Published February 3, 2026 | ← Back to All Threat Intelligence
January 2026 was marked by a relentless wave of cyber attacks spanning cryptocurrency platforms, government agencies, healthcare networks, and major consumer brands. Ransomware attacks surged 30% compared to the same period last year, with 679 confirmed victims globally in January alone.
LastPass Fallout Continues (Jan 2): Cryptocurrency thefts traced back to the 2022 LastPass breach continued into 2026. Attackers have been slowly decrypting stolen vaults, extracting private keys and seed phrases, and draining wallets. Millions in crypto have been laundered through Russian-linked exchanges.
Illinois and Minnesota DHS (Jan 3-21): Two separate system failures at state Departments of Human Services exposed personal data of nearly one million residents, including Social Security numbers and healthcare information.
Trust Wallet (Jan 8): The cryptocurrency wallet platform experienced unauthorized access that exposed user transaction histories and wallet addresses. The breach affected users who had enabled certain third-party integrations.
Under Armour and Nike (Jan 15-22): Both athletic brands faced data exposure incidents within the same month. Under Armour's MyFitnessPal platform saw credential-stuffing attacks, while the WorldLeaks extortion gang claimed responsibility for a 1.4TB data theft from Nike's design and manufacturing systems.
Melwood (Jan 10): The nonprofit organization disclosed a ransomware attack that led to unauthorized network access and data exfiltration before encryption was deployed. The incident demonstrated how ransomware groups now routinely steal data before encrypting systems for double extortion.
Covenant Health (Jan 18): A healthcare network serving communities across the southeastern United States experienced a ransomware attack that disrupted patient scheduling and electronic health records for over a week.
Sedgwick Government Solutions (Jan 25): A government services contractor was hit by ransomware that disrupted claims processing operations. The incident raised concerns about the security posture of government service providers in the supply chain.
APT36 Campaign Against India: Pakistan-linked APT36 launched spear-phishing campaigns targeting Indian government, academic, and strategic institutions with remote access malware. The campaign demonstrated continued state-sponsored cyber espionage activity in South Asia.
Ransomware-as-a-Service Growth: Security researchers noted a significant expansion of RaaS platforms in January, with several new affiliate programs launching. The barrier to entry for ransomware operations continues to drop.
January's 30% surge in ransomware attacks is a clear signal that 2026 will be an aggressive year for threat actors. The attack on Sedgwick Government Solutions, a government contractor, demonstrates that the defense supply chain remains a high-value target. With CMMC Phase 2 approaching in November 2026, contractors must act now to understand their security gaps.
Start with a free gap assessment through the CGA CMMC Gap Assessment Grant program. 100 grants available on a first-come, first-served basis.
