ADVERTISEMENT

Stolen passwords and no MFA led to 50 major recent breaches

A single password stolen from an employee after an infostealer infection led to 50 recent breaches in major global companies. One threat actor has built a reputation for breaking into cloud storage platforms that lack multi-factor authentication (MFA), exploiting even years-old passwords.

password stealing

Image by Cybernews.

Ernestas Naprys
Ernestas Naprys Senior Journalist
Jan 6, 2026 Updated: 7 January 2026 4 min read
Key takeaways:
Jurgita Lapienyte justinasv Izabele Pukenaite vilius Ernestas Naprys Gintaras Radauskas
Don't miss our latest stories on Google News. Add us as your Preferred Source on Google
Add us as your Preferred Source on Google.
stolen-data-hudson
Image by Hudson Rock.
ADVERTISEMENT
Has my data been leaked?

What companies had their data allegedly stolen?

  • Pickett & Associates (engineering firm): 139.1GB of LiDAR files, operational blueprints, and high-resolution orthophotos.
  • Intecro Robotics (aerospace and defense robotics manufacturer in Turkey): 11.5GB of military intellectual property, including UAV and fighter jet blueprints, models, and CNC programs.
  • Maida Health (military healthcare provider in Brazil): 2.3TB of medical records and sensitive personally identifiable information.
  • Burris & Macomber (Mercedes-Benz legal counsel): 18.3GB of litigation strategies, customer data, and corporate secrets.
  • Iberia Airlines (Spanish airline): 77GB of aircraft maintenance programs, confidential fleet data.
  • CRRC MA (mass transit manufacturer): complete engineering servers, containing signaling, SCADA, and train design schematics.
  • K3G Solutions (Brazilian ISP): 192GB of fiber network configurations, including backups, internal handbooks, and tower data.
  • IFLUSAC (mechanical/fire protection contractor in Peru): 22GB of projects with major clients, including engineering and business data.
  • GreenBills (healthcare service provider): 39.5GB of patient medical reports with sensitive PII.
  • CiberC (tech integrator in Colombia): 103GB of project tracking reports, maps, and infrastructure videos.
  • Sekisui House (real estate developer in Japan): access market as sold.
  • Hydratec (fire protection company): 81GB of CAD designs and training videos.
  • Total ETO (engineering firm in Canada): 28.95GB of ERP source code and customer database backups.
  • Degewo AG (housing company in Germany): 5.5GB of architectural plans for Berlin state housing.
  • ThermoEx (engineering company in Malaysia): 170GB of heat exchanger designs and financial purchase orders from Thailand.
  • Voltras (travel aggregator in Indonesia): complete internal financial archive.
  • Aion Law Partners (Canadian law firm): 38GB of legal, financial, immigration, and corporate documents, including sensitive client data.
  • NMCV Business (US healthcare platform): 47GB of patient medical and financial data, including protected health information.
  • PT Pasifik Satelit Nusantara (Indonesian satellite operator): 92GB of satellite project technical documents, ground system data, and other aerospace secrets.
  • VYTL-SFT (Verahealth, US healthcare software platform): 3.65GB of patient PHI and clinical records.
  • Others: Navee Teknoloji; La Esperanza Fuel; Esenboğa Airport; Injaro Investments; Industrial CMMS; UrbanX.io; Bradley R Tyer; Lex Logos Romania; Australian NBN; Hutchinson Builders; imss-consultores; GTD System; Clevertech S.p.A.; New Glasgow / Canuck; PetroAndina S.R.L.; Kimia Farma; Telecall Brazil; GreenHills Ventures; Pan-Pacific Mechanical; Cloisall / WSP; Schrödinger GmbH; The Providence Group; THESAVVYACCOUNTANT; Albany Physical Therapy; EXPRO-YPF; Treasure Coast Cardiology; Lebanese ISP; Bluefire / Old American; Saudi Arabia Customs; Erga Group.

What do we know about the threat actor?


ADVERTISEMENT