< ciso
brief />
Tag Banner

All news with #data breach tag

787 articles · page 27 of 40

4th Circuit Lowers Proof Threshold in Data Breach Suits

🔒 In October the 4th U.S. Circuit Court of Appeals ruled that listing stolen consumer data on the dark web can be sufficient to let plaintiffs proceed in data-breach lawsuits. The panel determined that dark-web publication — paywalled or not — increases the risk of fraud and is therefore materially different from mere theft. CISOs should monitor dark-web exposure and preserve evidence of publicization to assess legal and financial risk.
read more →

Pennsylvania: Hacker Claims 1.2M Donor Records Breach

🔐 A threat actor claims to have compromised University of Pennsylvania systems and exfiltrated data for roughly 1.2 million students, alumni, and donors, including names, dates of birth, contact details, estimated net worth, donation histories, and sensitive demographic data. The attacker said they gained access via a compromised PennKey SSO account and accessed VPN, Salesforce Marketing Cloud, Qlik, SAP, SharePoint, and Box. After access was revoked on October 31 the actor used Marketing Cloud to send offensive emails to about 700,000 recipients and published a 1.7-GB archive of files. Penn says it is investigating; donors should watch for targeted phishing and verify solicitations directly with the university.
read more →

Offensive 'We got hacked' emails sent from Penn addresses

📧 The University of Pennsylvania distributed a series of offensive emails to students and alumni claiming data was stolen in a breach and urging action. The messages, with the subject line "We got hacked (Action Required)", were sent from multiple Penn addresses, including the Graduate School of Education, via the connect.upenn.edu mailing-list platform hosted on Salesforce Marketing Cloud. Penn's Office of Information Security said the messages are fraudulent, its Incident Response team is investigating, and the university has placed a website banner advising recipients to disregard or delete the emails.
read more →

Conduent Breach Exposes Data of Over 10.5 Million People

🔒 Conduent has confirmed a breach affecting more than 10.5 million individuals, with customer notices sent in October 2025 after the incident was discovered on 13 January 2025. Unauthorized access reportedly began on 21 October 2024 and persisted for nearly three months. The criminal group SafePay claimed responsibility and said it exfiltrated large volumes of data, potentially including names, Social Security numbers, dates of birth, and medical and insurance information.
read more →

Surge in NFC Relay Malware Targeting European Cards

📱Zimperium reports a sharp rise in Android apps abusing Host Card Emulation (HCE) to steal contactless payment card data across Eastern Europe. Researchers observed over 760 malicious APKs and 70+ command-and-control servers that capture EMV fields, respond to POS APDU commands, or forward requests to remote servers. Variants include data exfiltration to Telegram, relay toolkits, 'ghost-tap' real-time HCE manipulation, and fake payment apps impersonating Google Pay and regional banks. Users are advised to avoid sideloading APKs, restrict NFC permissions, run Play Protect, and disable NFC when not in use.
read more →

Nation-state Hackers Breach Ribbon Communications' Network

🔒 In a filing with the SEC, Ribbon Communications disclosed that unauthorized actors, reportedly tied to a nation-state, had access to its IT network, with initial intrusion activity traced as far back as December 2024. The company detected the breach in September 2025, has worked to terminate access, and is collaborating with third-party cybersecurity experts and federal law enforcement. Ribbon says it has not yet found evidence of material corporate data theft, although attackers accessed customer files on two laptops outside the main network.
read more →

Conduent Confirms Data Breach Affects 10.5 Million People

🔒 Conduent has confirmed a 2024 data breach that state attorney general notifications indicate affected more than 10.5 million people. Reported exposed data includes names, Social Security numbers, full dates of birth, health insurance policy or ID numbers, and medical information. Conduent says the environment was first compromised on October 21, 2024 and discovered in January 2025; as of October 24, 2025 it reports no evidence the stolen data has been misused. Affected individuals are advised to obtain credit reports and consider fraud alerts or a security freeze; the company did not offer identity monitoring services.
read more →

Human Cost of UK Government's Afghan Data Leak Exposed

🔓 A leaked Ministry of Defence spreadsheet in February 2022 exposed thousands of Afghan nationals who assisted UK forces, and research from the charity Refugee Legal Support shows the fallout continues. Survivors report murder, torture, repeated home searches and persistent Taliban threats; 49 people are reported to have lost relatives or colleagues. Only a minority were offered relocation to the UK, underscoring how data leaks and inadequate responses can cause real, ongoing harm.
read more →

Proton Finds 300M+ Records Linked to 794 Breaches Worldwide

🔎 Proton and Constella Intelligence have launched the Data Breach Observatory, a real‑time dark‑web monitoring service that has identified more than 300 million compromised records tied to 794 incidents so far this year. The service combines automated crawlers, curated feeds and human analysts to surface breached data and alert affected parties. Proton says small and medium businesses are heavily targeted, with email addresses, names and contact details the most commonly exposed items. If aggregated datasets are included, Proton reports incidents rise to 1,571 and exposures reach hundreds of billions of records.
read more →

Ransomware Hits Swedish Grid Operator Svenska kraftnät

🔒 On October 25, 2025 the ransomware group Everest listed state grid operator Svenska kraftnät on its darknet leak site, claiming about 280 GB of stolen data. Svenska kraftnät confirmed on October 26 that attackers accessed certain sensitive information via an isolated external file-transfer solution and said investigations are underway. The utility — which operates roughly 16,000 km of high-voltage lines — said there is currently no indication the physical grid was affected and that it is coordinating with police and national cybersecurity authorities.
read more →

Dentsu Confirms Data Breach at U.S. Subsidiary Merkle

🔒 Dentsu disclosed a cybersecurity incident at its U.S. subsidiary Merkle, saying attackers accessed and stole files containing client, supplier, and employee information. The company detected abnormal activity, proactively took certain systems offline, and initiated incident response procedures while engaging third‑party responders. A circulated memo indicated exposed payroll and bank details, salary and National Insurance numbers, and personal contact details; impacted individuals are being notified and authorities in affected countries have been informed. Dentsu said Japan-based systems were not impacted and that the full scope and financial impact remain under investigation; no ransomware group has claimed responsibility so far.
read more →

Volvo Third-Party Breach Highlights Forensic Readiness Gaps

🔒 In August 2025 Volvo Group North America disclosed a breach that originated in its third‑party HR provider, Miljödata, and a slow timeline of detection and notification has raised questions about forensic readiness. Reported exposed records included Social Security numbers and sensitive employee identifiers, and Volvo offered 18 months of identity‑protection services. The author provides five practical recommendations to preserve evidentiary integrity: embed forensics from day zero, align IR and forensic priorities, automate collection and triage, contractually manage vendor response, and coordinate legal messaging to reduce litigation and regulatory risk.
read more →

Google Refutes False Claims of Massive Gmail Breach

🔒 Google says reports of a massive Gmail data breach are false and that the coverage mischaracterizes a large compilation of exposed credentials. The 183 million-account figure reflects aggregated infostealer databases and credential dumps compiled over years, not a single Gmail compromise. Troy Hunt added the dataset to Have I Been Pwned, which found 91% of entries were previously seen; 16.4 million addresses were newly observed. Users should check their accounts, run antivirus scans, and change any compromised passwords.
read more →

FIA drivers' portal breached, Formula 1 data exposed

🔐 Hackers gained access to a drivers' portal run by the Fédération Internationale de l'Automobile (FIA) during the summer, potentially exposing Formula 1 driver records. The three individuals said they were fans who reported a vulnerability instead of pursuing malicious use and claimed they neither viewed nor stored sensitive data after noticing passport details could be retrievable. The FIA took the site offline, secured the system and worked with the researchers to strengthen the portal.
read more →

Ransomware recovery falters: 40% of paying victims lose data

🔒 Two in five companies that pay ransomware attackers still fail to recover their data, according to a Hiscox survey of thousands of SMEs. The study found 27% of businesses were hit in the past year and 80% of affected firms paid a ransom, yet only 60% recovered all or part of their data. Experts blame flawed encryptors, corrupted or compromised backups, and complex double- or triple-extortion tactics. Organisations are urged to maintain tested recovery plans, forensic validation, and incident response retainers rather than rely on payment.
read more →

Toys R Us Canada confirms customer data leak; regulators

🔔 Toys R Us Canada has notified customers that a threat actor leaked records taken from its database after a posting on the dark web on July 30, 2025. An investigation with third-party cybersecurity experts confirmed the data's authenticity and found exposed fields may include full name, physical address, email, and phone number, while passwords and payment card details were not exposed. The retailer says it has strengthened IT security, is notifying Canadian privacy regulators, and warns customers to beware of phishing attempts.
read more →

Serious F5 Breach: Build System and BIG-IP Code Compromised

⚠️ F5 disclosed a major intrusion in which a sophisticated, likely nation-state threat actor maintained long-term access to its internal network. During the compromise the attackers gained control of the build and distribution environment for BIG-IP updates and exfiltrated proprietary source code, documentation of unpatched vulnerabilities, and customer configuration files. F5 warned this data could enable widespread supply-chain and targeted attacks against many sensitive networks.
read more →

FinWise Breach Highlights Encryption and Insider Risk

🔒 The FinWise data breach involved a former employee who retained credentials and accessed systems on May 31, 2024, exposing personal records for 689,000 American First Finance customers. The intrusion remained undetected until June 18, 2025, prompting lawsuits alleging inadequate encryption and weak security governance. Experts say robust protection requires not only encryption but effective key management, strict access controls, and proactive monitoring. Vendor solutions such as D.AMO are presented as integrated platforms combining encryption, an isolated KMS, and centralized control to mitigate insider risk.
read more →

John Bolton Charged Over Classified Emails Leak After Hack

🔒Former national security adviser John Bolton has been charged with mishandling classified information after prosecutors say he retained and transmitted sensitive documents via a personal AOL account that was later accessed by suspected Iranian hackers. The intruders allegedly downloaded the materials and sent extortion messages to Bolton. The case highlights questions about password strength, the use of two-step verification, and the risks of sending unencrypted, sensitive information to family members. Bolton has pleaded not guilty.
read more →

Muji Halts Japan Online Sales After Supplier Ransomware

🔒 Muji has temporarily taken its Japan online store offline after a ransomware attack disrupted logistics systems at its delivery partner, Askul. The outage affects browsing, purchases, order histories in the Muji app, and some web content; Muji is investigating which shipments and pre-attack orders were impacted and will notify affected customers by email. Askul confirmed a ransomware infection suspended orders, shipping, and several customer services while it investigates potential data exposure; international Muji stores remain operational.
read more →