< ciso
brief />
Tag Banner

All news with #data breach tag

785 articles · page 5 of 40

Grafana Labs GitHub Breach Exposes Internal Repositories

🔒 Grafana Labs said an investigation into its May 11, 2026 incident found no evidence that customer production systems or Grafana Cloud operations were compromised. The company said the scope was limited to its GitHub environment, where both public and private source code and internal repositories containing business contact names and emails were accessed. Grafana attributed the breach to the TanStack npm supply chain attack by TeamPCP, rotated tokens, enhanced monitoring, and audited commits to secure its repositories.
read more →

GitHub Probes Alleged Internal Repositories Breach

🔒 GitHub is investigating unauthorized access to its internal repositories after the hacker group TeamPCP posted on the Breached forum claiming possession of approximately 4,000 private code repositories and seeking at least $50,000. GitHub said it currently has no evidence that customer data stored outside its internal repositories was affected and is monitoring infrastructure for follow-on activity. The company will notify any affected customers through established incident channels. TeamPCP has been linked to previous supply-chain compromises, raising broader concerns.
read more →

GitHub Investigates Internal Repo Breach and Sale Claims

🔒 GitHub is investigating unauthorized access to internal repositories after threat actor TeamPCP listed what it claims is the platform's source code and internal org data for sale. The company says it has no current evidence of customer impact outside internal repositories and has rotated critical secrets while monitoring for follow-on activity. GitHub reported the compromise involved a poisoned Visual Studio Code extension and directional consistency with the attacker's claim of ~3,800 repositories.
read more →

7-Eleven Confirms Data Breach Claimed by ShinyHunters

🔒 7-Eleven disclosed that an unauthorized party accessed systems used to store franchisee documents on April 8, 2026, and began notifying affected individuals on May 1. The company has not provided details on the number of affected people or specific data types exposed. The extortion group ShinyHunters claimed responsibility on April 17, alleging the theft of over 600,000 records from the company's Salesforce environment and later leaking a 9.4GB archive after ransom talks failed. 7-Eleven said it launched an investigation but has not commented further.
read more →

Grafana Labs Confirms Codebase Stolen, Ransom Demanded

🔒 Grafana Labs disclosed that an unauthorized party obtained a token granting access to its GitHub environment and downloaded portions of its source code. The company says its investigation found no customer data or personal information were accessed and no customer systems were impacted. It invalidated the compromised credentials, initiated forensic analysis, and implemented additional security controls. Reported extortion demands were received but Grafana has declined to pay.
read more →

Grafana: Stolen GitHub Token Led to Source Code Theft

📌 Grafana Labs says attackers used a stolen GitHub access token to access and download parts of its internal source code repository. The intrusion was claimed by the extortion group CoinbaseCartel, which added Grafana to its data leak site, though no customer data has been published. Grafana reports forensic analysis found no evidence of exposed customer or personal data and that customer systems were unaffected. The company invalidated the compromised credentials, refused the extortion demand, and will publish a detailed post-incident report after completing its investigation.
read more →

Grafana GitHub Token Breach Exposes Codebase Access

🔒 Grafana disclosed that an unauthorized party obtained a token that allowed access to its GitHub environment and the download of parts of its codebase. The company says no customer data or personal information were accessed and that it launched a forensic investigation, invalidated the compromised credentials, and implemented additional security controls. The attacker attempted to extort Grafana, demanding payment to avoid publishing stolen material, but the company declined to pay following FBI guidance. Reports link the claim to CoinbaseCartel, a recent data‑extortion group.
read more →

OpenAI Confirms Device Breach in TanStack Supply Attack

🔒 OpenAI confirmed that two employee devices were breached in the Mini Shai-Hulud/TanStack supply-chain attack that compromised hundreds of npm and PyPI packages. The company said customer data, production systems, intellectual property, and deployed software were not impacted. OpenAI isolated affected systems, revoked sessions, rotated credentials, and engaged a third-party forensic firm. It is rotating code-signing certificates as a precaution, requiring macOS users to update desktop apps before June 12, 2026.
read more →

West Pharmaceutical hit by cyberattack; data stolen

🔒 West Pharmaceutical Services disclosed a cyberattack detected on May 4, 2026, that resulted in data exfiltration and encryption of certain systems. The company took affected infrastructure offline globally for containment, notified law enforcement, and engaged external responders including Palo Alto Networks Unit 42. Core enterprise systems supporting shipping and manufacturing have been partially restored, but full recovery and the scope of stolen data remain under investigation.
read more →

Instructure Reaches Agreement After Canvas Data Breach

🛡️ Instructure says it has reached an agreement with the unauthorized actor responsible for the Canvas breach that affected nearly 9,000 educational institutions. The company reported the stolen data was returned and provided what it described as digital confirmation of its destruction, without disclosing whether a payment was made. ShinyHunters are believed to be behind the incident and Instructure has taken containment steps while warning customers to stay vigilant against phishing.
read more →

Gentlemen RaaS Leak Reveals Modern Ransomware Risk

🔍 Check Point Research details a May 2026 compromise of The Gentlemen's backend that exposed chat logs, rosters, negotiation transcripts and tooling discussions. The leak shows a compact operation of roughly nine operators centered on a single administrator (zeta88 / hastalamuerte) who built the RaaS panel with AI coding assistants and participated in attacks. Initial access is mostly via unpatched edge devices or purchased credentials, and chain-victimization was observed. Check Point has notified law enforcement.
read more →

US Committee Seeks Instructure Testimony on Canvas Breach

📢 The U.S. House Committee on Homeland Security has requested Instructure CEO Steve Daly to testify about two recent ShinyHunters attacks that breached the Canvas learning platform and disrupted final exams. The incidents exposed student and staff data and defaced login portals, impacting institutions nationwide. The committee seeks details on containment, notification, coordination with federal agencies, and raises concerns about Instructure’s incident response.
read more →

UK Fines Water Supplier £963,900 After Data Breach

🔒 The ICO fined South Staffordshire Water Plc and parent South Staffordshire Plc £963,900 after a cyberattack that exposed the personal data of 663,887 customers and employees. The incident, traced back to September 2020 and active mainly between May and July 2022, began with a phishing intrusion that enabled malware to remain undetected for 20 months. The regulator identified multiple security failures, including insufficient privilege controls, monitoring that covered only about 5% of the IT estate, use of obsolete software and poor vulnerability and patch management.
read more →

Škoda Warns of Customer Data Breach After Shop Hack

🔒 Škoda Auto has disclosed a data breach after attackers exploited a vulnerability in its online shop software, gaining unauthorized access to customer records. The automaker said the issue was detected via technical security monitoring, the flaw was fixed, and the incident was reported to authorities. Stolen data included names, addresses, contact details, order information, and login credentials (email and hashed passwords), while full credit card data was not stored on the compromised system. Škoda has engaged IT forensics, warned customers about potential phishing and credential reuse, and urged vigilance.
read more →

RubyGems Pauses New Signups After Major Malicious Attack

🔒 RubyGems has temporarily disabled new account registrations after a coordinated malicious campaign targeted the registry, forcing maintainers to pause signups while they investigate. Mend.io and RubyGems report hundreds of affected packages; some contained exploits and junk spam. The maintainers are removing malicious gems, blocking bot accounts, and coordinating with Fastly to enable a WAF and tighter rate limits before reopening signups.
read more →

Instructure Reaches Agreement with ShinyHunters, Data Returned

🛡️ Instructure says it reached an agreement with ShinyHunters after a breach of its Canvas LMS that exposed usernames, emails, course names, enrollments, and messages. The actor returned the stolen data and supplied shred logs confirming destruction. Instructure attributes the intrusion to XSS flaws in the Free-for-Teacher environment, has restored Canvas, and temporarily disabled that free tier while investigating and monitoring activity.
read more →

Instructure Pays Ransom After Canvas Data Breach Fallout

🔒 Instructure said it reached an agreement with an unauthorized actor after a breach that exposed data from its Canvas learning platform, asserting the stolen data was returned and digitally destroyed. The company said the agreement covers all impacted customers and that it believes no customers will be separately extorted. It has engaged forensic vendors, revoked credentials, rotated keys, and temporarily disabled Free‑For‑Teacher accounts while it completes its review.
read more →

ShinyHunters Escalates Canvas Extortion Against Schools

🔒 A ShinyHunters “pay or leak” extortion campaign has targeted the education sector after the compromise of Instructure, operator of the Canvas LMS. The April 25 breach reportedly exposed around 275 million records and more than 3.65 TB of data via a vulnerability in the Free‑For‑Teacher Canvas version. After an initial ransom demand and a May 8 deadline, the group extended its timeline and began school‑by‑school extortion, defacing roughly 330 institutional login pages. Affected organizations are urged to change Canvas‑related passwords, enable multi‑factor authentication and heighten phishing awareness.
read more →

Zara Data Breach Exposes 197,000 Customers' Records

🔒 A ShinyHunters campaign has compromised data for over 197,000 Zara customers, according to HaveIBeenPwned. Stolen items include unique email addresses, product SKUs, order IDs and support ticket data after stolen authentication tokens from analytics provider Anodot were used to access BigQuery and Snowflake instances; the group leaked a claimed 140GB trove. Inditex says no names, passwords or payment details were affected and operations remained unaffected. Other reported victims include Vimeo, Rockstar Games and McGraw Hill.
read more →

NVIDIA Confirms GeForce NOW Data Breach in Armenia

🔒 NVIDIA confirmed that GeForce NOW user information was exposed in a breach limited to Armenia after a regional partner's infrastructure was compromised. The company said its own network and NVIDIA-operated services were not affected and it is assisting the partner. Regional operator GFN.am said the incident occurred March 20–26 and that impacted users will be notified. Exposed fields reportedly include names, emails, phone numbers, dates of birth and usernames; no passwords were exposed.
read more →