All news with #data breach tag

Hacker Claims 2.3TB Theft from Italian Rail IT Provider

🔒 A threat actor claims to have stolen 2.3 terabytes of data from Almaviva, the IT services provider linked to Italy's state-owned rail operator, FS Italiane Group. The actor posted the alleged dump on a dark web forum and described the contents as confidential documents, technical files, contracts, HR and accounting archives. Almaviva confirmed a cyberattack affecting corporate systems, said some data were taken, and reported it to national authorities while an investigation is ongoing.

Hacker Claims Theft of 2.3TB from Almaviva Affecting FS

🔓 A threat actor claims to have stolen 2.3 terabytes of data from IT services provider Almaviva and posted the material on a dark web forum. The leak reportedly includes confidential documents and sensitive information related to FS Italiane Group, such as internal shares, technical documentation, contracts, HR and accounting archives. D3Lab's Andrea Draghetti says the files are recent (Q3 2025) and not recycled from a 2022 Hive incident. Almaviva confirmed a breach, says affected systems were isolated, and that authorities have been notified while an investigation continues.

DoorDash Discloses October Data Breach Exposing Contacts

🔔 DoorDash disclosed an October data breach after an employee fell for a social engineering scam, allowing an unauthorized third party to access certain user contact information. Notified users were told exposed data varied by person and could include names, physical addresses, phone numbers and email addresses; the company said Social Security Numbers were not accessed. DoorDash said it shut off access, engaged a forensic firm, notified law enforcement, and warned users to watch for phishing; affected users can call a helpline and cite reference code B155060.

Smashing Security Podcast 441: Poker, F1 Data Risks

🎧 In episode 441 Graham Cluley and guest Danny Palmer discuss an alleged poker scam that reportedly involved basketball players working with organised crime to cheat high‑stakes games using hacked shufflers, covert cameras and an X‑ray card table. Researchers also uncovered that an FIA driver portal could be probed to expose personal details of Formula 1 stars. The hosts close with Graham’s “Pick of the Week,” a surreal CAPTCHA browser game, and a lighter cultural segment.

FinWise Breach Highlights Encryption and Insider Risk

🔒 The FinWise data breach involved a former employee who retained credentials and accessed systems on May 31, 2024, exposing personal records for 689,000 American First Finance customers. The intrusion remained undetected until June 18, 2025, prompting lawsuits alleging inadequate encryption and weak security governance. Experts say robust protection requires not only encryption but effective key management, strict access controls, and proactive monitoring. Vendor solutions such as D.AMO are presented as integrated platforms combining encryption, an isolated KMS, and centralized control to mitigate insider risk.

Sotheby's Data Breach Exposes Customer Financial Records

🔒 Sotheby's has notified customers that an intrusion detected on July 24 resulted in removal of sensitive data from its systems. After a two-month investigation the company determined exposed information includes full names, Social Security numbers and financial account details. Impacted individuals are being offered 12 months of free identity protection and credit monitoring through TransUnion while Sotheby's continues to assess the scope.

Sotheby's Breach Exposes Employee Financial Data Records

🔐 Sotheby's disclosed a cybersecurity incident first detected on July 24, 2025, after threat actors removed data from its environment. A two-month investigation found exposed information included full names, Social Security numbers and financial account details. The company notified impacted individuals and offered 12 months of identity protection and credit monitoring through TransUnion. An October update clarified the breach involved employees, not customers.

MANGO reports marketing vendor breach exposing contacts

🔒 MANGO has notified customers that an external marketing service suffered unauthorized access, resulting in exposure of certain personal contact information. The retailer said the compromised fields included first name, country, postal code, email address, and telephone number, while last names, payment card details, IDs and account credentials were not affected. MANGO confirmed its corporate systems remain secure, authorities have been informed, and a dedicated email and hotline are available for concerned customers.

Nation-State Hackers Breach F5, Steal BIG-IP Source Code

🔒 F5 disclosed that nation-state attackers breached its systems and exfiltrated portions of BIG-IP source code and information about undisclosed vulnerabilities after gaining persistent access to product development and engineering knowledge platforms. The company says it first detected the intrusion on August 9, 2025, and has found no evidence the stolen data has been exploited or publicly disclosed. F5 reports that its software supply chain was not compromised and no suspicious code modifications were observed, while it continues identifying customers whose configuration or implementation details may have been taken.

SimonMed: 1.2M Patients Affected in January Breach

🔒 SimonMed Imaging is notifying more than 1.2 million individuals that attackers accessed its network between January 21 and February 5, 2025. The company says hackers stole data and the Medusa ransomware group claimed a 212 GB exfiltration and published proof files including ID scans, medical reports, payment details and raw scans. SimonMed reset passwords, implemented multifactor authentication, deployed EDR, removed vendor access, restricted traffic, notified law enforcement and is offering affected people free Experian identity monitoring.

Harvard Probes Data Breach Linked to Oracle Zero-Day

🔒 Harvard University is investigating a data breach after the Clop ransomware gang listed the school on its data leak site and attributed the incident to a recently disclosed Oracle E-Business Suite zero-day (CVE-2025-61882). A Harvard IT spokesperson said the issue affected a limited number of parties within a small administrative unit and that a patch from Oracle was applied upon receipt. The university reports no evidence of broader compromise while it continues monitoring.

Avnet Confirms Breach; Stolen EMEA Sales Data Unreadable

🔒 Avnet confirmed unauthorized access to externally hosted cloud storage that supported an internal sales tool used in the EMEA region. The company says most stolen files are not easily readable without access to Avnet's proprietary sales tool, which it says was not impacted, while attackers claim they exfiltrated 1.3TB of compressed (7–12TB raw) data. Avnet detected the activity on September 26, rotated secrets across Azure/Databricks, notified authorities, and will contact affected customers and suppliers; the number of potentially impacted individuals remains unknown.

Discord Support Data Stolen in Third-Party Breach Incident

🔒Discord has confirmed that attackers accessed data belonging to users who contacted its customer support after a breach at a third-party provider, reportedly Zendesk. Exposed information includes names, Discord usernames, emails, IP addresses, messages with support agents, limited billing details (payment type and last four card digits), and a small number of government ID images. Discord says full card numbers, CCV codes and account passwords were not accessed, and is contacting affected users while warning of potential phishing attempts.

Renault and Dacia UK Notify Customers of Data Breach

🔒 Renault and Dacia UK have informed customers that personal information was exposed following a cyberattack on an unnamed third‑party provider. The compromised data includes full name, gender, phone number, email and postal address, as well as Vehicle Identification Numbers (VINs) and vehicle registration numbers; banking data was not affected. Renault says the supplier isolated the incident and removed the threat, and the Information Commissioner’s Office (ICO) has been notified. Recipients are urged to remain vigilant against unsolicited calls and emails and to avoid sharing passwords.

Red Hat Confirms GitLab Breach Affecting Consulting

🔒 Red Hat confirmed a security incident after an extortion group calling itself the Crimson Collective claimed to have stolen nearly 570GB of compressed data from roughly 28,000 internal repositories in a GitLab instance used solely for consulting engagements. The group alleges the haul includes about 800 Customer Engagement Reports (CERs) that may contain infrastructure details, authentication tokens, and database URIs. Red Hat says it is remediating the issue, has not verified the attackers' specific claims, and believes its software supply chain and other services remain unaffected.

Allianz Life July Data Breach Affects Nearly 1.5 Million

🔐Allianz Life has completed its investigation into a July cyberattack and says 1,497,036 people were impacted. A malicious actor accessed a third-party cloud-based CRM on July 16, 2025, and obtained names, addresses, dates of birth, and Social Security numbers. While some reporting linked the intrusion to a Salesforce-targeted wave attributed to ShinyHunters, Allianz Life has not confirmed that attribution. Notified individuals are offered two years of free identity monitoring from Kroll and guidance to enable credit monitoring or consider freezing credit.

FinWise Insider Data Breach Affects 689K AFF Customers

🔒 FinWise Bank says a former employee accessed sensitive files after their employment ended, in a data security incident identified on May 31, 2024. The bank notified corporate partner American First Finance (AFF), which reported that data for 689,000 customers was affected. FinWise launched an external investigation, strengthened internal controls, and is offering 12 months of credit monitoring and identity theft protection to impacted individuals.

Panama Finance Ministry Reports Possible Ransomware Breach

🔒 The Panama Ministry of Economy and Finance (MEF) says a workstation may have been infected with malicious software; established security protocols were activated immediately and the incident has been contained. The ministry asserted that central systems and platforms remain unaffected, and that personal and institutional data are protected while preventive measures were reinforced. However, the INC Ransom group added MEF to its leak site on September 5, claiming to have stolen more than 1.5 TB of emails, financial records and budgeting files; MEF had not responded to requests for comment by publication.

Plex Urges Password Resets After Customer Data Breach

🔒 Plex reports an unauthorized third party accessed a limited subset of customer authentication data, including email addresses, usernames, and securely hashed passwords. The company says it quickly contained the incident and that no payment card information was stored on its servers. Because Plex did not disclose the hashing algorithm used, it recommends users reset their passwords, enable two‑factor authentication, and use the “Sign out connected devices after password change” option to terminate active sessions. Plex reminded customers it will never request passwords or card details by email.

Workiva Discloses Data Theft Linked to Salesforce Breach

🔒 Workiva notified customers that attackers who accessed a third-party CRM exfiltrated a limited set of business contact data, including names, email addresses, phone numbers, and support ticket content. The company said the Workiva platform and any data within it were not accessed or compromised. Workiva warned customers to remain vigilant for spear‑phishing and reiterated it will not request passwords by text or phone. BleepingComputer reported the incident is tied to recent Salesforce breaches attributed to the ShinyHunters group.