48 hour breach round up - Jul 8, 2026
Nextcloud
Where: Germany / Europe
When: Published July 8, 2026; exposure discovered May 18, 2026; closed May 27, 2026
What happened: Cybernews reported that a hosting misconfiguration exposed an Elasticsearch database containing about 367,000 internal records and 7.92 GB of data. Exposed material included invoices, contracts, employee details, emails and client setup scripts, some with hardcoded database credentials. Nextcloud said the issue was fixed, reported to the state data protection officer, and that it had no evidence of exploitation.
Deutsche Bank / external German service provider
Where: Germany
When: Published July 8, 2026; exact occurrence date not public
What happened: Unsafe ransomware claimed it breached Deutsche Bank and posted alleged employee database extracts. Cybernews reported samples included employee emails, password hashes, physical addresses and internal records. Deutsche Bank confirmed an incident at an external German service provider operating a marketing/incentive platform, but said there was no indication its own internal systems or network were affected.
Accenture
Where: Global / United States-listed company
When: Published July 7, 2026; alleged theft occurred in July 2026; exact access date not public
What happened: Accenture confirmed an isolated security breach after a threat actor offered 35 GB of alleged source code and other data for sale. Claimed data included source code, RSA/SSH keys, Azure PATs, storage keys and configuration files. Accenture said it remediated the source and that operations/service delivery were not impacted.
Mount Royal University
Where: Canada
When: Published July 7, 2026; cyberattack occurred in June 2026
What happened: Mount Royal University said a June cyber incident was confirmed as a targeted data breach affecting students and staff. CityNews reported that data was stolen and deleted during the cyberattack.
Washington Department of Social and Health Services
Where: United States
When: Published July 7, 2026 by DataBreaches; original notice/reporting published June 29, 2026; incident occurred in March 2026
What happened: DSHS said a former employee improperly accessed about 8,600 client records for reasons unrelated to their duties. Potentially accessed information included full names, dates of birth, Social Security numbers, DSHS client numbers and program-enrolment information. DSHS said there was no evidence of access to specific health information such as diagnoses, test results, treatments, claims or chart notes.
TriWest Healthcare Alliance
Where: United States
When: Published July 7, 2026; disclosed to Texas Attorney General July 7, 2026; occurrence date not public
What happened: TriWest disclosed a breach involving personal and health-insurance information. The Texas filing identified 2,408 Texas residents as affected. Reported compromised information included names, health-insurance data and other personal data.
Markel Insurance
Where: United States
When: Published July 7, 2026; reported to Texas Attorney General July 7, 2026; occurrence date not public
What happened: Markel disclosed a breach exposing sensitive personal and medical information. At least 268 Texas residents were listed in the Texas filing. Exposed categories included Social Security numbers, driver’s licence numbers and medical information.
YKK AP America
Where: United States
When: Published July 7, 2026; first disclosed to Texas Attorney General July 7, 2026; occurrence date not public
What happened: YKK AP America reported a breach involving names, addresses, Social Security numbers and financial information, including account, credit-card or debit-card numbers. The Texas filing listed 368 affected Texas residents.
Heart of America Eye Care
Where: United States
When: Published July 7, 2026; unauthorized access occurred April 1-7, 2026; HHS disclosure June 5, 2026
What happened: Heart of America Eye Care disclosed unauthorized network access in which some information was viewed or taken. The review of affected data was still ongoing. A group called CMD Organization had previously claimed on the dark web that it obtained 730 GB, but PHI exposure was not yet confirmed.
Ohio Living
Where: United States
When: Published July 7, 2026; occurred in April 2026; the source narrative says April 26-27 while the same page’s summary lists April 16-17
What happened: Ohio Living disclosed unauthorized access to network systems and file copying. Potentially exposed information included names, dates of birth, Social Security numbers/taxpayer IDs, financial/payment-card data and extensive medical/health-insurance records affecting current and former employees, patients, residents and others.
T.A. Solberg Co.
Where: United States
When: Published July 6, 2026; reported to Massachusetts/Vermont regulators starting July 6, 2026; exact occurrence date not public
What happened: T.A. Solberg disclosed unauthorized access in which files were viewed and obtained. Exposed categories included names, Social Security numbers, driver’s licence/state ID and passport numbers, financial/pay-card data, medical information and health-insurance information.
AdaptHealth
Where: United States
When: Published July 6, 2026; disclosed to SEC June 27, 2026; occurrence date not public
What happened: AdaptHealth disclosed a breach involving patient information. The company said exposed data included passwords associated with insurance billing plus some patient PII and PHI; the specific fields and total number of affected individuals were not public.
Credit Acceptance Corp.
Where: United States
When: Published July 6, 2026; discovered June 4, 2026; disclosed to Massachusetts OCABR June 30, 2026
What happened: Credit Acceptance disclosed an incident exposing consumer names and Social Security numbers. The company is offering affected individuals 24 months of identity-monitoring services.
Henry Rossi & Co.
Where: United States
When: Published July 6, 2026; occurred Jan. 17-18, 2026; HHS disclosure June 2, 2026; notifications began June 10, 2026
What happened: Henry Rossi disclosed unauthorized access affecting about 2,720 people. Files included audit records for the Steamfitters Local #449 Medical & Benefit Fund; exposed personal information included full names, Social Security numbers and dates of birth.
NTN Bearing Corp. of America
Where: United States
When: Published July 6, 2026; occurred April 15, 2026; disclosed to Indiana Attorney General June 22, 2026
What happened: NTN Bearing disclosed an April ransomware-related breach. Payouts King claimed it obtained 596 GB, including employee PII, financial records, confidential business documents, internal correspondence and engineering files, but the specific data types have not been publicly confirmed.
Lake Region Healthcare
Where: United States
When: Published July 6, 2026; reported to Massachusetts and Texas regulators starting July 1, 2026; occurrence date not public
What happened: Lake Region Healthcare disclosed a breach exposing PII and PHI across multiple states. Exposed data included names, addresses, contact information, dates of birth, Social Security numbers, financial information, government ID numbers, medical/treatment information, health-insurance information, medical record numbers and patient account numbers.
Centers for Dialysis Care
Where: United States
When: Published July 6, 2026; suspicious activity identified March 20, 2026; HHS disclosure May 15, 2026
What happened: Centers for Dialysis Care disclosed a breach affecting about 8,000 people. An unknown actor accessed the network and files, potentially exposing names, Social Security numbers, dates of birth, tax or financial information, medical/health information, treatment or diagnostic information and health-insurance information.
UK Foreign Office / Fortinet credential exposure
Where: United Kingdom / international
When: Published July 7, 2026; credential theft/exposure date not specified
What happened: Cybernews reported that UK Foreign Office Fortinet VPN/firewall credentials, including privileged embassy-related logins, appeared in a dark-web dataset being sold by a threat actor. NHS, energy and medicine-supplier credentials were also reportedly present. Treat as a reported credential leak, not a confirmed systems breach.
Jacksonville, Texas
Where: United States
When: Published July 6-7, 2026; suspicious activity detected Friday, July 3, 2026
What happened: Jacksonville, Texas took some city systems offline after detecting suspicious network activity. Public reporting described service disruption and workarounds while third-party specialists investigated. I found no public confirmation of data theft, so treat this as a cyber incident rather than a confirmed data breach.