Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Customer Data. Show all posts
leaked sensitive data
Customer Data Data Breach Data Leak Data protection data security Hacking Attack Hacking Group leaked sensitive data

ShinyHunters Vimeo Data Breach Exposes Information of Over 119,000 Users

 

Early this year, Vimeo faced a security incident leading to the theft of personal details tied to over 119,000 people by the ShinyHunters hacking collective. Information on the leak became known via Have I Been Pwned, a service tracking compromised accounts, after examining the exposed records. 

Late last month, Vimeo revealed a security issue affecting its systems. The platform, known for hosting and streaming videos globally, serves many millions of active users. Access by unknown parties came via a flaw tied to Anodot. This firm provides tools that spot irregularities in data flows. Its technology connects directly into parts of Vimeo’s infrastructure. 

The event marks one point where external partnerships introduced risk. Details emerged only after internal reviews concluded. One thing became clear: the entry did not stem from inside Vimeo's own network. Instead, it traced back to how outside services link up. Security teams now examine how third-party integrations affect overall protection levels. 

Surprisingly, early reports showed hackers obtained technical data, video metadata, and titles - sometimes even user emails. Despite the breach, payment information, account passwords, and live session tokens stayed secure, according to internal confirmation. Throughout the event, Vimeo’s main system kept running smoothly, maintaining full service availability. Unexpectedly, operations continued without noticeable interference. 

Right away, Vimeo shut down every login linked to Anodeto stop any more unwanted entry once the break-in came to light. Instead of handling things alone, outside cyber experts joined to support the inquiry. At the same time, officials responsible for enforcing laws got word about what happened. Later, even so, the hackers released a huge 106GB collection of stolen files online when talks reportedly broke down. 

That data appeared on a hidden website used by the ShinyHunters crew, who stated weak login credentials tied to Anodot opened doors unexpectedly. From there, they moved into Vimeo's storage platforms - Snowflake and BigQuery - with little resistance. Some 119,200 individuals had their email addresses disclosed, along with names in certain instances, based on findings from Have I Been Pwned after reviewing the leaked data. 

Though the breach details have circulated, Vimeo hasn’t officially verified how many accounts were impacted. Inside these breaches, access began through deceptive emails or fake support calls tricking staff. Not long ago, compromised logins gave hackers entry to identity tools like Okta and Microsoft Entra. From there, movement spread toward customer relationship software, team messaging apps, file storage, design programs, help desks, and workplace productivity suites. Cloud infrastructure and subscription-based tech now draw more attention than before. 

Breach attempts often follow weak points in unified login setups across company networks. Though main networks stay secure, outside providers sometimes open doors hackers exploit. A breach in one connected service might unlock several company areas at once. Experts observe rising incidents targeting cloud logins and partner tools for this reason. Instead of attacking central defenses, intruders shift focus to these links. Sensitive client data ends up at risk even if primary infrastructure holds firm.  

Recently, ShinyHunters took credit for hacks spanning education, retail, health care, gaming, and government bodies. Vimeo's situation shows third-party links still pose steady threats to big digital services managing vast user information. Despite different targets, weak outside connections often open doors. One breach can ripple through many layers unexpectedly.
Read more »
technology companies
AWS Cloud Computing Cloud Server Customer Data Cyber Security data sovereignty Europe technology companies

Why Europe Is Rethinking Its Dependence on US Cloud Providers




Concerns around digital sovereignty are rapidly becoming one of the most important debates shaping the future of cloud computing, artificial intelligence, and government technology infrastructure across Europe and the UK.

The discussion recently gained attention after Chi Onwurah, chair of the UK Science, Innovation and Technology Select Committee, criticized Britain’s broader technology strategy and warned about growing dependence on a small group of major US technology companies. Her remarks pointed to reliance on providers such as Microsoft and Amazon Web Services, while also referencing Palantir Technologies because of its involvement in NHS and defence-related contracts. She also raised concerns about foreign-controlled technology supply chains supporting critical public infrastructure.

At the centre of the debate is the meaning of “digital sovereignty,” a term that is increasingly used by governments but often interpreted differently. In practical terms, sovereignty refers to a country maintaining legal authority and control over its citizens’ sensitive data, including where that information is processed, accessed, and governed. Experts argue that sovereign data should only fall under the jurisdiction of the nation to which it belongs, rather than being exposed to foreign legal systems or overseas regulatory reach.

The issue has become especially significant in the era of public cloud computing. Before large-scale cloud adoption, most government and enterprise data was stored and processed inside domestic datacentres, limiting both physical and remote access to national borders. While foreign software vendors occasionally required access for maintenance or support purposes, control over infrastructure largely remained local.

That model changed as governments and businesses increasingly adopted cloud services operated by US-headquartered providers. As organizations shifted toward subscription-based cloud platforms, concerns began emerging over whether sensitive national data could still be considered sovereign if it was processed through globally distributed infrastructure.

Much of the modern sovereignty debate intensified following the Schrems II ruling, a landmark European court decision that challenged how personal data could be transferred outside the EU to countries viewed as having weaker privacy protections. Since then, governments across Europe have pushed for tighter oversight of where data travels and who ultimately controls cloud infrastructure.

Although sovereignty concerns are often framed as a problem tied only to hyperscalers, industry analysts say the challenge is broader. Companies including IBM, Oracle Corporation, and Hewlett Packard Enterprise also face pressure to adapt their cloud and data processing models to meet stricter sovereignty expectations.

The debate has also been intensified by geopolitical tensions. European governments have become increasingly cautious about long-term dependence on foreign-owned digital infrastructure, particularly as cloud computing and artificial intelligence become more deeply connected to defence, healthcare, and public services. Analysts note that data infrastructure is now being viewed similarly to energy or telecommunications infrastructure: strategically important and politically sensitive.

Among the prominent providers, Microsoft was one of the earliest companies to experiment with sovereign cloud initiatives, including a dedicated German version of Microsoft 365. However, that model was eventually discontinued in 2022. Critics argue the company now faces greater difficulties adapting because many of its cloud services operate through highly interconnected global systems spread across more than 100 countries.

Questions around transparency have also created challenges. Reports previously indicated that Microsoft struggled to provide detailed information about certain data flows when requested by the Scottish Police Authority under data protection obligations. Investigative reporting from ProPublica also stated that US authorities encountered similar difficulties while attempting to evaluate Microsoft cloud services under FedRAMP certification requirements for government environments.

Additional scrutiny has emerged around Microsoft’s artificial intelligence infrastructure plans. The company had previously indicated that in-country AI processing capabilities for Copilot services in the UK would arrive by the end of 2025, though timelines have reportedly shifted into 2026. Some European customers are also expected to receive regional AI processing instead of fully sovereign national deployments.

Industry experts increasingly categorize sovereign cloud approaches into multiple levels. One common method involves creating “data boundaries,” where providers attempt to restrict where customer data is stored or processed while still operating under global cloud architectures. Critics argue this model may not fully satisfy stricter interpretations of sovereignty because some operational control can still remain overseas.

A second approach focuses on partnerships with local operators that manage sovereign services regionally. Amazon Web Services has promoted its European Sovereign Cloud initiative using this framework, arguing that the platform aligns with EU regulatory requirements. However, some analysts contend that EU-level governance is not the same as national sovereignty, particularly for non-EU countries such as the UK. Concerns have also been raised over whether US legislation, including the CLOUD Act, could still apply in certain circumstances.

Meanwhile, Google Cloud has attracted attention through its partnership with French defence and technology company Thales Group. Their joint venture, S3NS, is designed around France-specific sovereign infrastructure with air-gapped operations, meaning the systems can function independently without continuously communicating with external global networks for updates or validation checks.

Security specialists consider air-gapped architecture an important benchmark for sovereign cloud environments because it reduces reliance on foreign operational control. Google’s Distributed Cloud Air-Gapped platform is currently viewed by some analysts as one of the more mature sovereign cloud offerings available, despite still lacking some features present in its broader public cloud ecosystem.

The approach has already attracted major defence-related interest. France, NATO members, and the German military have all shown interest in sovereign infrastructure models, while the UK Ministry of Defence recently announced a £400 million contract spanning five years tied to these types of capabilities.

Competing alternatives are still evolving. AWS offers LocalStack-focused options largely aimed at development environments, while Microsoft’s disconnected Azure Local products have faced criticism from some analysts who argue the offerings remain less mature than competing sovereign platforms.

Despite rapid investment, experts say the sovereign cloud market is still in its early stages. Google’s France-based partnership model currently appears to offer one of the clearest examples of locally controlled hyperscale infrastructure, while AWS continues refining its European-focused model and Microsoft works through broader architectural and transparency challenges.

At the same time, the sovereignty movement may create new opportunities for regional cloud providers and domestic technology companies. However, analysts warn that building competitive sovereign infrastructure will require long-term investment, government support, and procurement strategies that allow interoperability between multiple vendors rather than locking public institutions into a single provider.

Many experts believe the future of sovereign technology infrastructure will likely depend on hybrid and partnership-driven models combining hyperscale cloud capabilities with locally managed operations. Supporters of the S3NS approach argue it offers an early blueprint for how global cloud providers and national operators could collaborate while still preserving local control over sensitive data and critical digital systems.

Read more »
Microsoft Outlook security
Customer Data Cyber Attacks Cyber Phishing Data Theft Hijacking Microsoft Microsoft Outlook Microsoft Outlook security

Malicious Outlook Add-In Hijack Steals 4,000 Microsoft Credentials

 

A breach transformed the AgreeTo plug-in for Microsoft Outlook - once meant for organizing meetings - into a weapon that harvested over four thousand login details. Though built by a third-party developer and offered through the official Office Add-in Store starting in late 2022, it turned against its intended purpose. Instead of simplifying calendars, it funneled user data to attackers. What began as a practical tool ended up exploited, quietly capturing credentials under false trust. 

Not every tool inside Office apps runs locally - some pull data straight from web addresses. For AgreeTo, its feature lived online through a link managed via Vercel. That address stopped receiving updates when the creator walked away, even though people kept using it. With no one fixing issues, the software faded into silence. Yet Microsoft still displayed it as available for download. Later, someone with harmful intent took control of the unused webpage. From there, they served malicious material under the app’s trusted name. A login screen mimicking Microsoft’s design appeared where the real one should have been, according to analysts at Koi Security. 

Instead of authentic access points, users faced a counterfeit form built to harvest credentials. Hidden scripts ran alongside, silently sending captured data elsewhere. After approval in Microsoft’s marketplace, the add-in escaped further checks. The company examines just the manifest when apps are submitted - nothing beyond that gets verified later. Interface components and features load externally, pulled from servers run by developers themselves. 

Since AgreeTo passed initial review, its updated files came straight from machines now under malicious control. Oversight ended once publication was complete. From inside the attacker’s data pipeline, Koi Security found over 4,000 Microsoft login details already taken. Alongside these, information such as credit card records and responses to bank verification questions had also been collected. While analyzing activity, experts noticed live attempts using the breached logins unfolding in real time. 

Opening the harmful AgreeTo add-on in Outlook displayed a counterfeit Microsoft login screen within the sidebar rather than the expected calendar tool. Resembling an authentic authentication portal, this imitation proved hard to recognize as fraudulent. Once victims submitted their details, those credentials got sent through a Telegram bot interface. Following that transfer, individuals saw the genuine Microsoft sign-in page appear - helping mask what had just occurred. Despite keeping ReadWriteItem access, which enables viewing and editing messages, there's no proof the tool tampered with any emails. 

Behind the campaign, investigators spotted a single actor running several phishing setups aimed at financial services, online connectivity firms, and email systems. Notable because it lives inside Microsoft’s official store, AgreeTo stands apart from past threats that spread via spam, phishing, or malvertising. This marks the first time a verified piece of malware has appeared on the Microsoft Marketplace, according to Oren Yomtov at Koi. He also notes it is the initial harmful Outlook extension spotted actively used outside test environments. 

A removal of AgreeTo from the store was carried out by Microsoft. Anyone keeping the add-in should uninstall it without delay, followed by a password change. Attempts to reach Microsoft for input have been made; no reply came so far.
Read more »
Ledger
Customer Data customer data leak customer data privacy Data Breach Data Exposure data security leaked sensitive data Ledger

Ledger Customer Data Exposed After Global-e Payment Processor Cloud Incident

 

A fresh leak of customer details emerged, linked not to Ledger’s systems but to Global-e - an outside firm handling payments for Ledger.com. News broke when affected users received an alert email from Global-e. That message later appeared online, posted by ZachXBT, a known blockchain tracker using a fake name, via the platform X. 

Unexpectedly, a breach exposed some customer records belonging to Ledger, hosted within Global-e’s online storage system. Personal details, including names and email addresses made up the compromised data, one report confirmed. What remains unclear is the number of people impacted by this event. At no point has Global-e shared specifics about when the intrusion took place.  

Unexpected behavior triggered alerts at Global-e, prompting immediate steps to secure systems while probes began. Investigation followed swiftly after safeguards were applied, verifying unauthorized entry had occurred. Outside experts joined later to examine how the breach unfolded and assess potential data exposure. Findings showed certain personal details - names among them - were viewed without permission. Contact records also appeared in the set of compromised material. What emerged from analysis pointed clearly to limited but sensitive information being reached. 

Following an event involving customer data, Ledger confirmed details in a statement provided to CoinDesk. The issue originated not in Ledger's infrastructure but inside Global-e’s operational environment. Because Global-e functions as the Merchant of Record for certain transactions, it holds responsibility for managing related personal data. That role explains why Global-e sent alerts directly to impacted individuals. Information exposed includes records tied to purchases made on Ledger.com when buyers used Global-e’s payment handling system. 

While limited to specific order-related fields, access was unauthorized and stemmed from weaknesses at Global-e. Though separate entities, their integration during checkout links them in how transactional information flows. Customers involved completed orders between defined dates under these service conditions. Security updates followed after discovery, coordinated across both organizations. Notification timing depended on forensic review completion by third-party experts. Each step aimed at clarity without premature disclosure before full analysis. 

Still, the firm pointed out its own infrastructure - platform, hardware, software - was untouched by the incident. Security around those systems remains intact, according to their statement. What's more, since users keep control of their wallets directly, third parties like Global-e cannot reach seed phrases or asset details. Access to such private keys never existed for external entities. Payment records, meanwhile, stayed outside the scope of what appeared in the leak. 

Few details emerged at first, yet Ledger confirmed working alongside Global-e to deliver clear information to those involved. That setup used by several retailers turned out to be vulnerable, pointing beyond a single company. Updates began flowing after detection, though the impact spread wider than expected across shared infrastructure. 

Coming to light now, this revelation follows earlier security problems connected to Ledger. Back in 2020, a flaw at Shopify - the online store platform they used - led to a leak affecting 270,000 customers’ details. Then, in 2023, another event hit, causing financial damage close to half a million dollars and touching multiple DeFi platforms. Though different in both scale and source, the newest issue highlights how reliance on outside vendors can still pose serious threats when handling purchases and private user information.  

Still, Ledger’s online platforms showed no signs of a live breach on their end, yet warnings about vigilance persist. Though nothing points to internal failures, alerts remind customers to stay alert regardless. Even now, with silence across official posts, guidance leans toward caution just the same.
Read more »
leaked sensitive data
California Customer Data Data Breach Data Broker Data Privacy data privacy regulations data security leaked sensitive data

California Privacy Regulator Fines Datamasters for Selling Sensitive Consumer Data Without Registration

 

The California Privacy Protection Agency (CalPrivacy) has taken enforcement action against Datamasters, a marketing firm operated by Rickenbacher Data LLC, for unlawfully selling sensitive personal and health-related data without registering as a data broker. The Texas-based company was found to have bought and resold information belonging to millions of individuals, including Californians, in violation of the California Delete Act. 

Under the Delete Act, companies engaged in buying or selling consumer data are required to register annually as data brokers by January 31. Beginning in 2026, the law will also enable consumers to use a centralized online tool known as the Delete Request and Opt-out Platform (DROP), which allows individuals to request the deletion of their personal information from all registered data brokers at once. 

CalPrivacy imposed a $45,000 fine on Datamasters for failing to register within the required timeframe. Due to the seriousness and continued nature of the violations, the agency also prohibited the company from selling personal information related to Californians. According to the regulator’s final order, Datamasters continued operating as an unregistered data broker despite repeated efforts by the agency to bring it into compliance. 

The investigation found that Datamasters purchased and resold data linked to people with specific medical conditions, including Alzheimer’s disease, drug addiction, and bladder incontinence, primarily for targeted advertising purposes. In addition to health data, the company traded consumer lists categorized by age and perceived race, marketing products such as “Senior Lists” and “Hispanic Lists.” The datasets also included information tied to political views, grocery shopping behavior, banking activity, and health-related purchases.  

The scope of the data involved was extensive, reportedly consisting of hundreds of millions of records containing names, email addresses, physical addresses, and phone numbers. CalPrivacy identified the nature and scale of the data processing as a significant risk to consumer privacy, particularly given the sensitive characteristics associated with many of the records. 

An aggravating factor in the case was Datamasters’ response to regulatory scrutiny. The company initially claimed it did not conduct business in California or handle data belonging to Californians. When confronted with evidence to the contrary, it later acknowledged processing such data and asserted that it manually screened datasets, a claim regulators found unconvincing. The agency noted that Datamasters resisted compliance efforts while continuing its data brokerage activities. 

As part of the enforcement order, signed on December 12, Datamasters was instructed to delete all previously acquired personal information related to Californians by the end of December. The company must also delete any California-related data it may receive in the future within 24 hours. Additionally, Datamasters is required to maintain compliance safeguards for five years and submit a report detailing its privacy practices after one year. 

In a separate action, CalPrivacy fined S&P Global Inc. $62,600 for failing to register as a data broker for 2024 by the January 31, 2025 deadline. The agency noted that the lapse, which lasted 313 days, was due to an administrative error and that the company acted promptly to correct the issue once identified.
Read more »
personal data leak
Customer Data Customer Data Exposed Data Breach Data exposed data security leaked sensitive data personal data leak

DoorDash Data Breach Exposes Customer Information in October 2025 Incident

 

DoorDash has informed its customers that the company experienced a security incident in late October, marking yet another breach for the food delivery platform. According to details first reported by BleepingComputer, DoorDash has begun emailing users to disclose that on October 25, 2025, an unauthorized individual infiltrated parts of its internal systems and accessed selected customer contact information. The type of data exposed varied from person to person but involved key personal details. In its notification email, the company confirmed that names, physical addresses, phone numbers, and email addresses were among the information viewed by the intruder. While financial data does not appear to have been compromised, the collection of exposed fields still carries significant risk because such details can easily be reused in phishing, impersonation, and other forms of social engineering attacks. 

DoorDash stated that the root cause of the breach was a social engineering scam targeting an employee, which ultimately allowed the attacker to obtain credentials and slip past internal safeguards. As soon as the company recognized unusual activity, its security team revoked the unauthorized access, launched a broader investigation, and contacted law enforcement to support further review. However, the company did not specify how many individuals may have been affected. What is clear is that the impacted group includes customers, delivery drivers (known as Dashers), and merchants. Considering DoorDash reported roughly 7 million contractors in 2023, nearly 600,000 partner merchants in 2024, and more than 42 million active users, the number of people touched by the incident could be extensive. 

This latest breach adds to a concerning pattern for the company, which was previously affected by two significant incidents in 2019 and 2022. The 2019 attack exposed information belonging to approximately 5 million customers, Dashers, and merchants, while the 2022 event stemmed from the same campaign that targeted communications provider Twilio. These recurring issues highlight how attractive large consumer platforms remain to cybercriminals. 

For users, the most important step after any data exposure is to immediately update account passwords and ensure they are strong, unique, and not reused across services. A password manager can simplify this process and reduce risk over time. Enabling multi-factor authentication on DoorDash and other critical accounts adds an extra security barrier that often stops attackers even if credentials are stolen. Because personal details were accessed, users should stay alert for phishing messages that may imitate DoorDash or reference suspicious orders. These tactics are common after breaches and can easily lure people into clicking harmful links or providing additional sensitive information. 

Customers may also benefit from using reputable identity theft protection services that monitor financial activity and personal data for signs of misuse. While no single step can eliminate the consequences of a breach, proactive monitoring and cautious digital habits can significantly reduce the likelihood of further harm.
Read more »
Phishing and Spam
Customer Data Customer Data Exposed Dark Web Data Breach Data exposed data security Hackers identity theft risk Phishing and Spam

Toys “R” Us Canada Data Breach Exposes Customer Information, Raising Phishing and Identity Theft Concerns

 

Toys “R” Us Canada has confirmed a data breach that exposed sensitive customer information, including names, postal addresses, email addresses, and phone numbers. Although the company assured that no passwords or payment details were compromised, cybersecurity experts warn that the exposed data could still be exploited for phishing and identity theft schemes. 

The company discovered the breach after hackers leaked stolen information on the dark web, prompting an immediate investigation. Toys “R” Us engaged a third-party cybersecurity firm to conduct forensic analysis and confirm the scope of the incident. Early findings revealed that a “subset of customer records” had been stolen. The retailer began notifying affected customers through official communications, with letters quickly circulating on social media after being shared by recipients.  

According to the company’s statement, the breach did not involve financial information or account credentials, but the exposure of valid contact details still presents significant risk. Cybercriminals often use such data to create convincing phishing emails or impersonate legitimate companies to deceive victims into revealing sensitive information. 

Toys “R” Us stated that its IT systems were already protected by strong security protocols but have since been reinforced with additional defensive measures. The company has not disclosed how the attackers infiltrated its network or how many individuals were impacted. It also confirmed that, to date, there is no evidence suggesting the stolen data has been misused. 

In the aftermath of the incident, Toys “R” Us reported the breach to relevant authorities and advised customers to remain vigilant against phishing attempts. The company urged users not to share personal information with unverified senders, avoid clicking on suspicious links or attachments, and closely monitor any unusual communications that appear to come from the retailer.  

While no hacking group has claimed responsibility for the breach, cybersecurity analysts emphasize that exposed names, emails, and phone numbers can easily be weaponized in future scams. The incident underscores how even non-financial data can lead to significant cybersecurity risks when mishandled or leaked. 

Despite the company’s reassurances and strengthened defenses, the breach highlights the ongoing threat businesses face from cyberattacks that target customer trust and data privacy.
Read more »
data security flaws
Cloud Security Critical security flaw Customer Data Cyber Security Data protection data security data security flaws

Tata Motors Fixes Security Flaws That Exposed Sensitive Customer and Dealer Data

 

Indian automotive giant Tata Motors has addressed a series of major security vulnerabilities that exposed confidential internal data, including customer details, dealer information, and company reports. The flaws were discovered in the company’s E-Dukaan portal, an online platform used for purchasing spare parts for Tata commercial vehicles. 

According to security researcher Eaton Zveare, the exposed data included private customer information, confidential documents, and access credentials to Tata Motors’ cloud systems hosted on Amazon Web Services (AWS). Headquartered in Mumbai, Tata Motors is a key global player in the automobile industry, manufacturing passenger, commercial, and defense vehicles across 125 countries. 

Zveare revealed to TechCrunch that the E-Dukaan website’s source code contained AWS private keys that granted access to internal databases and cloud storage. These vulnerabilities exposed hundreds of thousands of invoices with sensitive customer data, including names, mailing addresses, and Permanent Account Numbers (PANs). Zveare said he avoided downloading large amounts of data “to prevent triggering alarms or causing additional costs for Tata Motors.” 

The researcher also uncovered MySQL database backups, Apache Parquet files containing private communications, and administrative credentials that allowed access to over 70 terabytes of data from Tata Motors’ FleetEdge fleet-tracking software. Further investigation revealed backdoor admin access to a Tableau analytics account that stored data on more than 8,000 users, including internal financial and performance reports, dealer scorecards, and dashboard metrics. 

Zveare added that the exposed credentials provided full administrative control, allowing anyone with access to modify or download the company’s internal data. Additionally, the vulnerabilities included API keys connected to Tata Motors’ fleet management system, Azuga, which operates the company’s test drive website. Zveare responsibly reported the flaws to Tata Motors through India’s national cybersecurity agency, CERT-In, in August 2023. 

The company acknowledged the findings in October 2023 and stated that it was addressing the AWS-related security loopholes. However, Tata Motors did not specify when all issues were fully resolved. In response to TechCrunch’s inquiry, Tata Motors confirmed that all reported vulnerabilities were fixed in 2023. 

However, the company declined to say whether it notified customers whose personal data was exposed. “We can confirm that the reported flaws and vulnerabilities were thoroughly reviewed following their identification in 2023 and were promptly and fully addressed,” said Tata Motors communications head, Sudeep Bhalla. “Our infrastructure is regularly audited by leading cybersecurity firms, and we maintain comprehensive access logs to monitor unauthorized activity. We also actively collaborate with industry experts and security researchers to strengthen our security posture.” 

The incident reveals the persistent risks of misconfigured cloud systems and exposed credentials in large enterprises. While Tata Motors acted swiftly after the report, cybersecurity experts emphasize that regular audits, strict access controls, and robust encryption are essential to prevent future breaches. 

As more automotive companies integrate digital platforms and connected systems into their operations, securing sensitive customer and dealer data remains a top priority.
Read more »
Identity Theft
Airline Customer Data Cyber Attacks cyberattacks on airline Data Breaches Data Leak data security Hackers Identity Theft

Qantas Data Leak Highlights Rising Airline Cyberattacks and Identity Theft Risks

 

Airlines continue to attract the attention of cybercriminals due to the vast amounts of personal data they collect, with passports and government IDs among the most valuable targets. According to privacy firm Incogni, the exposure of such documents poses a “severe, long-term identity theft risk” since they are difficult to replace and can be exploited for years in fraud schemes involving fake identities, counterfeit documents, and impersonation scams. 

The recent Qantas Airways data breach, claimed by the Scattered LAPSUS$ Hunters group, underscores the sector’s growing vulnerability. The stolen data included names, email addresses, Frequent Flyer details, and limited personal information such as phone numbers and birth dates. Fortunately, Qantas confirmed that no passport details, financial information, or credit card data were compromised. 

However, experts warn that even limited leaks can have serious consequences. “Attackers often combine personal identifiers like names and loyalty program details from multiple breaches to build complete identity profiles,” said Darius Belejevas, Head of Incogni. Such composite records can enable large-scale fraud even without financial data exposure. 

The Qantas incident also highlights the danger of third-party compromises. The breach reportedly stemmed from Salesforce social engineering and vendor vulnerabilities, illustrating how a single compromised supplier can have ripple effects across industries. Belejevas emphasized that “one compromised partner can expose millions of records in a single incident.” 

Data breaches in the airline industry are escalating rapidly. According to Cyble’s threat intelligence database, more than 20 airline-related breaches have been reported on the dark web in 2025 — a 50% increase from 2024. Much of this surge is attributed to coordinated attacks by Scattered Spider and the broader Scattered LAPSUS$ Hunters alliance, although other groups have also begun targeting the aviation sector. 

In a separate incident, the CL0P ransomware group claimed to have breached Envoy Air, a regional carrier of American Airlines. Envoy confirmed the intrusion but stated that no customer data was affected, only limited business information. In contrast, WestJet, which suffered a breach in June 2025, had passports and government-issued IDs exposed, prompting it to offer two years of free identity monitoring to affected customers. Incogni, however, warned that identity theft risks from such documents can persist well beyond two years. 

Experts urge travelers to take preventive security measures. Incogni recommends enrolling in identity theft monitoring, reporting phishing attempts to national anti-fraud agencies, using strong passwords with multi-factor authentication, and removing personal data from data broker sites. 

“Individuals and organizations must do more to safeguard sensitive data,” said Ron Zayas, CEO of Incogni. “In today’s world, data isn’t just being stolen by hackers — it’s also being misused by legitimate entities to manipulate outcomes.”
Read more »
Scattered Spider
Customer Data Data Breach Extortion Group NCA Ransomware Salesforce Scattered Spider

Salesforce Refuses to Pay Extortion Demand After Alleged Theft of Nearly One Billion Records




Salesforce has confirmed it will not pay a ransom to an extortion group that claims to have stolen close to one billion records belonging to several of its customers. The company stated that it will not enter negotiations or make payments to any threat actor, reaffirming its policy of non-engagement with cybercriminals.


Extortion Group Claims to Have Breached Dozens of Salesforce Customers

The group behind the alleged theft calls itself “Scattered LAPSUS$ Hunters”, a name that appears to blend identities from three notorious cyber-extortion collectives: Scattered Spider, LAPSUS$, and ShinyHunters. Cybersecurity firm Mandiant, owned by Google, has been tracking this activity under the identifier UNC6040, though analysts say the group’s exact origins and membership remain unconfirmed.

According to Mandiant’s June report, the campaign began in May, when attackers used voice-based social engineering, or “vishing,” to trick employees at several organizations using Salesforce’s platform. Pretending to represent technical support teams, the callers persuaded employees to connect an attacker-controlled application to their company’s Salesforce environment. Once integrated, the app provided unauthorized access to stored customer data.

Security researchers described the tactic as simple but highly effective, since it relies on human trust rather than exploiting software vulnerabilities. Several organizations unknowingly granted the attackers access, enabling them to exfiltrate vast amounts of data.

Earlier this month, the extortionists created a leak site listing approximately 40 affected Salesforce customers, including large global firms. The site claimed that 989.45 million records had been compromised and demanded that Salesforce begin ransom negotiations “or all your customers’ data will be leaked.” The attackers added that if Salesforce agreed to pay, other victim companies would not be required to do so individually.

Salesforce, however, made its position clear. In a statement to media outlets, a company spokesperson said, “Salesforce will not engage, negotiate with, or pay any extortion demand.” The company also informed customers via email that it had received credible intelligence about plans by ShinyHunters to release the stolen data publicly, but it would still not yield to any ransom demand.


Broader Concerns Over Ransomware Economics

The incident adds to a growing global debate over ransom payments. Analysts say extortion and ransomware attacks persist largely because organizations continue to pay. According to Deepstrike Security, global ransom payments in 2024 reached $813 million, a decline from $1.1 billion in 2023 but still a major incentive for criminal groups.

Experts such as independent security researcher Kevin Beaumont have repeatedly criticized the practice of paying ransoms, arguing that it directly funds organized crime and perpetuates the cycle of attacks. Beaumont noted that while law enforcement agencies like the UK’s National Crime Agency (NCA) publicly discourage payments, some companies still proceed with negotiations, sometimes even with NCA representatives present.


Risks and Lessons for Organizations

Data stolen from cloud-based platforms like Salesforce may include customer identifiers, contact details, transaction histories, and other business records. Even without financial information, such data can be weaponized in phishing, identity theft, or fraud campaigns.

Security professionals advise all organizations using cloud platforms to implement multi-factor authentication, enforce least-privilege access controls, and review all third-party applications connected to their systems. Employees should be trained to verify unexpected support calls or administrative requests through official channels before granting access.

The Salesforce case underscores the growing sophistication of social engineering attacks targeting major enterprise platforms. As digital ecosystems expand, cybercriminals are increasingly exploiting human error rather than software flaws. Salesforce’s refusal to pay marks a firm stance in an era when ransom-driven extortion continues to dominate the threat landscape, sending a strong message to both the cybersecurity community and the attackers themselves.



Read more »
personal data leak
Customer Data Cyber Attacks Data Breaches Data Leak Data protection data security Personal Data personal data leak

WestJet Confirms Cyberattack Exposed Passenger Data but No Financial Details

 

WestJet has confirmed that a cyberattack in June compromised certain passenger information, though the airline maintains that the breach did not involve sensitive financial or password data. The incident, which took place on June 13, was attributed to a “sophisticated, criminal third party,” according to a notice issued by the airline to U.S. residents earlier this week. 

WestJet stated that its internal precautionary measures successfully prevented the attackers from gaining access to credit and debit card details, including card numbers, expiry dates, and CVV codes. The airline further confirmed that no user passwords were stolen. However, the company acknowledged that some passengers’ personal information had been exposed. The compromised data included names, contact details, information and documents related to reservations and travel, and details regarding the passengers’ relationship with WestJet. 

“Containment is complete, and additional system and data security measures have been implemented,” WestJet said in an official release. The airline emphasized that analysis of the incident is still ongoing and that it continues to strengthen its cybersecurity framework to safeguard customer data. 

As part of its response plan, WestJet is contacting affected customers to offer support and guidance. The airline has partnered with Cyberscout, a company specializing in identity theft protection and fraud assistance, to help impacted individuals with remediation services. WestJet has also published advisory information on its website to assist passengers who may be concerned about their data.  

In its statement, the airline reassured customers that swift containment measures limited the breach’s impact. “Our cybersecurity teams acted immediately to contain the situation and secure our systems. We take our responsibility to protect customer information very seriously,” the company said. 

WestJet confirmed that it is working closely with law enforcement agencies, including the U.S. Federal Bureau of Investigation (FBI) and the Canadian Centre for Cyber Security. The airline also notified U.S. credit reporting agencies—TransUnion, Experian, and Equifax—along with the attorneys general of several U.S. states, Transport Canada, the Office of the Privacy Commissioner of Canada, and relevant provincial and international data protection authorities. 

While WestJet maintains that the exposed information does not appear to include sensitive financial or authentication details, cybersecurity experts note that personal identifiers such as names and contact data can still pose privacy and fraud risks if misused. The airline’s transparency and engagement with regulatory agencies reflect an effort to mitigate potential harm and restore public trust. 

The company reiterated that it remains committed to improving its security posture through enhanced monitoring, employee training, and the implementation of additional cybersecurity controls. The investigation into the breach continues, and WestJet has promised to provide further updates as new information becomes available. 

The incident highlights the ongoing threat of cyberattacks against the aviation industry, where companies hold large volumes of personal and travel-related data. Despite the rise in security investments, even well-established airlines remain attractive targets for sophisticated cybercriminals. WestJet’s quick response and cooperation with authorities underscore the importance of rapid containment and transparency in handling such data breaches.
Read more »
Smartphones
Customer Data Devices factory reset Privacy Smartphones

Where Does Your Personal Data Go When You Ditch a Device?

 




When people upgrade their phones, laptops, or tablets, the old devices often end up in trade-in programs or at electronic waste collection points. But what happens to the personal information stored on those devices after they leave your hands? The answer is more complicated than many assume.


Resale programs and secure erasure

Companies that refurbish and resell electronics usually follow structured procedures to protect customer data. Devices that are still functional and have resale value are wiped using certified erasure software, designed to make data permanently inaccessible. This process typically produces a digital certificate confirming that the wipe was completed. Devices that cannot be repaired or reused are diverted to recycling instead.


Recycling centres and hidden risks

Collection centres that process large volumes of e-waste follow a different model. Devices are first sorted and stripped of hazardous parts such as batteries, before being fed into shredders that break down the materials for recovery. While this may sound final, experts point out that the chain of custody for individual devices is not always secure. In the past, some recyclers offered on-site data destruction services, but these programs were scaled back due to high operating costs.

Although the risk of someone recovering data from shredded parts is very low, it is not entirely impossible. The cost of reconstructing files often outweighs the potential value of the data, but individuals who store sensitive information may still face exposure if devices are not properly erased before recycling.


Factory reset: not a full solution

Many users believe that deleting files or performing a factory reset provides sufficient protection. However, a reset often only clears visible settings and does not necessarily erase underlying data. Depending on the device, fragments of information such as banking details, personal messages, or login credentials can still be retrieved by someone with technical expertise.


Steps you can take before disposal

Security experts recommend that users take precautions themselves rather than relying solely on resellers or recyclers. Before handing over a device:

1. Back up essential files and remove linked accounts.

2. Take out SIM cards and memory cards.

3. Encrypt the device to make any remaining data unreadable.

4. Use secure-erase software or request an erasure certificate if trading in.

5. For highly sensitive information, consider physically destroying the storage drive instead of recycling.


Not every device poses the same risk. For routine personal use, secure erasure and responsible recycling are usually sufficient. For devices holding highly confidential or financial data, stronger measures are advisable. But experts also warn against avoiding recycling altogether. Keeping outdated electronics at home or in storage carries its own risks, as devices can still be stolen or accessed.

Ultimately, safeguarding personal information before disposal is the responsibility of the user. Taking a few extra steps now can protect your privacy while ensuring devices are recycled responsibly.



Read more »
Phishing Scams
Credit Union Customer Data Customer Data Exposed Cyber Attacks cybercriminals Data Leak data security Hacker attack Personal Data Phishing Scams

Blackpool Credit Union Cyberattack Exposes Customer Data in Cork

 

A Cork-based credit union has issued a warning to its customers after a recent cyberattack exposed sensitive personal information. Blackpool Credit Union confirmed that the breach occurred late last month and subsequently notified members through a formal letter. Investigators determined that hackers may have gained access to personal records, including names, contact information, residential addresses, dates of birth, and account details. While there is no evidence that any funds were stolen or PIN numbers compromised, concerns remain that the stolen data could be misused. 

The investigation raised the possibility that cybercriminals may publish the stolen records on underground marketplaces such as the dark web. This type of exposure increases the risk of identity theft or secondary scams, particularly phishing attacks in which fraudsters impersonate trusted organizations to steal additional details from unsuspecting victims. Customers were urged to remain vigilant and to treat any unsolicited communication requesting personal or financial information with caution. 

The Central Bank of Ireland has been briefed on the situation and is monitoring developments. It has advised any members with concerns to reach out directly to Blackpool Credit Union through its official phone line. Meanwhile, a spokesperson for the credit union assured the public that services remain operational and that members can continue to access assistance in person, by phone, or through email. The organization emphasized that safeguarding customer data remains a priority and expressed regret over the incident. Impacted individuals will be contacted directly for follow-up support. 

The Irish League of Credit Unions reinforced the importance of caution, noting that legitimate credit unions will never ask members to verify accounts through text messages or unsolicited communications. Fraudsters often exploit publicly available details to appear convincing, setting up sophisticated websites and emails to lure individuals into disclosing confidential information. Customers were reminded to independently verify the authenticity of any suspicious outreach and to rely on official registers when dealing with financial services.  

Experts warn that people who have already fallen victim to scams are more likely to be targeted again. Attackers often pressure individuals into making hasty decisions, using the sense of urgency to trick them into disclosing sensitive information or transferring money. Customers were encouraged to take their time before responding to unexpected requests and to trust their instincts if something feels unusual or out of place.

The Central Bank reiterated its awareness of the breach and confirmed that it is in direct communication with Blackpool Credit Union regarding the response measures. Members seeking clarification were again directed to the credit union’s official helpline for assistance.
Read more »
Ransomwares
Colt ransomware attack Colt WarLock hackers Customer Data Cyber Attacks Dark Web data stealing Ransom Demand ransomware attacks Ransomware group Ransomwares

Colt Technology Services Confirms Customer Data Theft After Warlock Ransomware Attack



UK-based telecommunications provider Colt Technology Services has confirmed that sensitive customer-related documentation was stolen in a recent ransomware incident. The company initially disclosed on August 12 that it had suffered a cyberattack, but this marks the first confirmation that data exfiltration took place. In its updated advisory, Colt revealed that a criminal group accessed specific files from its systems that may contain customer information and subsequently posted the filenames on dark web forums. 

To assist affected clients, Colt has set up a dedicated call center where customers can request the list of exposed filenames. “We understand that this is concerning for you,” the company stated in its advisory. Notably, Colt also implemented a no-index HTML meta tag on the advisory webpage, ensuring the content would not appear in search engine results. 

The development follows claims from the Warlock ransomware gang, also known as Storm-2603, that they are auctioning one million stolen Colt documents for $200,000 on the Ramp cybercrime marketplace. The group alleges the files contain financial data, customer records, and details of network architecture. 
Cybersecurity experts verified that the Tox ID used in the forum listing matches identifiers seen in the gang’s earlier ransom notes, strengthening the link to Colt’s breach. The Warlock Group, attributed to Chinese threat actors, emerged in March 2025 and initially leveraged leaked LockBit Windows and Babuk VMware ESXi encryptors to launch attacks. Early operations used LockBit-style ransom notes modified with unique Tox IDs to manage negotiations. 

By June, the group rebranded under the name “Warlock Group,” establishing its own negotiation platforms and leak sites to facilitate extortion. Recent intelligence reports, including one from Microsoft, have indicated that the group has been exploiting vulnerabilities in Microsoft SharePoint to gain unauthorized access to corporate networks. Once inside, they deploy ransomware to encrypt data and steal sensitive files for leverage. 

The group’s ransom demands vary significantly, ranging from $450,000 to several million dollars, depending on the target organization and data involved. Colt’s disclosure highlights ongoing challenges faced by enterprises in safeguarding critical infrastructure against sophisticated ransomware actors. Telecommunications companies, which manage vast volumes of sensitive customer and network data, remain particularly attractive targets. 

As threat actors refine their tactics and increasingly combine encryption with data theft, the risks to both organizations and their clients continue to escalate. While Colt has not confirmed whether it plans to engage with the ransomware operators, the company emphasized its focus on mitigating the impact for customers. 

For now, the stolen documents remain for sale on the dark web, and the situation underscores the broader need for enterprises to strengthen resilience against the evolving ransomware landscape.
Read more »
Meta AI
AI Chatbots AI technology Character AI chatbot security Customer Data Data Breach data security health data Meta AI

Texas Attorney General Probes Meta AI Studio and Character.AI Over Child Data and Health Claims

 

Texas Attorney General Ken Paxton has opened an investigation into Meta AI Studio and Character.AI over concerns that their AI chatbots may present themselves as health or therapeutic tools while potentially misusing data collected from underage users. Paxton argued that some chatbots on these platforms misrepresent their expertise by suggesting they are licensed professionals, which could leave minors vulnerable to misleading or harmful information. 

The issue extends beyond false claims of qualifications. AI models often learn from user prompts, raising concerns that children’s data may be stored and used for training purposes without adequate safeguards. Texas law places particular restrictions on the collection and use of minors’ data under the SCOPE Act, which requires companies to limit how information from children is processed and to provide parents with greater control over privacy settings. 

As part of the inquiry, Paxton issued Civil Investigative Demands (CIDs) to Meta and Character.AI to determine whether either company is in violation of consumer protection laws in the state. While neither company explicitly promotes its AI tools as substitutes for licensed mental health services, there are multiple examples of “Therapist” or “Psychologist” chatbots available on Character.AI. Reports have also shown that some of these bots claim to hold professional licenses, despite being fictional. 

In response to the investigation, Character.AI emphasized that its products are intended solely for entertainment and are not designed to provide medical or therapeutic advice. The company said it places disclaimers throughout its platform to remind users that AI characters are fictional and should not be treated as real individuals. Similarly, Meta stated that its AI assistants are clearly labeled and include disclaimers highlighting that responses are generated by machines, not people. 

The company also said its AI tools are designed to encourage users to seek qualified medical or safety professionals when appropriate. Despite these disclaimers, critics argue that such warnings are easy to overlook and may not effectively prevent misuse. Questions also remain about how the companies collect, store, and use user data. 

According to their privacy policies, Meta gathers prompts and feedback to enhance AI performance, while Character.AI collects identifiers and demographic details that may be applied to advertising and other purposes. Whether these practices comply with Texas’ SCOPE Act will likely depend on how easily children can create accounts and how much parental oversight is built into the platforms. 

The investigation highlights broader concerns about the role of AI in sensitive areas such as mental health and child privacy. The outcome could shape how companies must handle data from younger users while limiting the risks of AI systems making misleading claims that could harm vulnerable individuals.
Read more »
Privacy Lawsuit
Alexa Amazon Customer Data Data collection Data Privacy Data Privacy Laws Data Safety User Data Personal Data Privacy privacy laws Privacy Lawsuit

Federal Judge Allows Amazon Alexa Users’ Privacy Lawsuit to Proceed Nationwide

 

A federal judge in Seattle has ruled that Amazon must face a nationwide lawsuit involving tens of millions of Alexa users. The case alleges that the company improperly recorded and stored private conversations without user consent. U.S. District Judge Robert Lasnik determined that Alexa owners met the legal requirements to pursue collective legal action for damages and an injunction to halt the alleged practices. 

The lawsuit claims Amazon violated Washington state law by failing to disclose that it retained and potentially used voice recordings for commercial purposes. Plaintiffs argue that Alexa was intentionally designed to secretly capture billions of private conversations, not just the voice commands directed at the device. According to their claim, these recordings may have been stored and repurposed without permission, raising serious privacy concerns. Amazon strongly disputes the allegations. 

The company insists that Alexa includes multiple safeguards to prevent accidental activation and denies evidence exists showing it recorded conversations belonging to any of the plaintiffs. Despite Amazon’s defense, Judge Lasnik stated that millions of users may have been impacted in a similar manner, allowing the case to move forward. Plaintiffs are also seeking an order requiring Amazon to delete any recordings and related data it may still hold. The broader issue at stake in this case centers on privacy rights within the home.

If proven, the claims suggest that sensitive conversations could have been intercepted and stored without explicit approval from users. Privacy experts caution that voice data, if mishandled or exposed, can lead to identity risks, unauthorized information sharing, and long-term security threats. Critics further argue that the lawsuit highlights the growing power imbalance between consumers and large technology companies. Amazon has previously faced scrutiny over its corporate practices, including its environmental footprint. 

A 2023 report revealed that the company’s expanding data centers in Virginia would consume more energy than the entire city of Seattle, fueling additional criticism about the company’s long-term sustainability and accountability. The case against Amazon underscores the increasing tension between technological convenience and personal privacy. 

As voice-activated assistants become commonplace in homes, courts will likely play a decisive role in determining the boundaries of data collection and consumer protection. The outcome of this lawsuit could set a precedent for how tech companies handle user data and whether customers can trust that private conversations remain private.
Read more »
Personal Data Breach
Bank Data Leak Credit Union Customer Data Cyberattacks Data Breach Data Leak Data protection data security financial attack Personal Data Breach

Connex Credit Union Confirms Data Breach Impacting 172,000 Customers

 

Connex Credit Union, headquartered in North Haven, Connecticut, recently revealed that a data breach may have affected around 172,000 of its members. The compromised data includes names, account numbers, debit card information, Social Security numbers, and government identification used for account openings. The credit union emphasized that there is no indication that customer accounts or funds were accessed during the incident. 

The breach was identified after Connex noticed unusual activity in its digital systems on June 3, prompting an internal investigation. The review indicated that certain files could have been accessed or copied without permission on June 2 and 3. By late July, the credit union had determined which members were potentially affected. To inform customers and prevent fraud, Connex posted a notice on its website warning that scammers might attempt to impersonate the credit union through calls or messages. 

The advisory stressed that Connex would never request PINs, account numbers, or passwords over the phone. To support affected individuals, the credit union set up a toll-free call center and is offering a year of free credit monitoring and identity theft protection through TransUnion’s CyberScout service. Connex also reported the breach to federal authorities, including the National Credit Union Administration, and committed to cooperating fully with law enforcement to hold the attackers accountable. 

This breach is part of a broader trend of cyberattacks on financial institutions. Earlier in 2025, Western Alliance Bank in Phoenix reported a cyber incident that potentially exposed 22,000 customers’ information due to vulnerabilities in third-party file transfer software, which remained undetected for over three months. Regulatory agencies have also been targeted; in April, attackers accessed emails from the Office of the Comptroller of the Currency containing sensitive financial information, prompting banks such as JPMorgan Chase and Bank of America to temporarily halt electronic data sharing. Other credit unions have faced similar incidents. 

In 2024, TDECU in Lake Jackson, Texas, learned it had been affected by a MoveIt cybersecurity breach over a year after it occurred. One of the largest bank breaches in recent memory took place in July 2019, when Capital One was hacked by a former Amazon Web Services employee, compromising data of 106 million individuals. The company faced an $80 million penalty to the OCC and a $190 million class-action settlement, while the hacker was convicted in 2022 for wire fraud and unauthorized access. 

As cyberattacks become more sophisticated, this incident underscores the importance of vigilance, strong cybersecurity practices, and proactive protection measures for customers and financial institutions alike.
Read more »
Network Security
Airlines aviation Cloud Customer Data customer privacy Data Breach Network Security

Airline suffers data breach, customer information stolen


Air France and KLM announced that threat actors had compromised a customer service platform and stolen customer data. Along with Transavia, KLM and Air France are units of Air France-KLM Group, a Dutch-French multinational airline holding organization. Established in 2004, it is a big name in international air transport. 

"KLM has reported to the Dutch Data Protection Authority; Air France has done this in France at the CNIL. Customers whose data may have been accessed are currently being informed and advised to be extra alert to suspicious emails or phone calls," the group said.

With 78,000 employees and a fleet of 564 aircraft, Air France-KLM offers services for 300 destinations in 90 countries worldwide. The group transported 98 million passengers globally in 2024. The airlines said that they have closed the threat actors’ access to the hacked systems once the breach was discovered. They also claim that the attack didn’t impact their networks.

"Air France and KLM have detected unusual activity on an external platform we use for customer service. This activity resulted in unauthorized access to customer data. Our IT security teams, along with the relevant external party, took immediate action to stop the unauthorized access. Measures have also been implemented to prevent recurrence. Internal Air France and KLM systems were not affected," the group said.

The attackers stole data, including names, email addresses, contact numbers, transaction records, and details of rewards programs. But the group has said that the passengers’ personal and financial data was not compromised. The airlines have informed the concerned authorities in the respective countries of the attack. They have also notified the impacted individuals about the breach.

"KLM has reported the incident to the Dutch Data Protection Authority; Air France has done so in France with the CNIL.” "Customers whose data may have been accessed are currently being informed and advised to be extra vigilant for suspicious emails or phone calls," they said. 

Read more »
Security Breach
Customer Data CyberCrime Cyberhackers Cybersecurity Data Breach Jewellery Pandora Security Breach

Pandora Admits Customer Data Compromised in Security Breach


 

A major player in the global fashion jewellery market for many years, Pandora has long been positioned as a dominant force in this field as the world's largest jewellery brand. However, the luxury retailer is now one of a growing number of companies that have been targeted by cybercriminals. 

Pandora confirmed on August 5, 2025, that a cyberattack had been launched on the platform used to store customer data by a third party. A Forbes report indicates that the breach was caused by unauthorised access to basic personal information, including customer name and email address. As a result, no passwords, credit card numbers, or any other sensitive financial information were compromised, the company stressed. 

In response to the incident, Pandora has taken steps to contain it, improved its security measures, and stated that at the present time, no evidence has been found that suggests that the stolen information has been leaked or misused. There is no doubt that supply chain dependencies can be a vulnerability for attackers due to the recent breach at Danish jewellery giant Pandora, as evidenced by this breach. 

The incident, rather than being the result of a direct intrusion into Pandora's core infrastructure, has been traced back to a third-party vendor platform — a reminder of the vulnerability of external services, including customer relationship management tools and marketing automation systems, which can be used by hackers as gateways. 

Using this tactic, cybercriminals were able to gain unauthorised access to customer data. Cybercriminals often employ this tactic to facilitate secondary crimes such as phishing, identity theft, and targeted scams. This incident is part of a broader industry challenge, with organisations increasingly outsourcing critical functions while ignoring the security risks associated with these outsourcing agreements. 

However, Pandora has not revealed who the third-party platform is; however, it has confirmed that some of Pandora's customer information was accessed through it, so the company's core internal systems remained unaffected by the intrusion. According to the jewellery retailer, the intrusion has been swiftly contained, and additional security measures have been put in place in order to ensure that future attacks do not occur again. 

According to the investigation, only the most common types of data - the names, dates, and email addresses of customers - were copied, and there was no compromise of passwords, identity documents or financial information. Several researchers have noted that cybercriminals have been orchestrating social engineering campaigns on behalf of companies and help desks for as long as January 2025, often to obtain Salesforce credentials or trick the staff into authorising malicious OAuth applications. 

It is not the only issue that is concerning the retail sector, as Chanel, a French fashion and cosmetics giant, also confirmed earlier this month a cyberattack perpetrated by the ShinyHunter extortion group, reportedly targeting Salesforce applications on August 1 through a social media-based intrusion, causing a significant amount of disruption in the industry. 

In the last year, the UK retail sector has been experiencing challenges as a result of cyberattacks that have affected major brands such as M&S, Harrods, and The Co-op. This latest incident comes at a time when the retail sector has been facing an increasing number of cyberattacks. A breach earlier this year resulting in the theft of customer data led M&S to declare a loss of around £300 million for its annual profit. 

It has been noted that in recent years, retailers have become prime targets for sophisticated hackers due to the vast amounts of consumer information they collect for marketing purposes and the outdated security infrastructure they use. Many retailers have underinvested in cybersecurity resilience in their pursuit of speed, scale, and convenience, which is something well-organised threat actors, such as Scattered Spider, are exploiting by taking advantage of this gap. 

Cybersecurity expert Christoph Cemper advised Pandora customers to remain vigilant against potential phishing emails, warning that such attacks can lead to the theft of sensitive information or financial losses if recipients click malicious links or download harmful attachments. Pandora reaffirmed its commitment to data protection, stating, Cemper, however, emphasised that retailers must adopt more proactive measures to safeguard customer information. 

Despite this incident, Pandora stressed the importance of not compromising passwords, payment information, or other sensitive details of customers. Specifically, the incident only involved “very common types of customer data”, including names and e-mail addresses, with no compromises to passwords, payment information, or other sensitive information. 

As a result of its investigation, the company stated that no evidence of misuse of the stolen data was found, but it advised customers to remain vigilant, especially in situations where they receive unsolicited emails or ask for personal information online. In its warning to customers, Pandora advised them not to click on unfamiliar links or download attachments from unverified sources. 

Pandora did not specify who was responsible for the intrusion, how the hack was executed, or how many people had been affected. Nonetheless, security researchers have been able to link the incident to the ShinyHunters group, which is said to have targeted corporate Salesforce databases with various social engineering and phishing techniques since January 2025. 

Several of the members of this group claim that they will "perform a mass sale or leak" of data from companies unwilling to comply with ransom demands. As far as Salesforce is concerned, the company has not been compromised. Its statement attributed these breaches instead to sophisticated phishing attacks and social engineering attacks that have become increasingly sophisticated over the years, reiterating that customers are responsible for safeguarding their data on their own. 

Today's interconnected retail environment serves as a reminder that cyber risks are no longer confined to a company's own network perimeter but are now a part of a company's wider digital footprint. It has become increasingly apparent that the lines between internal and external security responsibilities are blurring in light of the increasing use of vulnerability in third-party platforms, social engineering tactics, and overlooked digital entry points. 

The stakes for global brands are not limited to immediate disruption to operations. In addition to consumer trust, brand reputation, and regulatory scrutiny, cybersecurity experts agree that a holistic approach is now needed in order to mitigate cyberattacks. In addition to rigorous vendor risk assessments, continuous employee training, advanced threat detection, and resilient incident response frameworks, these strategies are all important. 

In an industry like luxury retail that is vulnerable to cyberattacks, Pandora's experience demonstrates what is becoming an increasingly common industry imperative: proactive defences are becoming not just an option but an essential tool for safeguarding the online relationships of customers and protecting their digital assets.
Read more »
insurance
Akira Bitcoin Customer Data Cyber Attacks Germany insurance

German Mobile Insurance Giant Falls After Devastating Ransomware Attack

 



A cyberattack has brought down one of Germany’s largest phone insurance and repair networks, forcing the once-thriving Einhaus Group into insolvency. The company, which at its peak generated around €70 million in annual revenue and partnered with big names such as Deutsche Telekom, Cyberport, and 1&1, has been unable to recover from the financial and operational chaos that followed the attack.


The Day Everything Stopped

In March 2023, founder Wilhelm Einhaus arrived at the company’s offices to an unsettling sight. Every printer had churned out the same note: “We’ve hacked you. All further information can be found on the dark web.” Investigations revealed the work of the hacking group known as “Royal.” They had infiltrated the company’s network, encrypting all of its core systems, the very tools needed to process claims, manage customer data, and run daily operations.

Without these systems, business ground to a halt. The hackers demanded around $230,000 in Bitcoin to unlock the computers. Facing immediate and heavy losses, and with no way to operate manually at the same scale, Einhaus Group reportedly agreed to pay. The financial damage, however, was already severe, estimated in the multi-million-euro range. Police were brought in early, but the payment decision was made to avoid even greater harm.


Desperate Measures to Stay Afloat

Before the attack, the company employed roughly 170 people. Within months, more than 100 positions were cut, leaving only eight employees to handle all ongoing work. With so few staff, much of the processing had to be done by hand, slowing operations dramatically.

To raise funds, the company sold its headquarters and liquidated various investments. These moves bought time but did not restore the business to its former state.


Seized Ransom, But No Relief

In a twist, German authorities later apprehended three suspects believed to be linked to the “Royal” group. They also seized cryptocurrency valued in the high six-figure euro range, suspected to be connected to the ransom payments.

However, Einhaus Group has not received its money back. Prosecutors have refused to release the seized funds until investigations are complete — a process that could take years. Other ransomware victims in Germany are in the same position, with no guarantee they will ever recover the full amount.


Final Stages of the Collapse

Three separate companies tied to the Einhaus Group have now formally entered insolvency proceedings. While liquidation is a strong possibility, founder Wilhelm Einhaus, now 72, insists he has no plans to retire. If the business is dissolved, he says he will start again from scratch.

The Einhaus case is not unique. Just recently, the UK’s 158-year-old transport company Knights of Old collapsed after a ransomware attack by a group known as “Akira,” leaving 700 people jobless. Cyberattacks are increasingly proving fatal to established businesses not just through stolen data, but by dismantling the very infrastructure needed to survive.


Read more »
Subscribe to: Posts (Atom)