All news with #data breach tag

🔒 The New Zealand government has launched a review after Manage My Health, a national online patient portal, detected a cyber-attack on 30 December 2025 that may have exposed personal data for roughly 100,000–120,000 users. The vendor says the incident has been contained and the application is secure, but an alleged attacker using the alias 'Kazu' claims to have stolen over 428,000 files and demanded a $60,000 ransom. Health New Zealand, the New Zealand Police and independent forensic teams are involved while the Ministry examines data protections and third-party access across the health system.

🔒 Ledger says some customers had personal data exposed after a breach at third‑party payment processor Global‑e. The company confirmed its own network, hardware, and software were not compromised and that the leaked fields were limited to shopper names and contact information — no payment data, seed phrases, or blockchain secrets were taken. Ledger warned customers to watch for phishing attempts, never disclose their 24‑word recovery phrase, and follow any direct notifications from Global‑e for details.

🔒 Resecurity says it intentionally diverted attackers into a honeypot after individuals claiming ties to the Scattered Lapsus$ Hunters (SLH) alliance posted screenshots alleging a breach. The company reports it detected reconnaissance of exposed services and steered the activity to an emulated environment populated with synthetic consumer and payment records. According to Resecurity, the adversaries interacted with the decoy, generating telemetry that revealed tooling and methods, while independent researchers have found no evidence that production systems or client data were compromised.

🔒 The European Space Agency (ESA) has acknowledged a December server compromise affecting a small number of external, non-corporate servers that support unclassified collaborative engineering activities. The agency says it has informed relevant stakeholders, implemented measures to secure potentially affected devices and launched a forensic analysis. Reports on underground forums claim over 200GB of data was stolen, including source code, CI/CD pipelines and credentials, raising supply chain and operational concerns.

🔓 Ilya Lichtenstein, convicted in connection with the 2016 Bitfinex breach, announced on X that he has been released early and credited the First Step Act for his early disposition. Federal records list his formal release date as February 9, 2026, while a Trump administration official said he is currently on home confinement. Lichtenstein said he intends to work in cybersecurity and thanked supporters, while prosecutors continue efforts to return seized assets to Bitfinex.

🔎 TRM Labs investigators say a 2022 data breach at LastPass enabled sustained thefts that drained millions in cryptocurrency from user wallets over several years. The firm traced approximately $28m stolen from 2024 to early 2025 and a further $7m in September 2025, with funds routed to Russian exchanges and money‑laundering services. Using proprietary demixing techniques, analysts were able to correlate CoinJoin‑mixed transactions to withdrawal clusters tied to Russia‑based infrastructure. The report underscores the long‑tail risk from exposed password vault backups and reiterates the need for MFA and prompt password changes.

🛡️ Threat actors claiming to be the "Scattered Lapsus$ Hunters" published screenshots saying they accessed Resecurity systems and stole employee data, internal communications, threat reports, and client lists. Resecurity disputes the claim, saying the exposed account was a monitored honeypot populated with synthetic datasets to observe attacker behavior. The firm says it collected telemetry, observed OPSEC failures, and shared intelligence with law enforcement.

🔒 ShinyHunters claims it gained full access to cybersecurity firm Resecurity, publishing Telegram screenshots that allegedly show employee records, internal chats, threat intelligence reports, and client data. Resecurity disputes the account, saying the accessed environment was an isolated honeypot populated with synthetic datasets after researchers detected probes in November 2025. The firm reports the actor generated automated exfiltration activity between December 12–24, collected telemetry on proxy infrastructure and tactics, and shared intelligence with law enforcement while the attacker promises to release more evidence.

🚨 Covenant Health disclosed that a May intrusion exposed sensitive patient data for 478,188 individuals after a broader analysis revised the initial July estimate of 7,864. The organization says the breach occurred on May 18 and was discovered on May 26; the ransomware group Qilin later claimed responsibility and said 852 GB of data was taken. Exposed elements may include names, addresses, dates of birth, Social Security numbers, medical record and insurance details, and treatment information. Covenant Health engaged third‑party forensics, reports ongoing review, has strengthened security, and is offering affected patients 12 months of free identity protection.

🔒 Blockchain investigator TRM Labs says a series of cryptocurrency thefts were traced back to the 2022 LastPass breach, where encrypted vault backups containing private keys and seed phrases were stolen. Attackers appear to have slowly decrypted vaults for users with weak or reused master passwords, draining wallets in waves months or years later. TRM also reported that stolen funds were converted to Bitcoin and laundered through Wasabi Wallet CoinJoin mixes before cash‑out via Russian-linked exchanges.

🔒 Trust Wallet disclosed that a second wave of the Shai‑Hulud supply chain attack exposed developer GitHub secrets, including a Chrome Web Store API key, enabling attackers to upload a trojanized extension build directly. The malicious update (v2.68) pushed a backdoor that harvested wallet mnemonic phrases to a domain registered as metrics-trustwallet[.]com, leading to the theft of about $8.5 million from 2,520 addresses. Trust Wallet urged users to update to v2.69, launched a reimbursement claim process, and said it has implemented additional monitoring and controls to strengthen its release procedures.

🔓 The decentralized IP platform Unleash Protocol suffered an unauthorized contract upgrade after an external address gained administrative signing power in its multisig governance, enabling withdrawals. The attacker drained roughly $3.9 million in WIP, USDC, WETH, stIP, and vIP, then bridged funds and deposited 1,337 ETH into Tornado Cash. Unleash has paused operations and engaged external security experts; users should avoid interacting with contracts until the team confirms it is safe.

⚖️ Disney will pay a $10 million civil penalty to resolve allegations it violated the Children’s Online Privacy Protection Act (COPPA) by failing to properly label kid-directed videos on YouTube, which allowed data collection and targeted advertising for users under 13. The Department of Justice, following a referral from the FTC, said YouTube had notified Disney in 2020 about mislabeled content, but the company did not ensure correct Made for Kids designations. The settlement requires Disney to notify parents before collecting children's data and to correct video labels to prevent unlawful targeted ads.

🔒 The European Space Agency (ESA) confirmed a cybersecurity incident affecting a small number of servers located outside its corporate network that supported unclassified collaborative engineering activities. Threat actors claim they accessed JIRA and Bitbucket instances for about a week and exfiltrated over 200GB of data, including source code, CI/CD pipelines, tokens, and configuration files. ESA has initiated forensic analysis, notified relevant stakeholders, and implemented measures to secure potentially affected devices while the investigation continues.

🔔 Coupang announced it will distribute ₩1.685 trillion (about $1.17 billion) in compensation to 33.7 million customers affected by a data breach, with payments beginning January 15, 2026. The company said each customer will receive four single-use vouchers totaling 50,000 won for various Coupang services and products. Coupang reported the breach occurred on June 24, was discovered in mid-November, and has prompted a police investigation into a former IT employee.

🔒 Trust Wallet says attackers who pushed a malicious Chrome extension release on Dec 24 exfiltrated sensitive data and drained roughly $7 million from 2,596 wallet addresses. The compromise involved a malicious JavaScript added to v2.68.0 that bypassed internal release controls; users were urged to update to v2.69. Trust Wallet has begun reimbursing verified victims and strongly warned users not to share seed phrases or private keys.

🔒 A former Coinbase customer support agent was arrested in Hyderabad after investigators linked the individual to a scheme that helped hackers access a company database earlier this year. Coinbase CEO Brian Armstrong said additional arrests are expected. The incident, tied to outsourced agents at TaskUs, affected about 69,500 customers and involved a $20 million ransom demand.

🔔 A newly disclosed MongoDB memory-exposure flaw (CVE-2025-14847, "MongoBleed") and a wave of supply-chain and update-channel compromises defined the final week of 2025. Active exploitation of MongoDB affected tens of thousands of instances worldwide while extension- and package-based attacks, including a compromised Trust Wallet Chrome extension and a malicious npm package, led to immediate thefts and account takeovers. The recap stresses rapid attacker tempo, the abuse of trusted update/support channels, and persistent impacts that can surface months or years after an initial compromise.

🔓 Korean Air warned employees that personal information, including names and bank account numbers, was compromised after its former in-flight catering supplier, Korean Air Catering & Duty-Free (KC&D), notified the carrier it had been hacked. Local outlets report about 30,000 records were exfiltrated, and the Clop ransomware gang has claimed responsibility and posted the alleged data on its leak site. Korean Air reported the incident to authorities, is investigating the scope, and urged staff to remain vigilant for phishing and impersonation attempts.

📰 ESET Chief Security Evangelist Tony Anscombe reviews the key cybersecurity stories closing out 2025, spotlighting significant incidents and trends. He highlights FinCEN's finding that U.S. organizations paid over $2.1 billion in ransomware between 2022 and 2024, and legal action by the Texas Attorney General against major TV manufacturers for alleged secret collection of viewing data. Tony also examines notable breaches and the tactics used by threat actors, offering practical perspective on risks and resilience.