< ciso
brief />
Tag Banner

All news with #data breach tag

785 articles · page 2 of 40

Two Scattered Spider members plead guilty in TfL hack

🔒 Two members of the Scattered Spider collective admitted launching a cyberattack against Transport for London that caused extensive disruption and financial losses. Thalha Jubair and Owen Flowers changed their pleas to guilty at Woolwich Crown Court, with sentencing set for July 22. The breach affected in-station systems and online services, forced password resets for 28,000 staff, and exposed millions of personal records. Investigations by the National Crime Agency and City of London Police linked seized devices and messaging evidence to the attack.
read more →

KDDI Breach Exposes Millions of Japanese Email Accounts

📧 KDDI has confirmed an unauthorized intrusion into an email system it provides to several Japanese ISPs, potentially exposing up to 14.22 million email addresses and passwords. The incident, detected on June 17, affected customers across multiple providers, including JCOM, Nifty, Biglobe and others. KDDI said the attacker likely exploited a vulnerability in third-party software and has implemented technical countermeasures. The company is collaborating with affected ISPs and authorities and has urged users to change their passwords.
read more →

DOJ Seizes Cloud Account Linked to HuiOne Group

📰 The U.S. Department of Justice announced the seizure of a cloud computing account used by subsidiaries of Cambodia-based HuiOne Group, as the Treasury sanctioned individuals and entities tied to Prince Group. The account hosted backend infrastructure for illicit marketplaces, including HuiOne Guarantee, which facilitated large-scale crypto fraud, money laundering services, and the sale of crimeware and exploitative tools. Authorities say these platforms enabled conversion of stolen cryptocurrency into the legitimate banking sector and supported human trafficking and violent control measures at scam compounds.
read more →

Tata Electronics Confirms Cyberattack, Data Leaked

🔒 Tata Electronics confirmed a cybersecurity incident that affected parts of its IT infrastructure but said operations continued normally and remained unaffected. The company said response protocols were deployed immediately after detection. The disclosure responds to claims by the World Leaks group, which posted directories and documents allegedly containing manufacturing data for Apple products. BleepingComputer has contacted Apple for comment about potential exposure of proprietary data.
read more →

Xsolis data breach compromises 1.4M patient records

🔒 Xsolis, a U.S. healthcare technology provider, detected a targeted phishing attack that led to unauthorized access to parts of its network in January 2026. The company says files containing sensitive customer information—such as names, addresses, dates of birth, insurance details, Social Security numbers, and medical treatment data—were accessed, affecting 1,396,519 individuals. Xsolis contained the breach, engaged external cybersecurity experts, reset user passwords, enhanced monitoring, accelerated employee security training, and is notifying impacted individuals with offered identity monitoring services.
read more →

DifyTap vulnerabilities expose cross-tenant AI data

🛡️ Cybersecurity researchers disclosed four vulnerabilities in Dify, an open-source agentic workflow platform, that could let attackers read AI conversations across tenants without authentication. Codenamed DifyTap by Zafran Security, two flaws are critical and three enable cross-tenant impact on Dify's multi-tenant cloud service. Issues include authorization bypasses, path traversal to internal Plugin Daemon APIs, and file preview leaks. Patches were released in v1.14.2 for all but one flaw, with the remaining fix forthcoming.
read more →

Klue OAuth breach expands as Icarus claims attack

🔒 Klue confirmed an incident on June 12 in which attackers used a compromised legacy credential to obtain OAuth tokens connecting Klue to third-party platforms, including Salesforce. The company says customer content stored in Klue was not impacted and that the breach was limited to integrations; affected credentials and tokens were revoked and CrowdStrike engaged. Cybersecurity firms ReliaQuest and Huntress reported extensive Salesforce data exfiltration, and the Icarus extortion group has publicly claimed responsibility.
read more →

Texas license vendor breach exposes 3M+ records

🔒 The Texas Parks and Wildlife Department disclosed a breach at its external license system vendor that exposed personal information for 3,087,721 hunting and fishing license customers. The Texas Cyber Command discovered the intrusion and confirmed no Social Security numbers, dates of birth, or financial data were affected. Exposed fields may include driver’s license data, passport numbers, emails, phone numbers, and residential addresses. TPWD is working with the vendor on enhanced safeguards and offering affected individuals one year of free credit monitoring.
read more →

Salesforce disables Klue app after OAuth breach

🔒 Salesforce has disabled the Klue Battlecards app integration after unusual activity tied to a Klue security incident on June 11, 2026, which may have allowed unauthorized access to some customer data. Klue says attackers used a compromised legacy credential to obtain OAuth tokens and access connected third-party platforms, while Salesforce emphasizes the issue stemmed from the app connection and not its platform. Klue and customers like Huntress are investigating, revoking tokens, and remediating impacts.
read more →

Nintendo confirms TinyPulse survey data stolen

🛡️ Nintendo of America confirmed that threat actors accessed survey data from the third-party TinyPulse service used for internal employee surveys, but its own systems were not compromised. The company said the information is limited to a small subset of employees and mostly dates back several years. Nintendo is working with the service provider while denying any access to customer or financial data.
read more →

ICO cautions healthcare worker over royal records

🔒 The ICO has issued a formal caution to a former London Clinic healthcare worker who attempted to access and sell the Princess of Wales’ medical records. The regulator opened a criminal investigation in 2024 but concluded a caution under section 170(5) of the Data Protection Act 2018 was an appropriate enforcement response. The ICO found no wider organisational failings meeting the threshold for further action and emphasised its readiness to pursue prosecution when necessary.
read more →

Telegram admits limits detecting exam leak channels

📄 India's government told the Delhi High Court that it warned Telegram roughly two weeks before blocking the app amid allegations channels were selling leaked NEET-UG 2026 exam papers. The Ministry of Electronics and Information Technology and the National Testing Agency identified groups, channels and bots circulating stolen material and reported them to Telegram. The affidavit says Telegram acknowledged limited proactive detection and relied on reported content, while India's block—initially framed as a measured step—remains in effect pending the court's ruling.
read more →

FortiBleed leak exposes Fortinet VPN credentials

🔒 A newly discovered data leak called FortiBleed appears to expose Fortinet and FortiGate VPN credentials for 73,932 firewall URLs worldwide. Researcher Bob Diachenko discovered a server containing usernames, emails, and plaintext passwords and linked the collection to a Russian-speaking multi-operator group that performed massive credential harvesting and cracking. Hudson Rock and other researchers validated the dataset, noting impacts across many industries and countries, and urged affected organizations to rotate credentials and enforce MFA.
read more →

Kodak confirms data breach amid ShinyHunters claim

🔒 Kodak has confirmed an investigation after an unauthorized third party gained temporary access to a limited amount of company data. The company engaged external cybersecurity experts and is working with law enforcement, asserting there is no threat to systems or operations. The ShinyHunters extortion group has claimed responsibility, alleging over 2.2 million records were stolen and threatening to leak the data.
read more →

iRhythm confirms patient data breach after extortion

🔒 iRhythm Holdings disclosed a data breach after threat actors accessed patient personal and health information stored on third-party business applications. The company detected the incident on June 10, 2026, after receiving a ransom demand the prior week and launched an investigation with external cybersecurity experts. iRhythm said the breach involved data exfiltration via social engineering but did not affect its clinical devices, manufacturing, or financial systems. The firm has not confirmed the exact number of affected individuals.
read more →

Council of Europe Probes ShinyHunters Breach Claims

🔎 The Council of Europe is investigating claims by the ShinyHunters extortion group that it exfiltrated hundreds of thousands of HR and payroll records. The organization, representing 46 member states, said it is assessing the situation and cannot provide further comment. ShinyHunters posted on a dark web leak site, threatening to publish alleged files containing extensive personal and financial data if demands are not met.
read more →

China-linked actors breach REDCap servers, steal research

🔒 Google Threat Intelligence Group attributes a long-running espionage campaign to UNC6508, a China-linked actor, which exploited exposed REDCap servers to deploy the custom Infinitered malware and exfiltrate sensitive medical research. The intrusion began in September 2023 and persisted through November 2025, with attackers harvesting credentials, maintaining persistent backdoors, and using enterprise email compliance rules to siphon data. Administrators are urged to update REDCap, enable MFA/2SV, and apply provided YARA rules and IoCs to detect infections.
read more →

Infinite Campus Salesforce Breach Exposes Staff Data

🔒 Infinite Campus disclosed a Salesforce data theft in March that exposed personal information for school staff across its K‑12 customer base. The attacker, linked to groups known for targeting Salesforce instances, allegedly leaked a 1.2GB archive. Have I Been Pwned found data from 137,100 accounts, including names, emails, job titles and contact details. Infinite Campus said most exposed items appear to be directory information commonly published by schools.
read more →

Maine takes breach reporting portal offline after hoax

🔒 The state of Maine has temporarily taken its public-facing breach reporting database offline after two fraudulent reports impersonating VRChat and Discord were published. The Attorney General's office removed the fake submissions and said it is reviewing procedures to reduce such abuse while keeping legitimate reporting available. Historic notifications can be requested via the consumer protection division.
read more →

Maine Shuts Public Breach Portal After Hoax Filings

🔒 Maine has taken its public data breach reporting portal offline after fraudulent disclosures impersonating Discord and VRChat were published. The Attorney General's Office confirmed the reports were hoaxes and removed them, stating there is no evidence of actual breaches by the named companies. Public access to the database is temporarily disabled while the office reviews procedures; companies may still submit notices but the public must request disclosures directly.
read more →