< ciso
brief />
Tag Banner

All news with #data breach tag

785 articles · page 22 of 40

Seoul Police Raid Coupang; CEO Steps Down Amid Breach

🔍 Seoul police raided Coupang’s headquarters after the e‑commerce firm disclosed that a massive data leak impacted 33.7 million users. CEO Park Dae‑jun resigned and was replaced by US‑based interim chief Harold Rogers to lead remediation, strengthen information security and restore customer trust. Authorities have issued a search warrant for a suspected ex‑employee and are investigating potential criminal violations. South Korea’s data regulator has also ordered changes to Coupang’s terms, simplified account cancellation and a specialist task force to limit further harm.
read more →

UK Fines LastPass £1.2M Over 2022 Data Breach

🔒 The UK Information Commissioner's Office (ICO) fined LastPass £1.2 million after a 2022 breach that exposed account metadata and encrypted vault backups for up to 1.6 million UK users. The attacker first compromised an employee laptop and development credentials, then exploited a vulnerability in a third‑party streaming app on a senior employee's device to deploy malware, capture a master password, and bypass MFA. Those keys enabled access to cloud backups at GoTo containing customer data. The ICO said vaults were not decrypted but warned weak master passwords are at risk and urged stronger passwords and tighter controls.
read more →

Mass Compromise of IP Cameras in South Korea Reveals Risks

📷 South Korean authorities arrested four suspects after roughly 120,000 internet-connected IP cameras in homes and businesses were breached and sexually explicit footage was sold on an overseas adult site. Investigators indicate attackers likely exploited weak or default credentials and unpatched device software. Owners should replace factory passwords, use unique credentials and enable two-factor authentication; consider a reputable password manager such as Kaspersky Password Manager to generate and store strong, random passwords and one-time codes.
read more →

ThreatsDay Bulletin: Spyware, Mirai, Docker Leaks and More

🔔 This week's ThreatsDay Bulletin highlights a packed week of cross-cutting threats: a Mirai variant dubbed Broadside exploiting TBK DVRs (CVE-2024-3721), widespread exploitation of React2Shell (CVE-2025-55182), and the leak of a ValleyRAT builder that includes a signed kernel-mode rootkit. Law enforcement actions ranged from Europol's 193 arrests in a VaaS crackdown to multiple national detentions, while Apple and Google issued broad spyware alerts. Researchers flagged >10,000 Docker Hub images leaking secrets and 19 malicious VS Code extensions that used a PNG disguise to deliver trojans, underscoring persistent supply-chain and user-facing risks.
read more →

Cyber 'Tax' Drives SMBs to Raise Prices After Breaches

🔔 The Identity Theft Resource Center's 2025 Business Impact Report found that 81% of US small businesses experienced a data or security breach in the past year, and 38% raised prices as a result. Respondents attributed 41% of incidents to AI-enabled attacks, while external actors and malicious insiders were cited by 43% and 42% respectively. The ITRC warns that adoption of protections such as MFA is falling and advises SMBs to focus on people, process and technology defenses including out-of-band verification and AI-driven detection tools.
read more →

HSE Offers €750 to Victims of 2021 Ransomware Attack

🔒 The Health Service Executive (HSE) has offered €750 to individuals whose personal data was exposed in the May 2021 Conti ransomware attack, plus an additional €650 toward legal costs. The intrusion began with a malicious Microsoft Excel file that bypassed outdated anti‑malware defenses, forcing a full IT shutdown and widespread disruption to hospital services. A later PwC review criticised the HSE's unpatched systems and frail infrastructure, while the organisation says it has found no evidence of fraud stemming from the breach after more than four years.
read more →

Streamlit Exposures Reveal Scope of Shadow AI Risk

🔒 UpGuard's analysis found thousands of publicly accessible Streamlit applications exposing PII and confidential business data due to default public hosting and common misconfiguration. Using internet scans in October 2025, researchers identified nearly 15,000 IPs running Streamlit and more than ten thousand self-hosted apps reachable without authentication, while Community Cloud counts were substantially larger. The report warns that shadow AI—unsanctioned, persistent apps—can massively expand the attack surface and recommends inventory, access controls, authentication by default, and continuous monitoring.
read more →

Spain Arrests 19-Year-Old Suspect Over 64M Data Records

🔒 A 19-year-old suspect in Igualada, Barcelona, was arrested after authorities linked him to breaches at nine companies and the theft of 64 million private records. Police say the dataset included full names, home addresses, email addresses, phone numbers, DNI numbers and IBAN codes that the suspect attempted to sell on hacker forums using multiple accounts and pseudonyms. Officers seized computers and cryptocurrency wallets believed to hold proceeds from the sales; the investigation began in June. Separately, Ukrainian police arrested a 22-year-old who used custom malware and a 5,000-account bot farm to compromise and sell social media access.
read more →

STAC6565 Targets Canada; Gold Blade Deploys QWCrypt

🛡️ Sophos links nearly 40 intrusions from Feb 2024 to Aug 2025 to STAC6565, a cluster assessed to overlap the criminal group Gold Blade (aka RedCurl/Red Wolf). The campaign shows an unusually narrow geographic focus — almost 80% of attacks targeted Canadian organizations — and combines targeted data theft with selective ransomware deployment using QWCrypt. Attack chains abuse recruitment platforms to deliver multi‑stage loaders such as RedLoader and tools designed to evade AV and disable recovery, often leveraging WebDAV, Cloudflare Workers and program‑compatibility execution paths.
read more →

Marquis Software Breach Impacts Over 780,000 Nationwide

🔒 Marquis Software Solutions confirmed a breach affecting more than 780,000 individuals after attackers exploited a SonicWall firewall vulnerability on 14 August. The company shut down affected systems and engaged external cybersecurity specialists; a late-October review found unauthorized actors copied files containing personal and financial data from certain business customers. Marquis is offering free credit monitoring and has implemented multiple security controls while its investigation continues, and it reports no evidence so far that the stolen data has been posted online.
read more →

Barts Health Seeks High Court Ban After Oracle EBS Breach

🔒Barts Health NHS Trust has applied to the High Court seeking an order to prevent the sharing, publication or use of data stolen from an Oracle E-business Suite database. A criminal group known as Cl0p posted compressed files on the dark web containing names, addresses and invoicing records relating to patients, suppliers and former staff. The trust says clinical systems and core IT infrastructure were unaffected and it is working with NHS England, the NCSC and law enforcement while notifying regulators.
read more →

Barts Health NHS Reports Data Theft via Oracle Zero-Day

🔒 Barts Health NHS Trust disclosed that the Cl0p ransomware group stole invoice data from an Oracle E-Business Suite database after exploiting a zero-day vulnerability (CVE-2025-61882). Stolen files include full names and addresses of payers, records of former employees with debts, supplier details, and accounting files relating to Barking, Havering and Redbridge University Hospitals. The trust says its electronic patient record and clinical systems were not affected, has notified the NCSC, Metropolitan Police and the ICO, and is seeking a High Court order while advising patients to check invoices and remain vigilant for suspicious communications.
read more →

Inotiv Discloses August Ransomware Breach Affecting 9,542

🔒 Inotiv, an Indiana-based contract research organization, disclosed an August ransomware attack that disrupted operations after networks, databases, and internal applications were taken offline. The company says it has 'restored availability and access' to impacted systems and is notifying 9,542 individuals whose information was stolen. The incident, dated to approximately August 5–8, 2025, was claimed by the Qilin ransomware group, which published alleged samples and asserted it exfiltrated roughly 162,000 files totaling about 176 GB, though Inotiv has not confirmed the specific data types or publicly attributed the attack.
read more →

Coupang Exposes 33.7M Accounts Due to Key Mismanagement

🔒 Coupang disclosed an unauthorized exposure affecting approximately 33.7 million user accounts, an incident investigators trace to long‑neglected token signing keys in its authentication infrastructure. Leaked records reportedly included names, email addresses, shipping address lists and some order details; payment and login credentials were not exposed. Authorities and a joint public-private investigation are probing the breach and potential regulatory violations, and a former authentication engineer is the prime suspect.
read more →

Contractors Accused of Wiping 96 Government Databases

🧾 Two Virginia brothers, former federal contractors Muneeb and Sohaib Akhter, have been charged with conspiring to steal sensitive data and deleting roughly 96 government databases after being fired. Prosecutors allege the deletions occurred in February 2025 and that Muneeb also stole IRS and EEOC information for hundreds of individuals. One minute after deleting a DHS database he reportedly asked an AI tool how to clear system logs. Authorities say the pair wiped devices, destroyed evidence, and face multiple federal charges including computer fraud and aggravated identity theft.
read more →

ThreatsDay: Wi‑Fi Hack, npm Worm, DeFi Theft and More

🔒This week's ThreatsDay roundup highlights a string of high-impact incidents, from a $9 million DeFi drain and an npm-based self-replicating worm to airport Wi‑Fi evil‑twin attacks and mass camera compromises. Researchers and vendors including Fortinet, Microsoft, and TruffleHog disclosed evolving malware techniques, supply-chain abuse, and widespread credential exposure. Practical protections include minimizing long-lived secrets, enforcing CI/CD safeguards, updating detection for eBPF-based threats, and applying MFA and phishing-resistant controls.
read more →

Post Office Avoids £1.1m Fine for Leak of 502 Postmasters

🔒 The Information Commissioner's Office found that an unredacted settlement document related to the long-running Horizon scandal exposed the names, home addresses and postmaster status of 502 litigants on the Post Office website between 25 April and 19 June 2024. The ICO considered a fine just under £1.1m but issued a reprimand under its public sector approach after concluding the breach was not 'egregious'. The regulator criticised the Post Office for lacking documented publishing policies, quality assurance and sufficient staff training; the organisation has offered compensation and 24 months of identity protection and taken steps to remove cached copies and strengthen controls.
read more →

Marquis data breach affects over 74 US banks, credit unions

🔒 Financial software provider Marquis Software Solutions disclosed a ransomware intrusion on August 14, 2025, after attackers breached a SonicWall firewall and exfiltrated certain files. The incident potentially impacted roughly 400,000 customers across 74 banks and credit unions and involved names, contact details, Social Security and Taxpayer IDs, account information (no security codes), and dates of birth. Marquis says there is no confirmed misuse or publication of the data to date and is notifying affected institutions and state regulators while implementing enhanced security measures, including MFA, patching, account cleanup, and tightened firewall policies.
read more →

Leroy Merlin Notifies French Customers of Data Breach

🔔 French home improvement retailer Leroy Merlin has notified customers in France that certain personal data may have been exposed in a cyberattack, including full names, phone numbers, email and postal addresses, dates of birth and loyalty program details. The company says no banking data or account passwords were involved and that it moved quickly to block unauthorized access and contain the incident. The notice warns customers to be vigilant against phishing and impersonation attempts; BleepingComputer confirmed the notification is genuine and has sought further details. No ransomware group had claimed responsibility at the time of reporting.
read more →

Freedom Mobile Breach Exposes Customer Personal Data

🔒 Freedom Mobile detected a breach of its customer account management platform on October 23 after a third party used the account of a subcontractor to access customer records. The carrier says it blocked suspicious accounts and IP addresses and implemented corrective measures and security enhancements. Exposed data include first and last names, home addresses, dates of birth, phone numbers, and Freedom account numbers. Freedom reports no evidence so far of misuse and has urged customers to watch for phishing and check accounts for unusual activity.
read more →