The week in breach news

May 06, 2026

A sweeping ransomware campaign continues to send shockwaves across industries, with high-profile victims like Vimeo, Udemy and Medtronic joining the growing list. Meanwhile, cyberthreats continue to escalate across Europe, as Europol warns businesses, France detains a teen over a major breach and Italy faces one of its most significant infrastructure attacks.

North America

Vimeo

Industry: Media, Sports & Entertainment Exploit: Ransomware & Malware

The broad ransomware campaign by ShinyHunters continues to send shockwaves across industries, with new high-profile victims emerging, including video platform Vimeo, digital training giant Udemy and medical device manufacturer Medtronic.

Vimeo confirmed that hackers accessed user and customer data following a breach involving a third-party vendor. The attackers reportedly gained access to databases containing technical data, video titles, metadata and customer email addresses. ShinyHunters claimed responsibility for the attack, stating that data was extracted from Vimeo’s Snowflake and BigQuery environments.

Alarmingly, the campaign continues to expand, with the group claiming to have stolen 1.4 million records from Udemy. Meanwhile, Medtronic confirmed that certain corporate IT systems were compromised, adding to the growing list of affected organizations.

Source

How it could affect your business

Large-scale ransomware campaigns like this highlight how attacks can rapidly spread across multiple organizations and sectors. The exposed data can be reused for targeted phishing and follow-on attacks, increasing the risk for both affected companies and their partners. Organizations should strengthen user awareness, closely monitor third-party access and ensure strong detection capabilities are in place to identify suspicious activity early.

Europe

EU businesses

Industry: Technology Exploit: Ransomware & Malware

After the head of the U.K.’s NCSC urged businesses to strengthen their defenses, it’s now Europol that issued a similar warning to organizations across the European Union.

In its Internet Organized Crime Threat Assessment (IOCTA) 2026 report, Europol highlighted an increasingly industrialized cybercrime landscape driven by AI, ransomware and large-scale data theft. The agency observed more than 120 active ransomware groups in 2025, noting that attackers are exploiting supply chain vulnerabilities and using advanced social engineering tactics. The report also emphasized how generative AI is being used to tailor and scale fraud campaigns.

The report further noted that the dark web continues to play a central role in enabling cybercrime, with marketplaces and forums remaining resilient despite ongoing law enforcement efforts.

Source

How it could affect your business

The rise of industrialized cybercrime increases the scale and speed at which organizations can be targeted. Businesses should strengthen defenses by improving visibility across their environments, addressing supply chain risks and investing in advanced detection capabilities to counter increasingly sophisticated threats.

Europe

France Titres

Industry: Government & Public Sector Exploit: Hacking

French authorities have detained a 15-year-old suspect for selling data stolen in a cyberattack on France Titres, the agency responsible for managing official identity and registration documents in France.

On April 13, France Titres, also known as ANTS, detected a security incident that may have exposed data from individual and professional accounts on its portal. The compromised information includes login IDs, full names, email addresses, dates of birth, unique account identifiers and, in some cases, postal addresses, places of birth and phone numbers. Investigators have now identified a suspect operating under the alias “breach3d,” who allegedly attempted to sell between 12 and 18 million stolen records.

The agency said that approximately 11.7 million accounts were impacted, but noted that the exposed data could not be used to gain unauthorized access to user accounts.

Source

How it could affect your business

The rise of as-a-service models and readily available attack toolkits has significantly lowered the barrier for launching sophisticated cyberattacks. Organizations that fail to strengthen their defenses risk becoming easy targets in this rapidly evolving threat landscape.

Europe

Sistemi Informativi

Industry: Technology Exploit: Nation-State

IBM’s Italian subsidiary, Sistemi Informativi, suffered a significant cybersecurity incident in late April that attempted to disrupt critical infrastructure services across the country and raised concerns about a potential nation-state attack.

Sistemi Informativi, a key IT provider for public and private sector organizations in Italy, confirmed the breach and stated that it had contained the incident while activating response protocols with internal and external experts. The company’s website remained offline for several hours during the containment period. While services have since been restored, details about the scope of the breach remain undisclosed.

The incident is being viewed as one of the most significant cyberattacks targeting Italy’s public infrastructure in recent years. While investigations are ongoing, multiple reports suggest a possible link to the China-associated cyber espionage group Salt Typhoon.

Source

How it could affect your business

Attacks targeting core infrastructure providers can have cascading effects across multiple organizations that rely on their services. Businesses should strengthen resilience by assessing dependencies on critical providers, implementing continuous monitoring and ensuring business continuity and disaster recovery (BCDR) plans are in place to minimize disruption.

Australia & New Zealand

Kingborough Council

Industry: Government & Public Sector Exploit: Misconfiguration

Kingborough Council, a local government body in Tasmania, disclosed a cyber incident that temporarily made property owners’ and occupiers’ names and addresses accessible online.

On April 30, the exposure occurred due to a misconfiguration caused by human error, which made personal data publicly accessible. The council launched an investigation the same day and quickly restricted access to the information. It confirmed that no internal systems were compromised and there is no evidence that the data was altered or extracted.

Since the data was accessible via a public link rather than user-specific accounts, it remains unclear whether anyone accessed the information or how many individuals may have been affected.

Source

How it could affect your business

Misconfigurations like this can unintentionally expose sensitive data without any direct cyberattack. Organizations should implement stricter configuration management processes, conduct regular audits of public-facing assets and enforce access controls to prevent accidental data exposure.

Like what you're reading?

Subscribe now to get security news and information in your inbox every week

Upcoming webinars & events

Join our upcoming events and webinars for expert insights, practical strategies and the latest cybersecurity trends.

Cyber Resilience Q2’26 product innovation update

May 14, 2026 11:00 AM EST

As cyberthreats continue to evolve, resilience now requires more than basic backup. Join Kaseya’s product leaders in this session as we explore the latest innovations designed to validate recovery readiness, strengthen protection across Microsoft environments and simplify operations for MSPs and IT teams.

Register Now

Unlock New MSP Opportunities with NIS2: Turning Compliance into Revenue

May 13, 2026 11:00 AM GMT

NIS2 is reshaping cybersecurity expectations across Europe with stricter requirements and a broader scope. In this session, discover how MSPs can turn compliance into a growth opportunity and position their services to help customers navigate evolving regulations.

Register Now