#data-breach

#data-breach

Tiffany writes that they experienced a cybersecurity incident on or around May 12, 2025. "Based on our investigation, we determined on September 9, 2025, that, in connection with this issue, an unauthorized party obtained certain information related to your Tiffany gift card(s)," the letter states, adding, "The affected information included client name, postal address, email address, phone number, sales data, internal client reference number, and Tiffany gift card number and PIN."

A US-based fintech firm has warned customers their data may have been exposed following an insider attack.

The Scattered Lapsus$ Hunters hacking group, recently linked to the attack on Jaguar Land Rover that has devastated the company, has announced that it plans to shut down.

Cyber criminals have stolen the private details of potentially millions of Balenciaga, Gucci and Alexander McQueen customers in an attack. The stolen data includes names, email addresses, phone numbers, addresses and the total amount spent in the luxury stores around the world. Kering, the parent company of the luxury brands, has confirmed the breach and says it disclosed the incident to the relevant data protection authorities.

London Underground London Underground has invited union leaders to talks next week in a bid to resolve a dispute over pay and hours which led to strikes. Standard There are several out-of-date signs around the tube network, but few this one. Diamond Geezer Moment fare dodger pushes bike through ticket barrier at London's Bank Station Standard Sir Sadiq says strikes are 'ultimately a sign of failure' and again calls for the RMT and TfL to get around the negotiating table Standard

Since 2022, the ICO has investigated 215 hacks and breaches in education settings and says 57% were carried out by children. According to the new data, almost a third of the breaches involved students illegally logging into staff computer systems by guessing passwords or stealing details from teachers. In one incident, a seven-year-old was involved in a data breach and subsequently referred to the National Crime Agency's Cyber Choices programme to help them understand the seriousness of their actions.

However, in the latest update today, JLR confirmed that the situation was rather worse than initially estimated. A spokesperson said in a statement: "As a result of our ongoing investigation, we now believe that some data has been affected and we are informing the relevant regulators. Our forensic investigation continues at pace and we will contact anyone as appropriate if we find that their data has been impacted."

The breach involved the accidental disclosure of a spreadsheet sent to our parent body that contained student names, DOB, gender, parent/carer contact telephone numbers of students in Years 7 to 11. We have apologised to our school community for this incident and have been responding to any concerns throughout. Our first step was to contain the breach by contacting our management information system provider and ensuring that the SMS message was removed and recalled.

It was only after calling, asking individual gyms that mentioned their locations in the recording,

Plex recommends using the option that automatically logs out all connected devices after the change. This ensures that active sessions that could potentially be exploited by third parties are terminated and that users must log in again with their new credentials. Users who log in via Single Sign-On must take an additional step: they must manually log out of all devices via plex.tv/security and then log in again with their new login details.

Some data breaches make headlines for the number of people affected globally, such as a Facebook scraping incident in 2019 that affected 553 million people worldwide. Then there are breaches that affect a country's entire population or much of it, such as a misconfigured database that exposed almost the entire population of Ecuador in 2019, an insider breach that compromised the information of almost all Israelis in 2006,

The government is unable to calculate the total cost of a secret relocation plan it set up following the Afghan data leak, the public spending watchdog has said. The Ministry of Defence (MoD) estimates the cost of the massive data breach - and setting up a new scheme to relocate those whose lives might be at risk over it - to be 850m. But the National Audit Office (NAO) says the MoD has not provided enough evidence to give it confidence in that figure, which does not include legal expenses, or compensation claims likely to follow.

Because of this breach, someone outside Cloudflare got access to our Salesforce instance, which we use for customer support and internal customer case management, and some of the data it contains,

It examined 11 major UK data breaches between 2008 and 2023, including the Ministry of Defence's (MoD) dangerous email blunder that exposed the details of Afghans who worked with British forces during the conflict with the Taliban, as well as British troops and spies. The others included a similar email mistake made by the Police Service of Northern Ireland, Norfolk and Suffolk police forces, Digital ID, another MoD leak of data to Malian recipients instead of US military (.ml/.mil), and more in the public sector.

We have contacted everyone who received the message and have reported the incident to the Charity Commission, the Information Commissioner's Office and the Solicitor's Regulatory Authority. We will fully comply with any investigations. We understand the significant impact this will have on those affected for which we apologise unreservedly. We remain committed to supporting victims and survivors of Church of England-related abuse to secure the financial redress, therapeutic, spiritual and emotional support, acknowledgement of wrongdoing on the part of the Church, apology and other forms of bespoke redress under this scheme.

The complaint from Charles Borges, the chief data officer at the SSA, alleges that Doge staffers effectively created a live copy of the entire country's social security data from its numerical identification system database. The information is a goldmine for bad actors, the complaint alleges, and was placed on a server without independent oversight that only Doge officials could access.

U.S. Senator Ron Wyden on Monday asked Chief U.S. Supreme Court Justice John Roberts to commission an independent review of the federal judiciary's cybersecurity practices, following a major hack of the court system's electronic case management system. Wyden, a Democrat from Oregon, in a letter to Roberts said the recent breach of the federal judiciary's filing system marked the second time since 2020 it had been hacked by foreign actors exploiting the same cyber vulnerabilities.

US insurance giant Farmers Insurance says more than a million customers had personal data nicked after a third-party vendor was compromised. The insurer, which sells car, home, life, and business cover to more than 10 million Americans, briefly published an advisory on its website confirming the breach before quietly pulling it offline [PDF]. Farmers isn't saying why, but companies sometimes retract notices to tweak wording or to coordinate with regulators.

When she finally got back on to the dating scene, she was wary. She decided to sign up for a new app where women could do background checks and share experiences of men they were dating. Users of the US-based Tea Dating Advice app, which is only available in America, could flag if potential partners were married or registered sex offenders. They could run reverse image searches to check against people using fake identities.

The association between the SIM ID, phone numbers, and real names is worrying and could enable very targeted frauds, such as phishing attacks addressing people by name or to re-associate phone numbers with a real person.