< ciso
brief />
Tag Banner

All news with #data breach tag

787 articles · page 29 of 40

Capita Fined £14m Over 2023 Data Breach Failings, Remediated

🔒 The Information Commissioner’s Office (ICO) confirmed Capita will not appeal a £14m penalty for security failings that led to a March 2023 breach affecting nearly seven million people. The fine was reduced from an initial £45m after the ICO considered post-incident remediation, support to affected individuals and engagement with the NCSC. The regulator cited delayed SOC response, absence of a tiered privileged-access model and siloed pen testing that allowed a threat actor linked to Black Basta to escalate privileges and deploy ransomware.
read more →

Scattered Lapsus$ Extortion Site Goes Dark — Next Steps

🔒 Police seized several domains tied to the Scattered Lapsus$ Hunters extortion network, but one dark‑web mirror remained briefly accessible and was used to publish alleged data on October 10. The site listed victims including Qantas, Vietnam Airlines, Albertsons, GAP, Fujifilm, and Engie Resources, with claimed volumes from millions to hundreds of thousands of records. Authorities caution that domain seizures are tactical wins: actors often resurrect forums from backups or migrate to platforms such as Telegram, and the group has even promised a 2026 return with a subscription-based extortion-as-a-service model.
read more →

Cyberattack Targets German Federal Employment Agency

🔒 In a coordinated operation, eight suspects attempted to hijack unemployment payments by accessing roughly 20,000 accounts of the Federal Employment Agency (BA) between late January and mid‑March. Investigators report about 1,000 accounts were accessed and bank details altered in 150 cases; early intervention limited losses to under €1,000. Searches across several states recovered devices, cash, weapons and narcotics, and two suspects are currently detained.
read more →

SimonMed: 1.2M Patients Affected in January Breach

🔒 SimonMed Imaging is notifying more than 1.2 million individuals that attackers accessed its network between January 21 and February 5, 2025. The company says hackers stole data and the Medusa ransomware group claimed a 212 GB exfiltration and published proof files including ID scans, medical reports, payment details and raw scans. SimonMed reset passwords, implemented multifactor authentication, deployed EDR, removed vendor access, restricted traffic, notified law enforcement and is offering affected people free Experian identity monitoring.
read more →

How to Scrub and Minimize Your Digital Footprint Effectively

🔍 Regularly search for yourself—names, emails and usernames—to uncover forgotten accounts, impersonators, and exposed data. Delete obsolete accounts, revoke third‑party access, clear browser and device traces, and use unique passwords stored in a reliable manager. Use tools like Just Delete Me and breach monitors such as Have I Been Pwned, invoke your right to be forgotten where applicable, and request archive removals. Tighten app permissions, unsubscribe from old lists, and consider privacy‑focused services or stronger 'paranoid' measures if needed.
read more →

Harvard Probes Data Breach Linked to Oracle Zero-Day

🔒 Harvard University is investigating a data breach after the Clop ransomware gang listed the school on its data leak site and attributed the incident to a recently disclosed Oracle E-Business Suite zero-day (CVE-2025-61882). A Harvard IT spokesperson said the issue affected a limited number of parties within a small administrative unit and that a patch from Oracle was applied upon receipt. The university reports no evidence of broader compromise while it continues monitoring.
read more →

FBI and French Police Seize BreachForums Domain Again

🛡️ US and French authorities say they have seized at least one clearweb domain used by the cybercrime forum BreachForums, which has been acting as a leak site linked to recent Salesforce breaches. Screenshots of the site display logos for the FBI, DOJ, BL2C and JUNALCO, although the forum's .onion instance appears still accessible. Reports suggest breachforums[.]hn was disrupted while threat actors such as ShinyHunters claim backups and backend servers were compromised or destroyed. Experts warn the seizure may yield valuable historical data for investigations, but will not immediately stop ongoing extortion of victims.
read more →

Millions of Qantas Customers' Data Published Online

🔐 Around three months after an early-July cyberattack, hackers have published online data reportedly belonging to up to 5.7 million Qantas customers. The airline says the information was stolen via a third-party provider's platform and included names, emails, phone numbers, dates of birth and frequent flyer numbers, but not credit card, financial or passport data. Qantas obtained an Australian court injunction prohibiting use of the information; the data appeared on both the dark web and publicly accessible sites.
read more →

Scattered Lapsus$ Hunters: Risks to Retail & Hospitality

🔒 Scattered Lapsus$ Hunters, with core actors such as Bling Libra, claim responsibility for large-scale theft of Salesforce customer data and launched a public data leak site in early October 2025. The group operates an extortion-as-a-service model, recruiting affiliates to send targeted executive extortion messages and taking revenue shares from payments. Recent activity included a Clearnet domain seizure by law enforcement and threatening deadlines for victim disclosures. Retail and hospitality organizations face heightened risks of identity theft, account takeover, returns and loyalty fraud; Unit 42 recommends secrets scanning, zero trust controls, least privilege and participation in industry ISACs.
read more →

FBI Seizes BreachForums Servers as Salesforce Deadline Nears

🔒 The FBI, US Department of Justice and French authorities seized the BreachForums domain and parts of its backend on Oct. 9, disrupting infrastructure tied to an alliance of threat actors including ShinyHunters, Scattered Spider and LAPSUS$. The action followed threats to publish alleged Salesforce customer data unless a ransom was paid by Oct. 10. Although the primary forum domain now displays a takedown notice, a separate leak site remains active and the extortion campaign appears to be continuing. Experts advise organizations to audit Salesforce configurations, enable OAuth app governance, and enforce token and session hygiene immediately.
read more →

SonicWall: Cloud Backup Data Theft Impacts All Users

🔒 SonicWall has confirmed that threat actors stole backup files configured for the MySonicWall cloud backup service, and that the incident affects all customers using the feature. The company says the files contain encrypted credentials and configuration data, which could raise the risk of targeted attacks despite encryption. SonicWall has published an urgency-classified device list and a detailed admin playbook; customers are urged to check devices and apply updates promptly.
read more →

BreachForums Seized; Hackers Promise Salesforce Leak

🚨 Law enforcement in the United States and France have seized domains tied to the BreachForums hacking forum, and the seized site now displays an official takedown banner pointing victims to an IC3 subdomain. Observers caution the action may be largely symbolic because a dark‑web instance remains active and no public arrests of administrators were confirmed. A collective calling itself Scattered LAPSUS$ Hunters says it will still release one billion records allegedly taken from Salesforce customers on 10 October 2025, while Salesforce has reportedly told clients it will not pay a ransom.
read more →

Data Leak at SonicWall Impacts All Cloud Backup Customers

🔓On September 17, security vendor SonicWall disclosed that cybercriminals exfiltrated backup files configured for its MySonicWall cloud backup service. The company initially reported the incident affected 'less than five percent' of customers but has since updated that all Cloud Backup users who used the feature are impacted. Stolen files include encrypted credentials and configuration data, which could enable targeted attacks despite encryption. SonicWall has published an affected-device list and a detailed remediation playbook for administrators.
read more →

FBI Seizes BreachForums Portal Used in Salesforce Extortion

🔒 The FBI, in coordination with French authorities, seized BreachForums domains used by the ShinyHunters group as a portal for leaking corporate data and facilitating extortion. Nameservers were updated on October 9 and law enforcement reports they obtained backups and backend servers dating back to 2023, though the actors' dark‑web leak site remains online. ShinyHunters confirmed the takeover via a PGP‑signed Telegram post and warned the Salesforce campaign will continue.
read more →

Class Action in Germany Targets Meta over 2021 Facebook Leak

⚖️ A German consumer association has launched a model declaratory action against Meta after data from more than 530 million Facebook users was posted on the dark web in April 2021. The Federation of German Consumer Organisations argues Meta failed to protect user data and to inform affected people adequately. Plaintiffs seek tiered compensation of €100–€600 and the Hanseatic Higher Regional Court will first address jurisdictional and formal matters in the hearing.
read more →

SonicWall: Cloud backup breach exposed all firewall configs

🔒 SonicWall confirmed that unauthorized actors accessed firewall configuration backup files stored in its cloud backup portal, impacting all customers who used the service. The exposed .EXP files contain AES-256-encrypted credentials and other configuration data. Customers should log into MySonicWall to check impacted devices and follow the vendor's Essential Credential Reset checklist, prioritizing internet-facing firewalls.
read more →

SonicWall Cloud Firewall Backups Accessed, Urgent Checks

🔐 SonicWall disclosed that an unauthorized party accessed cloud-stored firewall configuration backups for customers using the Cloud Backup service. While the files contain encrypted credentials and configuration data, SonicWall warns that possession of these files could increase the risk of targeted attacks. The company is notifying customers, providing assessment and remediation tools, and urging users to log in and verify their devices immediately.
read more →

Hotel Booking Software Vulnerability Exposed Millions' Data

🔓 Security researchers from Zerforschung discovered a vulnerability in the Gubse AG hotel booking system that exposed customer data including names, addresses, identity documents and credit card details. Investigators estimate more than 35.5 million reservations and 48.5 million guest records were retrievable, with Motel One especially affected. A number of hostel and hotel groups, including DJH state hostels, AWO SANO and the DeHoGa campus, were named. Vendors report the gaps have been closed and say there is no confirmed misuse or public leak so far.
read more →

SonicWall Cloud Backups Accessed in Firewall Breach

🔒 SonicWall has confirmed that an unauthorized actor accessed firewall configuration backup files stored in its cloud backup service for customers. The files include encrypted credentials and device configuration data; while encryption remains in place, SonicWall warned that possession of these backups could increase the risk of targeted attacks. The vendor says access was achieved via brute-force attacks and that suspicious activity was first detected in early September 2025. Working with Mandiant, SonicWall has issued remediation tools, published impacted device lists in the MySonicWall portal, and is notifying affected partners and customers.
read more →

Hackers Claim Discord Zendesk Breach Exposed 5.5M Users

🛡️ Discord says it will not pay extortionists who claim to have stolen data from a third‑party customer support service and disputes claims that 2.1 million ID photos were exposed. Attackers allege they obtained 1.6 TB of data from the company's Zendesk instance, impacting 5.5 million users and including partial payment and MFA‑related information. Discord says roughly 70,000 ID photos may have been exposed and characterizes the larger figures as part of an extortion attempt.
read more →