European DYI chain ManoMano data breach impacts 38 million customers

• ManoMano, a French DIY and home improvement e-commerce platform operating across France, Belgium, Spain, Italy, Germany, and the UK, disclosed a data breach affecting 38 million individuals.
• The breach occurred through a compromised third-party customer service provider (Zendesk-based) in January 2026. Exposed data includes full names, email addresses, phone numbers, and customer service communications.
• No account passwords were accessed and no data modifications occurred on ManoMano’s systems.
• Upon discovery, the company immediately disabled the subcontractor’s access, revoked credentials, and strengthened access controls and monitoring.
• ManoMano notified relevant authorities including CNIL and ANSSI, and provided customers with guidance on remaining vigilant against phishing and social engineering attempts.
• The company emphasized that no financial data or account passwords were compromised in the incident.

*Source

Medical device maker UFP Technologies warns of data stolen in cyberattack

• UFP Technologies, a publicly traded medical device manufacturer with 4,300 employees and $600 million annual revenue, disclosed a cybersecurity incident detected on February 14, 2026.
• The attack compromised IT systems and resulted in data theft, with preliminary investigation indicating the threat actor was removed from systems.
• The incident impacted many but not all IT systems, affecting functions such as billing and label making for customer deliveries.
• Certain company and company-related data appear to have been stolen or destroyed, suggesting a potential ransomware or wiper attack.
• The company deployed isolation and remediation measures and engaged external cybersecurity advisors for investigation.
• UFP Technologies has not yet determined whether personal information was exfiltrated and stated it is unlikely the incident will have material impact on operations or financials.
• Primary IT systems remain operational and no ransomware group has publicly claimed the attack.

*Source

Olympique Marseille confirms ‘attempted’ cyberattack after data leak

• French professional football club Olympique de Marseille confirmed a cyberattack after threat actors claimed to have breached the club’s systems in February 2026.
• The threat actor leaked a sample of allegedly stolen information on a hacking forum, claiming to have stolen a database containing staff and supporter information for approximately 400,000 individuals.
• Exposed data includes names, addresses, order information, email addresses, and mobile phone numbers.
• The stolen data also includes information on more than 2,050 Drupal CMS accounts, including 34 OM staff and 1,770 contributors and moderators.
• Olympique Marseille’s technical teams and specialized service providers quickly brought the situation under control, with all activities continuing as normal and in complete security.
• The club reported the incident to the French data protection authority (CNIL), filed a complaint, and advised fans to remain vigilant against phishing attempts and report suspicious activity.
• The club emphasized that no banking details or passwords were compromised.

*Source

Wynn Resorts confirms employee data breach after extortion threat

• Wynn Resorts confirmed that hackers stole employee data from its systems after the company was listed on the ShinyHunters extortion gang’s data leak site.
• The threat actors claimed to have stolen over 800,000 records containing personally identifiable information (PII) including Social Security numbers and employee data, with a deadline of February 23, 2026, to contact them before data publication.
• Upon discovery, Wynn activated incident response protocols and launched a thorough investigation with external cybersecurity experts.
• The attackers confirmed that stolen data had been deleted, and Wynn stated it has not seen evidence of data publication or misuse. The incident did not impact guest operations or physical properties, which remain fully operational.
• Wynn is offering complimentary credit monitoring and identity protection services to affected employees.
• The threat actors claimed to have stolen data from Wynn’s Oracle PeopleSoft environment using voice phishing and social engineering tactics.

*Source

CarGurus data breach exposes information of 12.4 million accounts

• ShinyHunters extortion group published personal information from more than 12.4 million records allegedly stolen from CarGurus, a U.S.-based digital auto platform with 40 million monthly visitors.
• The threat group published a 6.1GB archive on February 21, 2026, containing compromised data that was added to the HaveIBeenPwned (HIBP) database. Exposed data includes email addresses, IP addresses, full names, phone numbers, physical addresses, user account IDs, finance pre-qualification application data, finance application outcomes, dealer account details, and subscription information. HIBP reports that 70% of the leaked data was already in its database from previous incidents, meaning approximately 3.7 million records are fresh.
• CarGurus has not released an official statement confirming the breach, though HIBP attempts to verify data authenticity before adding breaches to its database.
• Users are advised to remain alert for phishing attacks and scam attempts leveraging the leaked information.
• The ShinyHunters group typically uses voice phishing and social engineering to breach organizations and access SaaS platforms.

*Source

Conduent data breach hits millions across multiple states

• A major ransomware attack on U.S. government technology contractor Conduent Business Services has impacted tens of millions of individuals, far beyond initial estimates.
• The breach, which began in January 2025, now appears to have compromised the personal information of at least ~25 million people across multiple states, including 15.4 million in Texas and 10.5 million in Oregon.
• Sensitive personal data stolen in the incident includes names, Social Security numbers, medical information, and health insurance details—data that can be used for identity theft and fraud.
• The cyberattack was claimed by the SafePay ransomware group, which asserts it exfiltrated more than 8 terabytes of data during the intrusion.
• Conduent provides backend services for state healthcare and government programs, meaning many affected individuals may not have had a direct relationship with the company.
• The company has not yet confirmed the full total of affected individuals and is continuing to notify impacted people. According to filings, Conduent says it is in the process of notifying victims and has not found evidence that stolen data has been publicly misused.
• Mitigation actions include launching notification efforts to affected individuals and establishing channels for response, but no specific customer remediation programs (e.g., credit monitoring) were detailed in the Fox News piece itself.

*Source

230,000 Australian driver licences exposed in ransomware attack on vehicle finance firm

• A ransomware attack on vehicle finance software provider YouX exposed sensitive data linked to approximately 444,538 individuals, including around 229,226 Australian driver licence numbers.
• Attackers reportedly exfiltrated about 141GB of data, which included names, phone numbers, email addresses, residential addresses, financial details, and loan application records.
• The compromised dataset also contained 629,597 loan applications, Australian Business Numbers (ABNs), staff directories, and full customer portfolio information.
• The stolen data has been used in a ransomware extortion attempt, with portions allegedly published on hacking forums. YouX confirmed that unauthorized access led to data being downloaded from its systems and has established a dedicated support page and contact channel for affected individuals.
• The company is also working with the Office of the Australian Information Commissioner (OAIC) and the Australian Cyber Security Centre (ACSC) as part of its response.

*Source