< ciso
brief />
Tag Banner

All news with #data breach tag

785 articles · page 17 of 40

INC ransomware OPSEC lapse allowed recovery for 12 US orgs

🔍 Cyber Centaurs conducted a forensic investigation after a client reported ransomware activity and found a RainINC variant executed from the PerfLogs directory. Analysts discovered artifacts tied to Restic — renamed binaries, PowerShell scripts (notably new.ps1 with Base64-encoded commands) and hardcoded S3 credentials — indicating long-lived attacker-controlled backup repositories. Using a controlled, non-destructive enumeration they recovered encrypted backups for 12 unrelated U.S. organizations across healthcare, manufacturing, technology, and services, preserved copies, and notified law enforcement. The team published findings, a list of tools observed in INC infrastructure, and YARA/Sigma rules to help defenders detect suspicious Restic usage and renamed binaries.
read more →

PcComponentes denies hacker claim of 16M customer breach

🔒 PcComponentes has denied claims by an online actor using the alias 'daghetiaw' that it stole personal data for 16.3 million people. Security platform Hackrisk.io reported the claim and a shared 500,000-line sample, while PcComponentes says there was no unauthorized access to its databases. The retailer attributes the activity to credential stuffing, stresses that raw payment card data were not stored, and says it has implemented measures to strengthen account protection.
read more →

LastPass Phishing Campaign Targets Master Passwords

🔒 LastPass has warned users of an ongoing phishing campaign that began on January 19 and attempts to harvest master passwords by directing recipients to a fake LastPass login page. The fraudulent emails pressure users with a 24-hour "backup your vault" deadline to increase clicks. If credentials are entered, attackers can access the vault and any stored account logins. LastPass is working with partners to take down malicious domains and reiterated it will never request a master password.
read more →

Over 160,000 Companies Notify Regulators of GDPR Breaches

📈 The number of organisations reporting GDPR breaches rose 22% in 2025 to a daily average of 443, according to DLA Piper, making this the first year since 2018 that notifications topped 400. Germany, the Netherlands and Poland recorded the most reports, and analysts pointed to geopolitical unrest and emerging AI-enabled threats as contributors. Annual GDPR fines remained stable at €1.2bn, with Ireland issuing the largest share, including a €530m penalty for TikTok over international data transfers.
read more →

European Space Agency Hit by Multiple Data Breaches

⚠️ The European Space Agency (ESA) has suffered a further significant cybersecurity breach after a December incident, with the Scattered Lapsus$ Hunters group claiming to exfiltrate roughly 500GB of additional data. The stolen material reportedly includes operational procedures, spacecraft and mission documentation, and proprietary contractor data from partners such as SpaceX, Airbus Group, and Thales Alenia Space. ESA has confirmed a criminal investigation is underway amid concerns about systemic security weaknesses.
read more →

PcComponentes denies 16M breach, cites credential stuffing

🔒 PcComponentes says it found no evidence of unauthorized access after investigating claims that a threat actor leaked a 16.3 million‑record customer dataset, but confirmed its platform was targeted in a credential stuffing campaign. The actor posted a 500,000‑record sample and offered the remainder for sale. The company asserts no payment details or passwords are stored and that only a small number of accounts showed exposure of personal data. PcComponentes has deployed CAPTCHA, mandated two‑factor authentication and invalidated active sessions.
read more →

Ingram Micro: 42,000 Employee Records Exposed Globally

🔓 In July 2025, Ingram Micro confirmed a ransomware incident that resulted in the exposure of data for more than 42,000 people. The company told US regulators that attackers accessed records for current and former employees and job applicants, including names, contact details, birth dates, ID numbers and Social Security numbers, plus application materials and employee evaluations. The gang Safepay, active since September 2024, claimed to have stolen about 3.5 terabytes of files. The attack also paralyzed logistics for a week at the global IT distributor, which employs roughly 23,500 people.
read more →

Ransomware and Data Theft Hit Ingram Micro, 42K Affected

🔒 In July 2025 a ransomware attack on distributor Ingram Micro disrupted the company's logistics for about a week, impacting its U.S. headquarters and a German site. The company notified U.S. authorities that more than 42,000 people—current and former employees and job applicants—had personal data stolen, including names, contact details, dates of birth, identity document numbers and Social Security numbers. Documents from hiring processes and employee performance reviews were also exfiltrated, and the ransomware group Safepay, active since September 2024, claimed roughly 3.5 terabytes of data.
read more →

Five Chrome Extensions Hijack Enterprise Sessions, Target HR

🔒 Researchers at Socket uncovered a coordinated campaign in which five Chrome extensions, marketed as productivity tools, clandestinely stole session authentication tokens and enabled full account takeover. More than 2,300 users installed the malicious add-ons, which targeted enterprise HR and ERP platforms such as Workday, NetSuite and SuccessFactors. Some extensions exfiltrated cookies every 60 seconds, while others blocked admin and security pages to prevent incident response. Removal requests have been filed with the Chrome Web Store security team.
read more →

Hacker Pleads Guilty After Leaking Supreme Court Data

🔓 Nicholas Moore, 24, pleaded guilty to hacking the U.S. Supreme Court's restricted electronic filing system and breaching AmeriCorps and VA accounts. Prosecutors say Moore used stolen credentials to access the Court's system at least 25 times between August and October 2023, sometimes logging in multiple times per day, and posted screenshots and victims' data to an Instagram account, @ihackedthegovernment. He also accessed an AmeriCorps account seven times and a VA My HealtheVet account five times, viewing sensitive personal and health information. Moore admitted to one count of computer fraud.
read more →

Ingram Micro: Ransomware Breach Exposed 42,000 People

🛡️ Ingram Micro disclosed a ransomware incident detected on July 3, 2025, that resulted in the theft of files affecting more than 42,000 individuals. The company said stolen documents included employment and job applicant records with names, contact details, dates of birth and government-issued ID numbers, including Social Security numbers. The attack caused a significant outage that disrupted internal systems and prompted staff to work remotely. While Ingram Micro has not officially confirmed the actor, the SafePay group has claimed responsibility and posted files to its leak site.
read more →

UK Concerns: Cyber Breaches, Compliance, Reputation

🔒 A Nardello & Co. survey of 250 senior leaders at UK enterprises (turnover ≥£250m) finds cyber-related breaches are the top risk for 2026: 58% ranked them highest and around three-quarters doubt their ability to manage such incidents. About 20% reported a breach in the past two years. Compliance (37%) and financial crime (30%) are rising concerns amid stronger enforcement, including the UK's new Failure to Prevent Fraud offense. The report also flags readiness gaps: only 44% conduct pre‑hire screening, 48% provide anonymous whistleblowing and 59% deliver regular compliance training.
read more →

CIRO Breach Exposed Data of 750,000 Canadian Investors

🔒 The Canadian Investment Regulatory Organization (CIRO) confirmed a data breach that affected roughly 750,000 Canadian investors. The threat was identified on August 11 and disclosed on August 18, with an extensive forensic analysis completed January 14. Compromised records vary by person and may include dates of birth, phone numbers, income details, social insurance numbers, government IDs, account numbers, and statements. CIRO said it does not store login credentials and will offer two years of free credit monitoring to impacted investors.
read more →

Digital Footprints Can Expose Your Physical Address

🔒Most people underestimate how much personal data is publicly available online. Exposed details — names, past addresses, phone numbers, family ties, and old usernames — make individuals easy targets for doxxing, scams, and stalking. The article advises removing data from people-search sites and directories, either manually or by using a data removal service such as Incogni, which automates searches and sends deletion requests. An Unlimited plan lets you submit custom removal links for broader coverage.
read more →

Eurail/Interrail Customer Database Breach Exposes PII

🔒 Utrecht-based Eurail BV has confirmed that an unauthorized party accessed its customer database, potentially exposing a range of personal information for Interrail pass holders and some DiscoverEU participants. Affected items may include identification data (first and last name, date of birth, gender), contact details (email, home address, telephone) and passport details (number, issuing country, expiry). The company says the investigation is ongoing and that there is currently no indication the data have been misused or publicly shared; it is advising customers to remain vigilant, change passwords for Rail Planner and related accounts, and consult the provider’s FAQ for guidance.
read more →

Grubhub Confirms Data Theft, Faces Extortion Demand

🔒 Grubhub confirmed unauthorized actors downloaded data from certain systems and said it investigated, halted the activity, and is taking steps to strengthen its security posture. The company stated that financial information and order histories were not affected but declined to answer further questions about timing, affected users, or extortion. Grubhub said it is working with a third-party cybersecurity firm and law enforcement, while sources tell BleepingComputer that threat actors are demanding payment.
read more →

Smashing Security Ep.450: Instagram leak and Grok fallout

🔍 Episode 450 explores confusion after claims that data linked to 17.5 million Instagram accounts was put up for sale — a story driven by a vague post, conflicting statements, and an unexpected flood of password‑reset emails. The episode also examines Grok, Elon Musk’s AI chatbot, after it generated sexualised images of women and children, raising urgent questions about guardrails and accountability. Hosts discuss why simple censorship is not a solution.
read more →

Eurail/Interrail Customer Database Breach Exposes PII

🔒 Eurail B.V. has acknowledged unauthorized access to its Interrail customer database, potentially exposing identity, contact and passport information for affected customers. The company says there are no indications of misuse or public sharing so far and that investigations are ongoing. Customers who booked under the EU DiscoverEU program may have had copies of identity documents, IBANs and health data accessed. Eurail recommends vigilance and changing passwords for associated accounts.
read more →

FTC Restricts GM from Selling Drivers' Location Data

📍 The Federal Trade Commission has finalized an order prohibiting General Motors and its OnStar unit from collecting, using, or sharing consumers' precise geolocation and driving-behavior data without express consent. The FTC said GM harvested location data every three seconds through the discontinued Smart Driver feature and sold it to third parties, including consumer reporting agencies, which could affect insurance outcomes. Under the order GM is barred from sharing such data with consumer reporting agencies for five years, must obtain express consent for collection and sharing for 20 years, and must give U.S. customers access, deletion rights, and the ability to disable precise location tracking.
read more →

Kyowon Confirms Customer Data Theft in Ransomware Attack

🔒 Kyowon Group confirmed a ransomware incident in January that disrupted services and resulted in the theft of customer data. The company says roughly 9.6 million accounts (about 5.5 million people) may be affected and that approximately 600 of its 800 servers were impacted. Kyowon is working with authorities and security experts to investigate, restore services, and will disclose confirmed details to customers.
read more →