The Data Breach Brief: Week of March 4th, 2026

The following data breaches have been announced this week—make sure you’re in the know.

If you received a data breach notice regarding any of the breaches listed below, act now and take Morgan & Morgan’s data breach quiz to see if you may be eligible for compensation.

CarGurus

CarGurus reported to have suffered a data breach in February 2026, when the ShinyHunters hacking group, known for high-profile extortion operations, gained access to its networks, exposing sensitive personal information tied to tens of millions of users. The compromised data set reportedly includes a range of personal and account-related details, such as:

• Full names
• Email addresses
• Physical residential addresses
• Phone numbers
• IP addresses
• User account identifiers
• Finance pre-qualification application data
• Dealer account and subscription information

Madison Square Garden Entertainment

Madison Square Garden Entertainment Corp. suffered a data breach in  August 2025 after attackers exploited vulnerabilities in its Oracle E-Business Suite environment, gaining unauthorized access to company systems and exposing sensitive personal information belonging to current and former employees, contractors, and vendors. The incident reportedly compromised highly sensitive employment and identity-related data, including:

• Full names
• Home addresses
• Dates of birth
• Social Security numbers
• Driver’s license or state identification numbers
• Financial account information used for payroll
• Tax-related employment records
• Internal employee identification numbers

The breach potentially affects individuals connected to MSG Entertainment properties and productions, including Madison Square Garden, Radio City Music Hall, Beacon Theatre, The Chicago Theatre, The Theater at Madison Square Garden, and the Christmas Spectacular Starring the Radio City Rockettes.

University of Hawaiʻi Cancer Center

The University of Hawaiʻi Cancer Center reported to have suffered a data breach in February 2026 after a ransomware attack on its epidemiology division first detected in August 2025, when threat actors gained access to its systems and potentially exfiltrated sensitive personal information tied to approximately 1.2 million individuals. The compromised data set reportedly includes a range of personal and research-related details, such as:

• Full names
• Social Security numbers
• Driver’s license numbers
• Voter registration records
• Decades-old health and research study information
   

North East Medical Services

North East Medical Services (NEMS) recently suffered a data breach on October 19, 2025, when an unauthorized third party gained access to certain data stored on partnering vendor United Layer's network. The exact personal information potentially exposed has not been made publicly available, leaving patients without an understanding of their risk, but could include:

• Personally identifiable information (PII)
• Protected health information (PHI)

WIRX Pharmacy

WIRX Pharmacy recently suffered a data breach on or around December 7, 2025, when an unauthorized party accessed and copied certain information from its network. The data breach involves sensitive confidential information, including:

• Full Name
• Social Security Number
• Financial Account Information

If you or a loved one were affected by any of these data breaches, you may be entitled to compensation. Find out more in minutes with our online data breach quiz.