All news with #data breach tag

🔒 The personal health data of more than 500,000 UK Biobank volunteers was briefly listed for sale on Chinese e-commerce platforms, prompting removal of the adverts and joint action by UK and Chinese authorities. UK Biobank says the datasets were de-identified and did not include direct identifiers such as names or NHS numbers, and there is currently no evidence the data were purchased. The organisation has suspended researcher access, restricted downloads on its cloud research platform and launched a forensic investigation into misuse by researchers at three academic institutions.

🔒Researchers uncovered 26 malicious iOS apps, dubbed FakeWallet, impersonating popular cryptocurrency wallets on the Apple App Store since at least fall 2025. The apps, available to users whose Apple accounts are set to China, redirect victims to trojanized wallet builds or phishing pages to capture recovery phrases and private keys. Kaspersky found the campaign uses typosquatting, library injection, OCR modules, and enterprise provisioning to install payloads. Apple removed many of the apps after disclosure.

🛡️Scammers are creating convincing fake tax authority websites worldwide to harvest credentials, steal personal data, and distribute malware embedded in downloaded “documents.” These portals also run fraudulent paid services that collect taxpayer identifiers and financial details for later abuse. Cryptocurrency holders are specifically targeted with fake verification flows that request seed phrases or wallet connections, leading to immediate theft. Kaspersky cautions against using cloud-hosted AI for tax preparation and recommends sticking to verified official channels, encrypting sensitive files, and employing reputable security tools.

🔒 Rituals has disclosed a data breach affecting members of its My Rituals loyalty program after attackers downloaded customer records. The company said the compromised data may include full name, email address, phone number, date of birth, gender and home address. Rituals confirmed no passwords or payment information were accessed, and said it has blocked the attackers' access and notified relevant authorities while initiating a forensic investigation. The firm has not disclosed the number of affected members despite a loyalty base of more than 41 million and said it has informed affected customers directly.

⚠️ CISA reports two high-severity authorization and authentication flaws in SpiceJet Online Booking System (CVE-2026-6375, CVE-2026-6376) that permit unauthenticated disclosure of passenger information. Both issues carry a CVSS 3.1 base score of 7.5 and allow PNR enumeration and full booking retrieval without proper access controls. SpiceJet did not respond to coordination requests; CISA recommends defensive network segmentation and other mitigations.

🔒 Quorum Cyber's 2026 Global Cyber Risk Outlook for Higher Education reports a 63% rise in recorded incidents between Nov 2023–Oct 2024 and Nov 2024–Oct 2025, increasing from 260 to 425. Across 67 countries, data breaches rose 73%, hacktivism 75% and ransomware 21%. FunkSec, Cl0p, INC and Nova were the most prolific groups. The report urges intelligence-led vulnerability management, dark web monitoring, robust backups and regular incident response exercises.

🔒 Vercel said it has identified an additional set of customer accounts compromised as part of an incident after expanding its indicators of compromise and reviewing network requests and environment‑variable read events. The company reported a small number of accounts showing prior compromise that predates this incident and may stem from social engineering, malware, or other methods, and confirmed it notified affected parties. Investigators traced the chain to a compromise of Context.ai that allowed takeover of a Google Workspace account and pivoting into Vercel; further analysis points to Lumma Stealer as a likely initial payload.

🔐 A tip‑line operator that handled anonymous reports for 35,000 U.S. schools suffered a major breach after an attacker exploited an XSS flaw in a LeverTip chat box and stole a staff session cookie via social engineering. The intruder exfiltrated 91 GB (≈8.3M tip records), some dating back decades, and offered the dataset for sale. Separately, Rockstar Games experienced a third‑party compromise that exposed partial data, including internal financial figures. Both incidents underscore failures in basic web hygiene, third‑party controls, and incident transparency.

💳 Cybercriminals have trojanized an Android NFC-relay application to capture contactless payment data and PINs, enabling cloning of cards and remote ATM cash-outs. ESET researchers report a new NGate malware variant was injected into the HandyPay app and distributed via a fake lottery site and a spoofed Google Play page targeting Android users in Brazil since November 2025. Traces in the injected code, including emoji markers in debug logs, led researchers to suspect use of generative AI, and ESET has published indicators and a MITRE ATT&CK mapping to aid detection.

🔐 Researchers disclosed a major data exposure at Moltbook on January 31, 2026, revealing 35,000 emails and 1.5 million agent API tokens across 770,000 agents. Private messages contained plaintext third-party credentials, including OpenAI API keys, creating what the article calls a toxic combination — cross-app permissions that compound risk. The piece urges shifting review from single apps to the bridges between them and highlights procedural controls and dynamic SaaS security platforms like Reco to monitor runtime trust relationships and revoke risky tokens before exfiltration.

🛡️ France's government agency ANTS confirmed a data breach after a threat actor claimed to have stolen citizen records in an intrusion last week. The agency says exposed fields may include login IDs, full names, email addresses, dates of birth, unique account identifiers and, for some individuals, postal addresses, places of birth and phone numbers. ANTS has notified CNIL, the Paris prosecutor and involved ANSSI, is informing affected users and warns the data could be used for phishing and social engineering.

🔒 State-backed North Korean actors are the primary suspects in a roughly $293m theft from KelpDAO, which paused operations after detecting suspicious cross-chain activity involving rsETH. Attackers exploited LayerZero verifier infrastructure by poisoning downstream RPCs, swapping op-geth binaries and executing an RPC‑spoofing attack to forge a cross-chain message. They routed stolen funds through Tornado Cash, while Arbitrum's Security Council has frozen about 30,766 ETH (~$71m). LayerZero contends KelpDAO ran a single-DVN configuration against best practices; KelpDAO blames LayerZero's infrastructure.

🔒 KelpDAO reported a cross-chain exploit on April 18 that resulted in the theft of roughly 116,500 rsETH (about $293 million), funds which were then routed through Tornado Cash. The attacker compromised the verifier's RPC nodes in the DVN layer, feeding falsified chain data while DDoS-ing healthy nodes to force reliance on poisoned endpoints and accept a forged cross-chain message. LayerZero, Unichain and partners assisted in the investigation, which attributed the operation to the state-sponsored Lazarus Group, and KelpDAO paused rsETH contracts across Ethereum mainnet and L2s.

🔒Seiko USA's website was briefly defaced over the weekend, showing a page titled 'HACKED' in the Press Lounge that replaced normal content with an extortion notice. The attackers claimed they had accessed the company's Shopify backend and exfiltrated the entire customer database, including names, email addresses, phone numbers, order history, shipping data, and account details. The message instructed Seiko to contact a specific customer account (ID 8069776801871) and warned of a 72-hour deadline before publishing the alleged data; Seiko has removed the message and has not publicly confirmed the incident.

🔒 Vercel disclosed a data breach after a compromised third-party AI application, Context.ai, abused Google Workspace OAuth to access an employee account and read environment variables that were not marked as 'sensitive'. Vercel says variables designated as 'sensitive' are stored unreadable and there is no evidence those values were accessed. A limited subset of customers had credentials exposed and have been contacted to rotate secrets. Vercel is working with Mandiant, other cybersecurity firms and law enforcement while urging customers to review logs, enable sensitive-variable protections and rotate tokens.

🔐 Grinex, a Kyrgyzstan-based exchange believed to be the successor to Garantex, said a "large-scale cyber-attack" by foreign intelligence agencies last week resulted in the theft of one billion rubles (about $13.2m) from Russian customers and forced it to suspend operations. The firm said it filed a criminal complaint and published the crypto address where the funds were allegedly deposited after being converted to TRX. Blockchain forensics firm Chainalysis disputed the account, noting the rapid swap into TRX via a Tron-based DEX mirrors known laundering tactics and raised the possibility of a false-flag operation or an insider exit scam.

🔒 Vercel disclosed a security breach tied to a compromised Context.ai account used by an employee, which enabled an attacker to take over the employee's Vercel Google Workspace account. The actor accessed some Vercel environments and environment variables that were not marked sensitive, while encrypted sensitive variables show no evidence of exposure. Vercel is working with Mandiant, law enforcement and Context.ai, and has contacted affected customers to rotate credentials and investigate further.

🔒 Vercel has disclosed an unauthorized access incident that affected a limited subset of customers and certain internal systems. The company says its public services remain operational while it investigates the incident with external incident response experts and law enforcement. Vercel is notifying impacted customers and urging them to review environment variables, enable the sensitive environment variable feature where available, and rotate secrets or tokens if there is any suspicion of exposure.

🚨 Grinex, a Kyrgyzstan-incorporated cryptocurrency exchange sanctioned by the U.K. and the U.S., said it is suspending operations after reporting a $13.74 million theft it attributes to Western intelligence agencies. The company alleges the attack, which it says demonstrates unprecedented technical sophistication, stole over 1 billion rubles from user accounts on April 15, 2026. Blockchain investigators at Elliptic, TRM Labs, and Chainalysis report the funds were rapidly routed to TRON and Ethereum addresses and swapped into non‑freezable tokens, complicating asset recovery.

🚨 Kyrgyzstan-based cryptocurrency exchange Grinex has suspended operations after reporting a $13.7 million theft from wallets used by Russian customers. The platform, believed to be a rebrand of Garantex, enables ruble-crypto flows and used a ruble-backed stablecoin A7A5. Grinex alleges the attack shows signs of involvement by 'foreign intelligence agencies', while blockchain analysts traced funds to TRON and Ethereum addresses and conversion via SunSwap; independent reports have not publicly confirmed the exchange's attribution.