All news with #breach tag

HSE Offers €750 to Victims of 2021 Ransomware Attack

🔒 The Health Service Executive (HSE) has offered €750 to individuals whose personal data was exposed in the May 2021 Conti ransomware attack, plus an additional €650 toward legal costs. The intrusion began with a malicious Microsoft Excel file that bypassed outdated anti‑malware defenses, forcing a full IT shutdown and widespread disruption to hospital services. A later PwC review criticised the HSE's unpatched systems and frail infrastructure, while the organisation says it has found no evidence of fraud stemming from the breach after more than four years.

California Man Pleads in $263M Cryptocurrency Theft

🔒 Evan Tangeman, 22, has pleaded guilty to laundering proceeds from a sophisticated criminal network that stole roughly US $263 million in cryptocurrency. Prosecutors say the Social Engineering Enterprise was organised via online gaming connections and used hackers, impersonating 'callers', burglars and money launderers to seize and convert victims' crypto. Tangeman admitted converting about US $3.5 million and faces sentencing on April 24, 2026.

Streamlit Exposes Shadow AI Risks and Data Leaks at Scale

⚠️ UpGuard's analysis of Streamlit-hosted applications uncovered thousands of publicly accessible data apps that expose sensitive business and personal information. In October 2025 scans identified 14,995 unique IPs running Streamlit; after accounting for instances with authentication or errors, over ten thousand apps remained accessible without login. The report documents exposed PII and business intelligence dashboards and recommends practical controls: maintain an inventory of user apps, move sensitive workloads off the Community Cloud, and enable authentication by default.

Marquis Software Breach Impacts Over 780,000 Nationwide

🔒 Marquis Software Solutions confirmed a breach affecting more than 780,000 individuals after attackers exploited a SonicWall firewall vulnerability on 14 August. The company shut down affected systems and engaged external cybersecurity specialists; a late-October review found unauthorized actors copied files containing personal and financial data from certain business customers. Marquis is offering free credit monitoring and has implemented multiple security controls while its investigation continues, and it reports no evidence so far that the stolen data has been posted online.

Barts Health Seeks High Court Ban After Oracle EBS Breach

🔒Barts Health NHS Trust has applied to the High Court seeking an order to prevent the sharing, publication or use of data stolen from an Oracle E-business Suite database. A criminal group known as Cl0p posted compressed files on the dark web containing names, addresses and invoicing records relating to patients, suppliers and former staff. The trust says clinical systems and core IT infrastructure were unaffected and it is working with NHS England, the NCSC and law enforcement while notifying regulators.

Barts Health NHS Reports Data Theft via Oracle Zero-Day

🔒 Barts Health NHS Trust disclosed that the Cl0p ransomware group stole invoice data from an Oracle E-Business Suite database after exploiting a zero-day vulnerability (CVE-2025-61882). Stolen files include full names and addresses of payers, records of former employees with debts, supplier details, and accounting files relating to Barking, Havering and Redbridge University Hospitals. The trust says its electronic patient record and clinical systems were not affected, has notified the NCSC, Metropolitan Police and the ICO, and is seeking a High Court order while advising patients to check invoices and remain vigilant for suspicious communications.

Inotiv Discloses August Ransomware Breach Affecting 9,542

🔒 Inotiv, an Indiana-based contract research organization, disclosed an August ransomware attack that disrupted operations after networks, databases, and internal applications were taken offline. The company says it has 'restored availability and access' to impacted systems and is notifying 9,542 individuals whose information was stolen. The incident, dated to approximately August 5–8, 2025, was claimed by the Qilin ransomware group, which published alleged samples and asserted it exfiltrated roughly 162,000 files totaling about 176 GB, though Inotiv has not confirmed the specific data types or publicly attributed the attack.

Largest U.S. Telecommunications Hack: What Happened

🔐 On December 4, 2024, U.S. officials confirmed a widespread cyber-espionage campaign that targeted some 80 global telecommunications providers across dozens of countries. The intrusion has been attributed to a sophisticated nation-state actor tracked by Microsoft as Salt Typhoon (aka Ghost Emperor / FamousSparrow), with earlier links to LightBasin. A joint task force—Operation Enduring Security Framework—led by the NSA, Pentagon and CISA was created to contain and investigate the offensive.

Coupang Exposes 33.7M Accounts Due to Key Mismanagement

🔒 Coupang disclosed an unauthorized exposure affecting approximately 33.7 million user accounts, an incident investigators trace to long‑neglected token signing keys in its authentication infrastructure. Leaked records reportedly included names, email addresses, shipping address lists and some order details; payment and login credentials were not exposed. Authorities and a joint public-private investigation are probing the breach and potential regulatory violations, and a former authentication engineer is the prime suspect.

Contractors Accused of Wiping 96 Government Databases

🧾 Two Virginia brothers, former federal contractors Muneeb and Sohaib Akhter, have been charged with conspiring to steal sensitive data and deleting roughly 96 government databases after being fired. Prosecutors allege the deletions occurred in February 2025 and that Muneeb also stole IRS and EEOC information for hundreds of individuals. One minute after deleting a DHS database he reportedly asked an AI tool how to clear system logs. Authorities say the pair wiped devices, destroyed evidence, and face multiple federal charges including computer fraud and aggravated identity theft.

Post Office Avoids £1.1m Fine for Leak of 502 Postmasters

🔒 The Information Commissioner's Office found that an unredacted settlement document related to the long-running Horizon scandal exposed the names, home addresses and postmaster status of 502 litigants on the Post Office website between 25 April and 19 June 2024. The ICO considered a fine just under £1.1m but issued a reprimand under its public sector approach after concluding the breach was not 'egregious'. The regulator criticised the Post Office for lacking documented publishing policies, quality assurance and sufficient staff training; the organisation has offered compensation and 24 months of identity protection and taken steps to remove cached copies and strengthen controls.

Freedom Mobile Breach Exposes Customer Personal Data

🔒 Freedom Mobile detected a breach of its customer account management platform on October 23 after a third party used the account of a subcontractor to access customer records. The carrier says it blocked suspicious accounts and IP addresses and implemented corrective measures and security enhancements. Exposed data include first and last names, home addresses, dates of birth, phone numbers, and Freedom account numbers. Freedom reports no evidence so far of misuse and has urged customers to watch for phishing and check accounts for unusual activity.

Yearn Finance yETH Pool Exploited for $9M via Mint Bug

⚠️ A vulnerability in Yearn Finance's yETH pool allowed an attacker to mint an enormous amount of yETH and drain approximately $9 million in assets. Check Point Research (CPR) found that a desynchronization between the pool's main supply counter and its cached virtual balances (packed_vbs[]) enabled the exploit. The attacker used flash loans and repeated deposit/withdraw cycles to pollute cached balances, burned LP tokens to reset supply to zero, then deposited 16 wei to trigger faulty "first deposit" logic and mint inflated tokens, later converting stolen LSD assets to ETH and laundering funds.

University of Phoenix Discloses Data Breach After Oracle Hack

🔒The University of Phoenix disclosed a data breach tied to a zero-day flaw in Oracle E-Business Suite, saying it detected the incident on November 21 after the extortion group posted the university to its leak site. Phoenix Education Partners filed an SEC 8-K announcing the incident and an ongoing review. The university said attackers accessed names, contact details, dates of birth, Social Security numbers, and bank account and routing numbers for current and former students, employees, faculty and suppliers. Affected individuals will receive mailed notifications with next steps.

Korea Arrests Suspects Selling Footage from Hacked Cameras

🚨The Korean National Police arrested four suspects accused of hacking over 120,000 IP cameras in homes and businesses and selling stolen intimate footage on an overseas illegal adult website. Authorities say the suspects uploaded large volumes of voyeuristic content, identified dozens of victims, and have already arrested some buyers. Police are working with foreign investigators to locate site operators, notify victims, and pursue takedown and remedial actions. Victims were urged to reset passwords, disable unneeded remote access, and apply firmware updates to prevent further compromise.

FTC Settlement Requires Illuminate to Delete Student Data

⚖️ The FTC has proposed a settlement requiring Illuminate Education to delete unnecessary student data and strengthen its security program after a 2021 breach that exposed information for about 10.1 million students. The agency alleges failures including lack of access controls, storing data in plain text, weak patching, and misrepresenting encryption in contracts. The proposed order mandates data minimization, a public retention schedule, prompt breach reporting to the FTC, and will be open for 30 days of public comment; violations could trigger civil penalties.

Asahi Ransomware Attack Leads to Massive Data Breach

🔒 Asahi Group Holdings confirmed that a ransomware attack on 29 September, attributed to the Qilin group, resulted in a major data breach affecting over 1.5 million customers and roughly 275,000 employees and family members. The incident disrupted ordering, shipping and production systems across Japan and caused widespread product shortages. Asahi says it did not pay a ransom, has found no evidence the data has been posted publicly, and is strengthening its cybersecurity while notifying those impacted.

University of Pennsylvania Confirms Oracle EBS Data Theft

🔒 The University of Pennsylvania disclosed that attackers exploited a previously unknown Oracle E-Business Suite zero-day in August to obtain files containing personal information. In a notification filed with Maine's Attorney General, Penn said at least 1,488 individuals had data taken and warned the overall total may be larger. The university reported no evidence so far that the stolen information has been misused or published and has not publicly attributed the intrusion; the incident aligns with a broader campaign linked to the Clop ransomware group.

Coupang Data Breach Exposes 33.7 Million Customer Records

🔓 Coupang, South Korea's largest retailer, disclosed a data breach that exposed personal information for 33.7 million customer accounts. The company says the incident occurred on June 24, 2025, but was discovered and investigated beginning November 18, 2025. Exposed fields include full names, phone numbers, email and physical addresses, and order details; payment data and passwords were not affected. Coupang reported the incident to national authorities and warned customers to watch for impersonation attempts.

Coupang Confirms 33.7M Customer Records Exposed in Breach

⚠️ Coupang has confirmed unauthorized access to delivery-related personal information affecting an estimated 33.7 million customers, including names, email addresses and phone numbers. The company says payment details and login credentials were not accessed, and it has blocked the access route and strengthened internal monitoring. Seoul police have identified a suspect, believed to be a former employee who has left South Korea, and are analysing server logs while tracking an IP address tied to the incident.