Cybersecurity Incidents Reported So Far in 2026
Cyberattacks are no longer fictional scenarios seen only in movies. They are real, frequent, and increasingly disruptive. Their impact continues to grow at an alarming rate, resulting in billions of dollars in losses, operational disruption, and serious threats to national security.
This article provides an overview of some of the most significant cybersecurity incidents recorded so far in 2026.
Nike Data Breach
In January 2026, Nike announced that it was investigating a potential data breach after an extortion group known as WorldLeaks claimed to have stolen approximately 1.4TB of internal data from the sportswear company and published samples on its leak site.
WorldLeaks alleges that it exfiltrated 188,347 files from Nike’s systems. The leaked filenames suggest that the data primarily relates to design and manufacturing operations rather than customer information. Examples included directories labelled “Women’s Sportswear,” “Men’s Sportswear,” “Training Resource – Factory,” and “Garment Making Process,” indicating that the alleged breach focused largely on product development and production workflows.
The group is believed to be a rebrand of Hunters International, a ransomware operation active since 2023. Unlike traditional ransomware groups that encrypt systems, WorldLeaks reportedly focuses on data theft and extortion, threatening public disclosure instead of system disruption.
Notepad++ Supply Chain Attack
On 2 February 2026, the developers of Notepad++, a widely used text editor among developers disclosed details of a sophisticated infrastructure-level compromise.
According to the statement, attackers compromised a shared hosting server, allowing them to intercept and redirect update traffic intended for notepad-plus-plus.org. The hosting environment had reportedly been compromised as early as September 2025.
Even after losing direct server access, the attackers retained credentials to internal services until December 2025, enabling them to continue redirecting software updates to malicious servers. The campaign specifically targeted weaknesses in update verification mechanisms present in older versions of Notepad++.
All remediation actions and security hardening measures were completed by December 2025, successfully terminating attacker activity.
Aura Data Breach
In March 2026, online safety company Aura disclosed a security incident resulting from a targeted phone-based phishing attack against one of its employees.
An unauthorised third party gained access to the employee’s account for approximately one hour. Upon discovery, Aura immediately revoked access, activated its incident response procedures, engaged external cybersecurity and legal specialists, and notified law enforcement authorities.
The investigation determined that roughly 900,000 records were accessed, primarily consisting of names and email addresses stored within a marketing platform belonging to a company Aura had acquired in 2021.
On 19 March 2026, Aura confirmed that no databases supporting its identity theft protection application were accessed. Sensitive customer monitoring information remained uncompromised.
CAC Cyber Incident
One of the notable incidents within Nigeria involved the Corporate Affairs Commission (CAC). On 15 April 2026, the Commission announced that it was investigating a cybersecurity incident involving unauthorised access to limited portions of its information systems.
CAC stated that it was working closely with the National Information Technology Development Agency (NITDA), alongside other relevant government agencies and partners, to assess the scope and impact of the incident.
While detailed technical information has not yet been publicly disclosed, the Commission confirmed that containment measures had been implemented and additional safeguards deployed.
Stakeholders were advised to:
- Monitor records on the CAC portal,
- Update login credentials, and
- Remain vigilant against suspicious or unsolicited communications.
Ikeja Electric
A hacking group called ByteToBreach, already linked to several major Nigerian data breaches involving Sterling Bank, CRC Credit Bureau, the Corporate Affairs Commission, and Remita, claimed it had successfully hacked Ikeja Electric Distribution Company.
According to the group, it breached the company’s internal systems and deployed ransomware across dozens of machines. The hackers made these claims on DarkForum, an English-language dark web site where cybercriminals commonly trade stolen data and hacking tools.
The group alleged that it gained access to internal programmes, corrupted parts of the company’s virtual infrastructure, collected employee passwords, extracted data from business systems including metering platforms, and mapped elements of Ikeja Electric’s internal network structure.
Fast Credit Finance Company Limited
A data breach involving Fast Credit Finance Company Limited, a microfinance and lending institution regulated by the Central Bank of Nigeria, was reported in April 2026.
The incident reportedly became public around 25 April 2026 after threat-intelligence accounts on X flagged the breach. A post shared by Dark Web Informer claimed that a threat actor known as iProfessor was responsible for the attack, describing it as one of the largest recent compromises in Nigeria’s financial sector.
According to the claim, the attacker is attempting to sell approximately 870 GB of stolen data containing about 939,887 records on a cybercrime forum, with access restricted to only five potential buyers.
The allegedly exposed information includes highly sensitive customer data such as personally identifiable information, government-issued ID scans, loan and credit records, bank statements, customer communications, signed agreements, next-of-kin details, personal photographs, selfies, and other confidential financial records.
Sterling Bank & Remita
A threat actor known as ByteToBreach claimed responsibility for an alleged breach involving Remita, Nigeria’s major government payment processing system.
The claim appeared on the spear.cx cybercrime forum on 1 April 2026, where the actor advertised what they described as about 3TB of stolen data linked to Remita’s infrastructure, the platform used for Treasury Single Account operations, government salary payments, and revenue collections across ministries and agencies.
In the post, the attacker also alleged that previously compromised Sterling Bank servers were leveraged to help carry out the attack. You can read more here.
EFCC
Nigeria’s anti-corruption agency, the Economic and Financial Crimes Commission (EFCC), was reportedly targeted in a cyberattack claimed by a threat group calling itself Nullsec Nigeria.
The breach surfaced on a dark web forum on 21 April 2026, where a user linked to the group allegedly leaked internal EFCC data, including agent names, phone numbers, operational code names, and password hashes. Security observers warn that exposure of credential data could enable impersonation, unauthorised access, and risks to ongoing investigations and personnel safety. You can read more here.