< ciso
brief />
Tag Banner

All news with #data breach tag

785 articles · page 21 of 40

Nissan: Thousands of Customers Exposed in Red Hat Breach

🔓 Nissan confirmed that personal data for about 21,000 customers who purchased vehicles or received services at Nissan Fukuoka was exposed after a September breach of Red Hat's development environment. Leaked fields include full names, physical addresses, phone numbers, email addresses and sales-related customer data; no financial or credit card data were affected. Nissan says it has no evidence the data have been misused.
read more →

Activists Claim Copy of Spotify’s Entire Music Library

🎵 Spotify is investigating claims by a collective of pirate activists who say they accessed 256 million rows of metadata and 86 million audio files — roughly 300 terabytes in total. The activists report that metadata, but not audio files, was made publicly available via Anna’s Archive, which frames the release as cultural preservation. Spotify has confirmed a probe into an incident in which a third party allegedly scraped public metadata and bypassed DRM protections to access certain audio files.
read more →

Clop Breach Exposes Nearly 3.5M University of Phoenix Records

🔒 The University of Phoenix disclosed that the Clop ransomware gang stole personal and financial data for 3,489,274 people after exploiting a zero-day in the Oracle E-Business Suite. The university says names, contact details, dates of birth, Social Security numbers, and bank routing and account numbers were accessed. UoPX detected the intrusion after Clop posted the stolen files and is offering complimentary identity protection and a $1 million fraud reimbursement policy.
read more →

Coupang breach affects 33.7M users, raises data risks

🔒 Coupang disclosed a data breach impacting 33.7 million customer accounts, exposing names, phone numbers, email addresses, delivery address books and purchase histories. The company detected unusual activity on November 6, confirmed a breach on November 18 and publicly disclosed the incident on November 29; attackers had access from June 24 to November 8. A former employee who retained access keys is the prime suspect. The incident highlights gaps where non‑mandated data remained unencrypted and underscores the need for stronger voluntary protections.
read more →

Doublespeed Phone Farm Hacked, AI Ad Accounts Exposed

🔓 Doublespeed, a startup backed by Andreessen Horowitz (a16z), was breached, exposing its operation of hundreds of AI-generated social media accounts and a phone farm controlling more than 1,000 smartphones. The anonymous intruder said they reported a vulnerability to Doublespeed on October 31 and still have access to the company's backend, including the device fleet. The compromise reveals promoted products often lacked required advertising disclosures and raises concerns about platform abuse and regulatory compliance.
read more →

University of Sydney code repository breach exposes data

🔒 The University of Sydney reported unauthorized access to an online code repository that resulted in the theft of files containing personal information for more than 27,000 individuals. The breach affected current and former staff, students and alumni and included names, dates of birth, contact details and job information. The university says it detected the incident last week, blocked the access, notified regulators and launched support and notification processes for impacted people.
read more →

Unsecured MongoDB Exposes 4.3 Billion Records Online

🔒 Cybernews reports researchers found an unsecured 16 TB MongoDB instance exposing roughly 4.3 billion personal and professional records. The dataset included names, emails, phone numbers, LinkedIn profile details, employment history, education, social accounts and profile images — data consistent with large-scale LinkedIn scraping. The operator secured the database two days after discovery on 25 November 2025, but ownership and the full exposure window remain unknown.
read more →

France Arrests Suspect Linked to Interior Ministry Hack

🔒 French authorities arrested a 22-year-old on December 17, 2025, in connection with a cyberattack that breached the Ministry of the Interior's internal email servers earlier in the month. The suspect, born in 2003 and previously convicted for similar offenses in 2025, faces charges of unauthorized access to an automated personal data processing system as part of an organized group, punishable by up to 10 years' imprisonment. Investigations involve the Paris cybercrime unit and OFAC, and officials said a further statement will follow after police custody.
read more →

LKQ Confirms Oracle E-Business Suite Data Breach with SSNs

🔒 LKQ has confirmed a cyber-attack targeting its Oracle E-Business Suite environment that exposed personal information for more than 9,070 individuals. The company reports the intrusion occurred on August 9 and was discovered on October 3, with a detailed data analysis finalised on December 1 and notifications sent on December 15. Compromised items include LKQ Employer Identification Numbers and Social Security numbers; LKQ took the EBS environment offline, engaged an external forensic firm, and is offering two years of complimentary credit monitoring and identity restoration through Cyberscout (a TransUnion company). LKQ says it has implemented additional safeguards, strengthened security monitoring, and reinforced policies and controls.
read more →

5.8M Customers Exposed in 700Credit API Data Breach

🔒 700Credit, a Michigan fintech serving more than 20,000 car dealerships, disclosed a breach affecting 5.8 million customers. The company said a misconfigured API allowed unauthorized copying of records between May and October, exposing names, addresses and Social Security numbers. Discovered on October 25, 700Credit engaged cybersecurity experts who found activity limited to the 700Dealer.com application layer and reported no evidence of identity theft. Affected individuals are being offered 12 months of TransUnion identity protection and credit monitoring at no cost.
read more →

SoundCloud Confirms Data Breach; VPN Access Disrupted

🔒 SoundCloud confirmed a security breach that triggered recent outages and prevented many users from accessing the site via VPN, producing 403 "forbidden" errors. The company says a threat actor accessed an ancillary service dashboard and stole a database containing limited data—primarily email addresses and information already visible on public profiles—and that no passwords or financial data were taken. SoundCloud says it has blocked unauthorized access, engaged outside security experts, and implemented additional controls; however, a configuration change disrupted VPN connectivity and the platform also experienced denial-of-service attacks during the response.
read more →

PornHub Extorted After Mixpanel Breach Exposes Premium Data

🔓 PornHub says it is being extorted after threat actors claiming to be ShinyHunters said they stole analytics records from vendor Mixpanel, which suffered a smishing-driven breach on November 8, 2025. PornHub stated the incident affects only select Premium users and emphasized that passwords and payment details were not exposed. The company also said it has not worked with Mixpanel since 2021, indicating the records are historical analytics data.
read more →

ShinyHunters Extorts Pornhub Over Premium User Data

🔒 Pornhub says it is being extorted by the ShinyHunters gang after the group claimed to have stolen 201,211,943 historical analytics records tied to Premium members. The sample data reportedly includes email addresses, search and watch activity, video URLs, video names, keywords, locations and timestamps. Pornhub says passwords and payment details were not exposed and that it has not worked with Mixpanel since 2021. Mixpanel disputes that the files were taken during its November 2025 incident.
read more →

700Credit Breach Exposes 5.8M Dealership Customer Records

🔒 700Credit is notifying more than 5.8 million individuals after a threat actor exploited an exposed API to obtain customer records tied to dealership clients. The company detected suspicious activity on October 25 and, with third-party forensic assistance, confirmed unauthorized copying of web application records. Exposed data includes full names, addresses, dates of birth, and Social Security numbers. 700Credit is offering 12 months of complimentary identity protection through TransUnion and has filed breach notifications with the FTC and affected dealer clients.
read more →

France Interior Ministry Confirms Email Server Breach

🔒 The French Interior Ministry confirmed a cyberattack detected overnight between December 11 and 12 that compromised its e-mail servers and allowed attackers to access a number of document files. Officials say they have reinforced access controls and implemented additional security measures while an investigation is underway. Authorities are exploring motives including foreign interference, activist demonstration, or organized cybercrime.
read more →

Leaked Home Depot GitHub Token Exposed Internal Systems

🔓 A security researcher reported that a Home Depot employee accidentally published a private GitHub access token in early 2024, which granted access to private repositories and cloud infrastructure. When tested, the token allowed write permissions to Home Depot repos and access to order fulfillment and inventory systems. The researcher said multiple disclosure emails went unanswered; the token was removed after TechCrunch contacted the company.
read more →

Coupang Breach Linked to Former Employee's System Access

🔍 Coupang has tied a major data breach exposing 33.7 million customers to a former employee who retained access after leaving the company. The intrusion occurred on June 24, 2025 and was discovered by Coupang on November 18; the company disclosed the incident on December 1 and later said the stolen data had not been published online. Police raided Coupang offices to collect logs, credentials and other records during an independent probe, and the CEO resigned amid the fallout. Authorities warn the firm could face liability if negligence or other violations are found, while the breach has prompted widespread phishing and impersonation reports across South Korea.
read more →

Tracing Stolen Data After Phishing: Market and Risks

🔒 Kaspersky examines the lifecycle of personal data stolen through phishing, showing how information is harvested, traded, verified and repeatedly reused across the shadow market. Stolen records are collected via forms and transmitted by email, Telegram bots or specialized admin panels before being bundled into bulk dumps, analyzed and resold. The report highlights targeted categories, average resale values for different account types and practical protections such as using 2FA, passkeys and a password manager, plus immediate steps to take if your data has been exposed.
read more →

Cyberattack on Town Hall: Stolen Data Posted on Darknet

🔒 In mid-October the Untereisesheim town hall was hit by a cyberattack that encrypted IT systems and led to data theft from servers. Investigations indicate portions of the stolen material, including older personnel files and employee image drives, have appeared on the darknet, while the municipality stresses that sensitive citizen data and central document systems were not affected. No ransom was paid; the town is working with Cybersecurity Agency Baden-Württemberg (CSBW) and the State Criminal Police Office, has rebuilt and secured systems, and informed supervisory and data protection authorities.
read more →

ICO fines LastPass £1.2m over 2022 customer data breach

🔒 The UK Information Commissioner’s Office has fined LastPass £1.2m after concluding insufficient technical and organisational measures contributed to a major 2022 breach. The ICO said there is no evidence that vault master passwords were decrypted, but around 1.6 million users had personal data exposed, including names, emails, phone numbers and stored URLs. The regulator reiterated that password managers remain recommended but vendors must restrict access and harden internal controls.
read more →