LeakWatch 2026 – Security incidents, data breaches, and IT incidents for the current calendar week 13 – igor´sLAB

The current calendar week 13—that is, the period from March 23 to 29, 2026—has so far shown no single major incident, but rather an unusually wide range of relevant incidents. It is striking that the most problematic cases are not limited to traditional data center targets, but are concentrated on publicly accessible web platforms, outsourced support processes, and build or release channels. It is precisely this mix that makes the week interesting from a security policy perspective, because it makes the vulnerable edges of modern IT particularly visible.

The attack on the European Commission is particularly striking. According to the Commission and Reuters reports, a cyberattack on the cloud infrastructure hosting the Europa web platform was detected on March 24. As things stand, data may have been leaked from affected websites, but the Commission’s internal systems were not compromised. This is noteworthy because the case demonstrates once again that publicly accessible information platforms remain highly relevant operationally and politically, even if the actual core systems remain untouched. A very similar pattern is emerging in the Netherlands. The Ministry of Finance officially reported unauthorized access to systems supporting several primary processes of the ministry, detected on March 19, with access subsequently blocked on March 23. At the same time, The Hague emphasized that services for citizens and businesses via tax administration, customs, and tenders were not affected. The news is particularly relevant because it illustrates a now-typical damage pattern: operational disruptions in specific areas, but initially no complete paralysis of the entire administrative apparatus. 
The incident at Ajax also falls into the category of exposed peripheral systems. The club itself confirmed that an attacker was able to access parts of the systems and view data. According to the official statement, this affected several hundred email addresses as well as fewer than 20 records of individuals subject to stadium bans. At the same time, Ajax acknowledged that a journalist was able to demonstrate that tickets could be transferred and stadium bans altered. It is precisely this combination of a limited confirmed data set and a significantly greater functional risk that makes the case interesting beyond the realm of sports.
The Crunchyroll case fits this pattern exactly. So far, it has only been confirmed that the company has launched an investigation into the allegations and is working with external security experts. According to Reuters and the attackers’ claims, the breach reportedly occurred via the Okta SSO account of a support employee who worked at Telus International, an outsourced service provider with access to support tickets. The particularly high figures—including nearly 6.8 million affected individuals and approximately 8 million support tickets—should currently be treated as the attackers’ claims and not as definitively confirmed company figures. Yet this is precisely where the case’s true relevance lies: not in the exact final tally, but in the fact that an external support channel could potentially serve as a lever for mass exposure. 
From a technical perspective, the most significant case of the week is LiteLLM. The project itself refers to a suspected supply chain incident involving unauthorized PyPI packages. Officially confirmed are the compromised versions 1.82.7 and 1.82.8, which have since been removed from PyPI. Additionally, the team explains that the affected releases were not released via the official GitHub CI/CD pipeline but, as things stand, appear to originate from a compromised PyPI maintainer account. Maintainer accounts have been rotated, the release of new versions has been paused, and Google Mandiant has been brought in to assist with the investigation. It is also worth noting the clarification that, according to the developer, users of the official LiteLLM Proxy Docker images should not be affected because dependencies are hard-coded there. This is not a typical package bug, but a lesson in just how much risk lies in the release process itself today. 
The attack on FBI Director Kash Patel’s private Gmail account added a distinct geopolitical dimension to the week. Reuters reports, citing the group involved and confirmation from the FBI, that the Handala group—attributed to Iran—has published personal photos and email excerpts. The FBI stated that the affected data was of a historical nature and contained no government information. Even if the immediate value of the material to authorities thus appears limited, the operational intent remains clear: maximum public exposure, minimal technical barrier, and high psychological impact. Consequently, the incident falls less into the category of classic data theft and more into the realm of strategic intimidation via personal leaks.
For LeakWatch, this week has thus been primarily a week of exposed flanks. The most visible risks to date have not lain in spectacular zero-day narratives, but in publicly visible web layers, trusted partner accesses, and insufficiently hardened release paths. From this, a clear priority emerges: exposure management, third-party vendor control, and secure release processes are no longer secondary disciplines but are integral to the core of any resilient operational strategy. This is precisely why Week 13 is notable not because of a single mega leak, but because of the common pattern seen in nearly all major incidents. 
What is LeakWatch?
As part of this editorial project, a specially programmed and trained bot is used for the author’s specific internet research; it handles the automated analysis of relevant data sources while simultaneously generating translations. The goal is to use primary sources that are as unaltered as possible, which is why all links are recorded in a table to allow interested readers to conduct optional in-depth research. Without AI support, automated search and extraction would only be feasible with disproportionate effort; nevertheless, every evaluation and the actual text creation are carried out editorially, and all content is also reviewed again, as the AI cannot interpret or formulate all content with complete reliability. LeakWatch is designed as a periodically published security and leak analysis format, created in the style of igor’sLAB and following specific guidelines. The focus is on verifiable events from primary sources, technical classification, and a completely neutral assessment free from the influence of pre-filtered secondary information from third parties.
Beginne eine Diskussion
Kommentar
Lade neue Kommentare
Artikel-Butler
Die laufende Kalenderwoche 13, also der Zeitraum vom 23. bis 29. März 2026, zeigt bislang keinen einzelnen Supergau, sondern eine ungewöhnlich breite Streuung relevanter Vorfälle. Auffällig ist, dass sich die problematischsten Fälle nicht auf klassische Rechenzentrumsziele verengen, sondern auf öffentlich erreichbare Webplattformen, ausgelagerte Supportprozesse und Build, beziehungsweise Veröffentlichungswege konzentrieren. Gerade diese Mischung macht die Woche […] (read full article…)
Antwort Gefällt mir
Alle Kommentare lesen unter igor´sLAB Community →
Editor-in-chief and name-giver of igor’sLAB as the content successor of Tom’s Hardware Germany, whose license was returned in June 2019 in order to better meet the qualitative demands of web content and challenges of new media such as YouTube with its own channel.
Computer nerd since 1983, audio freak since 1979 and pretty much open to anything with a plug or battery for over 50 years.
Follow Igor:
YouTube Facebook Instagram Twitter

Wir verwenden Technologien wie Cookies, um Geräteinformationen zu speichern und/oder darauf zuzugreifen. Wir tun dies, um das Surferlebnis zu verbessern und um personalisierte Werbung anzuzeigen. Wenn Sie diesen Technologien zustimmen, können wir Daten wie das Surfverhalten oder eindeutige IDs auf dieser Website verarbeiten. Wenn Sie Ihre Zustimmung nicht erteilen oder zurückziehen, können bestimmte Funktionen beeinträchtigt werden.

source
This is a newsfeed from leading technology publications. No additional editorial review has been performed before posting.