SecureFact – Cyber Security News – Week of March 23, 2026

Marquis, a Texas-based financial services provider, disclosed that a ransomware gang stole data of over 672,000 individuals in an August 2025 cyberattack that disrupted operations at 74 banks across the United States.
The attackers compromised a SonicWall firewall and exfiltrated comprehensive personal and financial information including names, dates of birth, addresses, phone numbers, Social Security Numbers, Taxpayer Identification Numbers, and financial account information without security or access codes.
Marquis attributed the breach to a security vulnerability in SonicWall’s cloud backup service disclosed in September 2025, which allowed attackers to extract access credentials and tokens.
The company filed a lawsuit against SonicWall in February 2026 accusing the cybersecurity company of gross negligence and misrepresentation.
Marquis is defending over 36 consumer class action lawsuits stemming from the cyberattack and seeking monetary damages, indemnification, and contribution for related judgments.
The company worked with customers to validate affected individuals and obtained current mailing addresses to notify victims.

Aura confirms data breach exposing 900,000 marketing contacts

Identity protection company Aura confirmed that an unauthorized party gained access to approximately 900,000 records through a voice phishing attack targeting an employee.
The compromised data originated from a marketing tool used by a company acquired by Aura in 2021, exposing limited information including full names, email addresses, home addresses, and phone numbers.
The threat group ShinyHunters claimed responsibility and leaked the stolen files on their data extortion site after stating the company failed to reach an agreement. Aura emphasized that Social Security Numbers, account passwords, and financial information were not compromised.
The Have I Been Pwned service noted that 90% of exposed email addresses were already present in its database from previous incidents.
conducted an in-depth internal review in partnership with external cybersecurity experts and notified law enforcement authorities.
The company committed to sending personalized notifications to all affected individuals and implementing enhanced security measures.

Navia discloses data breach impacting 2.7 million people

Navia Benefit Solutions disclosed a data breach affecting nearly 2.7 million individuals.
The unauthorized access occurred between December 22, 2025, and January 15, 2026, but was discovered on January 23, 2026.
The compromised data includes full names, dates of birth, Social Security Numbers (SSNs), phone numbers, email addresses, and information related to Flexible Spending Accounts (FSA), Health Savings Accounts (HSA), Health Reimbursement Arrangements (HRA), and COBRA enrollment details.
The company emphasized that claims and financial information were not exposed.
Navia notified federal law enforcement and arranged for affected individuals to receive 12 months of free identity protection and credit monitoring services from Kroll.
The company also reviewed its security posture and data retention policies to identify and address vulnerabilities. No ransomware group has claimed responsibility for the breach.

FBI seizes Handala data leak site after Stryker cyberattack

The FBI seized two websites (handala-redwanted.to and handala-hack.to) operated by the Handala hacktivist group following a destructive cyberattack on medical technology giant Stryker.
The Iranian-linked, pro-Palestinian group compromised a Windows domain administrator account and created a new Global Administrator account to escalate privileges within Stryker’s infrastructure.
Attackers then issued Microsoft Intune wipe commands that factory-reset approximately 80,000 devices, including computers and mobile devices, with some employees’ personal devices also affected.
The FBI seized the domains under a court-authorized warrant from the District Court for Maryland, with the seizure notice indicating the domains were used to conduct malicious cyber activities on behalf of a foreign state actor.
Microsoft and CISA subsequently released guidance on hardening Windows domains and securing Intune to prevent similar attacks.
Handala acknowledged the seizures and stated they are building new infrastructure to continue operations.

Genealogy sites collect and store large volumes of personal information, but the article does not specify an exact number of affected users or a single breach event. Family trees often include names, maiden names, birthplaces, relatives’ relationships, addresses, and sometimes associated contact details, which can be indexed and aggregated across the web.
This data can be scraped by bots and absorbed into data‑broker databases, appearing on people‑search, background‑check, and marketing sites without the user’s direct knowledge.
Once in that ecosystem, genealogy‑tied information can be used to support identity theft, impersonation scams, and targeted phishing against entire families.
The article notes that even private trees may still expose data because relatives post overlapping information, obituaries stay public, and third‑party tools can copy or re‑publish content.
It does not describe any formal incident‑response program, such as credit monitoring, system shutdowns, or explicit law‑enforcement action, but rather frames the risk as a continuous, systemic leakage of family‑related data.
In effect, the threat is that sensitive personal and relational data—names, addresses, family connections, and, indirectly, DNA‑linked profiles—can spread widely and be reused by scammers without a clearly defined breach volume or a documented mitigation plan from the platforms themselves.