All news with #pii tag

FBI: $262M Lost to ATO Fraud as AI Phishing Escalates

🔐 The FBI warns that cybercriminals impersonating banks and payment services have caused over $262 million in losses this year through account takeover (ATO) fraud and more than 5,100 complaints. Attackers use phishing, SEO poisoning, calls and SMS to harvest credentials and MFA/OTP codes, then transfer funds to intermediary accounts and convert proceeds to cryptocurrency. The advisory highlights growing use of AI-generated phishing and holiday-themed scams and urges vigilance, unique passwords, URL checks and stronger authentication.

Developers Exposed Large Cache of Credentials Online

🔒 Security researchers at watchTowr discovered that two popular code utility sites — JSON Formatter and Code Beautify — inadvertently exposed thousands of developer submissions containing sensitive secrets and credentials. By querying a public API and the sites’ “Recent Links” listings, the team extracted over 80,000 submissions spanning years, including API keys, private keys, database and cloud credentials, JWTs, and PII. The exposure remained until the sites disabled the save feature; watchTowr also confirmed active scraping by third parties and reported limited response from affected organizations.

Code-formatters leak credentials from major organizations

🔓 Researchers discovered that the code-formatting services JSONFormatter and CodeBeautify exposed more than 80,000 user-saved JSON pastes totaling over 5GB via an unprotected Recent Links feature. The listings and predictable URLs allowed simple crawlers to enumerate and retrieve sensitive data including credentials, API keys, private keys, and PII. The findings show active scraping and confirmed access attempts after uploads expired.

Code formatters left 80,000+ secrets exposed publicly

🔓 Researchers at external attack surface management firm watchTowr discovered more than 80,000 JSON snippets saved via JSONFormatter and CodeBeautify's unprotected Recent Links feature, exposing credentials, private keys, tokens, and configuration files. The platforms generated predictable, shareable URLs when users saved snippets and stored them without access controls, allowing anyone to scrape content via the services' APIs. Leaked material spans government, finance, healthcare, telecoms, and other sensitive sectors. watchTowr's Canarytoken test showed attackers accessed planted fake AWS keys after links had expired, indicating active scanning.

SitusAMC Data Breach Exposes Client and Customer Data

🔒 SitusAMC, a major real-estate finance services firm that supports banks and lenders, disclosed a November data breach that compromised some client and customer information. The company says business operations remain unaffected and investigators found no evidence of encrypting ransomware. External experts have been retained, and affected clients and residential customers are being notified directly as the scope is determined.

Harvard Alumni Systems Breached in Voice Phishing Attack

📞Harvard University disclosed that systems used by Alumni Affairs and Development were accessed in a phone‑based phishing attack discovered on November 18, 2025. Exposed information includes email addresses, phone numbers, home and business addresses, event attendance records, donation details, and biographical data for alumni, donors, some students, faculty and staff. The university stated the compromised systems did not contain Social Security numbers, passwords, payment card data, or financial account information. Harvard sent notifications on November 22 and is working with law enforcement and third‑party cybersecurity experts to investigate and remediate the incident.

Major US Banks Assess Impact of SitusAMC Data Breach

🔒 Major US banks including JPMorgan Chase, Citi and Morgan Stanley are assessing potential customer data exposure after third-party mortgage servicer SitusAMC disclosed a breach discovered on Nov. 12 and confirmed on Nov. 22. SitusAMC says corporate records and 'certain data' related to clients' customers may have been accessed; the company reports services remain operational and the incident is contained. The FBI is investigating, has found no operational impact to banking services so far, and the company has implemented credential resets, disabled remote access tools, updated firewall rules and engaged third-party advisors while forensic analysis continues.

Amazon Aurora PostgreSQL Adds Dynamic Data Masking

🔒 Amazon Aurora PostgreSQL-Compatible Edition now supports dynamic data masking using the new pg_columnmask extension, enabling column-level protection at query time. The extension complements PostgreSQL row-level security and column grants by letting administrators define SQL-based masking policies that alter how data appears to users without changing stored values. Policies can use built-in or user-defined functions to hide, partially mask, or transform data, and multiple policies can be applied with weighted precedence. pg_columnmask protects results across WHERE, JOIN, ORDER BY, and GROUP BY clauses and is available for Aurora PostgreSQL 16.10+ and 17.6+ in all regions.

Iberia Notifies Customers of Vendor-Related Data Leak

🔔 Iberia has informed customers of a security incident after unauthorized access to a supplier's systems exposed limited customer information. The airline says affected fields may include full name, email address, and Iberia Club loyalty identification numbers, while login credentials and payment card data were not accessed. Iberia says it activated its security protocol, added verification codes for email changes, is monitoring systems, and has notified authorities as it works with the third-party vendor. Customers are urged to watch for suspicious messages and report anomalies to the airline.

WhatsApp API Flaw Enabled Scraping of 3.5B Accounts

🔍 Researchers from the University of Vienna and SBA Research compiled a list of 3.5 billion active WhatsApp mobile numbers and associated personal details by abusing a contact-discovery API that lacked rate limiting. Running from a single server with five authenticated sessions, they queried more than 100 million numbers per hour and tested a generated space of 63 billion potential numbers. The team responsibly reported the issue and WhatsApp has since added rate-limiting protections. Although the researchers did not publish the dataset, their findings illustrate how unprotected APIs enable large-scale scraping and privacy exposure.

Google Says Chinese Group Sells Phishing 'Lighthouse' Kits

🔍 Google filed a court complaint alleging a "cybercriminal group in China" sold branded "Lighthouse" phishing kits that let unsophisticated fraudsters run large-scale SMS and e-commerce scams. The kits bundle hundreds of fake-website templates, domain setup tools, and subscription licenses offered weekly, monthly, seasonal, annual, or permanent. Campaigns often begin with texts about overdue tolls or package redelivery and sometimes appear as ads (including ads that persisted until Google suspended accounts). Victims who click are redirected to fraudulent sites that solicit passwords, credit card numbers, or payments purportedly accepted via wallets such as Google Pay.

Black Friday Cybercrime Surge: Rise in Fraudulent Domains

🔒 Check Point Research reports a significant increase in Black Friday–themed domain registrations, with about 1 in 11 newly registered domains classified as malicious. Brand impersonation is a primary tactic: roughly 1 in 25 new domains referencing marketplaces like Amazon, AliExpress, and Alibaba are flagged. Attackers create convincing fake storefronts that copy logos, layouts, and imagery to harvest credentials and payment data, with recent campaigns impersonating HOKA and AliExpress demonstrating active phishing tied to seasonal promotions.

WhatsApp flaw allowed discovery of 3.5B registered numbers

🔍 Researchers from the University of Vienna and SBA Research found a flaw in WhatsApp's contact discovery that let them enumerate valid numbers globally, confirming about 3.5 billion registered accounts. By abusing the lookup mechanism they could probe numbers across 245 countries at rates exceeding 100 million checks per hour from a single IP. The technique also exposed public (non-private) keys, timestamps, profile photos and About text, enabling inference of device OS, account age and linked secondary devices, prompting Meta to add rate limits and tighter visibility rules.

Amazon Bedrock Guardrails Expand Code-Related Protections

🔒 Amazon Web Services expanded Amazon Bedrock Guardrails to cover code-related use cases, enabling detection and prevention of harmful content embedded in code. The update applies content filters, denied topics, and sensitive information filters to code elements such as comments, variable and function names, and string literals. The enhancements also include prompt leakage detection in the standard tier and are available in all supported AWS Regions via the console and APIs.

French Pajemploi Reports Data Breach Affecting 1.2M

🔒 French social security service Pajemploi disclosed a data breach detected on November 14 that may have exposed personal information for up to 1.2 million registered home-based childcare workers and parents. Potentially exfiltrated data includes full names, place of birth, postal addresses, social security numbers, names of banking institutions, Pajemploi numbers, and accreditation numbers. The agency says IBANs, email addresses, phone numbers, and passwords were not accessed. Pajemploi notified CNIL and ANSSI, will inform affected individuals, and URSSAF warned of increased phishing and social engineering risks.

Generative AI Drives Rise in Deepfakes and Digital Forgeries

🔍 A new report from Entrust analyzing over one billion identity verifications between September 2024 and September 2025 warns that fraudsters increasingly use generative AI to produce hyper-realistic digital forgeries. Physical counterfeits still account for 47% of attempts, but digital forgeries now represent 35%, while deepfakes comprise 20% of biometric frauds. The report also highlights a 40% annual rise in injection attacks that feed fake images directly into verification systems.

Half a Million FTSE 100 Credentials Discovered Online

🔒 Security researchers from Socura and Flare found around 460,000 compromised credentials tied to FTSE 100 domains across clear- and dark-web crime communities, including 28,000 entries from infostealer logs. The report notes many companies had thousands of leaks and that password hygiene remains poor, with 59% having at least one user using 'password'. It recommends MFA, passkeys, password managers, conditional access and proactive leak monitoring.

Princeton discloses data breach affecting donors, alumni

🔒 Princeton University disclosed a November 10 cyberattack in which threat actors phished an employee and accessed a database used for fundraising and alumni engagement. The attackers exfiltrated biographical information such as names, email addresses, telephone numbers, and home and business addresses for alumni, donors, faculty, staff, and students. University officials say the compromised system did not contain financial data, passwords, or Social Security numbers, and they have blocked the intruders' access while investigating. Affected individuals are urged to verify any communications claiming to be from the university and to avoid sharing sensitive information.

India DPDP Rules 2025 Make Privacy an Engineering Challenge

🔒 India’s new Digital Personal Data Protection (DPDP) Rules, 2025 impose strict consent, verification, and fixed deletion timelines that require large platforms and enterprises to redesign how they collect, store, and erase personal data. The rules create Significant Data Fiduciaries with added audit and algorithmic-check obligations and formalize certified Consent Managers. Organizations have 12–18 months to adopt automated consent capture, verification, retention enforcement, and data-mapping across cloud, on‑prem, and SaaS environments.

Five Plead Guilty to Enabling DPRK Remote IT and Hacks

🔒 Five individuals have pleaded guilty to serving as facilitators for North Korean cyber operations, the US Department of Justice said. They used false or stolen identities and hosted employer laptops in US residences to create the appearance of domestic remote IT workers, aiding APT38-linked efforts. The DoJ said the activity impacted more than 136 US organizations, generated over $2.2m for Pyongyang and compromised the identities of 18 US residents, and authorities seized $15m in Tether tied to related heists.