All news with #data leak tag

Adobe Analytics ingestion bug leaked customer data

⚠️ Adobe warns that a performance optimization change to Adobe Analytics data collection introduced an ingestion bug on September 17, 2025 at 12:20 UTC that caused some organizations' tracking fields to be overwritten with values from other customers' streams. Adobe reverted the change on September 18 at 11:00 UTC, said the issue was not caused by malicious activity, and reported roughly 3–5% of collected rows were corrupted. Impacted channels include Data Feeds, Live Stream, scheduled reports, and downstream products; Adobe has instructed affected customers to immediately delete any data received during the incident window while engineering teams cleanse impacted datasets.

WestJet breach exposes travel documents of 1.2M customers

🔒 WestJet confirmed a cybersecurity incident that exposed personal data for about 1.2 million customers, including passports and government IDs. Attackers used social engineering to reset an employee password and accessed the network via Citrix, later moving through Windows and Microsoft cloud systems. The airline said no card numbers, CVVs, expiry dates, or user passwords were compromised and has offered two years of identity protection while working with the FBI.

WestJet Confirms Breach Exposed Customers' Passports

🔒 WestJet has confirmed that a cybersecurity incident disclosed on June 13 exposed sensitive customer information, including passports and other government IDs, according to a notification shared with U.S. authorities. The airline said an investigation completed on September 15 found impacted records varied by individual and could include full name, date of birth, mailing address, travel documents, loyalty program details, and certain card account information. WestJet emphasized that no credit or debit card numbers, expiry dates, CVV codes, or user passwords were compromised and is offering free two-year identity theft protection to affected customers. The company said the FBI is involved in the probe and that it is still working to determine the full scope of the incident.

Data Leak at Kido Kindergartens Exposes Children's Data

🚨 A ransomware group calling itself Randiant claims to have attacked UK childcare operator Kido, publishing names, photos, addresses and family contact details for ten children from one of Kido's London nurseries and threatening to release further data unless a ransom is paid. The attackers' leak page alleges data on more than 8,000 children was exfiltrated. Kido has not yet issued a public statement; London police say an investigation is ongoing. Kido also operates sites in the United States, India and China.

UK backs Jaguar Land Rover with £1.5 billion loan guarantee

🔒 The UK Government has granted Jaguar Land Rover a £1.5 billion loan guarantee via UK Export Finance's Export Development Guarantee (EDG) to help the automaker recover after a severe cyberattack halted production and forced system shutdowns. The guarantee backs a commercial bank loan rather than direct state lending, reducing lender risk so JLR can secure larger, better-priced financing and immediate liquidity to pay suppliers. Repaid over five years, the measure is intended to stabilise the supply chain and protect thousands of jobs while JLR works with the NCSC, law enforcement and cybersecurity specialists during a phased return to manufacturing.

Harrods Breach Exposes 430,000 E-commerce Customer Records

🔒 Harrods has confirmed a new data breach after a compromise at a third-party supplier exposed 430,000 e-commerce customer records. The disclosed information primarily comprises names, contact details and internal marketing tags, while account passwords, payment information and order histories were not included. The retailer says this incident is separate from the May attack attributed to Scattered Spider and that the threat actor has contacted them, apparently seeking extortion. Harrods has notified affected customers and authorities and urges vigilance against phishing and social engineering.

September 2025 security roundup — key incidents and guidance

🔐 Tony Anscombe reviews the top cybersecurity stories for September 2025 and highlights their implications for defenders. Incidents include disruptions at major European airports after a ransomware attack on Collins Aerospace, a prolonged outage at Jaguar Land Rover following an IT breach, and a large npm supply‑chain compromise that drew a CISA alert. He also notes impersonation campaigns targeting macOS users with LastPass‑themed information‑stealers.

Harrods Supply Chain Breach Affects E-commerce Customers

🔒 Harrods has disclosed that some e-commerce customer data was stolen via a breach at a third-party provider, with the retailer notifying affected customers on Friday. The company says the exposed information is limited to basic personal identifiers such as names and contact details and does not include account passwords, payment details or order history. Harrods also said it was contacted by a threat actor but refused to engage, and that this incident is separate from attempts to access Harrods systems in May. Reports indicate as many as 430,000 customer records may have been impacted, in a broader environment of rising retail ransomware and supply-chain risk linked to groups such as Scattered Spider.

LockBit 5.0 Released: Faster ESXi Encryption, Evasion

🔒 LockBit 5.0 introduces faster ESXi drive encryption and enhanced evasion techniques, according to Trend Micro. The release includes Windows, Linux and VMware ESXi variants featuring heavy obfuscation, ETW patching, DLL reflection and hypervisor-targeted encryption designed to amplify impact. Researcher Jon DiMaggio describes the update as largely incremental fine-tuning and self-branding aimed at restoring affiliate trust after Operation Cronos.

MCP supply-chain attack via squatted Postmark connector

🔒 A malicious npm package, postmark-mcp, was weaponized to stealthily copy outgoing emails by inserting a hidden BCC in version 1.0.16. The package impersonated an MCP Postmark connector and forwarded every message to an attacker-controlled address, exposing password resets, invoices, and internal correspondence. The backdoor was a single line of code and remained available through regular downloads before the package was removed. Koi Security advises immediate removal, credential rotation, and audits of all MCP connectors.

Qantas Docking CEO Pay Signals Cyber Accountability Shift

🔒 Qantas' board docked CEO Vanessa Hudson and other executives after a June 30 cyber incident that exposed the personally identifiable information of nearly 6 million passengers, deducting A$800,000 from bonuses and cutting annual payouts by 15 percentage points. The move is being compared to high-profile past actions, such as Yahoo's 2017 bonus denial. Security leaders say the decision reflects a broader trend of boards and regulators holding top executives personally and financially accountable for cybersecurity failures.

Co-op Cyberattack Costs Group an Estimated £120 Million

🔒 In its latest half-year report the Co-operative Group said it expects to lose about £120 million in profits this financial year after a cyberattack forced temporary shutdowns of parts of its IT estate. The company reported that personal data for roughly 6.5 million members was stolen, prompting operational disruption across its supermarkets as well as its financial and funeral services. The identity of the attackers remains unclear and investigations are ongoing.

SpyCloud: Identity Blind Spots Raise Ransomware Risk

🔒 The SpyCloud 2025 Identity Threat Report exposes a gap between confidence and capability: 86% of security leaders say they can prevent identity-based attacks, yet 85% of organizations experienced ransomware in the past year, with over one-third hit six to ten times. A survey of 500+ security leaders in North America and the UK highlights identity sprawl across SaaS, unmanaged devices and third-party ecosystems. The report notes phishing, credential reuse and exposed sessions increasingly enable persistent access. It warns that most organizations lack automated remediation, repeatable workflows and formal investigation protocols.

Cyber Risk Assessments: Making CISO Efforts Visible

🛡️ Cyber Risk Assessments enable CISOs to quantify enterprise cyber risk and demonstrate the impact of security work. They uncover vulnerabilities across infrastructure, networks and cloud data, helping teams prioritize remediation and allocate resources where they matter most. Assessments also support compliance with regulations such as GDPR and PCI DSS, delivering actionable reports that document progress for management.

Mass Exposure of Indian Bank NACH Transfer PDFs Repository

🔓 UpGuard discovered a publicly accessible Amazon S3 bucket containing roughly 273,160 PDF documents formatted as NACH MANDATE records that documented bank transfers in India. The files exposed unredacted bank account numbers, transaction amounts and, in many cases, individuals’ names, phone numbers and email addresses. A 55K-file sample (~42 GB) showed 38 financial institutions represented, with AyeFin appearing in nearly 60% of sampled records. UpGuard notified AyeFin and NPCI, escalated to CERT‑IN when the bucket continued to grow, and verified the repository was secured on September 4.

Malicious npm 'postmark-mcp' Release Exfiltrated Emails

📧 A malicious npm package posing as the official postmark-mcp project quietly added a single line of code to BCC all outgoing emails to an external address. Koi Security found the backdoor in version 1.0.16 after prior releases through 1.0.15 were verified clean. The tainted release was available for about a week and logged roughly 1,500 downloads. Users are advised to remove the package, rotate potentially exposed credentials, and run MCP servers in isolated containers before upgrading.

Co-op Reports £80M Operating Loss After Cyberattack

🔒 The Co-operative Group reported an £80 million operating profit loss in H1 2025 after an April cyberattack disrupted systems and trading. Management attributed the shortfall to £20 million of one‑off remediation costs and £60 million in lost sales while systems were offline, and said revenue fell by £206 million. The breach, linked to DragonForce and affiliates of Scattered Spider, exposed personal data for all 6.5 million members; four suspects have since been arrested. Despite the impact, Co-op reported £800 million of available liquidity and no immediate funding concerns.

Malicious MCP Server Update Exfiltrated Emails to Developer

⚠️ Koi Security has reported that a widely used Model Context Protocol (MCP) implementation, Postmark MCP Server by @phanpak, introduced a malicious change in version 1.0.16 that silently copied emails to an external server. The package, distributed via npm and embedded into hundreds of developer workflows, had more than 1,500 weekly downloads. Users who installed v1.0.16 or later are advised to remove the package immediately and rotate any potentially exposed credentials.

Salesforce Patches Critical 'ForcedLeak' Prompt Injection Bug

⚠️ Salesforce has released patches for a critical prompt-injection vulnerability dubbed ForcedLeak that could allow exfiltration of CRM data from Agentforce. Discovered and reported by Noma Security on July 28, 2025 and assigned a CVSS score of 9.4, the flaw affects instances using Web-to-Lead when input validation and URL controls are lax. Researchers demonstrated a five-step chain that coerces the Description field into executing hidden instructions, queries sensitive lead records, and transmits the results to an attacker-controlled, formerly allowlisted domain. Salesforce has re-secured the expired domain and implemented a Trusted URL allowlist to block untrusted outbound requests and mitigate similar prompt-injection vectors.

North Korean hackers deploy new AkdoorTea backdoor

🛡️ ESET attributes a widespread recruitment-based intrusion campaign to the North Korea-linked cluster tracked as DeceptiveDevelopment, revealing a previously undocumented Windows backdoor called AkdoorTea. Active since late 2022, the operation targets software developers on Windows, Linux, and macOS, particularly in cryptocurrency and Web3, using fake recruiter outreach, video assessments and coding tasks to deliver multi-platform malware such as BeaverTail, TsunamiKit and Tropidoor. The group favors scale and social engineering while reusing dark-web projects and rented malware rather than developing wholly novel toolsets.