March 2026 Cybersecurity Round-Up

By Editorial Team | April 8, 2026

The March 2026 Cybersecurity Round-Up covers the final month of the first quarter, a period that saw plenty of noteworthy cybersecurity attacks and breaches. While geopolitics continued to grab the major headlines, with attacks related to the ongoing Middle East conflict, there were also many other significant incidents that offered valuable lessons. Here’s a big-picture view of what was worth paying attention to in cybersecurity throughout March 2026.

Cyberattacks in March 2026

Ajax FC Data Breach

On March 25th, 2026, Dutch football club AFC Ajax published a press release stating the club suffered a breach that exposed personal data linked to roughly 300,000 fans. The dataset reportedly included names, email addresses, and other account-related information, creating a sizeable pool for follow-on attacks.

While the individual records may appear to be low in sensitivity, the scale and context make this far more impactful. Football clubs sit at the intersection of large, loyal user bases and high brand trust, which increases the effectiveness of phishing and social engineering campaigns that might follow.

What’s notable here is the continued targeting of non-traditional sectors with high-volume identity data. There’s also a secondary risk in how breaches like this expose fan engagement platforms, ticketing systems, and partner ecosystems, which can be leveraged in subsequent attacks.

St Anne’s Catholic School Cyber Attack

The BBC reported a March cyberattack on St Anne’s Catholic School in Southampton, UK, that disrupted access to IT systems, affecting staff operations and student learning. While details on the attacker remain limited, the incident reflects a broader pattern of opportunistic targeting of educational institutions.

The immediate impact was operational: systems unavailable, staff unable to access resources, and normal school activities interrupted.

Schools typically operate under difficult cybersecurity constraints:

Limited internal security expertise
Shared or legacy systems
Broad access across staff and students

Schools operating under challenging cybersecurity conditions are good candidates for third-party cybersecurity support. The stakes are too high, and schools are an easy target for threat actors.

Stats South Africa Ransomware Attack

Statistics South Africa confirmed a ransomware attack involving both data exfiltration and ransom demands. The attackers claimed to have accessed sensitive datasets, raising concerns about both data integrity and public trust.

While attribution remains unclear, ransomware groups targeting public sector bodies often pursue a dual objective:

Financial gain through extortion
Reputational impact through exposure or disruption

In this case, the implications go beyond the organisation itself. National statistics agencies underpin things like economic reporting, policy decisions, and public trust in official data.

Disruption or manipulation here introduces second-order effects. Even the perception of compromised data can undermine confidence in outputs. Public sector organisations remain particularly exposed due to:

Complex environments
High-value datasets
Slower response and recovery cycles
Top cybersecurity talent being wooed by larger salaries in private sector companies

AkzoNobel Ransomware Attack

Dutch paint company AkzoNobel was targeted by the Anubis ransomware group, which claimed responsibility for the March 2026 attack and threatened data exposure. The Anubis group is an interesting player in the ransomware ecosystem, with a notable quirk: a built-in wiper capability within its ransomware. We covered another major wiper-based cyberattack from this month involving Stryker.

This built-in wiper tactic aims to add pressure to victims of ransomware attacks to pay up and avoid the risk of having their valuable data permanently destroyed. It’s worth noting that the company initially said the attack was quite limited in scope. However, on March 5th, 2026, hackers from Anubis posted on their leak site that they had obtained up to 170 gigabytes of highly sensitive data, including NDAs and internal financial reports.

French Education Ministry Data Breach

The month concluded with news of a breach affecting the French Ministry of Education. The breach exposed data linked to approximately 243,000 staff members through an internal information system.

The scale and nature of the breach point to challenges in managing centralised identity systems across large, distributed organisations.

Education ministries have complex IT environments with:

Large numbers of users
Varying levels of access
Decentralised administration

This creates inherent difficulty in maintaining consistent access control and visibility. The impact here is less about immediate disruption and more about long-term exposure.

Staff data can be used for:

Targeted phishing campaigns
Credential-based attacks
Lateral movement into connected systems

What’s notable is how data breaches can sometimes act as staging points, rather than end goals.

Key CVEs in February 2026

Conclusion

Aside from the ongoing geopolitical issues, March 2026 demonstrated how broadly cyber risk now cuts across sectors. The common thread this month was a focus on data, access, and operational continuity. Wherever organisations are in their cybersecurity journey, understanding these patterns is increasingly critical to managing risk effectively, DIESEC can help with a range of services, including dedicated SME cyber solutions, phishing simulations, consulting, and more.
Contact us now to discover how we can strengthen your cybersecurity posture.

Posted in DIESEC™ and tagged cyber risk, cybersecurity news, data breaches, education cybersecurity, identity security, March 2026 cybersecurity, public sector cybersecurity, ransomware attacks, threat landscape