< ciso
brief />
Tag Banner

All news with #data breach tag

785 articles · page 35 of 40

From Summer Camp to Grind Season — Threat Source Recap

📰 This week’s Threat Source newsletter highlights three significant vulnerabilities Talos researchers uncovered and helped remediate: a Dell firmware persistence flaw (Revault), an Office for macOS permissions bypass, and router compromises that blend malicious traffic with legitimate ISP flows. The author, William Largent, also emphasizes mental health and recommends a paper on AI behavioral pathologies to help anticipate malicious or errant AI-driven activity. Top headlines include a 4.4M-record TransUnion breach, a Salesloft Drift AI token compromise, a Passwordstate high-severity fix, an Azure AD credential leak, and a WhatsApp zero-day. Watch the Talos Threat Perspective episode and read the Dell write-up for mitigation guidance.
read more →

Texas Sues PowerSchool After 62M-Student Data Breach

🔒 Texas Attorney General Ken Paxton has filed suit against PowerSchool after a December breach exposed personal data for 62.4 million students, including over 880,000 Texans. The attacker used a subcontractor’s stolen credentials to access the PowerSource portal, demanded a $2.85 million ransom, and later extorted individual districts. A 19‑year‑old subsequently pleaded guilty in connection with the attack and extortion efforts.
read more →

Chess.com: Third-Party File Transfer App Breach Disclosed

🔒 Chess.com disclosed a data breach after threat actors gained unauthorized access to a third-party file transfer application used by the platform. The intrusion persisted from June 5 to June 18, 2025, and was discovered on June 19, prompting an investigation and engagement of outside experts. Chess.com says its own infrastructure and member accounts were not affected; just over 4,500 users may have had names and other PII accessed. No financial information appears exposed, and affected members are being offered 1–2 years of free identity theft and credit monitoring.
read more →

Pressure Grows on CISOs to Conceal Security Incidents

🔒 A growing majority of CISOs report being pressured to hide breaches, with a Bitdefender survey finding 69% instructed to keep incidents confidential, up from 42% two years earlier. Security leaders say attackers increasingly prioritize stealthy data theft rather than disruptive encryption, making breaches less visible to the public. Regulatory regimes such as GDPR, NIS2 and DORA complicate disclosure decisions, while experts warn that concealment multiplies legal, financial and reputational risk and recommend robust, transparent incident response plans.
read more →

US Sues Toy Maker Over Kids' Geolocation Data Leak

🔒 The U.S. Department of Justice has sued toy maker Apitor after an FTC referral, alleging it allowed a Chinese third party to collect precise geolocation data from children without notifying parents or obtaining consent required under COPPA. Apitor's Android app for robot toys uses the JPush SDK, which reportedly collected location data for any purpose, including targeted advertising. Under a proposed settlement, Apitor must secure third-party COPPA compliance, notify parents, delete collected personal information, limit retention, and faces a $500,000 penalty that is currently suspended amid claimed financial hardship.
read more →

Workiva Discloses Data Theft Linked to Salesforce Breach

🔒 Workiva notified customers that attackers who accessed a third-party CRM exfiltrated a limited set of business contact data, including names, email addresses, phone numbers, and support ticket content. The company said the Workiva platform and any data within it were not accessed or compromised. Workiva warned customers to remain vigilant for spear‑phishing and reiterated it will not request passwords by text or phone. BleepingComputer reported the incident is tied to recent Salesforce breaches attributed to the ShinyHunters group.
read more →

Disney to Pay $10M Over YouTube Kids' Data Violations

⚖️ The FTC secured a $10 million settlement with Disney after finding the company mislabeled children’s content on YouTube, enabling collection of kids' personal data without parental notice or consent. The complaint says Disney applied channel-level tags that caused many videos to be marked as 'Not Made for Kids' instead of Made for Kids, circumventing COPPA protections. The settlement imposes a civil penalty, requires parental notice prior to data collection, and mandates a new program to ensure correct MFK labeling on future uploads.
read more →

Brazilian FinTech Sinqia Discloses $130M Pix Heist Attempt

🔒 Sinqia disclosed an attempted theft of approximately R$710 million (about $130m) from two banking customers processed through its Pix transaction environment on 29 August 2025. The company says attackers leveraged compromised credentials from an IT vendor, halted Pix processing, and engaged forensic teams while cooperating with regulators. A portion of the funds has been recovered and investigations, including law enforcement coordination, are ongoing.
read more →

Jaguar Land Rover production halted after cyberattack

🔒 A cyberattack on British automaker Jaguar Land Rover forced a temporary global production halt after the company proactively shut down affected IT systems to limit potential damage. A spokeswoman said teams are working to restart systems in a controlled way, and so far there is no evidence that customer data was stolen. Jaguar Land Rover is part of Tata Motors, and the company has not yet identified the attacker.
read more →

A CISO’s Guide to Monitoring the Dark Web Effectively

🔍 Dark web monitoring gives CISOs timely, actionable intelligence that can reveal breaches, stolen credentials, and early indicators of ransomware campaigns. Continuous visibility into forums, marketplaces, and leak sites helps detect initial access brokers, stealer logs, and items like RDP/VPN access being sold, enabling rapid containment and credential revocation. Use platforms such as SpyCloud and DarkOwl, subscribe to threat feeds and ISACs, and augment with deception (honeypots, canary tokens) while integrating findings into SIEM/XDR and incident response playbooks.
read more →

Hackers Breach Fintech Firm in Attempted $130M Pix Heist

🔐 Evertec disclosed that hackers breached its Brazilian subsidiary Sinqia S.A.'s environment on the Central Bank real-time payment system Pix on August 29, 2025, and attempted unauthorized transactions totaling up to $130 million. Sinqia halted Pix transaction processing and retained external cybersecurity forensics experts to investigate and contain the incident. The Central Bank revoked Sinqia’s Pix access while recovery efforts continue and part of the funds has been recovered; Evertec reports no evidence of exposed personal data and attributes the intrusion to stolen credentials from an IT vendor account.
read more →

Cloudflare Hit by Data Breach in Salesloft Drift Attack

🔒 Cloudflare disclosed attackers accessed a Salesforce instance used for internal customer case management in a broader Salesloft Drift supply‑chain breach, exposing 104 Cloudflare API tokens and the text contents of support case objects. Cloudflare was notified on August 23, rotated all exfiltrated platform-issued tokens, and began notifying impacted customers on September 2. The company said only text fields were stolen — subject lines, case bodies and contact details — but warned customers that any credentials shared via support tickets should be considered compromised and rotated immediately.
read more →

Cloudflare Response to Salesloft Drift Salesforce Breach

🔒 Cloudflare confirmed that it and some customers were impacted by the Salesloft/Drift breach which exposed Salesforce support case text. The company found 104 Cloudflare API tokens in the exfiltrated data, rotated them, and observed no suspicious activity tied to those tokens. No Cloudflare infrastructure was compromised; affected customers were notified and advised to rotate any credentials shared in support tickets and to harden third-party integrations.
read more →

Drift–Salesforce OAuth Attack: Rethink SaaS Security

🔒 A sophisticated adversary exploited legitimate OAuth tokens issued to Salesloft's Drift chatbot integration with Salesforce, using the connection to silently exfiltrate customer data between August 8–18, 2025, according to Google Threat Intelligence Group. The campaign, attributed to UNC6395, leveraged trust in third-party integrations and service-to-service tokens to maintain covert access. Organizations should reassess OAuth governance, entitlement controls, and logging for SaaS integrations to reduce exposure.
read more →

Palo Alto Networks Salesforce Breach Exposes Customer Data

🔒 Palo Alto Networks confirmed a Salesforce data breach after attackers abused OAuth tokens stolen in the Salesloft Drift supply-chain incident to access its CRM. The intruders exfiltrated business contact, account records and support Case data, which in some instances contained sensitive IT details and passwords. Palo Alto says products and services were not affected, tokens were revoked, and credentials rotated.
read more →

Palo Alto Networks Salesforce Breach Exposes Support Data

🔒 Palo Alto Networks confirmed a Salesforce CRM breach after attackers used compromised OAuth tokens from the Salesloft Drift incident to access its instance. The intrusion was limited to Salesforce and exposed business contacts, account records and portions of support cases; technical attachments were not accessed. The company quickly disabled the app, revoked tokens and said Unit 42 found no impact to products or services.
read more →

Palo Alto Networks Response to Salesloft/Drift Breach

🔐 Palo Alto Networks confirmed last week that a breach of Salesloft’s Drift third‑party application allowed unauthorized access to customer Salesforce data, affecting hundreds of organizations including Palo Alto Networks. We immediately disconnected the vendor integration from our Salesforce environment and directed Unit 42 to lead a comprehensive investigation. The investigation found the incident was isolated to our CRM platform; no Palo Alto Networks products or services were impacted, and exposed data primarily included business contact information, internal sales account records and basic case data. We are proactively contacting a limited set of customers who may have had more sensitive data exposed and have made support available through our customer support channels.
read more →

Zscaler Says Salesforce Data Exposed via Drift OAuth

🔒 Zscaler has disclosed that OAuth tokens tied to the third-party Salesloft Drift application were stolen, allowing an attacker to access its Salesforce instance. The company said exposed data included business contact details, job titles, phone numbers, regional information, product licensing and some plain-text support case content, but not attachments or images. Zscaler revoked the app's access, rotated API tokens, implemented additional safeguards and urged customers to remain vigilant for phishing and social-engineering attempts.
read more →

How Bribery at a Vendor Led to Coinbase Extortion Incident

🔒 In early May 2025 Coinbase disclosed that attackers had extorted the company after bribing employees at an outsourced support provider in India to acquire customer and internal data. The theft affected roughly 1% of monthly active users — about 70,000 people — and exposed information useful for social engineering, though no private keys or wallet credentials were taken. Coinbase refused a $20 million ransom, posted a matching bounty, pledged customer reimbursement, flagged suspect blockchain addresses, dismissed implicated vendor staff, and ended the vendor relationship.
read more →

Zscaler Salesforce Breach Exposes Customer Support Data

⚠️ Zscaler says threat actors accessed its Salesforce instance after a compromise of Salesloft Drift, during which OAuth and refresh tokens were stolen and used to access customer records. Exposed information includes names, business email addresses, job titles, phone numbers, regional details, product licensing and commercial data, and content from certain support cases. Zscaler emphasizes the breach was limited to its Salesforce environment—not its products, services, or infrastructure—and reports no detected misuse so far. The company has revoked Drift integrations, rotated API tokens, tightened customer authentication for support, and is investigating.
read more →