Weekly Databreaches Roundup Week 04-2026
McDonalds India, UStrive, Canadian Investment Regulatory Organization (CIRO), and Ingram Micro.
McDonalds India
The Everest ransomware group has claimed that it hacked McDonald’s India and stole a very large amount of data, around 861 GB, including internal company documents and possible customer information. The group shared screenshots on the dark web that appear to show financial reports, audit records, pricing details, investor information, and contact details of managers, investors, and business partners from several countries. They also claim to have access to store-level data and have given McDonald’s India two days to respond. However, McDonald’s India has not released any official statement yet, and the claims have not been independently confirmed, so the information should be treated as unverified for now.
UStrive
Online mentoring platform UStrive fixed a security flaw that exposed personal information of its users, including children, to other logged-in users. The leaked data included names, email addresses, phone numbers, and in some cases details like gender and date of birth, affecting at least 238,000 user records. The issue was caused by a vulnerable Amazon-hosted system that allowed easy access to user data and was reported to TechCrunch by a researcher. UStrive confirmed the problem has now been fixed, but the organization has not said whether it will inform affected users, and it has not answered questions about whether the data was misused or if a security audit was conducted.
Canadian Investment Regulatory Organization (CIRO)
Canada’s investment regulator CIRO confirmed that a phishing attack led to a data breach affecting about 750,000 investors, which was first detected in August 2025 and publicly disclosed in January 2026 after a long investigation. The stolen data includes sensitive personal and financial details such as dates of birth, phone numbers, income information, social insurance numbers, ID numbers, and investment account records, though passwords and login details were not exposed. CIRO says there is no evidence the data has been misused so far, but the risk of identity theft remains high. The organization has notified authorities and affected individuals and is offering two years of free credit monitoring and identity theft protection while working to strengthen cybersecurity across the investment industry.
Ingram Micro
Ingram Micro disclosed that a ransomware attack in July 2025 caused a data breach affecting more than 42,000 people. Hackers accessed internal systems and stole files containing sensitive personal information, including names, contact details, dates of birth, and government-issued ID numbers such as Social Security, driver’s license, and passport numbers, mainly from employee and job applicant records. The attack also caused a major system outage that forced employees to work from home. While Ingram Micro has not officially named the attackers, reports link the incident to the SafePay ransomware group, which claimed to have stolen 3.5TB of data. The company is still investigating and has not shared further details publicly.
