All news with #pii tag

AWS Clean Rooms ML adds redacted error log summaries

🔒 AWS Clean Rooms ML collaborators can now configure a privacy control to send redacted error log summaries to selected collaboration members. Summaries include exception type, error message, and the line in the code where the error occurred. When associating a model with a collaboration, parties decide which members receive summaries and whether detectable PII, numbers, or custom strings will be redacted. This helps teams debug models while protecting sensitive data and intellectual property.

Detecting and Preventing Data Leaks Before Disaster

🔒 In January 2025 Wiz Research discovered a publicly accessible ClickHouse database belonging to Chinese AI firm DeepSeek, exposing over one million log streams that included chat histories and secret keys. The issue was reported and quickly closed, but the event highlights how misconfigurations and human error can expose sensitive data. To reduce risk, organisations should adopt least-privilege access, deploy DLP solutions, classify high-risk data and provide ongoing staff training.

Supply-chain Breach Impacts Palo Alto, Zscaler, Cloudflare

🔒 Three major vendors—Palo Alto Networks, Zscaler, and Cloudflare disclosed a supply‑chain breach tied to the Salesloft Drift Salesforce integration that exposed OAuth tokens and customer CRM data. The incident reportedly involved mass exfiltration from Account, Contact, Case and Opportunity records and included business contact data and some plaintext case notes. Vendors recommend rotating credentials, revoking unused OAuth tokens, auditing Salesforce Event Monitoring and reviewing SOQL query logs and connected-app activity for signs of abuse.

Cloudflare Response to Salesloft Drift Salesforce Breach

🔒 Cloudflare confirmed that it and some customers were impacted by the Salesloft/Drift breach which exposed Salesforce support case text. The company found 104 Cloudflare API tokens in the exfiltrated data, rotated them, and observed no suspicious activity tied to those tokens. No Cloudflare infrastructure was compromised; affected customers were notified and advised to rotate any credentials shared in support tickets and to harden third-party integrations.

How Bribery at a Vendor Led to Coinbase Extortion Incident

🔒 In early May 2025 Coinbase disclosed that attackers had extorted the company after bribing employees at an outsourced support provider in India to acquire customer and internal data. The theft affected roughly 1% of monthly active users — about 70,000 people — and exposed information useful for social engineering, though no private keys or wallet credentials were taken. Coinbase refused a $20 million ransom, posted a matching bounty, pledged customer reimbursement, flagged suspect blockchain addresses, dismissed implicated vendor staff, and ended the vendor relationship.

Salt Typhoon APT Expands to Netherlands, Targets Routers

🔒 Salt Typhoon, a persistent Chinese-aligned threat actor, has expanded operations into the Netherlands by compromising routers at smaller ISPs and hosting providers. Intelligence agencies report the group exploits known flaws in Ivanti, Palo Alto Networks, and Cisco devices to obtain long-term access and pivot through trusted provider links. Authorities urge organizations to audit configurations, disable management access, enforce public-key administrative authentication, remove default credentials, and keep vendor-recommended OS versions up to date to reduce exposure.

Ransomware Attack on Swedish Supplier Exposes Worker Data

🔒 A ransomware attack on Swedish software vendor Miljödata has affected around 200 municipal and other organisations after attackers targeted its Adato system. Miljödata says it is working with external experts and has reported the incident to legal authorities and data protection regulators while investigating whether personal and health-related records were exposed. Police say extortionists demanded 1.5 bitcoins (about SEK 1.5M / US$165,000) and national agencies are coordinating the response.

Feds Seize VerifTools Marketplace Selling Fake IDs

🚨 U.S. and Dutch authorities dismantled VerifTools, an illicit marketplace that produced and sold counterfeit driver's licenses, passports, and other identity documents used to bypass verification systems and facilitate fraud. Two domains and a blog were seized and redirected to an FBI splash page after servers in Amsterdam were confiscated. The FBI linked roughly $6.4 million in illicit proceeds to the service, which offered forged documents for as little as $9. Operators have since signaled a relaunch on a new domain.

Nevada Confirms Ransomware Attack, Data Exfiltrated

🔒 Nevada has confirmed a ransomware attack that resulted in data being exfiltrated from state networks. Tim Galluzi, Nevada's chief information officer, said the incident was first detected on August 24 and was disclosed by the governor's office on August 25; he provided an update in a press conference on August 27. Systems and digital services were taken offline to prevent further intrusion, and a forensic investigation involving third-party specialists, the FBI and CISA is ongoing to determine the nature and scope of the stolen information. No criminal actor had claimed responsibility at the time of reporting.

EuroDaT and Google Cloud: Secure Financial Data Exchange

🔒 EuroDaT, a state-owned data trustee, built safeAML with major German banks to enable controlled, pseudonymous transaction matching while preserving GDPR compliance. The cloud-native service runs on Google Cloud and Google Kubernetes Engine, using infrastructure-as-code, isolated VPCs and auditable processing so EuroDaT never accesses personal-data content. By letting banks request targeted supplementary information, safeAML accelerates suspicious-activity checks, reduces false positives and lays groundwork for wider use in ESG and health data sharing.

EuroDaT and Google Cloud: Secure Financial Data Exchange

🔐 EuroDaT describes how its safeAML platform, built on Google Cloud and Google Kubernetes Engine, enables controlled, pseudonymous exchange of sensitive transaction data between banks. Acting as a neutral data trustee, EuroDaT never accesses personal content while automating secure, auditable workflows that replace error-prone phone calls. Pilots with German banks show faster, more accurate suspicion assessments and lower false positives.

Chinese 'Salt Typhoon' Hackers Active in 80 Countries

🛡️ The FBI says the Chinese-linked hacker group Salt Typhoon has been observed operating in at least 80 countries, with activity reported across regions including the UK, Canada, Australia and New Zealand. U.S. authorities disclosed that the actors compromised U.S. telecommunications firms, exfiltrating more than one million connection records and targeting calls and SMS for over 100 Americans. A detailed technical analysis was published with international partners, including Germany's BSI, to help network defenders detect and remediate the intrusion, and U.S. officials now say the activity appears to have been contained.

Whistleblower: DOGE Placed SSA NUMIDENT on Insecure Cloud

⚠️A protected whistleblower alleges that the Department of Government Efficiency (DOGE) copied the Social Security Administration's NUMIDENT database to an unsecured Amazon Web Services test environment, bypassing mandated oversight and authorization. The complaint names several DOGE-affiliated hires and documents approvals and risk assessments dated June 12, June 25, and July 25, 2025. It alleges the move circumvented required FISMA authorization and NIST SP 800-53 controls, exposing sensitive personal data for more than 300 million people and potentially violating the Privacy Act and the CFAA.

Nevada Network Security Incident Shuts Down State Services

⚠️ The State of Nevada confirmed a 'network security incident' on 25 August that prompted the closure of in-person government offices and the temporary takedown of state websites and phone lines while 24/7 recovery efforts continue. The Governor's Office said emergency call-taking and essential services remain available and that temporary routing and operational workarounds are in place. There is currently no evidence that personally identifiable information was compromised, but residents were advised to be cautious of unsolicited calls, emails or texts requesting personal information or payments. The matter is under active investigation and agencies will announce reopening timelines.

Anthropic Disrupts AI-Powered Data Theft and Extortion

🔒 Anthropic said it disrupted a sophisticated July 2025 operation that weaponized its AI chatbot Claude and the agentic tool Claude Code to automate large-scale theft and extortion targeting at least 17 organizations across healthcare, emergency services, government and religious institutions. The actor exfiltrated personal, financial and medical records and issued tailored ransom demands in Bitcoin from $75,000 to over $500,000. Anthropic reported building a custom classifier and sharing technical indicators with partners to mitigate similar abuses.

Retail and Hospitality Data Heists: Digital Extortion Trends

🔒Unit 42 describes how financially motivated actors blend reconnaissance and social engineering to target high-end retailers and other sectors, stealing customer data for extortion. Attackers commonly use voice-based phishing and impersonation to harvest credentials or trick users into running a modified Data Loader for Salesforce, then search SharePoint, Microsoft 365 and Salesforce for PII. Because intrusions often avoid malware, forensic artifacts are minimal, complicating detection and response.

How to Remove Your Data from People-Search Brokers

🛡️ Data brokers compile extensive personal dossiers and sell them without consent. This guide explains the challenges of locating and removing your information, outlines typical data collected, and describes practical steps to submit opt-out or deletion requests. It recommends tracking requests in a spreadsheet, citing laws like CCPA or GDPR, and repeating removals every 3–6 months or using paid services.

Block Unsafe LLM Prompts with Firewall for AI at the Edge

🛡️ Cloudflare has integrated unsafe content moderation into Firewall for AI, using Llama Guard 3 to detect and block harmful prompts in real time at the network edge. The model-agnostic filter identifies categories including hate, violence, sexual content, criminal planning, and self-harm, and lets teams block or log flagged prompts without changing application code. Detection runs on Workers AI across Cloudflare's GPU fleet with a 2-second analysis cutoff, and logs record categories but not raw prompt text. The feature is available in beta to existing customers.

Alleged Mastermind Behind K-Pop Stock Heist Extradited

🔒 South Korean authorities have extradited a 34-year-old suspect from Thailand, accused of masterminding a coordinated campaign that siphoned millions in stocks from celebrities, including Jung Kook. Investigators say the group stole personal data from Korean telecom firms, used it to assume victims' identities and opened brokerage accounts between August 2023 and January 2024. With assistance from Interpol and Thai authorities, officials tracked and arrested the suspect, who has admitted some allegations while denying others.

AI Prompt Protection: Contextual Control for GenAI Use

🔒 Cloudflare introduces AI prompt protection inside its Data Loss Prevention (DLP) product on Cloudflare One, designed to detect and secure data entered into web-based GenAI tools like Google Gemini, ChatGPT, Claude, and Perplexity. The capability captures both prompts and AI responses, classifies content and intent, and enforces identity-aware guardrails to enable safe, productive AI use without blanket blocking. Encrypted logging with customer-provided keys provides auditable records while preserving confidentiality.