< ciso
brief />
Tag Banner

All news with #data breach tag

785 articles · page 14 of 40

Special Commission Probes Cyberattack on Dresden Museums

🔒 Saxony's State Criminal Police Office (LKA) has created a special commission to investigate a cyberattack on the Staatliche Kunstsammlungen Dresden. The incident, reported on January 21, disrupted significant parts of the institution's digital infrastructure, including its online shop and visitor services, while the physical security systems were reportedly not affected. The Dresden Public Prosecutor General's Office is directing the investigation but has provided no further details. The SKD says it is working closely with a security firm to ensure the safety of collections and visitors.
read more →

Infostealers: Turning Stolen Credentials into Identities

🔐Modern infostealers harvest credentials, session data, cookies, and local files, turning a single compromise into a persistent identity asset. Specops researchers analyzed over 90,000 infostealer dumps and more than 800 million rows, showing how disparate signals tie accounts, employers, and roles to real people. By blocking known-compromised passwords across Active Directory, Specops Password Policy aims to reduce reuse and downstream enterprise risk.
read more →

Poshmark Scam Risks: How Buyers and Sellers Are Targeted

🔒 Poshmark users face a variety of scams that exploit the platform’s social commerce model and policies. Fraudsters commonly try to move transactions off-platform to avoid the 20% commission, then use phishing links, fake payment confirmations, or malware to steal money and data. Sellers are vulnerable to refund and non-delivery schemes, while buyers risk counterfeit or misrepresented goods. Always keep communications and payments inside Poshmark and verify payments through the app.
read more →

Data Breach at Fintech Figure Exposes Nearly 1 Million

🔒 Figure Technology Solutions confirmed a social engineering breach that exposed personal and contact data for 967,200 accounts. Notification service Have I Been Pwned reported files posted in February 2026 containing unique emails, names, phone numbers, physical addresses and dates of birth dating back to January 2026. The extortion group ShinyHunters claimed responsibility and posted roughly 2.5 GB of alleged loan applicant data.
read more →

Dutch police arrest man after link exposes sensitive files

🔒 Dutch police in The Netherlands arrested a 40-year-old man after officers inadvertently sent him a link that allowed downloading of internal documents rather than uploading images. The recipient downloaded confidential files, refused to delete them, and reportedly sought a 'reward,' prompting charges of computervredebreuk (unauthorised access). Authorities searched the suspect's home, seized devices, and reported a data breach while investigating how the error occurred.
read more →

Eurail Data Breach: Stolen Traveler Records Sold on Dark Web

🔒 Eurail B.V. confirmed that customer data stolen in a breach earlier this year is now being offered for sale on the dark web, and a sample dataset was published on Telegram. The company says it is still determining which specific records and how many customers are affected, but reported compromised fields may include full names, passport and ID numbers, IBANs, health details, and contact information. GDPR-required notifications have been filed and non-EU authorities will be informed. Customers are urged to change reused passwords, monitor bank accounts closely, and contact privacyhelp@eurail.com for support and FAQs.
read more →

Man Arrested After Downloading Confidential Police Files

🔒 Dutch police arrested a 40-year-old man in Ridderkerk after he downloaded confidential documents that an officer mistakenly shared via a download link and then refused to delete them unless he received "something in return." Authorities detained him on suspicion of computer trespass, searched his home and seized storage devices to recover the files. Police reported the breach and are investigating, saying there is no indication the documents were distributed further.
read more →

Odido Breach Exposes Millions of Dutch Customers' Data

🔒 Odido, the largest mobile operator in the Netherlands, disclosed a data breach affecting its customer contact system and potentially impacting up to 6.2 million people. While the company says no passwords, call records or billing data were taken, exposed fields reportedly include names, home and email addresses, IBANs, dates of birth and passport/driver's license numbers. Odido has contained the intrusion, engaged external cybersecurity experts and will contact affected customers directly.
read more →

Canada Goose Investigates After 600K Customer Records Leak

🔍 Canada Goose is investigating after data extortion group ShinyHunters published an archive claiming more than 600,000 customer records tied to past transactions. The 1.67 GB JSON dataset reportedly contains names, emails, phone numbers, billing and shipping addresses, IPs, order histories, and partial payment card data (brands, BINs, last four digits). Canada Goose says it has found no evidence of a breach of its own systems and that no unmasked financial data appears present, while it reviews the dataset to verify accuracy and scope.
read more →

South Korea Fines LVMH Brands $25M Over Data Breach

🔒 South Korea's Personal Information Protection Commission fined Louis Vuitton, Christian Dior Couture, and Tiffany a combined $25 million after cloud-based customer management systems were compromised, exposing data for more than 5.5 million customers. Investigators found an employee device infected with malware at Louis Vuitton and successful phishing and voice-phishing attacks at Dior and Tiffany that granted attackers access to the SaaS platform. Regulators cited failures to enforce IP-based access controls, deploy strong authentication, restrict bulk downloads, and monitor access logs, and penalized late breach notification. The PIPC emphasized that using a SaaS provider does not relieve companies of responsibility for protecting client data.
read more →

PIPC Fines Three Luxury Brands KRW36B for SaaS Failures

🔒 South Korea’s Personal Information Protection Commission (PIPC) fined the local subsidiaries of Louis Vuitton, Christian Dior Couture and Tiffany a combined KRW 36.033 billion plus KRW 10.8 million in additional penalties for failures securing customer data processed via a SaaS platform. The regulator found critical lapses — absent IP‑based access restrictions, weak or missing strong authentication, inadequate controls over bulk exports and insufficient log review — that allowed credential theft and social‑engineering attacks to expose personal information. The PIPC stressed that SaaS environments qualify as personal information processing systems under Korean law, placing responsibility squarely on data controllers, and ordered the firms to publicly disclose the enforcement actions.
read more →

Romania's Conpet Confirms Data Theft After Qilin Attack

🔒Conpet S.A., Romania's national oil pipeline operator, confirmed that the Qilin ransomware gang exfiltrated company data following a breach of its corporate IT environment. The company said operational systems remained unaffected and it is cooperating with the Romanian National Cyber Security Directorate (DNSC) as investigators assess the incident. Qilin claims nearly 1TB of documents and published a proof sample of 16 images containing internal financial records and passport scans; some files are marked confidential and dated as recently as November 2025. Conpet warned that compromised data may be used for fraud and advised potentially impacted individuals to verify any urgent contact using official channels.
read more →

Odido Data Breach Exposes Personal Data of 6.2M Customers

🔐 Odido confirmed a cyberattack that compromised its customer contact system and potentially exposed personal information for about 6.2 million customers. The company said attackers were able to download customer records but that passwords, call logs, location data, invoice details, and scans of identification documents were not accessed. Odido detected the incident on the weekend of February 7, blocked unauthorized access, reported the incident to the Dutch Data Protection Authority, and is notifying affected customers while working with external cybersecurity experts to strengthen controls and increase monitoring.
read more →

Polish Hacker Charged Over 2018 Morele.net Breach case

🔒 Poland's Central Cybercrime Bureau charged a 29-year-old man over the 2018 Morele.net breach that exposed about 2.5 million customers' personal details. Investigators say they reconstructed the attack vector, traced digital breadcrumbs and obtained an admission of responsibility. The incident leaked names, emails, phone numbers, home addresses and md5crypt-hashed passwords, and around 35,000 records contained highly sensitive personal data. Fraudsters quickly weaponised the published database, using SMS and phishing to steal banking credentials.
read more →

Microsoft Store Outlook Add-in Hijacked to Steal Accounts

🔒 The AgreeTo Outlook add-in was hijacked and turned into a full phishing kit that stole more than 4,000 Microsoft account credentials, researchers at Koi Security report. The module, listed on the Microsoft Office Add-in Store since December 2022, relied on an abandoned Vercel-hosted URL that an attacker claimed and used to serve a fake Microsoft sign-in page inside Outlook’s sidebar. Credentials, credit card details and banking security answers were exfiltrated via a Telegram bot API before victims were redirected to the real login page. Microsoft removed the add-in after the disclosure; users should uninstall AgreeTo and reset affected passwords.
read more →

Conduent Breach Exposes Volvo Group North America Data

🔓 Volvo Group North America disclosed an indirect data breach after IT systems at Conduent, a major business services provider, were compromised between October 21, 2024 and January 13, 2025. Nearly 17,000 customers and staff had personal details exposed, including full names, Social Security Numbers, dates of birth, insurance IDs and medical information. Conduent is notifying affected parties and offering at least a year of identity, credit and dark web monitoring plus identity restoration; notification recipients are also advised to consider fraud alerts or a security freeze. The incident adds to other third-party supplier breaches that have recently affected Volvo entities.
read more →

Cyberattack on European Commission Targets MDM System

🔒 The European Commission disclosed a late-January cyberattack that targeted its mobile device management (MDM) platform. Attackers may have accessed names and phone numbers of some staff, though the Commission says there is no evidence that mobile devices themselves were compromised; the incident was contained and the system cleaned within nine hours. Investigators say the breach could be linked to actively exploited vulnerabilities in Ivanti Endpoint Manager Mobile (EPMM), with public exploit code and high-severity CVEs reported.
read more →

January 2026: Global Attacks Rise; Ransomware, GenAI Risk

⚠️ Check Point Research reports a global increase in cyber attacks in January 2026, with organizations experiencing an average of 2,090 attacks per organization per week — a 3% increase from December and 17% above January 2025. The rise is driven by expanding ransomware operations and mounting data‑exposure risks linked to widespread GenAI adoption. Critical sectors are under intensified pressure as threat activity accelerates and adversaries move faster.
read more →

Dutch Agencies Confirm Ivanti EPMM Zero-Day Breaches

🔒 Dutch authorities confirmed the Dutch Data Protection Authority (AP) and the Council for the Judiciary reported system intrusions tied to vulnerabilities in Ivanti Endpoint Manager Mobile (EPMM). Investigators say unauthorized actors accessed work-related data such as names, business email addresses, phone numbers and device details. The European Commission and Finland's Valtori also reported traces or breaches, with Valtori estimating up to 50,000 government employees affected.
read more →

Fugitive in $73M ‘Pig Butchering’ Crypto Scam Sentenced

🏛️ A dual Chinese and St. Kitts and Nevis national, Daren Li, was sentenced in absentia to 20 years in U.S. federal prison for his role in an international cryptocurrency investment fraud commonly called pig butchering or romance baiting. Li pleaded guilty to conspiracy to launder proceeds after his 2024 arrest and later fled in 2025 by cutting off his ankle monitor. The sentence includes three years of supervised release and reflects losses exceeding $73 million.
read more →