< ciso
brief />
Tag Banner

All news with #data breach tag

785 articles · page 12 of 40

Telus Digital Suffers Massive Data Breach by ShinyHunters

🔒 Telus Digital, a BPO provider to global clients, is investigating a significant cybersecurity incident after extortion group ShinyHunters claimed to have exfiltrated up to one petabyte of data. The company says core operations and customer connectivity remain unaffected and that it has engaged leading forensics teams and law enforcement. Early indications point to abuse of legitimate access rather than an obvious malware intrusion, and Telus is notifying affected customers and implementing additional safeguards.
read more →

Loblaw Notifies Customers After Network Data Breach

🔒 Loblaw Companies Limited has detected an intrusion into a contained, non-critical portion of its IT network and confirmed that a criminal third party accessed basic customer information. The exposed data includes names, phone numbers, and email addresses, which could be used for phishing and fraud. Loblaw says there is no evidence that financial information, health data, or account passwords were compromised and that PC Financial has not been impacted. The company has automatically logged customers out, urges users to sign in again and change passwords, and continues to investigate.
read more →

Telus Digital Confirms Breach After Massive Data Theft

🔒 Telus Digital has confirmed a cybersecurity incident after threat actors identifying as ShinyHunters claimed to have exfiltrated nearly 1 petabyte of data from the company's BPO systems over several months. The attackers say they used Google Cloud credentials found in the Salesloft/Drift breach to access a large BigQuery instance and then used trufflehog to locate additional secrets and pivot to other systems. Telus says it discovered unauthorized access to a limited number of systems, engaged forensic experts, is investigating what was stolen and which customers were affected, and reports no evidence of customer connectivity or service disruption.
read more →

Travel Rewards Become Commoditized in Underground Markets

✈️ Flare researchers found that airline miles and hotel points are being treated as commodities in underground markets, where stolen loyalty accounts are traded, redeemed for legitimate bookings, and resold at discounts. Actors post inventory-style listings in messaging groups, often advertising full email access to reduce recovery chances. Observed pricing averaged roughly $1 per 1,000 miles, and major programs were favored for liquidity and resale value. The fraud chain typically follows a four-stage cycle from account takeover to resale.
read more →

Police Scotland fined £66,000 for sharing phone data

⚖️ Police Scotland was fined £66,000 and reprimanded after an Information Commissioner’s Office (ICO) investigation found the force extracted and then mistakenly shared the full contents of a female detective’s phone with the officer she accused of rape. The disclosed material reportedly included intimate photos, medical records and contact details. The ICO said the force failed to limit data sharing, implement appropriate organisational and technical measures, and notify the regulator within the required 72‑hour timeframe.
read more →

Stryker Offline After Wiper Malware Hits Global Systems

🏥 Leading medical technology company Stryker is experiencing a severe, global outage after a wiper malware attack claimed by Handala, an Iran-linked hacktivist group. The attackers say they stole 50 TB of data and remotely wiped over 200,000 systems, servers, and mobile devices, forcing shutdowns across 79 countries. Employees report managed Windows and mobile devices were reset, internal services were disrupted, and some sites reverted to pen-and-paper workflows while Stryker works with Microsoft to restore systems.
read more →

Overly Permissive Guest Settings Threaten Salesforce Data

⚠️ Salesforce is urging customers to review Experience Cloud guest configurations after a reported campaign tied to the cybercrime group ShinyHunters that claims breaches of hundreds of organizations. Attackers are exploiting overly permissive guest user settings and a modified version of the open-source Aura Inspector to scan the /s/sfsites/aura endpoint and extract data. Salesforce recommends auditing guest profiles, disabling public API access for guest users, restricting object visibility, and enforcing least-privilege.
read more →

Mental health apps leaking private data: 2026 audit

🧠 In February 2026, cybersecurity firm Oversecured audited 10 popular Android mental‑health apps and found 1,575 vulnerabilities — 54 rated critical — across apps with a combined 14.7M+ installs. Findings include insecure local storage, hardcoded API endpoints, weak token generation using java.util.Random, and no root detection, contradicting many apps’ claims of full encryption. The report highlights the real risk of exposure of therapy transcripts, mood logs, and medication data and urges users to review permissions, update apps, and avoid third‑party sign‑ins.
read more →

Service-Provider Breach Exposes Data of 15,661 Ericsson

🔒 Ericsson Inc. disclosed a data breach impacting 15,661 employees and customers after a third-party service provider detected suspicious activity and identified possible unauthorized access to stored files. Investigators say files may have been accessed between April 17 and April 22, 2025, and the incident was detected on April 28, 2025; a detailed review completed on February 23 confirmed exposure of personal information. The types of data potentially exposed include names, addresses, Social Security numbers, driver’s licence or government ID numbers, financial and medical information. Ericsson notified the FBI, filed state breach notices, did not name the vendor, and is offering complimentary identity protection services through IDX to affected individuals.
read more →

ShinyHunters Harvests Data from Hundreds of Public Sites

🔒 Salesforce has urged Experience Cloud customers to audit configurations after the ShinyHunters group reportedly stole data from hundreds of sites by exploiting overly permissive guest user settings. Attackers used a customized fork of the open-source Aura Inspector to mass-scan the /s/sfsites/aura API endpoint, identify exposed CRM objects and extract contact details. Salesforce stressed this is a customer configuration issue, not a platform vulnerability, and recommended immediate audits and permission tightening.
read more →

Ericsson US Reports Data Breach via Service Provider

🔒 Ericsson Inc.'s U.S. subsidiary disclosed that attackers stole personal data for an undisclosed number of employees and customers after a breach at a third‑party service provider detected on April 28, 2025. The provider's investigation found files were accessed between April 17 and April 22, 2025, and a review completed on February 23, 2026 identified exposed personal information. Ericsson says it has not seen evidence of misuse and is offering free IDX identity protection and monitoring to affected individuals, with enrollment open through June 9, 2026.
read more →

ShinyHunters Claims Ongoing Salesforce Aura Data Theft

🔒 Salesforce warns customers that attackers are targeting misconfigured Experience Cloud sites by abusing the /s/sfsites/aura API, allowing guest users to access more data than intended. Threat actors have used a modified AuraInspector scanner and bespoke exfiltration tools; the extortion group ShinyHunters claims responsibility and reports hundreds of compromises. Salesforce stresses this stems from customer guest‑user settings, not a platform vulnerability, and provides immediate mitigation guidance.
read more →

TriZetto Provider Solutions Breach Exposes 3.4M Patients

🔒 TriZetto Provider Solutions (TPS) has reported a breach that impacted more than 3.4 million individuals after suspicious activity was detected in a customer-facing web portal on 2 October 2025. TPS confirmed that no payment card or bank account data were taken, but said names, addresses, dates of birth, Social Security numbers and health insurance identifiers may have been accessed. The company, owned by Cognizant, says it is working with law enforcement, has implemented additional security measures and is offering credit monitoring to those affected.
read more →

Cognizant TriZetto Breach Exposes 3.4M Patient Records

🔒 TriZetto Provider Solutions, part of Cognizant, disclosed a breach that exposed sensitive health and insurance records for about 3,433,965 individuals. The company detected suspicious portal activity on October 2, 2025, and determined that unauthorized access began on November 19, 2024. Exposed data may include names, addresses, dates of birth, Social Security numbers, Medicare and insurance identifiers, provider and insurer names, and other demographic or health information. TriZetto says no payment card or bank account data were exposed, has engaged external cybersecurity experts, notified law enforcement, alerted providers on December 9, 2025, and began customer notifications in early February 2026; affected individuals are being offered 12 months of credit monitoring and identity protection services from Kroll.
read more →

International Takedown of LeakBase Cybercrime Marketplace

🔒 Law enforcement across 14 countries seized the LeakBase cyberforum, taking its database and two domains and targeting roughly 142,000 users. Authorities executed around 100 coordinated actions beginning March 3, including arrests, search warrants, and interviews in multiple jurisdictions. The captured data reportedly contained credential pairs, payment card details, bank account information, and other sensitive personally identifiable and business data. Investigators say the technical seizure unmasked users who believed they were operating anonymously and that authorities delivered prevention messages while continuing to trace digital trails.
read more →

Wikipedia hit by self-propagating JavaScript worm

🛡️ The Wikimedia Foundation experienced a security incident after a self‑propagating JavaScript worm began vandalizing pages and modifying user scripts across multiple wikis. The malicious code, traced to a user script User:Ololoshka562/test.js uploaded in March 2024, injected loaders into both user-level and global MediaWiki:Common.js. Engineers temporarily restricted editing, reverted malicious edits, rolled back affected user scripts, and removed the injected code, but a full post‑incident report has not yet been published.
read more →

Europol and Amsterdam Police Shut Down Leakbase Market

🔒 Europol coordinated a multi-country operation with Amsterdam police that shut down Leakbase, described as one of the world's largest marketplaces for stolen data. Authorities seized the platform's servers in Amsterdam and said Leakbase had about 142,000 registered users worldwide. Investigators in 14 countries executed around 100 raids, targeting roughly 37 main users. The probe began in the Netherlands in 2023 and involved close cooperation with the U.S. FBI.
read more →

Europol, Amsterdam Police Shut Down LeakBase Data Market

🔒 Amsterdam police, working with Europol and international partners, have shut down LeakBase, a major online marketplace for stolen data whose servers were located in Amsterdam. The platform had about 142,000 registered users and has been seized as part of a joint operation involving investigators from 14 countries and the FBI. Authorities conducted around 100 targeted operations aimed at 37 primary users. The site now displays a police notice warning that trading stolen data is a criminal offense.
read more →

Europol-led Operation Seizes LeakBase Data Breach Forum

🔒 Europol and international partners have taken down LeakBase, an English-language forum that trafficked stolen credentials and stealer logs, seizing two domains and the site's customer database. Coordinated actions on March 3 included arrests, house searches and interviews across the US, Australia, Belgium, Poland, Portugal, Romania, Spain and the UK. Europol said 37 of the forum’s most active users were targeted and vowed to continue tracing offenders as part of Operation Leak.
read more →

FBI and Europol Seize LeakBase Forum for Stolen Credentials

🔒 A coordinated international operation by the FBI and Europol dismantled LeakBase, a major clearnet forum used to trade stolen credentials and financial data. Authorities seized the site (leakbase[.]la), preserving user accounts, posts, private messages, credit details and IP logs as evidence. The disruption, dubbed Operation Leak, targeted administrators and heavy users and follows reporting that the forum hosted stealer logs and large hacked databases used in account takeover and fraud.
read more →