All news with #pii tag

Flock License-Plate Surveillance Raises Legal Concerns

🔍 A U.S. District Court complaint alleges that Norfolk, Virginia’s 176 Flock Safety automated license-plate readers tracked plaintiffs repeatedly as they drove — one retired veteran was logged 526 times and another resident 849 times between mid-February and early July. The September lawsuit contends that this pervasive, warrantless tracking raises serious Fourth Amendment and privacy issues. The ACLU and a 2024 ruling by Judge Jamilah LeCruise, which excluded warrantless plate-reader data in a robbery prosecution, underscore growing legal scrutiny.

Met Police Arrest Two Teens Over Nursery Ransomware

🔒 Two teenage boys were arrested in Bishop's Stortford on suspicion of computer misuse and blackmail following a ransomware attack on the Kido nursery group, the Metropolitan Police said. Referred to the Met by Action Fraud on 25 September, investigators allege attackers demanded £600,000 in Bitcoin after stealing names, addresses, contact details and photos of around 8,000 children via a Famly account. The group, which called itself "Radiant," reportedly contacted parents directly and posted some images on the dark web before blurring and later claiming deletion; the app provider says its infrastructure was not breached. The Met described the arrests as a significant step while inquiries continue alongside partner agencies.

DraftKings Alerts Customers to Credential Stuffing Breach

🔒 DraftKings has notified customers that attackers accessed some accounts in a wave of credential stuffing attacks. The company says the threat actors used credentials stolen from non‑DraftKings sources to log in and may have viewed limited profile and account data — including name, address, date of birth, email, phone, the last four digits of a payment card, profile photo, transaction history, account balance, and the date the password was last changed. DraftKings said no full financial account numbers or government‑issued identification numbers were accessed. Affected users will be required to reset passwords and are being urged to enable multifactor authentication and monitor their financial and credit records.

Avnet Confirms Breach; Stolen EMEA Sales Data Unreadable

🔒 Avnet confirmed unauthorized access to externally hosted cloud storage that supported an internal sales tool used in the EMEA region. The company says most stolen files are not easily readable without access to Avnet's proprietary sales tool, which it says was not impacted, while attackers claim they exfiltrated 1.3TB of compressed (7–12TB raw) data. Avnet detected the activity on September 26, rotated secrets across Azure/Databricks, notified authorities, and will contact affected customers and suppliers; the number of potentially impacted individuals remains unknown.

Qilin Ransomware Disrupts Mecklenburg County Schools

🔒 A Russian-linked ransomware group, Qilin, has claimed responsibility for a September 2, 2025 attack that disrupted Mecklenburg County Public Schools and said it exfiltrated 305 GB of data, including financial records, grant documents, budgets and children’s medical files. The attack forced teachers offline for about a week while internet systems were restored. Superintendent Scott Worner said the district does not currently intend to pay the ransom and is still assessing the scope, urging other districts to review cyber-insurance and preparedness.

Enterprise AI Now Leading Corporate Data Exfiltration

🔍 A new Enterprise AI and SaaS Data Security Report from LayerX finds that generative AI has rapidly become the largest uncontrolled channel for corporate data loss. Real-world browser telemetry shows 45% employee adoption of GenAI, 67% of sessions via unmanaged accounts, and copy/paste into ChatGPT, Claude, and Copilot as the primary leakage vector. Traditional, file-centric DLP tools largely miss these action-based flows.

Discord Confirms Customer Data Breach via Third-Party

🔒 Discord has disclosed a data breach after a third-party customer support provider was compromised, allowing a ransomware actor to access limited customer information. Potentially exposed data includes names, Discord usernames, contact details, last four digits of payment cards, IP addresses, messages with support agents and a small number of government ID images submitted for age appeals. Discord says no passwords, full card numbers or CVVs were accessed and is contacting affected users and authorities.

Why Successful Businesses Are Built on Cyber Protection

🔒 Company leaders must treat cyber risk as a strategic priority rather than a discretionary cost. The piece highlights a persistent budget-perception gap between CISOs and boards and notes SMBs often remain reactive, prioritizing firefighting over prevention. It cites high-profile breaches and the IBM Cost of a Data Breach to quantify losses and recommends technologies such as SIEM and SOAR, alongside governance measures like board oversight and appointed CISOs. Practical advice stresses framing security as business risk, using financial metrics, and reporting regularly to embed security-by-design.

Trinity of Chaos Launches TOR Data Leak Site, Exposes Data

🔓 The Trinity of Chaos collective has opened a data leak site on the TOR network, publishing previously undisclosed records tied to past breaches and listing 39 major global firms. Resecurity says the group claims more than 1.5 billion records across 760 companies and has set an October 10 negotiation deadline. Samples reportedly contain substantial PII and appear to stem from compromised SaaS environments via stolen OAuth tokens and vishing; the FBI has issued a flash alert. The group also threatened to leverage existing litigation and regulatory complaints against Salesforce, which has denied new vulnerabilities.

Discord Support Data Stolen in Third-Party Breach Incident

🔒Discord has confirmed that attackers accessed data belonging to users who contacted its customer support after a breach at a third-party provider, reportedly Zendesk. Exposed information includes names, Discord usernames, emails, IP addresses, messages with support agents, limited billing details (payment type and last four card digits), and a small number of government ID images. Discord says full card numbers, CCV codes and account passwords were not accessed, and is contacting affected users while warning of potential phishing attempts.

Asahi Confirms Ransomware Attack, Data Exfiltrated

🛡️ Asahi has confirmed a ransomware attack that resulted in an "unauthorized transfer of data" from its servers. The Tokyo-based brewer said it isolated affected systems and established an Emergency Response Headquarters to investigate, working with external cybersecurity experts. Operational impacts in Japan include suspended system-based ordering, shipments and call centers, with partial manual processing underway. The company has not disclosed whether a ransom demand was made.

Renault Notifies Customers After Supplier Data Breach

🔒 Renault has informed customers that a cyber-attack on a third-party supplier led to the extraction of personal data from one of the supplier's systems. The vendor confirmed the breach affected names, gender, contact details, postal addresses and vehicle identification and registration numbers, though no financial information or passwords appear to have been taken. Renault says its own systems were not compromised and that the incident has been contained, and it has notified the relevant authorities. Affected customers are warned to expect targeted phishing using the stolen information.

Identifiable Discord User Data Exposed in Third-Party Breach

🔒 Hackers accessed a third-party customer service system used by Discord on September 20, stealing partial payment details and personally identifying information for a limited number of users who contacted support or Trust and Safety. The attackers appear financially motivated and demanded a ransom. Discord revoked the provider's access, engaged a computer forensics firm, launched an internal investigation, and notified law enforcement. Exposed data included real names, usernames, emails, IP addresses, support messages and attachments, photos of government IDs for a small subset, and partial billing details such as payment type and the last four card digits.

Extortion Gang Reveals Alleged Salesforce Victims List

🔓 The Scattered Lapsus$ Hunters gang opened a public data-leak site claiming it stole Salesforce data from dozens of global companies, including Salesforce, Toyota, FedEx, Disney/Hulu, Marriott and Google. The group set an Oct. 10 deadline for ransom payments and threatened to publish or even use stolen documents in legal actions if demands are not met. Salesforce says its investigation found no indication the platform itself was compromised and attributes the incidents to past or unsubstantiated claims. Researchers link many breaches to vishing that installs malicious connected apps and to compromised OAuth tokens in Salesloft Drift, underscoring a broader SaaS supply-chain risk.

Renault and Dacia UK Notify Customers of Data Breach

🔒 Renault and Dacia UK have informed customers that personal information was exposed following a cyberattack on an unnamed third‑party provider. The compromised data includes full name, gender, phone number, email and postal address, as well as Vehicle Identification Numbers (VINs) and vehicle registration numbers; banking data was not affected. Renault says the supplier isolated the incident and removed the threat, and the Information Commissioner’s Office (ICO) has been notified. Recipients are urged to remain vigilant against unsolicited calls and emails and to avoid sharing passwords.

WestJet Data Breach Affects 1.2 Million Customers Update

🛫 WestJet has confirmed a data breach affecting 1.2 million customers following a June 13, 2025 intrusion, and notified authorities on September 29. The airline says a "sophisticated, criminal third party" accessed names, contact details, reservation documents and other relationship data; WestJet Rewards members may have had IDs and points balances exposed, though account passwords were not accessed. WestJet states that credit card numbers, expiry dates and CVVs were not compromised, systems are secure, affected customers are being contacted, and identity protection is being offered where appropriate.

Android spyware campaigns impersonate Signal and ToTok

🔒 Two newly identified Android spyware campaigns, dubbed ProSpy and ToSpy, impersonate Signal and ToTok to trick users into installing malicious APKs masquerading as a Signal encryption plugin or a Pro ToTok build. The malware requests standard messenger permissions and exfiltrates contacts, SMS, media, app lists and ToTok backups. ESET found distribution via cloned websites and noted persistence techniques to survive reboots. Users in the UAE appear to be targeted; download apps only from official stores or publishers and keep Play Protect enabled.

Android spyware targeting Signal and ToTok users in UAE

🔒 ESET researchers uncovered two previously undocumented Android spyware families—Android/Spy.ProSpy and Android/Spy.ToSpy—distributed via deceptive websites that impersonate Signal, ToTok and even app stores. Both families require manual APK installation from third‑party sites and maintain persistence while exfiltrating contacts, media, documents and chat backups. ToSpy notably seeks .ttkmbackup files and uses AES‑CBC encryption with a hardcoded key; several C&C servers remained active. Google Play Protect already blocks known variants, and ESET shared findings with Google.

Ransomware Incident at Dealer Software Vendor Exposes Data

🔒 A ransomware attack on Motility Software Solutions on August 19, 2025, encrypted portions of its systems and may have exposed personal information for approximately 766,000 customers. The DMS vendor supports about 7,000 dealerships and stores data including names, emails, phone numbers, dates of birth, Social Security numbers, and driver’s license numbers. Motility restored systems from backups, implemented additional security measures, and is offering one year of identity monitoring through LifeLock to affected individuals.

Adobe Analytics ingestion bug leaked customer data

⚠️ Adobe warns that a performance optimization change to Adobe Analytics data collection introduced an ingestion bug on September 17, 2025 at 12:20 UTC that caused some organizations' tracking fields to be overwritten with values from other customers' streams. Adobe reverted the change on September 18 at 11:00 UTC, said the issue was not caused by malicious activity, and reported roughly 3–5% of collected rows were corrupted. Impacted channels include Data Feeds, Live Stream, scheduled reports, and downstream products; Adobe has instructed affected customers to immediately delete any data received during the incident window while engineering teams cleanse impacted datasets.