On February 27, external counsel for OCAT, LLC dba Evoke Wellness at Hilliard (“Evoke”), submitted a breach notification to the Maine Attorney General’s Office. The sample notification letter submitted with it claims that the Ohio addiction treatment center learned of an incident on August 7, 2025: On August 7, 2025, OCAT became aware of unauthorized…
Data from Insight Hospital and Medical Center Leaked on Dark Web
On or about January 26, 2026, Insight Hospital and Medical Center (“Insight”) in Chicago issued a substitute notice. It states that in September 2025, Insight learned of unusual activity within its network. An investigation subsequently determined that an unauthorized individual accessed the network between August 22, 2025 and September 11, 2025. As of the date…
Wisconsin k-12 district hit by weeklong outage
Dysruption Hub reports: A reported “cyber incident” left the Denmark School District in the Village of Denmark, Wisconsin, without internet access for five school days, forcing teachers and students to rely on paper-based workarounds, according to a local news report. But that “cyberincident” appears to be a cyberattack by INC Ransom, or so the gang…
Project Compass: first operational results against The Com network
Europol reports: In its first year of operation, Project Compass has delivered concrete operational results against “The Com”, a decentralised extremist network targeting minors and vulnerable individuals both online and offline. Since January 2025, Project Compass has contributed to: 4 victims safeguarded 30 perpetrators arrested 62 identified and partially identified victims 179 identified and partially…
Hacktivists claim to have hacked Homeland Security to release ICE contract data
Lorenzo Franceschi-Bicchierai reports: A group of hacktivists calling themselves “Department of Peace” claimed to have hacked the Department of Homeland Security (DHS), leaking allegedly stolen documents online. On Sunday, the nonprofit transparency collective DDoSecrets published data relating to contracts between DHS, Immigration and Customs Enforcement (ICE), and more than 6,000 companies, including defense contractors Anduril, L3Harris, Raytheon,…
Shutdown Stalls Compliance Plans for Cyber Breach Reporting Rule
Cassandre Coyer reports: A partial government shutdown threatens to further derail a key federal cybersecurity agency’s incident reporting rule—and delay answers that companies need to comply. The Department of Homeland Security shutdown, now entering its third week, may push back the finish line for a Biden-era rule that would create stringent disclosure requirements for critical infrastructure entities after…