< ciso
brief />
Tag Banner

All news with #data breach tag

785 articles · page 11 of 40

UK Sanctions Xinbi Marketplace Linked to Asian Scam Centers

🚫 The UK’s Foreign, Commonwealth and Development Office has sanctioned Xinbi, a Chinese-language marketplace accused of selling stolen personal data and satellite internet equipment to Southeast Asian scam networks and assisting North Korean actors with cryptocurrency laundering. Chainalysis links Xinbi to over $19.9 billion in transactions from 2021–2025. The measures also target #8 Park and operator Legend Innovation Co, aiming to sever Xinbi from legitimate crypto services and disrupt payments to scam centers.
read more →

Russia Arrests Suspected Owner of LeakBase Forum in Rostov

🔒 Russian police in the Rostov region arrested a Taganrog resident accused of owning and administering the cybercrime forum LeakBase. The forum, launched in 2021 and linked to the ARES threat group, grew to over 142,000 members and was used to trade stolen databases, exploits, and illicit services. In March 2026 authorities from the FBI and 14 other countries dismantled the site during Operation Leak, seizing the domain and preserving the forum database and logs as evidence.
read more →

LeakBase Forum Admin Arrested in Russia Over Data Trade

🔒 Russian authorities have arrested the alleged administrator of LeakBase, a major cybercrime forum accused of trading stolen personal databases since 2021. The suspect, reported to be a resident of Taganrog, was detained and technical equipment seized during a search. Officials say the platform hosted hundreds of millions of accounts, bank details and corporate documents and had over 147,000 registered users. The site was dismantled earlier this month and its content preserved for evidentiary purposes.
read more →

LiteLLM PyPI Package Compromised in TeamPCP Attack

🔒 The LiteLLM PyPI package was compromised by the TeamPCP group, which pushed malicious releases (1.82.7 and 1.82.8) that execute a hidden payload on import. Version 1.82.8 also installed a litellm_init.pth so the code runs at Python interpreter startup. The payload deploys a credential stealer, establishes persistence, and exfiltrates encrypted archives to attacker infrastructure. Users should immediately check installations and rotate secrets.
read more →

HackerOne: Employee Data Exposed After Navia Breach

🔒 HackerOne is notifying employees that their personal data was exposed after a compromise of benefits administrator Navia. The company reported a Broken Object Level Authorization (BOLA) vulnerability allowed an unknown actor to access Navia records between December 22, 2025 and January 15, 2026, affecting 287 employees. Exposed fields include Social Security numbers, names, contact details, dates of birth, and plan enrollment information. HackerOne advised monitoring accounts, changing passwords tied to exposed data, and using the 12‑month identity protection and credit monitoring Navia is offering.
read more →

Infinite Campus Warns of Salesforce Breach, Extortion

🔒 Infinite Campus warned customers of a data breach following an extortion claim from a threat actor who said they accessed an employee's Salesforce account. The company says the exposed information appears to be primarily public directory data for school staff and that no customer databases were accessed. Infinite Campus declined to engage with the attacker and has disabled certain customer-facing services while scanning potentially affected records and notifying impacted districts.
read more →

Dutch Ministry of Finance Confirms Systems Breach Detected

🛡️ The Dutch Ministry of Finance confirmed unauthorized access to some of its systems after being notified by a third party on March 19. ICT security detected the intrusion and access to affected systems has been blocked while an investigation is ongoing. The incident disrupted work for a portion of employees but, the ministry says, did not affect systems that manage tax collection, customs, or income-linked subsidies. Officials have not disclosed the number of employees impacted, whether data was stolen, or an attribution for the attack.
read more →

Mazda reports security breach exposing partner data

🔒 Mazda Motor Corporation disclosed unauthorized access to a warehouse management system used for parts procured from Thailand, affecting 692 records containing employee and business partner information. The exposed data types included user IDs, full names, email addresses, company names and business partner IDs, and Mazda says no customer data was involved. The company reported the incident to the Personal Information Protection Commission and implemented security patches, reduced internet exposure, increased monitoring and stricter access controls while investigating with external specialists.
read more →

Crunchyroll Investigates Breach Affecting 6.8M Users

🔒 Crunchyroll is investigating claims that attackers stole personal data for roughly 6.8 million users after compromising a support agent's Okta SSO credentials. The actor says they accessed multiple applications — including Zendesk, Slack and Google Workspace — and downloaded about 8 million support tickets containing names, emails, IPs, locations and ticket contents. Intrusive payment details were reportedly present only when customers shared them in tickets. The attacker demanded $5 million in extortion but, according to the actor, received no response.
read more →

Data Analyst Guilty of $2.5M Extortion Against Brightly

🔒 A North Carolina contractor, 27-year-old Cameron Curry (aka "Loot"), was convicted for extorting his employer, Brightly Software, after stealing payroll and corporate data during a six-month contract that ran through December 2023. Curry sent more than 60 threatening emails from lootsoftware@outlook.com demanding $2.5 million and attached screenshots of employee PII. Brightly paid $7,540 in Bitcoin, the FBI seized devices following a January 24, 2024 search, and Curry now faces up to 12 years in prison.
read more →

Navia data breach exposes personal details of 2.7M

🔒 Navia Benefit Solutions says an unauthorized actor accessed its systems between December 22, 2025 and January 15, 2026, potentially exposing records for nearly 2.7 million people. The company discovered the activity on January 23, 2026 and launched an investigation, which found the actor acquired names, dates of birth, Social Security numbers, phone numbers, email addresses, plus HRA, FSA and COBRA enrollment details. Navia says claims and financial account information were not exposed. Affected individuals are being offered 12 months of identity protection and credit monitoring through Kroll, and federal law enforcement has been notified; no ransomware group has claimed responsibility.
read more →

Bitrefill Attributes Early March Cyberattack to Lazarus

🛡️ Bitrefill says a cyberattack in early March was likely carried out by North Korea’s Lazarus/BlueNoroff cluster, citing reused IPs, emails, malware, and on-chain tracing as linking indicators. The company traced the intrusion to a compromised employee laptop and stolen legacy credentials that exposed a snapshot containing production secrets and some cryptocurrency wallets. Bitrefill reports about 18,500 exposed purchase records (including 1,000 with names), believes losses were limited and will be covered from capital, and is strengthening security controls and monitoring.
read more →

Global Surge in Mobile Banking Malware Targets 1,243 Brands

📱 Zimperium zLabs reports a global surge in mobile banking malware targeting 1,243 financial brands across 90 countries. The firm analysed 34 active malware families affecting apps with more than three billion downloads and found industrialised campaigns exploiting weak app protections and widespread code sharing. Attacks now intercept authentication codes, hijack live sessions and can take control of devices, undermining traditional backend fraud controls.
read more →

FCA updates reporting to cover cyber and third-party

🔒 The FCA has issued clarified rules on reporting cyber-related incidents and supplier outages to give firms greater certainty about what to report and when. The update creates a streamlined regime coordinated with the PRA and the Bank of England, introduces a single reporting portal, removes duplicated reporting for payment service providers and credit rating agencies, and refines required information so most firms can use a short form. Firms have 12 months to prepare; the changes take effect on 18 March 2027.
read more →

Aura Confirms Data Breach Exposing 900,000 Contacts

🔒 Aura confirmed an unauthorized party accessed nearly 900,000 records containing names and email addresses after a voice‑phishing attack targeted an employee. The company says the data came from an inherited marketing tool tied to a 2021 acquisition and affected roughly 20,000 current and 15,000 former customers, while noting Social Security numbers, account passwords, and financial data were not exposed. Have I Been Pwned added the leak to its database and observed customer service comments and IP addresses among the files. Aura is conducting an internal review with external experts, has notified law enforcement, and plans to send personalized notifications to affected individuals.
read more →

Marquis Data Theft: 672,075 Records Exposed in 2025

🔒 Marquis, a Texas-based financial services provider, says a ransomware gang stole data for 672,075 people after compromising a SonicWall firewall on August 14, 2025. The attackers exfiltrated names, dates of birth, addresses, phone numbers, Social Security and Taxpayer Identification numbers, and financial account details without security codes. The breach disrupted operations at 74 banks and has prompted lawsuits and numerous consumer class actions.
read more →

South Korean Agency Exposes Crypto Wallet Recovery Phrase

🔐The South Korean National Tax Service inadvertently published the mnemonic recovery phrase for a seized Ledger cold wallet when releasing photos from raids on high‑value tax evaders. The unredacted handwritten note allowed anyone to restore the wallet and transfer assets, and within hours 4 million Pre‑Retogeum (PRTG) tokens—about $4.8 million at the time—were moved out. The incident highlights operational security failures in handling digital evidence and the critical importance of redaction and custody procedures.
read more →

UK's Companies House Confirms WebFiling Security Flaw

🔒 Companies House says its WebFiling service is back after a security flaw introduced in October 2025 exposed data for about five million U.K. companies. The bug let authenticated users view other firms' dashboards — including dates of birth, residential addresses and company email addresses — by navigating back after attempting a 'file for another company' action. The agency says no passwords or identity‑verification documents were accessed, and it has reported the issue to the ICO and NCSC while investigating whether any data was accessed or changed without permission.
read more →

Companies House WebFiling Glitch Exposes Corporate Data

🛑 The UK’s Companies House has suspended its WebFiling dashboard after researchers Dan Neidle and John Hewitt revealed a simple flaw that allows an authenticated user to view another company’s dashboard by selecting “file for another company” and using the browser back button to bypass an authentication code. The weakness could expose personal and corporate details for millions of directors and, in some cases, permit unauthorized changes to registrations. The agency is investigating and directors are advised to review their filings.
read more →

Starbucks Discloses Data Breach Affecting Employees

🔒 Starbucks disclosed a data breach that exposed personal and financial information from Starbucks Partner Central accounts belonging to employees. The company says it discovered unauthorized access on February 6 after threat actors obtained login credentials via websites impersonating Partner Central, compromising 889 accounts. Exposed data may include names, Social Security numbers, dates of birth, and bank account/routing numbers. Starbucks notified law enforcement and is providing two years of Experian identity and credit monitoring to affected partners.
read more →