May 2026 was a significant month for cybersecurity, characterized by high-profile ransomware attacks, massive data breaches affecting millions, and the continued evolution of AI-driven threats. Key sectors including healthcare, electronics manufacturing, and telecommunications faced substantial disruptions.
Cybercrime Breaking News
- Ransomware group claims breach of pro-Orbán Hungarian media firm
- West Pharmaceutical Services suffered a ransomware attack that encrypted systems
- Zara data breach exposed personal information of 197,000 people
- NVIDIA confirms GeForce NOW data breach affecting Armenian users
Explore May’s top cybercrime incidents, justice actions, and data breaches.
Cybercrime Breaking News
The pro-Orbán Hungarian media company Mediaworks confirmed a data theft by the World Leaks Ransomware Group. This attack resulted in the exfiltration of nearly 8.5 TB of internal data, including payroll records, contracts, and financial files, exposing sensitive business information and creating significant operational and reputational risks.
Foxconn confirmed a cyber attack after the Nitrogen ransomware group claimed to have stolen sensitive files linked to Apple and NVIDIA projects. This incident raised concerns over supply-chain exposure, intellectual property theft, and potential operational disruption within one of the world’s largest electronics manufacturing networks.
West Pharmaceutical Services suffered a ransomware attack that encrypted systems and stole data. This forced the company to shut down portions of its global network, disrupting manufacturing, shipping, and supply-chain operations critical to pharmaceutical and biotech customers worldwide.
Grafana Labs confirmed that attackers, identified as TeamPCP, stole portions of its internal codebase during a supply-chain related breach. The company refused to pay the ransom demand, raising concerns over potential source code exposure, downstream software integrity risks, and further exploitation attempts targeting customers and developers.
Zara (Inditex) disclosed an unauthorized access to a third-party hosted database that exposed transaction-related records tied to nearly 197,000 customers. This breach increased the risk of targeted phishing, purchase fraud, and account impersonation, although passwords and payment card details were not compromised.
NVIDIA confirmed a breach at its Armenian GeForce NOW partner, which exposed user information including names, email addresses, birth dates, and account metadata. This incident increased phishing and account-targeting risks for affected users, although NVIDIA’s own infrastructure remained unaffected.
7-Eleven confirmed that hackers breached internal systems storing franchisee information. This incident highlights the vulnerabilities within franchise operations and the potential for widespread impact across a large network.
The American Lending Center disclosed a data breach that exposed sensitive personal and financial information belonging to roughly 123,000 individuals. This increased the risk of identity theft, financial fraud, and phishing attacks against affected loan applicants and customers.
Cybersecurity and AI
Anthropic’s Mythos AI model continued to be a significant topic in May, demonstrating its capability to find over 10,000 critical vulnerabilities in one month. This highlights the dual-use potential of advanced AI in both offensive and defensive cybersecurity.
Want to find out more about:
AMATAS will continue to monitor this space and deliver salient information regularly.
Stay tuned for our next report and if you are interested in any of our privacy and cybersecurity services, please do reach out through our website www.amatas.com or by e-mailing office@amatas.com.
As always – be vigilant, stay alert, and think twice.
