The week in breach news

April 29, 2026

Last week, a major ransomware campaign came to light, exposing more than 40 organizations across the retail, insurance and hospitality sectors. Meanwhile, cyberattacks continue to target Europe, with the NCSC warning U.K. businesses about nation-state threats, Germany probing phishing attacks targeting high-profile individuals and cosmetics giant Rituals potentially exposing the data of 41 million customers.

North America

Carnival Corporation

Industry: Hospitality & Leisure Exploit: Ransomware & Malware

The world’s largest cruise company, Carnival Corporation, confirmed a ransomware attack that reportedly exposed 8.7 million records from its subsidiary Holland America Line. Alarmingly, this appears to be part of a much broader campaign, with over 40 organizations worldwide reportedly breached by the same ransomware group, exposing millions of records and terabytes of internal data.

More than 40 organizations, including major retailers, insurers and hospitality firms, have been listed on the ShinyHunters ransomware group’s data leak site. The affected entities include Carnival Corporation, Mytheresa, Pitney Bowes, The Canada Life Assurance Company, Hallmark and Inditex, the parent company of Zara. The exposed data reportedly contains personally identifiable information (PII), customer records, transaction histories and large volumes of internal corporate data.

The ransomware group’s listings date back to January 23, 2026, with new victims added as recently as last week. According to them, the stolen data will remain publicly available unless ransom demands are met.

Source

How it could affect your business

Ransomware attacks continue to grow in both scale and complexity, with threat actors targeting multiple organizations simultaneously. Such large-scale data exposures can fuel targeted and spear phishing campaigns, extending the impact beyond the initial breach. Raising user awareness is critical to identifying suspicious activity early and reducing the risk of further compromise.

United Kingdom

UK businesses

Industry: Government & Public Sector Exploit: Nation-State

The head of the U.K.’s National Cyber Security Center (NCSC) has urged businesses in the UK to strengthen their defenses, warning that the country could face large-scale cyberattacks from nation-state actors.

Richard Horne, chief executive of the NCSC, said that while ransomware remains a common threat, many of the most serious incidents now originate directly or indirectly from nation states such as China, Iran and Russia. He also warned that advances in AI are expected to accelerate attacks by enabling faster vulnerability discovery, even as the technology can help improve defenses.

In recent months, authorities in Sweden, Poland, Denmark and Norway have all issued warnings about nation-state actors targeting critical infrastructure, underscoring the growing scale of the threat.

Source

How it could affect your business

Nation-state attacks are increasing globally, placing organizations, especially those in critical infrastructure sectors, at heightened risk of disruption and data compromise. To stay resilient, organizations must strengthen their defenses with continuous proactive monitoring, robust access controls and business continuity and disaster recovery (BCDR) strategies to detect and respond to advanced threats early.

Europe

German public officials

Industry: Government & Public Sector Exploit: Nation-State

In another nation-state-linked incident, the German government suspects a series of phishing attacks targeting high-ranking politicians, military personnel and journalists through the Signal messaging platform.

On April 25, a spokesperson for federal prosecutors confirmed that a preliminary investigation has been underway since mid-February 2026. According to reports, targeted individuals received messages from a fake Signal security chatbot warning of suspicious activity and prompting urgent action. Those who followed the instructions, such as entering a PIN or scanning a QR code, unknowingly linked their accounts to devices controlled by the attackers.

While the German government has not officially attributed the attacks, reports suggest Russia may be behind the campaign. Around 300 Signal accounts belonging to individuals within political circles have reportedly been compromised.

Source

How it could affect your business

Fake security chatbots are an emerging threat, mimicking trusted platforms to trick users into handing over access or credentials. Organizations and individuals should verify security alerts through official channels, avoid acting on unsolicited messages and enable strong authentication methods to prevent unauthorized account access.

Europe

Rituals

Industry: Retail Exploit: Hacking

Netherlands-based cosmetics giant Rituals confirmed a major data breach affecting customer personal information after hackers compromised its membership database, potentially impacting its 41 million customers.

On April 22, the company notified customers of the incident, stating it had identified an unauthorized download of member data earlier in the month. The exposed information includes full names, dates of birth, gender, postal and email addresses, phone numbers, preferred store locations and account types. The breach affects customers across the UK, Europe and the U.S.

The company has not yet provided a detailed timeline of the incident or confirmed the exact number of individuals affected.

Source

How it could affect your business

Retailers are prime targets for cybercriminals due to the vast amount of customer data they store, making breaches highly valuable for further exploitation. To reduce risk, organizations should enforce strong access controls, regularly audit data access, monitor for unusual activity and limit the amount of sensitive information stored to minimize potential exposure.

United States

Seiko USA

Industry: Manufacturing Exploit: Hacking

The Seiko USA website was defaced by threat actors, who displayed a message claiming they had stolen its Shopify customer database and threatened to leak it unless a ransom was paid.

Last week, visitors to the “Press Lounge” section of the site were shown a page titled “HACKED,” replacing normal content with what appeared to be a ransom demand and breach notice. The message claimed attackers had accessed the company’s Shopify backend and exfiltrated customer data, including order history, shipping details and account information.

While Seiko USA has not publicly confirmed the incident, the company has since removed the defacement message from its website.

Source

How it could affect your business

Exposure of customer purchase history and account details can enable highly targeted phishing campaigns that appear legitimate and tailored to individual users. Organizations should strengthen monitoring of e-commerce platforms, enforce stricter access controls on backend systems and ensure timely detection of unauthorized changes to prevent further exploitation.

Like what you're reading?

Subscribe now to get security news and information in your inbox every week

Upcoming webinars & events

Join our upcoming events and webinars for expert insights, practical strategies and the latest cybersecurity trends.

Cyber Resilience Q2’26 product innovation update

May 14, 2026 11:00 AM EST

As cyberthreats continue to evolve, resilience now requires more than basic backup. Join Kaseya’s product leaders in this session as we explore the latest innovations designed to validate recovery readiness, strengthen protection across Microsoft environments and simplify operations for MSPs and IT teams.

Register Now

Unlock New MSP Opportunities with NIS2: Turning Compliance into Revenue

May 13, 2026 11:00 AM GMT

NIS2 is reshaping cybersecurity expectations across Europe with stricter requirements and a broader scope. In this session, discover how MSPs can turn compliance into a growth opportunity and position their services to help customers navigate evolving regulations.

Register Now