#data-breach

#data-breach

Betterment, which offers automated investment and financial planning services, first disclosed the breach in January after detecting unauthorized access to certain internal systems on January 9. Betterment said the hacker gained entry through a social engineering scheme that relied on impersonation to infiltrate third-party marketing and operations tools, then used that access to send customers a fraudulent cryptocurrency promotion disguised as an official company message.

The rise of OpenClaw, a proactive agentic AI controlled through interfaces more familiar to the average user than tools like Anthropic's Claude Code, which enthralled early adopters over the holiday period, has been one of the most seismic shifts in the AI world since the release of ChatGPT. By piggybacking on user-friendly interfaces paired with powerful AI agent technology, OpenClaw has pushed AI further into the public eye.

Catch up quick: Researchers reported last month that bondu, an AI-powered conversational toy company, inadvertently exposed children's chat transcripts and personal data through a publicly accessible portal. Bondu, which allows parents to check their children's conversations, said it took down the exposed portal and relaunched it the next day with authentication measures, according to Wired. Driving the news: New Hampshire Senator Maggie Hassan, the ranking member of the Senate's Joint Economic Committee, is now asking bondu to explain how the exposure occurred.

The company became aware of the breach which included personal information of its website customers "including credit card information" on Friday, it told CBC News in a statement. Canada Computers & Electronics said the affected customers were informed on Monday, given recommendations about steps to take, and that the breach was reported to authorities. But neither the statement, nor the notices seen by CBC News that went out to customers, says when the breach happened, how long it lasted or how many customers were affected.

A data breach at SoundCloud that came to light in December 2025 is now becoming clearer. The data breach monitor Have I Been Pwned added the leaked dataset to its database this week, revealing the true extent of the impact. SoundCloud is a global audio platform where artists and listeners come together and where hundreds of millions of music and audio tracks are hosted.

The Department of Education in Victoria, Australia, notified parents that attackers accessed a database containing the personal information and email addresses of current and former students, prompting password resets. The department disclosed the breach in letters sent to parents, stating that an unauthorized third party accessed students' names, school names, year levels, and school-issued email addresses, as well as encrypted passwords for accounts that use them.

Eurail B.V. has unfortunately experienced a security breach within our systems that resulted in unauthorized access to customer data. Following the discovery, we immediately began work to secure our systems and initiated an investigation with the support of external cybersecurity specialists and legal advisors. We take this matter very seriously and are currently conducting a thorough investigation to determine the full scope of the incident and its potential impact on customers, which includes participants of the European Commission's DiscoverEU action.

The Royal Borough of Kensington and Chelsea (RBKC) in Greater London is in the process of contacting households across the borough after establishing in December that personal data on thousands of residents was stolen in a cyber attack on shared systems operated by the council. Over a month after the incident, several services remain disrupted or are operating in a limited capacity.

For residents and patients, the account information included first and last name, Social Security number, date of birth, Medicare number, or medical treatment and condition information. For those individuals who were not residents, personal information involved first and last name, in combination with one or more of the following data element(s): Social Security number, passport number, driver's license or state identity card information, medical information, health insurance information, and online log-in information corresponding with the individual whose email account was compromised.

Kensington and Chelsea Council has written to 100,000 households warning their personal details may have been taken in a recent cyber attack. The town hall urged residents to follow National Cyber Security Centre advice and warned criminals could use the information to make scams seem more legitimate, according to an update on its website. The council said the attack was carried out "with criminal intent"

Recognizing the attempt at reconnaissance, they set up a honeytrap account using synthetic data. "This led to a successful login by the threat actor to one of the emulated applications containing synthetic data. While the successful login could have enabled the actor to gain unauthorized access and commit a crime, it also provided us with strong proof of their activity," they wrote.