All news with #data breach tag

📢 The U.S. House Committee on Homeland Security has requested Instructure CEO Steve Daly to testify about two recent ShinyHunters attacks that breached the Canvas learning platform and disrupted final exams. The incidents exposed student and staff data and defaced login portals, impacting institutions nationwide. The committee seeks details on containment, notification, coordination with federal agencies, and raises concerns about Instructure’s incident response.

🔒 The ICO fined South Staffordshire Water Plc and parent South Staffordshire Plc £963,900 after a cyberattack that exposed the personal data of 663,887 customers and employees. The incident, traced back to September 2020 and active mainly between May and July 2022, began with a phishing intrusion that enabled malware to remain undetected for 20 months. The regulator identified multiple security failures, including insufficient privilege controls, monitoring that covered only about 5% of the IT estate, use of obsolete software and poor vulnerability and patch management.

🔒 Škoda Auto has disclosed a data breach after attackers exploited a vulnerability in its online shop software, gaining unauthorized access to customer records. The automaker said the issue was detected via technical security monitoring, the flaw was fixed, and the incident was reported to authorities. Stolen data included names, addresses, contact details, order information, and login credentials (email and hashed passwords), while full credit card data was not stored on the compromised system. Škoda has engaged IT forensics, warned customers about potential phishing and credential reuse, and urged vigilance.

🔒 RubyGems has temporarily disabled new account registrations after a coordinated malicious campaign targeted the registry, forcing maintainers to pause signups while they investigate. Mend.io and RubyGems report hundreds of affected packages; some contained exploits and junk spam. The maintainers are removing malicious gems, blocking bot accounts, and coordinating with Fastly to enable a WAF and tighter rate limits before reopening signups.

🛡️ Instructure says it reached an agreement with ShinyHunters after a breach of its Canvas LMS that exposed usernames, emails, course names, enrollments, and messages. The actor returned the stolen data and supplied shred logs confirming destruction. Instructure attributes the intrusion to XSS flaws in the Free-for-Teacher environment, has restored Canvas, and temporarily disabled that free tier while investigating and monitoring activity.

🔒 Instructure said it reached an agreement with an unauthorized actor after a breach that exposed data from its Canvas learning platform, asserting the stolen data was returned and digitally destroyed. The company said the agreement covers all impacted customers and that it believes no customers will be separately extorted. It has engaged forensic vendors, revoked credentials, rotated keys, and temporarily disabled Free‑For‑Teacher accounts while it completes its review.

🔒 A ShinyHunters “pay or leak” extortion campaign has targeted the education sector after the compromise of Instructure, operator of the Canvas LMS. The April 25 breach reportedly exposed around 275 million records and more than 3.65 TB of data via a vulnerability in the Free‑For‑Teacher Canvas version. After an initial ransom demand and a May 8 deadline, the group extended its timeline and began school‑by‑school extortion, defacing roughly 330 institutional login pages. Affected organizations are urged to change Canvas‑related passwords, enable multi‑factor authentication and heighten phishing awareness.

🔒 A ShinyHunters campaign has compromised data for over 197,000 Zara customers, according to HaveIBeenPwned. Stolen items include unique email addresses, product SKUs, order IDs and support ticket data after stolen authentication tokens from analytics provider Anodot were used to access BigQuery and Snowflake instances; the group leaked a claimed 140GB trove. Inditex says no names, passwords or payment details were affected and operations remained unaffected. Other reported victims include Vimeo, Rockstar Games and McGraw Hill.

🔒 NVIDIA confirmed that GeForce NOW user information was exposed in a breach limited to Armenia after a regional partner's infrastructure was compromised. The company said its own network and NVIDIA-operated services were not affected and it is assisting the partner. Regional operator GFN.am said the incident occurred March 20–26 and that impacted users will be notified. Exposed fields reportedly include names, emails, phone numbers, dates of birth and usernames; no passwords were exposed.

🔒 RansomHouse has claimed responsibility for last week's intrusion into Trellix's source code repository, publishing a small set of images as proof of access to the vendor's appliance management system. Trellix confirmed unauthorized access on May 1 and said it immediately engaged leading forensic experts and notified law enforcement. The company reported no evidence so far that its source code release or distribution process was affected and continues to investigate.

🔓 Have I Been Pwned says hackers exfiltrated data tied to Zara affecting 197,400 unique email addresses and associated order SKUs, order IDs, market information, and support tickets. Inditex confirmed the compromised databases were hosted by a former technology provider but said attackers did not access names, phone numbers, postal addresses, credentials, or payment card data. The extortion group ShinyHunters claimed responsibility and posted a 140GB archive allegedly taken from BigQuery using compromised Anodot tokens.

🔒 Instructure's Canvas platform was taken offline on May 7 after the cybercrime group ShinyHunters defaced login pages and posted a ransom demand claiming to hold data on 275 million students and faculty at nearly 9,000 institutions. Instructure had acknowledged a breach on May 6, saying the stolen records include names, email addresses, student ID numbers and user messages but not passwords or financial information. The outage, timed during many institutions' final exams, disrupted coursework while schools and the vendor evaluated exposure and potential extortion responses.

🔒 The ShinyHunters extortion group defaced Canvas login portals for roughly 330 colleges and universities, replacing standard pages with an extortion message that demanded payment by May 12, 2026. The same message also appeared in the Canvas app and was visible for about 30 minutes before being taken offline. Instructure has taken Canvas offline while confirming that data was stolen and continuing its investigation. BleepingComputer reports the group claims the theft includes extensive student and staff records.

⚠️The MAXHUB Pivot client (versions prior to v1.36.2) contains a vulnerability (CVE-2026-6411) that can expose tenant email addresses and related metadata in cleartext due to a hardcoded AES key embedded in the application. An attacker who obtains the encrypted data can decrypt it, and the product's MQTT enrollment mechanism may be abused to register multiple unauthorized devices, potentially causing denial of service. MAXHUB released v1.36.2 via OTA; update immediately.

🛡️ Disc Soft has confirmed that certain Daemon Tools Lite installers were Trojanized and released in a compromised build (version 12.5.1) after unauthorized interference in its build environment. The company released a malware-free update, Version 12.6, within 12 hours of notification and says the incident is contained. Users who installed the impacted release are advised to uninstall the application, run a full system scan with trusted security software, and reinstall only the verified package from the official site.

🔍 ESET Research uncovered a cluster of fraudulent Android apps, dubbed CallPhantom, that promised call histories, SMS records and WhatsApp logs for any phone number but delivered fabricated entries and charged users for access. The apps collectively amassed over 7.3 million downloads on Google Play before ESET reported them on 16 December 2025 and the identified packages were removed. Operators used varied payment flows—official Play subscriptions, third‑party UPI links and embedded card checkouts—making refunds and cancellations difficult for many victims.

🔍 Meta’s smart glasses were found to upload audio and video to contractors in Nairobi for human labelling, prompting the dismissal of 1,108 workers after whistleblowers exposed the practice. The episode contrasts that privacy failure with a measured analysis of the Linux Copy Fail privilege‑escalation issue and an experiment by Jake Moore demonstrating how a convincing deepfake passed a remote job interview. Practical takeaways include patching kernels promptly, strengthening hiring verification, and demanding clearer vendor transparency.

🔒 Instructure says it is investigating a breach after the extortion group ShinyHunters claimed to have stolen 280 million records tied to students, teachers, and staff across 8,809 colleges, school districts, and online education platforms. The actors allege they accessed names, email addresses, private messages and enrollment data by abusing Canvas export features such as DAP queries, provisioning reports and user APIs. Instructure has acknowledged the incident but has not provided detailed public answers; several universities have begun their own inquiries.

🔒 Vimeo disclosed an April breach tied to compromised Anodot credentials that allowed the ShinyHunters extortion group to exfiltrate data. After failed extortion, the group published a 106GB archive and Have I Been Pwned says roughly 119,200 email addresses and some names were exposed. Vimeo states that user login credentials, payment card data, and video content were not accessed, and it disabled the Anodot integration while engaging third-party investigators and notifying law enforcement.

🔒 Trellix disclosed on May 4 that threat actors gained unauthorized access to a portion of its source code repository and that it has notified law enforcement while working with leading forensic experts. The company, formed from the merger of McAfee Enterprise and FireEye, said it has found no evidence that its source code release or distribution process was affected or exploited. Trellix sells threat intelligence and AI-powered detection services including NDR and EDR and will share further details once the investigation concludes.