All news with #breach tag

Public S3 Bucket Exposes 273k Indian Bank Transfers

🔓 UpGuard discovered a publicly accessible Amazon S3 bucket containing over 273,000 PDFs documenting individual bank transfers in India, many with unredacted account numbers, amounts, and personal contact details. Aye Finance was disproportionately represented in the sample, and researchers observed roughly 3,000 new files added daily before the bucket was secured following notifications to AyeFin, NPCI, and CERT‑IN. The exposure poses an immediate risk of large‑scale fraud and targeted abuse across dozens of banks.

JLR Begins Phased Restart After Major Cyber-Attack

🔁 JLR has begun a controlled, phased restart of digital and operational systems after the cyber-attack that halted production in early September. The company has increased IT processing capacity for invoicing and restored its financial wholesale system, allowing it to clear payment backlogs and resume sales and vehicle registrations. The Global Parts Logistics Centre is also returning to full operation as recovery work continues with support from the UK National Cyber Security Centre and law enforcement.

Qantas Docking CEO Pay Signals Cyber Accountability Shift

🔒 Qantas' board docked CEO Vanessa Hudson and other executives after a June 30 cyber incident that exposed the personally identifiable information of nearly 6 million passengers, deducting A$800,000 from bonuses and cutting annual payouts by 15 percentage points. The move is being compared to high-profile past actions, such as Yahoo's 2017 bonus denial. Security leaders say the decision reflects a broader trend of boards and regulators holding top executives personally and financially accountable for cybersecurity failures.

Co-op Cyberattack Costs Group an Estimated £120 Million

🔒 In its latest half-year report the Co-operative Group said it expects to lose about £120 million in profits this financial year after a cyberattack forced temporary shutdowns of parts of its IT estate. The company reported that personal data for roughly 6.5 million members was stolen, prompting operational disruption across its supermarkets as well as its financial and funeral services. The identity of the attackers remains unclear and investigations are ongoing.

Mass Exposure of Indian Bank NACH Transfer PDFs Repository

🔓 UpGuard discovered a publicly accessible Amazon S3 bucket containing roughly 273,160 PDF documents formatted as NACH MANDATE records that documented bank transfers in India. The files exposed unredacted bank account numbers, transaction amounts and, in many cases, individuals’ names, phone numbers and email addresses. A 55K-file sample (~42 GB) showed 38 financial institutions represented, with AyeFin appearing in nearly 60% of sampled records. UpGuard notified AyeFin and NPCI, escalated to CERT‑IN when the bucket continued to grow, and verified the repository was secured on September 4.

17-Year-Old Suspected in Vegas Casino Cyberattacks Released

🔒 A 17-year-old hacker who surrendered on charges tied to sophisticated cyber intrusions against Las Vegas casinos between August and October 2023 has been released into his parents' custody under family court supervision. Authorities link the incidents to the Scattered Spider group and the deployment of BlackCat/ALPHV ransomware that disrupted operations and exposed staff and customer data. The judge imposed strict conditions including residence at a registered parental address, prohibition on leaving Clark County, internet use limited to educational purposes, and restrictions on phones and electronics, with immediate detention for violations. Prosecutors say the suspect may still control about $1.8 million in Bitcoin and are seeking additional charges and to try him as an adult.

Co-op Reports £206m Revenue Loss After Cyberattack

🛒 The Co-op revealed a £206m revenue shortfall resulting from a “malicious” cyber-attack in April after it temporarily shut down multiple systems to contain the threat. The retailer recorded an overall six-month loss of £80m to 5 July 2025 and said sales disruption is likely to continue into H2 2025. No remediation breakdown was provided, although a one-off non-underlying cost of £20m was logged. The intrusion has been linked to Scattered Spider, and UK authorities have made several arrests related to this and similar retail attacks.

Report: Many Indian Suppliers Pose Global Supply Risks

🔍 SecurityScorecard's assessment found that 53% of selected Indian vendors experienced at least one third-party breach in the past year, with outsourced IT operations and managed service providers representing 63% of those incidents. The study evaluated 15 prominent Indian suppliers across 10 industries using security ratings based on patching cadence, DNS health, IP reputation, and endpoint, network and app security, and concluded that 27% of vendors received an F while 25% earned an A. It recommends continuous monitoring of third- and fourth-party ecosystems, prioritizing certificate management and patching, and using cybersecurity ratings to inform procurement and ongoing vendor oversight.

Boyd Gaming Reports Cyber Incident Exposing Employee Data

🔒 Boyd Gaming Corporation disclosed a cybersecurity incident in an SEC 8-K filing, saying an unauthorized third party accessed its internal IT systems and removed certain data. The company said the breach involved employee information and a limited number of other individuals, though it did not specify the data types or number affected. Boyd said operations were not impacted and it is working with cybersecurity experts and federal law enforcement while notifying regulators.

Boyd Gaming Reports Data Breach After Cyberattack, SEC Filing

🔒 Boyd Gaming Corporation disclosed it suffered a cyberattack that resulted in unauthorized access to its IT systems and the removal of certain data, including employee information and data for a limited number of other individuals. The company said it engaged external cybersecurity experts and notified law enforcement, and that it is notifying impacted individuals and regulators as required. Boyd Gaming reported operations were not affected, does not expect a material adverse financial impact, and expects its cybersecurity insurance to cover related costs.

Stellantis Confirms Third-Party Cybersecurity Breach

🔒 Stellantis has confirmed unauthorized access to a third‑party service provider platform that supports its North American customer service operations. The group said affected customer information was potentially exposed but limited to contact details and did not include stored financial or other sensitive data. Stellantis activated incident response protocols, notified authorities and began informing impacted customers while warning them to expect phishing attempts. Security researchers and outlets linked the incident to claims by ShinyHunters and a recent series of Salesforce-related data breaches.

Stellantis: Customer Contact Data Stolen in Salesforce Hack

🔒 Stellantis confirmed unauthorized access to a third-party platform supporting its North American customer service operations, and said attackers stole customer contact information. The company stated the compromised system did not contain financial or other sensitive personal data and that it activated incident response procedures and notified authorities. Reports link the incident to a broader wave of Salesforce-related intrusions claimed by ShinyHunters, and customers are being urged to watch for phishing attempts.

Ransomware Extortion Claim Targets BMW Group Servers

🔒 The BMW Group has been named on the darknet by the Everest ransomware group, which claims to have stolen critical BMW audit documents, according to screenshots reported by Cybernews. The gang placed two countdown timers on its onion site—one running to Sept. 14 and a second giving BMW 48 hours to make contact. BMW has not commented and the extortionists have not confirmed whether customer or personal data were taken; Cybernews researcher Aras Nazarovas advises waiting for a published sample to assess the scope.

US Citizen Charged in Vastaamo Psychotherapy Data Extortion

🔒 Finnish prosecutors have charged 28-year-old US citizen Daniel Lee Newhard, an Estonia resident, with aiding and abetting the extortion tied to the notorious 2018 Vastaamo psychotherapy breach. Authorities say IP logs connected extortion infrastructure to an Estonian internet connection and to the suspect’s home address; Newhard denies the allegations. This development follows earlier convictions and ongoing appeals related to the broader Vastaamo scandal.

UK Arrests Two Teens Linked to Scattered Spider Hacks

🔒 UK law enforcement has arrested two teenagers allegedly tied to the Scattered Spider hacking group over an August 2024 cyberattack on Transport for London (TfL). Nineteen-year-old Thalha Jubair and 18-year-old Owen Flowers were detained; authorities say Jubair faces U.S. charges for dozens of intrusions, extortion and money laundering while Flowers faces additional charges linked to U.S. healthcare targets. Prosecutors allege the group extorted at least $115 million in ransoms and that law enforcement previously seized roughly $36 million in cryptocurrency tied to Jubair.

New York Blood Center Breach Exposes 194,000 Records

🔒 The New York Blood Center (NYBCe) confirmed that an unauthorized party accessed internal systems between January 20 and January 26, 2025, and copied files containing personal and health information for nearly 194,000 individuals. Compromised data includes names, Social Security numbers, driver's license or state ID numbers, bank account details for direct deposit, and health/test records. NYBCe says it moved quickly to contain the incident, is offering free identity protection through Experian, and has set up a call line for potentially affected people.

UK Arrests Teens Linked to Scattered Spider TfL Hack

🚨 Two teenagers have been arrested in the UK on suspicion of involvement in the August 2024 cyberattack against Transport for London; authorities say the suspects are believed to be members of the Scattered Spider collective. The National Crime Agency is prosecuting both on computer misuse and fraud-related charges, while U.S. prosecutors also filed charges against one suspect tied to multiple intrusions and extortion schemes. TfL reported that the breach disrupted internal systems and later confirmed customer data, including names and contact details, was compromised, causing operational disruption and financial losses.

Pompompurin Resentenced: BreachForums Creator Jailed

🔒 Conor Brian Fitzpatrick, known online as "Pompompurin", has been resentenced to three years in prison after a U.S. appeals court overturned his earlier lenient term. He created and administered the notorious BreachForums, a marketplace for stolen data and hacking tools, and was arrested after the Department of Justice disrupted the site. Fitzpatrick had violated pretrial release conditions and pleaded guilty to hacking charges and possession of child sexual abuse material; the forum remains active under a new domain.

ShinyHunters Claims 1.5B Salesforce Records Stolen via Drift

🔒 The ShinyHunters extortion group claims they stole approximately 1.5 billion Salesforce records from 760 companies by abusing compromised Salesloft Drift and Drift Email OAuth tokens exposed in a Salesloft GitHub breach. The attackers reportedly accessed Account, Contact, Case, Opportunity, and User tables and searched exfiltrated data for secrets to pivot further. Google/Mandiant and the FBI are tracking the activity as UNC6040/UNC6395, and Salesforce urges customers to enable MFA, enforce least privilege, and manage connected apps carefully.

Insight Partners Notifies Thousands After Ransomware Breach

🔒 Insight Partners is notifying thousands of people after a ransomware incident in which a threat actor gained network access via a sophisticated social engineering attack. The attackers reportedly exfiltrated sensitive data — including banking and tax records, personal information of current and former employees, and details related to limited partners, funds, management companies, and portfolio companies — before encrypting servers on January 16, 2025. The firm says formal notification letters and complimentary credit or identity monitoring are being mailed; if you do not receive a letter by the end of September 2025, your personal data was determined not to be impacted. State filings indicate 12,657 individuals were affected, and no group has publicly claimed responsibility.