積架路虎（JLR）今年 9 月初遭黑客攻擊，停產超過一個月，英國網絡監測中心估計損失高達 19 億英鎊，為英國史上最嚴重資安事故，波及逾 5,000 家機構。黑客透過網絡釣魚及外洩憑證入侵系統，相關組織更聲稱發動攻擊，此次事件屬 3 級系統性事故，重創生產與供應鏈。

2025 年 7 月澳洲航空遭大規模網絡攻擊，570 萬名客戶的姓名、電郵、住址等個人資料外洩，為澳洲近年最嚴重資安事件之一。事件懷疑與 Scattered Spider 組織的社交工程、語音釣魚手法有關，暴露大型企業資安防禦漏洞，亦為企業強化網絡安全帶來重要警示。

In August 2024, the Nevada state government was hit by a ransomware attack triggered by a malicious advertisement that disrupted services in more than 60 government departments. IT staff clicked on the malicious advertisement to download a tool that contained a backdoor, and the password vault was breached. The authorities refused to pay the ransom, and in-house staff worked overtime for 28 days to repair 90% of the critical systems at a much lower cost than outsourcing, which has brought important information security implications to both public and private organizations.

Business services provider Conduent has suffered a massive data breach affecting 25 million people and nearly 17,000 employees of Regal North America. The breach, which took place between October 2024 and January 2025, was perpetrated by the Safepay ransomware organization, and Regal was unaware of the incident until January 2026, when it was compromised.

Remins. On this New Year's Eve, Digital Vault wishes all Hong Kong people and corporate clients a happy New Year of the Horse. On this New Year's Eve, Digital Vault would like to wish all Hong Kong citizens and enterprise customers a prosperous year of the Horse. As a cloud security storage expert rooted in Hong Kong, we will continue to protect data assets with solid encryption technology and professional cloud services, drive the digital transformation of enterprises, and work with Hong Kong to leap to the new digital peak.

Cybernews reported that on January 24th, BreachForums leaked more than 200 million Telegram user records, 44GB of uncompressed data containing names, usernames, emails, and phone numbers, as well as 60 million records and 16 billion sets of credentials, the source of which has yet to be determined. The source of the data has yet to be determined. Users are at risk of mass phishing, and NVISO, an information security firm, has recommended that organizations disable the communication software API.

A cyberattack on ApolloMD, a medical group based in Georgia, USA, has resulted in the leakage of sensitive information about 626,540 people, including names, addresses, diagnostic records, and health insurance and social security numbers. The hackers breached the system in May, and the incident was staged by the Qilin ransomware group, which has repeatedly targeted the healthcare industry, releasing information on an average of about 40 victims per month over the last year.

Hacker Rose87168 claimed to have hacked into Oracle's cloud SSO servers and stolen 6 million user authentication data for sale on the dark web, and is suspected to have exploited the vulnerability of the old software to even build files on its servers. oracle adamantly denied that it had been hacked, but quickly took down the servers involved, and BleepingComputer verified that the hacker's data samples were true, which sparked a cloud information security test. BleepingComputer verified that the hacked data samples were true.

SoundCloud's backend assistance dashboard was accessed without authorization, and HIBP pointed out that about 29.8 million account information was exfiltrated, including about 30 million individual email addresses, no passwords and financial information. The platform was hit by a DoS attack after processing, the attacker harassed the relevant people by email and claimed to hold sensitive information, the platform has strengthened protection, HIBP has recorded the incident, the official reminded users to prevent phishing.

AT&T has reached a $177 million settlement, pending judge's approval, for two serious data breaches in 2024. The incidents involved the disclosure of sensitive data and telephone numbers of 73 million users, and the settlement was split between the two incidents, with the legal team claiming about one-third of the costs. The State of Connecticut has stepped up data privacy enforcement over the same period, reflecting the tightening of digital security regulations in the U.S. AT&T users are still awaiting judgment and compensation.

According to Media OutReach Newswire, the Hong Kong Cyber Security Incident Response Team Coordination Center (HKCERT), a division of the Hong Kong Productivity Council (HKPC), held a media briefing on January 28, 2026 to announce its annual "Hong Kong Cyber Security Outlook 2026".

Nike, the global sportswear giant, was attacked by the international ransomware organization WorldLeaks in January 2026, which involved the theft of up to 1.4 terabytes of internal data and a total of 188,347 files, and the hackers even set a countdown timer to threaten to disclose all the contents, which has aroused the concern of the global business community and cybersecurity industry.