All news with #breach tag

🔒 Eurail B.V. has acknowledged unauthorized access to its Interrail customer database, potentially exposing identity, contact and passport information for affected customers. The company says there are no indications of misuse or public sharing so far and that investigations are ongoing. Customers who booked under the EU DiscoverEU program may have had copies of identity documents, IBANs and health data accessed. Eurail recommends vigilance and changing passwords for associated accounts.

🔒The Victorian Department of Education has notified parents that an unauthorized third party accessed a database containing student names, school names, year levels and school-issued email addresses, along with encrypted passwords for accounts that use those emails. The department said more sensitive fields such as birth dates, home addresses and phone numbers were not exposed. All student passwords have been reset and access to school accounts is blocked until new credentials are issued; VCE students will be prioritised. Authorities say they removed the attack vector and have not found evidence the data was publicly released or shared, and further updates will be provided.

🔒 Monroe University disclosed that threat actors accessed its network from December 9 to December 23, 2024, and stole personal, financial, and health information affecting 320,973 people. The university said stolen records may include names, dates of birth, Social Security numbers, government IDs, medical and insurance data, account usernames, passwords, and financial account information. Notifications began January 2 and affected individuals were offered one year of free credit monitoring through Cyberscout; the incident follows prior ransomware attacks and broader targeting of higher education institutions.

🛡️ Central Maine Healthcare disclosed a security incident after discovering unauthorized access to its systems between March 19 and June 1, 2025. The investigation, completed on November 6, 2025, determined that 145,381 individuals — including patients and current or former employees — may have had sensitive information exposed. Exposed data types vary by person and can include full names, dates of birth, treatment and service details, provider names, health insurance information, and Social Security Numbers. CMH has begun notifying affected individuals, is offering free credit monitoring, and has set up a dedicated patient support line to answer questions and accept reports of potential data misuse.

🔒 Betterment confirmed a breach after an attacker used a third-party marketing platform to send fraudulent crypto reward emails to a subset of customers on January 9. The messages, sent from the legitimate subdomain address 'support@e.betterment.com', claimed to triple Bitcoin and Ethereum deposits and included wallet addresses and large deposit deadlines. The actor accessed customer contact data (names, emails, physical addresses, phone numbers, dates of birth) but did not access customer accounts or expose account credentials. Betterment removed the unauthorized access, warned customers, and said it will publish a post-mortem while strengthening defenses against social engineering.

🔓 On January 9, 2026, a database containing 323,986 BreachForums user records was published on a site named after the ShinyHunters gang, exposing usernames, email addresses, password hashes and IP addresses. The leak was accompanied by a roughly 4,400‑word manifesto from someone calling themselves "James", who names alleged cybercriminals and claims responsibility. The provenance and motive remain unclear, though the dump could provide law enforcement with investigative leads and highlights the limits of perceived anonymity on criminal forums.

🔓 A leaked MySQL archive containing 323,986 BreachForums user records surfaced in January, revealing hashed passwords, private messages, forum posts, and registration metadata. Security firm Resecurity reported the leak also included a password-protected PGP private key and a 4,400-word manifesto titled 'Doomsday' attributed to an individual calling themselves James. Have I Been Pwned traced the breach to August, months before multiple law enforcement takedowns and arrests weakened the platform's ecosystem. Observers say the exposure further erodes trust in large public crime forums and may push sophisticated actors to smaller, invite-only communities.

🔒 The University of Hawaii System says a ransomware gang breached a single research project at the UH Cancer Center on August 31, 2025, and exfiltrated study data that included historical files containing Social Security numbers. Upon discovery, affected systems were disconnected, external cybersecurity experts were engaged, and the university said it negotiated with the threat actors to secure a decryption tool. UH reported arranging for the secure destruction of the illegally obtained data and said it will notify individuals once contact information is confirmed. The institution has installed endpoint protection, replaced compromised systems, reset credentials, updated firewall software, and initiated third-party security audits.

🔒 Target is investigating claims that an unknown threat actor published samples of internal source code on public Gitea repositories and is advertising a larger dataset for sale. The posted sample included a SALE.MD index listing roughly 57,000 lines and an estimated archive size of ~860 GB. After BleepingComputer alerted Target, the sample repos were removed and the retailer's developer Git server at git.target.com became inaccessible externally. Commit metadata and repository structure suggest the material may have originated from private internal infrastructure.

🔒 Sedgwick has confirmed a security incident affecting its federal contractor subsidiary, Sedgwick Government Solutions. The company says the parent firm's network was not affected and that the incident involved an isolated file transfer system. Sedgwick notified law enforcement, engaged external cybersecurity experts, and reported no evidence of access to claims management servers. The TridentLocker ransomware group claims to have exfiltrated 3.39 GB of documents and posted samples on a Tor leak site.

🚗 Jaguar Land Rover is still reeling from a late‑August cyber-attack that disrupted production from September through mid-November, Tata Motors reported. Retail sales in Q3 2025 fell 25.1% year‑on‑year to 79,600 vehicles, while wholesale shipments plunged 43% to 59,200 units. Tata said the incident "significantly disrupted operations," forcing factory stoppages and ongoing distribution delays, compounded by US tariffs and model phase-outs.

🔒 A former Coinbase customer service agent was arrested in Hyderabad, India, after allegedly accepting bribes from criminal gangs to access and sell sensitive customer records, Coinbase CEO Brian Armstrong announced. The incident, disclosed in May 2025, involved compromised support staff leaking data on nearly 70,000 customers, including IDs and financial details. Coinbase refused a US $20 million ransom and instead committed that sum to a reward fund while cooperating with law enforcement.

🔒 Brightspeed is investigating claims that the extortion group Crimson Collective stole sensitive information belonging to more than one million customers. The U.S. broadband provider said it is rigorous in securing networks and is looking into a reported cybersecurity event, promising to keep customers, employees, and authorities informed. Crimson Collective posted on Telegram that the haul includes PII, account and payment details, and appointment/order records, and threatened to publish a sample to force a response.

🔒 2025 saw a convergence of large-scale breaches, state-aligned intrusions, and rapidly maturing AI-enabled attacks that reshaped the threat landscape. High-profile incidents included the ByBit $1.5B Ethereum heist, Clop exploitation of Oracle zero-days, and mass data-theft campaigns targeting Salesforce and adult platforms. Attackers amplified impact with terabit-scale DDoS, developer supply-chain abuse, and social-engineering techniques such as ClickFix and help-desk compromises. Organizations raced to patch zero-days, lock down developer pipelines, and defend against AI-powered malware and novel prompt-injection vectors.

🔔 Coupang announced it will distribute ₩1.685 trillion (about $1.17 billion) in compensation to 33.7 million customers affected by a data breach, with payments beginning January 15, 2026. The company said each customer will receive four single-use vouchers totaling 50,000 won for various Coupang services and products. Coupang reported the breach occurred on June 24, was discovered in mid-November, and has prompted a police investigation into a former IT employee.

🔓 A critical MongoDB vulnerability, tracked as CVE-2025-14847 and dubbed MongoBleed, is being actively exploited to leak in-memory secrets from exposed servers. A public PoC demonstrates how malformed zlib-compressed network messages cause the server to return allocated memory rather than decompressed lengths, exposing credentials, API keys, session tokens, and other sensitive data. Over 87,000 instances were identified as potentially vulnerable on the public internet, and vendors released patches on December 19; administrators should prioritize upgrades or disable zlib compression if immediate upgrades are not possible.

🚢 A reported compromise affected an Italian ferry; investigators say the malware appears to have been installed physically on board rather than via a remote intrusion. Operators are assessing systems and safety impacts. Details remain limited while authorities investigate.

🔓 Nissan has disclosed that a third-party breach at Red Hat in September led to the exposure of about 21,000 customer records tied to its Fukuoka sales unit. The carmaker said it was notified by Red Hat on October 3 and has informed the Personal Information Protection Commission while contacting affected individuals. Exposed fields include names, addresses, phone numbers and partial email addresses, but not payment card data. Nissan warned customers to be vigilant for suspicious calls or mail while investigations continue.

🔒 Baker University disclosed a 2024 data breach after attackers accessed its network in December 2024 and exfiltrated records for 53,624 individuals. The compromised information potentially included names, dates of birth, Social Security numbers, driver’s license and passport numbers, financial account details, and medical and insurance information. The university is offering free credit monitoring and says it has engaged external cybersecurity experts and rebuilt a primary compromised platform.

🔒 The U.S. Department of Justice announced it seized the domain web3adspanels.org and an associated database used as a backend panel to store and manipulate illegally harvested bank login credentials. Authorities say the group delivered fraudulent search ads that redirected victims to counterfeit banking sites containing malicious code that harvested credentials. The scheme affected 19 U.S. victims, causing attempted losses of about $28 million and actual losses of approximately $14.6 million.