All news with #data leak tag

China Accuses NSA of Multi-Stage Attack on NTSC Systems

🕒 The Chinese Ministry of State Security (MSS) has accused the U.S. National Security Agency (NSA) of a "premeditated" multi-stage cyber intrusion targeting the National Time Service Center (NTSC), which manages Beijing Time. The MSS says the campaign began with SMS-based compromises of staff devices in March 2022 and escalated through credential reuse and a deployed "cyber warfare platform" between August 2023 and June 2024. According to the statement, the platform employed 42 specialized tools, forged digital certificates, and high-strength encryption while routing traffic through VPSes across the U.S., Europe, and Asia; Chinese agencies say they detected, neutralized the activity, and reinforced defenses.

2025 APJ eCrime Landscape: Emerging Threat Trends and Risks

🔒 The CrowdStrike 2025 APJ eCrime Landscape Report outlines a rapidly evolving criminal ecosystem across Asia Pacific and Japan, driven by regional marketplaces and increasingly automated ransomware. The report highlights active Chinese-language underground markets (Chang’an, FreeCity, Huione Guarantee) and the rise of AI-developed ransomware, with 763 APJ victims named on ransomware and dedicated leak sites between January 2024 and April 2025. It profiles local eCrime groups (the SPIDER cluster) and service providers such as Magical Cat and CDNCLOUD, and concludes with prioritized defenses for identity, cloud, and social-engineering resilience.

New .NET CAPI Backdoor Targets Russian Auto and E-commerce

🔒 Seqrite Labs uncovered a new .NET implant named CAPI Backdoor linked to a phishing campaign targeting Russian automobile and e-commerce organizations. The attack leverages a ZIP archive containing a decoy Russian tax notice and a Windows LNK that loads a malicious adobe.dll via the legitimate rundll32.exe. The backdoor gathers system and browser data, takes screenshots, and communicates with a remote C2 for commands and exfiltration. Persistence is achieved through scheduled tasks and a Startup LNK.

UK Weighed Destroying Data Hub After Decade-Long Intrusion

🔐 British officials briefly considered physically destroying a government data hub after uncovering a decade-long intrusion attributed to China-aligned actors. The breach reportedly exposed official-sensitive and secret material on government servers, though no top secret data was taken. Rather than demolish the facility, the government implemented alternative protections and commissioned a classified review. Cybersecurity experts say the episode underscores the critical need to secure supply chains and hunt long-term APT presence.

Envoy Air Confirms Oracle E-Business Suite Data Theft

🔒 Envoy Air confirmed that data was compromised from its Oracle E-Business Suite application after the Clop extortion gang listed American Airlines on its leak site. The carrier said it immediately launched an investigation, contacted law enforcement, and determined that no sensitive or customer data were affected, though limited business information and commercial contact details may have been exposed. The incident is tied to an August campaign by Clop, which exploited an E-Business Suite zero‑day (CVE‑2025‑61882) and is now publishing claimed stolen files.

Over 266,978 F5 BIG-IP Instances Exposed to Remote Attacks

⚠️ Shadowserver Foundation reports 266,978 internet-exposed F5 BIG-IP instances after F5 disclosed a breach in which nation-state actors stole source code and information on undisclosed BIG-IP flaws. F5 issued patches addressing 44 vulnerabilities and urged immediate updates for BIG-IP, F5OS, BIG-IQ, and related products. CISA issued an emergency directive requiring federal agencies to patch or mitigate affected devices by set deadlines. Nearly half of the detected instances are in the United States, with most others across Europe and Asia.

Cyberattack Disrupts Hohen Neuendorf City Administration

🔒 The Hohen Neuendorf city administration reported a cyberattack detected on October 7 that forced an immediate shutdown of its IT systems and left municipal operations running in a limited capacity. Contracted cybersecurity experts found indications attackers temporarily accessed and encrypted parts of the city's data holdings, preventing immediate inspection. Authorities say it cannot yet be confirmed whether personal data were stolen and that the city will notify affected individuals under GDPR if a data outflow is verified. Preliminary investigation points to security gaps at an external IT service provider that allegedly failed to report vulnerabilities as contractually required.

Significant Satellite Traffic Found Transmitted Unencrypted

⚠️Researchers used a commercial off-the-shelf satellite dish to perform the most comprehensive public study yet of geostationary satellite communications. They discovered a shockingly large volume of sensitive traffic—critical infrastructure telemetry, internal corporate and government communications, private voice calls and SMS, and consumer Internet streams such as in-flight Wi‑Fi—being broadcast unencrypted. Much of this data can be passively observed by anyone with a few hundred dollars of consumer-grade hardware, and a single transponder's footprint may cover up to 40% of the Earth's surface.

Prosper Data Breach Exposes Personal Data of 17.6M

🔒 Prosper has confirmed a data breach that may have exposed personal information for approximately 17.6 million customers. The company said unauthorized queries were made against customer and applicant databases and that the activity was shut down and access revoked on September 2. Prosper reported no operational disruptions or evidence of unauthorized account access or fund theft, has notified US law enforcement, and will offer affected customers credit monitoring once the scope is confirmed.

Hackers Steal Customer Data from Spanish Retailer Mango

🔒An external marketing service provider detected unauthorized access to customer personal data for the Spanish fashion company Mango. The attackers obtained first name, country, postal code, email address and telephone number for some customers, while last names, bank details and passwords were not accessed. Mango says its own systems remain secure and has notified the Spanish data protection authority (AEPD). Customers are urged to remain vigilant for phishing attempts via email, SMS or phone.

Nation-State Actor Steals F5 BIG-IP Source Code Exposed

🔒 On Oct. 15, 2025, F5 disclosed a nation-state compromise that exfiltrated source code and undisclosed vulnerability information from the BIG-IP product development and engineering knowledge platforms. F5 reports no evidence of modification to its software supply chain or access to CRM, financial, support case management, iHealth, NGINX or distributed cloud products. Unit 42 warns the theft could accelerate exploit development and recommends immediate patching, hardening, and targeted threat hunting for anomalous admin activity and configuration changes.

Sotheby's Data Breach Exposes Customer Financial Records

🔒 Sotheby's has notified customers that an intrusion detected on July 24 resulted in removal of sensitive data from its systems. After a two-month investigation the company determined exposed information includes full names, Social Security numbers and financial account details. Impacted individuals are being offered 12 months of free identity protection and credit monitoring through TransUnion while Sotheby's continues to assess the scope.

Have I Been Pwned Flags Prosper Breach Affecting 17.6M

🔐Prosper, a peer-to-peer lending marketplace, disclosed a security incident detected on September 2 that resulted in unauthorized access to company databases and the theft of customer and applicant data. While Prosper says it has found no evidence that attackers accessed customer accounts or funds, investigators report that Social Security numbers and other sensitive fields may have been exposed. Breach notification service Have I Been Pwned published that 17.6 million unique email addresses were impacted, though Prosper says it cannot yet validate that figure and is still determining which data elements were affected. The company has notified authorities and says it will offer free credit monitoring as appropriate.

Ransomware Victim Responses and Human Impact Analysis

🔒 Ransomware attacks inflict both operational and deep personal harm, often devastating small businesses lacking cash reserves and cybersecurity expertise. Research underscores lasting trauma, exhaustion, and financial ruin that can outlast technical recovery. Organizations should pair an incident response plan with compassionate leadership and employee support. Cisco Talos also warns of evolving supply‑chain campaigns targeting developers and job seekers, reinforcing the need for layered defenses.

2025 Insider Risk Report: Hidden Costs of Everyday Actions

🔍 The 2025 Insider Risk Report finds insider-driven data loss is widespread and costly, with 77% of organizations affected and many incidents stemming from human error or compromised accounts rather than malice. It warns that traditional DLP often lacks behavioral context and visibility across endpoints, SaaS, and GenAI. The report urges adoption of behavior-aware, AI-ready platforms and five practical practices to reduce false positives and prevent data loss.

US Q3 Report: Over 23 Million Data Breach Victims This Year

📊 The Identity Theft Resource Center (ITRC)'s Q3 2025 analysis found 835 publicly reported corporate data compromises in the United States, resulting in approximately 23 million victim notifications. That follows 1,732 incidents in H1 2025 and brings the year-to-date total to nearly 202 million victims. The report attributes 83% of breaches to cyber-attacks, highlights a rise in physical attacks, and criticizes the increasing frequency of notices that omit details about the cause. Major victims this quarter included Anne Arundel Dermatology, DaVita, TransUnion and several large healthcare providers.

ThreatsDay Bulletin: $15B Crypto Seizure, Weekly Risks

🔔 This week’s ThreatsDay bulletin highlights a historic U.S. DOJ seizure of roughly $15 billion in cryptocurrency linked to an alleged transnational fraud network, alongside active commodity malware, phishing-as-a-service, and novel abuses of legitimate tools. Notable incidents include the Brazil-distributed Maverick banking trojan spread via a WhatsApp worm, consumer-grade interception of geostationary satellite traffic, and UEFI BombShell flaws enabling bootkit persistence. Priorities: identity resilience, patching, and monitoring of remote-access and cloud services.

Nation-state Breach Exposes F5 BIG-IP Source Code

⚠️ F5 has confirmed a nation-state actor maintained persistent access to its development systems, including the BIG-IP product development environment and engineering knowledge management platforms, with discovery in August and customer notification on October 15. The breach included stolen files containing BIG-IP source code and information on undisclosed vulnerabilities. While F5 reports no known active exploitation, it and CISA have urged immediate patching and mitigations, and the US government delayed public disclosure in September after a Justice Department order.

Capita fined £14M for 2023 breach exposing 6.6M people

🔒 The ICO fined Capita £14 million after a March 2023 cyberattack that exposed personal information for 6.6 million people and hundreds of clients, including 325 pension providers. Attackers—claiming responsibility as Black Basta—gained access via a malicious file, remained in systems for 58 hours, exfiltrated almost 1TB, and deployed ransomware. The fine was reduced from an initial £45 million after Capita accepted liability and implemented remediation measures, including enhanced access controls and customer protections.

F5 Confirms Source Code, Vulnerability Data Exfiltration

🔒 F5 Networks acknowledged that a highly sophisticated threat actor exfiltrated portions of BIG-IP source code, information about undisclosed vulnerabilities, and configuration data for a small percentage of customers. The company says there is no evidence of modification to its build pipelines or active exploitation of undisclosed critical vulnerabilities. F5 has released security updates for BIG-IP, F5OS, BIG-IP Next for Kubernetes, BIG‑IQ, and APM clients and urges customers to apply them immediately. CISA has directed federal agencies to assess internet-exposed BIG-IP devices, and F5 will provide eligible customers a free subscription to CrowdStrike Falcon EDR.