SecureFact – April 27, 2026

Citizens Bank confirms data breach via third-party vendor

Citizens Financial Group, the parent company of Citizens Bank, disclosed a data security incident involving data extracted from a third-party provider. The bank clarified that its own internal systems remained secure and no unauthorized access was detected within its internal network. While much of the compromised data consisted of masked test data, a limited set of personal information for a small number of customers was involved. Social Security numbers were reportedly not included in the exposed dataset. The disclosure followed claims by the Everest ransomware group, which asserted they held a dataset of millions of records. Citizens Bank has implemented enhanced monitoring and is contacting affected customers to provide guidance.

(Source: Read full report)

Utility firm Itron discloses breach of internal IT network

American utility firm Itron, Inc. disclosed that an unauthorized third party gained access to certain internal corporate systems on April 13, 2026. The company activated its cybersecurity response plan and engaged external advisors to remediate the unauthorized activity. Itron stated that its business operations continued in all material respects and no unauthorized access was observed in customer-hosted portions of its systems. The company does not anticipate a material impact on its financial condition, noting that insurance coverage is expected to offset direct costs associated with the incident.

(Source: Read full report)

ADT confirms data breach following ShinyHunters leak threat

Home security giant ADT confirmed a data security incident after the ShinyHunters extortion group claimed to have breached the company’s systems. The threat actors alleged they stole over 10 million records via a vishing attack that compromised an employee’s Okta SSO account. The exposed data includes names, phone numbers, and physical addresses, with a small percentage of victims also having birth dates and partial Social Security or Tax ID information exposed. ADT is working with law enforcement and cybersecurity experts to investigate the scope of the breach and has advised customers to remain vigilant against phishing and social engineering attempts.

(Source: Read full report)

New BlackFile extortion group targets retail and hospitality organizations

A financially motivated extortion group identified as BlackFile has been targeting organizations in the retail and hospitality sectors since early 2026. The group utilizes sophisticated voice-based phishing (vishing) attacks to pose as IT support and trick employees into revealing corporate credentials and MFA codes. Once access is gained, the group leverages APIs for cloud platforms like Salesforce and SharePoint to exfiltrate massive volumes of sensitive data. Unlike traditional ransomware groups, BlackFile focuses on pure extortion, publishing stolen data on their dark web leak site before making seven-figure ransom demands.

(Source: Read full report)

Cosmetics giant Rituals discloses data breach affecting membership database

Dutch cosmetics company Rituals confirmed a data breach involving its “My Rituals” customer membership database. Unauthorized parties accessed and downloaded customer information, including names, email addresses, phone numbers, birth dates, and home addresses across Europe, the UK, and the US. Rituals confirmed that no passwords or payment information were compromised. The breach was contained following discovery, and a forensic investigation is underway. The company has notified affected customers and relevant authorities, advising members to remain alert for potential phishing attempts leveraging the exposed contact information.

(Source: Read full report)

Seiko USA website defaced as hacker claims customer data theft

The Seiko USA website suffered a security incident where attackers defaced the site’s Press Lounge section and claimed to have stolen the company’s Shopify customer database. The message left by the attackers alleged they had exfiltrated information including customer names, contact details, shipping addresses, and order history. The hackers issued a ransom demand, threatening to leak the data if Seiko USA did not initiate negotiations within 72 hours. While the defacement was removed, the company has not publicly confirmed the legitimacy of the data theft claims.

(Source: Read full report)

French government agency France Titres confirms major data breach

France Titres, the French national agency for secure identity documents, confirmed a significant data breach affecting its online portal. An attacker operating under the aliases “breach3d” and “ExtaseHunters” claimed to have exfiltrated between 18 and 19 million records from the site. Potentially exposed information includes names, email addresses, dates of birth, and unique login identifiers. France Titres emphasized that the breach does not grant unauthorized access to accounts nor include scans of identity documents. The agency has notified national cybersecurity authorities and cautioned users to be highly vigilant against phishing attempts.

(Source: Read full report)