All news with #data breach tag

🔓 The Trinity of Chaos collective has opened a data leak site on the TOR network, publishing previously undisclosed records tied to past breaches and listing 39 major global firms. Resecurity says the group claims more than 1.5 billion records across 760 companies and has set an October 10 negotiation deadline. Samples reportedly contain substantial PII and appear to stem from compromised SaaS environments via stolen OAuth tokens and vishing; the FBI has issued a flash alert. The group also threatened to leverage existing litigation and regulatory complaints against Salesforce, which has denied new vulnerabilities.

🔒Discord has confirmed that attackers accessed data belonging to users who contacted its customer support after a breach at a third-party provider, reportedly Zendesk. Exposed information includes names, Discord usernames, emails, IP addresses, messages with support agents, limited billing details (payment type and last four card digits), and a small number of government ID images. Discord says full card numbers, CCV codes and account passwords were not accessed, and is contacting affected users while warning of potential phishing attempts.

🔒 Renault has informed customers that a cyber-attack on a third-party supplier led to the extraction of personal data from one of the supplier's systems. The vendor confirmed the breach affected names, gender, contact details, postal addresses and vehicle identification and registration numbers, though no financial information or passwords appear to have been taken. Renault says its own systems were not compromised and that the incident has been contained, and it has notified the relevant authorities. Affected customers are warned to expect targeted phishing using the stolen information.

🔒 ParkMobile has settled a class action tied to its 2021 data breach, offering affected users a $1 in-app credit as part of a $32.8 million resolution. Threat actors leaked a 4.5 GB CSV exposing nearly 22 million customers' names, contact details, bcrypt-hashed passwords, mailing addresses, license plates and vehicle information. Claimants must manually apply promo code P@rkMobile-$1 (most codes expire Oct 8, 2026; California codes do not), and the company warns of continuing SMS phishing campaigns targeting users.

🔒 Hackers accessed a third-party customer service system used by Discord on September 20, stealing partial payment details and personally identifying information for a limited number of users who contacted support or Trust and Safety. The attackers appear financially motivated and demanded a ransom. Discord revoked the provider's access, engaged a computer forensics firm, launched an internal investigation, and notified law enforcement. Exposed data included real names, usernames, emails, IP addresses, support messages and attachments, photos of government IDs for a small subset, and partial billing details such as payment type and the last four card digits.

🔒 Discord disclosed that attackers accessed a third-party customer support system on September 20 and stole a limited set of user support tickets and associated data. Exposed information included names, usernames, email addresses, IP addresses, messages and attachments, photos of government-issued IDs for a small number of users, and partial billing details such as payment type and the last four card digits. Discord says it isolated the vendor, revoked access, launched an internal and forensics investigation, and engaged law enforcement. The threat actor demanded a ransom and a group claiming responsibility said the breach involved a Zendesk instance.

🔓 The Scattered Lapsus$ Hunters gang opened a public data-leak site claiming it stole Salesforce data from dozens of global companies, including Salesforce, Toyota, FedEx, Disney/Hulu, Marriott and Google. The group set an Oct. 10 deadline for ransom payments and threatened to publish or even use stolen documents in legal actions if demands are not met. Salesforce says its investigation found no indication the platform itself was compromised and attributes the incidents to past or unsubstantiated claims. Researchers link many breaches to vishing that installs malicious connected apps and to compromised OAuth tokens in Salesloft Drift, underscoring a broader SaaS supply-chain risk.

🔒 Renault and Dacia UK have informed customers that personal information was exposed following a cyberattack on an unnamed third‑party provider. The compromised data includes full name, gender, phone number, email and postal address, as well as Vehicle Identification Numbers (VINs) and vehicle registration numbers; banking data was not affected. Renault says the supplier isolated the incident and removed the threat, and the Information Commissioner’s Office (ICO) has been notified. Recipients are urged to remain vigilant against unsolicited calls and emails and to avoid sharing passwords.

🔓 An extortion group claiming affiliation with ShinyHunters, Scattered Spider, and Lapsus$ has launched a public data leak site listing 39 companies allegedly compromised via Salesforce breaches. The site publishes sample records and urges victims to pay before an October 10 deadline, while also demanding that Salesforce pay to prevent disclosure of roughly 1 billion records. The attackers say they used OAuth-based voice-phishing and stolen tokens to access customer data. Victims named include FedEx, Disney/Hulu, Google, Cisco, and many other major brands.

🛫 WestJet has confirmed a data breach affecting 1.2 million customers following a June 13, 2025 intrusion, and notified authorities on September 29. The airline says a "sophisticated, criminal third party" accessed names, contact details, reservation documents and other relationship data; WestJet Rewards members may have had IDs and points balances exposed, though account passwords were not accessed. WestJet states that credit card numbers, expiry dates and CVVs were not compromised, systems are secure, affected customers are being contacted, and identity protection is being offered where appropriate.

📧 Google Mandiant and the Google Threat Intelligence Group report a new high-volume extortion campaign that claims stolen data from Oracle E-Business Suite. The operation began on or before September 29, 2025, uses hundreds of compromised accounts, and includes contact addresses verified on the Cl0p data leak site. Mandiant notes at least one sending account has ties to FIN11, a TA505 subset. Investigations are ongoing and organizations are urged to inspect for compromise.

⚠️ Forrester warns that an agentic AI deployment will trigger a publicly disclosed data breach in 2026, potentially prompting employee dismissals. Senior analyst Paddy Harrington noted that generative AI has already been linked to several breaches and cautioned that autonomous agents can sacrifice accuracy for speed without proper guardrails. He urges adoption of the AEGIS framework to secure intent, identity, data provenance and other controls. Check Point also reported malicious agentic tools accelerating attacker activity.

🔒 An extortion group calling itself Crimson Collective claims to have exfiltrated nearly 570GB of compressed data from about 28,000 private GitHub repositories, including roughly 800 Customer Engagement Reports (CERs). Red Hat confirmed a security incident tied to its consulting business but would not validate the attackers’ specific claims, saying it has initiated remediation and sees no indication the issue affects its products or software supply chain. The group published directory listings and alleges finding authentication tokens and full database URIs that could be used to access downstream customer infrastructure.

🔒 Red Hat confirmed a security incident after an extortion group calling itself the Crimson Collective claimed to have stolen nearly 570GB of compressed data from roughly 28,000 internal repositories in a GitLab instance used solely for consulting engagements. The group alleges the haul includes about 800 Customer Engagement Reports (CERs) that may contain infrastructure details, authentication tokens, and database URIs. Red Hat says it is remediating the issue, has not verified the attackers' specific claims, and believes its software supply chain and other services remain unaffected.

🔒 A ransomware attack on Motility Software Solutions on August 19, 2025, encrypted portions of its systems and may have exposed personal information for approximately 766,000 customers. The DMS vendor supports about 7,000 dealerships and stores data including names, emails, phone numbers, dates of birth, Social Security numbers, and driver’s license numbers. Motility restored systems from backups, implemented additional security measures, and is offering one year of identity monitoring through LifeLock to affected individuals.

🔒 WestJet confirmed a cybersecurity incident that exposed personal data for about 1.2 million customers, including passports and government IDs. Attackers used social engineering to reset an employee password and accessed the network via Citrix, later moving through Windows and Microsoft cloud systems. The airline said no card numbers, CVVs, expiry dates, or user passwords were compromised and has offered two years of identity protection while working with the FBI.

🔐Allianz Life has completed its investigation into a July cyberattack and says 1,497,036 people were impacted. A malicious actor accessed a third-party cloud-based CRM on July 16, 2025, and obtained names, addresses, dates of birth, and Social Security numbers. While some reporting linked the intrusion to a Salesforce-targeted wave attributed to ShinyHunters, Allianz Life has not confirmed that attribution. Notified individuals are offered two years of free identity monitoring from Kroll and guidance to enable credit monitoring or consider freezing credit.

🔔 The FTC has filed a lawsuit against Iconic Hearts Holdings Inc., the operator of Sendit, and its CEO Hunter Rice, alleging unlawful collection of personal data from users under 13 and deceptive subscription practices. The complaint claims Sendit collected phone numbers, birthdates, photos, and social media usernames without parental consent, created fake anonymous messages (some deliberately provocative), and misrepresented a paid "Diamond Membership" while imposing recurring charges. The FTC has referred the matter to the Department of Justice; the allegations remain unproven.

🔒 WestJet has confirmed that a cybersecurity incident disclosed on June 13 exposed sensitive customer information, including passports and other government IDs, according to a notification shared with U.S. authorities. The airline said an investigation completed on September 15 found impacted records varied by individual and could include full name, date of birth, mailing address, travel documents, loyalty program details, and certain card account information. WestJet emphasized that no credit or debit card numbers, expiry dates, CVV codes, or user passwords were compromised and is offering free two-year identity theft protection to affected customers. The company said the FBI is involved in the probe and that it is still working to determine the full scope of the incident.

🚨 A ransomware group calling itself Randiant claims to have attacked UK childcare operator Kido, publishing names, photos, addresses and family contact details for ten children from one of Kido's London nurseries and threatening to release further data unless a ransom is paid. The attackers' leak page alleges data on more than 8,000 children was exfiltrated. Kido has not yet issued a public statement; London police say an investigation is ongoing. Kido also operates sites in the United States, India and China.