Data Breach Roundup (Feb 27 – Mar 5, 2026)

LexisNexis confirms data breach as hackers leak stolen files

LexisNexis - which this article generously describes as a "data analytics company" - suffered a data breach due to an unpatched Reach2Shell vulnerability (which was rated at the maximum severity of 10 when it was discovered and highly publicized in November 2025, patches began to release in early December). The company claims old, non-sensitive data was stolen, such as customer names, user IDs (unclear if they mean identifications or more like usernames), business contact information, products used, customer surveys with respondent IP addresses, and support tickets. They insist no PII like Social Security numbers, driver's license number, financial information, or other data was leaked.

LexisNexis confirms data breach as hackers leak stolen files

American data analytics company LexisNexis Legal & Professional has confirmed to BleepingComputer that hackers breached its servers and accessed some customer and business information.

BleepingComputerBill Toulas

Star Citizen game dev discloses breach affecting user data

This occurred in January 2026 and impacts "basic account information" (such as metadata, contact details, username, date of birth, and name) for an undisclosed number of accounts. Cloud Imperium Games is not being super transparent or forthcoming with information and has not committed to providing more information once the investigation is complete.

Star Citizen game dev discloses breach affecting user data

Cloud Imperium Games (CIG), the game developer behind Star Citizen and Squadron 42, says attackers breached systems containing some users’ personal information in January.

BleepingComputerSergiu Gatlan

Paint maker giant AkzoNobel confirms cyberattack on U.S. site

AkzoNobel is a major global paint maker operating in over 150 countries with an annual revenue of over $12 billion. Anubis ransomware claims to have stolen 170GB of data including things like confidential agreements, email addresses, phone numbers, private emails, passport scans, material testing documents, and internal technical specification sheets.

Paint maker giant AkzoNobel confirms cyberattack on U.S. site

The multinational Dutch paint company AkzoNobel has confirmed to BleepingComputer that hackers breached the network of one of its U.S. sites.

BleepingComputerBill Toulas

Hacker mass-mails HungerRush extortion emails to restaurant patrons

HungerRush is a technology provider that offers point-of-sale, online ordering, delivery management, and more to restaurants. Earlier this week customers started receiving emails addressed to the company from an attacker trying to force the company into negotiations for a data breach. There are no details at this time about how many customers were impacted or what information was taken, but clearly the criminals at least have access to email addresses and the company's infrastructure.

Hacker mass-mails HungerRush extortion emails to restaurant patrons

Customers of restaurants using the HungerRush point-of-sale (POS) platform say they received emails from a threat actor attempting to extort the company, warning that restaurant and customer data could be exposed if HungerRush fails to respond.

BleepingComputerLawrence Abrams

UH Cancer Center data breach affects nearly 1.2 million people

An update to a story from January, we now know the number of people impacted. Contrary to initial reporting, the breach includes names, Social Security numbers, driver's license data, and voter registration data and covers four studies as well as two more files of names and SSNs collected for epidemiological research.

UH Cancer Center data breach affects nearly 1.2 million people

The University of Hawaii confirmed that a ransomware gang stole the data of nearly 1.2 million individuals in August 2025 after breaching its Cancer Center’s Epidemiology Division.

BleepingComputerSergiu Gatlan