All news with #data breach tag

🔒Barts Health NHS Trust has applied to the High Court seeking an order to prevent the sharing, publication or use of data stolen from an Oracle E-business Suite database. A criminal group known as Cl0p posted compressed files on the dark web containing names, addresses and invoicing records relating to patients, suppliers and former staff. The trust says clinical systems and core IT infrastructure were unaffected and it is working with NHS England, the NCSC and law enforcement while notifying regulators.

🔒 Barts Health NHS Trust disclosed that the Cl0p ransomware group stole invoice data from an Oracle E-Business Suite database after exploiting a zero-day vulnerability (CVE-2025-61882). Stolen files include full names and addresses of payers, records of former employees with debts, supplier details, and accounting files relating to Barking, Havering and Redbridge University Hospitals. The trust says its electronic patient record and clinical systems were not affected, has notified the NCSC, Metropolitan Police and the ICO, and is seeking a High Court order while advising patients to check invoices and remain vigilant for suspicious communications.

🔒 Inotiv, an Indiana-based contract research organization, disclosed an August ransomware attack that disrupted operations after networks, databases, and internal applications were taken offline. The company says it has 'restored availability and access' to impacted systems and is notifying 9,542 individuals whose information was stolen. The incident, dated to approximately August 5–8, 2025, was claimed by the Qilin ransomware group, which published alleged samples and asserted it exfiltrated roughly 162,000 files totaling about 176 GB, though Inotiv has not confirmed the specific data types or publicly attributed the attack.

🔒 Coupang disclosed an unauthorized exposure affecting approximately 33.7 million user accounts, an incident investigators trace to long‑neglected token signing keys in its authentication infrastructure. Leaked records reportedly included names, email addresses, shipping address lists and some order details; payment and login credentials were not exposed. Authorities and a joint public-private investigation are probing the breach and potential regulatory violations, and a former authentication engineer is the prime suspect.

🧾 Two Virginia brothers, former federal contractors Muneeb and Sohaib Akhter, have been charged with conspiring to steal sensitive data and deleting roughly 96 government databases after being fired. Prosecutors allege the deletions occurred in February 2025 and that Muneeb also stole IRS and EEOC information for hundreds of individuals. One minute after deleting a DHS database he reportedly asked an AI tool how to clear system logs. Authorities say the pair wiped devices, destroyed evidence, and face multiple federal charges including computer fraud and aggravated identity theft.

🔒This week's ThreatsDay roundup highlights a string of high-impact incidents, from a $9 million DeFi drain and an npm-based self-replicating worm to airport Wi‑Fi evil‑twin attacks and mass camera compromises. Researchers and vendors including Fortinet, Microsoft, and TruffleHog disclosed evolving malware techniques, supply-chain abuse, and widespread credential exposure. Practical protections include minimizing long-lived secrets, enforcing CI/CD safeguards, updating detection for eBPF-based threats, and applying MFA and phishing-resistant controls.

🔒 The Information Commissioner's Office found that an unredacted settlement document related to the long-running Horizon scandal exposed the names, home addresses and postmaster status of 502 litigants on the Post Office website between 25 April and 19 June 2024. The ICO considered a fine just under £1.1m but issued a reprimand under its public sector approach after concluding the breach was not 'egregious'. The regulator criticised the Post Office for lacking documented publishing policies, quality assurance and sufficient staff training; the organisation has offered compensation and 24 months of identity protection and taken steps to remove cached copies and strengthen controls.

🔒 Financial software provider Marquis Software Solutions disclosed a ransomware intrusion on August 14, 2025, after attackers breached a SonicWall firewall and exfiltrated certain files. The incident potentially impacted roughly 400,000 customers across 74 banks and credit unions and involved names, contact details, Social Security and Taxpayer IDs, account information (no security codes), and dates of birth. Marquis says there is no confirmed misuse or publication of the data to date and is notifying affected institutions and state regulators while implementing enhanced security measures, including MFA, patching, account cleanup, and tightened firewall policies.

🔔 French home improvement retailer Leroy Merlin has notified customers in France that certain personal data may have been exposed in a cyberattack, including full names, phone numbers, email and postal addresses, dates of birth and loyalty program details. The company says no banking data or account passwords were involved and that it moved quickly to block unauthorized access and contain the incident. The notice warns customers to be vigilant against phishing and impersonation attempts; BleepingComputer confirmed the notification is genuine and has sought further details. No ransomware group had claimed responsibility at the time of reporting.

🔒 Freedom Mobile detected a breach of its customer account management platform on October 23 after a third party used the account of a subcontractor to access customer records. The carrier says it blocked suspicious accounts and IP addresses and implemented corrective measures and security enhancements. Exposed data include first and last names, home addresses, dates of birth, phone numbers, and Freedom account numbers. Freedom reports no evidence so far of misuse and has urged customers to watch for phishing and check accounts for unusual activity.

⚠️ A vulnerability in Yearn Finance's yETH pool allowed an attacker to mint an enormous amount of yETH and drain approximately $9 million in assets. Check Point Research (CPR) found that a desynchronization between the pool's main supply counter and its cached virtual balances (packed_vbs[]) enabled the exploit. The attacker used flash loans and repeated deposit/withdraw cycles to pollute cached balances, burned LP tokens to reset supply to zero, then deposited 16 wei to trigger faulty "first deposit" logic and mint inflated tokens, later converting stolen LSD assets to ETH and laundering funds.

🔒The University of Phoenix disclosed a data breach tied to a zero-day flaw in Oracle E-Business Suite, saying it detected the incident on November 21 after the extortion group posted the university to its leak site. Phoenix Education Partners filed an SEC 8-K announcing the incident and an ongoing review. The university said attackers accessed names, contact details, dates of birth, Social Security numbers, and bank account and routing numbers for current and former students, employees, faculty and suppliers. Affected individuals will receive mailed notifications with next steps.

🚨The Korean National Police arrested four suspects accused of hacking over 120,000 IP cameras in homes and businesses and selling stolen intimate footage on an overseas illegal adult website. Authorities say the suspects uploaded large volumes of voyeuristic content, identified dozens of victims, and have already arrested some buyers. Police are working with foreign investigators to locate site operators, notify victims, and pursue takedown and remedial actions. Victims were urged to reset passwords, disable unneeded remote access, and apply firmware updates to prevent further compromise.

⚖️ The FTC has proposed a settlement requiring Illuminate Education to delete unnecessary student data and strengthen its security program after a 2021 breach that exposed information for about 10.1 million students. The agency alleges failures including lack of access controls, storing data in plain text, weak patching, and misrepresenting encryption in contracts. The proposed order mandates data minimization, a public retention schedule, prompt breach reporting to the FTC, and will be open for 30 days of public comment; violations could trigger civil penalties.

🔒 Asahi Group Holdings confirmed that a ransomware attack on 29 September, attributed to the Qilin group, resulted in a major data breach affecting over 1.5 million customers and roughly 275,000 employees and family members. The incident disrupted ordering, shipping and production systems across Japan and caused widespread product shortages. Asahi says it did not pay a ransom, has found no evidence the data has been posted publicly, and is strengthening its cybersecurity while notifying those impacted.

🔒 The University of Pennsylvania disclosed that attackers exploited a previously unknown Oracle E-Business Suite zero-day in August to obtain files containing personal information. In a notification filed with Maine's Attorney General, Penn said at least 1,488 individuals had data taken and warned the overall total may be larger. The university reported no evidence so far that the stolen information has been misused or published and has not publicly attributed the intrusion; the incident aligns with a broader campaign linked to the Clop ransomware group.

⚠️ The popular open-source SmartTube YouTube client for Android TV was compromised after the developer's signing keys were stolen, allowing a malicious update to be distributed to users. A hidden native library, libalphasdk.so, was discovered in release builds and appears absent from the public source. The library runs silently, fingerprints devices, registers them with a remote backend, and exchanges encrypted configuration, while the developer has revoked the old signature and plans a rebuilt app under a new ID, though definitive safe versions and a full public post-mortem are not yet available.

🔓 Coupang, South Korea's largest retailer, disclosed a data breach that exposed personal information for 33.7 million customer accounts. The company says the incident occurred on June 24, 2025, but was discovered and investigated beginning November 18, 2025. Exposed fields include full names, phone numbers, email and physical addresses, and order details; payment data and passwords were not affected. Coupang reported the incident to national authorities and warned customers to watch for impersonation attempts.

⚠️ Coupang has confirmed unauthorized access to delivery-related personal information affecting an estimated 33.7 million customers, including names, email addresses and phone numbers. The company says payment details and login credentials were not accessed, and it has blocked the access route and strengthened internal monitoring. Seoul police have identified a suspect, believed to be a former employee who has left South Korea, and are analysing server logs while tracking an IP address tied to the incident.

🔒 The Royal Borough of Kensington and Chelsea (RBKC) has warned residents their data may have been compromised after unusual activity linked to a shared IT service provider was detected earlier this week. The council says it has evidence that some historical data was copied and removed and that the material could end up in the public domain. RBKC urged residents to be vigilant for phishing and social‑engineering attempts via email, text and phone while services are restored, and warned disruption could continue for at least two weeks as investigations and recovery proceed.