GrayscaleInsight

article / Social hot topics

Year Month Day Data Breach Incident Daily Report

24/03/2026

On March 23, 2026, a total of 16 data breach/data leak incidents were disclosed, involving 12 different attackers.

The most active attacker

ShinyHunters (2 incidents, US enterprises) fanfan (2 incidents, social/gaming websites) Capita (2 incidents, German finance) All others are single incidents.

Geographical Distribution:

United States 9 cases, Indonesia 2 cases, Germany 2 cases, China 1 case, Ukraine 1 case, South Korea 1 case, Iraq 1 case.

Hardest-Hit Industries:

Financial Services (4 cases), Government/Public Sector (3 cases), Healthcare, Software Development, Entertainment/Gaming, E-commerce, Energy, etc.

Highlights of Data Scale:

Iraq Ministry of Commerce: Approximately 43 million records (full names, family information, etc.) 7k7k: Approximately 9.1 million users (plaintext passwords + email addresses) US Tax Database: Over 300,000 users (including SSN, W-2 tax forms) Ameriprise: Over 200GB of internal SharePoint data + PII Indonesia BAPENDA related: 149,833 records (two disclosures)

Event Trend Analysis

ShinyHunters continues to focus on U.S. enterprises, consecutively targeting educational software and financial giants, both involving PII + large volumes of internal files, with sales posing a strong deterrent. Fanfan specializes in social and gaming platforms; the 7k7k plaintext password leak directly threatens the security of millions of user accounts. Government/Public Sector emerges as a new hotspot (Indonesian Taxation, Ukrainian Energy, Iraqi Ministry of Commerce), with leak scales often reaching tens of millions, showing clear geopolitical undertones (Russian military targeting Ukraine). Black Market Sales Trend intensifies: U.S. tax databases, two German banks, Trio-Tech 506GB are all openly priced on exploit forums/darkaforums, indicating a surge in pure data monetization models beyond traditional ransomware. Source Code Leak resurfaces (Toomics), posing a long-term threat to intellectual property.

Safety Recommendations

Medical, financial, e-commerce, and government institutions should immediately investigate whether they have any supply chain connections with the above-mentioned victims. All enterprises must urgently review their password policies (prohibit plaintext storage), tighten Salesforce/SharePoint permissions, and verify offline backups. Gaming/social platforms should focus on preventing fanfan-type attacks, enforce 2FA activation, and monitor dark web forums. Key tracking for tomorrow: whether the 200GB Ameriprise data goes online, whether the 43 million Iraqi records begin circulating, and whether the LAPSUS-GROUP 6-day countdown is fulfilled.