All news with #pii tag

Brazil Hit by WhatsApp Worm and RelayNFC Fraud Campaign

🔒 Water Saci has shifted to a layered infection chain that uses HTA files and malicious PDFs delivered via WhatsApp to deploy a banking trojan in Brazil. The actors moved from PowerShell to a Python-based worm that propagates through WhatsApp Web, while an MSI/AutoIt installer and process-hollowing techniques load the trojan only on Portuguese (Brazil) systems. Trend Micro links the behavior to Casbaneiro-style features and notes possible use of code-translation or AI tools to port scripts. In parallel, a React Native Android strain named RelayNFC executes real-time NFC APDU relays to enable contactless payment fraud.

University of Phoenix Discloses Data Breach After Oracle Hack

🔒The University of Phoenix disclosed a data breach tied to a zero-day flaw in Oracle E-Business Suite, saying it detected the incident on November 21 after the extortion group posted the university to its leak site. Phoenix Education Partners filed an SEC 8-K announcing the incident and an ongoing review. The university said attackers accessed names, contact details, dates of birth, Social Security numbers, and bank account and routing numbers for current and former students, employees, faculty and suppliers. Affected individuals will receive mailed notifications with next steps.

FTC Settlement Requires Illuminate to Delete Student Data

⚖️ The FTC has proposed a settlement requiring Illuminate Education to delete unnecessary student data and strengthen its security program after a 2021 breach that exposed information for about 10.1 million students. The agency alleges failures including lack of access controls, storing data in plain text, weak patching, and misrepresenting encryption in contracts. The proposed order mandates data minimization, a public retention schedule, prompt breach reporting to the FTC, and will be open for 30 days of public comment; violations could trigger civil penalties.

Asahi Ransomware Attack Leads to Massive Data Breach

🔒 Asahi Group Holdings confirmed that a ransomware attack on 29 September, attributed to the Qilin group, resulted in a major data breach affecting over 1.5 million customers and roughly 275,000 employees and family members. The incident disrupted ordering, shipping and production systems across Japan and caused widespread product shortages. Asahi says it did not pay a ransom, has found no evidence the data has been posted publicly, and is strengthening its cybersecurity while notifying those impacted.

Researchers Expose Lazarus APT Remote-Worker Scheme Live

🔍 A joint investigation by Mauro Eldritch (BCA LTD), NorthScan, and ANY.RUN captured operators from North Korea's Lazarus Group Famous Chollima working through a network of remote IT contractors. Analysts used long-running sandbox VMs that mimicked real developer laptops to observe live activity without alerting the intruders, recording credential collection, AI-assisted interview tooling, OTP handling, and persistent access via Google Remote Desktop. The study found identity and workstation takeover — not traditional malware — as the primary intrusion method, underscoring significant risks in remote hiring and contractor vetting.

ICO Reviews Mobile Games for Children's Code Compliance

🕹️ The UK Information Commissioner's Office has launched a focused review of 10 popular mobile games to assess compliance with the Children’s Code (Age-Appropriate Design Code). The review will scrutinize default privacy settings, geolocation controls, targeted advertising and other design features that could affect children’s privacy. The ICO cited parental research showing high levels of concern about data collection, exposure to strangers and harmful content in mobile games.

Coupang Data Breach Exposes 33.7 Million Customer Records

🔓 Coupang, South Korea's largest retailer, disclosed a data breach that exposed personal information for 33.7 million customer accounts. The company says the incident occurred on June 24, 2025, but was discovered and investigated beginning November 18, 2025. Exposed fields include full names, phone numbers, email and physical addresses, and order details; payment data and passwords were not affected. Coupang reported the incident to national authorities and warned customers to watch for impersonation attempts.

Coupang Confirms 33.7M Customer Records Exposed in Breach

⚠️ Coupang has confirmed unauthorized access to delivery-related personal information affecting an estimated 33.7 million customers, including names, email addresses and phone numbers. The company says payment details and login credentials were not accessed, and it has blocked the access route and strengthened internal monitoring. Seoul police have identified a suspect, believed to be a former employee who has left South Korea, and are analysing server logs while tracking an IP address tied to the incident.

RBKC Cyberattack on IT Provider Disrupts Local Councils

🔒 The Royal Borough of Kensington and Chelsea (RBKC) has warned residents their data may have been compromised after unusual activity linked to a shared IT service provider was detected earlier this week. The council says it has evidence that some historical data was copied and removed and that the material could end up in the public domain. RBKC urged residents to be vigilant for phishing and social‑engineering attempts via email, text and phone while services are restored, and warned disruption could continue for at least two weeks as investigations and recovery proceed.

Amazon Connect Chat Adds Agent-Initiated Workflows

🔔 Amazon Connect Chat now supports agent-initiated workflows, allowing agents to send interactive forms and present policies or disclosures directly within an active chat so customers can provide sensitive or general information without leaving the conversation. Agents can trigger workflows at any point, making interactions more dynamic and reducing resolution time. By keeping data collection inside the chat, businesses can better preserve security and compliance controls while improving customer experience. The capability is available now in multiple AWS regions.

Amazon Connect adds in-flight chat redaction and processing

🔒 Amazon Connect now intercepts chat messages before delivery to enable automatic sensitive-data redaction and custom message processing. The built-in redaction detects entities such as credit card and social security numbers across multiple language variants and can replace them with generic or entity-specific placeholders (e.g., [PII] or [NAME]). Businesses can also integrate custom processors for translation, profanity filtering, or other transformations to meet compliance and CX needs. The feature is available in multiple AWS regions.

Amazon SageMaker Catalog Adds Automated Data Classification

🤖 Amazon SageMaker Catalog now provides automated data classification that suggests business glossary terms during dataset publishing to reduce manual tagging and improve metadata consistency. The capability leverages Amazon Bedrock language models to analyze table metadata and schema and recommend relevant business and sensitive-data terms from organizational glossaries. Data producers receive AI-generated suggestions they can accept or modify before publishing, helping standardize vocabulary and improve data discoverability. The feature is available in multiple AWS regions and can be managed via SageMaker Unified Studio, the AWS CLI, or SDKs.

Operator jailed for in-flight evil twin Wi-Fi attacks

🔒 An Australian man was sentenced to seven years and four months for operating an evil twin Wi-Fi network that targeted airline passengers and airport patrons in Perth, Melbourne and Adelaide. He deployed a WiFi Pineapple to clone legitimate SSIDs and present phishing captive portals that harvested social media credentials, then used those accounts to access victims' private messages and intimate images. Forensic analysis of seized devices recovered thousands of stolen images, videos, credentials and records of fraudulent Wi‑Fi pages.

French Football Federation Discloses Member Data Breach

⚽ The French Football Federation (FFF) disclosed a data breach after attackers used a compromised account to access administrative management software used by clubs. FFF detected the unauthorized access, disabled the compromised account, and reset all user passwords across the system. Before they were evicted, threat actors exfiltrated personal and contact information for members. The federation said it has filed a criminal complaint, notified regulators, and will directly inform affected individuals while urging vigilance against phishing attempts.

French Football Federation Data Exposure Affects Millions

🔒 The French Football Federation (FFF) reported unauthorized access to the centralized software used by licensed clubs to manage player registrations, an intrusion it believes occurred on 20 November. Exposed fields include names, genders, dates and places of birth, nationalities, postal and email addresses, phone numbers and football license ID numbers. The FFF says it deactivated the compromised account, reset all user passwords, filed a complaint with authorities and notified CNIL and ANSSI. It will inform affected individuals with known emails and urged license holders to remain vigilant against phishing and scam attempts.

Researchers Expose Widespread Dashcam Botnet Risk to Privacy

🔒 Singaporean researchers demonstrated how inexpensive offline dashcams can be weaponized into a self‑propagating surveillance network. They identified common weaknesses — default or hardcoded Wi‑Fi credentials, exposed services (FTP/RTSP), MAC‑spoofing and replay attacks — that allow attackers to download video, audio, timestamps and GPS metadata. The team showed mass compromise is feasible and offered mitigation steps for vendors and drivers.

OpenAI Alerts API Users to Mixpanel Data Exposure Incident

⚠️ OpenAI has warned that some data from users of its platform.openai.com API may have been exposed after an attacker gained unauthorized access to part of analytics vendor Mixpanel and exported a dataset. The incident began on November 9 and Mixpanel shared the dataset with OpenAI on November 25. Potentially affected fields include account names, email addresses, coarse location, browser/OS, referrers and organization or user IDs. OpenAI says its systems, chats, API keys, credentials, payment details and chat content were not compromised, and it has removed Mixpanel from production while notifying affected users and expanding vendor security reviews.

Retailers Brace for Holiday Fraud, Not Major Breach Spike

🔒 Huntsman Security's analysis of ICO reports from Q3 2024 to Q2 2025 indicates the retail and manufacturing sector experienced only minor seasonal peaks, with 1,381 incidents overall and quarterly counts clustered in the mid-300s. The firm reported 618 breaches caused by brute force, misconfigurations, malware, phishing and ransomware, and urged a shift to continuous assurance so defenses do not drift into vulnerable states. Other vendors cautioned that more than half of recent ransomware incidents occurred on weekends or holidays, while researchers warned of AI-enabled fake e-commerce sites, typosquatted domains and package-tracking scams targeting shoppers.

How Parents Can Protect Children from Doxxing Online

🛡️ Doxxing is the deliberate public exposure of someone's personal information online, and for children it can cause serious emotional harm and physical safety risks. Parents should reduce the personal data their kids share, review privacy settings and disable geolocation. Protect accounts with unique passwords stored in a password manager and enable multifactor authentication. If doxxing occurs, document evidence, report to platforms and authorities, and provide calm, nonjudgmental support to your child.

Scattered Lapsus$ Hunters Target Zendesk Support Users

🚨 ReliaQuest has uncovered a campaign attributed to the Scattered Lapsus$ Hunters that leverages more than 40 typosquatted domains impersonating Zendesk portals, including deceptive SSO pages designed to harvest credentials. The actors have also been observed submitting fraudulent helpdesk tickets to target support staff, aiming to deploy remote access trojans and other malware. Organizations are advised to enforce MFA with hardware keys, implement IP allowlisting and session timeouts, monitor domains and DNS, and harden chat controls and content filtering to mitigate the risk.