< ciso
brief />
Tag Banner

All news with #data breach tag

785 articles · page 3 of 40

French government’s Tchap messaging breach disclosed

🔒 The French government’s secure messaging platform, Tchap, was breached after an intruder took over a user account, according to DINUM. The agency blocked the compromised access and is investigating the extent of exposed information. While encryption was not broken, public chat rooms are unencrypted and the intruder reportedly accessed thousands of messages and files. DINUM reminded users that public rooms are visible to any account and should not contain sensitive content.
read more →

Novo Nordisk discloses clinical trial data breach

🔒 Novo Nordisk disclosed an unauthorized access incident affecting internal IT systems and pseudonymized patient data from some clinical trials. The breach exposed trial participant IDs and health, biomarker, lifestyle, and demographic details, while the company says direct identifiers were not accessed. Healthcare professionals' contact details were also compromised, prompting warnings about phishing and impersonation risks. Novo Nordisk has isolated affected systems, engaged external cybersecurity experts, and is investigating the scope and impact.
read more →

French Tchap breach exposed over 73,000 public sector accounts

🔒 DINUM disclosed that a breach of the Tchap encrypted messaging platform impacted over 73,000 French public sector accounts after a compromised user account was used to access the service. The attacker accessed data shared in public chat rooms, which are not encrypted, potentially exposing names, email addresses, avatars, and affiliated organizations. Private conversations remain encrypted and protected, and the malicious account has been blocked while an investigation continues. A threat actor has claimed responsibility and released samples of stolen files.
read more →

Japanese energy firm loses drive with 10.9M accounts

🔒 Kyushu Electric Power disclosed a physical security incident after an external backup drive containing private data for up to 10.9 million accounts went missing from a server room cabinet. The company said the drive was used on April 27 due to storage capacity limits and was found absent on May 26 when staff returned. The lost data reportedly includes customer names, addresses, usage data, phone numbers, and retail provider names, but not bank or credit card details. Authorities and Japan’s privacy commission have been notified, and an investigation and individual notifications are underway.
read more →

ShinyHunters exploited Oracle PeopleSoft zero‑day

🔒 The ShinyHunters extortion group exploited an unpatched Oracle PeopleSoft remote code execution zero‑day (CVE-2026-35273) to compromise enterprise servers, steal data, and extort victims. Mandiant links the activity to UNC6240 and observed attacks from May 27 to June 9, before Oracle published its advisory on June 10. The flaw requires no authentication and exposes PeopleTools 8.61 and 8.62 installations with externally reachable Environment Management Hub endpoints. Universities were heavily targeted; mitigations focus on disabling or blocking PSEMHUB and hunting for post‑exploit indicators.
read more →

South Korea levies record fine after Coupang breach

🔒 The Personal Information Protection Commission (PIPC) fined e-commerce firm Coupang 624.6 billion won (~$409M) after a major data breach that exposed about 37.55 million people’s information. A subsidiary, Coupang Fulfillment Service, was also fined 248 million won for unlawful handling of personal and sensitive data. Investigators cited poor authentication key management, inadequate access controls, delayed breach disclosure, interference with the data protection officer’s independence, and obstruction of the probe.
read more →

Nottingham University student-records breach affects 454,600

🔒 The University of Nottingham confirmed a cyber incident that exposed a significant amount of student record data, affecting current students and alumni. The university reported the breach to the Information Commissioner's Office and Action Fraud and is working with the platform vendor on a forensic investigation. The ShinyHunters extortion group has claimed responsibility and posted an archive they say contains finance, payment, personal and academic data from multiple campuses.
read more →

ShinyHunters Target Oracle PeopleSoft Instances

🛡️ ShinyHunters are actively stealing data from Oracle PeopleSoft instances, claiming breaches across 300 instances at over 100 organizations. The actor says they used a mix of old and zero-day vulnerabilities in a "gadget chain," with many victims in the education sector. Exposed tooling, scripts, and IOCs were found in online directories, and impacted organizations are urged to check logs and begin incident response immediately.
read more →

ServiceNow flaw exploited to gain deeper access

🔒 ServiceNow disclosed a security incident after unidentified actors exploited a vulnerability to obtain unauthorized, deeper access to some customer instances. On June 5, 2026, the company applied a security update to hosted instances to restrict access to an endpoint so only authenticated users can reach it. ServiceNow detected anomalous activity and confirmed successful queries against instance tables for a subset of customers, who have been notified. The issue affects customers on the Australia platform release or those with specific pre-Australia configuration changes.
read more →

French government messaging platform breached by hijack

🔐 DINUM warned that a hijacked user account was used to breach Tchap, the French government's encrypted messaging platform. Developed with ANSSI in 2018 on the Matrix protocol, Tchap serves the French public sector and has grown rapidly since its mandated adoption in August 2025. DINUM and CNIL were alerted after ANSSI detected the intrusion and the compromised account was promptly blocked while investigations continue. A threat actor claimed responsibility and shared samples, alleging large-scale data and message exfiltration.
read more →

SoFi Hong Kong confirms third-party data breach

🔒 SoFi Hong Kong reported a third-party data breach after detecting unauthorized access to a vendor-hosted database on April 30, 2026. The company engaged a third-party cybersecurity firm and is investigating while notifying affected customers. SoFi has not disclosed the vendor identity, the number of impacted customers, or the exact data exposed. Customers were advised to monitor accounts, enable two-factor authentication, and take extra precautions.
read more →

Weekly cyber recap: supply chain worm and hacks

⚠️ Last week saw a range of high-impact incidents, from the Miasma worm compromising 73 Microsoft GitHub repositories to targeted mailbox espionage and an Instagram account compromise via an AI support tool. Vendors patched active Android flaws, researchers flagged malicious npm packages and a compromised Hola Browser installer, and U.S. agencies disrupted transnational investment fraud. Multiple threat clusters, including China-linked espionage groups and financially motivated actors, broadened their geographic scope and tactics, while many critical CVEs remain urgent for defenders to patch.
read more →

Oxford University reports CareerConnect credential breach

🔒 Oxford University disclosed a data breach after its third-party provider, Group GTI, reported that the CareerConnect platform was compromised on May 28. The attackers accessed users' first and last names, email addresses, and encrypted passwords for accounts not using Single Sign-On; GTI has invalidated those passwords and will require resets. The university said no course materials, uploaded files, appointments, or financial data appear affected, but warned users to watch for phishing attempts.
read more →

Meta: 20,225 Instagram Accounts Exposed by Bug

🔒 Meta disclosed that a bug in its AI-powered High Touch Support (HTS) tool allowed attackers to request password reset links to email addresses not associated with targeted Instagram accounts, enabling unauthorized access where two-factor authentication was not enabled. The issue was discovered on May 31, affecting 20,225 users and exposing contact details, profile data, posts, messages and activity history. Meta disabled the HTS tool, invalidated reset links, enforced mandatory security checkpoints on impacted accounts, and instructed users to reset passwords and enable 2FA while it reviews recovery flows.
read more →

Miasma worm compromises 73 Microsoft GitHub repos

🛡️ Microsoft's GitHub organizations — including Azure, Azure-Samples, Microsoft, and MicrosoftDocs — were hit by the self-replicating Miasma supply chain campaign that affected 73 repositories, prompting GitHub to disable access. The incident notably re-compromised the durabletask package previously infected by TeamPCP, suggesting lingering credential exposure. Miasma, a variant of the Mini Shai-Hulud worm, has mutated rapidly and pushed malicious payloads both to registries and directly to GitHub source repos, leveraging AI coding tools and developer workflows to execute payloads. Security firms warn the campaign exploits trust in maintainers and signing rather than platform vulnerabilities, allowing widespread propagation across the open-source ecosystem.
read more →

Suspicious polyfill login prompts hit major Japanese sites

🔐 Toshiba and Muji warned visitors about unexpected sign-in pop-ups generated by the external service polyfill.io, advising users to cancel and change passwords if they entered credentials. The prompts were caused by remnants of a 2024 incident when the polyfill domain served malicious scripts after changing hands; the domain began responding again in late May 2026 with HTTP 401 requests. Both companies suspended the service and removed the offending code, and other Japanese sites were also affected.
read more →

DentaQuest breach exposed data of 2.6 million accounts

🔒 DentaQuest, a major US dental benefits administrator, disclosed a cybersecurity incident after the extortion group ShinyHunters posted and later leaked over 234 GB of stolen data. The company confirmed limited disruption to services on June 2 and said it engaged external experts to investigate and contain the breach. Analysis by Have I Been Pwned found records for 2.6 million accounts in the leaked dataset, including emails, names, phone numbers, government IDs, insurance details, genders, and dates of birth.
read more →

WFP registration breach exposes Gaza household data

⚠️ The United Nations World Food Programme (WFP) confirmed a breach of its Palestine self-registration application (SRA) that exposed beneficiaries' personal data across the Gaza Strip, including names, ID numbers, phone numbers, and neighborhood locations. The SRA has been temporarily suspended while WFP implements urgent security improvements and investigates the incident. The organization warned recipients to be cautious of impersonation or phishing attempts and said assistance programs will continue as normal for registered beneficiaries.
read more →

Lessons from the Canvas LMS cyberattack

🔒 Over May 6–7, 2026, Canvas LMS users encountered a defaced login page claiming a ShinyHunters extortion of Instructure, alleging theft of 3.65TB of data affecting about 275 million students, faculty, and staff across nearly 9,000 institutions. Instructure identified an exploited support-ticket vulnerability in its Free for Teacher environment and temporarily disabled that service while investigating. The incident disrupted finals and highlighted risks from centralized SaaS platforms, third-party dependencies, communications breakdowns and the evolving economics of extortion.
read more →

Dashlane reports brute-force compromise of few vaults

🔐 Dashlane disclosed a brute-force attack on May 31, 2026, targeting certain personal accounts to bypass two-factor authentication and register new devices. Its security controls triggered temporary suspensions and authentication issues, and although access has been restored, attackers succeeded in downloading encrypted vaults for fewer than 20 personal-plan users. Dashlane stressed that vault contents remain protected by each user's Master Password and that its internal systems were unaffected.
read more →