Instructure has confirmed that a criminal threat actor accessed Canvas user information and messages, while ShinyHunters claims a far larger education-sector data haul affecting millions of students, teachers, and institutions worldwide.
Trellix says attackers gained unauthorised access to part of its source code repository, but has found no evidence that its release pipeline was affected or that code was exploited.
Stargate has become the clearest warning flare in the AI boom, as Norway, Australia and a handful of hyperscalers turn the race for compute into a high‑stakes battle over who will own, power and ultimately control the global inference economy.
German insurance major HanseMerkur has been targeted by the Russia-aligned Dragonforce ransomware gang, which claims to have stolen 97GB of data. The attack on the €3 billion firm highlights the escalating threat of ransomware to the global financial services and insurance sectors.
Cyber News Centre's cyber update for 4th February 2026: German insurance giant HanseMerkur has reportedly been breached by the Dragonforce ransomware gang, a group with known alignments to Russia.
HanseMerkur, a major German insurance group with a history dating back to 1875 and annual revenues of €3 billion, is the latest major financial institution to be targeted by a significant ransomware attack. The company offers a wide range of insurance products, including health, travel, and property insurance, and has a significant presence in the European market.
Update: The Russia-aligned Dragonforce ransomware gang has claimed responsibility for a significant data breach at the German insurance giant HanseMerkur. The group, which has a history of targeting major Western corporations, posted its claims on a dark web leak site on February 3, 2026. Dragonforce alleges it has exfiltrated 97GB of sensitive internal data from the Hamburg-based insurer. The gang has a track record of high-profile attacks, including against major retailers like the UK's Marks & Spencer and the US department store chain Belk.
The attack on HanseMerkur underscores the persistent and escalating threat that sophisticated ransomware groups pose to the global financial services sector. While HanseMerkur has not yet officially confirmed the full extent of the breach, the public claim by a known threat actor is a serious development that puts the company and its partners on high alert. The incident serves as a stark reminder of the vulnerabilities within the insurance industry, a sector that holds vast amounts of sensitive customer and financial data, making it a prime target for cybercriminals.
Why it Matters: The targeting of a major European insurance provider like HanseMerkur by a Russia-aligned ransomware group has significant implications for the Australian market. Australian insurance and financial services companies, which are deeply integrated into the global financial system, face the same threat actors and attack methodologies. This incident is a clear signal that the insurance sector remains a high-value target for sophisticated ransomware operations. The potential for supply chain attacks, where partners and clients are affected, is also a major concern.
This breach highlights the critical need for robust cybersecurity defenses, proactive threat intelligence, and a comprehensive incident response plan. The success of such attacks, regardless of geography, emboldens threat actors and increases the risk for all organisations within the targeted sector. It is a reminder that in an interconnected world, a cyberattack on a major company in Germany can have ripple effects that are felt across the globe.
Get the stories that matter to you.
Subscribe to Cyber News Centre and update your preferences to follow our Daily 4min Cyber Update, Innovative AI Startups, The AI Diplomat series, or the main Cyber News Centre newsletter — featuring in-depth analysis on major cyber incidents, tech breakthroughs, global policy, and AI developments.
Instructure has confirmed that a criminal threat actor accessed Canvas user information and messages, while ShinyHunters claims a far larger education-sector data haul affecting millions of students, teachers, and institutions worldwide.
Trellix says attackers gained unauthorised access to part of its source code repository, but has found no evidence that its release pipeline was affected or that code was exploited.
The UK’s 2025/2026 Cyber Security Breaches Survey shows 43% of businesses and 28% of charities reported a cyber incident in the past year. The headline is not just persistence; it is operational exposure. Phishing remains the dominant route in, education is absorbing heavier pressure, and supplier-r
SAP npm packages poisoned with credential-stealing malware in "Mini Shai-Hulud" attack. Malicious preinstall hooks harvest GitHub tokens, cloud keys and CI/CD secrets. Attackers weaponise AI agent configs for persistence, turning Claude and VS Code settings into execution paths.
Where cybersecurity meets innovation, the CNC team delivers AI and tech breakthroughs for our digital future. We analyze incidents, data, and insights to keep you informed, secure, and ahead. Sign up for free!
