Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Data Leak. Show all posts
data security
Chinese Chinese Hackers Cyber Security Data Breaches Data Leak Data protection data security

Knownsec Data Leak Exposes Deep Cyber Links and Global Targeting Operations

 

A recent leak involving Chinese cybersecurity company Knownsec has uncovered more than 12,000 internal documents, offering an unusually detailed picture of how deeply a private firm can be intertwined with state-linked cyber activities. The incident has raised widespread concern among researchers, as the exposed files reportedly include information on internal artificial intelligence tools, sophisticated cyber capabilities, and extensive international targeting efforts. Although the materials were quickly removed after surfacing briefly on GitHub, they have already circulated across the global security community, enabling analysts to examine the scale and structure of the operations. 

The leaked data appears to illustrate connections between Knownsec and several government-aligned entities, giving researchers insight into China’s broader cyber ecosystem. According to those reviewing the documents, the files map out international targets across more than twenty countries and regions, including India, Japan, Vietnam, Indonesia, Nigeria, and the United Kingdom. Of particular concern are spreadsheets that allegedly outline attacks on around 80 foreign organizations, including critical infrastructure providers and major telecommunications companies. These insights suggest activity far more coordinated than previously understood, highlighting the growing sophistication of state-associated cyber programs. 

Among the most significant revelations is the volume of foreign data reportedly linked to prior breaches. Files attributed to the leaks include approximately 95GB of immigration information from India, 3TB of call logs taken from South Korea’s LG U Plus, and nearly 459GB of transportation records from Taiwan. Researchers also identified multiple Remote Access Trojans capable of infiltrating Windows, Linux, macOS, iOS, and Android systems. Android-based malware found in the leaked content reportedly has functionality allowing data extraction from widely used Chinese messaging applications and Telegram, further emphasizing the operational depth of the tools. 

The documents also reference hardware-based hacking devices, including a malicious power bank engineered to clandestinely upload data into a victim’s system once connected. Such devices demonstrate that offensive cyber operations may extend beyond software to include physical infiltration tools designed for discreet, targeted attacks. Security analysts reviewing the information suggest that these capabilities indicate a more expansive and organized program than earlier assessments had captured. 

Beijing has denied awareness of any breach involving Knownsec. A Foreign Ministry spokesperson reiterated that China opposes malicious cyber activities and enforces relevant laws, though the official statement did not directly address the alleged connections between the state and companies involved in intelligence-oriented work. While the government’s response distances itself from the incident, analysts note that the leaked documents will likely renew debates about the role of private firms in national cyber strategies. 

Experts warn that traditional cybersecurity measures—including antivirus software and firewall defenses—are insufficient against the type of advanced tools referenced in the leak. Instead, organizations are encouraged to adopt more comprehensive protection strategies, such as real-time monitoring systems, strict network segmentation, and the responsible integration of AI-driven threat detection. 

The Knownsec incident underscores that as adversaries continue to refine their methods, defensive systems must evolve accordingly to prevent large-scale breaches and safeguard sensitive data.
Read more »
User Privacy
Data Breach Data Leak Hyundai AutoEver America IT Firm User Privacy

Hyundai AutoEver America Breach Exposes Employee SSNs and Driver’s License Data

 

Hyundai AutoEver America (HAEA), an IT services affiliate of Hyundai Motor Group, has confirmed a data breach that compromised sensitive personal information, including Social Security Numbers (SSNs) and driver’s licenses, of approximately 2,000 individuals, mostly current and former employees. The breach occurred between February 22 and March 2, 2025, with the company discovering the intrusion and launching an investigation on March 1.

HAEA specializes in providing IT consulting, managed services, and digital solutions for Hyundai and Kia affiliates, covering vehicle telematics, over-the-air updates, vehicle connectivity, and embedded systems, as well as business systems and digital manufacturing platforms. The company’s IT environment supports 2 million users and 2.7 million vehicles, with a workforce of 5,000 employees.

The notification to affected individuals revealed that the breach exposed names, while the Massachusetts government portal listed additional information such as SSNs and driver’s licenses. It is still unclear whether customers or users were affected besides employees, and the exact breakdown of impacted groups remains unspecified. The company worked with external cybersecurity experts and law enforcement to investigate the incident, confirm containment, and identify the potentially affected data.

At the time of the report, no ransomware groups had claimed responsibility for the attack, and the perpetrators are unknown. This incident adds to a series of cybersecurity challenges faced by Hyundai and its affiliates in recent years, including previous ransomware attacks and data breaches affecting operations in Europe and exposing owner data in Italy and France. 

Additionally, security researchers previously identified significant privacy and security issues with Hyundai’s companion app, which allowed unauthorized remote control of vehicles, and vulnerabilities in built-in anti-theft systems.

HAEA has not yet released a full public statement with details about the breach, mitigation steps, or future security improvements. The limited information available highlights the need for robust security protocols, especially for organizations handling large volumes of sensitive personal and automotive data. The breach serves as a reminder of the ongoing risks facing major automotive and IT service providers amid the growing threat landscape for digital infrastructure.
Read more »
Zero Trust
Credential Stuffing Cybersecurity Breach Data Leak Digital Risk Malware Logs Password Security Privacy Stolen Credentials Threat Intelligence Zero Trust

Digital Security Threat Escalates with Exposure of 1.3 Billion Passwords


 

One of the starkest reminders of just how easily and widely digital risks can spread is the discovery of an extensive cache of exposed credentials, underscoring the persistent dangers associated with password reuse and the many breaches that go unnoticed by the public. Having recently clarified the false claims of a large-scale Gmail compromise in the wake of Google’s recent clarification, the cybersecurity community is once again faced with vast, attention-grabbing figures which are likely to create another round of confusion. 

Approximately 2 billion emails were included in the newly discovered dataset, along with 1.3 billion unique passwords that were found in the dataset, and 625 million of them were not previously reported to the public breach repository. It has been emphasised that Troy Hunt, the founder of Have I Been Pwned, should not use sensationalism when discussing this discovery, as he stresses the importance of the disclosure. 

It is important to note that Hunt noted that he dislikes hyperbolic news headlines about data breaches, but he stressed that in this case, it does not require exaggeration since the data speaks for itself. Initially, the Synthient dataset was interpreted as a breach of Gmail before it was clarified to reveal that it was actually a comprehensive collection gathered from stealer logs and multiple past breaches spanning over 32 million unique email domains, and that it was a comprehensive collection. 

There's no wonder why Gmail appears more often than other email providers, as it is the world's largest email service provider. The collection, rather than a single event, represents a very extensive collection of compromised email and password pairs, which is exactly the kind of material that is used to generate credential-stuffing attacks, where criminals use recycled passwords to automate attempts to access their banking, shopping, and other online accounts. 

In addition to highlighting the dangers associated with unpublicized or smaller breaches, this new discovery also underscores the danger that even high-profile breaches can pose when billions of exposed credentials are quietly redirected to attackers. This newly discovered cache is not simply the result of a single hack, but is the result of a massive aggregation of credentials gathered from earlier attacks, as well as malware information thieves' logs, which makes credential-based attacks much more effective.

A threat actor who exploits reused passwords will have the ability to move laterally between personal and corporate services, often turning a compromised login into an entry point into an increasingly extensive network. A growing number organisations are still dependent on password-only authentication, which poses a high risk to businesses due to the fact that exposed credentials make it much easier for attackers to target business systems, cloud platforms, and administrative accounts more effectively. 

The experts emphasised the importance of adopting stronger access controls as soon as possible, including the generation of unique passwords by trusted managers, the implementation of universal two-factor authentication, and internal checks to identify credentials which have been reused or have previously been compromised. 

For attackers to be able to weaponise these massive datasets, enterprises must also enforce zero-trust principles, implement least-privilege access, and deploy automated defences against credential-stuffing attempts. When a single email account is compromised, it can easily cascade into financial, cloud or corporate security breaches as email serves as the central hub for recovering accounts and accessing linked services. 

Since billions of credentials are being circulated, it is clear that both individuals and businesses need to take a proactive approach to authentication, modernise security architecture, and treat every login as if it were a potential entry point for attackers. This dataset is also notable for its sheer magnitude, representing the largest collection of data Have I Been Pwned has ever taken on, nearly triple the volume of its previous collection.

As compiled by Synthient, a cybercriminal threat intelligence initiative run by a college student, the collection is drawn from numerous sources where stolen credentials are frequently published by cybercriminals. There are two highly volatile types of compromised data in this program: stealer logs gathered from malware on infected computers and large credential-stuffing lists compiled from earlier breaches, which are then combined, repackaged and traded repeatedly over the underground networks. 

In order to process the material, HIBP had to use its Azure SQL Hyperscale environment at full capacity for almost two weeks, running 80 processing cores at full capacity. The integration effort was extremely challenging, as Troy Hunt described it as requiring extensive database optimisation to integrate the new records into a repository containing more than 15 billion credentials while maintaining uninterrupted service for millions of people every day.

In the current era of billions of credential pairs being circulated freely between attackers, researchers are warning that passwords alone do not provide much protection any more than they once did. One of the most striking results of this study was that of HIBP’s 5.9 million subscribers, or those who actively monitor their exposure, nearly 2.9 million appeared in the latest compilation of HIBP credentials. This underscores the widespread impact of credential-stuffing troves. The consequences are especially severe for the healthcare industry. 

As IBM's 2025 Cost of a Data Breach Report indicates, the average financial impact of a healthcare breach has increased to $7.42 million, and a successful credential attack on a medical employee may allow threat actors to access electronic health records, patient information, and systems containing protected health information with consequences that go far beyond financial loss and may have negative economic consequences as well.

There is a growing concern about the threat of credential exposure outpacing traditional security measures, so this study serves as a decisive reminder to modernise digital defences before attackers exploit these growing vulnerabilities. Organisations should be pushing for passwordless authentication, continuous monitoring, and adaptive risk-based access, while individuals should take a proactive approach to maintaining their credentials as an essential rather than an optional task. 

Ultimately, one thing is clear: in a world where billions of credentials circulate unchecked, the key to resilience is to anticipate breaches by strengthening the architecture, optimising the authentication process and maintaining security awareness instead of reacting to them after a breach takes place.
Read more »
Ransomware attack
AlphV Group Australian Government cyber resilience Cybersecurity Breach Data Breach Data Leak Data protection Digital Security Law Firm Hack Ransomware attack

WA Law Firm Faces Cybersecurity Breach Following Ransomware Reports

 


It seems that Western Australia's legal sector and government sectors are experiencing ripples right now following reports that the Russian ransomware group AlphV has successfully hacked the prominent national law firm HWL Ebsworth and extracted a ransom payment from the firm. This has sent shockwaves through the legal and government sectors across Western Australia. 

It has raised serious concerns since May, when the first hints about the breach came to light, concerning the risk of revealing sensitive information, such as information pertaining to over 300 motor vehicle insurance claims filed with the Insurance Commission of Western Australia. In a statement released by the ABC on Monday, the ABC has confirmed that HWL Ebsworth data that was held by the company on behalf of WA government entities may have been compromised after a cybercriminal syndicate claimed to have published a vast repository of the firm’s files earlier this month on the dark web. 

Although the full extent of the breach is unclear, investigations are currently underway to determine how large the data exposure is and what the potential consequences are. It has been reported that an ICWA spokesperson acknowledged in an official statement that there has been an impact on the Commission, which is responsible for providing insurance coverage for all vehicles registered in Western Australia as well as overseeing the government's self-insurance programs for property, workers' compensation, and liability. 

Although the agency indicated that the extent of any data compromise cannot yet be verified because of ongoing investigation restrictions, the agency noted that it cannot verify the extent of any data compromise at the moment. A spokesperson from the Insurance Commission said, “The details of the data that has been accessed are not yet known, but this is part of a live investigation that we are actively supporting. It is important to note that this situation is extremely serious and that the information that may be compromised is sensitive.

Anubis, a ransomware group that was a part of the law firm that has been involved in the cyberattack, escalated the cyberattack by releasing a trove of sensitive information belonging to one of the firm's clients, which caused the cyberattack to take an alarming turn. The leaked material was reportedly containing confidential business correspondence, financial records, and deeply personal correspondence. 

An extensive collection of data was exposed, including screenshots of text messages sent and received by the client and family members, emails, and even Facebook posts - all of which revealed intimate details about private family disputes that surrounded the client. Anubis stated, in its statement on the dark web, that the cache contained “financial information, correspondence, personal messages, and other details of family relationships.” 

Despite this, the company highlighted the possibility of emotional and reputational damage as a result of such exposure. It was pointed out by the group that families already going through difficult circumstances like divorce, adoption, or child custody battles were now going to experience additional stress due to their private matters being made public, even though the full scope of the breach remains unclear, and the ransomware operators have yet to provide a specific ransom amount, making it difficult to speculate about the intentions of the attackers. 

Cyber Daily contacted Paterson & Dowding in response to inquiries it received, and a spokesperson confirmed that there had been unauthorized access to data and exfiltration by the firm. “Our team immediately acted upon becoming aware of unusual activity on our system as soon as we became aware of it, engaging external experts to deal with the incident, and launching an urgent investigation as soon as possible,” said the spokesperson. 

There is no doubt in the minds of the firm that a limited number of personal information had been accessed, but the threat actors had already published a portion of the data online. In addition to notifying affected clients and employees, Paterson & Dowding is coordinating with regulatory bodies, including the Australian Cyber Security Centre and the Office of the Information Commissioner, about the incident.

A representative of the company stated that he regretted the distress the firm had caused as a result of the breach of confidentiality and compliance. Meanwhile, an individual identifying himself as Tobias Keller - a self-proclaimed "journalist" and representative of Anubis - told Cyber Daily that Paterson & Dowding was one of four Australian law firms targeted by a larger cyber campaign, which included Pound Road Medical Center and Aussie Fluid Power, among others. 

While the HWL Ebsworth cyberattack is still unfolding, it has raised increasing concern from the federal and state government authorities as the investigation continues. In addition to providing independent legal services to the Insurance Commission of Western Australia (ICWA), the firm also reviews its systems in order to determine if any client information has been compromised. In this position, one of 15 legal partners serves the Insurance Commission of Western Australia (ICWA). 

A representative of ICWA confirmed that the firm is currently assessing the affected data in order to clarify the situation for impacted parties. However, a court order in New South Wales prohibiting the agency from accessing the leaked files has hampered its own ability to verify possible data loss. 

As ICWA's Chief Executive Officer Rod Whithear acknowledged the Commission's growing concerns, he stated that a consent framework for limited access to the information is being developed as a result of a consent framework being developed. Currently, the Insurance Commission is implementing a consent regime that will allow them to assess whether data has been exfiltrated and if so, will be able to assess the exfiltrated information." He assured that the Commission remains committed to supporting any claimant impacted by the breach. 

In addition to its involvement in insurance-related matters, HWL Ebsworth has established an extensive professional relationship with multiple departments of the State government of Washington. According to the firm's public transportation radio network replacement program, between 2017 and 2020, it was expected that it would receive approximately $280,000 for its role in providing legal advice to the state regarding its replacement of public transport radio networks, a project which would initially involve a $200 million contract with Huawei, the Chinese technology giant. 

A $6.6 million settlement with Huawei and its partner firm was reached in 2020 after U.S. trade restrictions rendered the project unviable, ultimately resulting in Huawei and its partner firm being fined $6.6 million. Aside from legal representation for public housing initiatives and Government Employees Superannuation Board, HWL Ebsworth has provided legal representation for the Government Employees Superannuation Board as well. 

In light of the breach, the state government has clarified, apart from the ICWA, that no other agencies seem to have been directly affected as a result. A significant vulnerability has been highlighted by this incident in the intersection of government operations with private legal service providers, but the incident has also highlighted broader issues related to cyber security. 

Addressing the broader impacts of the attack will also be in the hands of the new Cyber Security Coordinator, Air Marshal Darren Goldie, who was appointed in order to strengthen the national cyber resilience program. The Minister of Home Affairs, Clare O'Neill, has described the breach as one of the biggest cyber incidents Australia has experienced in recent years, placing it alongside a number of major cases such as Latitude, Optus, and Medibank. 

The Australian Federal Police and Victorian Police, working together with the Australian Cyber Security Centre, continue to investigate the root cause and impact of the attack. A number of cyber incidents are unfolding throughout Australia, which serves to serve as an alarming reminder of how fragile digital trust is becoming within the legal and governmental ecosystems of the country. Experts say that while authorities are intensifying their efforts to locate the perpetrators and strengthen defenses, the breach underscores the urgent need for stronger cybersecurity governance among third parties and law firms involved in the handling of sensitive data. 

The monitoring of threats, employee awareness, and robust data protection frameworks, the nation's foremost challenge is now to rebuild trust in institutions and information integrity, beyond just restoring the systems. Beyond just restoring systems, rebuilding confidence in institutions and information integrity are the most urgent tasks facing us today.
Read more »
Hacker attack
Cyberattaccks Data Breach Data Leak Data protection Data Safety User Data data security Hacker attack

Hacker Claims Responsibility for University of Pennsylvania Breach Exposing 1.2 Million Donor Records

 

A hacker has taken responsibility for the University of Pennsylvania’s recent “We got hacked” email incident, claiming the breach was far more extensive than initially reported. The attacker alleges that data on approximately 1.2 million donors, students, and alumni was exposed, along with internal documents from multiple university systems. The cyberattack surfaced last Friday when Penn alumni and students received inflammatory emails from legitimate Penn.edu addresses, which the university initially dismissed as “fraudulent and obviously fake.”  

According to the hacker, their group gained full access to a Penn employee’s PennKey single sign-on (SSO) credentials, allowing them to infiltrate critical systems such as the university’s VPN, Salesforce Marketing Cloud, SAP business intelligence platform, SharePoint, and Qlik analytics. The attackers claim to have exfiltrated sensitive personal data, including names, contact information, birth dates, estimated net worth, donation records, and demographic details such as religion, race, and sexual orientation. Screenshots and data samples shared with cybersecurity publication BleepingComputer appeared to confirm the hackers’ access to these systems.  

The hacker stated that the breach began on October 30th and that data extraction was completed by October 31st, after which the compromised credentials were revoked. In retaliation, the group allegedly used remaining access to the Salesforce Marketing Cloud to send the offensive emails to roughly 700,000 recipients. When asked about the method used to obtain the credentials, the hacker declined to specify but attributed the breach to weak security practices at the university. Following the intrusion, the hacker reportedly published a 1.7 GB archive containing spreadsheets, donor-related materials, and files allegedly sourced from Penn’s SharePoint and Box systems. 

The attacker told BleepingComputer that their motive was not political but financial, driven primarily by access to the university’s donor database. “We’re not politically motivated,” the hacker said. “The main goal was their vast, wonderfully wealthy donor database.” They added that they were not seeking ransom, claiming, “We don’t think they’d pay, and we can extract plenty of value out of the data ourselves.” Although the full donor database has not yet been released, the hacker warned it could be leaked in the coming months. 

In response, the University of Pennsylvania stated that it is investigating the incident and has referred the matter to the FBI. “We understand and share our community’s concerns and have reported this to the FBI,” a Penn spokesperson confirmed. “We are working with law enforcement as well as third-party technical experts to address this as rapidly as possible.” Experts warn that donors and affiliates affected by the breach should remain alert to potential phishing attempts and impersonation scams. 

With detailed personal and financial data now at risk, attackers could exploit the information to send fraudulent donation requests or gain access to victims’ online accounts. Recipients of any suspicious communications related to donations or university correspondence are advised to verify messages directly with Penn before responding. 

 The University of Pennsylvania breach highlights the growing risks faced by educational institutions holding vast amounts of personal and donor data, emphasizing the urgent need for robust access controls and system monitoring to prevent future compromises.
Read more »
Personal Data
cybersecurity threat Data Breach Data Leak Data protection data security Defence Ministry Personal Data

Afghans Report Killings After British Ministry of Defence Data Leak

 

Dozens of Afghans whose personal information was exposed in a British Ministry of Defence (MoD) data breach have reported that their relatives or colleagues were killed because of the leak, according to new research submitted to a UK parliamentary inquiry. The breach, which occurred in February 2022, revealed the identities of nearly 19,000 Afghans who had worked with the UK government during the war in Afghanistan. It happened just six months after the Taliban regained control of Kabul, leaving many of those listed in grave danger. 

The study, conducted by Refugee Legal Support in partnership with Lancaster University and the University of York, surveyed 350 individuals affected by the breach. Of those, 231 said the MoD had directly informed them that their data had been compromised. Nearly 50 respondents said their family members or colleagues were killed as a result, while over 40 percent reported receiving death threats. At least half said their relatives or friends had been targeted by the Taliban following the exposure of their details. 

One participant, a former Afghan special forces member, described how his family suffered extreme violence after the leak. “My father was brutally beaten until his toenails were torn off, and my parents remain under constant threat,” he said, adding that his family continues to face harassment and repeated house searches. Others criticized the British government for waiting too long to alert them, saying the delay had endangered lives unnecessarily.  

According to several accounts, while the MoD discovered the breach in 2023, many affected Afghans were only notified in mid-2025. “Waiting nearly two years to learn that our personal data was exposed placed many of us in serious jeopardy,” said a former Afghan National Army officer still living in Afghanistan. “If we had been told sooner, we could have taken steps to protect our families.”  

Olivia Clark, Executive Director of Refugee Legal Support, said the findings revealed the “devastating human consequences” of the government’s failure to protect sensitive information. “Afghans who risked their lives working alongside British forces have faced renewed threats, violent assaults, and even killings of their loved ones after their identities were exposed,” she said. 

Clark added that only a small portion of those affected have been offered relocation to the UK. The government estimates that more than 7,300 Afghans qualify for resettlement under a program launched in 2024 to assist those placed at risk by the data breach. However, rights organizations say the scheme has been too slow and insufficient compared to the magnitude of the crisis.

The breach has raised significant concerns about how the UK manages sensitive defense data and its responsibilities toward Afghans who supported British missions. For many of those affected, the consequences of the exposure remain deeply personal and ongoing, with families still living under threat while waiting for promised protection or safe passage to the UK.
Read more »
Password
Credentials Data Breach Data Leak Gmail Google Infostealer Password

Gmail Credentials Appear in Massive 183 Million Infostealer Data Leak, but Google Confirms No New Breach




A vast cache of 183 million email addresses and passwords has surfaced in the Have I Been Pwned (HIBP) database, raising concern among Gmail users and prompting Google to issue an official clarification. The newly indexed dataset stems from infostealer malware logs and credential-stuffing lists collected over time, rather than a fresh attack targeting Gmail or any other single provider.


The Origin of the Dataset

The large collection, analyzed by HIBP founder Troy Hunt, contains records captured by infostealer malware that had been active for nearly a year. The data, supplied by Synthient, amounted to roughly 3.5 terabytes, comprising nearly 23 billion rows of stolen information. Each entry typically includes a website name, an email address, and its corresponding password, exposing a wide range of online accounts across various platforms.

Synthient’s Benjamin Brundage explained that this compilation was drawn from continuous monitoring of underground marketplaces and malware operations. The dataset, referred to as the “Synthient threat data,” was later forwarded to HIBP for indexing and public awareness.


How Much of the Data Is New

Upon analysis, Hunt discovered that most of the credentials had appeared in previous breaches. Out of a 94,000-record sample, about 92 percent matched older data, while approximately 8 percent represented new and unseen credentials. This translates to over 16 million previously unrecorded email addresses, fresh data that had not been part of any known breaches or stealer logs before.

To test authenticity, Hunt contacted several users whose credentials appeared in the sample. One respondent verified that the password listed alongside their Gmail address was indeed correct, confirming that the dataset contained legitimate credentials rather than fabricated or corrupted data.


Gmail Accounts Included, but No Evidence of a Gmail Hack

The inclusion of Gmail addresses led some reports to suggest that Gmail itself had been breached. However, Google has publicly refuted these claims, stating that no new compromise has taken place. According to Google, the reports stem from a misunderstanding of how infostealer databases operate, they simply aggregate previously stolen credentials from different malware incidents, not from a new intrusion into Gmail systems.

Google emphasized that Gmail’s security systems remain robust and that users are protected through ongoing monitoring and proactive account protection measures. The company said it routinely detects large credential dumps and initiates password resets to protect affected accounts.

In a statement, Google advised users to adopt stronger account protection measures: “Reports of a Gmail breach are false. Infostealer databases gather credentials from across the web, not from a targeted Gmail attack. Users can enhance their safety by enabling two-step verification and adopting passkeys as a secure alternative to passwords.”


What Users Should Do

Experts recommend that individuals check their accounts on Have I Been Pwned to determine whether their credentials appear in this dataset. Users are also advised to enable multi-factor authentication, switch to passkeys, and avoid reusing passwords across multiple accounts.

Gmail users can utilize Google’s built-in Password Manager to identify weak or compromised passwords. The password checkup feature, accessible from Chrome’s settings, can alert users about reused or exposed credentials and prompt immediate password changes.

If an account cannot be accessed, users should proceed to Google’s account recovery page and follow the verification steps provided. Google also reminded users that it automatically requests password resets when it detects exposure in large credential leaks.


The Broader Security Implications

Cybersecurity professionals stress that while this incident does not involve a new system breach, it reinforces the ongoing threat posed by infostealer malware and poor password hygiene. Sachin Jade, Chief Product Officer at Cyware, highlighted that credential monitoring has become a vital part of any mature cybersecurity strategy. He explained that although this dataset results from older breaches, “credential-based attacks remain one of the leading causes of data compromise.”

Jade further noted that organizations should integrate credential monitoring into their broader risk management frameworks. This helps security teams prioritize response strategies, enforce adaptive authentication, and limit lateral movement by attackers using stolen passwords.

Ultimately, this collection of 183 million credentials serves as a reminder that password leaks, whether new or recycled, continue to feed cybercriminal activity. Continuous vigilance, proactive password management, and layered security practices remain the strongest defenses against such risks.


Read more »
Jennings O'Donovan
Cyber Attacks Data Leak Engineering firm Ireland Jennings O'Donovan

Cyber Attack Exposes Data of 861 Irish Defective Block Grant Applicants

 

An engineering firm that assesses applications for Ireland's defective concrete blocks grant scheme has been hit by a cyberattack, potentially exposing the personal data of approximately 861 homeowners across multiple counties. The breach targeted Sligo-based consulting firm Jennings O'Donovan, which works with the Housing Agency to evaluate applications under the enhanced defective concrete blocks scheme. 

The incident, first reported in October 2025, resulted in unauthorized access to a limited portion of the company's IT systems. Affected data includes applicants' names, local authority reference numbers, contact details, and technical reports containing photographs of damaged dwellings. However, the Housing Agency confirmed that no financial or banking information was compromised, as this data was stored securely on unaffected systems.

Donegal County was the most severely impacted, with approximately 685 applicants affected, representing over 30% of all Donegal applications to the scheme. Mayo County had 47 affected applicants, while 176 applications from other counties were also caught in the breach. The defective concrete blocks scheme, commonly known as the mica or pyrite redress scheme, provides grants to homeowners whose properties have been damaged by defective building materials containing excessive levels of mica or pyrite.

According to Jennings O'Donovan, the firm experienced a network disruption involving temporary unauthorized access and immediately activated established IT security protocols. The company worked with external specialists to identify, isolate, and mitigate the disruption. The Housing Agency emphasized that its own systems remained unaffected and the incident appears isolated to the single engineering company.

The Housing Agency has contacted all impacted applicants, advising that homeowners who were not contacted were not affected by the breach. Security experts warn that exposed personal data could potentially be used for targeted phishing or social engineering attacks against vulnerable homeowners. Despite the breach, the Housing Agency stated that no material delays to grant applications are expected.

The incident adds further complications to a scheme already facing criticism for processing delays and administrative challenges. As of June 2025, only 164 of 2,796 applicants had completed remediation work on their homes, with €163 million paid out in grants. The cyberattack highlights cybersecurity vulnerabilities in government contractor systems handling sensitive citizen data.
Read more »
Western Sydney University
Cyber Attacks Data Leak Private Data User Security Western Sydney University

Western Sydney University Hit by Major Cyberattack

 

Western Sydney University has suffered a significant cyberattack, marking the latest in a series of incidents targeting the institution since 2023. Sensitive data belonging to students, staff, and alumni—including tax file numbers, bank account details, passport and driver license information, visa and health data, contact information, and even ethnicities—was compromised when threat actors gained access to the university’s Student Management System hosted on a cloud-based platform by a third-party provider. 


The breach was discovered after two instances of unusual activity on August 6 and August 11, 2025. Investigations revealed that unauthorised access occurred through a chain involving external systems linked to the university’s infrastructure between June 19 and September 3, 2025. The attackers subsequently used this stolen data to send out fraudulent emails to students and graduates on October 6, 2025. 

These emails falsely claimed recipients had been excluded from the university or had their degrees revoked, causing widespread concern. Some scam emails appeared especially credible as they included legitimate student numbers and exploited ongoing web vulnerabilities.

The university responded by immediately initiating investigations, directing its third-party supplier to shut down access, and cooperating closely with the NSW Police Cybercrime Squad’s Strike Force Docker. Notably, in June 2025, police arrested a former student, Birdie Kingston, alleged to have played a role in earlier hacks, although officials stopped short of directly connecting this individual to the latest attack.

In recent statements, Vice-Chancellor Professor George Williams apologised for the disruption and emphasised the institution’s ongoing efforts to rectify the issue and bolster cybersecurity. The attack forms part of a troubling pattern of breaches, including incidents involving Microsoft Office 365 and other IT environments exposed since 2023. Data from previous attacks has surfaced on both the dark web and clear web, affecting thousands of current and former students.

WSU has advised affected community members to change passwords, enable multi-factor authentication, and avoid using the same password across multiple online accounts. Victims are encouraged to follow university guidance and make use of support services available. The institution continues to work with law enforcement and remains on high alert for further attacks.
Read more »
Identity Theft
Airline Customer Data Cyber Attacks cyberattacks on airline Data Breaches Data Leak data security Hackers Identity Theft

Qantas Data Leak Highlights Rising Airline Cyberattacks and Identity Theft Risks

 

Airlines continue to attract the attention of cybercriminals due to the vast amounts of personal data they collect, with passports and government IDs among the most valuable targets. According to privacy firm Incogni, the exposure of such documents poses a “severe, long-term identity theft risk” since they are difficult to replace and can be exploited for years in fraud schemes involving fake identities, counterfeit documents, and impersonation scams. 

The recent Qantas Airways data breach, claimed by the Scattered LAPSUS$ Hunters group, underscores the sector’s growing vulnerability. The stolen data included names, email addresses, Frequent Flyer details, and limited personal information such as phone numbers and birth dates. Fortunately, Qantas confirmed that no passport details, financial information, or credit card data were compromised. 

However, experts warn that even limited leaks can have serious consequences. “Attackers often combine personal identifiers like names and loyalty program details from multiple breaches to build complete identity profiles,” said Darius Belejevas, Head of Incogni. Such composite records can enable large-scale fraud even without financial data exposure. 

The Qantas incident also highlights the danger of third-party compromises. The breach reportedly stemmed from Salesforce social engineering and vendor vulnerabilities, illustrating how a single compromised supplier can have ripple effects across industries. Belejevas emphasized that “one compromised partner can expose millions of records in a single incident.” 

Data breaches in the airline industry are escalating rapidly. According to Cyble’s threat intelligence database, more than 20 airline-related breaches have been reported on the dark web in 2025 — a 50% increase from 2024. Much of this surge is attributed to coordinated attacks by Scattered Spider and the broader Scattered LAPSUS$ Hunters alliance, although other groups have also begun targeting the aviation sector. 

In a separate incident, the CL0P ransomware group claimed to have breached Envoy Air, a regional carrier of American Airlines. Envoy confirmed the intrusion but stated that no customer data was affected, only limited business information. In contrast, WestJet, which suffered a breach in June 2025, had passports and government-issued IDs exposed, prompting it to offer two years of free identity monitoring to affected customers. Incogni, however, warned that identity theft risks from such documents can persist well beyond two years. 

Experts urge travelers to take preventive security measures. Incogni recommends enrolling in identity theft monitoring, reporting phishing attempts to national anti-fraud agencies, using strong passwords with multi-factor authentication, and removing personal data from data broker sites. 

“Individuals and organizations must do more to safeguard sensitive data,” said Ron Zayas, CEO of Incogni. “In today’s world, data isn’t just being stolen by hackers — it’s also being misused by legitimate entities to manipulate outcomes.”
Read more »
Oracle E-Business Suite
American Airlines cyberattack Clop Ransomware Data Breach Data Leak Envoy Air data breach Oracle E-Business Suite

Envoy Air Confirms Oracle Data Breach After Clop Ransomware Group Lists American Airlines on Leak Site

 

kEnvoy Air, a regional carrier owned by American Airlines, has confirmed that data from its Oracle E-Business Suite application was compromised following claims by the Clop extortion group, which recently listed American Airlines on its data leak site.

"We are aware of the incident involving Envoy's Oracle E-Business Suite application," Envoy Air told BleepingComputer.

"Upon learning of the matter, we immediately began an investigation and law enforcement was contacted. We have conducted a thorough review of the data at issue and have confirmed no sensitive or customer data was affected. A limited amount of business information and commercial contact details may have been compromised."

Envoy Air operates regional flights for American Airlines under the American Eagle brand. Although it functions as a separate entity, its operations are closely integrated with American’s systems for ticketing, scheduling, and passenger services.

The Clop ransomware group has begun leaking what it claims to be stolen Envoy data, posting the message: “The company doesn’t care about its customers, it ignored their security!!!” This breach is tied to a wider campaign that began in August, in which Clop targeted Oracle E-Business Suite systems and began sending extortion demands to affected companies in September.

Initially, Oracle said that attackers were exploiting vulnerabilities patched in July. However, the company later confirmed that the threat actors took advantage of a previously unknown zero-day flaw, now identified as CVE-2025-61882.

Cybersecurity firms CrowdStrike and Mandiant later reported that Clop exploited the flaw in early August to infiltrate networks and install malware. While the total number of victims remains unclear, Google’s John Hultquist told BleepingComputer that “dozens of organizations” were affected.

The extortion gang is also targeting Harvard University as part of the same operation. The university confirmed to BleepingComputer that the breach affected “a limited number of parties associated with a small administrative unit.”

Adding to the concerns, Oracle quietly patched another zero-day flaw—CVE-2025-61884—in its E-Business Suite last week, which had been actively exploited since July 2025. The exploit was reportedly leaked by the Shiny Lapsus$ Hunters group on Telegram.

American Airlines has previously faced data breaches in 2022 and 2023, which exposed employee personal data.

Who is Clop?

The Clop ransomware group, also known as TA505, Cl0p, or FIN11, has been active since 2019. It initially used a variant of the CryptoMix ransomware to infiltrate corporate networks and steal information.

Since 2020, the group has shifted its focus to exploiting zero-day vulnerabilities in file transfer and data storage platforms. Notable campaigns include:

  • 2020: Accellion FTA zero-day attack impacting nearly 100 companies
  • 2021: SolarWinds Serv-U FTP zero-day exploit
  • 2023: GoAnywhere MFT zero-day breach affecting 100+ firms
  • 2023: MOVEit Transfer campaign, their largest to date, compromising data from 2,773 organizations worldwide
  • 2024: Exploited Cleo file transfer zero-days (CVE-2024-50623 and CVE-2024-55956) for data theft and extortion

The U.S. State Department is currently offering a $10 million reward for information linking Clop’s ransomware operations to any foreign government.
Read more »
leaked sensitive data
Asahi Beer Cyber Attacks Cyberattacks cybercriminal group CyberSecurity Ransomware Attacks Data Leak Data protection data security leaked sensitive data

Asahi Group Confirms Ransomware Attack Disrupting Operations and Leaking Data

 

Japanese food and beverage conglomerate Asahi Group Holdings has confirmed that a ransomware attack severely disrupted its operations and potentially exposed sensitive data, including employee and financial information. The cyberattack, which occurred on September 29, 2025, forced the company to delay releasing its January–September financial results, originally scheduled for November 12. 

The attack paralyzed Asahi’s domestic order and shipment systems, halting automated operations across Japan. Despite the disruption, the company implemented manual order processing and resumed partial shipments to ensure a continued supply of its popular beverages and food products. 

The Qilin ransomware group has claimed responsibility for the breach, asserting that it stole over 9,300 files containing personal and financial data. On October 8, Asahi confirmed that some of the stolen data was found online, prompting a detailed investigation into the scope and type of compromised information. In a public statement, the company said it is working to identify affected individuals and will issue notifications once the investigation confirms unauthorized data transfer.  

Although the incident primarily impacted systems within Japan, Asahi stated there is no evidence of compromise affecting its global operations. 

Recovery efforts are steadily progressing. Asahi Breweries resumed production at all six of its factories by October 2, restoring shipments of Asahi Super Dry, with other product lines following soon after. Asahi Soft Drinks restarted production at six of its seven plants by October 8, while Asahi Group Foods has also resumed partial operations at all seven domestic facilities.  

However, Asahi’s systems have not yet been fully restored, and the company has not provided a definite recovery timeline. The ongoing disruption has delayed access to critical accounting systems, forcing a postponement of quarterly financial reporting. 

In its official statement, Asahi explained that the financial disclosure delay is necessary to ensure accuracy and compliance amid system recovery. The company issued an apology to shareholders and stakeholders for the inconvenience caused and promised transparent updates as investigations and remediation progress. 

The Asahi Group cyberattack serves as another reminder of the rising frequency and impact of ransomware incidents targeting major corporations worldwide.
Read more »
Salesforce
BreachForums Cyber Attacks Data Leak FBI LAPSUS$ Salesforce

BreachForums Taken Down by FBI and French Authorities as LAPSUS$-Linked Group Threatens Salesforce Data Leak

 



U.S. and French law enforcement agencies have seized the latest version of BreachForums, a cybercrime platform known for hosting stolen databases and leaked information. The takedown was carried out by the Federal Bureau of Investigation (FBI), the U.S. Department of Justice, and French cybercrime authorities, who placed an official seizure notice on the site on October 9.

This development comes just hours before an extortion deadline announced by a threat group calling itself Scattered LAPSUS$ Hunters, which had threatened to leak data allegedly stolen from Salesforce and Salesloft if ransom demands were not met by October 10.

The seizure was first noticed on Telegram before it became official. A threat actor using the alias “emo” had observed that BreachForums’ domain was using Cloudflare name servers associated with previously seized FBI sites, suggesting law enforcement action was imminent.

Following the seizure, Scattered LAPSUS$ Hunters confirmed the action on its Telegram channel through a PGP-signed message, claiming that all their BreachForums-related domains and backend infrastructure were taken offline and destroyed. The group, however, asserted that its members had not been arrested and that their Tor-based data leak site remained active.

“The era of forums is over,” the message read, warning members to maintain operational security and avoid new BreachForums clones, which the group claimed could be “honeypots” operated by law enforcement.


Compromised Infrastructure and Data

The group stated that during the seizure, all BreachForums database backups dating from 2023 to the present were compromised, along with escrow and server systems. They also alleged that their onion hidden service was affected because the underlying infrastructure had been seized and destroyed.

Despite this, Scattered LAPSUS$ Hunters insisted that the takedown would not affect their planned Salesforce data leak campaign. The group reiterated that the October 10 deadline for victims to comply with their ransom demands remained unchanged.

This marks the fourth major seizure in the history of BreachForums and its predecessors, including the earlier RaidForums. Both forums have been repeatedly targeted by global law enforcement operations and linked to several high-profile arrests over the years.

The group also revealed that the widely known administrator “pompompurin,” believed to have launched BreachForums after RaidForums’ closure, had merely been a “front,” suggesting that the forum’s operations were coordinated by a wider network of individuals from the start.


What Lies Ahead

While the seizure has temporarily disrupted the group’s clearnet operations, cyber experts caution that criminal forums often migrate to the dark web or encrypted channels to continue their activities. Authorities are expected to pursue further investigations in the coming weeks to identify and apprehend those involved.

For cybersecurity professionals and enterprises, it's high time to give importance to monitoring data exposure risks and staying alert to potential secondary leaks, especially when extortion groups remain active through alternate platforms.



Read more »
data security
Cyber Attacks cybercriminal group CyberSecurity Ransomware Attacks dark web data leak Data Leak data security

Qilin Ransomware Gang Claims Cyberattack on Japanese Beer Giant Asahi

 

The Qilin ransomware group has claimed responsibility for the recent cyberattack on Japanese brewing giant Asahi, adding the company’s name to its dark web data leak site. The cybercriminals alleged that they had stolen over 9,300 files amounting to 27GB of confidential data, including financial documents, employee identification records, contracts, and internal reports. To substantiate their claims, the group published 29 images showing snippets of the stolen files. 

Asahi, Japan’s largest beer manufacturer, employs around 30,000 people and produces approximately 100 million hectoliters annually, generating close to $20 billion in revenue. The company suffered significant operational disruptions following the attack. On September 29, Asahi temporarily halted production at six of its domestic facilities, later confirming on October 3 that a ransomware attack had crippled its systems and led to data exfiltration. 

At first, no threat actor took public credit for the breach. However, the Qilin ransomware group eventually listed Asahi among its victims, likely after ransom negotiations failed. Qilin, which emerged in 2023, is known as a multi-platform ransomware operation capable of targeting both Windows and Linux systems. The group has been associated with other notorious hacker collectives such as Scattered Spider and, more recently, North Korean state-linked actors. 

Qilin’s tactics include exploiting vulnerabilities in edge network devices, deploying credential theft tools, and developing sophisticated encryption mechanisms to hinder recovery. The group has previously targeted high-profile organizations including Nissan, Inotiv, Lee Enterprises, major hospitals within London’s NHS network, and automotive supplier Yangfeng.

In its post, Qilin claimed that the Asahi ransomware attack could result in losses exceeding $335 million due to production halts affecting six breweries and more than thirty beer labels. Despite the claims, Asahi has not verified the authenticity of the leaked files. In a statement to BleepingComputer, a company spokesperson confirmed that the matter remains under active investigation and declined to comment further. 

The company also shared that production of its flagship beer, Super Dry, has resumed through a temporary manual ordering system. While Asahi’s factories are not yet operating at full capacity, shipments for additional labels are expected to restart by October 15. However, as a direct consequence of the cyberattack and ongoing disruptions, Asahi announced it would delay the launch of new products that were initially planned for October 2025. 

The attack on Asahi underscores the growing reach and sophistication of ransomware groups like Qilin, whose increasingly destructive campaigns continue to target global corporations across industries, threatening both economic stability and consumer trust.
Read more »
threat report
AI Tool Cyber Security Data Leak Generative AI threat report

Workplace AI Tools Now Top Cause of Data Leaks, Cyera Report Warns

 

A recent Cyera report reveals that generative AI tools like ChatGPT, Microsoft Copilot, and Claude have become the leading source of workplace data leaks, surpassing traditional channels like email and cloud storage for the first time. The alarming trend shows that nearly 50% of enterprise employees are using AI tools at work, often unknowingly exposing sensitive company information through personal, unmanaged accounts.

The research found that 77% of AI interactions in workplace settings involve actual company data, including financial records, personally identifiable information, and strategic documents. Employees frequently copy and paste confidential materials directly into AI chatbots, believing they are simply improving productivity or efficiency. However, many of these interactions occur through personal AI accounts rather than enterprise-managed ones, making them invisible to corporate security systems.

The critical issue lies in how traditional cybersecurity measures fail to detect these leaks. Most security platforms are designed to monitor file attachments, suspicious downloads, and outbound emails, but AI conversations appear as normal web traffic. Because data is shared through copy-paste actions within chat windows rather than direct file uploads, it bypasses conventional data-loss prevention tools entirely.

A 2025 LayerX enterprise report revealed that 67% of AI interactions happen on personal accounts, creating a significant blind spot for IT teams who cannot monitor or restrict these logins. This makes it nearly impossible for organizations to provide adequate oversight or implement protective measures. In many cases, employees are not intentionally leaking data but are unaware of the security risks associated with seemingly innocent actions like asking AI to "summarize this report".

Security experts emphasize that the solution is not to ban AI outright but to implement stronger controls and improved visibility. Recommended measures include blocking access to generative AI through personal accounts, requiring single sign-on for all AI tools on company devices, monitoring for sensitive keywords and clipboard activity, and treating AI chat interactions with the same scrutiny as traditional file transfers.

The fundamental advice for employees is straightforward: never paste anything into an AI chat that you wouldn't post publicly on the internet. As AI adoption continues to grow in workplace settings, organizations must recognize this emerging threat and take immediate action to protect sensitive information from inadvertent exposure.
Read more »
protecting sensitive data
Cyber Security Data Leak Data protection data security Exploits leaked sensitive data protecting sensitive data

Zimbra Zero-Day Exploit Used in ICS File Attacks to Steal Sensitive Data

 

Security researchers have discovered that hackers exploited a zero-day vulnerability in Zimbra Collaboration Suite (ZCS) earlier this year using malicious calendar attachments to steal sensitive data. The attackers embedded harmful JavaScript code inside .ICS files—typically used to schedule and share calendar events—to target vulnerable Zimbra systems and execute commands within user sessions. 

The flaw, identified as CVE-2025-27915, affected ZCS versions 9.0, 10.0, and 10.1. It stemmed from inadequate sanitization of HTML content in calendar files, allowing cybercriminals to inject arbitrary JavaScript code. Once executed, the code could redirect emails, steal credentials, and access confidential user information. Zimbra patched the issue on January 27 through updates (ZCS 9.0.0 P44, 10.0.13, and 10.1.5), but at that time, the company did not confirm any active attacks. 

StrikeReady, a cybersecurity firm specializing in AI-based threat management, detected the campaign while monitoring unusually large .ICS files containing embedded JavaScript. Their investigation revealed that the attacks began in early January, predating the official patch release. In one notable instance, the attackers impersonated the Libyan Navy’s Office of Protocol and sent a malicious email targeting a Brazilian military organization. The attached .ICS file included Base64-obfuscated JavaScript designed to compromise Zimbra Webmail and extract sensitive data. 

Analysis of the payload showed that it was programmed to operate stealthily and execute in asynchronous mode. It created hidden fields to capture usernames and passwords, tracked user actions, and automatically logged out inactive users to trigger data theft. The script exploited Zimbra’s SOAP API to search through emails and retrieve messages, which were then sent to the attacker every four hours. It also added a mail filter named “Correo” to forward communications to a ProtonMail address, gathered contacts and distribution lists, and even hid user interface elements to avoid detection. The malware delayed its execution by 60 seconds and only reactivated every three days to reduce suspicion. 

StrikeReady could not conclusively link the attack to any known hacking group but noted that similar tactics have been associated with a small number of advanced threat actors, including those linked to Russia and the Belarusian state-sponsored group UNC1151. The firm shared technical indicators and a deobfuscated version of the malicious code to aid other security teams in detection efforts. 

Zimbra later confirmed that while the exploit had been used, the scope of the attacks appeared limited. The company urged all users to apply the latest patches, review existing mail filters for unauthorized changes, inspect message stores for Base64-encoded .ICS entries, and monitor network activity for irregular connections. The incident highlights the growing sophistication of targeted attacks and the importance of timely patching and vigilant monitoring to prevent zero-day exploitation.
Read more »
Personal Data
Data Breach Data Exposure Data Leak data security leaked sensitive data Malware. Scattered Spider online crimes Telstra Personal Data

Telstra Denies Scattered Spider Data Breach Claims Amid Ransom Threats

 

Telstra, one of Australia’s leading telecommunications companies, has denied claims made by the hacker group Scattered Spider that it suffered a massive data breach compromising nearly 19 million personal records. The company issued a statement clarifying that its internal systems remain secure and that the data in question was scraped from publicly available sources rather than stolen. In a post on X (formerly Twitter), Telstra emphasized that no passwords, banking details, or sensitive identification data such as driver’s licenses or Medicare numbers were included in the dataset. 

The claims originated from a dark web post published on October 3 by a group calling itself Scattered Lapsus$ Hunters, an offshoot of Scattered Spider. The group alleged it had stolen more than 100GB of personally identifiable information, including names and physical addresses, and warned that company executives should negotiate to avoid further data exposure. The attackers claimed the alleged breach took place in July 2023 and threatened to release the data publicly if a ransom was not paid by October 13, 2025. They also asserted possession of over 16 million records contained in a file named telstra.sql, which they said was part of a larger collection of 19 million records. 

In a surprising twist, the ransom note also mentioned Salesforce, the global cloud computing company, demanding negotiations begin with its executives. Salesforce swiftly rejected the demand, issuing a statement on October 8 declaring that it “will not engage, negotiate with, or pay any extortion demand,” aligning with global cybersecurity guidelines that discourage ransom payments. 

Scattered Lapsus$ Hunters has made similar claims about breaches involving several major corporations, including Qantas, IKEA, and Google AdSense. Cybersecurity intelligence platforms like Cyble Vision have documented multiple previous instances of alleged Telstra data breaches, some dating back to 2022. In one notable case, a threat actor called UnicornLover67 claimed to possess a dataset containing over 47,000 Telstra employee records, including email addresses and hashed passwords. Telstra has previously confirmed smaller breaches linked to third-party service providers, most recently in 2022, affecting around 132,000 customers. 

However, cybersecurity analysts remain uncertain whether the current claims represent a fresh breach or a recycling of old data. Experts suggest that previously leaked or publicly available datasets may have been repurposed to appear as new evidence of compromise. This possibility aligns with Telstra’s statement that no recent intrusion has occurred. 

The investigation into the alleged breach remains ongoing as the ransom deadline approaches. While Telstra continues to assert that its systems are uncompromised, the persistence of repeated breach claims underscores the growing challenge of misinformation and data reuse in the cybercrime landscape. The Cyber Express has reached out to Telstra for further updates and will continue to monitor the situation as new details emerge.
Read more »
User Privacy
Data Leak Deepfake Mobile Security OpenAI Sora User Privacy

OpenAI's Sora App Raises Facial Data Privacy Concerns

 

OpenAI's video-generating app, Sora, has raised significant questions regarding the safety and privacy of user's biometric data, particularly with its "Cameo" feature that creates realistic AI videos, or "deepfakes," using a person's face and voice. 

To power this functionality, OpenAI confirms it must store users' facial and audio data. The company states this sensitive data is encrypted during both storage and transmission, and uploaded cameo data is automatically deleted after 30 days. Despite these assurances, privacy concerns remain. The app's ability to generate hyper-realistic videos has sparked fears about the potential for misuse, such as the creation of unauthorized deepfakes or the spread of misinformation. 

OpenAI acknowledges a slight risk that the app could produce inappropriate content, including sexual deepfakes, despite the safeguards in place. In response to these risks, the company has implemented measures to distinguish AI-generated content, including visible watermarks and invisible C2PA metadata in every video created with Sora .

The company emphasizes that users have control over their likeness. Individuals can decide who is permitted to use their cameo and can revoke access or delete any video featuring them at any time. However, a major point of contention is the app's account deletion policy. Deleting a Sora account also results in the termination of the user's entire OpenAI account, including ChatGPT access, and the user cannot register again with the same email or phone number. 

While OpenAI has stated it is developing a way for users to delete their Sora account independently, this integrated deletion policy has surprised and concerned many users who wish to remove their biometric data from Sora without losing access to other OpenAI services.

The app has also drawn attention for potential copyright violations, with users creating videos featuring well-known characters from popular media. While OpenAI provides a mechanism for rights holders to request the removal of their content, the platform's design has positioned it as a new frontier for intellectual property disputes.
Read more »
Personal Information
cybercriminals Data Breach Data Leak Data protection data security Financial Information Personal Information

Where Your Data Goes After a Breach and How to Protect Yourself

 

Data breaches happen every day—and they’re almost never random. Most result from deliberate, targeted cyberattacks or the exploitation of weak security systems that allow cybercriminals to infiltrate networks and steal valuable data. These breaches can expose email addresses, passwords, credit card details, Social Security numbers, medical records, and even confidential business documents. While it’s alarming to think about, understanding what happens after your data is compromised is key to knowing how to protect yourself.  

Once your information is stolen, it essentially becomes a commodity traded for profit. Hackers rarely use the data themselves. Instead, they sell it—often bundled with millions of other records—to other cybercriminals who use it for identity theft, fraud, or extortion. In underground networks, stolen information has its own economy, with prices fluctuating depending on how recent or valuable the data is. 

The dark web is the primary marketplace for stolen information. Hidden from regular search engines, it provides anonymity for sellers and buyers of credit cards, logins, and personal identifiers. Beyond that, secure messaging platforms such as Telegram and Signal are also used to trade stolen data discreetly, thanks to their encryption and privacy features. Some invite-only forums on the surface web also serve as data exchange hubs, while certain hacktivists or whistleblowers may release stolen data publicly to expose unethical practices. Meanwhile, more sophisticated cybercriminal groups operate privately, sharing or selling data directly to trusted clients or other hacker collectives. 

According to reports from cybersecurity firm PrivacyAffairs, dark web markets offer everything from bank login credentials to passports and crypto wallets. Payment card data—often used in “carding” scams—remains one of the most traded items. Similarly, stolen social media and email accounts are in high demand, as they allow attackers to launch phishing campaigns or impersonate victims. Even personal documents such as birth certificates or national IDs are valuable for identity theft schemes. 

Although erasing your personal data from the internet entirely is nearly impossible, there are ways to limit your exposure. Start by using strong, unique passwords managed through a reputable password manager, and enable multi-factor authentication wherever possible. A virtual private network (VPN) adds another layer of protection by encrypting your internet traffic and preventing data collection by third parties. 

It’s also wise to tighten your social media privacy settings and avoid sharing identifiable details such as your workplace, home address, or relationship status. Be cautious about what information you provide to websites and services—especially when signing up or making purchases. Temporary emails, one-time payment cards, and P.O. boxes can help preserve your anonymity online.  

If you discover that your data was part of a breach, act quickly. Monitor all connected accounts for suspicious activity, reset compromised passwords, and alert your bank or credit card provider if financial details were involved. For highly sensitive leaks, such as stolen ID numbers, consider freezing your credit report to prevent identity fraud. Data monitoring services can also help by tracking the dark web for mentions of your personal information.

In today’s digital world, data is currency—and your information is one of the most valuable assets you own. Staying vigilant, maintaining good cyber hygiene, and using privacy tools are your best defenses against becoming another statistic in the global data breach economy.
Read more »
User Privacy
Class Action Lawsuit Data Breach Data Leak NSSF User Privacy

NSSF Sued for Secretly Using Gun Owners’ Data in Political Ads

 

The National Shooting Sports Foundation (NSSF) is facing a class-action lawsuit alleging it secretly built a database with personal information from millions of gun owners and used it for political advertising without consent.

The lawsuit, filed by two gun owners—Daniel Cocanour of Oklahoma and Dale Rimkus of Illinois—claims the NSSF obtained data from warranty cards filled out by customers for firearm rebates or repairs, which included sensitive details like contact information, age, income, vehicle ownership, and reasons for gun ownership. These individuals never consented to their data being shared or used for political purposes, according to the suit.

The NSSF, based in Shelton, Connecticut, began compiling the database in 1999 following the Columbine High School shooting, aiming to protect the firearms industry’s image and legal standing. By May 2001, the database held 3.4 million records, growing to 5.5 million by 2002 under the name “Data Hunter,” with contributions from major manufacturers like Glock, Smith & Wesson, Marlin Firearms, and Savage Arms. The plaintiffs allege “unjust enrichment,” arguing the NSSF profited from using this data without compensating gun owners.

The organization reportedly used the database to target political ads supporting pro-gun candidates, claiming its efforts were a “critical component” in George W. Bush’s narrow 2000 presidential victory. The NSSF continued using the database in elections through 2016, including hiring Cambridge Analytica during President Trump’s campaign to mobilize gun rights supporters in swing states . This partnership is notable given Cambridge Analytica’s later collapse due to a Facebook data scandal involving unauthorized user data.

Despite publicly advocating for gun owners’ privacy—such as supporting the “Protecting Privacy in Purchases Act”—the NSSF allegedly engaged in practices contradicting this stance. The lawsuit seeks damages exceeding $5 million and class-action status for all U.S. residents whose data was collected from 1990 to present. 

The case highlights a breach of trust, as the NSSF reportedly amassed data while warning against similar databases being used for gun confiscation . As of now, the NSSF has not commented publicly but maintains its data practices were legal and ethical .
Read more »
Subscribe to: Comments (Atom)