All news with #data breach tag

🔍 UpGuard analyzed 22 million leaked request logs showing client traffic to leakzone.net over 28 days in June–July 2025. The follow-up focuses on requests originating from owned organizational IP ranges — highlighting visits from universities, governments, and private companies. Observed security vendors and SEO crawlers (e.g., Censys, SEMrush, Ahrefs) displayed patterns consistent with automated scanning, while many university and government entries suggested intermittent, likely human-driven visits. The findings emphasize why organizations monitor leak forums for risk and threat intelligence.

🔓 UpGuard secured a misconfigured Langflow instance that exposed data for roughly 97,000 insurance customers in Pakistan, including 945 individuals marked as politically exposed persons. The instance was used by Pakistan-based Workcycle Technologies to build AI chatbots for clients such as TPL Insurance and the Federal Board of Revenue. Exposed materials included PII, confidential business documents and credentials; access was removed after notification and UpGuard found no evidence of exploitation.

🔒 UpGuard secured an internet-exposed Langflow instance leaking data on roughly 97,000 Pakistani insurance customers, including 945 individuals flagged as politically exposed persons (PEPs). The instance—used by Pakistan-based consultants Workcycle Technologies to build AI chatbots for clients such as TPL Insurance and the Federal Board of Revenue—contained PII, confidential documents, and plaintext credentials. Access was removed after disclosure; UpGuard found no evidence of active exploitation.

🛡️ TeaOnHer, a recent iOS knock‑off of the controversial dating app Tea, has been found exposing sensitive user data. TechCrunch reported government IDs, driving licences and selfies accessible via a public web endpoint with no authentication, and the app appears to copy wording and features from the original. Newville Media did not respond to disclosure attempts, and an exposed admin credential pair was found on the company server. Until these failures are addressed, users should avoid Tea-related apps.

🔐 Ukraine's Defence Intelligence agency (HUR) says its hackers exfiltrated classified files and technical documentation related to the newly commissioned Russian nuclear ballistic missile submarine Knyaz Pozharsky. Leaked materials, posted on Telegram, reportedly include combat manuals, schematics of combat and survivability systems, crew lists with qualifications, and operational schedules. Russian authorities have not commented and independent verification by Western intelligence or cybersecurity experts is still pending.

📄 A Thai hospital was fined after more than 1,000 patient records, sent for destruction, were found being used as street-food wrappers for crispy crepes. Thailand’s Personal Data Protection Committee (PDPC) determined the documents leaked following handling by a contracted disposal firm that stored them at a private residence. The hospital was fined 1.21 million baht and the disposal business owner received a separate penalty. The episode highlights failures in secure disposal and vendor oversight.

🔒 The UpGuard Cyber Risk Team discovered an unsecured AggregateIQ (AIQ) code repository containing site backups, API keys, SSL private keys, and other sensitive assets tied to multiple Canadian campaigns and parties. Exposed files included WordPress backups, donation processor keys (Stripe), NationBuilder tokens, and PEM private keys that could enable impersonation or account takeover. The findings illustrate significant third‑party vendor risk and raise regulatory and public‑interest concerns about how AggregateIQ managed client credentials and campaign tooling.

🔐 The UpGuard Cyber Risk Team discovered exposed repositories belonging to AggregateIQ that contained website code, backups, credentials and tokens associated with multiple Canadian political campaigns and parties. Exposed artifacts included Stripe secret keys, private SSL keys, NationBuilder/Helcim/SendGrid tokens, WordPress database credentials, and admin accounts tied to aggregateiq.com. The incident highlights third-party vendor risk and the need for tighter controls on credentials and repository configurations.

🛡️ In July 2025, ESET Chief Security Evangelist Tony Anscombe highlighted major cybersecurity incidents, including exploitation of ToolShell zero‑day vulnerabilities in on‑premises Microsoft SharePoint and the confirmed return of Lumma Stealer. Other critical stories included a ransomware attack that closed UK transport firm KNP, a massive data exposure in McDonald's hiring chatbot McHire, and the discovery of PerfektBlue Bluetooth flaws affecting vehicles. The UK also proposed banning ransom payments by public bodies.

🔒 UpGuard’s Cyber Risk Research team discovered and secured a public GitHub exposure containing sensitive employee and customer data belonging to OneHalf, a business process outsourcing firm in the APAC region. The principal artifact was the HRIS project, including a 1.2MB database dump (hrisdb-02012018.sql) with detailed personal records for roughly 250 employees, extensive medical histories, emergency contacts, and 300 usernames with plaintext passwords. A related repo, ohserviceform, listed 28 client companies and plaintext banking account numbers, increasing the risk of financial fraud. UpGuard notified OneHalf and the repositories were secured by August 22, 2018.

🔓 UpGuard Research discovered a publicly accessible Amazon S3 bucket containing detailed consumer data attributed to Tetrad, including files derived from Experian Mosaic, Claritas/PRIZM, and client-supplied datasets covering over 120 million U.S. household records. The exposure included full names, addresses, gender, Mosaic codes, and retailer account and purchase information. UpGuard notified Tetrad in early February and, after repeated contact, the company removed public access and secured the bucket. The dataset's breadth raises significant privacy and targeted-risk concerns for individuals and communities.

🔒 UpGuard Research discovered a publicly accessible AWS S3 bucket containing roughly 60 GB of MSSQL backups uploaded by a Spartan Technology employee, exposing South Carolina justice-system records spanning 2008–2018. The dataset included about 5.2 million arrest-event rows, tens of millions of related records, and sensitive PII such as names, dates of birth, driver’s license numbers and roughly 17,000 Social Security numbers. Permissions included the "AuthenticatedUsers" group, enabling broad access; Spartan removed public access the same day after notification.

🔎 The UpGuard Cyber Risk Team details a public discovery of AggregateIQ repositories that exposed sophisticated political targeting tools. The report highlights project families Monarch and Saga, describing ad-scraping scripts, pixel trackers, and ingestion services that link Facebook ad activity to web behavior. Exposed credentials and AWS assets amplify privacy and oversight concerns.

🔓UpGuard discovered 111 GB of internal customer records from National Credit Federation stored in a publicly accessible Amazon S3 bucket, including names, addresses, dates of birth, scanned driver’s licenses and Social Security cards, full bank and credit card numbers, and complete credit reports. The repository contained personalized credit blueprints and videos showing employee access. UpGuard notified the company, which promptly secured the bucket. The case highlights the need for rigorous cloud permission controls and continuous configuration monitoring.

🔒 A misconfigured Amazon S3 repository administered by NICE Systems exposed names, addresses, account details and PINs tied to Verizon customers; UpGuard estimated up to 14 million affected while Verizon disputed a 6 million figure. The publicly accessible bucket contained daily voice-log files and large text archives with unmasked fields such as PIN and CustCode, alongside call analytics metadata. UpGuard notified Verizon in June 2017 and remediation followed, but the incident underscores the severity of third-party cloud misconfigurations and vendor-managed data risk.

🔓 The UpGuard Cyber Risk Team discovered a publicly accessible Amazon S3 bucket that contained detailed configuration spreadsheets appearing to describe GoDaddy infrastructure running in the AWS cloud. The files included over 24,000 hostnames and 41 configuration fields per system, plus modeled financials and apparent AWS discounting—information useful for targeted attacks or competitive intelligence. GoDaddy closed the exposure after notification; no credentials were found, but the incident highlights the severe consequences of cloud misconfiguration at scale.

📂 UpGuard's analysis of exposed development repositories from AggregateIQ details source code, backups, and credentials tied to multiple pro-Brexit organizations. The findings show WordPress backups, API keys, Stripe secrets, and scripts used to build and contact supporter lists, with administrative accounts linking AIQ staff to sites such as Vote Leave, Change Britain, and the DUP. Misuse of the exposed assets could have allowed large-scale data access or payment compromise.

🛡️ UpGuard analyst Chris Vickery discovered a publicly exposed S3 file repository containing credentials and SSH keys tied to systems used by US geospatial intelligence contractors. The plaintext data included access tokens and administrative credentials that could enable entry to systems handling Top Secret-level data. NGA secured the bucket rapidly after notification; Booz Allen Hamilton responded later. UpGuard preserved the dataset at government request.

🔓 UpGuard identified an Amazon S3 bucket tied to iPR Software that publicly exposed over a terabyte of files, including a 17 GB MongoDB backup. The collection contained 477,000 media contacts, approximately 35,000 hashed passwords, client marketing assets, internal PR strategy documents, and credentials for Google, Twitter, and a MongoDB host. UpGuard notified iPR in October 2019; public access was removed in late November after follow-up and media engagement.

🔒 UpGuard discovered a publicly accessible rsync repository tied to Cohen Bergman Klepper Romano Mds PC that exposed records for more than 42,000 patients and over three million medical notes. The exposed data included patient and physician names, Social Security numbers, dates of birth, phone numbers, email and insurance information, along with an Outlook .pst and a virtual hard drive containing staff home addresses and family details. UpGuard notified the affected parties and Accenture, and the repository was secured after follow-up, underscoring failures in basic access controls and the need for faster remediation.