All news with #data breach tag

🔒 Coinbase confirmed that a contractor improperly accessed data for approximately 30 customers in a December incident, and the individual no longer performs services for the company. Impacted users were notified, provided identity theft protection services, and Coinbase disclosed the incident to relevant regulators. Screenshots of an internal support panel briefly appeared on Telegram and were associated with the 'Shiny Lapsus Hunters' posts, showing customer PII, KYC details, and wallet balances, though attribution remains unclear.

🚨 Step Finance announced on January 31 that attackers compromised devices belonging to several executives, resulting in the theft of roughly $40 million in digital assets. The Solana-based DeFi analytics and execution platform engaged external cybersecurity researchers and law enforcement and has recovered about $4.7 million so far through Token22 protections and partner coordination. Some operations are paused to strengthen security. Users are advised not to interact with the STEP token while a pre-exploit snapshot and remediation plan are processed.

🗂️ Iron Mountain says a recent incident claimed by the Everest extortion group was limited primarily to marketing materials. Attackers used a compromised credential to access a single public-facing file-sharing folder containing vendor marketing files; no customer confidential data or other systems were affected. The company confirmed no ransomware or malware was deployed and the compromised credential has been deactivated.

🛡️ The UK Information Commissioner’s Office has opened a formal investigation into X and its AI assistant Grok after reports the system generated non-consensual sexual images using people’s personal data. The inquiry will assess whether such data were processed lawfully, fairly and transparently and whether appropriate safeguards were integrated into Grok’s design and deployment to prevent harmful image manipulation. The ICO has requested urgent information from X and warned the reports raise risks of significant harm, particularly to children.

🔍 The UK Information Commissioner's Office has opened a formal investigation into X and its Irish subsidiary after reports that the AI assistant Grok generated nonconsensual sexually explicit images using individuals' personal data. The ICO said it contacted X and xAI on January 7 to request urgent information and will assess whether X Internet Unlimited Company and X.AI LLC processed data lawfully and had adequate safeguards. The regulator warned that loss of control over intimate personal data can cause immediate and significant harm, especially where children are involved.

🔍 The financial sector saw cyber incidents more than double in 2025 (864 → 1,858), driven by three dominant trends: surging DDoS campaigns, a sharp rise in data breaches and leaks, and the commercialization of cybercrime-as-a-service. These threats exploited weaknesses in cloud security, identity governance, and third-party risk. Banks and fintechs must accelerate adoption of layered defenses, continuous monitoring, and stronger vendor controls to maintain resilience.

🔓 Security researchers at Wiz discovered a public Supabase API key in Moltbook’s client-side JavaScript that granted unauthenticated read/write access to the production database. The misconfiguration—absence of Row Level Security (RLS) policies—exposed around 1.5 million agent tokens, roughly 30,000 email addresses and thousands of private messages. With write privileges an attacker could impersonate any agent, inject malicious content or prompt-injection payloads, and deface the site. Moltbook’s developer has since remediated the issue after multiple rounds of fixes with Wiz.

🔒 A months-long supply chain attack redirected update traffic for notepad-plus-plus.org to attacker-controlled servers, enabling malicious manifests to be served to the built-in WinGUp updater and, in some cases, pointing users to compromised executables. Investigators conclude the intrusion stemmed from a compromise of the shared hosting provider infrastructure rather than a flaw in the Notepad++ code. Logs suggest the breach began in June 2025, with direct server access ending on 2 September 2025 while exposed credentials lingered until 2 December 2025.

🔒 Have I Been Pwned reports that a January 2026 data breach at Panera Bread exposed roughly 5.1 million unique email addresses and associated contact information, rather than 14 million distinct customers as initially claimed. The files, totaling about 760 MB, were published by the ShinyHunters extortion group after an alleged failed ransom attempt. ShinyHunters says it gained access via a Microsoft Entra SSO code as part of a broader vishing campaign targeting SSO providers. Panera has confirmed the incident to authorities and said the data is contact information.

🔒 NationStates has confirmed a data breach after taking its browser-based game offline following a player-reported vulnerability that resulted in remote code execution on the production server. The attacker exploited a double-parsing and input sanitization flaw in the Dispatch Search feature to copy application code and user data, including email addresses, MD5 password hashes, login IPs, and browser User-Agent strings. NationStates says telegram contents were likely partially exposed, is wiping and rebuilding the production environment, has reported the incident to authorities, and expects service to be restored within two to five days.

🔒 A threat actor is automating data-extortion attacks against publicly exposed MongoDB instances, compromising roughly 1,400 servers and leaving ransom notes demanding about 0.005 BTC (~$500). Researchers at Flare found over 208,500 publicly reachable MongoDB servers, with 3,100 allowing access without authentication and nearly half of those already wiped. There is no guarantee that paying ransoms will restore data or provide working keys. Victims are urged to avoid public exposure, enforce strong authentication, apply network controls, and keep instances updated.

📞 Notorious extortion group ShinyHunters released tens of gigabytes of files it claims were stolen from dating services including Hinge, Match, OkCupid and Bumble. Researchers link the disclosures to a broader campaign that combines automated phishing kits with voice-based social engineering to capture credentials and MFA tokens in real time. Security firm Silent Push detected a 'Live Phishing Panel' and infrastructure consistent with SLSH activity targeting more than 100 high-value organizations. Organizations are advised to verify IT support calls through official out-of-band channels and audit OSS logs for suspicious device enrollments and new-IP logins.

🔒Match Group confirmed a security incident after the ShinyHunters group leaked 1.7 GB of compressed files allegedly containing about 10 million records from Hinge, Match, and OkCupid, along with internal documents. The company says it terminated unauthorized access, is working with external experts, and believes a limited amount of user data was exposed with no indication that login credentials, financial information, or private communications were accessed. Match Group is notifying affected individuals as appropriate and continuing its investigation.

🔒 Marquis Software Solutions says a ransomware attack in August 2025 that disrupted systems serving dozens of U.S. banks and credit unions was enabled by a breach at SonicWall's cloud backup service. Rather than exploiting an unpatched firewall, attackers used configuration data taken from backup files accessed after unauthorized access to the MySonicWall portal, according to Marquis and a third-party investigation. Marquis is evaluating options including seeking recoupment of response costs for itself and affected customers. SonicWall has acknowledged the MySonicWall breach and said a Mandiant probe linked the incident to state-sponsored actors.

🔒 France Travail has been fined €5 million by the CNIL after a March 2024 cyber-attack that potentially exposed personal data for an estimated 43 million jobseekers. The regulator found failures including weak authentication for Cap Emploi advisors, insufficient logging and monitoring, and overly broad access permissions, breaching Article 32 of the GDPR. France Travail must provide evidence of corrective measures on a strict timeline or face a €5,000 daily fine.

📢 France Travail was fined €5 million by CNIL after a 2024 breach exposed personal data for up to 43 million job seekers. CNIL said attackers used social engineering to hijack CAP EMPLOI advisers' accounts, exposing names, birth dates, national insurance numbers, addresses, emails and phone numbers. The watchdog ordered documented corrective measures and warned of €5,000 daily penalties if the agency fails to comply.

📈 The Identity Theft Resource Center (ITRC) reports a record 3,332 US data "compromises" in 2025, a 5% rise from 2024. Despite the higher incident count, individual victims fell to 279 million from 1.4 billion, driven by the absence of large-scale "mega breaches" seen in 2023. Financial services was the hardest-hit sector with 739 compromises (22%). The ITRC warned that opaque breach notices—70% lacked attack type—undermine consumer protection and urged Zero Trust, stronger identity verification and greater transparency.

📈 A new DLA Piper report finds that notifications of GDPR violations across the EU averaged 443 reports per day in 2025, a 22% increase over 2024. The firm cautions that the dataset does not definitively explain the rise but highlights likely drivers such as geopolitical tensions, new attacker technologies, and expanded mandatory reporting laws. Annual fines remained near €1.2 billion while cumulative penalties total about €7.1 billion since 2018.

⚠️ MicroWorld Technologies, maker of eScan, confirmed a breach of a regional update server that delivered an unauthorized, later-analyzed malicious update to a subset of customers during a two-hour window on January 20, 2026. The company says it isolated and rebuilt the affected infrastructure, rotated credentials, and issued a remediation tool. Security firm Morphisec published a technical analysis linking a modified Reload.exe to multi-stage malware and a backdoor named CONSCTLX.exe, and the vendors dispute who reported the incident first.

🔒 Cybersecurity researcher Jeremiah Fowler uncovered a publicly accessible database containing 149 million login credentials, including usernames, plaintext passwords and direct login URLs. Affected accounts span major tech and streaming providers, with about 48 million Gmail entries, 17 million Facebook and 6.5 million Instagram records. Fowler attributes the collection to keyloggers and infostealer malware and warns the dataset enables automated credential-stuffing, targeted fraud and convincing phishing campaigns.