may-2026
Safeguard articles tagged "may-2026" — guides, analysis, and best practices for software supply chain and application security.
4 articles
Carnival Data Breach (May 2026): 5.99M Records Lost via Salesforce Social Engineering
Carnival confirmed a breach affecting nearly 6 million people on May 28, 2026, after an attacker socially engineered an employee into granting access to its IT environment. Here is the verified chain and what defenders should do.
Instructure Canvas Breach (May 2026): Up to 275M Records and a Quiet Settlement
ShinyHunters claimed 3.65 TB and 275 million records from Instructure's Canvas LMS across ~9,000 schools. Instructure confirmed names, emails, student IDs, and user messages were taken, then reportedly paid to make it stop.
Odido Telecom Breach: 6.2M Dutch Customers, Salesforce, and No Compensation (May 2026)
Odido, the Netherlands' largest mobile operator, exposed 6.2 million customers' data, including IBANs and ID details, via a vishing-driven Salesforce intrusion. In May 2026 the company ruled out compensation as mass claims mounted.
Škoda Auto Online Shop Breach (12 May 2026): An E-Commerce Software Flaw and the Credential-Reuse Tail
Škoda Auto disclosed on 12 May 2026 that attackers exploited a vulnerability in its German online shop to steal customer names, contact details, order data, and login credentials. The card data was safe; the credentials are the part that keeps paying out.