SecureFact – April 20, 2026

Citizens Bank data breach involves third-party vendor and masked test data

A data breach involving Citizens Bank exposed personal information of thousands of customers, with reports also referencing claims of up to 3.4 million records by attackers. The breach originated from a third-party vendor rather than the bank’s internal systems. While most of the compromised dataset consisted of masked test data, a small subset of real customer data was affected, including names, addresses, and bank account numbers. Fortunately, there is no indication that highly sensitive data such as Social Security numbers, passwords, or financial credentials were involved. Citizens Bank has implemented enhanced monitoring measures and is offering complimentary account monitoring services to affected individuals.

(Source: Read full report)

Utility technology giant Itron discloses breach of internal IT network

Itron, Inc., a Washington-based company managing over 112 million endpoints across 100 countries, disclosed a cybersecurity incident involving unauthorized access to certain internal systems. Upon detection on April 13, 2026, the company activated its response plan and engaged external advisors to investigate and contain the breach. While the investigation is ongoing, Itron confirmed that business operations recorded no material disruption and customer systems were not affected. The unauthorized activity has been blocked, and the company is working with law enforcement authorities to manage the incident.

(Source: Read full report)

Home security giant ADT confirms data breach following ShinyHunters extortion threat

ADT confirmed a data breach detected on April 20, 2026, after the ShinyHunters extortion group threatened to leak stolen records unless a ransom was paid. The breach was attributed to a voice phishing (vishing) attack that compromised an employee’s Okta single sign-on (SSO) account, which was subsequently used to access the company’s Salesforce instance. ADT’s investigation confirmed that the compromised information was limited to names, phone numbers, and addresses, with a small percentage including dates of birth and partial SSNs. Critically, no payment information was accessed, and customer security systems remained secure.

(Source: Read full report)

New BlackFile extortion group linked to surge of vishing attacks against retail and hospitality

A financially motivated hacking group known as BlackFile has been linked to a wave of data theft and extortion attacks targeting the retail and hospitality sectors. The group uses sophisticated voice-based phishing (vishing) to impersonate corporate IT helpdesk staff, luring employees to fake login pages to steal credentials. Once access is obtained, attackers bypass multifactor authentication and escalate privileges to scrape internal directories and steal data from Salesforce and SharePoint servers. BlackFile then publishes exfiltrated documents to its dark web leak site to pressure victims into paying seven-figure ransoms.

(Source: Read full report)

Cosmetics giant Rituals discloses data breach of membership database

Dutch cosmetics company Rituals disclosed a data breach affecting its “My Rituals” membership database after unauthorized downloads were detected. The personal data involved includes full names, email addresses, phone numbers, dates of birth, and genders of an undisclosed number of customers. Rituals has notified authorities and contained the breach by blocking attacker access. The company confirmed that no passwords or payment information were compromised. Rituals, which has over 41 million loyalty program members, is currently conducting a forensic investigation to prevent future incidents.

(Source: Read full report)

Seiko USA website defaced as hackers claim theft of Shopify customer database

The Seiko USA website suffered a defacement incident over the weekend of April 20, 2026, by attackers claiming to have stolen its Shopify customer database. Visitors to the site’s “Press Lounge” were met with a ransom demand and a threat to leak sensitive information if payment was not made within 72 hours. The attackers claim to have exfiltrated names, email addresses, order histories, and shipping details. While Seiko USA has removed the extortion message, the legitimacy of the data theft claims is still being verified.

(Source: Read full report)

French government agency confirms breach impacting 11.7 million accounts

France Titres (ANTS), the agency responsible for administrative documents in France, disclosed a major data breach affecting 11.7 million individual and professional accounts on its official portal. Detected in mid-April 2026, the breach exposed personal data including names, email addresses, dates of birth, and unique account identifiers. A threat actor known as “breach3d” claimed to be selling the data on hacker forums. While the exposed information does not allow unauthorized access to the portal itself, authorities warn it could be used in targeted phishing and social engineering attacks.

(Source: Read full report)