The short month of February saw a major influx of new cybersecurity news for 2026, from major breaches resulting in multiple lawsuits to several regulatory changes in cyber incident reporting, the second month of the year has demonstrated that the momentum seen in January has continued. SWK Technologies has put together this Recap to feature the top security stories from February 2026 and help keep you up to date on the latest developments that could impact your cyber defense strategies:
Panera Bread Sued over Data Breach Published by Hackers
Restaurant chain Panera Bread faces multiple class action lawsuits following a January 2026 data breach that exposed personal information for 5.1 million customer accounts. The ShinyHunters hacking group claimed responsibility for the attack, after publishing a 760 MB archive of the stolen data in retaliation for Panera refusing their ransom demand, which included customer names, email addresses, phone numbers and physical addresses. Multiple suits have been brought against the company, with plaintiffs accusing Panera of failing to adequately protect their data in the wake of earlier cyber incidents. The last incident resulted in a $2.5 million settlement with affected parties, with the final fairness hearing held on January 29, 2026.
Ransomware Attack on NJ-based Company Exposed Millions Across U.S.
Conduent, a technology contractor based out of New Jersey, is facing the fallout of a ransomware attack that occurred between October 2024 and January 2025, with at least 10 class action lawsuits filed against the company as of February 2026 and Texas Attorney General Ken Paxton launching an investigation into the incident, stating it could potentially rank among the largest healthcare data breaches in U.S. history. The breach, claimed by the SafePay group, includes the names, dates of birth, Social Security numbers, medical records, health insurance details, treatment information, provider names, dates of service and claims data of a suspected 25 million affected parties. The NJ-based company provides critical backend systems for clients nationwide, handling Medicaid claims, processing public assistance payments, managing toll systems and administering benefit programs across 46 states. SafePay threatened to publish approximately 8.5 TB of stolen data after Conduent reportedly refused ransom demands, though the company has not disclosed whether any payment was ultimately made.
HIPAA Breach Notification Update Deadline for February 2026 Passes
The Department of Health and Human Services’ Office for Civil Rights (OCR) announced on Feb. 13, 2026, that it launched its Civil Enforcement Program for Confidentiality of Substance Use Disorder (SUD) Patient Records, making enforcement of 42 CFR Part 2 an agency priority as of February 16, 2026. The action follows a final rule published February 8, 2024, that revised Part 2 regulations to align them more closely with HIPAA. Entities subject to Part 2 were required to update their notices of privacy practices to explain permitted uses and disclosures of substance use disorder records, describe patients’ legal rights, outline how limits on SUD records differ from HIPAA, and clarify restrictions on use of SUD records in legal proceedings. HIPAA-covered entities that receive or maintain Part 2 records must also include language in their notices limiting redisclosure of those records for legal proceedings in accordance with Part 2 standards.
Senator Accuses AT&T and Verizon of Blocking Report on Chinese Cyber Spies
Senator Maria Cantwell called for the CEOs of AT&T and Verizon to appear before Congress on February 3, 2026, claiming both telecommunications companies are blocking release of critical security assessments related to previous Salt Typhoon cyber attacks. The primary incident in question, attributed to Chinese state-sponsored hackers, infiltrated U.S. telecommunications networks in what may have been as one of the worst telecom hacks in U.S. history. Both AT&T and Verizon confirmed to Cantwell that Mandiant conducted security assessments documenting vulnerabilities and corrective actions taken following the breach. When Cantwell requested copies of these reports directly, the cybersecurity firm declined to provide them, apparently at the discretion of their clients. Cantwell cited testimony from experts indicating that some telecommunications providers have been slow to invest in network protections because of the costs of upgrading legacy infrastructure, putting their customers at risk of continued exposure.
CISA Hosts Town Halls with Industries to Decide CIRCIA Changes
The Cybersecurity and Infrastructure Security Agency announced a series of virtual town halls beginning March 9, 2026, to gather stakeholder feedback on the Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA) rulemaking. CISA selected the town hall approach to allow broad stakeholder participation across the 16 critical infrastructure sectors while maintaining a transparent public record. Each sector-specific session combines several related areas, with Chemical, Water and Wastewater, Dams, Energy and Nuclear Reactors scheduled for March 9, followed by Commercial Facilities, Critical Manufacturing and Food and Agriculture on March 12. Emergency Services, Government Facilities and Healthcare and Public Health sectors meet March 17. Communications, Transportation Systems and Financial Services gather March 18, with Defense Industrial Base and Information Technology scheduled for March 19. CISA will hold two general town halls open to all sectors on March 31, 2026, and April 2, 2026.
Substack Alerts Users of Past Breach after Data Posted on Dark Web
Newsletter platform Substack disclosed a security incident on February 5, 2026, that exposed email addresses, phone numbers, and internal metadata for approximately 663,000 to 697,000 users. The breach occurred in October 2025 but remained undetected until February 3, 2026, giving the unauthorized party approximately four months of access before discovery. A threat actor using the handle “w1kkid” posted the stolen dataset on BreachForums, claiming responsibility for obtaining the data through scraping techniques. The leaked data includes full names, email addresses, phone numbers, user IDs, third-party payment processor IDs, profile pictures, biographies, account creation dates and social media handles.
Keep Up with the Latest Cybersecurity News in 2026
From shifting regulatory and insurance expectations to evolving threat actors and hacking methodologies, cybersecurity in 2026 will continue to transform and present new challenges for your business. SWK Technologies stays on top of these developments to ensure our customers are prepared to adjust security and compliance measures as needed, and have the resources and knowledge needed to adapt to the continually changing landscape.
Contact SWK here to learn more about how we can help you protect your critical systems and data against today’s most pressing threats.