All news with #data breach tag

🔔 As data breach notices become common, fraudsters increasingly send fake alerts or piggyback on real incidents to trick recipients into clicking malicious links or divulging credentials. These scams often demand immediate action, use spoofed sender addresses, and lack personal account details. Verify any notice by logging into the real account or contacting the organization through trusted channels, and reduce exposure with a password manager and MFA.

🔒 Cookeville Regional Medical Center has notified 337,917 patients that personal and medical data were accessed during a July 11–14, 2025 intrusion tied to the ransomware group Rhysida. The hospital began mailing breach letters in April 2026, roughly nine months after detection, and said files may include Social Security numbers, driver’s license data, treatment and insurance information. Rhysida claimed the attack in August 2025 and posted sample files; it demanded 10 Bitcoin. CRMC is offering 12 months of identity protection through Experian and reports additional security measures are in place.

🔒 The ShinyHunters extortion group has published data tied to 13.5 million McGraw Hill user accounts after exploiting a misconfiguration in a Salesforce-hosted webpage. McGraw Hill confirmed unauthorized access to a limited set of data and said its internal systems, courseware and customer databases were not affected. Leaked files — over 100GB by Have I Been Pwned — contain names, email addresses, phone numbers and physical addresses that could be used for targeted spear‑phishing.

🔐 More than 30 plugins in the EssentialPlugin package were found to contain a backdoor that grants unauthorized access to sites. The malicious code was introduced after the project's acquisition in August 2025 but remained dormant until recently, when updates delivered a downloader that injects malware into wp-config.php. The payload selectively displayed spam to Googlebot and used an Ethereum-based C2 for evasion. WordPress.org closed the affected plugins and issued a forced update, though configuration files may still be infected.

🔒 Kraken says a criminal group is attempting to extort the exchange by threatening to release videos that show internal support systems containing client data. The company says the incident resulted from an insider threat, with two instances of improper access by support employees and exposure limited to client support data. About 2,000 accounts (0.02% of users) were affected; Kraken says funds were never at risk. The exchange will not pay or negotiate and is working with federal law enforcement.

🔒 McGraw-Hill says unauthorized actors accessed a limited set of data hosted on a Salesforce webpage after a platform misconfiguration. The company emphasized this did not involve unauthorized entry to its Salesforce accounts, customer databases, courseware, or internal systems, and that exposed information was non-sensitive. McGraw-Hill secured the pages, engaged external cybersecurity experts, and is working with Salesforce to strengthen protections amid an extortion claim by ShinyHunters.

🚨Research by Socket uncovered a coordinated campaign of 108 malicious Chrome extensions that affected about 20,000 users. Distributed across gaming, social media and translation categories, these extensions appear legitimate while quietly harvesting sensitive data, including Google profiles and active web sessions. Operators used a single command-and-control infrastructure and shared code, complicating detection and enabling a Malware-as-a-Service model.

🔒 Basic-Fit, one of Europe's largest gym operators, disclosed unauthorized access to the system that records members' visits and said about 1 million members across the Netherlands, Belgium, Luxembourg, France, Spain and Germany were affected. The intrusion was detected and stopped within minutes, but investigators determined the attacker exfiltrated data including full name, address, email, phone number, date of birth, bank account details and membership information. Franchise-held customer records were stored separately and were not exposed. Basic-Fit says no identification documents or account passwords were accessed, and the company has notified regulators and continues to monitor the situation with external experts.

🔓 A data set allegedly belonging to Rockstar Games was published by the ShinyHunters extortion group after they say authentication tokens were stolen from Anodot and used to access connected Snowflake accounts. The leak reportedly contains more than 78.6 million records of internal analytics — including in‑game revenue, purchase metrics, player behavior, and game economy data for GTA Online and Red Dead Online — plus Zendesk support analytics. Rockstar said only a limited amount of non‑material company information was accessed and that the incident does not affect players.

🔒 Booking.com confirmed that unauthorized parties accessed booking information associated with some reservations. The company says it immediately forced PIN resets for affected current and past bookings and directly emailed impacted users with updated reservation PINs and guidance. Compromised fields may include full names, email and postal addresses, phone numbers, and communications with property providers. Booking.com warned customers to be vigilant for phishing and noted that app notifications were not sent, which has caused confusion.

🔒 This article explains privacy and security risks associated with smart sex‑toy apps and companion services, focusing on realistic threats such as data collection, account compromise, and server-side access rather than rare remote device takeovers. It outlines practical mitigations — create anonymous accounts, avoid social logins, limit app permissions, use a strong unique password with two‑factor authentication, and keep software updated. The guidance emphasizes minimizing shared personal data and avoiding identifiable media to reduce risks like stalking, blackmail, and targeted profiling.

🔐An analysis by Bellingcat found passwords for almost 800 Hungarian government email accounts circulating online, many tied to national-security roles. The exposure affected 12 of 13 government departments and involved weak, easily guessed credentials such as variations of "Password", sequences like "1234567", and simple surnames. The leaks reflect poor email hygiene rather than a sophisticated intrusion, and experts urge stronger credential practices including password managers and passkeys. Security teams are urged to deploy enterprise controls and regular training to prevent similar exposures.

🔒 Microsoft Defender disclosed a patched vulnerability in the EngageLab SDK that could allow co‑located apps on an Android device to bypass the system sandbox and access private app data. The issue, introduced in version 4.5.4 and characterized as an intent redirection vulnerability, affected many cryptocurrency and wallet apps—wallet installations exceeded 30 million and total installs topped 50 million. EngageLab released version 5.2.1 in November 2025 after a responsible disclosure in April 2025; detected vulnerable apps were removed from Google Play and developers are urged to update immediately.

🔒 Smart Slider 3 Pro update infrastructure was hijacked to push a malicious 3.5.1.35 release to WordPress and Joomla sites. The tampered update preserved normal slider functionality while installing multiple backdoors, creating a hidden administrator account, and exfiltrating credentials. The vendor urges immediate upgrade to 3.5.1.36 (or restoring to 3.5.1.34 or earlier) and advises treating affected sites as fully compromised.

🔒 The Figure breach exposed 967,200 email records without a single exploit, creating a large inventory adversaries can immediately weaponize for credential stuffing, AI-driven phishing, and help-desk social engineering. The article argues these exposures are operational inputs, not static data, and that common MFA methods — push notifications, SMS, and TOTP — are vulnerable to real-time relay (AiTM) attacks and MFA fatigue. Fixing the problem is architectural, not purely educational: effective defence requires cryptographic origin binding, hardware-bound private keys, and live biometric verification simultaneously.

🔒 Bitcoin Depot detected unauthorized access to parts of its corporate IT environment on March 23, which allowed attackers to use compromised credentials tied to digital asset settlement accounts. Threat actors transferred 50.903 Bitcoin (approximately $3.66m) out of company-controlled wallets before the activity was blocked. The company says customer-facing platforms and customer data were not affected, and operations have not been materially disrupted. External cybersecurity specialists and law enforcement are assisting the ongoing investigation.

🚆 Eurail says attackers stole personal information for over 300,000 customers after an unauthorized transfer of files from its network on December 26, 2025. The company disclosed the incident publicly in February and notified affected individuals by letter on March 27, reporting that records contained names, passport numbers and other sensitive identifiers. A sample of the stolen data was posted on Telegram and put up for sale on the dark web; Eurail advises customers to update Rail Planner passwords, reset reused passwords elsewhere, monitor bank accounts, and watch for phishing and suspicious transactions.

🪙 Bitcoin Depot confirmed on March 23, 2026 that an unauthorized actor accessed portions of its corporate IT environment and transferred approximately 50.903 BTC (about $3.665 million) from company-controlled wallets. The operator of more than 25,000 Bitcoin ATMs said it promptly activated incident response protocols, engaged external cybersecurity experts, and notified law enforcement while believing customer platforms and systems were not affected. On April 6, the company declared the incident material and warned that its cyber insurance may not cover all losses as the investigation continues.

🔒 A flaw in Google's API key model has allowed embedded Android app keys to gain silent access to the Gemini AI endpoints when the API is enabled in a project. CloudSEK's April 8 advisory found 32 active keys across 22 apps with more than 500 million installs and demonstrated retrieval of user-uploaded audio via the Gemini Files API. Developers should immediately audit projects, rotate exposed keys and apply strict API restrictions.

📈 The FBI reports U.S. victims lost a record $21 billion to cyber-enabled crime in 2025, a 26% rise from 2024, as the Internet Crime Complaint Center (IC3) logged more than one million complaints. Losses were led by investment fraud, business email compromise, tech-support scams, and data breaches, while cryptocurrency-related fraud topped $11 billion. The report includes 22,300 AI-related scam complaints totaling $893 million and shows seniors over 60 suffered disproportionately. The FBI says proactive interventions, including 3,900 Financial Fraud Kill Chain actions and Operation Level Up, helped freeze $679 million and alert thousands of likely victims; it urges verification before sending funds and reporting incidents to ic3.gov.