TL;DR
Nike is investigating a 1.4 TB data theft by the WorldLeaks group. Irish agri-trader J Grennan & Sons had operations crippled by Akira ransomware. A still-unidentified energy-sector breach exposed over 20 million records including bank IBANs. The common thread? All three were preventable with basic controls your business can implement this week.
Breach 1: Nike — 1.4 TB of Internal Files Leaked
What happened: Cybercrime group WorldLeaks publicly claimed to have stolen and leaked approximately 1.4 TB of internal data from Nike. The haul reportedly includes over 188,000 files covering product design, manufacturing processes, supply chain logistics, and operational information.
How bad: If confirmed, this is a supply chain intelligence goldmine for competitors and counterfeiters. Product roadmaps, factory specifications, and supplier relationships — all exposed. Nike is still investigating and has not confirmed the full scope.
How it could have been prevented: The attack vector is not yet public, but leaks of this size typically trace back to one of three failures: an unsecured cloud storage bucket, a compromised third-party vendor with excessive access, or credential theft without multi-factor authentication (MFA). Any of these is preventable with basic data classification and access controls.
Breach 2: J Grennan & Sons — Akira Ransomware Disrupts Operations
What happened: The Akira ransomware group targeted Irish agricultural trading company J Grennan & Sons, claiming to have exfiltrated sensitive financial records, invoices, and employee and customer personal data. The company confirmed the attack "significantly disrupted operations" and brought in external cybersecurity experts. While the company stated it is "reasonably confident" data was not accessed, Akira posted the firm on its dark web leak site and threatened to publish everything.
How bad: For a trading business, operational disruption means contracts stall, shipments don't move, and cash flow stops. Akira is a Ransomware-as-a-Service (RaaS) operation that typically demands six- and seven-figure ransoms from mid-market companies. The average ransomware attack now costs businesses nearly $5 million when you factor in downtime, recovery, legal fees, and reputational damage.
How it could have been prevented: Akira commonly gains entry via unpatched VPN appliances, RDP exposed to the internet, or phishing. Three controls would have dramatically reduced the risk: (1) MFA on all remote access, (2) 48-hour patching SLA for edge devices, and (3) offline, immutable backups tested quarterly.
Breach 3: Unnamed Energy Provider — 20+ Million Records
What happened: A threat actor on dark web forums claimed to possess over 1 TB of data from an energy-sector organization, allegedly containing more than 20 million individual records. The exposed data reportedly includes names, contact details, national identity numbers, energy contract information, and — critically — bank IBANs for some individuals.
How bad: Bank IBAN exposure turns this from a privacy incident into a direct financial fraud risk for affected customers. The organisation has not been publicly named, but the data volume suggests a major utility or energy retailer. Regulators in the EU and Australia treat IBAN exposure as a notifiable breach with potential fines up to 4% of annual turnover under GDPR or AU Privacy Act equivalents.
How it could have been prevented: Energy-sector breaches frequently originate from IoT and operational technology (OT) systems bridged to corporate networks without proper segmentation. If the attacker moved laterally from a smart-meter management system to the customer database, network segmentation alone would have contained the blast radius.
ISO 27001 SMB Starter Pack — $147
Threat intelligence is one thing — having the policies and controls to respond is another. Get the complete ISO 27001 starter kit for SMBs.
Get the Starter Pack →What Your Business Should Do This Week
1. MFA on everything remote (30 minutes). If you have RDP, VPN, or any remote access without multi-factor authentication, fix it today. Akira and most ransomware crews scan for exposed remote-access services as their primary entry vector. This is the single highest-ROI security control you can deploy.
2. Audit your third-party access (1 hour). Ask every vendor and contractor: what access do you have to our systems, and is it still necessary? Revoke anything unused. Require MFA for vendor accounts. The Nike breach — if vendor-related — follows a pattern where 61% of businesses suffered a supply chain breach in the last year.
3. Test your backups (1 hour). Not check that the backup job ran. Actually restore a file, a database, and a server from backup. If you can't restore from offline/immutable backups within your recovery time objective, you don't have backups — you have hope. Ransomware crews now target backup systems first.
4. Segment your network (start this month). If your OT systems, IoT devices, or guest Wi-Fi can reach your customer database, you have a flat network. The energy-sector breach is this year's reminder that lateral movement kills. Start with one VLAN separation this week.
FAQ
Q: We're a small business. Are we really a target?
Yes. 43% of data breaches involve small businesses. Ransomware groups actively target SMBs because they're less likely to have dedicated security staff and more likely to pay ransoms to restore operations quickly. Akira, the group that hit J Grennan & Sons, specifically hunts mid-market companies.
Q: How much does a breach actually cost?
IBM's latest Cost of a Data Breach report pegs the global average at $4.88 million per incident. For SMBs, the number is lower in absolute dollars but higher as a percentage of revenue — many don't survive. Downtime, forensic investigation, legal notification, regulatory fines, and customer loss compound quickly.
Q: What's the most important thing to do first?
Multi-factor authentication on all remote access, followed by offline backups. These two controls stop the majority of ransomware attacks before they become incidents.
Q: How do I know if my suppliers are secure?
Start with a simple vendor security questionnaire. Ask if they have MFA, how they handle your data, and when their last penetration test was. For critical vendors, request evidence — not promises.
Conclusion
Three breaches in one weekend. Three different industries. Three attack paths that converge on the same weaknesses: missing MFA, flat networks, and untested backups. The businesses that survive 2026's threat landscape aren't the ones with the biggest security budgets — they're the ones that do the basics consistently.
Don't wait until you're the headline.
Visit consult.lil.business for a free cybersecurity assessment and find out where your business stands before an attacker does it for you.
References
- Nike Probing Potential Security Incident as Hackers Threaten to Leak Data — SecurityWeek
- J Grennan & Sons Victim of Akira Ransomware Attack — Agriland
- The State of Ransomware 2026 — BlackFog
- IBM Cost of a Data Breach Report 2024
- Cybersecurity Statistics 2026 Report — ORDR
- 61% of Businesses Suffered a Supply Chain Breach — SupplyChainBrain
Qualified Triage
Need to prove security trust?
We verify authority first, minimise access, define scope, and help you collect evidence for insurers, customers, tenders, auditors, and AI governance reviewers.
Start Qualified Triage →