All news with #data breach tag

🔒 Salesforce warns customers that attackers are targeting misconfigured Experience Cloud sites by abusing the /s/sfsites/aura API, allowing guest users to access more data than intended. Threat actors have used a modified AuraInspector scanner and bespoke exfiltration tools; the extortion group ShinyHunters claims responsibility and reports hundreds of compromises. Salesforce stresses this stems from customer guest‑user settings, not a platform vulnerability, and provides immediate mitigation guidance.

🔒 TriZetto Provider Solutions (TPS) has reported a breach that impacted more than 3.4 million individuals after suspicious activity was detected in a customer-facing web portal on 2 October 2025. TPS confirmed that no payment card or bank account data were taken, but said names, addresses, dates of birth, Social Security numbers and health insurance identifiers may have been accessed. The company, owned by Cognizant, says it is working with law enforcement, has implemented additional security measures and is offering credit monitoring to those affected.

🔒 TriZetto Provider Solutions, part of Cognizant, disclosed a breach that exposed sensitive health and insurance records for about 3,433,965 individuals. The company detected suspicious portal activity on October 2, 2025, and determined that unauthorized access began on November 19, 2024. Exposed data may include names, addresses, dates of birth, Social Security numbers, Medicare and insurance identifiers, provider and insurer names, and other demographic or health information. TriZetto says no payment card or bank account data were exposed, has engaged external cybersecurity experts, notified law enforcement, alerted providers on December 9, 2025, and began customer notifications in early February 2026; affected individuals are being offered 12 months of credit monitoring and identity protection services from Kroll.

🔒 Law enforcement across 14 countries seized the LeakBase cyberforum, taking its database and two domains and targeting roughly 142,000 users. Authorities executed around 100 coordinated actions beginning March 3, including arrests, search warrants, and interviews in multiple jurisdictions. The captured data reportedly contained credential pairs, payment card details, bank account information, and other sensitive personally identifiable and business data. Investigators say the technical seizure unmasked users who believed they were operating anonymously and that authorities delivered prevention messages while continuing to trace digital trails.

🛡️ The Wikimedia Foundation experienced a security incident after a self‑propagating JavaScript worm began vandalizing pages and modifying user scripts across multiple wikis. The malicious code, traced to a user script User:Ololoshka562/test.js uploaded in March 2024, injected loaders into both user-level and global MediaWiki:Common.js. Engineers temporarily restricted editing, reverted malicious edits, rolled back affected user scripts, and removed the injected code, but a full post‑incident report has not yet been published.

🔒 Europol coordinated a multi-country operation with Amsterdam police that shut down Leakbase, described as one of the world's largest marketplaces for stolen data. Authorities seized the platform's servers in Amsterdam and said Leakbase had about 142,000 registered users worldwide. Investigators in 14 countries executed around 100 raids, targeting roughly 37 main users. The probe began in the Netherlands in 2023 and involved close cooperation with the U.S. FBI.

🔒 Amsterdam police, working with Europol and international partners, have shut down LeakBase, a major online marketplace for stolen data whose servers were located in Amsterdam. The platform had about 142,000 registered users and has been seized as part of a joint operation involving investigators from 14 countries and the FBI. Authorities conducted around 100 targeted operations aimed at 37 primary users. The site now displays a police notice warning that trading stolen data is a criminal offense.

🔒 Europol and international partners have taken down LeakBase, an English-language forum that trafficked stolen credentials and stealer logs, seizing two domains and the site's customer database. Coordinated actions on March 3 included arrests, house searches and interviews across the US, Australia, Belgium, Poland, Portugal, Romania, Spain and the UK. Europol said 37 of the forum’s most active users were targeted and vowed to continue tracing offenders as part of Operation Leak.

🔒 A coordinated international operation by the FBI and Europol dismantled LeakBase, a major clearnet forum used to trade stolen credentials and financial data. Authorities seized the site (leakbase[.]la), preserving user accounts, posts, private messages, credit details and IP logs as evidence. The disruption, dubbed Operation Leak, targeted administrators and heavy users and follows reporting that the forum hosted stealer logs and large hacked databases used in account takeover and fraud.

🔔 Customers of restaurants using HungerRush, a provider of POS, online ordering, delivery, and payment services, reported receiving mass extortion emails claiming millions of customer records would be exposed if the company did not respond. The messages were delivered via Twilio SendGrid infrastructure and, according to headers, passed SPF, DKIM, and DMARC checks for the hungerrush.com domain. Security researchers also reported an earlier infostealer infection on an employee device that allegedly harvested corporate credentials, though a direct link to a confirmed breach has not been established. Customers should be vigilant for targeted phishing and SMS scams that may leverage any exposed data.

🔒 The FBI has seized the LeakBase cybercrime forum and preserved data from more than 142,000 members as part of a multinational operation coordinated by Europol. On March 3–4 authorities seized two domains, switched nameservers to ns1.fbi.seized.gov and ns2.fbi.seized.gov, and posted a seizure notice. Investigators secured the forum database — including accounts, posts, private messages, credit details, and IP logs — for evidentiary use and executed arrests, searches, and interviews across the US, Australia, Belgium, Poland, Portugal, Romania, Spain, and the UK.

🔓AkzoNobel confirmed a security incident at a U.S. site after the Anubis ransomware group posted a partial data leak. The company says the intrusion was contained locally and the impact is limited, and it is notifying and supporting affected parties. Anubis claims about 170GB and nearly 170,000 files were stolen, including confidential agreements and passport scans.

🔒 LexisNexis has confirmed a breach after the threat actor FulcrumSec posted 2.04 GB of files allegedly exfiltrated from its AWS environment. The group says they exploited a React2Shell vulnerability in an unpatched React frontend container on February 24 to reach Redshift tables, VPC databases and plaintext Secrets Manager entries. LexisNexis characterizes the material as mostly legacy data from before 2020 and says it contained no Social Security numbers, driver’s license numbers, financial data, active passwords, customer search queries, client/matter data, or contracts.

🛡️ Black Kite's seventh annual Third-Party Breach Report shows supplier breaches have a far larger downstream impact than commonly recognized. In 2025 analysis of verified public disclosures and external telemetry, 136 confirmed incidents averaged 5.28 publicly named downstream victims per vendor, totaling 719 corporate victims and 433 million affected individuals, with vendors also reporting an additional 26,000 unnamed corporate victims. The study highlights concentration among software services, prolonged detection and notification delays, and pervasive exposure to critical vulnerabilities and leaked credentials, concluding that traditional third-party risk management is not keeping pace.

🔒 Cloud Imperium Games (CIG), developer of Star Citizen and Squadron 42, disclosed a breach discovered on 21 January 2026 in which attackers accessed certain backup systems. The company says unauthorized access affected limited user personal data — primarily account metadata and contact details such as username, name and date of birth. CIG states no credentials or payment information were stored in the affected systems, access was read-only, and it has found no evidence of data modification or public leakage while it continues to monitor and investigate the incident.

🔒 The University of Hawaii Cancer Center confirmed a ransomware breach that exposed data for nearly 1.2 million individuals after attackers accessed systems supporting its Epidemiology Division. Compromised files include names, Social Security numbers, driver's license numbers, and historical research health records collected in the 1990s and 2000s. UH says clinical operations, patient care, and student records were not affected and that it paid the actors for a decryption tool and to secure destruction of the stolen information.

🔓 South Korea’s National Tax Service inadvertently exposed the mnemonic recovery phrase of a seized Ledger hardware wallet in a press release, enabling an attacker to drain approximately $4.8 million in crypto. The assets were confiscated during raids on 124 high-value tax evaders, but photos released by authorities showed a handwritten seed phrase that was not redacted. On-chain analysis shows the attacker deposited ETH for gas and moved 4 million Pre-Retogeum (PRTG) tokens to a new address in three transactions. The NTS removed the press release, and it is unclear whether a formal investigation has been launched.

🛠️ ManoMano has notified customers that a security incident tied to a third‑party customer service subcontractor resulted in the unauthorized extraction of personal data for approximately 38 million individuals. Exposed information reportedly varies by interaction and may include full name, email address, phone number, and customer service communications; no account passwords were accessed. Identified in January 2026, ManoMano says it revoked the subcontractor’s access, strengthened controls, informed regulators, and is advising customers to remain vigilant against phishing and social engineering.

⚠️ Olympique de Marseille says it was the target of an attempted cyberattack after a threat actor claimed to have breached some servers and leaked a sample of allegedly stolen information. The actor claims the database includes details on about 400,000 individuals and more than 2,050 Drupal CMS accounts, including staff, contributors, and moderators. The club reports its technical teams and specialized providers quickly contained the situation, that operations continue normally, and that no banking details or passwords have been compromised; it has reported the incident to the CNIL and filed a complaint.

🔒 UFP Technologies disclosed a cybersecurity incident detected on February 14 that compromised portions of its IT environment and resulted in data theft. The company says it isolated affected systems, engaged external cybersecurity advisors, and believes the intruder has been removed with access restored in all material respects. Some functions such as billing and label making were impacted, and the firm is investigating whether personal information was exfiltrated.