This week's threat landscape reveals a concerning acceleration in business-targeting attacks, with approximately 11 data breaches disclosed daily, though many breaches go unreported for months. March 2026 has proven particularly damaging for North American businesses, with ransomware groups and credential-harvesting operations targeting everything from healthcare systems to streaming platforms.
Major Healthcare and Benefits Administrator Breaches Expose Millions
Navia Benefit Solutions disclosed a massive breach affecting 2.7 million individuals between December 22, 2025, and January 15, 2026. The incident exposed full names, dates of birth, Social Security numbers, phone numbers, email addresses, participation in HRA, FSA information, and COBRA enrollment information. This breach underscores the vulnerability of third-party benefits administrators that many businesses rely on for employee services.
Crunchyroll, the popular anime streaming platform, is investigating a breach after hackers claimed to have stolen personal information for approximately 6.8 million people. The attack reportedly involved compromising the Okta SSO account of a support agent, planting malware, and stealing over 8 million support tickets, highlighting the risks of single sign-on vulnerabilities in business environments.
Ransomware Groups Target Business Services and Supply Chains
TELUS Digital confirmed it became a victim of a cyber attack orchestrated by the ShinyHunterz ransomware group, with the cyberattack compromising 1 petabyte of data belonging to its BPO customers, source codes, FBI background checks, financial information, voice recordings, and Salesforce data for various companies. This breach demonstrates the cascading impact when business process outsourcing providers are compromised.
Infinite Campus, managing data for roughly 11 million students, was breached after an attacker gained access to an employee's Salesforce account. While IC claims most of the data was already public, such as names and contact information for school staff, the incident highlights how threat actors exploit employee account compromises to access sensitive organizational systems.
Employee Credential Compromise Fuels Advanced Attacks
In March 2026, over 16 billion user credentials were discovered bundled into a single aggregation, accessible across criminal-targeting sources and marketplaces. This data, pulled from previous breaches and information-stealing malware over the years, offers threat actors a powerful weapon. The scale of exposed credentials creates unprecedented risk for credential stuffing and account takeover attacks against business systems.
Aura's breach pattern shows that even when no core system is compromised, marketing tools can be targeted after an employee is tricked by a phishing call, resulting in 900,000 customer records containing names and email addresses being exposed.
What Individuals Should Do
Check if your email appears in recent breach databases and immediately enable multi-factor authentication on all business and personal accounts. Begin shifting toward passwordless authentication, such as device trust, biometrics, and FIDO2 standards where available. Monitor your credit reports and financial accounts for unusual activity, particularly if you use benefits services like Navia or work for organizations using outsourced business services.
What Businesses Should Do
Conduct emergency audits of all third-party vendor access, particularly benefits administrators, business process outsourcers, and SaaS providers with privileged access to employee data. Invest in breach database monitoring to identify compromised accounts linked to your domain, limit privilege access and enforce strict session expiration policies, and conduct regular identity security audits. Review and strengthen your incident response procedures for vendor breaches, as these increasingly serve as entry points to your organization's data.