CoinbaseCartel Claims Data Breach of Dolby Laboratories in Latest Extortion Scheme A newly emerged cybercriminal group, CoinbaseCartel, has added Dolby Laboratories to its dark web leak site, alleging a data breach over Super Bowl weekend (February 2026). The U.S.-based audio technology giant, which reported over $1.3 billion in revenue in 2025 and employs 2,000+ staff, joins a growing list of high-profile victims, including SK Telecom (South Korea’s largest mobile carrier) and Desjardins Group (Canada’s largest financial services cooperative). Despite denying ransomware operations, CoinbaseCartel’s tactics password-protecting stolen data and extorting victims via a dark web blog align with traditional ransomware cartels. The group, first observed in September 2025, previously targeted SK Telecom, threatening to leak source code after the company refused negotiations. Researchers note that some victims listed by CoinbaseCartel overlap with those claimed by other ransomware gangs, suggesting possible data recycling. Unlike typical ransomware groups, CoinbaseCartel restricts access to stolen data, likely to showcase it exclusively to potential buyers either the victim or other cybercriminals. No samples have been released to verify the breach’s severity. The group’s emergence follows a broader trend of law enforcement crackdowns, including the FBI’s seizure of the RAMP dark web forum, which has fueled distrust among cybercriminals. Dolby Laboratories has not yet responded to requests for comment. The incident underscores the persistent threat of double extortion tactics, where attackers both encrypt data and threaten to leak it unless demands are met.

Montana AG Investigates Lee Enterprises Ransomware Attack Impacting 40,000 A ransomware attack on Lee Enterprises, a Davenport, Iowa-based media company, has prompted an investigation by Montana Attorney General Austin Knudsen. The breach, attributed to the Qilin ransomware group, compromised the personal data of nearly 40,000 employees and subscribers earlier this year. Lee Enterprises owns multiple newspapers in Montana, including the Helena Independent Record, Billings Gazette, Missoulian, and Montana Standard, as well as dozens of other publications nationwide. While the company has not publicly detailed the extent of the exposed data, the incident marks a significant cybersecurity failure for the media organization. The Montana AG’s office confirmed the investigation on Friday, though official details had not yet been posted on its website at the time of reporting. This follows a broader trend of escalating ransomware attacks, with 2023 seeing record-high incidents and payments, according to a FinCEN report. The breach adds to a growing list of cyber incidents in 2024, including a second data exposure in seven months at Methodist Homes of Alabama and Northwest Florida and a security lapse at Virginia Urology, where purported patient data began leaking online. Meanwhile, federal authorities secured a conviction against a Nigerian national for wire fraud, aggravated identity theft, and unauthorized computer access, underscoring the global reach of cybercrime. Lee Enterprises has not yet issued a public statement on the investigation’s status or remediation efforts.

Key Suspect in Desjardins Data Breach Arrested in Spain After 17-Month Manhunt Juan Pablo Serrano, a fugitive wanted in connection with the 2024 Desjardins data breach, was arrested in Spain on November 6, 2025, following a joint operation by Spanish authorities, Quebec provincial police, and Interpol. Serrano, 40, had been at large since June 2024 and was among Quebec’s most wanted individuals. Interpol issued a Red Notice for his arrest, enabling global law enforcement to track and detain him. He now faces extradition to Canada, where he will be charged with identity theft, fraud exceeding $5,000, and trafficking in identity information. Serrano is accused of purchasing stolen Desjardins customer data from Sébastien Boulanger-Dorval, a former Desjardins marketing employee, and using it to carry out fraud schemes. Boulanger-Dorval, 42, was arrested in 2024 and charged with fraud, identity theft, and the illegal sale of personal data—allegedly to settle debts. He was identified as the primary suspect in the breach, having exploited his access to sensitive information while employed at the financial institution.