< ciso
brief />
Tag Banner

All news with #breach tag

207 articles

Alleged Scattered Spider member extradited to U.S.

πŸ”Ž A 19-year-old dual US-Estonian citizen, Peter Stokes, was extradited from Finland to the United States to face charges alleging membership in the Scattered Spider hacking collective. He is accused of participating in multiple intrusions and extortion schemes, including a March 2023 breach and a May 2025 attack on a multibillion-dollar retailer that led to over $2 million in losses. Stokes faces charges of fraud, conspiracy, and computer intrusion and has appeared in federal court in Chicago.
read more β†’

Teen Allegedly Linked to Scattered Spider Extradited

πŸ“° The US Justice Department announced the arrest and extradition of 19-year-old dual US-Estonian citizen Peter Stokes from Finland in April, with charges unsealed on June 30. He faces conspiracy, computer intrusion and fraud counts tied to alleged membership in the Scattered Spider hacking group. Authorities say the group conducted over 100 intrusions, netting $100m+ in ransoms and causing millions in damages. Stokes is accused of targeting a luxury jeweller and attempting an $8m extortion that resulted in $2m+ losses for the firm.
read more β†’

Aflac Japan Confirms Major Customer Data Breach

πŸ›‘οΈ Aflac Japan disclosed a data breach after an unauthorized third party accessed systems between June 15 and June 25. The company reported that impacted files may include policy and coverage details, personal data, and bank account information, and said US systems were not affected. Some customer services were taken offline while calls and other channels continue to support claims. Authorities have been notified and no misuse has yet been confirmed.
read more β†’

Aflac Japan breach exposes policy and bank data

πŸ”’ Aflac disclosed that attackers accessed systems at its wholly owned Japan subsidiary between June 15 and June 25, 2026, prompting suspension of certain systems while operations continue. The insurer is working with external cybersecurity experts, has notified Japanese regulators, and will inform affected individuals. Aflac said U.S. systems were not accessed and the full scope of the incident remains under investigation.
read more β†’

Two Scattered Spider members plead guilty in TfL hack

πŸ”’ Two members of the Scattered Spider collective admitted launching a cyberattack against Transport for London that caused extensive disruption and financial losses. Thalha Jubair and Owen Flowers changed their pleas to guilty at Woolwich Crown Court, with sentencing set for July 22. The breach affected in-station systems and online services, forced password resets for 28,000 staff, and exposed millions of personal records. Investigations by the National Crime Agency and City of London Police linked seized devices and messaging evidence to the attack.
read more β†’

KDDI Breach Exposes Millions of Japanese Email Accounts

πŸ“§ KDDI has confirmed an unauthorized intrusion into an email system it provides to several Japanese ISPs, potentially exposing up to 14.22 million email addresses and passwords. The incident, detected on June 17, affected customers across multiple providers, including JCOM, Nifty, Biglobe and others. KDDI said the attacker likely exploited a vulnerability in third-party software and has implemented technical countermeasures. The company is collaborating with affected ISPs and authorities and has urged users to change their passwords.
read more β†’

Tata Electronics Confirms Cyberattack, Data Leaked

πŸ”’ Tata Electronics confirmed a cybersecurity incident that affected parts of its IT infrastructure but said operations continued normally and remained unaffected. The company said response protocols were deployed immediately after detection. The disclosure responds to claims by the World Leaks group, which posted directories and documents allegedly containing manufacturing data for Apple products. BleepingComputer has contacted Apple for comment about potential exposure of proprietary data.
read more β†’

Two Teens Linked to Scattered Spider Plead Guilty

πŸ”’ Two British teenagers have pleaded guilty after hacking Transport for London (TfL) between 31 August and 3 September 2024, the National Crime Agency (NCA) reports. Members of the Scattered Spider collective, Thalha Jubair, 20, and Owen Flowers, 18, caused Β£29m in losses and disruption to TfL systems, including customer refunds and Oyster photocard services. Flowers was arrested early September 2024 with digital evidence linking him to TfL and US healthcare breaches; Jubair faces broader charges alleging dozens of intrusions and extortion schemes. Both admitted guilt at Woolwich Crown Court on 22 June and will be sentenced on 16 July.
read more β†’

Texas license vendor breach exposes 3M+ records

πŸ”’ The Texas Parks and Wildlife Department disclosed a breach at its external license system vendor that exposed personal information for 3,087,721 hunting and fishing license customers. The Texas Cyber Command discovered the intrusion and confirmed no Social Security numbers, dates of birth, or financial data were affected. Exposed fields may include driver’s license data, passport numbers, emails, phone numbers, and residential addresses. TPWD is working with the vendor on enhanced safeguards and offering affected individuals one year of free credit monitoring.
read more β†’

Fortibleed campaign exposes 75,000 Fortinet firewalls

πŸ”’ Researchers have uncovered a large credential-compromise campaign called Fortibleed that exposed tens of thousands of Fortinet FortiGate devices worldwide. Analysis by SOCRadar, Hudson Rock, and independent researchers found stolen configuration files, administrator and SSL VPN credentials, and tooling used to automate collection and cracking. Affected devices span 194 countries, with roughly 75,000 devices reportedly compromised, prompting urgent remediation advice including credential rotation and upgrading to modern FortiOS hashes.
read more β†’

Nottingham University student-records breach affects 454,600

πŸ”’ The University of Nottingham confirmed a cyber incident that exposed a significant amount of student record data, affecting current students and alumni. The university reported the breach to the Information Commissioner's Office and Action Fraud and is working with the platform vendor on a forensic investigation. The ShinyHunters extortion group has claimed responsibility and posted an archive they say contains finance, payment, personal and academic data from multiple campuses.
read more β†’

SoFi Hong Kong confirms third-party data breach

πŸ”’ SoFi Hong Kong reported a third-party data breach after detecting unauthorized access to a vendor-hosted database on April 30, 2026. The company engaged a third-party cybersecurity firm and is investigating while notifying affected customers. SoFi has not disclosed the vendor identity, the number of impacted customers, or the exact data exposed. Customers were advised to monitor accounts, enable two-factor authentication, and take extra precautions.
read more β†’

WFP registration breach exposes Gaza household data

⚠️ The United Nations World Food Programme (WFP) confirmed a breach of its Palestine self-registration application (SRA) that exposed beneficiaries' personal data across the Gaza Strip, including names, ID numbers, phone numbers, and neighborhood locations. The SRA has been temporarily suspended while WFP implements urgent security improvements and investigates the incident. The organization warned recipients to be cautious of impersonation or phishing attempts and said assistance programs will continue as normal for registered beneficiaries.
read more β†’

Dutch police arrest suspect in Ajax app hack

πŸ”’ Dutch police arrested a 35-year-old suspect in Buren for allegedly accessing Ajax football club IT systems, after vulnerabilities in the official Ajax app exposed supporter data. The breach, initially described as affecting a few hundred fans, may have put around 300,000 registered supporters at risk, including email addresses and ticket information. The flaw also allowed manipulation of the club's ban list, potentially harming innocent people, and Ajax says it has patched the vulnerabilities with external help.
read more β†’

Romanian sentenced for hacking Oregon government network

πŸ”’ A Romanian national was sentenced to 56 months in federal prison after pleading guilty to aggravated identity theft and unauthorized access to an Oregon state government computer network. The 46-year-old, known online as "inthematrixl," also sold access and stolen personal data from other U.S. victims, causing at least $250,000 in losses. Authorities coordinated internationally to arrest and extradite him, and the court ordered forfeiture of cryptocurrency and supervised release.
read more β†’

Dutch police arrest suspect in Ajax football hack

πŸ”’ The Dutch National Police arrested a 35-year-old man from Buren suspected of multiple unlawful intrusions into AFC Ajax's computer systems earlier this year. The intrusions allowed access to data belonging to a few hundred individuals, modification of fewer than 20 stadium bans, and reassignment of purchased tickets. Ajax patched the exploited vulnerabilities, reported the breach to the Dutch Data Protection Authority and police, and the investigation remains ongoing.
read more β†’

Canadian Arrest Over KimWolf DDoS Botnet Operations

πŸ” Canadian and U.S. authorities arrested 23-year-old Jacob Butler (aka "Dort") in Ottawa under an extradition warrant after unsealing a criminal complaint in the District of Alaska linking him to the KimWolf DDoS botnet. Investigators tied Butler to the botnet through IP address logs, transaction records, and online messages, and he now faces a charge of aiding and abetting computer intrusions with a potential 10-year sentence. KimWolf operated as a DDoS-for-hire service that enslaved nearly two million devices and powered attacks up to nearly 30 Tbps, causing substantial global disruption and financial losses.
read more β†’

GitHub Confirms Major Breach of 3,800 Internal Repos

⚠ GitHub confirmed attackers exfiltrated code from roughly 3,800 internal repositories after a compromised employee device and a poisoned VS Code extension were used to gain access. The company detected and contained the compromise on May 19, removed the malicious extension, isolated the endpoint, and began incident response. A threat actor calling itself TeamPCP posted lists of stolen repos and claimed responsibility, threatening to leak the data if not sold. GitHub is rotating secrets, analyzing logs, and said it will publish a full incident report when investigations conclude.
read more β†’

Grafana breach traced to missed GitHub token rotation

πŸ” Grafana confirmed its recent data breach stemmed from a single missed GitHub workflow token that was exfiltrated after malicious TanStack npm packages executed in its CI/CD environment. The company detected the intrusion on May 1, rotated most tokens, and launched its incident response, but one token was overlooked and allowed attackers repository access. Grafana says source code wasn't altered and no customer production systems were impacted.
read more β†’

FBI Issues Advisory After ShinyHunters Breach of Canvas LMS

⚠️ The FBI's IC3 issued an advisory on 15 May 2026 about the ShinyHunters extortion gang breaching an online learning management system used by US educational institutions. Although the advisory avoided naming the vendor, reporting and Instructure's confirmation made clear Canvas was affected and the company reportedly paid a ransom after receiving alleged 'shred logs'. The FBI warns victims not to engage with extortionists, enable multi‑factor authentication, and remain vigilant against phishing, harassment, and swatting; students and staff should assume their data may be exposed and await official guidance.
read more β†’