Massive US/EU PII breaches and ransomware surge: Conduent 62M, 24B credentials, ShinyHunters, Qilin, SRG, Canvas, Carnival, iRhythm, Xsolis, France Travail, Germany top EU target, Temu 310M claim, BlueHammer zero-day, AI browser ransomware, fake Interpol campaign, hospital attack shift, AT&T $177M settlement, KDDI plaintext passwords, JADEPUFFER autonomous AI ransomware, Apple India supplier breach by World Leaks, TransUnion 4.4M, MSG 26M, Kids Co. SSNs, AdaptHealth, Moody Bible Institute 2.3M, Lake Region Healthcare, South Carolina 1.1M stats, Grandview School District, Markel Insurance, DHS HSIN
Key Questions
What are some of the largest recent PII breaches mentioned in this highlight?
Conduent reported a 62M record breach involving healthcare claims, noted as the third largest US breach. Other major incidents include a claimed Temu breach of 310M records and a TransUnion exposure affecting 4.4M Americans.
How has ransomware activity changed recently according to the summary?
Ransomware revenue rose 40% to $529M in Q1 2026, with May incidents up 48% partly due to generative AI. Europe saw a 55% YoY increase with 150 active groups operating.
What new AI-related ransomware threats are highlighted?
JADEPUFFER is described as the first fully autonomous AI ransomware agent exploiting vulnerabilities like Langflow RCE without human involvement. Another novel vector uses AI-generated browser ransomware via DeepSeek abusing Chromium APIs on Windows and Android.
Which education-related breaches are noted in the highlight?
Canvas reported 275M records exposed, potentially impacting 30-50M K-12 students with the attack timed for finals week. Grandview School District and Infinite Campus also faced incidents exposing student and staff data.
What settlements or legal actions are referenced for breach victims?
AT&T began payouts from a $177M data-breach settlement with a two-class structure and December 2025 deadline. Okanogan Behavioral Healthcare reached a 2024 settlement covering 26k individuals with payments from $300 to $5k.
How are hospital and healthcare attacks evolving?
Big hospital ransomware incidents are declining while attackers shift to vendors and rural facilities, keeping overall breach counts at record highs. Examples include iRhythm, Xsolis, Lake Region Healthcare, and AdaptHealth breaches often involving social engineering or third-party contractors.
What supply chain or vendor risks are emphasized?
An Apple India supplier breach by World Leaks exposed 630GB of iPhone 18 Pro files including modem plans due to weak VPN and MFA. This reinforces concerns over supply chain concentration and data extortion tactics.
What protective steps are recommended amid these breaches?
HIBP checks, MFA adoption, and credit freezes are urged due to credential leaks and exposures like the 24B credentials compilation and KDDI plaintext password incident. Biometric privacy laws are also highlighted following the MSG breach of 26M records.
Continuing wave of breaches: Conduent 62M (healthcare claims, third largest US breach); 24B credentials leaked (compilation); Canvas 275M (30-50M K-12 students, attacker timed for finals week); Columbia 868k; DentaQuest 2.6M; Panera 5.1M; Discord 10M; iRhythm (social engineering, dual-extortion); Infinite Campus 137k staff; 5.4M Swedes; France Travail 1M+ (health data, plaintext passwords); Xsolis 1.4M (phishing via Mayo/UW); Risk Strategies breach (SSNs, medical); Okanogan Behavioral Healthcare settlement (2024, 26k, $300-5k). NEW: Temu breach claim 310M records (bcrypt hashes, device info, IPs) — Temu denies but sample verified; credential stuffing and phishing risk. NEW: Medtronic breach by ShinyHunters — 9M records with SSNs and health info. NEW: Huntsville Hospital breach via Amicus Solutions — 10M+ patients affected. NEW: Moodle database breach at UVCI — 8GB student credentials leaked, credential reuse risk. Ransomware revenue up 40% to $529M in Q1 2026; May 2026 ransomware up 48% driven by generative AI. Silent Ransom Group (SRG) physically infiltrates law firms/healthcare via fake IT support; FBI FLASH alert; Google/Mandiant confirms. Qilin exploited Check Point VPN zero-day; CISA warns. Fox Rothschild law firm ransomware attack. HHS 'blame the victim' strategy adds regulatory pressure. UK Q1 2026 breaches doubled to 4.4M. HIBP/MFA/freezes urgent. Europe ransomware up 55% YoY with 150 active groups (Black Kite). NEW: BlueHammer Microsoft Defender zero-day (CVE-2026-33825) exploited in ransomware — CISA KEV gap. NEW: AI-generated browser ransomware via DeepSeek abusing Chromium API on Windows and Android — novel attack vector. NEW: Fake Interpol investigation emails deliver custom ransomware via Proton Drive — social engineering campaign targeting SMBs. NEW: Monmouth University breach (March 13, notified July 1) — SSNs, medical records, financial details exposed; 3.5-month delay. NEW: Yellow Corporation breach (2025, defunct company) — SSNs, medical info, passports exposed; class action filed. NEW: Shift in hospital attacks: big hospital ransomware down, but attackers moved to vendors and rural hospitals — breach counts still record-high. NEW: AT&T $177M data-breach settlement begins payouts — two-class payout structure, deadline Dec 2025. NEW: KDDI 14.2M plaintext email logins exposed — alarming password hygiene failure. NEW: NAIC PeopleSoft breach (regulatory data exposure). NEW: Nissan employee data breach (SSNs, bank info). NEW: Nidec ransomware attack. NEW: Aflac subsidiary hack. NEW: Kubota month-long access breach. NEW: Medtronic ransom payment confirmed. NEW: JADEPUFFER — first fully autonomous AI ransomware agent, exploits Langflow RCE, Nacos misconfig, no human in loop, lowers skill barrier to zero. NEW: Apple India supplier breach — World Leaks (ex-Hunters International) leaks 630GB of iPhone 18 Pro files including C2 modem plans, exploiting weak VPN/MFA. Reinforces supply chain concentration risk and data-extortion model. NEW: TransUnion breach 4.4M Americans — credit bureau data exposed, notification delays, reinforces credit freeze urgency. NEW: MSG breach 26M records including biometric data — highlights need for biometric privacy laws like NYC Intro 213. NEW: Kids Co. breach exposes children's SSNs — daycare/camp provider, scope unknown but high risk for families. NEW: Northern Technologies International breach (names only, 4-month delay). NEW: Verizon DBIR 2026 confirms software flaws now #1 breach cause, 55% jump in exploitation, 7x rise in edge device attacks — patching crisis. NEW: AdaptHealth breach (social engineering of third-party contractor, PHI/password files exposed, no SSNs). NEW: Moody Bible Institute breach 2.3M records (ShinyHunters, full PII in HIBP). NEW: Lake Region Healthcare breach (314 patients, SSNs/medical info). NEW: South Carolina breach stats: 1.1M affected, financial sector leading. NEW: Grandview School District breach (20-month delay, SSNs/student IDs/health info). NEW: Markel Insurance breach (PHI/PII, SSNs/DLs/medical info, 268 reported in TX so far). NEW: DHS HSIN breach — law enforcement intelligence network compromised, Sen. Warner calls for investigation; World Cup and America250 events raise stakes.