676M Americans Exposed as Major Breaches Rock Security Networks

The past week witnessed unprecedented cyber attacks targeting critical infrastructure, with the Infutor data breach exposing 676 million American records and hackers penetrating FBI wiretap systems. These incidents represent a severe escalation in the sophistication and scale of nation-state cyber operations.

Critical Infrastructure Under Siege

The week of March 12-19, 2026, marked a watershed moment for North American cybersecurity, as threat actors exposed over 676 million American consumer records through the Infutor data breach and compromised FBI surveillance systems used to manage wiretaps and foreign intelligence surveillance warrants. These attacks demonstrate an alarming escalation in both the scale and sophistication of cyber threats targeting essential infrastructure.

676.8M

Records Exposed

Major Incidents

Critical

Threat Level

Infutor Breach: Largest Consumer Data Exposure of 2026

On March 8, 2026, a threat actor known as Spirigatito posted claims on BreachForums alleging a massive dataset from Infutor.com had been leaked. The breach reportedly affects 676,798,866 unique American citizen records, making it potentially the largest consumer identity exposure in history. SOCRadar discovered the misconfigured Elasticsearch database on March 3, 2026, exposed to the public internet without authentication, containing 91.7 gigabytes of data.

Each record includes full names, complete Social Security numbers, dates of birth, address histories, and phone numbers. Complicating the situation, Infutor was acquired by Verisk Marketing Solutions in 2022, which was then acquired by ActiveProspect in January 2026, creating additional uncertainty around data ownership and breach response responsibilities.

FBI Systems Compromised

On February 17, 2026, the FBI flagged irregular network activity that led to its Digital Collection System Network, containing sensitive data related to court-authorized wiretaps, pen registers, and FISA warrants. The breach occurred through a vendor's internet service provider, bypassing direct FBI defenses entirely.

U.S. investigators suspect Chinese government-affiliated hackers are responsible for the breach, though it remains unclear whether this was the Salt Typhoon group or a different actor. The White House, DHS, and NSA have joined the investigation, indicating the severity of the incident.

Organisation	Sector	Records	Type	Severity
Infutor	Data Analytics	676.8M	Elasticsearch Misconfiguration	Critical
FBI	Law Enforcement	Classified	Supply Chain Attack	Critical
AkzoNobel	Manufacturing	170K Files	Ransomware (Anubis)	High
Kaplan Inc	Education	193K	Network Intrusion	High
Loblaw Companies	Retail	Unknown	Network Breach	Medium

Additional High-Impact Incidents

AkzoNobel became victim of a ransomware attack by the Anubis group, compromising 170GB of data including confidential client agreements, passport details, and technical specifications. Kaplan Inc disclosed a breach affecting between October 30 and November 18, 2025, with 193,676 records exposed containing names, Social Security numbers, and driver's license numbers.

Breach Impact by Sector

Data Analytics

95%

Law Enforcement

85%

Manufacturing

65%

Education

55%

Retail

35%

Nation-State Escalation

The Chinese government hacking group Salt Typhoon has previously broken into at least 200 U.S. companies, including telecommunications providers AT&T, Verizon, Lumen, Charter Communications, and Windstream. Chinese intelligence services have now potentially compromised wiretap infrastructure at both private telecoms and the FBI itself, systematically mapping who the U.S. government is watching.

In a positive development, law enforcement successfully shut down the LeakBase cybercrime forum, which had approximately 140,000 users and facilitated the distribution of stolen credentials since 2021.