< ciso
brief />
Tag Banner

All news with #breach tag

207 articles · page 6 of 11

Betterment Confirms Data Breach After Crypto Scam Emails

🔒 Betterment confirmed a breach after an attacker used a third-party marketing platform to send fraudulent crypto reward emails to a subset of customers on January 9. The messages, sent from the legitimate subdomain address 'support@e.betterment.com', claimed to triple Bitcoin and Ethereum deposits and included wallet addresses and large deposit deadlines. The actor accessed customer contact data (names, emails, physical addresses, phone numbers, dates of birth) but did not access customer accounts or expose account credentials. Betterment removed the unauthorized access, warned customers, and said it will publish a post-mortem while strengthening defenses against social engineering.
read more →

BreachForums user database leaked, exposing 323,986 records

🔓 On January 9, 2026, a database containing 323,986 BreachForums user records was published on a site named after the ShinyHunters gang, exposing usernames, email addresses, password hashes and IP addresses. The leak was accompanied by a roughly 4,400‑word manifesto from someone calling themselves "James", who names alleged cybercriminals and claims responsibility. The provenance and motive remain unclear, though the dump could provide law enforcement with investigative leads and highlights the limits of perceived anonymity on criminal forums.
read more →

BreachForums Database Leak Exposes 324K Criminal Users

🔓 A leaked MySQL archive containing 323,986 BreachForums user records surfaced in January, revealing hashed passwords, private messages, forum posts, and registration metadata. Security firm Resecurity reported the leak also included a password-protected PGP private key and a 4,400-word manifesto titled 'Doomsday' attributed to an individual calling themselves James. Have I Been Pwned traced the breach to August, months before multiple law enforcement takedowns and arrests weakened the platform's ecosystem. Observers say the exposure further erodes trust in large public crime forums and may push sophisticated actors to smaller, invite-only communities.
read more →

University of Hawaii Cancer Center Hit by Ransomware

🔒 The University of Hawaii System says a ransomware gang breached a single research project at the UH Cancer Center on August 31, 2025, and exfiltrated study data that included historical files containing Social Security numbers. Upon discovery, affected systems were disconnected, external cybersecurity experts were engaged, and the university said it negotiated with the threat actors to secure a decryption tool. UH reported arranging for the secure destruction of the illegally obtained data and said it will notify individuals once contact information is confirmed. The institution has installed endpoint protection, replaced compromised systems, reset credentials, updated firewall software, and initiated third-party security audits.
read more →

Target's Dev Git Server Offline After Source Code Claims

🔒 Target is investigating claims that an unknown threat actor published samples of internal source code on public Gitea repositories and is advertising a larger dataset for sale. The posted sample included a SALE.MD index listing roughly 57,000 lines and an estimated archive size of ~860 GB. After BleepingComputer alerted Target, the sample repos were removed and the retailer's developer Git server at git.target.com became inaccessible externally. Commit metadata and repository structure suggest the material may have originated from private internal infrastructure.
read more →

Sedgwick Confirms Breach at Government Contractor Subsidiary

🔒 Sedgwick has confirmed a security incident affecting its federal contractor subsidiary, Sedgwick Government Solutions. The company says the parent firm's network was not affected and that the incident involved an isolated file transfer system. Sedgwick notified law enforcement, engaged external cybersecurity experts, and reported no evidence of access to claims management servers. The TridentLocker ransomware group claims to have exfiltrated 3.39 GB of documents and posted samples on a Tor leak site.
read more →

Jaguar Land Rover Q3 Sales Plummet After Cyber-Attack

🚗 Jaguar Land Rover is still reeling from a late‑August cyber-attack that disrupted production from September through mid-November, Tata Motors reported. Retail sales in Q3 2025 fell 25.1% year‑on‑year to 79,600 vehicles, while wholesale shipments plunged 43% to 59,200 units. Tata said the incident "significantly disrupted operations," forcing factory stoppages and ongoing distribution delays, compounded by US tariffs and model phase-outs.
read more →

Coinbase Insider Arrested in India Over Customer Data Leak

🔒 A former Coinbase customer service agent was arrested in Hyderabad, India, after allegedly accepting bribes from criminal gangs to access and sell sensitive customer records, Coinbase CEO Brian Armstrong announced. The incident, disclosed in May 2025, involved compromised support staff leaking data on nearly 70,000 customers, including IDs and financial details. Coinbase refused a US $20 million ransom and instead committed that sum to a reward fund while cooperating with law enforcement.
read more →

Brightspeed Probes Alleged Data Theft by Crimson Collective

🔒 Brightspeed is investigating claims that the extortion group Crimson Collective stole sensitive information belonging to more than one million customers. The U.S. broadband provider said it is rigorous in securing networks and is looking into a reported cybersecurity event, promising to keep customers, employees, and authorities informed. Crimson Collective posted on Telegram that the haul includes PII, account and payment details, and appointment/order records, and threatened to publish a sample to force a response.
read more →

Top Cybersecurity and Cyberattack Stories of 2025: Review

🔒 2025 saw a convergence of large-scale breaches, state-aligned intrusions, and rapidly maturing AI-enabled attacks that reshaped the threat landscape. High-profile incidents included the ByBit $1.5B Ethereum heist, Clop exploitation of Oracle zero-days, and mass data-theft campaigns targeting Salesforce and adult platforms. Attackers amplified impact with terabit-scale DDoS, developer supply-chain abuse, and social-engineering techniques such as ClickFix and help-desk compromises. Organizations raced to patch zero-days, lock down developer pipelines, and defend against AI-powered malware and novel prompt-injection vectors.
read more →

Coupang to Pay $1.17B to 33.7M Breach Victims in Korea

🔔 Coupang announced it will distribute ₩1.685 trillion (about $1.17 billion) in compensation to 33.7 million customers affected by a data breach, with payments beginning January 15, 2026. The company said each customer will receive four single-use vouchers totaling 50,000 won for various Coupang services and products. Coupang reported the breach occurred on June 24, was discovered in mid-November, and has prompted a police investigation into a former IT employee.
read more →

MongoBleed flaw exposed MongoDB secrets on 87K servers

🔓 A critical MongoDB vulnerability, tracked as CVE-2025-14847 and dubbed MongoBleed, is being actively exploited to leak in-memory secrets from exposed servers. A public PoC demonstrates how malformed zlib-compressed network messages cause the server to return allocated memory rather than decompressed lengths, exposing credentials, API keys, session tokens, and other sensitive data. Over 87,000 instances were identified as potentially vulnerable on the public internet, and vendors released patches on December 19; administrators should prioritize upgrades or disable zlib compression if immediate upgrades are not possible.
read more →

Malware Installed Onboard: Italian Ferry IoT Compromise

🚢 A reported compromise affected an Italian ferry; investigators say the malware appears to have been installed physically on board rather than via a remote intrusion. Operators are assessing systems and safety impacts. Details remain limited while authorities investigate.
read more →

Nissan Confirms 21,000 Customers Impacted by Red Hat Breach

🔓 Nissan has disclosed that a third-party breach at Red Hat in September led to the exposure of about 21,000 customer records tied to its Fukuoka sales unit. The carmaker said it was notified by Red Hat on October 3 and has informed the Personal Information Protection Commission while contacting affected individuals. Exposed fields include names, addresses, phone numbers and partial email addresses, but not payment card data. Nissan warned customers to be vigilant for suspicious calls or mail while investigations continue.
read more →

Baker University 2024 Data Breach Exposes 53,624 Records

🔒 Baker University disclosed a 2024 data breach after attackers accessed its network in December 2024 and exfiltrated records for 53,624 individuals. The compromised information potentially included names, dates of birth, Social Security numbers, driver’s license and passport numbers, financial account details, and medical and insurance information. The university is offering free credit monitoring and says it has engaged external cybersecurity experts and rebuilt a primary compromised platform.
read more →

DoJ Seizes Domain That Enabled $14.6M Account Takeovers

🔒 The U.S. Department of Justice announced it seized the domain web3adspanels.org and an associated database used as a backend panel to store and manipulate illegally harvested bank login credentials. Authorities say the group delivered fraudulent search ads that redirected victims to counterfeit banking sites containing malicious code that harvested credentials. The scheme affected 19 U.S. victims, causing attempted losses of about $28 million and actual losses of approximately $14.6 million.
read more →

Nissan: Thousands of Customers Exposed in Red Hat Breach

🔓 Nissan confirmed that personal data for about 21,000 customers who purchased vehicles or received services at Nissan Fukuoka was exposed after a September breach of Red Hat's development environment. Leaked fields include full names, physical addresses, phone numbers, email addresses and sales-related customer data; no financial or credit card data were affected. Nissan says it has no evidence the data have been misused.
read more →

DXS Confirms Cyber-Attack; NHS Services Unaffected

🔒 DXS International said it discovered a cyber-attack on 14 December that affected its office servers and disclosed the incident to the London Stock Exchange on 18 December. The company reported minimal impact, with front-line NHS clinical services remaining operational, and said it contained the breach and is investigating with NHS England and an external cybersecurity specialist. A threat actor calling itself Devman has claimed to have stolen 300GB and threatened to publish data on 20 December; that claim remains unconfirmed.
read more →

Denmark Blames Russia for Destructive Water Utility Attack

🔒 Danish intelligence (DDIS) attributed a destructive cyberattack on a water utility to Russian-linked actors, identifying Z-Pentest as responsible for the sabotage and NoName057(16) for election-period DDoS operations. The agency said these actions are part of Moscow's broader hybrid campaign to punish countries supporting Ukraine. Officials will summon the Russian ambassador and warned the attacks undermine public security.
read more →

University of Sydney code repository breach exposes data

🔒 The University of Sydney reported unauthorized access to an online code repository that resulted in the theft of files containing personal information for more than 27,000 individuals. The breach affected current and former staff, students and alumni and included names, dates of birth, contact details and job information. The university says it detected the incident last week, blocked the access, notified regulators and launched support and notification processes for impacted people.
read more →