Weekly Cybersecurity Digest [February, Week 4]
Posted on March 3, 2026
Dear Valued Clients,
Welcome to this week’s cybersecurity digest from Make Sense, your trusted partner in building measurable resilience across Europe’s rapidly evolving digital and financial ecosystems. February’s final week highlights a defining shift: supply-chain fragility, mass data exposure and structural DDoS pressure are reshaping Europe’s operational risk baseline.
From telecom and healthcare breaches to energy-sector vigilance and regulatory escalation, resilience now demands systemic oversight, vendor scrutiny and board-level accountability.
✅ Top Stories of the Week
i. ManoMano – Major Third-party Breach Exposes ~38M Customer Records
ManoMano disclosed a high-severity incident stemming from a compromised third-party customer support provider that exposed approximately 37.8–38 million customer records (names, email addresses, phone numbers, and support tickets). The breach underscores vendor/supply chain risk and prompts urgent phishing warnings across affected EU markets. [Read more via Bleeping Computer]
ii. Odido Hit by Mass Customer-Data Leak
Netherlands’ telco Odido saw stolen customer data published in waves after refusing to pay a ransom; initial leaks (c. 1M/day) escalated to multi-million-record dumps, including identity documents and IBANs. The case triggered a criminal probe and highlights the high impact of compromised CRM/CRM-like systems on telecoms. [Read more via Reuters]
iii. Massive Medical-Data Exposure in France Linked to Cegedim Santé Systems
France’s health ministry confirmed that administrative files and doctors’ notes for roughly 15 million patients, drawn from practices using Cegedim Santé software, were exposed after a breach discovered in late 2025 and reported publicly at the end of February. Authorities warn of serious privacy harms, and criminal proceedings are underway. [Read more via Anadolu Ajansı]
Action prompt: Map your software ecosystem dependencies – could one provider expose millions of data subjects simultaneously?
✅ Industry Trends & Insights
Sweden Raises Security Levels Across Energy Sector After Cyber Concerns
Sweden instructed energy companies to strengthen cybersecurity and operational protections following concerns linked to a cyber incident affecting infrastructure in the region. Nordic authorities are assessing potential foreign-linked risks, highlighting a growing focus on protecting critical energy systems from disruptive cyber and hybrid activities. [Read more via Reuters]
Vrije Universiteit Brussel Joins A Europe-wide Incident-reporting Project, INCIDENTRON
Vrije Universiteit Brussel announced it is contributing AI expertise to INCIDENTRON, an EU project aimed at simplifying and standardising cyber incident reporting and compliance. The initiative reflects an industry trend toward automated reporting, cross-border interoperability and AI-assisted incident handling across EU member states. [Read more via vub.be]
DDoS Attacks Are Now A Structural Threat Across Europe
New research from Link11’s European Cyber Report 2026 shows that Distributed Denial of Service (DDoS) attacks are no longer isolated incidents but a permanent burden on European digital infrastructure. Documented attacks rose 75 % in 2025, with multiple terabit floods and prolonged campaigns that exhaust defences, underscoring the need for continuous, automated resilience planning. [Read more via cybernewswire]
Insight: Continuous resilience planning – not reactive mitigation – is now essential for network-edge stability.
✅ Regulatory & Policy Updates
Germany Plans Expanded Powers to Disrupt Foreign Cyber Threats
On 27 February, Germany unveiled draft legislation granting authorities new powers to intervene in and disable malicious IT infrastructure linked to foreign cyber operations. The proposals include proactive threat hunting by the BSI and mandatory cooperation from digital service providers, signalling a stronger operational posture against state-linked and hybrid cyber threats. [Read more via Reuters]
IAPP Analysis – Practical Impacts of Proposed NIS2 / CSA2 Reforms on EU Organisations
Policy commentary published 2 March examines how the proposed NIS2 and Cybersecurity Act (CSA2) reforms will move cyber law from a technical checkbox to enterprise governance, increasing board accountability, audit readiness and harmonised incident reporting obligations across the bloc. Expect tighter compliance costs and more regulatory enforcement. [Read more via IAPP.org]
Consider: Are your board reporting structures aligned with the governance expectations emerging under NIS2 and CSA2?
✅ Cyber IQ Challenge + Proactive Security Hacks
Quick Quiz:
What is the most common systemic weakness revealed by this week’s major breaches?
A) Endpoint antivirus misconfiguration
B) Third-party and software supply-chain exposure
C) Physical data-centre intrusion
D) Insider credential theft
(Answer below)
Smart Security Moves of the Week:
Supply-chain resilience: Implement continuous vendor risk scoring rather than annual assessments.
Mass-leak readiness: Pre-build customer-notification templates and fraud-monitoring partnerships.
DDoS endurance: Shift from peak-capacity planning to sustained campaign resilience modelling.
Board alignment: Establish quarterly governance dashboards tracking NIS2 and CSA2 obligations.
Answer: B) Third-party and software supply-chain exposure.
✅ Conclusion
From mass third-party breaches and telecom data dumps to healthcare exposure and structural DDoS escalation, February’s final week reinforces a decisive trend: Europe’s cyber risk is systemic and interconnected. Regulatory reform, operational intervention powers and AI-driven reporting initiatives signal a shift toward coordinated governance and resilience.
Final reflection: If one supplier, CRM platform or software component failed tomorrow, would your exposure remain contained – or cascade across customers, regulators and markets?
At Make Sense, we translate intelligence into measurable defence, embedding vendor oversight, governance alignment and adaptive controls into every operational layer.
Stay secure,
The Make Sense SRL Team & CyberTania
