All news with #breach tag

Pennsylvania: Hacker Claims 1.2M Donor Records Breach

🔐 A threat actor claims to have compromised University of Pennsylvania systems and exfiltrated data for roughly 1.2 million students, alumni, and donors, including names, dates of birth, contact details, estimated net worth, donation histories, and sensitive demographic data. The attacker said they gained access via a compromised PennKey SSO account and accessed VPN, Salesforce Marketing Cloud, Qlik, SAP, SharePoint, and Box. After access was revoked on October 31 the actor used Marketing Cloud to send offensive emails to about 700,000 recipients and published a 1.7-GB archive of files. Penn says it is investigating; donors should watch for targeted phishing and verify solicitations directly with the university.

Offensive 'We got hacked' emails sent from Penn addresses

📧 The University of Pennsylvania distributed a series of offensive emails to students and alumni claiming data was stolen in a breach and urging action. The messages, with the subject line "We got hacked (Action Required)", were sent from multiple Penn addresses, including the Graduate School of Education, via the connect.upenn.edu mailing-list platform hosted on Salesforce Marketing Cloud. Penn's Office of Information Security said the messages are fraudulent, its Incident Response team is investigating, and the university has placed a website banner advising recipients to disregard or delete the emails.

Conduent Breach Exposes Data of Over 10.5 Million People

🔒 Conduent has confirmed a breach affecting more than 10.5 million individuals, with customer notices sent in October 2025 after the incident was discovered on 13 January 2025. Unauthorized access reportedly began on 21 October 2024 and persisted for nearly three months. The criminal group SafePay claimed responsibility and said it exfiltrated large volumes of data, potentially including names, Social Security numbers, dates of birth, and medical and insurance information.

Nation-state Hackers Breach Ribbon Communications' Network

🔒 In a filing with the SEC, Ribbon Communications disclosed that unauthorized actors, reportedly tied to a nation-state, had access to its IT network, with initial intrusion activity traced as far back as December 2024. The company detected the breach in September 2025, has worked to terminate access, and is collaborating with third-party cybersecurity experts and federal law enforcement. Ribbon says it has not yet found evidence of material corporate data theft, although attackers accessed customer files on two laptops outside the main network.

Conduent Confirms Data Breach Affects 10.5 Million People

🔒 Conduent has confirmed a 2024 data breach that state attorney general notifications indicate affected more than 10.5 million people. Reported exposed data includes names, Social Security numbers, full dates of birth, health insurance policy or ID numbers, and medical information. Conduent says the environment was first compromised on October 21, 2024 and discovered in January 2025; as of October 24, 2025 it reports no evidence the stolen data has been misused. Affected individuals are advised to obtain credit reports and consider fraud alerts or a security freeze; the company did not offer identity monitoring services.

Ex-L3Harris Executive Pleads Guilty to Selling Exploits

🔒 Peter Williams, a former general manager at L3Harris Trenchant, pleaded guilty in U.S. court to stealing and selling protected cyber-exploit components between 2022 and 2025. Prosecutors say he removed at least eight sensitive trade-secret exploit components intended for exclusive government use and sold them to a broker that works with the Russian government for $1.3 million in cryptocurrency. He now faces up to 10 years in prison and significant fines.

Human Cost of UK Government's Afghan Data Leak Exposed

🔓 A leaked Ministry of Defence spreadsheet in February 2022 exposed thousands of Afghan nationals who assisted UK forces, and research from the charity Refugee Legal Support shows the fallout continues. Survivors report murder, torture, repeated home searches and persistent Taliban threats; 49 people are reported to have lost relatives or colleagues. Only a minority were offered relocation to the UK, underscoring how data leaks and inadequate responses can cause real, ongoing harm.

Proton Finds 300M+ Records Linked to 794 Breaches Worldwide

🔎 Proton and Constella Intelligence have launched the Data Breach Observatory, a real‑time dark‑web monitoring service that has identified more than 300 million compromised records tied to 794 incidents so far this year. The service combines automated crawlers, curated feeds and human analysts to surface breached data and alert affected parties. Proton says small and medium businesses are heavily targeted, with email addresses, names and contact details the most commonly exposed items. If aggregated datasets are included, Proton reports incidents rise to 1,571 and exposures reach hundreds of billions of records.

Dentsu Confirms Data Breach at U.S. Subsidiary Merkle

🔒 Dentsu disclosed a cybersecurity incident at its U.S. subsidiary Merkle, saying attackers accessed and stole files containing client, supplier, and employee information. The company detected abnormal activity, proactively took certain systems offline, and initiated incident response procedures while engaging third‑party responders. A circulated memo indicated exposed payroll and bank details, salary and National Insurance numbers, and personal contact details; impacted individuals are being notified and authorities in affected countries have been informed. Dentsu said Japan-based systems were not impacted and that the full scope and financial impact remain under investigation; no ransomware group has claimed responsibility so far.

Louvre Apollo Gallery Jewel Heist Reveals Security Gaps

🔍 The theft at the Louvre—where four thieves used an electric ladder, an angle grinder and seven minutes to remove jewels from the Apollo Gallery—exposed stark security lapses. A single outdoor camera pointed away from the balcony left no interior footage, and guards appeared focused on patrons rather than valuables. Arrests have been reported, but the pieces' likely disassembly will greatly reduce their recoverable value.

TCS Rejects Claims It Lost M&S Service Desk Contract

📰 Tata Consultancy Services has denied reports that it lost a service desk contract with Marks & Spencer following the retailer’s April cyber-attack. In an October 26 regulatory filing to Indian stock exchanges, TCS described a Telegraph article as "misleading" and pointed to "factual inaccuracies", saying the RFP to evaluate suppliers began in January 2025 and concluded before the incident. TCS said it continues to hold other active contracts with M&S, that a June investigation found no vulnerabilities originating in TCS networks, and that it does not provide cybersecurity services to the retailer.

FIA drivers' portal breached, Formula 1 data exposed

🔐 Hackers gained access to a drivers' portal run by the Fédération Internationale de l'Automobile (FIA) during the summer, potentially exposing Formula 1 driver records. The three individuals said they were fans who reported a vulnerability instead of pursuing malicious use and claimed they neither viewed nor stored sensitive data after noticing passport details could be retrievable. The FIA took the site offline, secured the system and worked with the researchers to strengthen the portal.

Toys R Us Canada confirms customer data leak; regulators

🔔 Toys R Us Canada has notified customers that a threat actor leaked records taken from its database after a posting on the dark web on July 30, 2025. An investigation with third-party cybersecurity experts confirmed the data's authenticity and found exposed fields may include full name, physical address, email, and phone number, while passwords and payment card details were not exposed. The retailer says it has strengthened IT security, is notifying Canadian privacy regulators, and warns customers to beware of phishing attempts.

Jaguar Land Rover Cyberattack: Costliest in UK History

🔒 The cyberattack on Jaguar Land Rover in late August forced a global shutdown of IT systems and halted production across its factories. According to the Cyber Monitoring Centre, the weeks-long outage inflicted an estimated £1.9 billion in losses and affected more than 5,000 organizations, including suppliers and dealers. The UK government intervened with guarantees and up to £1.5 billion in support to secure the supply chain as production is gradually resumed.

JLR Hack Deemed UK’s Costliest Cyber Incident at £1.9bn

🔒The Cyber Monitoring Centre (CMC) concluded that the August 2025 cyber-attack on Jaguar Land Rover (JLR) produced an estimated UK financial impact of £1.9bn ($2.55bn) and affected more than 5,000 organisations. The CMC said the vast majority of the cost derived from halted manufacturing after an IT shutdown that stopped production at major UK plants and disrupted suppliers and dealer systems. Analysts ranked the incident a Category 3 systemic event and warned costs could rise if operational technology or intellectual property were compromised. Industry experts called for stronger governmental oversight and for boards to treat cybersecurity as a strategic risk.

Typosquatted Nethereum NuGet Package Steals Wallet Keys

🔒Security researchers uncovered a NuGet typosquat, Netherеum.All, created to harvest cryptocurrency wallet secrets and exfiltrate them to a hidden command-and-control server. Uploaded on October 16, 2025 by user "nethereumgroup" and removed four days later, the package uses a Cyrillic 'e' homoglyph to impersonate Nethereum and falsely claims 11.7 million downloads to appear legitimate. Socket analysts found an XOR-decoded C2 endpoint (solananetworkinstance[.]info/api/gads) and a payload in EIP70221TransactionService.Shuffle that steals mnemonics, private keys, and keystore files. Developers are advised to verify publisher identity, watch for sudden download surges, and monitor anomalous network traffic before adding dependencies.

Ransomware Attack Disrupts IT at Nickelhütte Aue Company

🔒 A ransomware attack on Nickelhütte Aue's office IT encrypted data and caused disruptions across multiple back-office systems, with HR, accounting, finance, purchasing and sales identified as affected. A company spokesperson told CSO that production remained unaffected and management established a crisis organisation after the incident was discovered on Saturday, October 18. The attackers left an extortion note threatening to publish stolen files; investigations by IT forensics teams and authorities are ongoing while the firm consults on how to respond to the ransom demand. The company says it is cleaning infected devices and making steady progress, but the timeframe to fully rebuild IT systems remains unclear.

Dreamforce Highlights Salesforce Amid OAuth Security Storm

🛡️ At Dreamforce, Salesforce emphasized shared responsibility for securing customer environments and introduced new AI agents for security and privacy. The conference largely avoided discussion of recent OAuth-based supply-chain breaches that exposed data from hundreds of companies and led to extensive litigation. Analysts warn the incidents — driven by compromised tokens from third-party apps like Salesloft Drift and spoofed tools such as malicious Data Loader instances — underscore systemic risks as AI integrations demand broader data access. Recommended mitigations include IP whitelisting, DPoP or mTLS, and tighter vendor governance.

Rhysida Ransomware Group Lists German Manufacturer Geiger

🔒 On October 17, the ransomware group Rhysida posted the German machine manufacturer Geiger on a darknet victims list, claiming to offer data stolen from the company. The attackers set an asking price of 10 BTC (roughly €1 million) and indicated a sale deadline of October 24, 2025, without specifying the scope or types of data. Geiger has not publicly responded to the claim. Security researchers characterize Rhysida as financially motivated and likely operating from Russia or the CIS.

Weekly Recap: F5 Breach, Linux Rootkits, and Trends

🔒 This weekly recap highlights long-lived, stealthy intrusions and emerging tactics that are reshaping defender priorities. Chief among them, F5 disclosed a year-long breach involving the BRICKSTORM malware and stolen BIG-IP source material, while researchers uncovered new Linux rootkits such as LinkPro and campaigns abusing blockchain smart contracts for malware delivery. The report urges inventorying edge devices, prioritizing patches, and improving detection, baselining, and intelligence sharing.