All news with #data breach tag

🛡️ Ingram Micro disclosed a ransomware incident detected on July 3, 2025, that resulted in the theft of files affecting more than 42,000 individuals. The company said stolen documents included employment and job applicant records with names, contact details, dates of birth and government-issued ID numbers, including Social Security numbers. The attack caused a significant outage that disrupted internal systems and prompted staff to work remotely. While Ingram Micro has not officially confirmed the actor, the SafePay group has claimed responsibility and posted files to its leak site.

🔒 A Nardello & Co. survey of 250 senior leaders at UK enterprises (turnover ≥£250m) finds cyber-related breaches are the top risk for 2026: 58% ranked them highest and around three-quarters doubt their ability to manage such incidents. About 20% reported a breach in the past two years. Compliance (37%) and financial crime (30%) are rising concerns amid stronger enforcement, including the UK's new Failure to Prevent Fraud offense. The report also flags readiness gaps: only 44% conduct pre‑hire screening, 48% provide anonymous whistleblowing and 59% deliver regular compliance training.

🔒 The Canadian Investment Regulatory Organization (CIRO) confirmed a data breach that affected roughly 750,000 Canadian investors. The threat was identified on August 11 and disclosed on August 18, with an extensive forensic analysis completed January 14. Compromised records vary by person and may include dates of birth, phone numbers, income details, social insurance numbers, government IDs, account numbers, and statements. CIRO said it does not store login credentials and will offer two years of free credit monitoring to impacted investors.

🔒Most people underestimate how much personal data is publicly available online. Exposed details — names, past addresses, phone numbers, family ties, and old usernames — make individuals easy targets for doxxing, scams, and stalking. The article advises removing data from people-search sites and directories, either manually or by using a data removal service such as Incogni, which automates searches and sends deletion requests. An Unlimited plan lets you submit custom removal links for broader coverage.

🔒 Utrecht-based Eurail BV has confirmed that an unauthorized party accessed its customer database, potentially exposing a range of personal information for Interrail pass holders and some DiscoverEU participants. Affected items may include identification data (first and last name, date of birth, gender), contact details (email, home address, telephone) and passport details (number, issuing country, expiry). The company says the investigation is ongoing and that there is currently no indication the data have been misused or publicly shared; it is advising customers to remain vigilant, change passwords for Rail Planner and related accounts, and consult the provider’s FAQ for guidance.

🔒 Grubhub confirmed unauthorized actors downloaded data from certain systems and said it investigated, halted the activity, and is taking steps to strengthen its security posture. The company stated that financial information and order histories were not affected but declined to answer further questions about timing, affected users, or extortion. Grubhub said it is working with a third-party cybersecurity firm and law enforcement, while sources tell BleepingComputer that threat actors are demanding payment.

🔍 Episode 450 explores confusion after claims that data linked to 17.5 million Instagram accounts was put up for sale — a story driven by a vague post, conflicting statements, and an unexpected flood of password‑reset emails. The episode also examines Grok, Elon Musk’s AI chatbot, after it generated sexualised images of women and children, raising urgent questions about guardrails and accountability. Hosts discuss why simple censorship is not a solution.

🔒 Eurail B.V. has acknowledged unauthorized access to its Interrail customer database, potentially exposing identity, contact and passport information for affected customers. The company says there are no indications of misuse or public sharing so far and that investigations are ongoing. Customers who booked under the EU DiscoverEU program may have had copies of identity documents, IBANs and health data accessed. Eurail recommends vigilance and changing passwords for associated accounts.

📍 The Federal Trade Commission has finalized an order prohibiting General Motors and its OnStar unit from collecting, using, or sharing consumers' precise geolocation and driving-behavior data without express consent. The FTC said GM harvested location data every three seconds through the discontinued Smart Driver feature and sold it to third parties, including consumer reporting agencies, which could affect insurance outcomes. Under the order GM is barred from sharing such data with consumer reporting agencies for five years, must obtain express consent for collection and sharing for 20 years, and must give U.S. customers access, deletion rights, and the ability to disable precise location tracking.

🔒 Kyowon Group confirmed a ransomware incident in January that disrupted services and resulted in the theft of customer data. The company says roughly 9.6 million accounts (about 5.5 million people) may be affected and that approximately 600 of its 800 servers were impacted. Kyowon is working with authorities and security experts to investigate, restore services, and will disclose confirmed details to customers.

🔒 The French data protection authority, CNIL, fined Free Mobile and parent company Free a combined €42 million for insufficient protection of customer data after an October 2024 breach that exposed information of nearly 23 million subscribers. CNIL cited weak VPN authentication, poor detection of abnormal activity, delayed notifications, and excessive data retention. The companies must complete security fixes and perform mandated data clean-up within required deadlines.

⚠️ Pax8 confirmed it mistakenly emailed a CSV attachment on January 13 that contained internal pricing and Microsoft licensing data to fewer than 40 UK-based partners. Recipients reported the file listed about 56,000 entries covering roughly 1,800 partners, with fields including partner and customer IDs, SKUs, license counts, renewal dates, and booking details. Pax8 asked recipients to delete the message, required deletion confirmations, and said it launched an internal review. The company maintains the file did not contain personally identifiable information and that marketplace availability and security controls were not affected.

🔒The Victorian Department of Education has notified parents that an unauthorized third party accessed a database containing student names, school names, year levels and school-issued email addresses, along with encrypted passwords for accounts that use those emails. The department said more sensitive fields such as birth dates, home addresses and phone numbers were not exposed. All student passwords have been reset and access to school accounts is blocked until new credentials are issued; VCE students will be prioritised. Authorities say they removed the attack vector and have not found evidence the data was publicly released or shared, and further updates will be provided.

🔒 Monroe University disclosed that threat actors accessed its network from December 9 to December 23, 2024, and stole personal, financial, and health information affecting 320,973 people. The university said stolen records may include names, dates of birth, Social Security numbers, government IDs, medical and insurance data, account usernames, passwords, and financial account information. Notifications began January 2 and affected individuals were offered one year of free credit monitoring through Cyberscout; the incident follows prior ransomware attacks and broader targeting of higher education institutions.

🛡️ Central Maine Healthcare disclosed a security incident after discovering unauthorized access to its systems between March 19 and June 1, 2025. The investigation, completed on November 6, 2025, determined that 145,381 individuals — including patients and current or former employees — may have had sensitive information exposed. Exposed data types vary by person and can include full names, dates of birth, treatment and service details, provider names, health insurance information, and Social Security Numbers. CMH has begun notifying affected individuals, is offering free credit monitoring, and has set up a dedicated patient support line to answer questions and accept reports of potential data misuse.

🔒 Betterment confirmed a breach after an attacker used a third-party marketing platform to send fraudulent crypto reward emails to a subset of customers on January 9. The messages, sent from the legitimate subdomain address 'support@e.betterment.com', claimed to triple Bitcoin and Ethereum deposits and included wallet addresses and large deposit deadlines. The actor accessed customer contact data (names, emails, physical addresses, phone numbers, dates of birth) but did not access customer accounts or expose account credentials. Betterment removed the unauthorized access, warned customers, and said it will publish a post-mortem while strengthening defenses against social engineering.

🔒 Multiple current and former Target employees confirmed that source code and documentation shared by a threat actor match the company's internal systems. The leaked sample contains real system names (e.g., BigRED, TAP [Provisioning]), proprietary codenames and tooling references, including Vela-based CI/CD and JFrog Artifactory. Target enacted an "accelerated" change restricting access to its on-prem Git server to the corporate network and VPN after the disclosure.

🔒 Multiple current and former Target employees told BleepingComputer that a sample of source code and documentation published by a threat actor matches real internal systems. A screenshot of company-wide Slack shows an "accelerated" security change effective January 9, 2026, restricting access to git.target.com to Target-managed networks or VPN. The 14MB sample contains internal names like "BigRED" and "TAP" and references to Vela, Hadoop datasets, and JFrog Artifactory. The threat actor claims a full archive of ~860GB; the root cause remains under investigation.

🔒 If you learn your personal or financial data is on the dark web, act quickly: cybercriminals use stolen PII, credentials, session cookies and payment details to commit account takeover, identity theft and fraud. Immediately change compromised passwords, enable MFA (prefer authenticator apps or hardware keys), sign out of all devices, scan for infostealer malware and contact your bank to freeze or reissue cards. For longer-term protection, freeze credit, tighten privacy settings, use email aliasing and a password manager, and enroll in monitoring services such as HaveIBeenPwned.

🔓 On January 9, 2026, a database containing 323,986 BreachForums user records was published on a site named after the ShinyHunters gang, exposing usernames, email addresses, password hashes and IP addresses. The leak was accompanied by a roughly 4,400‑word manifesto from someone calling themselves "James", who names alleged cybercriminals and claims responsibility. The provenance and motive remain unclear, though the dump could provide law enforcement with investigative leads and highlights the limits of perceived anonymity on criminal forums.