Weekly Databreaches Roundup Week 15-2026
Hungarian government, Orrick Herrington & Sutcliffe, Rockstar Games, LAPD, and Eurail
Hungarian government
A new investigation found that nearly 800 Hungarian government email accounts and passwords have been leaked online, affecting almost all ministries and exposing sensitive roles, including military and counter-terrorism staff. The issue wasn’t caused by advanced hacking but mostly by poor security practices, like weak and easily guessed passwords (e.g., “123456,” names, or simple words) and reuse of credentials on non-work websites. Some systems were also infected with malware that steals login details. The leaks included additional personal data like phone numbers and addresses, increasing security risks.
Orrick Herrington & Sutcliffe
The law firm Orrick Herrington & Sutcliffe LLP was targeted in early 2026 by a hacking group known as the Silent Ransom Group (SRG), which gained access to its systems likely using phishing or social engineering and stayed inside for about a week without deploying malware. The attackers demanded a large ransom, but Orrick offered much lower amounts (starting at $140K and eventually $1M), which SRG rejected, choosing instead to leak the firm’s data publicly on a regular website. The leaked files included sensitive and confidential legal and personal information, many of which were not even password-protected. This is especially notable because Orrick had already suffered a major breach in 2023 affecting over 460,000 people and had promised to improve its security afterward.
Rockstar Games
Rockstar Games is reportedly being targeted by the hacking group ShinyHunters, which claims it accessed the company’s cloud data through a third-party service called Anodot. Instead of hacking Rockstar directly, the attackers say they used stolen authentication tokens from Anodot to get into connected Snowflake systems, allowing them to access data while appearing like legitimate users. They’ve threatened to leak the data if Rockstar doesn’t pay by April 14, but the company hasn’t confirmed the breach yet.
LAPD
A major data breach has reportedly exposed sensitive information from the Los Angeles Police Department, with hackers leaking around 7.7TB of data, including officer personnel records, internal investigations, and unredacted legal documents containing personal details like witness names and medical information. The breach is believed to be linked to the group World Leaks and was hosted briefly by Distributed Denial of Secrets. Importantly, officials say the hack did not directly target LAPD systems but instead involved a third-party storage tool used by the Los Angeles City Attorney’s Office.
Eurail
Eurail B.V. reported a data breach affecting about 308,000 people after hackers accessed its systems in December and copied sensitive data. Stolen information includes names and passport numbers, with some data already leaked or sold online. A hacker claimed to have taken more data like backups and support records and went public after the company refused to negotiate. The breach also affected the DiscoverEU program, exposing additional details such as passport copies, bank data, and some health information. Eurail has alerted users and advised them to stay cautious and change passwords.