In June 2026, a threat actor operating under the name ShadowByte$ claimed to have exfiltrated approximately 859MB of internal corporate data from Nintendo. The attacker posted these allegations on a cybercrime forum, demanding a ransom of $2 million t...
iRhythm Holdings, a digital healthcare company specializing in cardiac monitoring, recently disclosed a significant cybersecurity incident involving the unauthorized exfiltration of sensitive data. The company first identified unauthorized activity on...
In June 2026, Meta resolved a significant security vulnerability within Instagram’s AI-powered account recovery system, known as High Touch Support. The breach, which began in mid-April and was discovered in late May, resulted in the hijacking of appr...
In May 2026, Community Bank, a subsidiary of CB Financial Services with operations in southwestern Pennsylvania, southeastern Ohio, and northwestern West Virginia, disclosed a data breach incident involving the unauthorized use of an artificial intell...
In April 2026, Vercel, a cloud deployment firm and web3 hosting backbone, experienced a significant security breach stemming from a compromised third-party AI tool. The breach led to unauthorized access to Vercel's internal systems and customer data, ...
In April 2026, Mercor, an AI recruiting startup valued at $10 billion, confirmed it was impacted by a supply chain cyberattack stemming from a compromise of the open-source LiteLLM project. This confirmation followed claims by the Lapsus$ extortion gr...
In November 2025, Salesforce confirmed it was investigating a security incident involving unusual activity within Gainsight-published applications connected to its platform. The investigation revealed that unauthorized access to certain customers' Sal...
In August 2025, Google confirmed that one of its corporate Salesforce instances was breached in June by the cybercriminal group ShinyHunters, also tracked as UNC6040, resulting in the theft of customer data. This incident is part of a larger wave of a...
In October 2025, security researcher Johann Rehberger discovered a vulnerability in Anthropic's Claude AI model that allows for the exfiltration of private data through indirect prompt injection. The attack involves injecting malicious instructions in...
In September 2025, Zscaler, along with numerous other organizations, disclosed a data breach stemming from a supply chain attack targeting Salesloft Drift, a marketing automation platform integrated with Salesforce. The threat actor, identified as UNC...
Cyber Security Case Studies has worked with a number of groups to develop these risk effect categories which represent a plain-english description of the impacts seen in public cyber events alongside their definition: