May 2026 Data Breaches (So Far)
30 Apr 2026
Major Cyber Attacks May 2026
As data breaches rise and impact operations across industries globally, organizations face increased pressure to secure their most valuable assets and maintain their security and compliance posture.
With attackers evolving their techniques using AI to come up with more sophisticated, undetectable, and persistent threats, organizations face an increased risk of disrupted operations, compromised data, and lost customer trust.
Let us look at some of the top data breaches of May 2026:
latest data breach news
As data breaches rise and impact operations across industries globally, organizations face increased pressure to secure their most valuable assets and maintain their security and compliance posture.
With attackers evolving their techniques using AI to come up with more sophisticated, undetectable, and persistent threats, organizations face an increased risk of disrupted operations, compromised data, and lost customer trust.
Let us look at some of the top data breaches of May 2026:
Victim: Delano Schools
About
Delano Schools is one of the most renowned schools in the public school district in Delano, Minnesota. It has 4 high schools with over 3000 students.
Industry
Education
What happened?
On 13th May, Delano Schools became a victim of a ransomware attack that forced it to temporarily shut down.
Impact
The nature and quantity of the data compromised is currently under investigation.
Source
Victim: Vietnamese Ministerial Agencies
About
The Vietnamese Ministries are appointed by the Government of Vietnam and headed by the Prime Minister of Vietnam. There are 14 ministries, 3 ministry-level agencies, and 5 other government-dependent agencies.
Industry
Public sector
What happened?
The National Cybersecurity Center detected malicious activity in two government agencies’ systems between 21st and 22nd May.
Impact
The nature and impact of the incident and the data compromised are currently under investigation.
Source
Victim: Bangkok Metropolitan Administration
About
The Bangkok Metropolitan Administration (BMA) is the local government of Bangkok, comprising two branches: the Governor of Bangkok and the Bangkok Metropolitan Council.
Industry
Public sector
What happened?
The BMA became a victim of a cyber attack that was carried out by the Krybit ransomware-as-a-service group.
Impact
The nature and quantity of data compromised and operations impacted are currently under investigation.
Source
Victim: Baker Distributing Company
About
Baker Distributing Company is a Jacksonville-based HVAC company that was founded in 1945. It is known for its HVAC/R equipment, parts, supplies, and services across more than 200 locations in 22 states.
Industry
HVAC
What happened?
Baker Distribution Company became a victim of a cyber attack that was carried out by the ShinyHunters ransomware group.
Impact
The cyber attack exposed around 260000 Salesforce CRM records, including customer and business contact data.
Source
Victim: BMJ Paperback
About
The British Medical Journal is a medical journal that is published by the BMJ Publishing Group Ltd. The journal was originally published in 1840 and is known for its highly researched articles and reports.
Industry
Publishing
What happened?
BMJ Paperback became a victim of a ransomware attack that was carried out by the Worldleaks ransomware group.
Impact
The nature and quantity of data exposed is currently under investigation.
Source
Victim: Branded Products
About
Branded Products is a Melbourne-based company that is known for its branding and merchandising services across Tasmania, the Northern Territory, and New Zealand.
Industry
Merchandising
What happened?
Branded Products became a target of a cyber attack that was carried out by the Qilin ransomware group.
Impact
The nature and quantity of data exposed is currently under investigation.
Source
Victim: Buffalo Niagara Convention Center
About
Buffalo Convention Center is a New York-based convention center that is known for hosting food events, comic cons, and job fairs.
Industry
Hospitality/ Events
What happened?
Buffalo Convention Center became a target of a ransomware attack carried out by the Akira ransomware group.
Impact
The nature and quantity of data compromised is currently under investigation.
Source
Victim: PNSB Insurance Brokers
About
Permodalan Negari Selangor Berhad (PNSB) Insurance Brokers Sdn Bhd is a Selangor-based insurance broking firm that was founded in 1983.
Industry
Insurance
What happened?
PNSB became a victim of a ransomware attack that was carried out by the Qilin ransomware group.
Impact
The nature and quantity of data compromised and the operations impacted are currently under investigation.
Source
Victim: Trump Mobile
About
Trump Mobile is a Florida-based mobile virtual network operator owned by T1 Mobile and founded in 2025.
Industry
Wireless telecommunications
What happened?
Trump Mobile reported that it is investigating a data breach linked to a third-party platform that may have exposed data of its users.
Impact
The data breach has exposed information of over 27000 potential buyers, including their names, phone numbers, email addresses, shipping addresses, and order numbers.
Source
Victim: Charter Communications
About
Charter Communications is a Connecticut-based telecommunications company that operates across over 41 states, with over 32 million customers in the United States. Apart from telecommunications, it also offers mass media services.
Industry
Telecommunications
What happened?
Charter Communications became a target of a ransomware attack orchestrated by the ShinyHunters ransomware group.
Impact
The nature and quantity of the data compromised is currently under investigation.
Source
Victim: Chanhassen Dinner Theatres
About
Chanhassen Dinner Theatres is a Minnesota-based entertainment complex that was founded in 1968. With a team of 300 employees, it hosts performances, shows, and other forms of live entertainment for audiences in Minnesota.
Industry
Entertainment
What happened?
Chanhassen Dinener Theatres was targeted by a cyber attack that disrupted its operations.
Impact
The cyber attack forced the company to cancel its performances. The nature and quantity of data stolen is currently under investigation.
Source
Victim: HDFC AMC
About
HDFC Asset Management Company is India’s largest mutual fund house that offers investment products to individuals and institutions. Through its wide network of 280 offices across 200 cities, it serves the multiple investment needs of its clients.
Industry
Financial
What happened?
On 17th May, HDFC AMC reported that it became a victim of a cyber attack on 16th May and activated its incident response protocols.
Impact
The cyber attack has resulted in a staggering 2.73 percent fall in its share value. The nature and quantity of the data compromised is currently under investigation.
Source
Victim: GitHub
About
GitHub is a San Francisco-based technology company that is known for its proprietary platform where developers can create, store, and manage their code.
Industry
Collaborative version control
What happened?
GitHub became a target of a cyber attack orchestrated by the Team PCP ransomware group.
Impact
The cyber attack has exposed around 4000 internal repositories. The nature and quantity of data exposed is currently under investigation.
Source
Victim: Grafana
About
Grafana is an open-source analytics and visualization web application that was developed and released by Grafana Labs in 2014. It supports multiple data sources, including Graphite, InfluxDB, and MySQL.
Industry
Software
What happened?
Grafana became a victim of a cyber attack that was carried out by the Coinbase Cartel ransomware group.
Impact
The nature and quantity of the data collected are currently under investigation.
Source
Victim: West pharmaceutical
About
West Pharmaceutical Services Inc. is a Philadelphia-based manufacturer known for its pharmaceutical packaging and delivery systems. It was founded in 1923 and is known for components and systems for injectable drug discovery and packaging.
Industry
Pharmaceuticals
What happened?
On 4th May, West Pharmaceutical Services Inc became a victim of a cyber attack. It immediately activated its incident response mechanisms.
Impact
The nature and quantity of data compromised is currently under investigation.
Source
Victim: Foxconn
About
Hon Hai Precision Industry Co. Ltd. is a Taipei-based manufacturer of electronic products for major American, Japanese, and Finnish companies. It is known for iPhone, Kindle, Nintendo, BlackBerry, and some Cisco products.
Industry
Electronics
What happened?
Foxconn’s North American facility got hit by a ransomware attack orchestrated by the Nitrogen ransomware group.
Impact
The ransomware attack has exposed over 8 TB of data, including 11 million files containing confidential information, internal project documentation, and technical drawings related to the project.
Source
Victim: Škoda Auto
About
Škoda Auto is a Czech Republic-based automobile manufacturer founded in 1896. It sells automobiles in over 100 countries worldwide, and has become a wholly owned subsidiary of the Volkswagen Group since 2000.
Industry
Automobile
What happened?
Škoda Auto became targeted by a cyber attack on its online shop that was orchestrated by exploiting a vulnerability in the online shopping platform’s software.
Impact
The cyber attack caused a temporary disruption of the online shop. Since the online shop stored a range of personal customer data, including names, postal addresses, phone numbers, email addresses, and account login credentials, it is highly likely that the attackers accessed them.
Source
Victim: Institute for the Dutch Language (INT)
About
The Den Haag Foreign Dutch is an organization that specializes in teaching Dutch to foreigners who are living and working in the Netherlands. It offers a range of beginner to advanced courses for learning the Dutch language.
Industry
Education
What happened?
On 5th May, the Institute for the Dutch Language was hit by a cyber attack that forced the organization to take down its frequently visited websites.
Impact
The nature and quantity of data compromised is currently under investigation.
Source
Victim: Ocean City Radio
About
Ocean City Radio is an independent radio station in Plymouth, England.
Industry
Radio/Media
What happened?
Radio Plymouth got hit by a cyber attack that disrupted its operations.
Impact
The financial loss due to the costs associated with the cyber attack forced Ocean City Radio to shut down on May 12.
Source
Victim: NVIDIA GeForce NOW data breach
About
NVIDIA is a California-based technology company that is known for its graphics processing, systems on chips (SoCs), and application programming interfaces. GeForce Now is a cloud gaming service that was launched in 2015.
Industry
Semiconductors
What happened?
NVIDIA GeForce NOW Alliance partner in Armenia was breached by a threat actor claiming to be from the ShinyHunters ransomware group.
Impact
The attack exposed the user database, including first name, email addresses, nicknames, usernames, dates of birth, membership details, 2FA status, internal roles, and other attributes. The quantity of data exposed is still under investigation.
Source
Victim: Harvard
About
Harvard is a Massachusetts-based research university that was founded in 1636. It is known for having some of the world’s billionaires in its alumni.
Industry
Education
What happened?
Harvard was among nearly 9000 institutions that were affected by the Canvas data breach.
Impact
The nature and quantity of data compromised is currently under investigation.
Source
Victim: Stanford
About
Stanford is a California-based private research university that was founded in 1885. It is known for its academic programs in Computer Science, Medicine, and Law.
Industry
Education
What happened?
Stanford was among nearly 9000 institutions that were affected by the Canvas data breach.
Impact
The nature and quantity of the compromised data are currently under investigation.
Source
Victim: UC Berkley
About
UC Berkley is a California-based research university that was founded in 1868. It is one of the original eight Public Ivy schools. It offers multiple schools of study on its campus, catering to over 45000 students.
Industry
Education
What happened?
UC Berkley is among the many institutions that were affected by the ransomware attack on Canvas that was orchestrated by the ShinyHunters ransomware group.
Impact
The nature and quantity of data compromised is currently under investigation.
Source
Victim: National University of Singapore (NUS)
About
The University of Singapore is a Clementi-based research university that was founded in 1980. It is known for its multi-disciplinary undergraduate and post-graduate degree programs.
Industry
Education
What happened?
The National University of Singapore was part of a massive Canvas data breach that impacted nearly 9000 educational institutions worldwide.
Impact
The nature and quantity of data compromised is currently under investigation.
Source
Victim: Government of Guam
About
The Government of Guam and its associated agencies offer multiple digital services to its citizens through their websites.
Industry
Public sector
What happened?
A critical zero-day vulnerability in cPanel was exploited by attackers to target the Government of Guam and its agencies’ websites.
Impact
The cyber attack has disrupted several gaum.govt websites. The nature and quantity of the compromised data are under investigation.
Source
Victim: San Diego Community College District
About
San Diego Community College District is a California-based college district that offers education to over 100000 students in the city. It is one of the largest college districts in California.
Industry
Education
What happened?
San Diego Community College became a victim of a cyber attack on 2nd May. The college’s IT team immediately responded to the incident.
Impact
The attack affected the district’s student portal, access to the internet, systems, and website. The nature and quantity of data compromised are under investigation.
Source
Victim: ALS
About
ALS Limited is a Brisbane-based technical services provider known for its inspection, certification, testing, and verification services. It was founded in 1863 and offers services across 65 countries.
Industry
Testing services
What happened?
ALS Limited discovered that an unauthorized third party gained access to its IT systems. It immediately activated its incident response protocols and informed the ACSC regarding the incident.
Impact
The cyber attack temporarily disrupted some of its operations. The nature and quantity of data compromised is still under investigation by the experts.
Source
Victim: Ubuntu/Canonical
About
Canonical is a London-based software company that is known for its Linux-based distribution that was developed through a community of contributors.
Industry
Computer software
What happened?
Canonical became a victim of a DDoS attack that was carried out by a group of hacktivists supporting the Iranian government. The attack was carried out using a Beamed, a DDoS-for-hire service sold on the dark web.
Impact
The attack caused a temporary outage of some of Canonical’s and Ubuntu’s websites.
Source
Victim: Trellix
About
Trellix is a California-based cybersecurity company that was founded in 2022. It is known for its hardware, software, and services for cybersecurity investigation, risk analysis, and protection against malicious software.
Industry
Cybersecurity
What happened?
Trellix discovered that attackers had gained unauthorized access to their code powering the company’s security tools and immediately engaged its incident response protocols to contain the threat.
Impact
Since the attackers gained access to the source code of Trellix’s products, they can use it to find weaknesses in Trellix solutions. The complete extent of damage caused by the attack is currently under investigation.
Source
Victim: Instructure Holdings Inc.
About
Instructure is a Salt Lake City-based edtech company that is known for its solutions and services for the education industry for learning, assessment, and credentialing. It was founded in 2008 and hosts the world’s biggest community of educators.
Industry
Edtech
What happened?
Instructure Inc. became a target of a ransomware attack that was orchestrated by the ShinyHunters ransomware group.
Impact
As per the listing on a darkweb forum, nearly 9000 schools have been affected by the data breach, with over 3.65 TB of data compromised, belonging to 275 million people, including students, teachers, and other staff.
Source
To be continued
In May, we saw how some of the most devastating data breaches impacted some of the biggest companies.
Keep checking this space as we update our list of May’s top data breaches with a closer look at how they happened and their impact.
Note: Our list only highlights the breaches that have either occurred in 2026 or reported/disclosed in 2026. All breaches reported in previous years, as of 2026, will be excluded from the list.
