Litany Of The Hacked: March 2026 Round-Up

No joke, folks -- time for the litany of the hacked!

The litany of the hacked is our listing for each known/reported hack in the previous month. The point of the litany is not shame but awareness-raising that, well, these sorts of things happen.

And so, the litany of the hacked for March 2026. Unfortunately we have a lot of new members of the litany, and to a significant extent this happened because of military actions in the Persian Gulf. You can be positive that there is no reason to think that cybersecurity is going to get easier from here on out.

As Megi Benia puts it on her blog:

Deterrence assumes identifiable actors, clear intent, and thresholds that trigger response. Iran’s use of ransomware deliberately undermines all three:

- Attribution is blurred through proxies and criminal partnerships

- Intent is dual-use, combining profit, disruption, and signaling

- Activity remains below the threshold of armed attack

The implication is not just tactical but strategic. If ransomware can be repurposed as a state-aligned tool of coercion that operates in the gray zone, then traditional deterrence frameworks are insufficient.

The litany now includes:

the Firefox browser (though in mitigation this was an invited attack, more like hygiene than hack), the personal email account for the Director of the FBI (see Brendan's post on this), the European Commission's cloud account, Microsoft's 365 platform, Stryker Medical, Foster City (CA), Intoxalock (car breathalyzer firm), Uyghur Post, AstraZeneca, Lockheed Martin (allegedly), Navia, Crunchyroll, Mazda.

One of our cybersecurity gurus, James Azar, noted that attackers are becoming more patient in exploiting weaknesses: a lot of cyber-defenders wait until they are attacked before they do something. In this we agree with Eric Cole: defense inaction due to apparent lack of hostile action is a well-known cybersecurity problem. Your problem. You.

As James recently put it: “The response, as always, comes back to fundamentals executed with urgency and discipline: identity control, supply chain validation, behavioral detection, segmentation, and patch velocity. These aren’t aspirational controls. They are the difference between organizations that absorb these attacks and those that become the next case study. Know which one you want to be.”

Well? Which one do you want to be? And how did the discussion with the board go when you said you were willing to absorb attacks?

Ask us how you can pivot from defending your perimeter to creating a proactive from-within defense.

(image credit: Christinelmiller, CC BY-SA 4.0 <https://creativecommons.org/licenses/by-sa/4.0>, via Wikimedia Commons)