7 day breach round up
Jul 5, 2026
Sir Wilfrid Laurier School Board
Where: Canada
When: Occurred and disclosed July 2, 2026
What happened: The school board accidentally emailed Rosemère High School parents a spreadsheet containing sensitive parent/guardian information. Exposed data included names, birth dates, places of birth, Social Insurance Numbers, addresses, phone numbers and email addresses. The board asked recipients to delete the message and attachment.
Singapore Land Authority / IBM-managed cloud environment
Where: Singapore
When: Disclosed July 3, 2026; exact unauthorized-access date not public
What happened: SLA confirmed unauthorized access to an IBM-managed development and testing cloud environment. A dataset meant to contain only mock and anonymised testing data instead included real names, NRIC numbers and former property addresses for about 70,000 individuals.
Aflac Japan
Where: Japan
When: Unauthorized access occurred June 15-25, 2026; discovered June 25 and disclosed June 30
What happened: Attackers accessed Aflac Japan’s policyholder portal multiple times and exfiltrated data affecting roughly 4.38 million customers and agents. Exposed data included names, addresses, phone numbers, dates of birth, gender, insurance account information and some bank-transfer account details.
City of Acworth, Georgia
Where: United States
When: Listed July 3, 2026
What happened: Breachsense lists the City of Acworth as a claimed INC_RANSOM victim. I found this as a ransomware leak-site monitoring entry, but not as a municipally confirmed incident. Treat it as an unconfirmed threat-actor claim, not a verified breach.