7 Data Security Stories to Know About (May 2026) | #ransomware | #cybercrime

Schools, cruises, convenience stores and more — here, Security magazine takes a look at 8 data security stories from this month. 

1. Canvas Parent Company Breach

Instructure, the parent company of learning management platform Canvas, discovered a breach on Apr. 29. Compromised information included names, email addresses, student ID, and even messages between users. 

Instructure experienced a second breach to Canvas a few days later, in which hackers were able to display a message on a webpage when users logged in. This second breach reportedly did not compromise any data. 

However, the organization paid a ransom to the threat actors due to the initial breach of data. 

Learn more about the Instructure breach. 

2. West Pharmaceutical Ransomware Attack

On May 4, West Pharmaceutical Services discovered it had been the victim of a ransomware attack. At the time of the compromise, the company was able to determine that certain data had been exfiltrated, but the extent of the affected data was unknown.

Currently, there has been no evidence of unauthorized activity or malicious activity against customers. 

Learn more about the West Pharmaceutical breach. 

3. Foxconn Cyberattack

After the ransomware group Nitrogen claimed to have stolen 11 million records from electronics manufacturer Foxconn, the company confirmed it had indeed faced a cyberattack. Potentially impacted customers include: 

• Google
• Intel
• Dell
• Apple 
• Nvidia

Learn more about the Foxconn breach. 

4. American Lending Center Breach

Consumers were notified of this data breach in April 2026, even though the breach had been discovered back in July 2025. This breach was the result f a ransomware attack, and according to initial reports, 123,000 are believed to be impacted. 

Learn more about the American Lending Center Breach. 

5. 7-Eleven Data Breach

Notable convenience store chain 7-Eleven experienced a data breach of its franchisee documents, potentially compromising the data included in franchise applications. At this time, customers are not believed to have been impacted. However, the company has since been sued after ShinyHunters claimed to expose more than 600,000 records. 

Learn more about the 7-Eleven breach.

6. GitHub Breach

A GitHub employee device was compromised, leading to a breach of approximately 3,800 internal repositories. The cybercriminal group behind this incident has expressed no intentions to extort the company; rather, they intend to simply sell the data to one buyer. 

Learn more about the GitHub breach. 

7. Carnival Cruise Breach

Approximately 6 million customers of Carnival Corporation were affected by a breach after a social engineering ploy deceived an employee, enabling malicious actors to access part of the organization’s IT systems. ShinyHunters claimed responsibility for the attack and asserted they had stolen 8.7 million records. 

Learn more about the Carnival Cruise breach.