• Northern Europe
• Europe
• Sweden
• Transportation
• Scania
• Hensi

Threat Actor Claims Breach of Scania’s Insurance Arm, 34,000 Files Allegedly Stolen

A threat actor using the alias "hensi" claims to have breached insurance.scania[.]com, a subdomain of Scania Financial Services, allegedly stealing 34,000 previously unpublished files. The breach, which reportedly targeted the Swedish manufacturer’s corporate insurance division, was announced on a forum on the dark web. Scania’s insurance services cover commercial vehicles—suggesting the stolen data may include sensitive customer and vehicle information, such as VINs. The targeted site is currently offline, citing maintenance, and Scania has yet to comment on the incident.

• Zoldyck
• Edf Energy
• Europe
• Critical Infrastructures
• United Kingdom

Threat Actor Claims Breach of UK-based EDF Energy

In June 2025, a threat actor named Zoldyck claimed to have breached EDF Energy Company and to have gained access to its database. According to the threat actor, over 12 million lines of data belonging to EDF's customers were taken, including sensitive information such as customer IDs, full names, dates of birth, national IDs, addresses, email addresses, phone numbers, and payment details.

• Retail
• Europe
• Coca-Cola Europacific Partners
• Ghna
• Food And Kindred Products
• United Kingdom

Coca-Cola Europacific Partners - Breach - 2025-05-22

On May 22, 2025, the threat actor Gehenna claimed responsibility for breaching Coca-Cola Europacific Partners’ Salesforce infrastructure, exfiltrating a substantial volume of business data. The breach reportedly includes over 75 million records spanning accounts, contacts, products, and customer service cases from 2016 to 2025, totaling more than 63 GB of sensitive CRM data. Gehenna, linked to previous incidents involving Samsung Germany and Royal Mail, is offering this data for sale, emphasizing the scale and commercial relevance of the compromised information.

• Zoldyck
• Europe
• Automotive
• Locauto
• Southern Europe
• Italy

Threat Actor Claims Breach of Locauto Rent

In June 2025, a threat actor named Zoldyck claimed to have breached LocautoRent, an Italian car rental company, and to have gained access to its database. According to the threat actor, approximately 850,000 unique records belonging to LocautoRent's customers were taken, including sensitive data such as customer IDs, tax IDs, names, addresses, emails, phone numbers, and payment methods.

• Spain
• Whitecoat
• Retail
• Mercadona
• Europe
• Southern Europe

Threat Actor Claims Breach of Mercadona's Home Brand - Hacendado

In June 2025, a threat actor named WhiteCoat claimed to have breached Mercadona's home brand Hacendado through a third-party vendor and to have gained access to its database. According to the threat actor, over 27 million unique users' data was taken, including full names, emails, hashed passwords, location data, purchase history, internal employee emails, operational logs, fragmented payment metadata, and tokens and access credentials.

• Deloitte
• Europe
• 303
• Business Services
• United Kingdom

Deloitte Reportedly Breached, Source Code and GitHub Credentials Leaked

A threat actor known as "303" claimed on the dark net forum "darkforums" to have breached "Deloitte," leaking GitHub credentials and internal source code from a "Deloitte" repository. A sample Git configuration file was posted, showing what appears to be access to a private GitHub project related to Deloitte’s U.S. consulting services. "Deloitte," headquartered in London, is one of the "Big Four" accounting and consulting firms, providing services in audit, tax, consulting, risk, and financial advisory across over 150 countries.