Month: February 2026

The French national bank account registry (FICOBA), a state agency which manages a registry of all bank accounts in France, said on February 18, 2026 that it has suffered a cyberattack, allowing hackers to gain information on over 1.2 million bank accounts. A hacker was using stolen credentials belonging to a government official to gain access.

Leaked data included bank account details including RIBs/IBANs, account holder identity, physical address, and in some cases also Taxpayer identification number.

Authorities quickly pulled FICOBA offline, restored access, and are notifying affected users.

Read more about it here.

Popular image sharing website Flickr confirmed it was hit by a cyberattack in which it lost sensitive data on a yet undisclosed number of customers.

In an email notification sent to its customers, Flickr said: “On February 5, 2026, we were alerted to a vulnerability in a system operated by one of our email service providers. This flaw may have allowed unauthorized access to some Flickr member information. We shut down access to the affected system within hours of learning about it.”

The data breached may have exposed full names, usernames, email addresses, IP addresses, general location data, Flickr account types and activity history.

The company immediately took action: They disabled access to the affected system, removed links to the vulnerable endpoint, alerted the third-party provider, requesting a full investigation, and notified the relevant data protection authorities.

Owned by SmugMug, Flickr is a photo sharing platform. It has 112 million registered users and millions of active photographers.

Read more about it here.

The ShinyHunters cyber gang claimed that it stole data from over 14 million Panera Bread accounts, totaling 760 MB in compressed format. According to the actor, the stolen information contains Full names, Email addresses, Phone numbers, Home addresses, Account details, and Personally Identifiable Information (PII). The cyber gang said that the files were leaked because the company didn’t pay an unspecified ransom.

Data breach notification service Have I Been Pwned (HIBP) said that a data breach at Panera Bread affected 5,120,000 accounts, not 14 million accounts as previously reported.

ShinyHunters told BleepingComputer that they gained access to Panera’s systems via a Microsoft Entra single sign-on (SSO) code. The attack was part of a new ShinyHunters voice phishing (vishing) campaign, targeting Single Sign-On (SSO) accounts at Okta, Microsoft, and Google across more than 100 high-profile organizations.

Soon after, the company was hit with two class action lawsuits over data breach.

Panera Bread is a US based bakery-café chain known for its bread, sandwiches, soups, salads, and coffee. Founded in 1987, it employees about 140,000 employees and operates nearly 2,300 locations in the US and Canada.

Read more about it here.