On April 22, 2026, a series of significant cybersecurity incidents disrupted critical infrastructure and major retail operations across Europe. The events, which occurred simultaneously throughout the morning, included a breach of Venice’s flood protection system, a massive data leak at fitness chain Basic-Fit, and unauthorized access to the logistics network of Inditex. Compounding these localized incidents, security researchers identified a widespread misconfiguration in Salesforce Experience Cloud environments that has potentially exposed sensitive corporate data globally.
In Italy, the Venice Experimental Electromechanical Module (MOSE) system, which manages 78 mobile barriers designed to protect the Venetian Lagoon from flooding, reported a breach of its primary control servers. According to the Venice Water Authority, the intrusion targeted the Supervisory Control and Data Acquisition (SCADA) systems responsible for barrier activation. While the physical integrity of the barriers remains intact, engineers transitioned the system to manual override protocols at 09:30 CET. Technical logs indicate the attackers utilized a zero-day vulnerability in a legacy SecureGate 200 VPN gateway to gain initial access to the internal network.
Simultaneously, Basic-Fit, Europe’s largest fitness chain, confirmed a data breach affecting its centralized member management platform. The company stated that unauthorized actors accessed a database containing the personal information of approximately 2.8 million members across the Netherlands, France, and Spain. Compromised data includes full names, email addresses, and masked International Bank Account Numbers (IBAN). Basic-Fit’s Chief Information Security Officer reported that the breach originated from a compromised third-party API integration used for membership processing, specifically targeting the MemberConnect v3.1 module.
In Spain, Inditex, the parent company of Zara, reported unauthorized access to its internal logistics and inventory management software, LogiTrack v4.2. The incident affected 14 distribution centers, leading to a temporary suspension of automated sorting systems for six hours. The company’s technical team identified that the breach occurred via a credential stuffing attack targeting administrative accounts. Inditex officials stated that while customer data was not accessed, the disruption caused a backlog in approximately 450,000 pending shipments scheduled for dispatch on April 22.
Parallel to these incidents, a critical security advisory was issued regarding a Salesforce misconfiguration impacting Experience Cloud sites running on the Spring 26 release. The vulnerability stems from improper settings in the Guest User Profile, which, if not correctly hardened, allows unauthenticated users to query internal database objects via the Salesforce Object Query Language (SOQL). Security firm CyberGuard reported that their scans on April 22 identified over 1,200 organizations with active misconfigurations, exposing internal records such as employee directories and contract metadata. Salesforce has not reported a breach of its own infrastructure but has urged administrators to review Secure guest user record access settings immediately. The European Union Agency for Cybersecurity (ENISA) has opened an investigation into whether these incidents are part of a coordinated campaign.