a Spanish provider of services for data security and infrastructure management that specializes in custom services for medium and large organizations.
Industry
Technological services
What happened?
The Incransom ransomware group targeted 3GH Informatica Integral, threatening to publish its data unless its demands were met.
Impact
The data breach has compromised sensitive company data. However, the nature and quantity of data compromised is under investigation.
Source
Victim: Auforum AG
About
Auforum AG is a Switzerland-based provider of healthcare and rehabilitation supplies that include daily living aids, mobility aids, and care products.
Industry
Healthcare
What happened?
Auforum AG has become a victim of a ransomware attack for which the Quilin ransomware group has claimed responsibility through a post on a data breach forum.
Impact
Over 74 GB of data has been compromised in the data breach. The nature of the data compromised is under investigation.
Source
Victim: Collins computing
About
Collins Computing Inc. is a California-based accounting software solutions provider that specializes in offering cloud-based ERP solutions to organizations in the United States.
Industry
Software
What happened?
Collins Computing Inc. has become a victim of a data breach, which was carried out by the LockBit 5 ransomware group. The group has posted a data breach notice on its data leak website, threatening to leak its data unless the group’s demands are fulfilled.
Impact
The nature and quantity of the data that is compromised are still under investigation.
Source
Victim: Ledger
About
Ledger is a US-based manufacturer that manufactures products for storing, swapping, and managing digital assets. It is most known for its hardware wallet, which is used to keep crypto assets offline.
Industry
Manufacturer
What happened?
On January 5th, a researcher reported that the personal information of Ledger’s customers was compromised through a data breach of its payment processing vendor, Global-e.
Impact
The data breach has compromised personal information of 292000 customers, including 1.1 million email addresses, addresses, and phone numbers.
Source
Victim: Aero Fabrications
About
Aero Fabrications is a UK-based manufacturer of aerospace components for more than three decades. It has partnered with renowned companies like Airbus and BAE Systems.
Industry
Manufacturing
What happened?
Aero Fabrications discovered on 6th January that it became a victim of a ransomware attack carried out by the Interlock group.
Impact
The data compromised in the breach includes information about the company, its customers and employees. It includes confidential drawings and contract-related information of the company.
Source
Victim: Apex Spine and Neurosurgery
About
Apex Spine and Neurosurgery is a healthcare services provider that specializes in neurological treatment. It offers multiple options for treatment for patients in Atlanta and Georgia.
Industry
Healthcare
What happened?
Apex Spine and Neurosurgery became a target of a ransomware attack carried out by the Interlock ransomware group.
Impact
The data breach compromised over 12 GB of its sensitive data. The nature of the data compromised is under investigation.
Source
Victim: Health Bridge Chiropractic
About
About Health Bridge is a multispecialty hospital that offers orthopedic, chiropractic, and pain management-related services to patients across Philadelphia.
Industry
Health
What happened?
HealthBridge Chiropractic was targeted by the Qilin ransomware group through a ransomware attack on 6th January 2026 that compromised its systems and data.
Impact
The nature and quantity of data compromised is currently under investigation.
Source
Victim: M&M Auto Parts
About
M&M Auto Parts is a US-based autoparts manufacturer that caters to both individual and business automotive customers. It offers customers affordable replacement parts with over 150000 parts in stock.
Industry
Automotive
What happened?
M&M Auto Parts was targeted by the Shinobi ransomware group. The group has encrypted sensitive information and threatened to publish the information unless the demands are met.
Impact
The ransomware attack has compromised M&M AutoParts’ data. The nature and quantity of data compromised are under investigation.
Source
Victim: Brightspeed
About
Brightspeed is a United States-based telecommunications and internet service provider that offers a range of ultrafast and broadband internet plans without any annual contracts.
Industry
Telecommunications/Internet services
What happened?
Brightspeed has become a victim of a ransomware attack that was claimed by the Crimson Collective ransomware group.
Impact
The data breach has compromised the customer account/master records of more than one million residential users, including their names, emails, phone numbers, and service addresses.
Source
Victim: National Water Authority
About
The National Water Authority of Peru is a regulating authority for the sustainable and multisectoral management of the country’s water resources for its population.
Industry
Public sector
What happened?
The National Water Authority of Peru became a target of a ransomware attack. The Black Shrantac ransomware group has claimed responsibility for the attack.
Impact
The ransomware attack has compromised 2TB of sensitive information, including water resource management information, Hydrometeorological data, technical documents, permits, and project-related information involving risk management during floods, droughts, etc.
Source
Victim: Schneider Prototyping India Pvt. Ltd.
About
Schneider Prototyping India Pvt. Ltd. is a manufacturer of plastic and metal products for several industries, including automotive, aerospace, medical, and engineering. It is a part of Schneider International, a renowned German company known for its rapid prototyping services.
Industry
Manufacturing
What happened?
Schneider Prototyping India Ltd. was targeted by a ransomware attack that was carried out by the Black Shrantac ransomware group.
Impact
The ransomware has compromised 2TB of sensitive information, including finance data, CFO & COO data, the company’s internal data, and human resources and account-related data.
Source
Victim: Higham Lane School, Nuneaton
About
Higham Lane School is a Nuneton based secondary academy school that provides education to students aged eight to eighteen through dedicated facilities. It offers calasses for multiple subjects from English Literature to Business & Enterprise and Fine Art.
Industry
Education
What happened?
Higham Lane became a victim of a cyber attack that disrupted its IT systems, essential services, and communications.
Impact
The school had to shut down for some weeks due to unavailable systems and essential services for operation due to the attack.
Source
Victim: Prosura
About
Prosura is an Australian insurance company that offers insurance for rented vehicles, offering coverage for damage or theft of rented vehicles.
Industry
Insurance
What happened?
On January 3rd, Prosura discovered unauthorized access to a portion of its IT systems by an unknown third party.
Impact
The cyber attack has compromised information related to customer policies and claims, including contact information, travel destinations, invoicing, and pricing data.
Source
Victim: Cardiovascular Medical Group of Southern California
About
Cardiovascular Medical Group is a heart hospital that offers a range of specialized cardiovascular services and diagnostics. Their services include risk screening, consultation, and treatment-related services.
Industry
Healthcare
What happened?
CVMG became a victim of a ransomware attack that was orchestrated by the Shinobi ransomware group.
Impact
The data breach compromised CVMG’s data. The nature and quantity of data compromised is under investigation.
Source
Victim: Alpha Alternatives
About
Alpha Alternatives is an Indian asset management company that offers several investment solutons including liquid alts, illiquit alts, and beta++.
Industry
Finance
What happened?
The Shinobi ransomware group targeted Alpha Alernatives encrypting its data and threatening to publish it unless its demands were met.
Impact
The cyber attack compromised data, including financial data, confidential contract data, and other customer data. The number of people affected by the breach is under investigation.
Source
Victim: Fox Architects
About
FOX Architects is a Washington-based architectural firm that offers multiple interior design and architectural services to organizations from multiple sectors, including education, commercial, technology, and government.
Industry
Architectural services
What happened?
Fox Architects became a victim of a ransomware attack that was carried out by the Shinobi ransomware group, where the group stole and encrypted its data.
Impact
The cyber attack compromised its data. The nature and quantity of data stolen are under investigation.
Source
Victim: Manage My Health
About
Manage My Health is a New Zealand-based software solution provider that helps people to stay connected with their healthcare providers through its online portal and mobile application.
Industry
Software
What happened?
On 3rd January, Manage My Health reported that it discovered unauthorized access to its systems that could have compromised data.
Impact
The data breach compromised 400000 medical documents of 120000 patients, including sensitive data like hospital discharge summaries, referrals from specialists, and uploaded documents on the application.
Source
Victim: GBMME
About
Gulf Business Machines (GBM) is an IT solutions provider in the United Arab Emirates that specializes in offering technology, infrastructure, security, technical support services, and hybrid IT and cloud services.
Industry
IT
What happened?
GBMME became a victim of a ransomware attack that was orchestrated by the Incransom ransomware group.
Impact
The ransomware attack compromised 200 GB of data, including fiscal data, internal mail, and budgets.
Source
Victim: AZ Monica
About
AZ Monica is a Belgium-based healthcare services provider that offers services across Antwerp and Deurne.
Industry
Healthcare
What happened?
On January 13th, AZ Monica discovered unauthorized access to its systems. In response to the incident, it disconnected all its servers.
Impact
The cyber attack severely impacted the hospital’s operations, causing suspension of all scheduled procedures, disruption of its Emergency Department (MUG) and Intensive Care Unit (PIT), and postponement of all consultations. The nature and quantity of data stolen are under investigation.
Source
Victim: Victorian Department of Education
About
The Victorian Department of Education is a governmental department of Australia that was formed in 1933. It is responsible for the education of the state, specializing in offering services and support for the education of students and schools in the region.
Industry
Public sector
What happened?
The Department of Education Victoria reported that it became a victim of a cyber attack that compromised data.
Impact
The data breach compromised personal data, including school email addresses, student names, school names, and year levels.
Source
Victim: ICE and Border Patrol
About
ICE (Immigration and Customs Enforcement) and Border Patrol are federal law enforcement agencies for enforcing immigration laws, conducting criminal investigations, and preventing illegal immigration & smuggling. They come under the Department of Homeland Security.
Industry
Public sector
What happened?
Both agencies have become victims of an insider attack in which a whistleblower released sensitive information about ICE and Border Patrol employees.
Impact
The data breach compromised sensitive information of 4500 ICE and Border Patrol employees, including 2000 frontline enforcement agents. The information contains names, telephone numbers, resume data (of previous jobs), and work emails of employees.
Source
Victim: Betterment
About
Betterment is a New York-based company that offers financial services for digital investment, cash management, and retirement.
Industry
Fintech/investment services
What happened?
Betterment reported that threat actors gained access to some of its systems on January 9th by targeting its third-party platforms.
Impact
The attack has compromised the data of its customers, including names, email addresses, postal addresses, dates of birth, and phone numbers.
Source
Victim: Kan & Krishme
About
Kan & Krishme is an Intellectual Property Law firm that specializes in Patents, Designs, Copyright, and Trademarks. It was founded in 1989 in New Delhi.
Industry
Legal
What happened?
Kan and Krishme became victims of a ransomware attack that was orchestrated by the Sinobi group.
Impact
The nature and quantity of data compromised in the data breach are under investigation.
Source
Victim: Endesa
About
Endesa is a Spanish utility company for gas and electricity for more than 22 million clients in Spain and Portugal. It is owned by the Enel Group and is one of the three large companies in Spain in the energy sector.
Industry
Energy
What happened?
Endesa detected evidence of unauthorized access to the personal data of its customers related to their energy contracts.
Impact
The data breach has compromised personal data, including contact information, identification details, National Identity numbers (DNI), contract details, and payment details (like IBANs).
Source
Victim: Kyowon
About
Kyowon is a South Korea-based conglomerate that offers services focusing on education, culture, and hospitality. It offers a range of products and services from health appliances to hotel accommodations.
Industry
Consumer goods
What happened?
Kyowon reported that it discovered a ransomware incident that impacted its customer data in January.
Impact
The ransomware attack disrupted Kyowon’s 600 out of 800 servers and compromised the data of its customers. Data of over 5.5 million people has been compromised. The nature and quantity of data compromised are under investigation.
Source
Victim: McDonald’s India
About
McDonald’s India is a subsidiary of McDonald’s, a global fast food chain known for its fast food items. It opened its first restaurant in India in 1996 and has been operating through Hardcastle Restaurants Ltd. and Connaught Plaza Restaurant.
Industry
Fast food
What happened?
On 20th January, the Everest ransomware group exfiltrated sensitive data belonging to McDonald’s India. The threat actors have warned to release the data publicly unless their demands are met within the deadline in their post on a data breach forum.
Impact
The ransomware attack has compromised 861 GB of sensitive personal data of customers and company-related data.
Source
Victim: Nike
About
Nike is an Oregon-based apparel and equipment company focused on sports apparel. It offers a huge collection of sports equipment, accessories, and services.
Industry
Apparel
What happened?
Nike became a victim of a ransomware attack carried out by the Worldleaks ransomware group, which stole credentials and other information belonging to its employees and users.
Impact
The ransomware attack has compromised 481409 records, including the credentials of employees, affecting over 491,189 users.
Source
Victim: The Hyatt Place Chealsea New York
About
The Hyatt Place Chelsea New York hotel is a part of Hyatt, a Chicago-based chain of hotels and properties that manages and franchises luxury hotels and vacations. It operates 1350 hotels across more than 69 countries in Asia, Australia, North America, and South America.
Industry
Hospitality
What happened?
Nike became a victim of a ransomware attack carried out by the Worldleaks ransomware group, which stole credentials and other information belonging to its employees and users.
Impact
The ransomware attack compromised 48.5 GB of sensitive data. As per the ransomware group’s post on a data breach forum, the hotel’s VIP data, client data, and internal data have been compromised.
Source
Victim: Rogers Capital Mauritius
About
Rogers Group is a 1899-founded investment company that also specializes in other sectors like logistics, technology, real estate, and agribusiness. It has offices in over 13 countries worldwide.
Industry
Banking
What happened?
On 23rd January 2026, the Bank of Mauritius reported that Rogers Capital Credit suffered a data breach.
Impact
The data breach has compromised client records up to December 2022, including sensitive personal identification information like address and income, and financial information such as banking, credit, and civil status information.
Source
Victim: Lena Health
About
Lena Health is a technological solutions provider based in the United States. It is known for its digital health platform.
Industry
Healthcare
What happened?
The company became a victim of a cyber attack that was orchestrated by the FulcrumSec group.
Impact
The data breach compromised healthcare data belonging to 2,134 patients and 20000 recorded patient phone calls.
Source
Victim: Call on Doc
About
Call-on-Doc is a telemedicine service provider that offers patients across the US care and consultation services from certified doctors for 150 conditions.
Industry
Healthcare
What happened?
Call-On-Doc reported that it became a victim of a ransomware attack in which attackers exfiltrated information belonging to its patients.
Impact
The data breach has compromised 1144223 patient records, including patient codes, names, transaction numbers, Email addresses, medical categories, phone numbers, medical conditions, services prescribed, and paid amounts.
Source
Victim: Crunchbase
About
Crunchbase is a California-based database and analytics company that offers a comprehensive database of private and public companies using AI, company data, and contributions.
Industry
Data and analytics
What happened?
Crunchbase became a victim of a ransomware attack that was orchestrated by the ShinyHunters ransomware group.
Impact
The cyber attack compromised over 2 million records containing personal information. The nature of the information compromised is under investigation.
Source
Victim: Panera Bread
About
Panera Bread is a multinational chain of bakeries and casual restaurants across 2000 locations in the United States. It was founded in 1987 and is one of the biggest chains of bakery-style cafes in America.
Industry
Food
What happened?
Panera Bread became a target of a ransomware attack carried out by the ShinyHunters ransomware group.
Impact
The attack compromised 14 million records, including names, Email addresses, phone numbers, postal addresses, and account details.
Source
Victim: Bumble
About
Bumble is a company that is known for its online dating and social networking application. It had over 2.8 million paying users in 2025 and is one of the most popular dating applications in the United States.
Industry
Online dating
What happened?
Bumble became a victim of a ransomware attack that was orchestrated by the ShinyHunters ransomware group.
Impact
The ransomware attack compromised information related to member databases, direct messages, profiles, and member accounts.
Source
Victim: Match Group (Tinder, Hinge, OkCupid, and Match.com)
About
Match Group is a Dallas-based internet and technology company. It is the parent company of many popular online dating services, including Hinge, Tinder, OkCupid, and Match.com.
Industry
Online dating
What happened?
Match Group became a target of a ransomware attack that was carried out by the ShinyHunters ransomware group. The group gained access by stealing data from a compromised Okta SSO account.
Impact
The ransomware attack compromised 1.7 GB of company data, including 10 million records belonging to Match.com, Hinge, and OkCupid users.
Source
Victim: Philippine Savings Bank
About
The Philippine Savings Bank is a Bonifacio Global City-based bank that offers a range of banking and finance-related services. It is a subsidiary of Metrobank and is the largest bank in the Philippines.
Industry
Banking
What happened?
The Philippine Savings was targeted by a ransomware attack that was orchestrated by the Qilin ransomware group.
Impact
The ransomware attack compromised around 200 records belonging to 187 users, including their passwords.
Source
To be continued
We have already seen some of the most devastating data breaches at the beginning of 2026. Keep checking this space as we update our list of January’s Top data breaches just as we did in 2025, with a closer look at the top data breaches, how they happened, and their impact.
Note: Our list only highlights the breaches that have either occurred in 2026 or reported/disclosed in 2026. All breaches reported in previous years, as of 2026, will be excluded from the list.
