#data-breach

[ follow ]
#cybersecurity #cyberattack #ransomware #european-commission #personal-information #shinyhunters #litellm
#ai-security
Privacy professionals
fromWIRED
2 weeks ago

Sears Exposed AI Chatbot Phone Calls and Text Chats to Anyone on the Web

Sears Home Services exposed 3.7 million chat logs and 1.4 million audio files containing customer personal information through unsecured databases housing conversations with AI chatbot Samantha.
Privacy professionals
fromWIRED
2 weeks ago

Sears Exposed AI Chatbot Phone Calls and Text Chats to Anyone on the Web

Sears Home Services exposed 3.7 million chat logs and 1.4 million audio files containing customer personal information through unsecured databases housing conversations with AI chatbot Samantha.
more#ai-security
#cybersecurity
fromTNW | Eu
1 day ago
Information security

European Commission breached after hackers poisoned open-source security tool Trivy

fromTechCrunch
1 day ago
EU data protection

Europe's cyber agency blames hacking gangs for massive data breach and leak | TechCrunch

Information security
fromSecurityWeek
2 days ago

In Other News: ChatGPT Data Leak, Android Rootkit, Water Facility Hit by Ransomware

New Android malware targets banking users, Italy fines Intesa Sanpaolo for data breach, Apple updates Mac security against ClickFix attacks.
Los Angeles
fromLos Angeles Times
2 days ago

L.A. Metro confirms it was hacked. Weeks later, it's still getting systems back online

L.A. Metro shut down parts of its network due to detected hacking activity, while maintaining uninterrupted transit services.
Information security
fromTNW | Eu
1 day ago

European Commission breached after hackers poisoned open-source security tool Trivy

A major data breach at the European Commission was caused by TeamPCP exploiting a supply chain attack on the Trivy security tool.
EU data protection
fromSecurityWeek
1 day ago

European Commission Confirms Data Breach Linked to Trivy Supply Chain Attack

Hackers stole over 300GB of data from the European Commission's AWS environment using a compromised API key from the Trivy supply chain attack.
EU data protection
fromTechCrunch
1 day ago

Europe's cyber agency blames hacking gangs for massive data breach and leak | TechCrunch

A cybercriminal group known as TeamPCP hacked the EU's executive body, stealing 92 gigabytes of data, including personal information.
Information security
fromSecurityWeek
2 days ago

In Other News: ChatGPT Data Leak, Android Rootkit, Water Facility Hit by Ransomware

New Android malware targets banking users, Italy fines Intesa Sanpaolo for data breach, Apple updates Mac security against ClickFix attacks.
more#cybersecurity
fromSecuritymagazine
2 days ago

AI Startup Mercor, Which Works With Open AI and Anthropic, Confirms Data Breach

Four terabytes of data have reportedly been stolen, including database records and source code. Allegedly stolen data has been published on a leak site, containing Slack information, internal ticketing data, and videos of conversations between Mercor's AI systems and contractors.
Information security
Privacy professionals
fromSilicon Canals
2 days ago

A fintech app asked users for their passports - then left 360,000 files unprotected for five years - Silicon Canals

A money transfer app exposed over 360,000 sensitive files on a public server for nearly five years, including unencrypted personal documents.
Privacy professionals
fromSecurityWeek
2 days ago

T-Mobile Sets the Record Straight on Latest Data Breach Filing

T-Mobile confirmed a data breach was caused by an insider incident affecting only one account with limited information exposed.
#fintech
Privacy professionals
fromSilicon Canals
2 days ago

A money-transfer app stored customer passports on an unencrypted, publicly accessible server for nearly five years - Silicon Canals

Fintech companies face regulatory pressure to collect identity documents but lack enforceable obligations to protect them, leading to data breaches.
fromSilicon Canals
2 days ago
Privacy professionals

Fintech apps demand your passport for verification - then leave it on an unprotected server - Silicon Canals

Duc's exposed server revealed unprotected sensitive personal data, highlighting significant gaps in fintech data protection practices.
Privacy professionals
fromSilicon Canals
2 days ago

A money-transfer app stored customer passports on an unencrypted, publicly accessible server for nearly five years - Silicon Canals

Fintech companies face regulatory pressure to collect identity documents but lack enforceable obligations to protect them, leading to data breaches.
Privacy professionals
fromSilicon Canals
2 days ago

Fintech apps demand your passport for verification - then leave it on an unprotected server - Silicon Canals

Duc's exposed server revealed unprotected sensitive personal data, highlighting significant gaps in fintech data protection practices.
more#fintech
Privacy professionals
fromTechCrunch
2 days ago

Telehealth giant Hims & Hers says its customer support system was hacked | TechCrunch

Hims & Hers confirmed a data breach affecting customer support data, including names and contact information, but not medical records.
Privacy technologies
fromTechCrunch
2 days ago

Exclusive: Money transfer app Duc exposed thousands of driver's licenses and passports to the open web

A publicly accessible Amazon storage server exposed personal data of hundreds of thousands, including driver's licenses and passports, without encryption.
#healthcare
Healthcare
fromSecurityWeek
3 days ago

250,000 Affected by Data Breach at Nacogdoches Memorial Hospital

Nacogdoches Memorial Hospital notified 250,000 individuals of a data breach compromising personal and health information.
Healthcare
fromSecurityWeek
3 days ago

250,000 Affected by Data Breach at Nacogdoches Memorial Hospital

Nacogdoches Memorial Hospital notified 250,000 individuals of a data breach compromising personal and health information.
more#healthcare
#supply-chain-attack
more#supply-chain-attack
Information security
fromTheregister
3 days ago

The company's biggest security hole lived in the breakroom

An internet-connected coffee machine caused a major data breach by exploiting security vulnerabilities in a corporate network.
fromTNW | Data-Security
3 days ago

Hasbro hacked: Peppa Pig & Transformers owner warns of weeks of disruption

Hasbro disclosed unauthorized access to its systems, an intrusion first detected on 28 March that has since forced the company to take parts of its infrastructure offline and warn that product deliveries could be delayed for weeks.
London startup
#cyberattack
EU data protection
fromSecurityWeek
6 days ago

European Commission Reports Cyber Intrusion and Data Theft

The European Commission confirmed a cyberattack that compromised its cloud infrastructure, resulting in the theft of hundreds of gigabytes of data.
EU data protection
fromTechCrunch
1 week ago

European Commission confirms cyberattack after hackers claim data breach | TechCrunch

A cyberattack on the European Commission's cloud infrastructure resulted in the theft of significant data, but internal systems remain unaffected.
Information security
fromSecurityWeek
3 weeks ago

Iran-Linked Hacker Attack on Stryker Disrupted Manufacturing and Shipping

Iran-linked cyberattack on Stryker caused global disruption to Microsoft environment, affecting order processing, manufacturing, and shipping operations.
EU data protection
fromSecurityWeek
6 days ago

European Commission Reports Cyber Intrusion and Data Theft

The European Commission confirmed a cyberattack that compromised its cloud infrastructure, resulting in the theft of hundreds of gigabytes of data.
EU data protection
fromTechCrunch
1 week ago

European Commission confirms cyberattack after hackers claim data breach | TechCrunch

A cyberattack on the European Commission's cloud infrastructure resulted in the theft of significant data, but internal systems remain unaffected.
Information security
fromSecurityWeek
3 weeks ago

Iran-Linked Hacker Attack on Stryker Disrupted Manufacturing and Shipping

Iran-linked cyberattack on Stryker caused global disruption to Microsoft environment, affecting order processing, manufacturing, and shipping operations.
more#cyberattack
Information security
fromTechCrunch
4 days ago

Mercor says it was hit by cyberattack tied to compromise of open-source LiteLLM project | TechCrunch

Mercor confirmed a security incident linked to a supply chain attack involving LiteLLM, affecting its data and operations.
Information security
fromTheregister
4 days ago

Don't open that WhatsApp message, Microsoft warns

WhatsApp messages are being exploited to deliver malicious files that allow attackers to control victims' machines and access their data.
Healthcare
fromTechCrunch
5 days ago

Health data giant CareCloud says hackers accessed patients' medical records | TechCrunch

CareCloud experienced a data breach where hackers accessed patient electronic health records for over eight hours, but data exfiltration status remains unclear.
EU data protection
fromTheregister
6 days ago

European Commission admits breach of public web systems

The European Commission confirmed a data breach affecting its public web infrastructure, with details on the extent and nature of the data taken remaining unclear.
fromwww.cbc.ca
1 week ago

Settlement approved for Canadians affected by past 23andMe data breach | CBC News

The settlement will provide $3.25 million US for Canada-based victims of the breach, which saw hackers gain access to customers' data including people in Canada in 2023.
EU data protection
#lloyds-banking-group
Privacy professionals
fromTheregister
1 week ago

Lloyds app glitch exposed transactions to almost 500K users

A software update at Lloyds Banking Group exposed transaction details of up to 447,000 customers due to a defect in the API handling data.
Privacy professionals
fromTheregister
1 week ago

Lloyds app glitch exposed transactions to almost 500K users

A software update at Lloyds Banking Group exposed transaction details of up to 447,000 customers due to a defect in the API handling data.
more#lloyds-banking-group
EU data protection
fromTechzine Global
1 week ago

European Commission investigates data breach in Amazon cloud

A data breach involving Amazon's cloud infrastructure has resulted in the theft of over 350 GB of data, with threats to publish it online.
Soccer (FIFA)
fromTheregister
1 week ago

AFC Ajax drops ball as hackers transfer tickets, lift bans

AFC Ajax experienced a data breach due to vulnerabilities, exposing personal data and allowing unauthorized access to user accounts.
Privacy professionals
fromwww.bbc.com
1 week ago

Lloyds bank reveals IT glitch affected almost half a million customers

A recent IT issue affected nearly 447,936 customers of Lloyds, Halifax, and Bank of Scotland, exposing their transaction data to others.
fromTechzine Global
1 week ago

Dutch football club Ajax hid data breach after report from ethical hacker

In 2017, Rasnab gained access to the Amsterdam club's ticketing system, which was then operated in collaboration with Eventim. Through that system, he was able to view personal data of fans and employees, including data on club icon Sjaak Swart.
Privacy professionals
London politics
fromwww.standard.co.uk
1 week ago

Victims of cyber attack on London council 'won't be told for months' that their details have been stolen

Kensington and Chelsea Council is notifying residents of a data breach, with the process expected to start by summer 2026.
#hackerone
Privacy professionals
fromTheregister
1 week ago

HackerOne slams supplier over delayed breach notice

HackerOne employees were affected by a data breach linked to a third-party benefits provider, Navia Benefit Solutions, due to a security flaw.
Privacy professionals
fromTheregister
1 week ago

HackerOne slams supplier over delayed breach notice

HackerOne employees were affected by a data breach linked to a third-party benefits provider, Navia Benefit Solutions, due to a security flaw.
more#hackerone
#crunchyroll
Privacy professionals
fromTechCrunch
1 week ago

Crunchyroll confirms data breach after hacker claims unauthorized access | TechCrunch

Crunchyroll confirmed a data breach involving customer service ticket information due to a third-party vendor incident, affecting millions of users.
Privacy professionals
fromTechCrunch
1 week ago

Crunchyroll confirms data breach after hacker claims unauthorized access | TechCrunch

Crunchyroll confirmed a data breach involving customer service ticket information due to a third-party vendor incident, affecting millions of users.
more#crunchyroll
Privacy professionals
fromTechRepublic
1 week ago

Millions of Anonymous Student and Crime Tips Exposed in Major Data Breach

Sensitive data from a crime tip platform was exposed, raising concerns about the safety and privacy of users relying on such systems.
Privacy professionals
fromSecurityWeek
1 week ago

Mazda Says Employee, Partner Information Stolen in Cyberattack

Mazda Motor Corporation experienced a data breach affecting personal information of 692 employees and business partners due to unauthorized access to its management system.
#ransomware
Information security
fromSecurityWeek
1 week ago

Chip Services Firm Trio-Tech Says Subsidiary Hit by Ransomware

Trio-Tech's Singapore subsidiary experienced a ransomware attack, leading to file encryption and ongoing investigations into the incident.
Information security
fromTheregister
1 week ago

Chip tester shrugged off ransomware - then came the leak

Trio-Tech International reversed its initial assessment of a ransomware attack, now considering it a material cybersecurity event after data was disclosed.
Privacy professionals
fromSecurityWeek
3 weeks ago

238,000 Impacted by Bell Ambulance Data Breach

Bell Ambulance notified 237,830 individuals of a February 2025 data breach exposing personal, financial, medical, and health insurance information after the Medusa ransomware gang claimed responsibility.
Information security
fromSecurityWeek
1 week ago

Chip Services Firm Trio-Tech Says Subsidiary Hit by Ransomware

Trio-Tech's Singapore subsidiary experienced a ransomware attack, leading to file encryption and ongoing investigations into the incident.
Information security
fromTheregister
1 week ago

Chip tester shrugged off ransomware - then came the leak

Trio-Tech International reversed its initial assessment of a ransomware attack, now considering it a material cybersecurity event after data was disclosed.
Privacy professionals
fromSecurityWeek
3 weeks ago

238,000 Impacted by Bell Ambulance Data Breach

Bell Ambulance notified 237,830 individuals of a February 2025 data breach exposing personal, financial, medical, and health insurance information after the Medusa ransomware gang claimed responsibility.
more#ransomware
Privacy professionals
fromSecurityWeek
2 weeks ago

Marquis Data Breach Affects 672,000 Individuals

Marquis, a marketing and compliance provider for financial institutions, disclosed a data breach affecting approximately 672,000 individuals, with stolen personal and financial information including SSNs, addresses, and payment card numbers.
#phishing-attack
Privacy professionals
fromSecurityWeek
2 weeks ago

Security Firm Aura Discloses Data Breach Impacting 900,000 Records

Aura suffered a data breach affecting 900,000 records after a phishing attack compromised an employee account for approximately one hour, exposing names, email addresses, and contact information of roughly 35,000 customers.
Information security
fromSecuritymagazine
2 weeks ago

Targeted Phishing Attack Breaches Biotech Company Data

Intuitive Surgical suffered a phishing attack compromising employee credentials, exposing customer and corporate data, though operational systems and customer networks remained unaffected due to network segmentation.
Privacy professionals
fromSecurityWeek
3 weeks ago

Starbucks Data Breach Impacts Employees

Starbucks experienced a data breach affecting approximately 900 employees through phishing attacks that compromised Partner Central accounts, exposing names, social security numbers, dates of birth, and financial information.
Privacy professionals
fromSecurityWeek
2 weeks ago

Security Firm Aura Discloses Data Breach Impacting 900,000 Records

Aura suffered a data breach affecting 900,000 records after a phishing attack compromised an employee account for approximately one hour, exposing names, email addresses, and contact information of roughly 35,000 customers.
Information security
fromSecuritymagazine
2 weeks ago

Targeted Phishing Attack Breaches Biotech Company Data

Intuitive Surgical suffered a phishing attack compromising employee credentials, exposing customer and corporate data, though operational systems and customer networks remained unaffected due to network segmentation.
Privacy professionals
fromSecurityWeek
3 weeks ago

Starbucks Data Breach Impacts Employees

Starbucks experienced a data breach affecting approximately 900 employees through phishing attacks that compromised Partner Central accounts, exposing names, social security numbers, dates of birth, and financial information.
more#phishing-attack
#ransomware-attack
Privacy professionals
fromTechCrunch
2 weeks ago

Marquis says over 672,000 people had personal and financial data stolen in ransomware attack | TechCrunch

Marquis, a fintech company serving hundreds of banks, suffered a ransomware attack in August 2025 that compromised personal and financial data of over 672,000 people, with more than half residing in Texas.
Information security
fromTheregister
3 weeks ago

Crims hit EV charger firm ELECQ, steal customer contact data

ELECQ, a smart EV charger maker, suffered a ransomware attack on March 7 that encrypted and copied customer personal data including names, email addresses, phone numbers, and home addresses from its AWS cloud systems.
Privacy professionals
fromTechCrunch
2 weeks ago

Marquis says over 672,000 people had personal and financial data stolen in ransomware attack | TechCrunch

Marquis, a fintech company serving hundreds of banks, suffered a ransomware attack in August 2025 that compromised personal and financial data of over 672,000 people, with more than half residing in Texas.
Information security
fromTheregister
3 weeks ago

Crims hit EV charger firm ELECQ, steal customer contact data

ELECQ, a smart EV charger maker, suffered a ransomware attack on March 7 that encrypted and copied customer personal data including names, email addresses, phone numbers, and home addresses from its AWS cloud systems.
more#ransomware-attack
UK politics
fromwww.independent.co.uk
2 weeks ago

Thousands of Afghans still in limbo over UK resettlement five years on

Nearly 30,000 Afghans await UK resettlement decisions five years after Kabul's fall, with urgent intervention needed to meet the March 2029 deadline.
Cryptocurrency
fromBitcoin Magazine
2 weeks ago

Bitrefill Discloses Cyberattack, Points To North Korea's Lazarus Group

Bitrefill suffered a cyberattack on March 1 originating from a compromised employee laptop, with the Lazarus Group suspected as the perpetrator, resulting in stolen cryptocurrency and exposure of approximately 18,500 customer records.
fromTheregister
2 weeks ago

EU sanctions Iranian cyber crew behind US election tampering

Based in Tehran, Emennet Pasargad is responsible for a variety of high-profile cyberattacks on Western organizations. Among these are attempted interference with US elections and attacks on the subscribers of French satirical magazine Charlie Hebdo, the Council stated.
France politics
UK news
fromwww.independent.co.uk
2 weeks ago

Lloyds faces questions over troubling' banking app glitch

Lloyds Banking Group faces parliamentary scrutiny after a data breach exposed customers' financial transactions through its banking app, prompting the Treasury Committee to demand immediate answers and compensation details.
Privacy professionals
fromComputerWeekly.com
2 weeks ago

Companies House restarts online services following cyber breach | Computer Weekly

Companies House restored its WebFiling service after discovering a security flaw that exposed personal data and allowed unauthorized actions to logged-in users with authorization codes.
#cybersecurity-vulnerability
fromBusiness Matters
2 weeks ago
Privacy professionals

Companies House suspends online filing service after cyber vulnerability exposes director data

Companies House suspended its WebFiling service after a security vulnerability allowed users to access and edit other companies' sensitive personal data through a browser back button exploit.
fromLawSites
1 month ago
Information security

LexisNexis Says Data Breach Has Been Cointained; Hackers Claim Access to Government and Law Firm User Data

Hackers exploited an unpatched React vulnerability to breach LexisNexis servers, accessing millions of records including sensitive government employee data and plaintext credentials.
Privacy professionals
fromBusiness Matters
2 weeks ago

Companies House suspends online filing service after cyber vulnerability exposes director data

Companies House suspended its WebFiling service after a security vulnerability allowed users to access and edit other companies' sensitive personal data through a browser back button exploit.
Information security
fromLawSites
1 month ago

LexisNexis Says Data Breach Has Been Cointained; Hackers Claim Access to Government and Law Firm User Data

Hackers exploited an unpatched React vulnerability to breach LexisNexis servers, accessing millions of records including sensitive government employee data and plaintext credentials.
more#cybersecurity-vulnerability
Privacy professionals
fromWIRED
3 weeks ago

Do You Need an Identity Protection Service for Safe Browsing?

Identity theft protection services function as insurance products offering reactive compensation for damages rather than active prevention, with coverage details and sub-benefit caps critically affecting actual protection value.
Privacy professionals
fromwww.theguardian.com
3 weeks ago

Confidential health records from UK BioBank project exposed online

UK Biobank researchers have repeatedly exposed confidential health data online, creating privacy risks despite the absence of direct identifiers in the leaked files.
#salesforce-security
Information security
fromSecuritymagazine
3 weeks ago

Why Are Platform Ecosystems - Like Salesforce - Often Targeted?

Salesforce warned users of increased threat actor activity exploiting misconfigured publicly accessible sites and permissive guest user settings to gain unauthorized data access for social engineering and vishing campaigns.
Information security
fromTheregister
3 weeks ago

ShinyHunters claims yet another Salesforce customers breach

ShinyHunters claims to have stolen data from approximately 100 high-profile companies including Salesforce, Snowflake, Okta, LastPass, Sony, and AMD through exploiting overly broad guest user permissions on Salesforce Experience Cloud sites.
Information security
fromSecuritymagazine
3 weeks ago

Why Are Platform Ecosystems - Like Salesforce - Often Targeted?

Salesforce warned users of increased threat actor activity exploiting misconfigured publicly accessible sites and permissive guest user settings to gain unauthorized data access for social engineering and vishing campaigns.
Information security
fromSecurityWeek
3 weeks ago

Hundreds of Salesforce Customers Allegedly Targeted in New Data Theft Campaign

ShinyHunters targets Salesforce instances through social engineering and misconfiguration exploitation, not platform vulnerabilities, prompting Salesforce warnings about overly permissive guest user settings.
Information security
fromTheregister
3 weeks ago

ShinyHunters claims yet another Salesforce customers breach

ShinyHunters claims to have stolen data from approximately 100 high-profile companies including Salesforce, Snowflake, Okta, LastPass, Sony, and AMD through exploiting overly broad guest user permissions on Salesforce Experience Cloud sites.
more#salesforce-security
Information security
fromTechRepublic
3 weeks ago

Security Flaw in WordPress Plugin Puts 400,000 Websites at Risk

A critical vulnerability in the Ally WordPress plugin allows unauthenticated attackers to extract sensitive database data including password hashes from hundreds of thousands of affected websites.
Information security
fromSecurityWeek
3 weeks ago

Michelin Confirms Data Breach Linked to Oracle EBS Attack

Michelin confirmed a data breach from the Cl0p ransomware group's Oracle EBS zero-day exploitation campaign affecting over 100 organizations.
Privacy professionals
fromEngadget
3 weeks ago

Social Security watchdog investigating claims that DOGE engineer copied its databases

A former software engineer associated with Elon Musk's Department of Government Efficiency is under investigation for allegedly possessing and attempting to transfer sensitive Social Security Administration databases containing personal information on over 500 million Americans.
fromTechCrunch
3 weeks ago

DOGE employee stole Social Security data and put it on a thumb drive, report says | TechCrunch

A former DOGE software engineer told co-workers at their new job that he "possessed two tightly restricted databases of U.S. citizens' information" and was planning to use the information at his new company, according to the report, which added that the Social Security Administration's inspector general is investigating the whistleblower complaint.
Privacy professionals
Privacy professionals
fromSecurityWeek
3 weeks ago

Thousands Affected by Ericsson Data Breach

Ericsson's US subsidiary disclosed a data breach at a third-party service provider affecting approximately 15,000 individuals, with unauthorized access occurring between April 17-22, 2025.
Information security
fromTechzine Global
3 weeks ago

Ericsson breach: voice phishing call exposed over 15,000 records

A vishing attack on an Ericsson vendor exposed personal data including Social Security numbers and medical information for 15,661 people after an employee was tricked into revealing account access.
Privacy professionals
fromTheregister
3 weeks ago

Ericsson breach blamed on third party vendor vishing attack

A voice-phishing attack on an Ericsson service provider exposed personal data of over 15,000 individuals, including names, Social Security numbers, and government-issued IDs.
fromTechRepublic
4 weeks ago

LexisNexis Hack Exposes 3.9M Records Through Unpatched React Vulnerability

According to BleepingComputer, a recent breach on LexisNexis gave hackers access to nearly 4 million database records, thousands of accounts, password hashes, and cloud records. The company admitted the hackers gained access by exploiting an unpatched React vulnerability in its systems.
Information security
Privacy technologies
fromTheregister
4 weeks ago

Transport for London says 2024 breach affected 7M customers

Transport for London's 2024 data breach exposed over 7 million people's information, vastly exceeding the initial 5,000 customer estimate, with potential access to names, contact details, email addresses, home addresses, and bank account data.
Information security
fromThe Hacker News
1 month ago

FBI and Europol Seize LeakBase Forum Used to Trade Stolen Credentials

Law enforcement dismantled LeakBase, a major cybercriminal forum with 142,000 members that traded stolen data and hacking tools, seizing all content and accounts for evidence.
[ Load more ]