All news with #data breach tag

🔒Conpet S.A., Romania's national oil pipeline operator, confirmed that the Qilin ransomware gang exfiltrated company data following a breach of its corporate IT environment. The company said operational systems remained unaffected and it is cooperating with the Romanian National Cyber Security Directorate (DNSC) as investigators assess the incident. Qilin claims nearly 1TB of documents and published a proof sample of 16 images containing internal financial records and passport scans; some files are marked confidential and dated as recently as November 2025. Conpet warned that compromised data may be used for fraud and advised potentially impacted individuals to verify any urgent contact using official channels.

🔐 Odido confirmed a cyberattack that compromised its customer contact system and potentially exposed personal information for about 6.2 million customers. The company said attackers were able to download customer records but that passwords, call logs, location data, invoice details, and scans of identification documents were not accessed. Odido detected the incident on the weekend of February 7, blocked unauthorized access, reported the incident to the Dutch Data Protection Authority, and is notifying affected customers while working with external cybersecurity experts to strengthen controls and increase monitoring.

🔒 Poland's Central Cybercrime Bureau charged a 29-year-old man over the 2018 Morele.net breach that exposed about 2.5 million customers' personal details. Investigators say they reconstructed the attack vector, traced digital breadcrumbs and obtained an admission of responsibility. The incident leaked names, emails, phone numbers, home addresses and md5crypt-hashed passwords, and around 35,000 records contained highly sensitive personal data. Fraudsters quickly weaponised the published database, using SMS and phishing to steal banking credentials.

🔒 The AgreeTo Outlook add-in was hijacked and turned into a full phishing kit that stole more than 4,000 Microsoft account credentials, researchers at Koi Security report. The module, listed on the Microsoft Office Add-in Store since December 2022, relied on an abandoned Vercel-hosted URL that an attacker claimed and used to serve a fake Microsoft sign-in page inside Outlook’s sidebar. Credentials, credit card details and banking security answers were exfiltrated via a Telegram bot API before victims were redirected to the real login page. Microsoft removed the add-in after the disclosure; users should uninstall AgreeTo and reset affected passwords.

🔓 Volvo Group North America disclosed an indirect data breach after IT systems at Conduent, a major business services provider, were compromised between October 21, 2024 and January 13, 2025. Nearly 17,000 customers and staff had personal details exposed, including full names, Social Security Numbers, dates of birth, insurance IDs and medical information. Conduent is notifying affected parties and offering at least a year of identity, credit and dark web monitoring plus identity restoration; notification recipients are also advised to consider fraud alerts or a security freeze. The incident adds to other third-party supplier breaches that have recently affected Volvo entities.

🔒 The European Commission disclosed a late-January cyberattack that targeted its mobile device management (MDM) platform. Attackers may have accessed names and phone numbers of some staff, though the Commission says there is no evidence that mobile devices themselves were compromised; the incident was contained and the system cleaned within nine hours. Investigators say the breach could be linked to actively exploited vulnerabilities in Ivanti Endpoint Manager Mobile (EPMM), with public exploit code and high-severity CVEs reported.

⚠️ Check Point Research reports a global increase in cyber attacks in January 2026, with organizations experiencing an average of 2,090 attacks per organization per week — a 3% increase from December and 17% above January 2025. The rise is driven by expanding ransomware operations and mounting data‑exposure risks linked to widespread GenAI adoption. Critical sectors are under intensified pressure as threat activity accelerates and adversaries move faster.

🔒 Dutch authorities confirmed the Dutch Data Protection Authority (AP) and the Council for the Judiciary reported system intrusions tied to vulnerabilities in Ivanti Endpoint Manager Mobile (EPMM). Investigators say unauthorized actors accessed work-related data such as names, business email addresses, phone numbers and device details. The European Commission and Finland's Valtori also reported traces or breaches, with Valtori estimating up to 50,000 government employees affected.

🏛️ A dual Chinese and St. Kitts and Nevis national, Daren Li, was sentenced in absentia to 20 years in U.S. federal prison for his role in an international cryptocurrency investment fraud commonly called pig butchering or romance baiting. Li pleaded guilty to conspiracy to launder proceeds after his 2024 arrest and later fled in 2025 by cutting off his ankle monitor. The sentence includes three years of supervised release and reflects losses exceeding $73 million.

🔍 Two Connecticut men were indicted for an alleged scheme that used about 3,000 stolen identities to defraud online gambling platforms, including FanDuel, of roughly $3 million. Prosecutors say Amitoj Kapoor and Siddharth Lillaney purchased PII on darknet markets and Telegram, maintained a spreadsheet called "Tracker.xlsx", and used services like TruthFinder and BeenVerified to pass verification. The indictment charges multiple counts including wire and identity fraud, aggravated identity theft, and money laundering; both were arrested and released on $300,000 bond.

🔒 BridgePay Network Solutions has confirmed a ransomware attack triggered a system-wide IT outage, according to security alerts published on February 6. Initial forensic work indicates no payment card data appears to have been compromised and that any accessed files were encrypted. The company said it is working with cybersecurity specialists, the FBI and the US Secret Service and that recovery may be lengthy; it will provide regular updates to affected customers and partners.

🔒 The European Commission is investigating a breach after detecting traces of a cyberattack against its mobile device management platform on 30 January. The incident may have exposed some staff names and mobile numbers, but investigators say there is no evidence that individual mobile devices were compromised. The Commission says the affected system was contained and cleaned within nine hours. The activity is believed to be linked to exploitation of Ivanti Endpoint Manager Mobile (EPMM) vulnerabilities.

🔒 BridgePay Network Solutions confirmed a ransomware incident that took multiple payment systems offline, triggering a nationwide outage. The company says it has engaged federal law enforcement, including the FBI and U.S. Secret Service, and retained external forensic and recovery teams. Initial forensics report no payment card data compromised, files were encrypted, and restoration is ongoing with no ETA.

🔒 Substack has confirmed a security incident in which an unauthorized third party accessed limited user information, including email addresses, phone numbers and other internal metadata. CEO Chris Best said the company detected evidence of the issue on February 3 and notified some users on February 5, saying the data collection occurred in October 2025. Substack stated that no financial data or passwords were accessed, that the vulnerability has been fixed, and that a full investigation is underway.

⚠️Flickr says a vulnerability in a third‑party email service may have exposed member names, email addresses, IP addresses, general location data, Flickr usernames, account types and records of platform activity. The company says it shut off access to the affected system within hours on February 5, 2026, and that passwords and payment card data were not compromised. Flickr urged affected users to review account settings, remain vigilant for phishing, and change reused passwords while it investigates and strengthens monitoring of third‑party providers.

🔒 Spain's Ministry of Science partially shut down several IT systems after reporting a "technical incident" that suspended citizen- and company-facing services. A threat actor using the alias GordonFreeman claims to have exploited an IDOR vulnerability to obtain full-admin credentials and posted samples of personal records, email addresses, enrollment applications and screenshots of official paperwork. The forum post has been taken offline and the leaked data has not been independently verified. The ministry said it will extend affected deadlines while assessing the incident.

🔐 Substack disclosed that a third party exploited an unspecified weakness in its systems in October, exposing user email addresses, phone numbers and other internal metadata. The company identified the issue on February 3, said it has fixed the vulnerability, and is conducting a full investigation. Substack maintains the breach did not include passwords, credit card numbers, or financial data, but has not disclosed the full scope or publicly posted a detailed incident report.

🔒 Substack informed users that an unauthorized third party accessed limited account data in October 2025, including email addresses, phone numbers, and other internal metadata. CEO Chris Best said the company discovered the issue on February 3 and has fixed the vulnerability, stressing that passwords, credit card numbers, and financial information were not accessed. A dataset of 697,313 alleged records was posted to BreachForums, and Substack warned of potential phishing attempts.

🔐 The Akira ransomware group claims it breached Bremen-based steel trader Buhlmann Group and exfiltrated roughly 55 gigabytes of sensitive data, according to a darknet post. Buhlmann has not issued an official corporate statement; a company spokeswoman told local outlet buten un binnen that a U.S. subsidiary's IT system was compromised. The company says its German and EU operations are not affected.

🔒 Betterment disclosed a January incident in which threat actors accessed systems and stole contact and personal data from an estimated 1,435,174 accounts, including names, email addresses and location details. The attackers also sent fraudulent promotional emails promoting a cryptocurrency reward scam; Betterment says clicking the message did not compromise accounts. A forensic review with CrowdStrike found no evidence of customer account, password, or login credential theft, and the company reports the unauthorized access has been removed.