All news with #data breach tag

🔒 Lovesac reported a cybersecurity incident in which unauthorized actors accessed internal systems between February 12, 2025 and March 3, 2025, with the company detecting the activity on February 28, 2025. The notice to impacted individuals states that full names and additional personal information were stolen, although specific data elements and the total number of affected people were not disclosed. Lovesac says it remediated the intrusion within three days and currently has no indication the information has been misused, but it is advising vigilance for phishing and other fraud. The RansomHub ransomware group claimed responsibility and added Lovesac to its extortion portal; affected individuals are being offered 24 months of Experian credit monitoring.

🔒 Salesloft says attackers first breached its GitHub account in March, enabling the theft of Drift OAuth tokens later abused to access customer systems. The stolen tokens were used in widespread Salesforce data-theft operations disclosed in August, affecting multiple enterprise customers. Salesloft engaged Mandiant, rotated credentials, isolated Drift infrastructure, and restored integrations after validating containment.

🔒 Salesloft says the breach tied to its Drift application began after a threat actor compromised its GitHub account. Google-owned Mandiant traced the actor, tracked as UNC6395, accessing the account from March through June 2025 and downloading repository content, adding a guest user and establishing workflows. Attackers then accessed Drift's AWS environment and obtained OAuth tokens used to reach customer data via integrations, prompting Salesloft to isolate Drift infrastructure and take the application offline on September 5, 2025. Salesloft recommends revoking API keys for third-party apps integrated with Drift, and Salesforce has restored most Salesloft integrations while keeping Drift disabled pending further remediation.

🔒 Wealthsimple has confirmed a supply-chain related data breach that exposed information for roughly 30,000 customers after software from a third-party vendor was compromised on August 30. The leaked data reportedly included contact details, government-issued IDs, Social Insurance Numbers, dates of birth, IP addresses and account numbers. Wealthsimple says passwords were not accessed, no client accounts were compromised and no funds were stolen. The firm says it contained the intrusion within hours, notified regulators and is offering affected customers two years of free credit monitoring, dark-web monitoring, identity theft protection and a dedicated support team.

🔐 Tenable and Qualys reported limited unauthorized access to parts of their Salesforce records after attackers stole OAuth tokens from the Salesloft Drift integration. The incidents exposed support-case subject lines, initial descriptions and basic business contact details, but neither vendor's products or core services were affected. Both firms disabled the Salesloft Drift app, revoked or rotated credentials, and said they are working with Salesforce and investigators to contain the impact.

🔒 Wealthsimple disclosed a data breach detected on August 30 after attackers accessed a trusted third-party software package. The company said less than 1% of customers had personal information exposed, including contact details, government IDs, account numbers, IP addresses, Social Insurance Numbers, and dates of birth. Wealthsimple stated no funds or passwords were taken; impacted customers are being offered two years of complimentary credit and identity protection and were advised to enable two-factor authentication and remain alert for phishing.

⚠️A 30-year-old man has been charged for a March 2022 cyberattack on Rosneft Deutschland that reportedly stole and deleted about 20 TB of data, leaving a 'Glory to Ukraine' message. Prosecutors allege the breach exposed backups, virtual machines, mail server images and device backups, prompting remote wipes and nearly €12.4M in combined losses. Authorities charged him with computer sabotage, data alteration, and data espionage.

🔒 The FTC and DOJ have acted against Chinese toy maker Apitor Technology after its robot toys and companion Android app transmitted precise geolocation data about children without parental notice or consent. The company integrated a third-party SDK, JPush, which collected street-level location sufficient to identify homes and routines. Apitor agreed to a settlement with a suspended $500,000 penalty, a permanent ban on collecting sensitive kids’ data without parental consent, and obligations to delete illegally gathered records and submit to monitoring.

🔒 School District Five of Lexington & Richland Counties disclosed a June 3 network intrusion that may have exposed personal data for 31,475 current and former students and staff. Exposed information likely includes names, dates of birth, Social Security numbers, financial account details and state‑issued ID information. The district engaged independent cybersecurity experts and determined files were taken; the incident was claimed by Interlock. Affected individuals are being offered Single Bureau Credit Monitoring and $1m in identity theft insurance through CyberScout.

📊 Nearly two-thirds (61%) of US firms experienced insider data breaches in the past two years, according to a new OPSWAT report conducted by the Ponemon Institute. Affected organizations reported an average of eight unauthorized file-access incidents and an average financial impact of $2.7m per organization. Respondents identified file storage and web file transfers as the riskiest environments for data loss. The study also found mixed approaches to generative AI—29% have banned it, 25% have formal policies, and 33% already include AI in file security strategies.

📰 This week’s Threat Source newsletter highlights three significant vulnerabilities Talos researchers uncovered and helped remediate: a Dell firmware persistence flaw (Revault), an Office for macOS permissions bypass, and router compromises that blend malicious traffic with legitimate ISP flows. The author, William Largent, also emphasizes mental health and recommends a paper on AI behavioral pathologies to help anticipate malicious or errant AI-driven activity. Top headlines include a 4.4M-record TransUnion breach, a Salesloft Drift AI token compromise, a Passwordstate high-severity fix, an Azure AD credential leak, and a WhatsApp zero-day. Watch the Talos Threat Perspective episode and read the Dell write-up for mitigation guidance.

🔒 Texas Attorney General Ken Paxton has filed suit against PowerSchool after a December breach exposed personal data for 62.4 million students, including over 880,000 Texans. The attacker used a subcontractor’s stolen credentials to access the PowerSource portal, demanded a $2.85 million ransom, and later extorted individual districts. A 19‑year‑old subsequently pleaded guilty in connection with the attack and extortion efforts.

🔒 Chess.com disclosed a data breach after threat actors gained unauthorized access to a third-party file transfer application used by the platform. The intrusion persisted from June 5 to June 18, 2025, and was discovered on June 19, prompting an investigation and engagement of outside experts. Chess.com says its own infrastructure and member accounts were not affected; just over 4,500 users may have had names and other PII accessed. No financial information appears exposed, and affected members are being offered 1–2 years of free identity theft and credit monitoring.

🔒 A growing majority of CISOs report being pressured to hide breaches, with a Bitdefender survey finding 69% instructed to keep incidents confidential, up from 42% two years earlier. Security leaders say attackers increasingly prioritize stealthy data theft rather than disruptive encryption, making breaches less visible to the public. Regulatory regimes such as GDPR, NIS2 and DORA complicate disclosure decisions, while experts warn that concealment multiplies legal, financial and reputational risk and recommend robust, transparent incident response plans.

🔒 The U.S. Department of Justice has sued toy maker Apitor after an FTC referral, alleging it allowed a Chinese third party to collect precise geolocation data from children without notifying parents or obtaining consent required under COPPA. Apitor's Android app for robot toys uses the JPush SDK, which reportedly collected location data for any purpose, including targeted advertising. Under a proposed settlement, Apitor must secure third-party COPPA compliance, notify parents, delete collected personal information, limit retention, and faces a $500,000 penalty that is currently suspended amid claimed financial hardship.

🔒 Workiva notified customers that attackers who accessed a third-party CRM exfiltrated a limited set of business contact data, including names, email addresses, phone numbers, and support ticket content. The company said the Workiva platform and any data within it were not accessed or compromised. Workiva warned customers to remain vigilant for spear‑phishing and reiterated it will not request passwords by text or phone. BleepingComputer reported the incident is tied to recent Salesforce breaches attributed to the ShinyHunters group.

⚖️ The FTC secured a $10 million settlement with Disney after finding the company mislabeled children’s content on YouTube, enabling collection of kids' personal data without parental notice or consent. The complaint says Disney applied channel-level tags that caused many videos to be marked as 'Not Made for Kids' instead of Made for Kids, circumventing COPPA protections. The settlement imposes a civil penalty, requires parental notice prior to data collection, and mandates a new program to ensure correct MFK labeling on future uploads.

🔒 Sinqia disclosed an attempted theft of approximately R$710 million (about $130m) from two banking customers processed through its Pix transaction environment on 29 August 2025. The company says attackers leveraged compromised credentials from an IT vendor, halted Pix processing, and engaged forensic teams while cooperating with regulators. A portion of the funds has been recovered and investigations, including law enforcement coordination, are ongoing.

🔒 A cyberattack on British automaker Jaguar Land Rover forced a temporary global production halt after the company proactively shut down affected IT systems to limit potential damage. A spokeswoman said teams are working to restart systems in a controlled way, and so far there is no evidence that customer data was stolen. Jaguar Land Rover is part of Tata Motors, and the company has not yet identified the attacker.

🔍 Dark web monitoring gives CISOs timely, actionable intelligence that can reveal breaches, stolen credentials, and early indicators of ransomware campaigns. Continuous visibility into forums, marketplaces, and leak sites helps detect initial access brokers, stealer logs, and items like RDP/VPN access being sold, enabling rapid containment and credential revocation. Use platforms such as SpyCloud and DarkOwl, subscribe to threat feeds and ISACs, and augment with deception (honeypots, canary tokens) while integrating findings into SIEM/XDR and incident response playbooks.