All news with #data breach tag

🔐 Over a dozen companies experienced data theft after attackers used stolen authentication tokens from a breached SaaS integrator to access cloud accounts. The majority of observed incidents targeted Snowflake, which reported "unusual activity" and said a small number of customer accounts were impacted. Snowflake emphasized that its systems were not compromised and that it locked down potentially affected accounts and notified customers. BleepingComputer sources point to an alleged breach at Anodot, and the extortion gang ShinyHunters claims responsibility.

🔒 Telehealth offers fast, convenient access to care but creates persistent medical records that are highly valuable to criminals. Stolen health data — from diagnoses and prescriptions to insurance IDs and test results — often fetches far more than payment or social-login credentials and enables extortion, fraud, and identity theft. The rise of AI-driven fake clinics and diagnostic tools makes realistic phishing and data-harvesting sites easier to create. Protect yourself by using a dedicated medical email, avoiding social sign-in, enabling 2FA, using clinic-provided encrypted portals, and keeping health devices patched.

🔒 Organizations must move beyond checkbox breach monitoring to defend against fast-moving infostealers. Ran Geva (CEO, Webz.io & Lunar) warns that monthly scans and reliance on MFA, EDR, or zero-trust alone often miss stolen credentials, session cookies, and stealer logs. With 4.17 billion compromised credentials observed in 2025 and high breach costs, enterprises need continuous, forensic-grade monitoring, automated triage, and integrations that can reset credentials and invalidate sessions quickly.

🔒 Hims & Hers says support tickets were exfiltrated from its Zendesk instance after threat actors accessed a third-party customer service platform via a compromised Okta SSO account. The company reports the activity occurred Feb 4–7, 2026, was first noticed on Feb 5, and that an internal investigation concluded on March 3 that certain tickets were accessed or acquired without authorization. Potentially exposed information includes names, contact details, and other request-related data; the company states no medical records or doctor communications were affected and is offering 12 months of credit monitoring to impacted individuals.

🔒 Die Linke, a German democratic socialist party, has confirmed that the Russian-speaking ransomware group Qilin stole data from its network and is threatening to leak it. The party stated its membership database was not impacted, but attackers sought sensitive internal documents and employee personal information. Die Linke notified German authorities, filed a criminal complaint, and retained independent IT experts to restore affected systems. Qilin added the party to its leak site on April 1 but had not published any data samples.

📹 WebinarTV discovers public Zoom invites, joins meetings, secretly records the streams, and posts the videos on 404 Media. It does not use Zoom’s built‑in recording feature, so Zoom’s administrative controls and recording logs cannot detect or block these captures. This behavior raises significant privacy and consent concerns for organizers and participants of publicly announced meetings.

🔐 Drift confirmed that attackers drained about $285 million from its Solana-based decentralized exchange on April 1, 2026, using pre-signed transactions tied to durable nonce accounts. The company says no smart-contract vulnerability or compromised seed phrases were involved; attackers instead obtained multisig approvals through sophisticated social engineering and pre-signed authorizations. Threat intelligence firms TRM Labs and Elliptic report on-chain indicators linking the heist to DPRK-associated actors, noting use of Tornado Cash, cross-chain bridging and rapid laundering. Drift is coordinating with security vendors, bridges, exchanges and law enforcement to trace and attempt to freeze funds.

🔐 CERT-EU attributed a cloud compromise of the European Commission to TeamPCP, saying attackers used a compromised AWS API key allegedly stolen in a Trivy supply‑chain incident to access the Commission’s cloud and harvest secrets. The intruders used TruffleHog to locate additional credentials, attached a new access key to an existing user to evade detection, and carried out reconnaissance before exfiltrating data. The stolen dataset was later posted by ShinyHunters as a 90GB archive (≈340GB uncompressed), and CERT-EU confirmed the theft includes tens of thousands of files with personal information. CERT-EU reported no websites were defaced and found no evidence of lateral movement between Commission AWS accounts.

🔒 The Drift Protocol lost approximately $280 million after an attacker obtained administrative control of its Security Council by leveraging durable nonce accounts and pre-signed transactions to delay execution and strike at a chosen time. Drift stresses that no programs or smart contracts were exploited and no seed phrases were compromised. Protocol functions are largely frozen while the team coordinates with security firms, exchanges, and law enforcement.

🔒Drift Protocol lost at least $280 million after an attacker seized administrative control of its Security Council and drained protocol funds. Blockchain intelligence firms Elliptic and TRM Labs linked the operation to North Korean actors, citing on-chain tradecraft such as Tornado Cash use, CarbonVote timing, cross-chain bridging, and rapid laundering. Drift says no smart contract bugs or seed phrases were compromised; core functions are frozen while investigations continue.

🎣 In episode 461 of Smashing Security, host Graham Cluley and guest Danny Palmer discuss a remarkable Bitcoin mystery: an Irishman who converted drug proceeds into BTC in 2011 now allegedly controls $400 million, but the access codes were hidden in a fishing-rod case that disappeared — until one frozen wallet unexpectedly moved $35 million. The episode also covers a major data breach at Ajax Football Club that may have exposed the personal details of around 300,000 supporters, enabling ticket theft and manipulation of stadium ban lists. Additional topics include an Iran-linked compromise of the FBI director’s personal email, reliability differences between Windows and macOS, and a UK court case in which CCTV footage was used in a crypto theft claim.

🛡️According to the Iranian judiciary's mouthpiece Misan, the exile news portal Iranwire was allegedly breached and a large volume of sensitive material was taken, including correspondence, staff lists, informant identities and other highly confidential records. The site displayed a maintenance notice while continuing to post on social media, and authorities blamed the hacker group Handala, which has been linked to prior operations.

🔐 Cisco has confirmed a breach of its internal development environment after threat actors leveraged credentials stolen in the recent Trivy supply-chain compromise. Attackers used a malicious GitHub Action to harvest CI/CD credentials and clone more than 300 repositories, including source for AI-powered products and some customer code. Multiple AWS keys were also taken and used in limited unauthorized activity. Cisco has isolated affected systems, begun reimaging, and is rotating credentials while investigating ongoing fallout tied to related supply-chain attacks.

🔒 New analysis from law firm Nockolds shows employee data breaches reported to the UK Information Commissioner’s Office reached 3,872 incidents in 2025, a 5% year‑on‑year increase and about 29% above the 2019 baseline of 3,010. The report highlights a divergence in incident types: cyber-related breaches fell 6% to 1,568, while non-cyber incidents rose 15% to 2,304. Nockolds principal associate Joanna Sutton attributes the shift to hybrid working and gaps in physical and procedural safeguards, and urges closer collaboration between HR and security teams to improve training, policies and risk controls.

🔒 U.S. prosecutors have charged 36-year-old Jonathan Spalletta, known online as 'Cthulhon' and 'Jspalletta', with stealing more than $53 million after hacking the Uranium Finance crypto exchange twice and laundering proceeds through a cryptocurrency mixer. The indictment alleges he abused multiple smart contract coding flaws in April 2021 to drain liquidity pools and extorted a sham bug bounty. A 2025 search recovered high-value collectibles and about $31 million in cryptocurrency; Spalletta faces computer fraud and money laundering counts that carry substantial prison terms.

🔒The Dutch Ministry of Finance has taken several systems offline, including its digital portal for treasury banking, while investigating a security breach first detected on March 19. Around 1,600 public institutions are currently unable to view treasury balances or use portal services, though participants retain full access to funds and incoming/outgoing payments continue through regular banking channels. The ministry is working with the NCSC, external forensic specialists, and the national police; no data theft or responsible threat actor has been publicly confirmed.

🔒 CareCloud disclosed a cybersecurity incident on March 16 that caused a temporary network disruption and limited access to one of its six electronic health record (EHR) environments for approximately eight hours. The company engaged its cyber insurance carrier and a Big Four cyber response advisory team to perform forensic work and secure the environment. CareCloud says the attacker no longer has access, but the scope of exposed patient data and the number of impacted individuals remain under investigation.

⚠️ A software defect introduced during a routine overnight update on 12 March at Lloyds Banking Group briefly exposed transactions and account information belonging to as many as 447,936 customers across Lloyds, Halifax and Bank of Scotland mobile apps. Approximately 114,182 users clicked transactions that displayed other customers' details, which could include payment references and national insurance numbers. The bank reported the issue to regulators within required timeframes, paid £139,000 to 3,625 customers in compensation, and said it found no evidence of financial loss or fraud.

🔐The European Commission has confirmed a cyber-attack affecting cloud infrastructure that hosts the Europa.eu platform and says early findings indicate data were taken. The incident was detected on March 24 and announced on March 27; containment and forensic measures were deployed while internal systems reportedly remained unaffected. Screenshots and claims from ShinyHunters allege a roughly 350GB haul including mail servers, databases, NextCloud content and employee PII, and researchers warn the compromise could expose DKIM keys, SSO directories and other sensitive assets.

🔒 The European Commission has confirmed a data breach after its Europa.eu web platform was compromised in an attack claimed by the ShinyHunters extortion group. The intruders reportedly accessed at least one AWS account and exfiltrated hundreds of gigabytes, though the Commission says its internal systems were not affected. Authorities have been notified and an investigation is ongoing to determine the full impact.