All news with #data breach tag

🔒 Marquis Software Solutions has filed suit against SonicWall, alleging gross negligence and misrepresentation after a ransomware attack on August 14, 2025 that followed a compromise of a SonicWall firewall. Investigators say the attacker accessed configuration backups stored in SonicWall’s MySonicWall cloud—an exposure Marquis attributes to an API code change in February 2025—and used configuration data and AES-256-encrypted credentials to bypass MFA. The stolen files included extensive personal and financial information; Marquis says the incident disrupted operations for 74 U.S. banks and forced the firm to defend more than 36 consumer class actions while seeking monetary damages, indemnification and equitable relief.

🔒 Wynn Resorts confirmed an employee data breach after being listed on the ShinyHunters extortion group's leak site and said it activated incident response procedures. The company engaged external cybersecurity experts to investigate and reported that an unauthorized third party acquired certain employee data. Attackers claimed the stolen data had been deleted; Wynn said it has seen no evidence of publication or misuse to date and that guest operations remain unaffected. The company is offering complimentary credit monitoring and identity protection services to employees.

🔓 The extortion group ShinyHunters published a 6.1GB archive on February 21 containing 12.4 million records it alleges were stolen from CarGurus. Have I Been Pwned (HIBP) has added the dataset and reports compromised data types including email addresses, IPs, full names, phone numbers, physical addresses, account IDs, finance application data, dealer details, and subscription information. CarGurus has not confirmed the breach or replied to requests for comment. HIBP says about 70% of the records were already known, leaving roughly 3.7 million newly exposed entries that could be abused for phishing and other scams.

🔒 The ShinyHunters extortion gang claims it stole millions of user records from Dutch telecom Odido, adding the company to its dark‑web leak site and asserting nearly 21 million records were taken. Odido disclosed the incident on February 12, reporting that attackers accessed its customer contact system on February 7 and that exposed fields vary by customer. The carrier said no Mijn Odido passwords, call records, location data, billing data, or identity scans were exposed; ShinyHunters, however, alleges internal corporate data and plaintext passwords were also taken. Odido reported the breach to the Dutch Data Protection Authority, blocked the attackers' access, and engaged external cybersecurity specialists while investigations continue.

📢 Optimizely has confirmed a data breach after attackers used a sophisticated voice‑phishing (vishing) campaign to gain access to some internal systems on or before February 11. The company says the intruders accessed certain CRM records, internal back‑office documents, and basic business contact information but could not escalate privileges, install software, or create backdoors. Optimizely reports no evidence of access to sensitive customer data or personal information beyond business contacts, and business operations remain uninterrupted. It is warning customers to be vigilant for follow‑on phishing attempts leveraging the exposed contact details.

🔒 A threat actor calling themselves LuneBF is claiming to have stolen data belonging to more than 27,000 employees of the RTL Group and its subsidiaries, including Fremantle and M6. The attacker posted a 100-record sample allegedly taken from RTL’s intranet that contains names, emails, postal addresses and phone numbers. RTL has confirmed the incident and said it is investigating; it believes customer data is unlikely to be affected. Security experts warn the exposed contact details could enable targeted phishing, social engineering and pose particular risks to investigative journalists.

🔒 Advantest Corporation reported that its corporate network experienced a ransomware intrusion detected on February 15, prompting immediate isolation of affected systems and the engagement of third-party cybersecurity specialists. Preliminary findings indicate an unauthorized party may have deployed ransomware in portions of the network, though no data theft has been confirmed. The company says it will notify and advise any customers or employees if their information is determined to be impacted. The investigation is ongoing and, to date, no ransomware group has claimed responsibility.

🔓The French Ministry of Finance confirmed a cybersecurity incident in late January after a threat actor used credentials stolen from a civil servant to access the national bank account registry FICOBA. The attacker accessed and likely exfiltrated data for about 1.2 million accounts, including bank identifiers (RIBs/IBANs), account holder names, addresses and sometimes taxpayer identification numbers. Authorities restricted the intruder’s access once detected and say the tax authority DGFiP is working with ANSSI and CNIL to secure systems. Affected users and banking institutions will be notified and warned to remain vigilant against scams.

🔓 PayPal is notifying customers that a software error in its PayPal Working Capital loan application exposed sensitive personal information, including Social Security numbers, for nearly six months. The company says the issue, present from July 1 to December 13, 2025, was caused by a code change that was rolled back after discovery on December 12. PayPal has reset passwords for affected accounts, refunded unauthorized transactions for some users, and is offering two years of Equifax credit monitoring.

🔒 Saxony's State Criminal Police Office (LKA) has created a special commission to investigate a cyberattack on the Staatliche Kunstsammlungen Dresden. The incident, reported on January 21, disrupted significant parts of the institution's digital infrastructure, including its online shop and visitor services, while the physical security systems were reportedly not affected. The Dresden Public Prosecutor General's Office is directing the investigation but has provided no further details. The SKD says it is working closely with a security firm to ensure the safety of collections and visitors.

🔐Modern infostealers harvest credentials, session data, cookies, and local files, turning a single compromise into a persistent identity asset. Specops researchers analyzed over 90,000 infostealer dumps and more than 800 million rows, showing how disparate signals tie accounts, employers, and roles to real people. By blocking known-compromised passwords across Active Directory, Specops Password Policy aims to reduce reuse and downstream enterprise risk.

🔒 Poshmark users face a variety of scams that exploit the platform’s social commerce model and policies. Fraudsters commonly try to move transactions off-platform to avoid the 20% commission, then use phishing links, fake payment confirmations, or malware to steal money and data. Sellers are vulnerable to refund and non-delivery schemes, while buyers risk counterfeit or misrepresented goods. Always keep communications and payments inside Poshmark and verify payments through the app.

🔒 Figure Technology Solutions confirmed a social engineering breach that exposed personal and contact data for 967,200 accounts. Notification service Have I Been Pwned reported files posted in February 2026 containing unique emails, names, phone numbers, physical addresses and dates of birth dating back to January 2026. The extortion group ShinyHunters claimed responsibility and posted roughly 2.5 GB of alleged loan applicant data.

🔒 Dutch police in The Netherlands arrested a 40-year-old man after officers inadvertently sent him a link that allowed downloading of internal documents rather than uploading images. The recipient downloaded confidential files, refused to delete them, and reportedly sought a 'reward,' prompting charges of computervredebreuk (unauthorised access). Authorities searched the suspect's home, seized devices, and reported a data breach while investigating how the error occurred.

🔒 Eurail B.V. confirmed that customer data stolen in a breach earlier this year is now being offered for sale on the dark web, and a sample dataset was published on Telegram. The company says it is still determining which specific records and how many customers are affected, but reported compromised fields may include full names, passport and ID numbers, IBANs, health details, and contact information. GDPR-required notifications have been filed and non-EU authorities will be informed. Customers are urged to change reused passwords, monitor bank accounts closely, and contact privacyhelp@eurail.com for support and FAQs.

🔒 Dutch police arrested a 40-year-old man in Ridderkerk after he downloaded confidential documents that an officer mistakenly shared via a download link and then refused to delete them unless he received "something in return." Authorities detained him on suspicion of computer trespass, searched his home and seized storage devices to recover the files. Police reported the breach and are investigating, saying there is no indication the documents were distributed further.

🔒 Odido, the largest mobile operator in the Netherlands, disclosed a data breach affecting its customer contact system and potentially impacting up to 6.2 million people. While the company says no passwords, call records or billing data were taken, exposed fields reportedly include names, home and email addresses, IBANs, dates of birth and passport/driver's license numbers. Odido has contained the intrusion, engaged external cybersecurity experts and will contact affected customers directly.

🔍 Canada Goose is investigating after data extortion group ShinyHunters published an archive claiming more than 600,000 customer records tied to past transactions. The 1.67 GB JSON dataset reportedly contains names, emails, phone numbers, billing and shipping addresses, IPs, order histories, and partial payment card data (brands, BINs, last four digits). Canada Goose says it has found no evidence of a breach of its own systems and that no unmasked financial data appears present, while it reviews the dataset to verify accuracy and scope.

🔒 South Korea's Personal Information Protection Commission fined Louis Vuitton, Christian Dior Couture, and Tiffany a combined $25 million after cloud-based customer management systems were compromised, exposing data for more than 5.5 million customers. Investigators found an employee device infected with malware at Louis Vuitton and successful phishing and voice-phishing attacks at Dior and Tiffany that granted attackers access to the SaaS platform. Regulators cited failures to enforce IP-based access controls, deploy strong authentication, restrict bulk downloads, and monitor access logs, and penalized late breach notification. The PIPC emphasized that using a SaaS provider does not relieve companies of responsibility for protecting client data.

🔒 South Korea’s Personal Information Protection Commission (PIPC) fined the local subsidiaries of Louis Vuitton, Christian Dior Couture and Tiffany a combined KRW 36.033 billion plus KRW 10.8 million in additional penalties for failures securing customer data processed via a SaaS platform. The regulator found critical lapses — absent IP‑based access restrictions, weak or missing strong authentication, inadequate controls over bulk exports and insufficient log review — that allowed credential theft and social‑engineering attacks to expose personal information. The PIPC stressed that SaaS environments qualify as personal information processing systems under Korean law, placing responsibility squarely on data controllers, and ordered the firms to publicly disclose the enforcement actions.