SecureFact – April 13, 2026

Eurail says December data breach impacts 300,000 individuals

Eurail B.V., a European travel operator providing digital passes covering 33 national railways, disclosed a data breach affecting over 300,000 individuals. Attackers gained unauthorized access to the customer database on December 26, 2025, and transferred files containing sensitive personal information. The exposed data included full names, passport details, ID numbers, bank account IBANs, health information, and contact details (email addresses and phone numbers). The threat actors published a sample of the stolen data on Telegram and attempted to sell it on the dark web. Eurail determined the breach on February 25, 2026, and filed notifications with authorities on March 27, 2026. The company advised affected customers to remain vigilant against phishing attacks, update Rail Planner app passwords, monitor bank account activity, and report suspicious transactions to their banks immediately. Eurail also confirmed that the European Commission warned that passport photocopies and health information may have been exposed for young travelers who received passes through the DiscoverEU program.

(Source: Read full report)

Healthcare IT solutions provider ChipSoft hit by ransomware attack

Dutch healthcare software vendor ChipSoft was impacted by a ransomware attack that forced the company to take offline its website and digital services for patients and healthcare providers. ChipSoft is a large provider of Electronic Health Record (EHR) systems in the Netherlands, with its flagship platform HiX used by many Dutch hospitals. The company discovered the attack after users reported the digital solutions developer was affected by a cybersecurity incident. Local media confirmed the company was hit by a cyberattack based on an internal memo ChipSoft circulated to healthcare institutions, alerting them of “possible unauthorized access.” The country’s computer emergency response team for cybersecurity in healthcare (Z-CERT) announced that a ransomware incident had impacted ChipSoft. As a precaution, ChipSoft disabled all connections to its Zorgportaal, HiX Mobile, and Zorgplatform digital health services. Multiple reports indicated system outages at various hospitals including Sint Jans Gasthuis in Weert, Laurentius in Roermond, VieCuri hospital in Venlo, and Flevo Hospital in Almere. The attack also impacted several Belgian hospitals. Z-CERT stated it was working with the firm and healthcare institutions to identify the impact and help them recover.

(Source: Read full report)

Hackers steal $3.6 million from crypto ATM giant Bitcoin Depot

Bitcoin Depot, which operates one of the largest Bitcoin ATM networks with over 25,000 Bitcoin ATMs and BDCheckout locations worldwide, disclosed that attackers stole $3.665 million worth of Bitcoin from its crypto wallets after breaching its systems in March 2026. The company discovered the attack on March 23 after detecting suspicious activity on some of its IT systems. Upon detection, Bitcoin Depot promptly activated incident response protocols, engaged external cybersecurity experts, and notified law enforcement. The unauthorized actor transferred approximately 50.903 Bitcoin from company-controlled wallets without authorization. Bitcoin Depot determined the incident was material in light of potential consequences including reputational harm, legal, regulatory and response costs. The company stated that the incident was contained to the corporate environment and did not affect customer platforms, divisions, systems, data or environments. Bitcoin Depot maintains insurance coverage that may cover certain losses associated with cybersecurity incidents, but there is no assurance such coverage will be sufficient to recover all losses. The company has hired external cybersecurity experts to help investigate the incident and notified law enforcement of the breach.

(Source: Read full report)

Snowflake customers hit in data theft attacks after SaaS integrator breach

Over a dozen companies suffered data theft attacks after a SaaS integration provider was breached and authentication tokens stolen. The majority of the data theft attacks targeted the cloud data platform Snowflake. Snowflake confirmed “unusual activity” within a small number of customer accounts linked to a specific third-party integration. The company immediately launched an investigation and locked down potentially impacted customer accounts out of an abundance of caution. Snowflake notified potentially impacted customers and provided precautionary guidance to help them further protect their accounts. The attacks stemmed from a security incident at data anomaly detection company Anodot, which provides real-time anomaly detection for business and operational data. Anodot’s status page warned that all of its connectors were down across all geographic regions, including Snowflake, S3, and Amazon Kinesis. Numerous companies were being extorted by the ShinyHunters extortion gang, which demanded ransom payments to prevent the release of stolen data. The threat actors claimed to have stolen data from dozens of companies using authentication tokens from Anodot. ShinyHunters also confirmed their attempts to steal data from Salesforce but said they were blocked by AI detection. Snowflake stressed that the attacks did not involve any vulnerability or compromise of its systems.

(Source: Read full report)

China supercomputer breach exposes massive defence data, sparks security concerns

The breach reportedly exposed over 10 petabytes of data from a Chinese supercomputing facility, indicating one of the largest known data compromises in recent times. The compromised data includes highly sensitive defence-related information, such as military research data, weapon design details, and classified project files. Some reports indicate the presence of technical schematics and research datasets linked to national security programs. There is no clear indication that personal data (such as names, addresses, or financial records) was the primary target; the breach appears focused on strategic and defence intelligence data. The exposed data is believed to have been exfiltrated over an extended period, suggesting large-scale and continuous data access. Authorities and the affected organization have reportedly initiated an investigation into the breach to assess its full scope and origin. There are indications that access points such as VPN systems were reviewed and secured following the incident. Relevant agencies are believed to be engaging with cybersecurity and law enforcement entities to trace the attacker and contain further exposure.

(Source: Read full report)

FBI warns about foreign apps and your data

The FBI warning does not specify an exact volume of data breached, but highlights the potential for continuous and large-scale data collection from users’ devices. The data affected includes personal information such as names, phone numbers, email addresses, physical addresses, and contact lists. Apps may also collect device-level data beyond the app itself, including broader activity across the phone. In some cases, data from non-users can also be collected if their information exists in someone else’s contact list. The collected data may be stored on overseas servers, including jurisdictions where government access is legally permitted. Certain apps may continue collecting data in the background even when not actively in use. There is also a risk of malware or hidden backdoor access, enabling further unauthorized data extraction. The FBI has issued a public alert and guidance, urging users to review app permissions, while authorities continue monitoring risks associated with foreign-developed applications.

(Source: Read full report)