In May 2026, five local organizations, including the Hong Kong Polytechnic University, the Hong Kong University of Science and Technology and the Hong Kong Academy for Performing Arts, notified the Office of the Privacy Commissioner for Personal Data (PCPD) of the leakage of information from the Canvas online teaching platform, which is used by more than 9,000 institutions around the world, after a suspected large-scale intrusion. The names and email addresses of over 42,000 PolyU students and staff fell into the hands of hackers overnight.

GitGuardian's latest report shows that 28.65 million keys have been compromised on the GitHub platform alone, and the popularity of AI is exacerbating the risk. 28.65 million! That's not the number of users that have been compromised, not the number of files that have been compromised - it's the number of active keys that can directly log into the system, read the database, and call the API.

A ”caching anomaly” has caused the permanent disappearance of many users' data. This matter deserves our serious consideration. Recently, a number of Android users reported that without any operation, the photos and videos in their cell phone albums were emptied. The interception logs show that it was the Meituan app that triggered the deletion.

There's only one thing going on in the tech world these past two weeks. Thousands of people lined up at the entrance of Tencent's building in Shenzhen, waiting for an engineer to help them install a lobster. The A-share "Lobster Concept Stocks" have collectively risen. The first thing that happened was that the company's employees were not able to get the job done, but they were able to get the job done in a way that they didn't have to.

Open source AI intelligence OpenClaw (commonly known as the "little lobster" "lobster") has suddenly burst into the limelight, the circle of friends, technical groups are in the sun "to raise the little lobster" skills: some people let it automatically organize the net, some people let it take over the mailboxes, work orders, code base, and even directly to the business system "to take over the big power".

On March 2, Amazon's AWS UAE data center was hit by a drone, bringing down the entirety of several banking apps in Dubai and disrupting enterprise data for more than 24 hours. This incident deserves some serious thought from every business owner who gives their data to someone else for safekeeping.

In January 2026, ManoMano, a European e-commerce company, suffered a breach of its Tunisian subcontractor's Zendesk account, which resulted in the leakage of 38 million customers' data in six countries, including France, the United Kingdom, and Germany, including names and emails, but excluding passwords and payment information. The hacker "Indra" was selling the data on a forum, and ManoMano immediately terminated access and notified regulators to warn users of phishing attacks.

Conduent was attacked by the ransomware group SafePlay, a medical data breach that could affect 25 million people across the U.S. and compromise a large amount of personal and medically sensitive information. 2025 account credential thefts are rising sharply year-over-year, and the article suggests that people should prioritize hardening their email security, changing unique passwords, enabling dual authentication, and continually monitoring their accounts to prevent identity theft.

South Korean e-commerce company Coupang suffered a data leak of 34 million users' names, phone numbers and shipping addresses in November last year, which was ruled to be an administrative error rather than a cyber attack. As a result of the leakage, Coupang's share price dropped by 34% and analysts lowered their forecasts for the company's earnings. In addition, the Group is facing multiple pressures in its operations as the government intends to deregulate courier services and competitors are taking advantage of the situation to capture the market.

A California man has filed a class action lawsuit in U.S. federal court after a data breach at Wynn Resorts. The lawsuit alleges that the hacker group ShinyHunters stole sensitive information such as the names and social security numbers of more than 800,000 customers. The lawsuit accuses the group of failing to encrypt data in storage, inadequate network security measures, and notification of the concealment of critical information, as well as providing an insufficiently long 24-month identity-monitoring service.

PayPal's loan application system was compromised between July and December 2025 due to a coding error that compromised sensitive information such as names, contact information, social security numbers, and dates of birth for a small number of users, and PayPal subsequently remedied the vulnerability, enhanced security, refunded unauthorized transactions, and provided two years of free credit monitoring and identity restoration services to affected users.

The French national bank account database, FICOBA, was breached at the end of January 2026, resulting in unauthorized access to approximately 1.2 million bank accounts due to the misuse of civil servants' login credentials, which revealed account information, identities, addresses, and tax ID numbers. The intrusion was stopped immediately, the affected individuals were notified and the data protection authority was notified to alert the public against identity theft and financial fraud.