All news with #breach tag

🔒 On April 13, 2026, Itron, Inc. detected unauthorized access to certain internal IT systems and activated its cybersecurity response plan. The company notified law enforcement and engaged external advisors to investigate, mitigate, remediate, and contain the activity. Itron reports the intrusion has been blocked with no observed follow‑up, no customer impact, and no material disruption to business operations. The investigation is ongoing and the company expects a significant portion of incident-related costs to be covered by insurance.

🔒 Tyler Buchanan has pleaded guilty in a Florida court to conspiring with others to hack company computer systems and steal at least $8 million in virtual currency. He faces sentencing later this year. Buchanan is tied to the notorious Scattered Spider group, which has used SMS phishing and colleague impersonation to target employees. Security leaders are urged to reinforce defenses and train staff against social engineering.

🔒 CISA and the U.K. NCSC disclosed that a federal civilian agency's Cisco Firepower device running ASA firmware was compromised in September 2025 by a persistent backdoor dubbed FIRESTARTER. The ELF bootkit alters the startup mount list and attempts to hook LINA to execute arbitrary shellcode and sustain post-patching persistence. Cisco recommends reimaging; a cold power cycle is a temporary mitigation.

🛰️ The NASA Office of Inspector General (OIG) says a Chinese national, identified in a 2024 indictment as Song Wu, posed as U.S. researchers to obtain sensitive aerospace modeling software and source code from NASA employees, universities, and private firms. The campaign ran from January 2017 through December 2021 and also targeted multiple U.S. government agencies. Song faces wire fraud and aggravated identity theft charges and remains at large.

🔒 The personal health data of more than 500,000 UK Biobank volunteers was briefly listed for sale on Chinese e-commerce platforms, prompting removal of the adverts and joint action by UK and Chinese authorities. UK Biobank says the datasets were de-identified and did not include direct identifiers such as names or NHS numbers, and there is currently no evidence the data were purchased. The organisation has suspended researcher access, restricted downloads on its cloud research platform and launched a forensic investigation into misuse by researchers at three academic institutions.

🔒 Rituals has disclosed a data breach affecting members of its My Rituals loyalty program after attackers downloaded customer records. The company said the compromised data may include full name, email address, phone number, date of birth, gender and home address. Rituals confirmed no passwords or payment information were accessed, and said it has blocked the attackers' access and notified relevant authorities while initiating a forensic investigation. The firm has not disclosed the number of affected members despite a loyalty base of more than 41 million and said it has informed affected customers directly.

🔒 Two U.S. nationals were sentenced to prison for facilitating a scheme that placed North Korean IT workers as faux U.S. employees at more than 100 American companies, including Fortune 500 firms. Between 2021 and October 2024 the pair generated over $5 million for DPRK-linked operations and caused roughly $3 million in corporate losses by using the stolen identities of more than 80 U.S. citizens. They set up shell companies, fake websites, bank accounts, and even hosted company-issued laptops in U.S. homes to mask the remote workers' true locations.

🔒 Kraken says a criminal group is attempting to extort the exchange by threatening to release videos that show internal support systems containing client data. The company says the incident resulted from an insider threat, with two instances of improper access by support employees and exposure limited to client support data. About 2,000 accounts (0.02% of users) were affected; Kraken says funds were never at risk. The exchange will not pay or negotiate and is working with federal law enforcement.

🔒 Basic-Fit, one of Europe's largest gym operators, disclosed unauthorized access to the system that records members' visits and said about 1 million members across the Netherlands, Belgium, Luxembourg, France, Spain and Germany were affected. The intrusion was detected and stopped within minutes, but investigators determined the attacker exfiltrated data including full name, address, email, phone number, date of birth, bank account details and membership information. Franchise-held customer records were stored separately and were not exposed. Basic-Fit says no identification documents or account passwords were accessed, and the company has notified regulators and continues to monitor the situation with external experts.

🔒 Booking.com confirmed that unauthorized parties accessed booking information associated with some reservations. The company says it immediately forced PIN resets for affected current and past bookings and directly emailed impacted users with updated reservation PINs and guidance. Compromised fields may include full names, email and postal addresses, phone numbers, and communications with property providers. Booking.com warned customers to be vigilant for phishing and noted that app notifications were not sent, which has caused confusion.

🔒 Dutch healthcare software vendor ChipSoft has confirmed a ransomware incident that forced it to take its website and patient-facing digital services offline. The provider of the HiX EHR platform warned of "possible unauthorized access" and advised customers to disconnect affected systems while it investigates. The national healthcare CERT, Z-CERT, is coordinating response efforts with ChipSoft and impacted hospitals.

🚆 Eurail says attackers stole personal information for over 300,000 customers after an unauthorized transfer of files from its network on December 26, 2025. The company disclosed the incident publicly in February and notified affected individuals by letter on March 27, reporting that records contained names, passport numbers and other sensitive identifiers. A sample of the stolen data was posted on Telegram and put up for sale on the dark web; Eurail advises customers to update Rail Planner passwords, reset reused passwords elsewhere, monitor bank accounts, and watch for phishing and suspicious transactions.

🔒 Drift Protocol says a coordinated, six-month operation led to a $280M+ theft after attackers built "a functioning operational presence" inside the platform and engaged contributors in person and via Telegram. The attackers reportedly hijacked Security Council administrative powers and drained assets in about 12 minutes. Drift suspects two contributors were compromised via a malicious code repository (possible VSCode/Cursor exploit) and a fake TestFlight wallet app. Blockchain firms attribute the campaign to UNC4736, linked to North Korea.

🔐 Stryker says it is fully operational three weeks after a March 11 cyberattack in which the Handala group claimed to have stolen roughly 50 TB of data and wiped nearly 80,000 devices. Investigators say attackers created a new Global Administrator account after compromising a Windows domain admin and used a malicious file to conceal activity. Stryker prioritized restoring systems for ordering, shipping and production and is working with third‑party cybersecurity experts and government agencies as the investigation continues.

🚨 A Maryland man has been charged with stealing more than $53 million after allegedly exploiting flaws in smart contract code on the Uranium Finance decentralized exchange in April 2021. Prosecutors say two separate attacks targeted liquidity pools, including manipulation of a rewards calculation and a transaction verification bug that enabled massive withdrawals while depositing almost nothing. Authorities allege the proceeds were laundered through decentralized exchanges and Tornado Cash, with roughly $31m in crypto and collectibles seized.

⚠️ The FBI confirmed that Iran-linked hackers accessed the personal email account of FBI Director Kash Patel and published private photos and what appears to be his CV. The pro-Iranian hacktivist group Handala posted a selection of personal and work correspondence, with reporters verifying some items from Patel's Gmail account. The FBI said no classified or government systems were compromised and has taken steps to mitigate risks; strong, unique passwords and multi-factor authentication are advised.

🔐 Die Linke says it was hit by a serious cyberattack that it attributes to the hacker group Qilin, possibly Russian‑speaking, and has taken parts of its IT infrastructure offline. Party federal secretary Janis Ehling said attackers appear to be seeking sensitive internal and employee data; the membership database was not compromised. Authorities warned the party as the intrusion was detected, and a criminal complaint has been filed as the party coordinates with security services.

📦 The widely used Python package LiteLLM on PyPI was found to contain credential-stealing malware in versions 1.82.7 and 1.82.8, uploaded on 24 March 2026. Security researchers report the malicious code harvested SSH keys, cloud credentials, Kubernetes secrets, database credentials, TLS keys and cryptocurrency wallets, then encrypted and exfiltrated the data to attacker infrastructure and installed persistent backdoors. Endor Labs and JFrog analysis showed the later variant executed whenever any Python process started, enabling silent background operation; version 1.82.6 is the last known clean release and organizations are urged to rotate secrets and audit systems for compromise.

🎵 North Carolina musician Michael Smith pleaded guilty to running a multi-year streaming fraud that generated over $10 million in illicit royalties. Smith purchased hundreds of thousands of AI-generated songs and uploaded them to Spotify, Apple Music, Amazon Music, and YouTube Music, then used automated bots routed through VPNs to create billions of fake streams between 2017 and 2024. Prosecutors say he ran more than 1,000 bot accounts, agreed to $8,091,843.64 in forfeiture, and faces up to five years in prison after pleading to one count of conspiracy to commit wire fraud.

🔒 A North Carolina contractor, 27-year-old Cameron Curry (aka "Loot"), was convicted for extorting his employer, Brightly Software, after stealing payroll and corporate data during a six-month contract that ran through December 2023. Curry sent more than 60 threatening emails from lootsoftware@outlook.com demanding $2.5 million and attached screenshots of employee PII. Brightly paid $7,540 in Bitcoin, the FBI seized devices following a January 24, 2024 search, and Curry now faces up to 12 years in prison.