All news with #data breach tag

🛡️ Bitrefill says a cyberattack in early March was likely carried out by North Korea’s Lazarus/BlueNoroff cluster, citing reused IPs, emails, malware, and on-chain tracing as linking indicators. The company traced the intrusion to a compromised employee laptop and stolen legacy credentials that exposed a snapshot containing production secrets and some cryptocurrency wallets. Bitrefill reports about 18,500 exposed purchase records (including 1,000 with names), believes losses were limited and will be covered from capital, and is strengthening security controls and monitoring.

📱 Zimperium zLabs reports a global surge in mobile banking malware targeting 1,243 financial brands across 90 countries. The firm analysed 34 active malware families affecting apps with more than three billion downloads and found industrialised campaigns exploiting weak app protections and widespread code sharing. Attacks now intercept authentication codes, hijack live sessions and can take control of devices, undermining traditional backend fraud controls.

🔒 The FCA has issued clarified rules on reporting cyber-related incidents and supplier outages to give firms greater certainty about what to report and when. The update creates a streamlined regime coordinated with the PRA and the Bank of England, introduces a single reporting portal, removes duplicated reporting for payment service providers and credit rating agencies, and refines required information so most firms can use a short form. Firms have 12 months to prepare; the changes take effect on 18 March 2027.

🔒 Aura confirmed an unauthorized party accessed nearly 900,000 records containing names and email addresses after a voice‑phishing attack targeted an employee. The company says the data came from an inherited marketing tool tied to a 2021 acquisition and affected roughly 20,000 current and 15,000 former customers, while noting Social Security numbers, account passwords, and financial data were not exposed. Have I Been Pwned added the leak to its database and observed customer service comments and IP addresses among the files. Aura is conducting an internal review with external experts, has notified law enforcement, and plans to send personalized notifications to affected individuals.

🔒 Marquis, a Texas-based financial services provider, says a ransomware gang stole data for 672,075 people after compromising a SonicWall firewall on August 14, 2025. The attackers exfiltrated names, dates of birth, addresses, phone numbers, Social Security and Taxpayer Identification numbers, and financial account details without security codes. The breach disrupted operations at 74 banks and has prompted lawsuits and numerous consumer class actions.

🔐The South Korean National Tax Service inadvertently published the mnemonic recovery phrase for a seized Ledger cold wallet when releasing photos from raids on high‑value tax evaders. The unredacted handwritten note allowed anyone to restore the wallet and transfer assets, and within hours 4 million Pre‑Retogeum (PRTG) tokens—about $4.8 million at the time—were moved out. The incident highlights operational security failures in handling digital evidence and the critical importance of redaction and custody procedures.

🔒 Companies House says its WebFiling service is back after a security flaw introduced in October 2025 exposed data for about five million U.K. companies. The bug let authenticated users view other firms' dashboards — including dates of birth, residential addresses and company email addresses — by navigating back after attempting a 'file for another company' action. The agency says no passwords or identity‑verification documents were accessed, and it has reported the issue to the ICO and NCSC while investigating whether any data was accessed or changed without permission.

🛑 The UK’s Companies House has suspended its WebFiling dashboard after researchers Dan Neidle and John Hewitt revealed a simple flaw that allows an authenticated user to view another company’s dashboard by selecting “file for another company” and using the browser back button to bypass an authentication code. The weakness could expose personal and corporate details for millions of directors and, in some cases, permit unauthorized changes to registrations. The agency is investigating and directors are advised to review their filings.

🔒 Starbucks disclosed a data breach that exposed personal and financial information from Starbucks Partner Central accounts belonging to employees. The company says it discovered unauthorized access on February 6 after threat actors obtained login credentials via websites impersonating Partner Central, compromising 889 accounts. Exposed data may include names, Social Security numbers, dates of birth, and bank account/routing numbers. Starbucks notified law enforcement and is providing two years of Experian identity and credit monitoring to affected partners.

🔒 Telus Digital, a BPO provider to global clients, is investigating a significant cybersecurity incident after extortion group ShinyHunters claimed to have exfiltrated up to one petabyte of data. The company says core operations and customer connectivity remain unaffected and that it has engaged leading forensics teams and law enforcement. Early indications point to abuse of legitimate access rather than an obvious malware intrusion, and Telus is notifying affected customers and implementing additional safeguards.

🔒 Loblaw Companies Limited has detected an intrusion into a contained, non-critical portion of its IT network and confirmed that a criminal third party accessed basic customer information. The exposed data includes names, phone numbers, and email addresses, which could be used for phishing and fraud. Loblaw says there is no evidence that financial information, health data, or account passwords were compromised and that PC Financial has not been impacted. The company has automatically logged customers out, urges users to sign in again and change passwords, and continues to investigate.

🔒 Telus Digital has confirmed a cybersecurity incident after threat actors identifying as ShinyHunters claimed to have exfiltrated nearly 1 petabyte of data from the company's BPO systems over several months. The attackers say they used Google Cloud credentials found in the Salesloft/Drift breach to access a large BigQuery instance and then used trufflehog to locate additional secrets and pivot to other systems. Telus says it discovered unauthorized access to a limited number of systems, engaged forensic experts, is investigating what was stolen and which customers were affected, and reports no evidence of customer connectivity or service disruption.

✈️ Flare researchers found that airline miles and hotel points are being treated as commodities in underground markets, where stolen loyalty accounts are traded, redeemed for legitimate bookings, and resold at discounts. Actors post inventory-style listings in messaging groups, often advertising full email access to reduce recovery chances. Observed pricing averaged roughly $1 per 1,000 miles, and major programs were favored for liquidity and resale value. The fraud chain typically follows a four-stage cycle from account takeover to resale.

⚖️ Police Scotland was fined £66,000 and reprimanded after an Information Commissioner’s Office (ICO) investigation found the force extracted and then mistakenly shared the full contents of a female detective’s phone with the officer she accused of rape. The disclosed material reportedly included intimate photos, medical records and contact details. The ICO said the force failed to limit data sharing, implement appropriate organisational and technical measures, and notify the regulator within the required 72‑hour timeframe.

🏥 Leading medical technology company Stryker is experiencing a severe, global outage after a wiper malware attack claimed by Handala, an Iran-linked hacktivist group. The attackers say they stole 50 TB of data and remotely wiped over 200,000 systems, servers, and mobile devices, forcing shutdowns across 79 countries. Employees report managed Windows and mobile devices were reset, internal services were disrupted, and some sites reverted to pen-and-paper workflows while Stryker works with Microsoft to restore systems.

⚠️ Salesforce is urging customers to review Experience Cloud guest configurations after a reported campaign tied to the cybercrime group ShinyHunters that claims breaches of hundreds of organizations. Attackers are exploiting overly permissive guest user settings and a modified version of the open-source Aura Inspector to scan the /s/sfsites/aura endpoint and extract data. Salesforce recommends auditing guest profiles, disabling public API access for guest users, restricting object visibility, and enforcing least-privilege.

🧠 In February 2026, cybersecurity firm Oversecured audited 10 popular Android mental‑health apps and found 1,575 vulnerabilities — 54 rated critical — across apps with a combined 14.7M+ installs. Findings include insecure local storage, hardcoded API endpoints, weak token generation using java.util.Random, and no root detection, contradicting many apps’ claims of full encryption. The report highlights the real risk of exposure of therapy transcripts, mood logs, and medication data and urges users to review permissions, update apps, and avoid third‑party sign‑ins.

🔒 Ericsson Inc. disclosed a data breach impacting 15,661 employees and customers after a third-party service provider detected suspicious activity and identified possible unauthorized access to stored files. Investigators say files may have been accessed between April 17 and April 22, 2025, and the incident was detected on April 28, 2025; a detailed review completed on February 23 confirmed exposure of personal information. The types of data potentially exposed include names, addresses, Social Security numbers, driver’s licence or government ID numbers, financial and medical information. Ericsson notified the FBI, filed state breach notices, did not name the vendor, and is offering complimentary identity protection services through IDX to affected individuals.

🔒 Salesforce has urged Experience Cloud customers to audit configurations after the ShinyHunters group reportedly stole data from hundreds of sites by exploiting overly permissive guest user settings. Attackers used a customized fork of the open-source Aura Inspector to mass-scan the /s/sfsites/aura API endpoint, identify exposed CRM objects and extract contact details. Salesforce stressed this is a customer configuration issue, not a platform vulnerability, and recommended immediate audits and permission tightening.

🔒 Ericsson Inc.'s U.S. subsidiary disclosed that attackers stole personal data for an undisclosed number of employees and customers after a breach at a third‑party service provider detected on April 28, 2025. The provider's investigation found files were accessed between April 17 and April 22, 2025, and a review completed on February 23, 2026 identified exposed personal information. Ericsson says it has not seen evidence of misuse and is offering free IDX identity protection and monitoring to affected individuals, with enrollment open through June 9, 2026.