Mediaworks Kft (Hungary) — World Leaks data-theft extortion

incident · incident:mediaworks-hungary-2026

Coverage timeline

first 2026-05-06 → last 2026-05-10

Briefs

2 distinct

Sources cited

2 hosts

Sections touched

incidents, weekly_summary

Co-occurring entities

see Related entities below

2026-05-062 appearances2026-05-10

Story timeline

2026-05-10CTI Weekly Summary — 2026-W19 (May 04 – May 10, 2026)
weekly_summaryConsolidated in weekly summary for week 2026-W19
2026-05-06CTI Daily Brief — 2026-05-06
incidentsFirst coverage. World Leaks (rebranded Hunters International) claimed 8.5 TB exfiltrated; Mediaworks (Hungarian EU-member media conglomerate) confirmed incident; no technical vector disclosed; GDPR notification status unknown.

Where this entity is cited

incidents1
weekly_summary1

Source distribution

therecord.media1 (50%)
securityboulevard.com1 (50%)

Related entities

BKA + ZIT dismantle relaunched Crimenetwork darknet marketplace; German operator arrested in Mallorca on European Arrest Warrant (2026-05-08)
incidentincident:bka-crimenetwork-takedown-2026×1
Die Linke (Germany) — Qilin ransomware, 1.5 TB claimed, DPA notified (April 2026)
incidentincident:die-linke-qilin-2026×1
World Leaks — rebranded Hunters International; data-theft extortion without encryption
actoractor:WorldLeaks×1

All cited sources (2)

Items in briefs about Mediaworks Kft (Hungary) — World Leaks data-theft extortion (1)

Media and political (HU, DE)

From CTI Weekly Summary — 2026-W19 (May 04 – May 10, 2026) · published 2026-05-11 · view item permalink →

Two European political / media targets in the week: Mediaworks Kft (Hungary) — World Leaks claimed 8.5 TB of exfiltrated data including payroll, contracts, and internal editorial communications; Mediaworks confirmed "a significant amount of illegally obtained data may have come into the possession of unauthorized persons"; no public regulator notification announcement at window close (The Record, 2026-05-04 · daily 2026-05-06). Die Linke (Germany) — German federal political party confirmed Qilin ransomware encryption and 1.5 TB exfiltration; state DPA notified; no public ransom figure (heise online — covered in daily, 2026-05-08). Two distinct operators (data-theft-only WorldLeaks versus encrypt-and-exfiltrate Qilin), shared targeting of politically significant European entities. The defender lesson: data-theft-only operators defeat backup-centric ransomware defences entirely — effective detection requires egress monitoring and data-loss-prevention tooling capable of alerting on large-volume exfiltration before the attacker goes public on a leak site.