All news with #outage tag

Co-op Cyberattack Costs Group an Estimated £120 Million

🔒 In its latest half-year report the Co-operative Group said it expects to lose about £120 million in profits this financial year after a cyberattack forced temporary shutdowns of parts of its IT estate. The company reported that personal data for roughly 6.5 million members was stolen, prompting operational disruption across its supermarkets as well as its financial and funeral services. The identity of the attackers remains unclear and investigations are ongoing.

UK Arrests Suspect After RTX MUSE Ransomware Hits Airports

🛫 The UK's National Crime Agency arrested a man in his forties in West Sussex on suspicion of Computer Misuse Act offences linked to a ransomware attack that disrupted airports across Europe. RTX Corporation confirmed the incident affected its Collins Aerospace MUSE passenger processing software, first detected on September 19. The suspect has been released on conditional bail while the probe, supported by the South East ROCU and other agencies, remains in its early stages. Affected customers shifted to backup and manual processes while RTX and external cybersecurity experts work to contain and remediate the impact.

Hoppegarten IT outage continues after August cyberattack

🔒 The municipality of Hoppegarten in Brandenburg is still recovering from a hacker attack that forced its IT systems to be shut down on August 10. As of September 22, remediation remains ongoing, with central services such as email, telephone, and citizen services restored. Communication with subordinate institutions, including schools and daycare centers, remains disrupted. Authorities say the State Criminal Police Office is investigating a suspected attempted data encryption, possibly tied to an extortion attempt.

Cell Tower Hacking Network Dismantled Near UN Event

🔒 The US Secret Service has seized and dismantled a network of electronic devices across the New York tristate area that could be used to disrupt cellular service ahead of the United Nations General Assembly in New York City. Authorities recovered 300 co-located SIM servers and 100,000 SIM cards, equipment capable of enabling DoS attacks, disabling towers and facilitating anonymous encrypted communications. The operation was led by the agency’s Advanced Threat Interdiction Unit, which says early analysis identified contacts between individuals tied to the network and known nation-state threat actors; the investigation remains ongoing with multiple federal and local partners.

Cyberattack Disrupts Passenger Processing at Major Airports

🛫 According to Tagesschau, IT service provider Collins Aerospace was hit by a cyberattack on the evening of 19 September, disrupting passenger processing at Berlin (BER), Brussels, Dublin and London Heathrow. Security experts said the incident targeted the multi-tenant environment of the ARINC system that supports check-in, boarding and baggage handling. Affected airports reported partial delays and cancellations while Collins worked to restore services.

Third-day airport chaos after supplier cyber-attack

✈️ A suspected cyber-attack on a third-party supplier's check-in platform caused widespread flight cancellations and delays at several European airports, including Heathrow, Brussels, Berlin and Dublin. RTX's Muse software, used for check-in, boarding-pass validation and baggage tagging, was reported as the target, forcing some airlines to revert to pen-and-paper processes. Airports posted notices saying recovery work is ongoing and urging passengers to confirm flight status and use online check-in where possible.

Deep Dive: Cloudflare's Sept 12 Dashboard and API Outage

⚠️ A bug in a dashboard React useEffect dependency caused an object to be recreated on every render, triggering repeated calls to the Tenant Service /organizations endpoint. Those excessive requests coincided with a Tenant Service deployment, overwhelming the service and breaking API authorization checks so many API requests returned 5xx errors and the Cloudflare dashboard became unavailable. Cloudflare mitigated the incident by scaling pods, applying a global rate limit, reverting a problematic patch, and applying a dashboard hotfix. They plan to prioritize Argo Rollouts for safer deployments, add randomized retry delays, increase Tenant Service capacity, and improve observability.

Microsoft Probes Exchange Online Outage in North America

⚠️ Microsoft is investigating an ongoing Exchange Online outage across North America that is preventing users from accessing mailboxes via any Exchange Online connection method. Customers have reported issues for more than six hours on DownDetector, with sign-in and server connection failures affecting Teams, Outlook, and Hotmail. Microsoft says it is reviewing telemetry and applying changes to optimize affected mailbox infrastructure while the root cause is still under investigation.

Jaguar Land Rover production halted after cyberattack

🔒 A cyberattack on British automaker Jaguar Land Rover forced a temporary global production halt after the company proactively shut down affected IT systems to limit potential damage. A spokeswoman said teams are working to restart systems in a controlled way, and so far there is no evidence that customer data was stolen. Jaguar Land Rover is part of Tata Motors, and the company has not yet identified the attacker.

Jaguar Land Rover Cyberattack Severely Disrupts Production

🔒 Jaguar Land Rover (JLR) said a cyberattack forced the company to proactively shut down multiple systems to mitigate impact. The incident, reported over the weekend, has severely disrupted retail and production operations, including systems at the Solihull plant. JLR stated there is no evidence that customer data was stolen and is working to restart global applications in a controlled manner.

Jaguar Land Rover Cyber Incident Disrupts Sales & Production

🔒 JLR has disclosed a cyber incident that has severely disrupted global sales and production. The company said it proactively shut down systems and is working to restart applications in a controlled manner. At this stage there is no evidence customer data has been stolen, but retail and manufacturing activities remain affected. Tata Motors disclosed related "global IT issues" to investors.

Pennsylvania AG Office Confirms Ransomware Caused Outage

🔒 The Office of the Pennsylvania Attorney General confirmed a ransomware attack is behind a two-week service outage that has taken its public website offline and disrupted email and phone systems. Attorney General David W. Sunday Jr. said the office refused to pay the extortionists and that an active investigation with other agencies is ongoing. Partial recovery of email and phones has allowed staff to work via alternate channels while courts issue filing extensions. No group has claimed responsibility and the office has not yet confirmed any data exfiltration.

Google provides ChromeOS workarounds for ClassLink/Clever

⚠️ Google is investigating authentication failures that prevent sign-ins to Clever and ClassLink on affected ChromeOS devices running build 16328.55.0 with Chrome 139.0.7258.137. The problem can disrupt Single Sign‑On and some 2‑Step Verification flows, blocking access to educational platforms. As temporary mitigations, administrators can roll back devices to ChromeOS M138 via the Google Admin console or change LoginAuthenticationBehavior to use the default GAIA authentication flow while Google validates a fix.

Nevada Confirms Ransomware Attack, Data Exfiltrated

🔒 Nevada has confirmed a ransomware attack that resulted in data being exfiltrated from state networks. Tim Galluzi, Nevada's chief information officer, said the incident was first detected on August 24 and was disclosed by the governor's office on August 25; he provided an update in a press conference on August 27. Systems and digital services were taken offline to prevent further intrusion, and a forensic investigation involving third-party specialists, the FBI and CISA is ongoing to determine the nature and scope of the stolen information. No criminal actor had claimed responsibility at the time of reporting.

Nevada Network Security Incident Shuts Down State Services

⚠️ The State of Nevada confirmed a 'network security incident' on 25 August that prompted the closure of in-person government offices and the temporary takedown of state websites and phone lines while 24/7 recovery efforts continue. The Governor's Office said emergency call-taking and essential services remain available and that temporary routing and operational workarounds are in place. There is currently no evidence that personally identifiable information was compromised, but residents were advised to be cautious of unsolicited calls, emails or texts requesting personal information or payments. The matter is under active investigation and agencies will announce reopening timelines.

CISA Leads Real-Time Response to Nevada Cyberattack

🔒 CISA and public- and private-sector partners are assisting Nevada following an August 24 cyber attack, focusing on restoring networks that support lifesaving and critical services. At the state's request, CISA Threat Hunting teams are actively examining systems to determine the full scope of impact and mitigate threats. The agency also advised on FEMA emergency response grants, and the FBI is supporting the investigation.

Schneider Electric Modicon M340: FTP Input Validation Flaw

⚠️ Schneider Electric disclosed an Improper Input Validation vulnerability in Modicon M340 controllers and several communication modules that can be triggered by a specially crafted FTP command. Tracked as CVE-2025-6625 with a CVSS v4 base score of 8.7, the flaw enables a remote denial-of-service with low attack complexity. Schneider released firmware fixes for the BMXNOE0100 (v3.60) and BMXNOE0110 (v6.80) modules, which require device reboot; remediation for other affected products is planned. CISA recommends disabling FTP when not needed, blocking or segmenting port 21, using VPNs for remote access, applying vendor updates where available, and following ICS hardening and risk-assessment practices before making changes.

Maryland Transit Authority Confirms Cyber Incident

🚨 The Maryland Transit Administration (MTA) reported on August 24 that it is investigating a cyber incident involving unauthorized access to specific systems. Most core services, including Local Bus, Metro Subway, Light Rail, MARC and Commuter Bus, remain on schedule, but some functions are disrupted. Affected services include Mobility Paratransit new bookings and rescheduling, MTA real-time updates and call center support, and Baltimore Metro elevator phones, and the agency is working with the Maryland Department of Information Technology, third-party cybersecurity experts and law enforcement to investigate and remediate the issue.

Ransomware Disrupts Operations at Data I/O Manufacturer

🔒 Data I/O, a US-based provider of programming solutions for Flash devices, disclosed a ransomware incident on 16 August that forced it to take platforms offline and deploy mitigations. The company said operations including communications, shipping, manufacturing and support functions were temporarily impacted while it restores systems. Costs for remediation and contractor fees are reasonably likely to affect finances. Major customers include Tesla, Panasonic, Amazon, Google and Microsoft.

Chinese Developer Jailed for Deploying Malicious Code

⚖️ A software developer was sentenced to four years in prison after deploying malicious code inside his US employer's network, the Department of Justice said. The defendant, identified as Davis Lu, introduced infinite-loop logic, deleted coworker profile files and implemented a credential-dependent kill-switch that locked out thousands of users in September 2019. The sabotage followed a corporate realignment that reduced his access; investigators found deleted encrypted data and internet searches showing intent to escalate privileges and rapidly delete files while obstructing remediation.