Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Data Breach. Show all posts
Vetco security lapse
Data Breach IDOR vulnerability pet medical records exposed Petco Petco Vetco leak Vetco Clinics Vetco security lapse

Petco Takes Vetco Clinics Site Offline After Major Data Exposure Leaves Customer Records Accessible Online

 

Pet wellness brand Petco has temporarily taken parts of its Vetco Clinics website offline after a security failure left large amounts of customer information publicly accessible.

TechCrunch notified the company about the exposed Vetco customer and pet data, after which Petco acknowledged the issue in a statement, saying it is investigating the incident at its veterinary services arm. The company declined to share further details.

The lapse meant that anyone online could directly download customer files from the Vetco site without needing an account or login credentials. At least one customer file was publicly visible and had even been indexed by Google, making it searchable.

According to data reviewed by TechCrunch, the exposed records included visit notes, medical histories, prescriptions, vaccination details, and other documents linked to Vetco customers and their pets.

These files contained personal information such as customer names, home addresses, phone numbers and email addresses, along with clinic locations, medical evaluations, diagnoses, test results, treatment details, itemized costs, veterinarian names, signed consent forms, and service dates.

Pet details were also disclosed, including pet names, species, breed, sex, age, date of birth, microchip numbers, medical vitals, and prescription histories.

TechCrunch reported the flaw to Petco on Friday. The company acknowledged the exposure on Tuesday after receiving follow-up communication that included examples of the leaked files.

Petco spokesperson Ventura Olvera told TechCrunch that the company has “implemented, and will continue to implement, additional measures to further strengthen the security of our systems,” though Petco did not provide proof of these measures. Olvera also declined to clarify whether the company has logging tools capable of determining whether the data was accessed or extracted during the exposure.

The vulnerability stems from how Vetco’s website generates downloadable PDFs for customers. Vetco’s portal, petpass.com, gives customers access to their vet records. However, TechCrunch discovered that the PDF-generation page was left publicly accessible without any password protection.

This allowed anyone to retrieve sensitive documents simply by altering the URL to include a customer’s unique identification number. Because Vetco’s customer IDs are sequential, adjusting the number by small increments exposed other customers’ records as well.

By checking ID numbers in increments of 100,000, TechCrunch estimated that the flaw could have exposed information belonging to millions of Petco customers.

The issue is identified as an insecure direct object reference (IDOR), a common security oversight where servers fail to verify whether the requester is authorized to access specific files.

It remains unknown how long the data was publicly exposed, but the record visible on Google dated back to mid-2020.

This marks the third data incident involving Petco in 2025, according to TechCrunch’s reporting.

Earlier in the year, hackers linked to the Scattered Lapsus$ Hunters group reportedly stole a large trove of customer data from a Salesforce-hosted Petco database and sought ransom payments to avoid leaking the data.

In September, Petco disclosed another breach involving a misconfigured software setting that mistakenly made certain files available online. That incident exposed highly sensitive data—including Social Security numbers, driver’s license details, and payment information like credit and debit card numbers.

Olvera did not confirm how many customers were affected by the September breach. Under California law, organizations must publicly report breaches affecting more than 500 state residents.

TechCrunch believes the newly discovered Vetco data exposure is a separate event because Petco had already begun notifying customers about the earlier breach months prior.
Read more »
Vendor Breach
Data Breach Data Leak Mixpanel OpenAI User Privacy Vendor Breach

OpenAI Vendor Breach Exposes API User Data

 

OpenAI revealed a security incident in late- November 2025 that allowed hackers to access data about users via its third-party analytics provider, Mixpanel. The breach, which took place on November 9, 2025, exposed a small amount of personally identifiable information for some OpenAI API users, although OpenAI stressed that its own systems had not been the target of the attack.

Breach details 

The breach occurred completely within Mixpanel’s own infrastructure, when an attacker was able to gain access and exfiltrate a dataset containing customer data. Mixpanel became aware of the compromise on 9 November 2025, and following an investigation, shared the breached dataset with OpenAI on 25 November, allowing the technology firm to understand the extent of potential exposure. 

The breach specifically affected users who accessed OpenAI's API via platform.openai.com, rather than regular ChatGPT users. The compromised data included several categories of user information collected through Mixpanel's analytics platform. Names provided to accounts on platform.openai.com were exposed, along with email addresses linked to API accounts. 

Additionally, coarse approximate location data determined by IP addresses, operating system and browser types, referring websites, and organization and user IDs saved in API accounts were part of the breach. However, OpenAI confirmed that more sensitive information remained secure, including chat content, API requests, API usage data, passwords, credentials, API keys, payment details, and government IDs. 

Following the incident, OpenAI took immediate action by removing Mixpanel from its services while conducting its investigation. The company notified affected users on November 26, 2025, right before Thanksgiving, providing details about the breach and emphasizing that it was not a compromise of OpenAI's own systems. OpenAI has suspended its integration with Mixpanel pending a thorough investigation of the incident.

Recommended measures 

OpenAI also encouraged the affected users to stay on guard for potential second wave attacks using the stolen information. Users need to be especially vigilant for phishing and social engineer attacks that could be facilitated by the leaked information, such as names, e-mail addresses and company information. A class action has also been brought against OpenAI and Mixpanel, claiming the companies did nothing to stop the breach of data that revealed personally identifiable information for thousands of users.
Read more »
TruffleHog leak
Data Breach GitHub repositories breach NPM malware Shai-Hulud attack Supply Chain Attack TruffleHog leak

Shai-Hulud 2.0 Breach Exposes 400,000 Secrets After Massive NPM Supply-Chain Attack

 

The second wave of the Shai-Hulud malware attack last week led to the exposure of nearly 400,000 raw secrets after compromising hundreds of NPM (Node Package Manager) packages and leaking stolen data across more than 30,000 GitHub repositories.

While only around 10,000 of those secrets were confirmed as valid using the TruffleHog open-source scanning tool, cloud security company Wiz reports that over 60% of the NPM tokens leaked in this incident were still active as of December 1st.

Shai-Hulud first surfaced in mid-September, infecting 187 NPM packages with a worm-like payload. The malware scanned systems for account tokens using TruffleHog, injected a harmful script into the targeted packages, and then automatically republished them.
In the latest attack, the threat escalated—impacting more than 800 packages (including all affected versions) and adding a destructive feature capable of wiping a victim’s home directory under specific conditions.

During their review of the secrets spilled by Shai-Hulud 2.0 into over 30,000 GitHub repositories, Wiz researchers found several types of sensitive files exposed:

  • About 70% of repositories contained a contents.json file with GitHub usernames, tokens, and file snapshots

  • Around 50% stored truffleSecrets.json with TruffleHog scan results

  • Nearly 80% included environment.json, which revealed OS details, CI/CD metadata, npm package information, and GitHub credentials

  • 400 repositories had actionsSecrets.json, exposing GitHub Actions workflow secrets

Wiz notes that the malware used TruffleHog without the --only-verified flag, meaning the full set of 400,000 leaked secrets only matched valid formats—they weren’t necessarily functional. Even so, the dataset still contained active credentials.

While the secret data is extremely noisy and requires heavy deduplication efforts, it still contains hundreds of valid secrets, including cloud, NPM tokens, and VCS credentials,” Wiz explained.

To date, these credentials pose an active risk of further supply chain attacks. For example, we observe that over 60% of leaked NPM tokens are still valid.

From the 24,000 environment.json files analyzed, nearly half were unique. About 23% originated from developer machines, with the remainder linked to CI/CD systems or similar automated environments.

The investigation also showed that 87% of compromised machines were running Linux, and 76% of infections occurred within containerized environments. Among CI/CD services, GitHub Actions was the most affected, followed by Jenkins, GitLab CI, and AWS CodeBuild.

When examining which packages were hit hardest, Wiz identified @postman/tunnel-agent@0.6.7 and @asyncapi/specs@6.8.3 as the most impacted—together accounting for over 60% of all infections. Researchers believe the overall damage could have been significantly reduced if these key packages had been flagged and taken down early.

The infection pattern also revealed that 99% of attacks triggered during the preinstall event, specifically through the node setup_bun.js script. The few anomalies observed were likely test runs.

Wiz warns that the operators behind Shai-Hulud are likely to continue refining their methods. The team expects more waves of supply-chain attacks powered by the extensive trove of leaked credentials gathered so far.

Read more »
Data Breach
CrowdStrike data breach cyber attack Cybernews Data Breach

CrowdStrike Fires Insider Who Leaked Internal Screenshots to Hacker Groups, Says no Customer Data was Breached

 

American cybersecurity company CrowdStrike has confirmed that screenshots taken from its internal systems were shared with hacker groups by a now-terminated employee. 

The disclosure follows the appearance of the screenshots on Telegram, posted by the cybercrime collective known as Scattered Lapsus$ Hunters. 

In a statement to BleepingComputer, a CrowdStrike spokesperson said the company’s security was not compromised as a result of the insider activity and that customers remained fully protected. According to the spokesperson, the employee in question was identified during an internal investigation last month. 

The individual was later terminated and the matter has been reported to law enforcement. CrowdStrike did not clarify which threat group was behind the leak or what drove the employee to share sensitive images. 

However, the company offered the statement after BleepingComputer reached out regarding screenshots of CrowdStrike systems circulating on Telegram. Those screenshots were posted by members of ShinyHunters, Scattered Spider, and the Lapsus$ group, who now operate collectively under the name Scattered Lapsus$ Hunters. ShinyHunters told BleepingComputer that they allegedly paid the insider 25,000 dollars for access to CrowdStrike’s network. 

The threat actors claimed they received SSO authentication cookies, but CrowdStrike had already detected the suspicious activity and revoked the employee’s access. 

The group also claimed it attempted to buy internal CrowdStrike reports on ShinyHunters and Scattered Spider but never received them. 

Scattered Lapsus$ Hunters have been responsible for a large-scale extortion campaign against companies using Salesforce. Since the beginning of the year, the group has launched voice phishing attacks to breach Salesforce customers. Their list of known or claimed victims includes Google, Cisco, Allianz Life, Farmers Insurance, Qantas, Adidas, Workday, and luxury brands under LVMH such as Dior, Louis Vuitton, and Tiffany & Co. 

They have also attempted to extort numerous high-profile organizations including FedEx, Disney, McDonald’s, Marriott, Home Depot, UPS, Chanel, and IKEA. 

The group has previously claimed responsibility for a major breach at Jaguar Land Rover that exposed sensitive data and disrupted operations, resulting in losses estimated at more than 196 million pounds. 

Most recently, ShinyHunters asserted that over 280 companies were affected in a new wave of Salesforce-related data theft. Among the names mentioned were LinkedIn, GitLab, Atlassian, Verizon, and DocuSign. 

Though, DocuSign has denied being breached, stating that internal investigations have shown no evidence of compromise.
Read more »
Ransomware Breach
Critical Systems Security Cybersecurity Threats Dark Web Claims Data Breach Digital Risk Management Gaming Infrastructure IGT Cyberattack Lottery Technology Ransomware Breach

IGT Responds to Reports of Significant Ransomware Intrusion

 


An investigation by the Russian-linked ransomware group Qilin has raised fresh concerns within the global gaming and gambling industry after they claimed responsibility for the cyber intrusion that targeted global gambling giant IGT in recent weeks. 

A dark-web leak site that listed the company on Wednesday stated that it had exfiltrated ten gigabytes of data, or more than two thousand files, which is an amount that would equal around ten gigabytes of internal data. The posting itself didn’t provide many details about this. 

As can be seen by the entry stamped in bright green with the word “Publicated”, IGT does not appear to have communicated with Qilin or they refuse to accept ransom demands from him. IGT offers a complete suite of products and services to casinos, retailers, and online operators worldwide that range from gaming machines to lottery technology to PlaySports betting platforms to iGaming systems. 

Through its suite of products, IGT supports millions of players every day. This recent breach has prompted increased scrutiny of a leading technology provider’s security posture, and raised questions about the potential impact on operations and the broader gaming infrastructure of this company. According to a recent filing submitted to the Securities and Exchange Commission, International Game Technology (IGT) has acknowledge that it is in the middle of managing a major cyber incident. 

In the filing, IGT confirmed an unauthorized attempt to access portions of its internal IT system on November 17 was detected. There is a note in the disclosure that indicates that the company's incident response procedures were immediately activated after the intrusion. 

These procedures included a number of steps commonly associated with attempts to contain suspected ransomware activities, including taking certain systems offline and engaging external forensic specialists to assist in the investigation. 

In the midst of it assessing the extent of the disruption, the notorious ransomware group Qilin also has mentioned IGT, claiming that around 10GB of data, or over 21,000 files, has been stolen from its dark-web leak portal. Despite the fact that Qilin has not yet provided proof of compromise samples, the group has labeled the archive as published, a term criminals frequently use to indicate that exfiltrated data is now circulating beyond the victim's control. This adds further urgency to IGT's efforts to contain and remediate the data in question.

A report from Cybernews claims that Qilin's leak page also offers a link to an FTP file believed to contain a complete cache of allegedly stolen information, but no verification has been made and the amount of information available is limited at this point. To date, IGT has not either confirmed or denied the gang's assertions and has not responded to media inquiries seeking clarification. 

As one of the world's biggest gaming companies, GTECH offers a range of lottery technology products across more than 100 jurisdictions, including electronic gaming machines, iLottery systems, and sports betting platforms. Its headquarters are in London, with major operations centers in Las Vegas, Rome, and Providence. IGT is the primary technology partner for 26 U.S. lotteries and casinos, serving dozens of lottery operators and casino operators across the country. 

The entire lottery industry has been facing increasing cyber threats; earlier this year, the Ohio Lottery suffered a ransomware attack that disrupted jackpot information, delayed prize claim processing, and exposed sensitive consumer and retailer information. 

With such a backdrop in mind, IGT’s statement to the SEC underscored the company’s commitment to minimizing operational disruptions while restoring systems and maintaining transparency with its customers. In order to ensure service stability while forensic specialists continue their assessment, the company has deployed contingency solutions under its business continuity framework. 

It is vital that IGT maintains trust among lottery operators, casino customers and millions of daily users as it navigates the aftermath of the breach. IGT continues to work to secure that trust as the recovery proceeds. In light of the ongoing investigation, this incident underscores the widening threat landscape that operators of high-value digital games and lotteries face.

In order to achieve the best results for IGT, it is imperative that they reinforce cyber-resilience, accelerate security modernization, and strengthen partnerships with regulators and industry partners. It is widely believed that maintaining transparency, rapid threat intelligence sharing, and investing in robust incident response capabilities will be crucial not only for restoring confidence, but also for safeguarding interconnected gaming ecosystems from increasingly sophisticated ransomware actors who are eager to exploit any vulnerabilities that may arise.
Read more »
Personal Data
CyberCrime Data Breach Data Leak Data Privacy Concerns Data Safety User Data data security Personal Data

WhatsApp Enumeration Flaw Exposes Data of 3.5 Billion Users in Massive Scraping Incident

 

Security researchers in Austria uncovered a significant privacy vulnerability in WhatsApp that enabled them to collect the personal details of more than 3.5 billion registered users, an exposure they believe may be the largest publicly documented data leak to date. The issue stems from a long-standing feature that allows users to search WhatsApp accounts by entering phone numbers. While meant for convenience, the function can be exploited to automatically compile profiles at scale. 

Using phone numbers generated with a custom tool built on Google’s libphonenumber system, the research team was able to query account details at an astonishing rate—more than 100 million accounts per hour. They reported exceeding 7,000 automated lookups per second without facing IP bans or meaningful rate-limiting measures. Their findings indicate that WhatsApp’s registered user base is larger than previously disclosed, contradicting the platform’s statement that it serves “over two billion” users globally. 

The scraped records included phone numbers, account names, profile photos, and, in some cases, personal text attached to accounts. Over half of the identified users had public profile images, and a substantial portion contained identifiable human faces. About 29 percent included text descriptions, which researchers noted could reveal sensitive personal information such as sexuality, political affiliation, drug use, professional identities, or links to other platforms—including LinkedIn and dating apps.  
The study also revealed that millions of accounts belonged to phone numbers registered in countries where WhatsApp is restricted or banned, including China, Myanmar, and North Korea. Researchers warn that such exposure could put users in those regions at risk of government monitoring, penalties, or arrest. 

Beyond state-level dangers, experts stress that the harvested dataset could be misused by cybercriminals conducting targeted phishing campaigns, fraudulent messaging schemes, robocalling, and identity-based scams. The team emphasized that the persistence of phone numbers poses an ongoing risk: half of the numbers leaked during Facebook’s large-scale 2021 data scraping incident were still active in WhatsApp’s ecosystem. 

Meta confirmed receiving the researchers’ disclosure through its bug bounty process. The company stated that it has since deployed updated anti-scraping defenses and thanked the researchers for responsibly deleting collected data. According to WhatsApp engineering leadership, the vulnerability did not expose private messages or encrypted content. 

The researchers validated Meta’s claim, noting that the original enumeration method is now blocked. However, they highlighted that verifying security completeness remains difficult and emphasized the nearly year-long delay between initial reporting and effective remediation.  
Whether this incident triggers systemic scrutiny or remains an isolated cautionary case, it underscores a critical reality: even services built around encryption can expose sensitive user metadata, creating new avenues for surveillance and exploitation.
Read more »
User Privacy
Data Breach Data Leak Gainsight Salesforce User Privacy

Salesforce Probes Gainsight Breach Exposing Customer Data

 

Salesforce has disclosed that some of its customers' data was accessed following a breach of Gainsight, a platform used by businesses to manage customer relationships. The breach specifically affected Gainsight-published applications that were connected to Salesforce, with these apps being installed and managed directly by customers. 

Salesforce emphasized that the breach did not stem from vulnerabilities in its own platform, but rather from Gainsight's external connection to Salesforce. The company is actively investigating the incident and directed further inquiries to its dedicated incident response page.

Gainsight confirmed it was investigating a Salesforce connection issue, but did not explicitly acknowledge a breach, stating that its internal investigation was ongoing. Notable companies using Gainsight's services include Airtable, Notion, and GitLab. GitLab confirmed that its security team is investigating and will share more details as they become available.

The hacking group ShinyHunters claimed responsibility for the breach, stating that if Salesforce does not negotiate with them, they will set up a new website to advertise the stolen data—a common tactic for cybercriminals seeking financial gain. The group reportedly stole data from nearly a thousand companies, including details from Salesloft and GainSight campaigns. 

This breach mirrors a previous incident in August, where ShinyHunters exploited vulnerabilities in AI marketing chatbot maker Salesloft, compromising numerous customers' Salesforce instances and accessing sensitive information such as access tokens.

In the earlier Salesloft breach, victims included major organizations like Allianz Life, Bugcrowd, Cloudflare, Google, Kering, Proofpoint, Qantas, Stellantis, TransUnion, and Workday. The hackers subsequently launched a website to extort victims, threatening to release over a billion records. Gainsight was among those affected in the Salesloft-linked breaches, but it remains unclear if the latest wave of attacks originated from the same compromise or a separate incident.

Overall, this incident highlights the risks associated with third-party integrations in major cloud platforms and the growing sophistication of financially-motivated cybercriminals targeting customer data through supply chain vulnerabilities. Both Salesforce and Gainsight are continuing their investigations, with cybersecurity teams across affected organizations actively working to assess the extent of the breach and mitigate potential damage.
Read more »
ransomware data leak
Almaviva cyberattack Data Breach FS Italiane Italian IT provider breach Italy railway hack ransomware data leak

Massive Data Breach Hits Italy’s FS Italiane After Cyberattack on IT Provider Almaviva

 

Data belonging to Italy’s state-owned railway operator, the FS Italiane Group, has been exposed after a cybercriminal infiltrated the systems of its IT partner, Almaviva.

The attacker claims to have exfiltrated a massive 2.3 terabytes of information, later publishing the stolen files on a dark web forum. The individual behind the breach alleges that the dump contains confidential records and sensitive corporate material.

Almaviva, a major global IT and digital services company, provides solutions ranging from software development and systems integration to consulting and CRM platforms. According to Andrea Draghetti, Head of Cyber Threat Intelligence at D3Lab, the compromised data appears to be recent and includes documents dating back to the third quarter of 2025. He dismissed speculation that the files originated from the 2022 Hive ransomware incident.

"The threat actor claims the material includes internal shares, multi-company repositories, technical documentation, contracts with public entities, HR archives, accounting data, and even complete datasets from several FS Group companies," Draghetti says.
"The structure of the dump, organized into compressed archives by department/company, is fully consistent with the modus operandi of ransomware groups and data brokers active in 2024–2025," he added.

Almaviva employs more than 41,000 people across nearly 80 global locations and reported $1.4 billion in revenue last year. FS Italiane, entirely owned by the Italian government, is among the nation’s largest industrial enterprises, generating over $18 billion annually through its rail, transport, and logistics services.

Although initial press queries from BleepingComputer went unanswered, Almaviva later confirmed the breach in statements provided to local outlets.

“In recent weeks, the services dedicated to security monitoring identified and subsequently isolated a cyberattack that affected our corporate systems, resulting in the theft of some data,” Almaviva said.

“Almaviva immediately activated security and counter-response procedures through its specialized team for this type of incident, ensuring the protection and full operability of critical services.”

The company added that it has notified relevant authorities, including law enforcement, Italy’s national cybersecurity agency, and the data protection authority. Government bodies are currently assisting with the ongoing investigation.

Almaviva has committed to sharing further updates as more findings become available.

It remains unknown whether any passenger information was included in the stolen data or if the breach has affected additional Almaviva clients. BleepingComputer has sent follow-up questions, but no response had been received as of publication.

In another public communication, Almaviva reiterated that it had isolated the cyberattack, stating that it resulted in “the theft of some data.”

"Almaviva immediately activated safety and response procedures through its specialized team for this type of incident, ensuring the protection and full operation of critical services," the company stated, emphasizing that business continuity plans prevented disruptions to its operations.
Read more »
Third-Party Vulnerabilities
Banking Cyberattack Cyber Intrusion Investigation Data Breach Digital Supply Chain Risk Financial Security Infrastructure Security Mortgage Data Leak Third-Party Vulnerabilities

Growing Concern as Authorities Assess Cyber Incident at Real Estate Finance Firm

 


An extreme cyber intrusion which led to considerable concern among U.S. financial institutions over the weekend has been hailed by leading American banks and mortgage lenders as a major development that must be addressed urgently in order to reduce their exposure to various cyber threats. 

According to a statement issued by StatusAMC Group Holdings, LP on November 12, the back-office software provider for hundreds of mortgage origination, servicing, and payments operations for hundreds of institutions was breached. It was possible for unknown actors to gain access to sensitive client information, including accounting files, legal agreements, and possibly extensive personal data from loan applications, by hacking into their systems. 

However, while the company claims its operations remain fully operational, and that the incident has been contained without using any encryption malware, the extent to which the data was compromised has raised the alarm on Wall Street, since firms such as JPMorgan, Citi, and Morgan Stanley are highly reliant on the vendor's infrastructure for their daily operations. 

The company has been providing clients with near-daily updates while collaborating with federal law enforcement and outside forensic experts to determine exactly what was taken after the millions of records may have been stolen. This reflects a growing sense of unease within an industry where third-party vulnerabilities are posing some of the most significant cyber risks to date. 

New York-based StatusAMC provides mortgage services to more than 1,500 clients across residential and commercial markets. This breach has been discovered by the company on November 12, and it has confirmed that portions of the company's corporate data, including accounting records and legal agreements, have been accessed during this intrusion, which occurred on November 12. 

There are no clear indications as yet as to whether the attackers exfiltrated certain data tied to customers of the company's financial-sector clients, or if they simply viewed that information. However, it acknowledges that data tied to customers of its financial-sector clients may also have been compromised. 

There is no doubt that the company is a major processor of mortgage applications, and they handle highly sensitive personal information, ranging from Social Security numbers to passport information to employment histories. However, after recent reports suggested that certain information related to residential loan files was compromised, further concerns were raised. 

A report by the New York Times reported that JPMorgan Chase, Citi, and Morgan Stanley may have been affected by the breach; JPMorgan said that its own banking systems were not directly compromised, but Citi declined to comment and Morgan Stanley refused to answer questions. It has already been reported that the FBI has opened a probe, and SitusAMC has already begun contacting impacted customers as it continues the investigation. As a result, the federal investigators are now taking an increasingly active role in investigating the breach. 

The FBI announced in a press release that they are working closely with SitusAMC and the affected institutions to determine the full extent of the breach. According to Director Kash Patel, no operational disruptions have yet been identified to banking services. He added that the bureau continues to focus on tracing the perpetrators and strengthening security measures for critical infrastructure systems. 

A longstanding vulnerability in the financial sector despite its reputation for strong cybersecurity defenses has been heightened by the incident, as a result of systemic risks associated with third-party technology providers. Despite being essential to the banking industry, SitusAMC is often overlooked outside of industry circles, and the company receives far less oversight than the major banks it supports, which can lead to the exposure of millions of records. 

As the investigation continues, neither JPMorgan Chase nor Morgan Stanley indicated what they experienced regarding the investigation. Additionally, SitusAMC's chief executive officer, Michael Franco, declined to respond to inquiries regarding the investigation, leaving many questions unanswered. 

Despite the fact that large banks invest hundreds of millions of dollars in cybersecurity each year and are widely regarded as the best-protected institutions in the private sector, experts warn that even though the banking industry is under constant pressure from increasingly sophisticated cyber threats, it is still highly vulnerable to these threats. In spite of the fact that lenders, data processors, and software providers are connected through a dense network of relationships, it is quite possible for those institutions that appear the most secure to introduce weaknesses inadvertently. 

The breach has underscored the fact that deeply embedded vulnerabilities can emerge in the most unexpected places when they are deeply embedded, as Muish Walther-Puri, head of critical digital infrastructure at TPO Group, said. The failure of a single trusted vendor can be very detrimental to the entire financial ecosystem, exposing the "unseen" risks woven into its operations, he added. He emphasized that true resilience cannot just be achieved by internal defenses alone, but also through the collective vigilance of the entire supply chain as well. 

Several industry experts are predicting that as the investigation continues, the incident will serve as a catalyst for deeper scrutiny of digital supply chains as well as a more rigorous oversight of the vendors that power critical financial operations. 

The argument goes that even if banks and lenders have formidable defenses, they still need to set higher security expectations for third parties, demanding a greater level of transparency, continuous monitoring, and greater accountability as part of their security practices. 

Having been exposed to the security breach, many people in the sector have taken note that the development of resilience these days is reliant not only on advanced technology, but also on a shared commitment to safeguard the interconnected systems that are vital to keeping the nation's financial machinery afloat.
Read more »
Synthient
Credential Stuffing Cyber Security Data Breach exposed emails Have I Been Pwned password leak Synthient

Massive Leak Exposes 1.3 Billion Passwords and 2 Billion Emails — Check If Your Credentials Are at Risk

 

If you haven’t recently checked whether your login details are floating around online, now is the time. A staggering 1.3 billion unique passwords and 2 billion unique email addresses have surfaced publicly — and not due to a fresh corporate breach.

Instead, this massive cache was uncovered after threat-intelligence firm Synthient combed through both the open web and the dark web for leaked credentials. You may recognize the company, as they previously discovered 183 million compromised email accounts.

Much of this enormous collection is made up of credential-stuffing lists, which bundle together login details stolen from various older breaches. Cybercriminals typically buy and trade these lists to attempt unauthorized logins across multiple platforms.

This time, Synthient pulled together all 2 billion emails and 1.3 billion passwords, and with help from Troy Hunt and Have I Been Pwned (HIBP), the entire dataset can now be searched so users can determine if their personal information is exposed.

The compilation was created by Synthient founder Benjamin Brundage, who spent months gathering leaked credentials from countless sources across hacker forums and malware dumps. The dataset includes both older breach data and newly stolen information harvested through info-stealing malware, which quietly extracts passwords from infected devices.

According to Troy Hunt, Brundage provided the raw data while Hunt independently verified its authenticity.

To test its validity, Hunt used one of his old email addresses — one he already knew had appeared in past credential lists. As expected, that address and several associated passwords were included in the dataset.

After that, Hunt contacted a group of HIBP subscribers for verification. By choosing some users whose data had never appeared in a breach and others with previously exposed data, he confirmed that the new dataset wasn’t just recycled information — fresh, previously unseen credentials were indeed present.

HIBP has since integrated the exposed passwords into its Pwned Passwords service. Importantly, this database never links email addresses to passwords, maintaining privacy while still allowing users to check if their passwords are compromised.

To see if any of your current passwords have been leaked, visit the Pwned Passwords page and enter them. Your passwords are never sent to a server — the entire check is processed locally in your browser through an anonymity-preserving method.

If any password you use appears in the results, change it immediately. You can rely on a password manager to generate strong replacements, or use free password generators from tools like Bitwarden, LastPass, and ProtonPass.

The single most important cybersecurity rule remains the same: never reuse passwords. When criminals obtain one set of login credentials, they try them across other platforms — an attack method known as credential stuffing. Because so many people still repeat passwords, these attacks remain highly successful.

Make sure every account you own uses a strong, complex, and unique password. Password managers and built-in password generators are the easiest way to handle this.

Even the best password may not protect you if it’s stolen through a breach or malware. That’s why Two-Factor Authentication (2FA) is crucial. With a second verification step — such as an authenticator app or security key — criminals won’t be able to access your account even if they know the password.

You should also safeguard your devices against malware using reputable antivirus tools on Windows, Mac, and Android. Info-stealing malware, often spread through phishing attacks, remains one of the most common ways passwords are siphoned directly from user devices.

If you’re interested in going beyond passwords altogether, consider switching to passkeys. These use cryptographic key pairs rather than passwords, making them unguessable, non-reusable, and resistant to phishing attempts.

Think of your password as the lock on your home’s front door: the stronger it is, the harder it is for intruders to break in. But even with strong habits, your information can still be exposed through breaches outside your control — one reason many experts, including Hunt, see passkeys as the future.

While it’s easy to panic after reading about massive leaks like this, staying consistent with good digital hygiene and regularly checking your exposure will keep you one step ahead of cybercriminals.
Read more »
Ransomware attack
Adidas Data Breach Fulgar H&M RansomHouse Ransomware attack

RansomHouse Ransomware Hits Fulgar, Key Supplier to H&M and Adidas

 

Fulgar, a major supplier of synthetic yarns to global fashion brands such as H&M, Adidas, Wolford, and Calzedonia, has confirmed it suffered a ransomware attack linked to the notorious RansomHouse group. The attack, which was first noted on RansomHouse’s leak site on November 12, involved the publication of encrypted internal data stolen since October 31. 

Screenshots shared on the leak site displayed sensitive company documents, spreadsheets, communications, and financial records—including bank balances, invoices, and exchanges with external parties. These leaks present a significant risk for targeted phishing attacks, as attackers now possess insider information that can be leveraged to deceive staff and partners.

Fulgar, established in the late 1970s, is one of Europe’s largest spinning mills, producing polyamide 66 and covered elastomers used in hosiery, lingerie, activewear, and technical textiles. The company distributes key brands like Lycra and Elaspan and operates across Italy, Sri Lanka, and Turkey. Its client list includes several of the world’s most recognized fashion retailers. The breach highlights how even large suppliers are vulnerable to cyber threats, especially when a single ransomware group gains access to internal systems.

The RansomHouse group, active since 2021, has claimed more than one hundred victims and is known for encrypting data and demanding ransom payments. US cyber authorities have previously connected the group to Iranian affiliates, who provide encryption support in exchange for a share of the ransom proceeds.

In Fulgar’s case, the attackers issued a direct warning to management: “Dear management of Fulgar S.p.A., we are sure that you are not interested in your confidential data being leaked or sold to a third party. We highly advise you to start resolving that situation.” This underscores the urgency for organizations to respond swiftly to ransomware incidents and mitigate potential reputational and financial damage.

The breach is a stark reminder of the cascading risks posed by compromised supplier networks. Sensitive records exposed in such incidents can fuel targeted identity theft and social engineering attacks, increasing threats for employees and business partners. Experts advise that organizations implement robust cybersecurity measures, including the use of strong antivirus software and properly configured firewalls, to reduce the risk of follow-up intrusions. 

However, even with these precautions, leaked internal documents can still be used to craft highly persuasive phishing campaigns, posing broader risks across manufacturing and supply chain sectors. Overall, the Fulgar breach illustrates the escalating sophistication of ransomware attacks and the critical need for vigilance among global suppliers and their clients to protect sensitive data and prevent further compromise.
Read more »
personal data leak
Customer Data Customer Data Exposed Data Breach Data exposed data security leaked sensitive data personal data leak

DoorDash Data Breach Exposes Customer Information in October 2025 Incident

 

DoorDash has informed its customers that the company experienced a security incident in late October, marking yet another breach for the food delivery platform. According to details first reported by BleepingComputer, DoorDash has begun emailing users to disclose that on October 25, 2025, an unauthorized individual infiltrated parts of its internal systems and accessed selected customer contact information. The type of data exposed varied from person to person but involved key personal details. In its notification email, the company confirmed that names, physical addresses, phone numbers, and email addresses were among the information viewed by the intruder. While financial data does not appear to have been compromised, the collection of exposed fields still carries significant risk because such details can easily be reused in phishing, impersonation, and other forms of social engineering attacks. 

DoorDash stated that the root cause of the breach was a social engineering scam targeting an employee, which ultimately allowed the attacker to obtain credentials and slip past internal safeguards. As soon as the company recognized unusual activity, its security team revoked the unauthorized access, launched a broader investigation, and contacted law enforcement to support further review. However, the company did not specify how many individuals may have been affected. What is clear is that the impacted group includes customers, delivery drivers (known as Dashers), and merchants. Considering DoorDash reported roughly 7 million contractors in 2023, nearly 600,000 partner merchants in 2024, and more than 42 million active users, the number of people touched by the incident could be extensive. 

This latest breach adds to a concerning pattern for the company, which was previously affected by two significant incidents in 2019 and 2022. The 2019 attack exposed information belonging to approximately 5 million customers, Dashers, and merchants, while the 2022 event stemmed from the same campaign that targeted communications provider Twilio. These recurring issues highlight how attractive large consumer platforms remain to cybercriminals. 

For users, the most important step after any data exposure is to immediately update account passwords and ensure they are strong, unique, and not reused across services. A password manager can simplify this process and reduce risk over time. Enabling multi-factor authentication on DoorDash and other critical accounts adds an extra security barrier that often stops attackers even if credentials are stolen. Because personal details were accessed, users should stay alert for phishing messages that may imitate DoorDash or reference suspicious orders. These tactics are common after breaches and can easily lure people into clicking harmful links or providing additional sensitive information. 

Customers may also benefit from using reputable identity theft protection services that monitor financial activity and personal data for signs of misuse. While no single step can eliminate the consequences of a breach, proactive monitoring and cautious digital habits can significantly reduce the likelihood of further harm.
Read more »
Tech Firm
Checkout Data Breach Ransomware ShinyHunters Tech Firm

Checkout Refuses ShinyHunters Ransom, Donates Funds to Cybersecurity Research

 

Checkout, a UK-based financial tech firm, recently suffered a data breach orchestrated by the cybercriminal group ShinyHunters, who have demanded a ransom for stolen merchant data. In response, the company announced it would not pay the ransom but instead donate the equivalent amount to Carnegie Mellon University and the University of Oxford Cyber Security Center to fund cybercrime research initiatives.

The breach occurred after ShinyHunters gained unauthorized access to a legacy third-party cloud storage system used by Checkout in 2020 and earlier. This system, which had not been properly decommissioned, contained internal operational documents, onboarding materials, and data from a significant portion of company’s merchant base, including past and current customers. The company estimates that less than 25% of its current merchant base was affected by the incident.

The tech firm provides payment processing services to major global brands such as eBay, Uber Eats, adidas, GE Healthcare, IKEA, Klarna, Pinterest, Alibaba, Shein, Sainsbury’s, Sony, DocuSign, Samsung, and HelloFresh, managing billions in merchandise revenue. The company’s systems include a unified payments API, hosted payment portals, mobile SDKs, and plugins for existing platforms, along with fraud detection, identity verification, and dispute management features.

ShinyHunters is an international threat group known for targeting large organizations, often leveraging phishing, OAuth attacks, and social engineering to infiltrate systems and extort ransom payments. The group has recently exploited the Oracle E-Business Suite zero-day vulnerability (CVE-2025-61884) and carried out attacks on Salesforce and Drift systems affecting multiple organizations earlier in the year.

Despite the pressure to pay a ransom to prevent the leaked data from being published, Checkout has refused and opted for a different strategy. The company will invest in strengthening its own security infrastructure and protecting its customers more effectively in the future. Additionally, the company has committed to supporting academic research in cybersecurity by channeling the intended ransom funds to prestigious universities.

Checkout has not disclosed the identity of the compromised third-party cloud file storage system or the specific breach method. The company continues to work on bolstering its defenses and has emphasized its commitment to transparency and customer protection. This decision sets a notable precedent for organizations facing ransomware demands, highlighting the importance of proactive security investment and responsible action in the face of cyber threats.
Read more »
Nation-State Attack
Chinese Firm Data Breach Data Leak Knownsec Nation-State Attack

Knownsec Breach Exposes Chinese State Cyber Weapons and Global Target List

 

A major data breach at the Chinese security firm Knownsec has exposed more than 12,000 classified documents, providing unprecedented insight into the deep connections between private companies and state-sponsored cyber operations in China. The leaked files reportedly detail a wide array of cyber capabilities, including the use of Remote Access Trojans (RATs) that are capable of infiltrating systems across Windows, Linux, macOS, iOS, and Android platforms.

This breach not only highlights technical vulnerabilities but also reveals how companies like Knownsec can be embedded in national level cyber programs, sometimes carrying out operations on behalf of government agencies. Among the most notable data included in the leak were records stolen from international sources: 95GB of immigration data from India's national databases, 3TB of call logs from South Korea’s LG U Plus, and 459GB of transportation data from Taiwan.

Experts investigating these materials discovered spreadsheets listing 80 foreign targets, including major critical infrastructure and telecommunications enterprises across more than twenty countries and regions, with Japan, Vietnam, India, Indonesia, Nigeria, and the UK among them. The files also described specialized malware for Android—capable of extracting information from popular Chinese messaging apps and Telegram—and referenced the use of hardware-based hacking devices, such as a malicious power bank designed to covertly upload data to victim systems.

Despite efforts to remove the leaked materials from platforms such as GitHub, the contents have already spread among researchers and intelligence circles, offering an unusual glimpse into China’s cyber ecosystem and the scale of its operations. The exposure demonstrates the breadth, organization, and sophistication of these campaigns, suggesting far more coordination between security firms and state entities than previously understood.

In response, Beijing has officially denied any knowledge of a Knownsec breach, reiterating its opposition to cyberattacks but stopping short of disavowing links between the state and private cyber intelligence actors. The researchers emphasize that standard antivirus and firewall protections alone are insufficient against such advanced threats and highlights the need for a multi-layered cyber defense strategy incorporating real-time monitoring, rigorous network segmentation, and AI-driven threat detection to adequately protect organizations from these sophisticated forms of infiltration.
Read more »
Vulnerability Exploit
Clop Group Cybersecurity Breach Data Breach Enterprise security GlobalLogic Incident response Oracle Zero-Day Ransomware attack SQL Threat Intelligence Vulnerability Exploit

GlobalLogic Moves to Protect Workforce After Oracle-related Data Theft

 


A new disclosure that underscores the increasing sophistication of enterprise-level cyberattacks underscores the need to take proactive measures against them. GlobalLogic has begun notifying more than ten thousand of its current and former employees that their personal information was compromised as a result of a security breach connected to an Oracle E-Business Suite zero-day flaw. 

An engineering services firm headquartered in the United States, owned by Hitachi, announced the breach to regulators after determining that an unknown attacker exploited an unpatched vulnerability in the Oracle platform, the core platform used to manage finance, human resources, and operational processes at the company, so that sensitive data belonging to 10,000 employees was stolen. 

The Maine Attorney General's office reported to the Maine State Attorney General that attackers had infiltrated GlobalLogic's environment with an advanced SQL-injection chain mapped to MITRE techniques T1190 and T1040, deploying a persistent backdoor through an Oracle Forms vulnerability, obtaining extensive employee data, including identification, contact information, passport information, tax and salary data, and bank account numbers, as well as extensive employee records. 

The signs of compromise point to a coordinated data-extortion campaign in which privilege-escalation events were used to maintain prolonged access to data. Indicators like malicious IP ranges and rogue domains indicate that the attack was coordinated. In the aftermath of Oracle's security patches being released, GlobalLogic announced that an immediate investigation had been conducted, and the company is now urging the rapid implementation of vendor updates, enhanced logging, and temporary hardening measures in order to mitigate further risk. 

With Hitachi's acquisition of the company in 2021, it has now served more than 600 enterprise clients around the world, and the company has officially reported the breach to California and Maine regulators, who confirmed that more than 10,500 current and former employees' personal information was exposed in the attack. 

During GlobalLogic's investigation, it was discovered that the intrusion was a part of a larger campaign that was coordinated by the Clop ransomware group, which has been exploiting a zero-day flaw in Oracle's E-Business Suite since at least July in order to snare huge amounts of corporate information. There have been reports that several companies have been caught in this wave of attacks, and many are only aware of their compromise after they receive extortion emails from extortionists. Analysts are claiming that dozens of companies have been compromised.

It is reported by GlobalLogic that the company discovered the breach on October 9 but it was later discovered that the attackers gained access to the server on July 10, with the most recent malicious activity occurring on August 20 according to GlobalLogic's filings. Despite the fact that the incident was contained to the Oracle platform, the sheer amount of sensitive and high-level data stolen—from contact information to internal identifiers to passports to tax records to salary information to bank account numbers—does not make it easy for the severity of the attack to be noted. 

A spokesperson for the company said that they immediately activated their incident response protocols, notified the law enforcement, and consulted external forensic experts after the zero-day exploit was discovered (CVE-2025-61882) was discovered, and that Oracle's patch for the vulnerability (CVE-2025-61882) was applied once it was released. 

Security researchers later confirmed that Clop hacked numerous victims over a period of several months by exploiting multiple vulnerabilities within the same platform, demanding ransoms that often reached eight-figure sums. It has been reported that nearly 30 organizations are currently listed on Clop's website after a breach of their systems was discovered last week. If these organizations do not pay the restitution, they will face public exposure. The kind of information exposed in the GlobalLogic breach highlights how sophisticated the attackers were. 

According to the company's disclosure, the stolen data was representative of a wide range of personal information that is typically kept in human resources systems, such as names, home addresses, telephone numbers, addresses for emergency contacts, and identifiers for internal employees.

There were a variety of individuals whose exposure to cyber attacks was far more in-depth and involved email addresses, dates and countries of birth, nationalities, passports, tax and national identification numbers such as Social Security details, salary information, and full banking credentials for their online banking accounts. 

A ransomware group known as Clop has been associated with several high-profile Oracle EBS data theft operations, as well as adding major companies to its Tor-based leak site, including Harvard University, Envoy Air, and The Washington Post, whose stolen data is already available via torrent downloads from a number of sources. Despite the fact that GlobalLogic's information has not yet appeared on the leak portal, security analysts have said that the omission may be indicative of ongoing negotiations, or that a ransom has already been paid by the company. 

The company spokesperson refused to comment on whether any demands were being addressed, but confirmed Clop has publicly claimed responsibility for the breach. Now that the gang is being questioned more closely by the U.S. authorities after previously exploiting Accellion FTA, GoAnywhere MFT, Cleo, and MOVEit Transfer in mass-scale data breaches, they are under greater scrutiny than ever before. 

According to the State Department, there is a reward for intelligence that can be provided tying the group's operations to a foreign government worth up to $10 million. In light of this incident, industry officials are calling for improved patch management, proactive threat hunting, and tighter oversight of third-party platforms supporting critical business operations that are used by critical business units. 

According to GlobalLogic's analyst, the company's experience shows just how quickly a single vulnerability can lead to widespread damage when exploited by highly coordinated ransomware groups, particularly if the vulnerability has not yet been patched. 

Despite continuing to investigate Clop's broader campaign, experts urge organizations to adopt continuous monitoring, strengthen vendor risk controls, and prepare for the likelihood that they will be the victim of future zero day exploits in the following years, as the modern enterprise threat landscape is now characterized by zero-day threats.
Read more »
privacy protection
Automotive Cyberattack Connected Car Security Cybersecurity Breach Data Breach Data Exposure Digital threats Hyundai AutoEver identity theft risk personal data safety privacy protection

Hyundai Faces Security Incident With Potential Data Exposure

 


In the past few months, Hyundai AutoEver America, a division of Hyundai Motor Group, has confirmed a recent data breach that exposed sensitive personal information after hackers infiltrated its internal IT environment earlier this year, revealing a recent data breach. 

A company spokesperson told me that unauthorized access to the company's computer systems began on February 22, 2025 and went undetected until March 2, giving intruders nine days to access confidential data. 

The early breach notices didn't specify how many people were affected, but according to state regulatory disclosures as well as a subsequent statement issued to Kelley Blue Book, approximately 2,000 people—out of the over 2.7 million users HAEA serves across Hyundai, Kia, and Genesis platforms—were impacted. There have been a number of compromises of the data, including names, Social Security numbers, and driving license information. 

In response to the suspicious activity, HAEA contacted an external cybersecurity expert who conducted an investigation, contained the intrusion, and informed law enforcement. As officials continue to assess the full scope of the incident, officials have begun issuing formal notices to those whose information was possibly exposed. 

It was only in the months that followed that it became increasingly clearer and more troubling just what the breach's consequences and the broader risks associated with connected vehicles were in the future. Even though Hyundai AutoEver America eventually acknowledged that the incident could have affected as many as 2.7 million Hyundai, Kia, and Genesis owners, internal assessments and state filings later narrowed the directly affected group to merely 2,000 individuals, yet the sensitive nature of the data involved makes even this smaller number quite significant. 

A nine-day intrusion that took place between February 22 and March 2, 2025, revealed the names, addresses, phone numbers, driver’s license numbers, and Social Security numbers of several automobile manufacturers, revealing to intruders a full range of data and details that underpinned core digital services across the automaker’s brands during that period. 

Among privacy experts, there is no doubt that what has caused concern is not just the scope of information but also that it has taken seven months for customers to be informed about the incident, a timeframe that gave the possibility for stolen identities to be misused or combined with other data circulating from other breaches.

Hyundai is also experiencing a growing pattern of security breaches since 2023, which reinforces concerns that these are not isolated incidents but rather signs of deeper structural problems. As the episode illustrates, modern cars—once purely mechanical devices—now act as sophisticated data hubs, collecting everything from passengers’ financial details to route histories, biometric inputs, driving behaviour, and even information synced from their mobile devices, which is not visible to the driver. 

Manufacturers are expanding their digital ecosystems and the breach has raised questions about the industry's ability to safeguard the vast and intimate data it collects on a regular basis. Immediately following the intrusion, Hyundai AutoEver America made an effort to reassure its customers by offering two years of complimentary identity theft and credit monitoring services through Epiq as a gesture of goodwill.

In spite of this, security analysts note that such measures are rarely sufficient to relieve customers after sensitive information has been stolen. Additionally, Hyundai Motor Europe’s disclosure also brought back memories of a similar experience it suffered just a year earlier when it was attacked by a ransomware gang called Black Basta, which claimed to have taken over 3TB of internal files before appearing dormant in early 2025, when the company lost control of its operations. 

All in all, these incidents emphasize one more uncomfortable reality: automakers now harvest and manage far greater amounts of personal information than most drivers are aware of. Besides the information required for financing or registration of vehicles, companies routinely collect (and in some cases monetize) data regarding the locations of their customers, their driving habits, the biometric patterns they use, and even behavioral patterns that can help them infer consumers' preferences with a remarkable degree of accuracy. 

Following a complaint made by General Motors that it had shared driver data with third-parties to the point of being able to obtain their information from them, the Federal Trade Commission issued a five-year ban on the practice. In July, a U.S. Senate inquiry raised concerns about other manufacturers continuing the same data-sharing practices. 

The HAEA notified the California Attorney General of the incident by notifying them that they had enlisted cybersecurity experts to determine the scope of the breach and confirm that the intrusion had been contained, even though investigators were unable to determine if the information was exfiltrated. Those affected customers have been given 90 days to enroll in monitoring services, and a hotline has also been established to assist customers. 

As Hyundai AutoEver asserts, only a small number of users have been directly impacted by this incident, but the incident has ignited a wider industry debate over precisely how well automakers secure the ever-increasing amount of personal data embedded in most connected vehicles today. After Hyundai AutoEver America found out that a wide range of sensitive data points had been exposed as part of this breach, including a number of customer names, government-issued identification numbers, and passwords, it confirmed that the investigation of the technical footprint was continuing. 

Among the records that were compromised, according to notification letters sent to the individuals affected, were Social Security numbers and driver's license information, with each recipient receiving a customized breakdown of which data elements applied to them in the initial notification. In order to conduct the analysis in a comprehensive way, extensive forensic work and collaboration with external cybersecurity specialists were necessary. 

These specialists helped Hyundai AutoEver reconstruct the intrusion, assess database exposure, and determine which users needed formal notification. Hyundai AutoEver said it immediately terminated the intruder's access and implemented additional safeguards and was continuing to implement a comprehensive remediation program that was intended to prevent similar incidents in the future. 

Consequently, Epiq Privacy Solutions has been contacted by the company to offer complimentary two-year credit monitoring and identity protection services to impacted customers, which will include three-bureau monitoring and fraud detection tools, as well as a 90-day enrollment period. It should be noted that these protections are only a layer of protection, however, according to security experts. 

As a precautionary measure, they advise their customers to review financial statements, to check their credit reports, and to place fraud alerts or credit freezes with the major credit bureaus to reduce the risk of unauthorized account openings. 

In addition, this incident has brought about renewed discussions about digital hygiene for vehicle owners, ranging from updating passwords and enabling multifactor authentication on connected car applications to avoiding stored payment information in the infotainment system.

There are a number of cybercrime analysts who note that incidents of this nature often open the door to secondary scams, as cybercriminals impersonate automakers' support teams in order to steal more personal information from car owners through pages pretending to be account verifications and security updates. 

These developments have been identified by industry observers as part of a dramatic shift in the way in which cars now collect far more information than most drivers are aware of. These include location histories, biometric identifiers, behavioral patterns, and synced mobile data, to name a few. 

The results of this study indicate that consumers should adopt strong cybersecurity practices, including using reputable antivirus software, staying current on device updates, and thinking about data-removal solutions that will reduce exposure to data-broker websites as a result of data misuse. Several automakers have been affected by this new trend; the Federal Trade Commission imposed a five-year ban on General Motors' ability to sell data on drivers earlier this year. 

Additionally, a Senate investigation has raised concerns about similar practices in other automakers, including Hyundai, as well. In spite of Hyundai AutoEver's assertion that only a relatively small number of its customers were directly affected by this breach, the incident has brought to light questions about the effectiveness with which carmakers are safeguarding the growing amounts of data embedded in connected cars, as well as what consumers should do in the rapidly growing digital world in order to protect themselves from the threat of fraud. 

It is clear from the Hyundai AutoEver breach that the automobile industry needs to rethink how it approaches data security in an increasingly interconnected digital age, where vehicles become increasingly interconnected digital ecosystems. It is important to note that meaningful protection depends both on stronger corporate safeguards as well as on proactive vigilance on the part of drivers in light of increased regulatory oversight and consumers' increasing awareness of how their information is being used.

It is vital that consumers play an important role in reducing future risks by practicing stricter digital hygiene, minimizing unnecessary data sharing, and demanding that automakers communicate their information more clearly, in order to ensure that the convenience of connected cars does not come at the expense of their individual privacy rights.
Read more »
Ransomware
Account security British transport Data Breach MFA Passwords Ransomware

When Weak Passwords Open The Door: Major Breaches That Began With Simple Logins

 



Cybersecurity incidents are often associated with sophisticated exploits, but many of the most damaging breaches across public institutions, private companies and individual accounts have originated from something far more basic: predictable passwords and neglected account controls. A review of several high-profile cases shows how easily attackers can bypass defences when organisations rely on outdated credentials, skip essential updates or fail to enforce multi-factor authentication.

One example resurfaced when an older assessment revealed that the server used to manage surveillance cameras at a prominent European museum operated with a password identical to the institution’s name. The report, which stresses on configuration weaknesses and poor access safeguards, has drawn renewed attention following recent thefts from the museum’s collection. The outdated credential underlined how critical systems often remain vulnerable because maintenance and password policies fall behind operational needs.

A similar pattern was seen in May 2021 when a major fuel pipeline in the United States halted operations after attackers used a compromised login associated with an inactive remote-access account. The credential was not protected by secondary verification, allowing the intruders to infiltrate the network. The temporary shutdown triggered widespread disruption, and the operator ultimately paid a substantial ransom before systems could be restored. Investigators later recovered part of the payment, but the event demonstrated how a single unsecured account can affect national infrastructure.

In the corporate sector, a British transport company with more than a century of operations collapsed after a ransomware group accessed its internal environment by correctly guessing an employee’s password. Once inside, the attackers encrypted operational data and locked critical systems, demanding a ransom the firm could not pay. With its files unrecoverable, the company ceased trading and hundreds of employees lost their jobs. The case illustrated how small oversights in password hygiene can destabilise even long-established businesses.

Weak or unchanged default codes have also enabled intrusions into personal communications. Years-long investigations into unlawful phone-hacking in the United Kingdom revealed that some voicemail systems were protected by factory-set PINs or extremely simple numerical combinations. These lax protections enabled unauthorized access to private messages belonging to public figures, eventually triggering criminal proceedings, regulatory inquiries and the shutdown of a national newspaper.

Historical oversight is not limited to consumer systems. Former personnel who worked with early nuclear command procedures in the United States have described past practices in which launch mechanisms relied on extremely simple numeric sequences. Although additional procedural safeguards existed, later reforms strengthened the technical requirements to ensure that no single point of failure or simplistic code could enable unauthorized action.

More recently, a national elections authority in the United Kingdom was reprimanded after attackers accessed servers containing voter registration data between 2021 and 2022. Regulators found that essential patches had not been applied and that many internal accounts continued to use passwords similar to those originally assigned at setup. By impersonating legitimate users, intruders were able to penetrate the system, though no evidence indicated that the data was subsequently misused.

These incidents reinforce a consistent conclusion. Passwords remain central to digital security, and organisations that fail to enforce strong credential policies, update software and enable multi-factor authentication expose themselves to avoidable breaches. Even basic improvements in password complexity and account management can prevent the kinds of failures that have repeatedly resulted in financial losses, service outages and large-scale investigations.


Read more »
Subscribe to: Comments (Atom)