All news with #data breach tag

🔓 A leaked MySQL archive containing 323,986 BreachForums user records surfaced in January, revealing hashed passwords, private messages, forum posts, and registration metadata. Security firm Resecurity reported the leak also included a password-protected PGP private key and a 4,400-word manifesto titled 'Doomsday' attributed to an individual calling themselves James. Have I Been Pwned traced the breach to August, months before multiple law enforcement takedowns and arrests weakened the platform's ecosystem. Observers say the exposure further erodes trust in large public crime forums and may push sophisticated actors to smaller, invite-only communities.

🔒 The University of Hawaii System says a ransomware gang breached a single research project at the UH Cancer Center on August 31, 2025, and exfiltrated study data that included historical files containing Social Security numbers. Upon discovery, affected systems were disconnected, external cybersecurity experts were engaged, and the university said it negotiated with the threat actors to secure a decryption tool. UH reported arranging for the secure destruction of the illegally obtained data and said it will notify individuals once contact information is confirmed. The institution has installed endpoint protection, replaced compromised systems, reset credentials, updated firewall software, and initiated third-party security audits.

🔒 Target is investigating claims that an unknown threat actor published samples of internal source code on public Gitea repositories and is advertising a larger dataset for sale. The posted sample included a SALE.MD index listing roughly 57,000 lines and an estimated archive size of ~860 GB. After BleepingComputer alerted Target, the sample repos were removed and the retailer's developer Git server at git.target.com became inaccessible externally. Commit metadata and repository structure suggest the material may have originated from private internal infrastructure.

🔒 Spanish energy provider Endesa and its operator Energía XXI disclosed unauthorized access to their commercial platform that exposed customer contract-related data. The company says the intruder accessed basic identification, contact details, national ID numbers (DNI), contract records, and payment information such as IBANs, while account passwords were not affected. Endesa says it blocked compromised internal accounts, preserved logs for forensic analysis, notified relevant authorities including the Spanish Data Protection Agency, and increased monitoring. Threat actors claim to be offering roughly 1TB of SQL data—allegedly ~20 million records—for sale; the investigation is ongoing and affected customers are being notified.

🔓 A leaked SQL database tied to the BreachForums dark-web forum was published by a site associated with the ShinyHunters collective, according to Resecurity. The archive reportedly contains meta-data for 323,986 MyBB users, including usernames and IP addresses, though some IPs appear sanitized or set to loopback values. Resecurity warns that copies from other sources may be booby-trapped and recommends obtaining the dataset from its site.

🔐 Meta says it patched a bug that allowed an external party to mass-request Instagram password reset emails and denies any systems breach after claims that data from more than 17 million accounts was posted online. Malwarebytes warned customers of a 17.5M-account dump containing phone numbers, emails, addresses and Instagram IDs, though not every record includes all fields. Meta told reporters it is not aware of an API incident in 2022 or 2024, and Instagram accounts remain secure. Users should ignore unsolicited reset emails, enable two-factor authentication, and stay alert to phishing and smishing attempts.

🛑 The California Privacy Protection Agency ordered Rickenbacher Data LLC, operating as Datamasters, to stop selling Californians' health and personal information and fined the firm $45,000 for failing to register as a data broker under the California Delete Act. Regulators found Datamasters bought and resold hundreds of millions of records—names, emails, addresses and phone numbers—targeting people by medical conditions, age, perceived race, political views and purchases. The agency ordered deletion of previously acquired California records by the end of December, requires any newly received Californian data to be purged within 24 hours, and imposed five years of compliance measures; CalPrivacy also fined S&P Global $62,600 for an administrative registration lapse.

🔐 A backup of the BreachForums MyBB users table and an associated PGP key were published in a 7Zip archive, exposing 323,988 account records and administrator key material. The leaked archive includes a databoose.sql users table and a passphrase-protected PGP private key; without the passphrase the key cannot be used to sign messages. Analysis found most IPs were set to a local loopback (127.0.0.9), but roughly 70,296 records map to public IPs, creating OPSEC risks for affected users and potential intelligence value for law enforcement. The forum administrator acknowledged the leak, saying the files were temporarily left in an unsecured folder during recovery and recommending disposable email addresses for members.

🔒 The Illinois Department of Human Services (IDHS) said that misconfigured privacy settings on a public mapping website exposed personal and health-related information for nearly 700,000 residents. Maps intended for internal resource planning were publicly accessible for years, revealing addresses, case numbers, demographics, and plan names for many Medicaid and Medicare Savings Program recipients, and additional identifying details for some rehabilitation services customers. IDHS restricted access, reviewed exposed maps, blocked future uploads of identifiable customer data to public mapping platforms, and has notified affected individuals and regulators.

🔒 The founder of surveillance company pcTattletale pleaded guilty on January 6 to federal charges including computer hacking, conspiracy, and unlawful advertising of surveillance software. Fleming openly promoted the product on YouTube as a way to 'catch a cheater' and touted it as '100% Undetectable.' A May 2024 data breach that exposed more than 138,000 customer accounts precipitated the service shutdown. Sentencing is scheduled for April 3, 2026.

⚖️ The State of Texas secured a temporary restraining order against Samsung, barring it from collecting audio and visual data about what Texas consumers watch on Samsung smart TVs using Automated Content Recognition (ACR). The court found the enrollment process deceptive and opaque, relying on 'dark patterns' that make informed consent impractical. The order halts ACR use, sale, transfer, and data collection for Texas-based TVs pending further proceedings.

⚠️ A maximum-severity vulnerability (CVE-2026-21858, 10/10) lets unauthenticated remote attackers fully compromise self-hosted n8n instances by exploiting a content-type parsing flaw in webhook/form handling. Cyera reports more than 100,000 vulnerable servers. The bug allows attackers to control file metadata in req.body.files, enabling arbitrary file reads, secret exfiltration, session forgery and potential command execution. n8n recommends updating to 1.121.0 and restricting public webhook endpoints.

🔒 ownCloud has urged users to enable multi-factor authentication (MFA) after reports that threat actors used credentials stolen via infostealer malware to access self-hosted file-sharing instances. The company said the platform was not breached via a zero-day or vulnerability; attackers reused credentials harvested by malware such as RedLine, Lumma, and Vidar. ownCloud recommends enabling MFA, resetting passwords, invalidating sessions, and reviewing access logs to protect data.

🔒 Brightspeed is investigating claims that the hacking group Crimson Collective obtained personally identifiable information for over one million customers and disrupted connectivity. The group posted a sample of the data on Telegram in early January and later said it had disconnected many users' home internet, although Brightspeed has not confirmed outages or the breach. The purported dataset includes account records, geolocation details, payment histories and masked card data. The ISP is probing the incident while the authenticity and scope of the claims remain unclear.

🚗 Jaguar Land Rover (JLR) says a September 2025 cyberattack forced production shutdowns and resulted in a 43.3% year‑on‑year decline in third‑quarter wholesale volumes. Production only returned to normal by mid‑November and global distribution delays further reduced sales. JLR booked a £196 million hit, confirmed data theft, and said the incident was claimed by the Scattered Lapsus$ Hunters. The U.K. government later approved a £1.5 billion loan guarantee to help stabilise supply chains while tariffs and the planned discontinuation of legacy Jaguar models also weighed on performance.

🔒 Sedgwick has confirmed a security incident affecting its federal contractor subsidiary, Sedgwick Government Solutions. The company says the parent firm's network was not affected and that the incident involved an isolated file transfer system. Sedgwick notified law enforcement, engaged external cybersecurity experts, and reported no evidence of access to claims management servers. The TridentLocker ransomware group claims to have exfiltrated 3.39 GB of documents and posted samples on a Tor leak site.

🔒 A former Coinbase customer service agent was arrested in Hyderabad, India, after allegedly accepting bribes from criminal gangs to access and sell sensitive customer records, Coinbase CEO Brian Armstrong announced. The incident, disclosed in May 2025, involved compromised support staff leaking data on nearly 70,000 customers, including IDs and financial details. Coinbase refused a US $20 million ransom and instead committed that sum to a reward fund while cooperating with law enforcement.

🔐 A threat actor known as Zestix is offering corporate data reportedly stolen from dozens of companies after breaching ShareFile, Nextcloud, and OwnCloud instances. Hudson Rock links initial access to credentials harvested by infostealers such as RedLine, Lumma, and Vidar, often delivered via malvertising or ClickFix campaigns. Many affected accounts lacked multi-factor authentication, enabling unauthorized access and large-scale data exfiltration.

🔒 Brightspeed is investigating claims that the extortion group Crimson Collective stole sensitive information belonging to more than one million customers. The U.S. broadband provider said it is rigorous in securing networks and is looking into a reported cybersecurity event, promising to keep customers, employees, and authorities informed. Crimson Collective posted on Telegram that the haul includes PII, account and payment details, and appointment/order records, and threatened to publish a sample to force a response.

🔓 Ilya Lichtenstein, convicted in the 2016 Bitfinex exchange breach, has been released from prison early and transferred to home confinement under the First Step Act. Sentenced to five years in November 2024 for money laundering tied to the attack, he served about 14 months before the transfer. Authorities previously recovered roughly 94,000 of the 119,754 stolen bitcoin, making the case one of the largest seizures in US history.