SecureFact – Cyber Security News – Week of March 16, 2026

Starbucks disclosed a data breach affecting 889 Partner Central accounts used by employees to manage employment details, personal information, benefits, and HR information.
Threat actors gained access to affected accounts between January 19 and February 11, 2026.
The exposed personal information includes employees’ names, Social Security numbers, dates of birth, and financial account and routing numbers.
Starbucks notified law enforcement agencies and provided affected employees with two years of free identity theft protection and credit monitoring service through Experian IdentityWorks.
The company strengthened security controls related to access to Starbucks Partner Central accounts. No customer data was impacted by this incident.

Loblaw, Canada’s largest food and pharmacy retailer with 2,500 stores and 220,000 employees, disclosed a data breach affecting customer information.
Hackers breached a contained, non-critical part of the company’s IT network and accessed basic customer information including names, phone numbers, and email addresses.
The investigation found no evidence that financial information, credit card details, health information, or account passwords were compromised.
Loblaw automatically logged out all customers from their accounts as a precautionary measure.
The company advised customers to remain vigilant for suspicious communications and to change their passwords.
No threat actor has publicly claimed responsibility for the attack.

England Hockey investigating ransomware data breach

England Hockey, the governing body for field hockey in England with over 800 clubs and 150,000 registered players, is investigating a ransomware data breach after the AiLock ransomware gang listed it as a victim on its data leak site.
The threat actor claimed to have stolen 129GB of data from the organization’s systems and threatened to publish the files unless a ransom was paid.
England Hockey is working with external specialists and law enforcement to understand the scope of the incident.
The organization stated that understanding what data may have been impacted is a top priority of their ongoing investigation.
AiLock is a relatively new ransomware operation that engages in double-extortion attacks using ChaCha20 and NTRUEncrypt encryption.

Telus Digital confirms breach after hacker claims 1 petabyte data theft

Telus Digital, a Canadian business process outsourcing giant providing customer support and AI data services, confirmed a security incident involving unauthorized access to a limited number of systems.
Threat actors known as ShinyHunters claimed to have stolen nearly 1 petabyte of data from the company in a multi-month breach.
The attackers discovered Google Cloud Platform credentials in data stolen during the Salesloft Drift breach and used them to access Telus systems, including a large BigQuery instance.
ShinyHunters claims to have stolen customer support data, call records, source code, FBI background checks, financial information, Salesforce data, and voice recordings. The threat actors demanded $65 million in ransom in February 2026.
Telus engaged cyber forensics experts and law enforcement to investigate the incident.

Stryker, a Fortune 500 medical technology company with 53,000 employees and $22.6 billion in annual sales, suffered a wiper malware attack claimed by Handala, an Iranian-linked hacktivist group.
The attackers claimed to have stolen 50 terabytes of critical data and wiped over 200,000 systems, servers, and mobile devices across Stryker’s offices in 79 countries.
The attack forced a global shutdown of Stryker’s operations, with employees reverting to pen and paper workflows. The incident disrupted access to internal services and applications.
Stryker filed a Form 8-K with the SEC confirming the cyberattack affected its entire Microsoft environment.
The company activated its cybersecurity response plan and engaged external advisors and cybersecurity experts.
Stryker stated it has no indication of ransomware or malware and believes the incident is contained, though restoration timelines remain unclear.

Ericsson Inc., the U.S. subsidiary of Swedish telecommunications giant Ericsson, disclosed a data breach affecting 15,661 employees and customers after a service provider storing personal data was compromised.
The third-party vendor discovered the breach on April 28, 2025, with unauthorized access occurring between April 17-22, 2025. The investigation was completed in February 2026. Exposed information includes names, addresses, Social Security numbers, driver’s license numbers, government-issued ID numbers, financial information (account and credit card numbers), medical information, and dates of birth. The service provider notified the FBI and hired external cybersecurity experts to assess the breach. Ericsson is providing free IDX identity protection services including credit monitoring, dark web monitoring, identity theft recovery, and a $1 million identity fraud loss reimbursement policy to affected individuals.*Source