Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Data Breach. Show all posts
protecting sensitive data
Chinese Data Breach Data Leak data security Data Surveillance database Database Breach Personal Information protecting sensitive data

Massive Data Leak Exposes Billions of Records in Suspected Chinese Surveillance Database

 

Cybersecurity experts have uncovered a massive trove of sensitive information left exposed online, potentially placing millions of individuals at significant risk. The discovery, made by researchers from Cybernews in collaboration with SecurityDiscovery.com, revealed an unsecured database totaling 631 gigabytes—containing an estimated four billion individual records. 

The open instance, which lacked any form of password protection, was quickly taken offline once the exposure was reported, but experts remain unsure about how long it had remained publicly accessible. The data, according to the investigation, appears to primarily concern Chinese citizens and users, with entries collected from various platforms and sources. 

Cybernews researchers believe this is not a random collection, but rather a systematically curated database. They described it as a tool capable of constructing detailed behavioral, social, and financial profiles of nearly any individual included in the records. The structured and diverse nature of the data has led analysts to suspect that the repository may have been created as part of a broader surveillance or profiling initiative. 

Among the most alarming elements of the database is the presence of extensive personally identifiable information (PII). The exposed details include full names, birth dates, phone numbers, financial records, bank card data, savings balances, debt figures, and personal spending patterns. Such information opens the door to a wide range of malicious activities—ranging from identity theft and financial fraud to blackmail and sophisticated social engineering attacks. 

A large portion of the exposed records is believed to originate from WeChat, the popular Chinese messaging app, which accounts for over 805 million entries. Another 780 million records relate to residential data tied to specific geographic locations. Meanwhile, a third major portion of the database labeled “bank” contains around 630 million records of financial and sensitive personal data. 

If confirmed, the scale of this leak could surpass even the National Public Data breach, one of the most significant data security incidents in recent memory. Experts are particularly troubled by the implications of a centralized data cache of this magnitude—especially one that may have been used for state-level surveillance or unauthorized commercial data enrichment. 

While the server hosting the information has been taken offline, the potential damage from such an exposure may already be done. Investigators continue to analyze the breach to determine its full impact and whether any malicious actors accessed the data while it was left unsecured.
Read more »
Ransomwares
Cyberattack Data Breach Data Leak data security Employee Data Healthcare Interlock gang Interlock ransomware Kettering Health Ransomware attack Ransomware group Ransomwares

Kettering Health Ransomware Attack Linked to Interlock Group

 

Kettering Health, a prominent healthcare network based in Ohio, is still grappling with the aftermath of a disruptive ransomware attack that forced the organization to shut down its computer systems. The cyberattack, which occurred in mid-May 2025, affected operations across its hospitals, clinics, and medical centers. Now, two weeks later, the ransomware gang Interlock has officially taken responsibility for the breach, claiming to have exfiltrated more than 940 gigabytes of data.  

Interlock, an emerging cybercriminal group active since September 2024, has increasingly focused on targeting U.S.-based healthcare providers. When CNN first reported on the incident on May 20, Interlock had not yet confirmed its role, suggesting that ransom negotiations may have been in progress. With the group now openly taking credit and releasing some of the stolen data on its dark web site, it appears those negotiations either failed or stalled. 

Kettering Health has maintained a firm position that they are against paying ransoms. John Weimer, senior vice president of emergency operations, previously stated that no ransom had been paid. Despite this, the data breach appears extensive. Information shared by Interlock indicates that sensitive files were accessed, including private patient records and internal documents. Patient information such as names, identification numbers, medical histories, medications, and mental health notes were among the compromised data. 

The breach also impacted employee data, with files from shared network drives also exposed. One particularly concerning element involves files tied to Kettering Health’s in-house police department. Some documents reportedly include background checks, polygraph results, and personally identifiable details of law enforcement staff—raising serious privacy and safety concerns. In a recent public update, Kettering Health announced a key development in its recovery process. 

The organization confirmed it had restored core functionalities of its electronic health record (EHR) system, which is provided by healthcare technology firm Epic. Officials described this restoration as a significant step toward resuming normal operations, allowing teams to access patient records, coordinate care, and communicate effectively across departments once again. The full scope of the breach and the long-term consequences for affected individuals still remains uncertain. 

Meanwhile, Kettering Health has yet to comment on whether Interlock’s claims are fully accurate. The healthcare system is working closely with cybersecurity professionals and law enforcement agencies to assess the extent of the intrusion and prevent further damage.
Read more »
Salesforce
Data Data Breach Hackers Ransomware Salesforce

Cybercriminals Exploit Fake Salesforce Tool to Steal Company Data and Demand Payments

 



A group of hackers has been carrying out attacks against businesses by misusing a tool that looks like it belongs to Salesforce, according to information shared by Google’s threat researchers. These attacks have been going on for several months and have mainly focused on stealing private company information and later pressuring the victims for money.


How the Attack Happens

The hackers have been contacting employees by phone while pretending to work for their company’s technical support team. Through these phone calls, the attackers convince employees to share important login details.

After collecting this information, the hackers guide the employees to a specific page used to set up apps connected to Salesforce. Once there, the attackers use an illegal, altered version of a Salesforce data tool to quietly break into the company’s system and take sensitive data.

In many situations, the hackers don’t just stop at Salesforce. They continue to explore other parts of the company’s cloud accounts and sometimes reach deeper into the company’s private networks.


Salesforce’s Advice to Users

Earlier this year, Salesforce warned people about these kinds of scams. The company has made it clear that there is no known fault or security hole in the Salesforce platform itself. The problem is that the attackers are successfully tricking people by pretending to be trusted contacts.

Salesforce has recommended that users improve their account protection by turning on extra security steps like multi-factor authentication, carefully controlling who has permission to access sensitive areas, and limiting which locations can log into the system.


Unclear Why Salesforce is the Target

It is still unknown why the attackers are focusing on Salesforce tools or how they became skilled in using them. Google’s research team has not seen other hacker groups using this specific method so far.

Interestingly, the attackers do not all seem to have the same level of experience. Some are very skilled at using the fake Salesforce tool, while others seem less prepared. Experts believe that these skills likely come from past activities or learning from earlier attacks.


Hackers Delay Their Demands

In many cases, the hackers wait for several months after breaking into a company before asking for money. Some attackers claim they are working with outside groups, but researchers are still studying these possible connections.


A Rising Social Engineering Threat

This type of phone-based trick is becoming more common as hackers rely on social engineering — which means they focus on manipulating people rather than directly breaking into systems. Google’s researchers noted that while there are some similarities between these hackers and known criminal groups, this particular group appears to be separate.

Read more »
Ransomwares
Customer Data Cyberattack Data Breach Data Leak data security Personal Information personal information exposure Qilin Qilin Ransomware Ransomware attack Ransomware group Ransomwares

Lee Enterprises Ransomware Attack Exposes Data of 40,000 Individuals

 

Lee Enterprises, a major U.S. news publisher, is alerting nearly 40,000 individuals about a data breach following a ransomware attack that took place in early February 2025. The company, which owns and operates 77 daily newspapers and hundreds of weekly and special-interest publications across 26 states, reported that the cyberattack resulted in the theft of personal information belonging to thousands of people. 

Details of the breach were revealed in a recent disclosure to the Maine Attorney General’s office. According to the company, the attackers gained unauthorized access to internal documents on February 3, 2025. These files contained combinations of personal identifiers such as names, Social Security numbers, driver’s license details, bank account information, medical data, and health insurance policy numbers. The security incident caused widespread operational disruptions. 

Following the attack, Lee Enterprises was forced to shut down multiple parts of its IT infrastructure, impacting both the printing and delivery of its newspapers. Several internal tools and systems became inaccessible, including virtual private networks and cloud storage services, complicating daily workflows across its local newsrooms. In a filing with the U.S. Securities and Exchange Commission shortly after the breach, the company confirmed that critical systems had been encrypted and that a portion of its data had been copied by the attackers. 

The source of the attack is yet to be identified, a group known as Qilin has allegedly claimed responsibility near the end of February. The group alleged it had stolen over 120,000 internal files, totaling 350 gigabytes, and threatened to publish the material unless their demands were met. Soon after, Qilin posted a sample of the stolen data to a dark web leak site, which included scans of government-issued IDs, financial spreadsheets, contracts, and other confidential records. The group also listed Lee Enterprises as a victim on its public-facing extortion portal. 

When asked about the authenticity of the leaked data, a spokesperson for Lee Enterprises stated the company was aware of the claims and was actively investigating. This is not the first cybersecurity issue Lee Enterprises has faced. The company’s network was previously targeted by foreign actors during the lead-up to the 2020 U.S. presidential election, where hackers from Iran allegedly attempted to use compromised media outlets to spread disinformation. 

The ransomware attack highlights ongoing threats facing media companies, especially those handling high volumes of personal and financial data. As Lee Enterprises continues its recovery and legal steps, the incident serves as a reminder of the need for robust digital defenses in today’s information-driven landscape.
Read more »
Google Chrome security
Chromium Browser CVE CVE vulnerability Data Breach Data Leak Data Safety User Data data security Google Chrome Google Chrome security

Zero-Day Flaw in Chrome and Chromium Puts Windows and Linux Users at Data Risk

 

A newly revealed zero-day vulnerability identified as CVE-2025-4664 has triggered serious concerns for billions of Google Chrome and Chromium users. Security experts have warned that this flaw, which affects both Windows and Linux platforms, could be exploited to leak sensitive cross-origin data such as OAuth tokens and session identifiers—all without requiring any user action.  

The vulnerability has been discovered within the Loader component of Chrome and Chromium browsers. It is linked to how these browsers interpret the Link HTTP header for sub-resource requests such as images or scripts. While most mainstream browsers follow strict guidelines for handling such requests, Chrome’s unique behavior stands out. It continues to respect the referrer-policy directive even when loading sub-resources, which can unintentionally expose sensitive information. 

This default behavior can be manipulated by attackers. A malicious site could inject a loose policy like “unsafe-url,” which then forces the browser to reveal complete URLs—including potentially sensitive credentials or session data—to third-party servers. This results in a severe breach of user privacy and circumvents traditional browser security measures. Cybersecurity firm Wazuh has stated that their Vulnerability Detection module can identify and address this specific flaw. 

The module leverages information from their Cyber Threat Intelligence (CTI) service to monitor browser versions and trigger alerts when vulnerable builds are detected. In controlled testing using Wazuh OVA 4.12.0, researchers were able to scan systems running Windows 11 and Debian 11 to determine if they were running affected versions of Chrome or Chromium. According to Wazuh’s platform, users can search for the vulnerability by querying CVE-2025-4664. If vulnerable software is found, the module changes the system status from “Active” to “Solved” after the necessary fixes are applied, helping administrators track progress in real time. 

In response to the discovery, Google has issued an emergency patch for Chrome users on Windows and Gentoo Linux. It is strongly recommended that users on these operating systems update their browsers immediately to avoid exposure. However, users on Debian 11 who rely on Chromium remain at risk, as no updated version has been released for that platform. All Chromium builds up to version 120.0.6099.224 are still considered vulnerable. Until a patch is available, security professionals advise uninstalling Chromium on affected Debian systems as a precautionary measure. 

While these immediate actions are important, experts caution that relying solely on browser updates is not a comprehensive defense. The broader cybersecurity strategy must include the use of endpoint protection platforms, anti-malware systems, and modern antivirus tools. These security layers can help detect and neutralize threats that slip past browser-based defenses and provide a stronger safety net for users and enterprises alike. 

As browser-based zero-day threats continue to emerge, users must remain vigilant. Rapid patching combined with proactive cybersecurity tools offers the best chance of mitigating risks and maintaining a secure browsing environment.
Read more »
Luxury Sector
Catier Highlights CyberCrime cyberrisks Cybersecurity CyberThreat Data Breach Global Security IT Security Jewellery Luxury Sector

Data Breach at Cartier Highlights Growing Cyber Risks in Luxury Sector


 

In the latest incident involving a high-profile Parisian luxury jeweller, Cartier has been hacked, further heightening the concerns of those who are targeted by digital threats in the fashion and retail industries. In a statement released by the company, an unauthorised party admitted to gaining access to internal systems, resulting in the disclosure of customer information, including names, email addresses, and country of residence. 

A breach affecting approximately 12,000 individuals was first revealed through official notifications sent to those affected, but details surfacing on social media have since attracted a larger amount of attention. Even though Cartier has declined to disclose the exact scope of the incident - which included the number of impacted customers and the precise timing of the intrusion - the company emphasizes that no personal data, such as credit card numbers, bank account numbers, or login credentials, has been compromised as a result of the incident. 

There have been no direct financial harms associated with the leak of personally identifiable information (PII), however, cybersecurity analysts warn that there is still a significant risk of the leak occurring. As a result of the affluent clientele associated with luxury brands, there are many opportunities for phishing attacks, social engineering attacks, and identity theft schemes to exploit the exposed data. 

Currently, the luxury sector is facing numerous cybersecurity challenges, which are aggravated by the fact that sophisticated cybercriminals are increasingly targeting it. In a time in which digital transformation is accelerating within the high-end retail industry, the Cartier breach serves as a wake-up call to the industry to reevaluate its data protection measures and strengthen its commitment to customer safety and trust. 

Even though the breach at Cartier did not result in the compromise of financial or highly sensitive account information, cybersecurity experts have emphasised that even the exposure of seemingly basic personal information-such as names, email addresses, and countries of residence-can still have severe consequences. These types of information are incredibly valuable to attackers, and they can be used in high-volume phishing schemes, social engineering schemes, and more comprehensive identity theft campaigns. 

To address the incident, Cartier has notified the appropriate law enforcement authorities and has enlisted the assistance of an external cybersecurity firm to conduct a comprehensive investigation into the incident as well as strengthen its internal security measures. As of right now, the company has stayed tightly closed regarding key details, including the number of customers affected as well as a timeline for when the breach occurred. 

Since Cartier has such a high-value clientele and such a significant presence in the fashion industry, privacy advocates and industry observers have expressed concerns regarding this lack of transparency. Cartier's breach is no exception; it is part of an escalating pattern of cyberattacks against luxury and fashion brands. Dior, the French fashion house, reported to the press in May that hackers had gained access to customer information and information about purchases. 

Adidas also confirmed an incident of cybercrime involving one of its third-party service providers around the same period, which led to unauthorised access to customer contact information; however, as with Cartier, no payment information was compromised. Victoria's Secret has recently had to temporarily close down its website and some of its in-store services following a significant breach of security. All these incidents reflect a disturbing upward trend and have prompted affected companies to engage specialised cybersecurity teams to contain the damage and prevent future breaches. 

Retail industry cybersecurity experts continue to raise concerns as to the industry's vulnerability to cyber threats, pointing to the fact that it relies heavily on vast repositories of consumer data, which are seen as a major source of vulnerability. As a result, according to James Hadley, the founder of Immersive, retail firms are overflowing with customer information, making them prime targets for cybercriminals seeking both financial gain and strategic advantage. 

Often, retailers collect a wide variety of personal data about their customers, including names, emails, shopping histories, and contact information. These types of attacks can be carried out over a long period of time and with layers of attacks, as well as isolated breaches. 

In his article, Hadley emphasised the fact that misuse of stolen data often extends beyond its immediate damage. Threat actors often use compromised information to impersonate trusted brands, thereby extracting more sensitive personal data from unsuspecting consumers by phishing or social engineering techniques. In his view, this type of manipulation can persist undetected for extended periods of time, compounding the dangers for individuals as well as organisations alike. 

As a result of these rapidly evolving threats, industry experts argue that the way businesses should respond to incidents must be shifted from a reactive incident response to a proactive cyber defence. Rather than only reacting after a breach has taken place, companies should act before an incident occurs. However, in order to combat these threats, advanced threat intelligence systems, robust encryption protocols, and dynamic security frameworks are urgently needed so that they can be spotted and neutralised before they become a problem. 

It is equally important for consumers to be educated continuously about the dangers of password reuse, suspicious links, and unauthorised communication, as they can take an active role in maintaining the safety of their data more responsibly. There is an increasing likelihood that traditional retailers will fail to protect themselves adequately against the growing use of artificial intelligence-powered attack tools and automated hacking techniques, as the traditional security measures that they employed are proving insufficient to keep out the threats. 

Luxury brands, such as Cartier and The North Face, have recently experienced breaches that underscore the fact that even the most established names in the fashion and accessory industry are not immune to the constantly evolving cyber threat landscape. As a result of the breach, Cartier has issued a warning to all of its customers that they need to remain vigilant against potential cyber threats. 

The organisation advised individuals to stay vigilant for unsolicited communications, such as suspicious emails, unexpected messages, or unusual login activity on their online accounts, including unsolicited communications from people they don't recognise. It is strongly recommended by the company that users enable multi-factor authentication (MFA) wherever possible, avoid using unsecured networks, avoid clicking on links or downloading attachments from unknown sources as well and avoid using unsecured networks to mitigate further risks.

In addition to providing immediate consumer protection, Cartier's response also emphasised the need for stronger security measures throughout the industry at large. There is no doubt that organisations, particularly those in the luxury and retail sectors, must implement comprehensive, proactive cybersecurity strategies if they are to survive. Performing regular internal and external security audits, strengthening anti-phishing training programs for all levels of employees, and closely assessing the cybersecurity resilience of third-party vendors that are often integral to a brand's digital infrastructure are some of the things companies should do. 

As the company's advisory emphasises in its statement, cybersecurity is not just a technical challenge, but is also a strategic priority within the organisation that requires continuous investments, oversight, and awareness. A growing number of threats and persistent attackers need consumers and corporations to share the responsibility of fostering a safer and more secure digital environment, as threats become more sophisticated and attackers become more persistent. 

There has been a growing number of high-profile breaches in retail in recent months, and the Cartier cyberattack is just one example of these, with other major brands including Victoria's Secret, Harrods, M&S, and The Co-op all being victims of similar events. A number of security experts have reported that sophisticated threat groups, including the hacking collective known as Scattered Spider, are targeting retailers with systematic malicious intent in recent years. 

There have been several recent attacks claimed by the group, including the attack on M&S and The Co-op, prompting an increase in industry-wide vigilance. Analysts believe that Scattered Spider and similar groups are often able to exploit structural weaknesses and operational vulnerabilities in a specific industry by focusing their efforts on a particular industry for a prolonged period of time. 

Retailers are a particularly attractive target due to their vast repository of consumer data and longstanding underinvestment in cybersecurity infrastructure, making them a great target for cyber criminals. It is also important to note that many retailers are heavily dependent on third-party vendors with security practices that do not meet modern standards, thereby further exposing an already vulnerable ecosystem to security risks. 

A cybersecurity firm called Immersive Labs' founder, James Hadley, noted that retail companies, overwhelmed by customer information, have become increasingly attractive targets for cybercriminals, as a result. According to him, the recent string of successful breaches may further embolden attackers, which reinforces the perception that retail companies are soft targets that can pay off well. 

According to Jake Moore, a Global Cybersecurity Advisor at ESET, similar concerns are echoed, and he warned that these incidents will continue to occur in an increasingly frequent and severe manner. In his view, ransom demands can reach into the millions of dollars, but even when the ransom is not paid, the cost of recovery, disruptions to operations, and reputational damage can still be immense, even if the ransom is not paid. 

In many cases, Moore noted, the cost of remediation far exceeds the ransom itself, placing companies in a precarious position during and after an attack. Although Moore identified a potential silver lining in the rising threat landscape, he also mentioned that there has been an increased awareness of cybersecurity threats and a renewed emphasis on cybersecurity readiness. He said that despite the fact that many companies have been narrowly spared such attacks, the ripple effect has prompted many businesses to strengthen their digital defences, develop robust incident response plans, and prepare themselves for the inevitable occurrence of cyber attacks in the future. 

It is clear, however, that the Cartier breach is a stark reminder that in today's hyperconnected world, reputation and luxury branding do not mean user are immune to digital attacks. Because cyber threats are growing faster, larger, and more sophisticated every day, organisations must shift from reactive containment to proactive cyber resilience to keep themselves safe. There is a need to invest not only in the next generation of security technologies, but also in building a culture of cybersecurity at all levels of an organisation - from executive leadership to frontline staff. 

There is no doubt that aligning IT security, risk management, and customer trust is now a priority in boardrooms. To reduce systemic risk, the industry will need to collaborate, for example, by sharing threat intelligence and setting benchmarks for incident response and establishing higher standards for vendor accountability, among other things. It is clear that safeguarding data in today's digital economy is no longer an operational checkbox, but now it has become a key business imperative that directly impacts consumer confidence, brand value, and long-term viability.
Read more »
VF Corporation cybersecurity
credential stuffing attack 2025 Data Breach e-commerce data leak MFA cyber The North Face VF Corporation cybersecurity

The North Face Suffers Data Breach in Credential Stuffing Attack, Customer Information Exposed

 

Outdoor gear giant The North Face has issued a warning to its customers following a cyberattack in April that compromised sensitive personal data through a credential stuffing incident.

A subsidiary of VF Corporation — which also owns Vans, Timberland, and Dickies — The North Face is a prominent American brand generating over $3 billion in annual revenue. Approximately 42% of its sales come through online channels, making its e-commerce platform a prime target for cyber threats.

Credential stuffing is a technique where attackers use stolen username-password combinations from previous breaches to access user accounts on other platforms. This form of attack often succeeds because many individuals reuse the same login credentials across multiple services. However, such breaches are largely preventable with the use of multi-factor authentication (MFA), which adds an extra layer of security.

The company has begun notifying affected users, sharing a sample breach notice with the Vermont Attorney General. The alert states:

“On April 23, 2025, we discovered unusual activity involving our website, thenorthface.com, which we investigated immediately,”

“Following a careful and prompt investigation, we concluded that an attacker had launched a small scale credential stuffing attack against our website on April 23, 2025.”

According to the company, the compromised data includes:
  • Full names
  • Purchase history
  • Shipping addresses
  • Email addresses
  • Dates of birth
  • Telephone numbers
Fortunately, financial data was not affected, as payments on the website are managed by a third-party provider, and The North Face does not store actual payment information—only secure tokens used for processing.

This isn’t the first time the company has faced such an incident. The latest breach marks the fourth credential stuffing event since 2020. Earlier in 2025, a similar attack was reported on both The North Face and Timberland websites, impacting over 15,700 accounts. Past incidents in 2020 and 2022 affected more than 200,000 users in total.

The most severe breach occurred in December 2023, when a ransomware attack compromised data from 35 million customers.

BleepingComputer has reached out to The North Face for further details, including the total number of users impacted in the April incident, but has yet to receive a response.
Read more »
GitHub Advanced Security
AWS Cloud Security Critical Infrastructure Customer Data Cyberattack Data Breach Data Safety User Data data security GitHub GitHub Advanced Security

Massive Cyberattack Disrupts KiranaPro’s Operations, Erases Servers and User Data


KiranaPro, a voice-powered quick commerce startup connected with India’s Open Network for Digital Commerce (ONDC), has been hit by a devastating cyberattack that completely crippled its backend infrastructure. The breach, which occurred over the span of May 24–25, led to the deletion of key servers and customer data, effectively halting all order processing on the platform. Despite the app still being live, it is currently non-functional, unable to serve users or fulfill orders. 


Company CEO Deepak Ravindran confirmed the attack, revealing that both their Amazon Web Services (AWS) and GitHub systems had been compromised. As a result, all cloud-based virtual machines were erased, along with personally identifiable information such as customer names, payment details, and delivery addresses. The breach was only discovered on May 26, when the team found themselves locked out of AWS’s root account. Chief Technology Officer Saurav Kumar explained that while they retained access through IAM (Identity and Access Management), the primary cloud environment had already been dismantled. 

Investigations suggest that the initial access may have been gained through an account associated with a former team member, although the company has yet to confirm the source of the breach. To complicate matters, the team’s multi-factor authentication (MFA), powered by Google Authenticator, failed during recovery attempts—raising questions about whether the attackers had also tampered with MFA settings. 

Founded in late 2024, KiranaPro operates across 50 Indian cities and allows customers to order groceries from local kirana shops using voice commands in multiple languages including Hindi, Tamil, Malayalam, and English. Before the cyberattack, the platform served approximately 2,000 orders daily from a user base of over 55,000 and was preparing for a major rollout to double its footprint across 100 cities. 

Following the breach, KiranaPro has contacted GitHub for assistance in identifying IP addresses linked to the intrusion and has initiated legal action against ex-employees accused of withholding account credentials. However, no final evidence has been released to the public about the precise origin or nature of the attack. 

The startup, backed by notable investors such as Blume Ventures, Snow Leopard Ventures, and TurboStart, had recently made headlines for acquiring AR startup Likeo in a $1 million stock-based deal. High-profile individual investors include Olympic medalist P.V. Sindhu and Boston Consulting Group’s Vikas Taneja. 

Speaking recently to The Indian Dream Magazine, Ravindran had laid out ambitious plans to turn India’s millions of kirana stores into a tech-enabled delivery network powered by voice AI and ONDC. International expansion, starting with Dubai, was also on the horizon—plans now put on hold due to this security incident. 

This breach underscores how even tech-forward startups are vulnerable when cybersecurity governance doesn’t keep pace with scale. As KiranaPro works to recover, the incident serves as a wake-up call for cloud-native businesses managing sensitive data.
Read more »
User Privacy
Adidas Data Breach Data Leak Third-party breach User Privacy

Adidas Confirms Data Leak After User Service Provider Hack

 

Adidas confirmed that a third-party customer service provider's vulnerability allowed a threat actor to steal company data. 

Contact details of customers who have previously dealt with the Adidas customer service help desk are among the impacted data. However, passwords, credit cards, and other financial or payment information are not included.

"Adidas is in the process of informing potentially affected consumers as well as appropriate data protection and law enforcement authorities consistent with applicable law," the company explained in a notification on its website. 

It has subsequently initiated an investigation to gather facts about a breach and is working with information security professionals. Adidas did not reveal the name of its third-party customer support provider. It also remains unknown who carried out the strike. 

"This incident underscores a critical truth: third-party breaches swiftly become your organization's breaches, which highlights the necessity of robust oversight mechanisms," noted Fletcher Davis, senior security research manager at BeyondTrust. "Mandating security assessments, multifactor authentication, and zero-trust architecture for all vendor access, while deploying real-time identity infrastructure monitoring to cut response times to minutes, as opposed to days.” 

Adidas is not the first well-known brand to have experienced data leaks or cyberattacks in recent years. Recent ransomware attacks have targeted the Co-op Group, Marks & Spencer, and the luxury shop Harrods. Marks & Spencer reported that its customers' personal information was stolen during the incident, and that retail operations had been affected.

Scattered Spider was possibly responsible for the attack, unleashing DragonForce ransomware against the UK retailer, forcing Marks & Spencer to estimate a $400 million hit on earnings.

Establishing strong defense 

Forward-thinking merchants are implementing new techniques to mitigate third-party risk. Consider the following best practices: 

Zero trust approach: Treat every provider as a potential risk and restrict data access to what is absolutely essential. 

Incident simulation: Conduct regular exercises that simulate third-party breaches and test your response procedures. 

Continuous vendor assessment: Use automated systems to track vendor security status all year, not just during annual audits. 

The Adidas breach was not an isolated incident. It is a warning to the entire retail sector. As hackers become more adept, businesses must consider third-party risk as a key priority rather than just a compliance concern.
Read more »
Ransomware
Data Breach Files links Nova Scotia Ransomware

Ransomware Attack Exposes Private Data of Over 280,000 Nova Scotia Power Customers

 


A major cybersecurity incident has affected Nova Scotia Power, the province’s electricity provider. The company recently confirmed it was hit by a ransomware attack that led to a massive data leak, although electricity services were not disrupted.

The cyberattack was first detected in late March 2025, but the company didn’t reveal full details until much later. After noticing unusual activity on April 25, Nova Scotia Power quickly activated emergency measures. They called in cybersecurity professionals and informed local authorities.

By May, investigations confirmed that customer information had been accessed by unauthorized hackers. The stolen records include names, birth dates, email addresses, phone numbers, home and service addresses, electricity usage history, payment records, and details of past service requests. Some individuals were affected more severely, as sensitive documents like Social Insurance Numbers, driver's license numbers, and bank account information were also accessed—particularly for those using automatic payments.

Despite the attack, Nova Scotia Power chose not to give in to the ransom demands. In a public statement, they explained that their decision was based on advice from cybersecurity experts and legal authorities. Unfortunately, since the ransom wasn’t paid, the attackers responded by leaking the stolen data online.

To help affected customers, the company has partnered with TransUnion, a credit monitoring agency. Those impacted are being offered a free two-year subscription to a credit monitoring program called myTrueIdentity. Letters with instructions on how to sign up and tips to stay protected are being sent out.

Nova Scotia Power has advised customers to be cautious. People are warned not to respond to suspicious emails, texts, or phone calls pretending to be from the company. If contacted unexpectedly, it’s safer to double-check the message before sharing personal information. Avoid clicking on strange links or downloading unknown files.

While customer privacy has been compromised, the company confirmed that its electricity system remains secure. The power supply across the province has not been affected in any way. All power generation, delivery, and transmission systems continue to operate as usual.

Emera Inc., the parent company of Nova Scotia Power, stated that the cyberattack has not had a serious effect on its financial results. The company continues to report earnings and operate its business normally.

This incident is one of the largest data breaches in recent Canadian history. The company is still investigating what happened and is working with professionals to strengthen its digital systems and prevent future attacks. With so many people impacted, it raises growing concerns about how easily private data can be exposed in today’s digital world.

Read more »
IT desk
Data Breach Dior Hackers harrods IT desk

Hackers Are Fooling IT Help Desks — Here’s How You Can Stay Protected

 


IT support teams, also known as service desks, are usually the first people we call when something goes wrong with our computers or accounts. They’re there to help fix issues, unlock accounts, and reset passwords. But this helpfulness is now being used against them.

Cybercriminals are targeting these service desks by pretending to be trusted employees or partners. They call in with fake stories, hoping to trick support staff into giving them access to systems. This method, called social engineering, relies on human trust — not hacking tools.


Recent Examples of These Attacks

In the past few months, several well-known companies have been hit by this kind of trickery:

1. Marks & Spencer: Attackers got the IT team to reset passwords, which gave them access to personal data. Their website and online services were down for weeks.

2. Co-Op Group: The support team was misled into giving system access. As a result, customer details and staff logins were stolen, and some store shelves went empty.

3. Harrods: Hackers tried a similar trick but were caught in time before they could cause any damage.

4. Dior: An unknown group accessed customer information like names and shopping history. Thankfully, no payment details were leaked.

5. MGM Resorts (2023): Hackers phoned the help desk, pretending to be someone from the company. They convinced the team to turn off extra security on an account, which led to a major cyberattack.


Why Hackers Target Support Desks

It’s often much easier to fool a person than to break into a computer system. Help desk workers are trained to respond quickly and kindly, especially when someone seems stressed or claims they need urgent access.

Hackers take advantage of this by pretending to be senior staff or outside vendors, using pressure and believable stories to make support agents act without asking too many questions.


How These Scams Work

• Research: Criminals gather public details about the company and employees.

• Fake Identity: They call the support team, claiming to be locked out of an account.

• Create Urgency: They insist the situation is critical, hoping the agent rushes to help.

• Avoiding Security: They make up excuses for not being able to use two-step login and ask for a reset.

• Gain Access: Once the reset is done, they log in and start their attack from the inside.


What Can Be Done to Prevent This

Companies should train their support teams to slow down, ask the right questions, and always verify who they’re talking to — no matter how urgent the request sounds. It’s also smart to use extra security tools that help confirm a person’s identity before giving access.

Adding clear rules and multi-layered checks will make it harder for attackers to slip through, even when they try their best to sound convincing.

Read more »
User Security
Data Breach Lawsuit M&S Thompsons Solicitors User Security

M&S Faces Multi-million Lawsuit Following Major Data Breach

 

Following the cyberattack that affected the retailer for a month, Marks & Spencer is reportedly facing a multimillion-pound lawsuit over the loss of customer data.

It acknowledged earlier this month that customer information, including names, email addresses, postal addresses, and dates of birth, had been stolen by hackers. Chief Executive Stuart Machin stated that the "sophisticated nature of the incident" had allowed access to the data, although he emphasised that it does not include account passwords or payment and card information, which M&S claims it does not store on its servers. 

According to The Sunday Mail, Thompsons Solicitors is now pursuing a class action lawsuit against M&S for exposing customers to the risk of scams by failing to safeguard their data. 

Senior Partner Patrick McGuire of Thompsons Solicitors stated that the firm has been "inundated by Scots M&S clients who have been caught up in this online heist and are contacting Thompsons. We have a situation here where one of the most famous retailers in the UK has allowed criminals to pillage the personal details of hundreds of thousands of Scottish customers. I think this will be the biggest data theft case we have ever been involved in.”

Investors will be expecting that Marks & Spencer will provide further information on the impact of the disastrous cyber assault that has interrupted all online orders at the retail giant. On Friday, the company will provide an update to the stock market on its financial performance over the past year. However, emphasis will be focused on how the company is dealing with weeks of interruption. It's been a month since the retailer was hit by a major "cyber incident" allegedly tied to hacking organisation Scattered Spider.

As a result, the company has suspended online orders for the past three weeks, and payments and click-and-collect orders have also been affected. M&S's store availability was also impacted by the outage, resulting in some bare shelves as it replaced elements of its IT systems, but said it was recovering swiftly in an update last Thursday.

Its stores have remained open, and availability is "now in a much more normal place, with stores well stocked this week". The retailer is yet to reveal the financial cost of the incident, although it is believed to have lost tens of millions of pounds in sales. 

Analysts at Barclays believe the cyber attack might cost £200 million in the fiscal year 2025/26, but this will be mitigated by an insurance payout of roughly £100 million. The attack struck the business following an excellent run under Stuart Machin's leadership, with shares reaching a nearly nine-year high last month before falling recently.
Read more »
UK
Data Breach Data protection Dior Fashion UK

Dior Confirms Hack: Personal Data Stolen, Here’s What to Do


Christian Dior, the well-known luxury fashion brand, recently experienced a cyberattack that may have exposed customer information. The brand, owned by the French company LVMH, announced that an outsider had managed to break into part of its customer database. This has raised concerns about the safety of personal information, especially among shoppers in the UK.

Although no bank or card information was stolen, Dior said the hackers were able to access names, email addresses, phone numbers, mailing addresses, purchase records, and marketing choices of customers. Even though financial details remain safe, experts warn that this kind of personal data could still be used for scams that trick people into giving away more information.


How and When the Breach Happened

The issue was first noticed on May 7, 2025, when Dior’s online system in South Korea detected unusual activity involving customer records. Their technical team quickly responded by shutting down the affected servers to prevent more damage.

A week later, on May 14, French news sources reported the incident, and the following day, Dior publicly confirmed the breach on its websites. The company explained that while no payment data was involved, some customer details were accessed.


What Dior Is Doing Now

Following the European data protection rules, Dior acted quickly by resetting passwords, isolating the impacted systems, and hiring cybersecurity experts to investigate the attack. They also began informing customers where necessary and reassured the public that they are working on making their systems more secure.

Dior says it plans to improve security by increasing the use of two-factor login processes and monitoring accounts more closely for unusual behavior. The company says it takes customer privacy very seriously and is sorry for any trouble this may cause.


Why Luxury Brands Are Often Targeted

High-end brands like Dior are popular targets for cybercriminals because they cater to wealthy customers and run large digital operations. Earlier this month, other UK companies like Marks & Spencer and Co-op also reported customer data issues, showing that online attacks in the retail world are becoming more common.


What Customers Can Do to Stay Safe

If you’re a Dior customer, there are simple steps you can take to protect yourself:

1. Be careful with any messages that claim to be from Dior. Don’t click on links unless you are sure the message is real. Always visit Dior’s website directly.

2. Change your Dior account password to something new and strong. Avoid using the same password on other websites.

3. Turn on two-factor login for extra protection if available.

4. Watch your bank and credit card activity regularly for any unusual charges.

Be wary of fake ads or offers claiming big discounts from Dior, especially on social media.


Taking a few minutes now to secure your account could save you from a lot of problems later.

Read more »
phishing
Coinbase credit freeze Crypto Wallet cryptocurrency Cybersecurity Data Breach Identity Theft phishing

Coinbase Confirms Data Breach Impacting Over 69,000 Users, Refuses $20M Extortion Demand

 

Coinbase, the leading cryptocurrency exchange in the United States, disclosed a recent cybersecurity breach affecting 69,461 users, according to a notification submitted to the Maine attorney general’s office. Although the hackers failed to access individual accounts or sensitive login details such as two-factor authentication codes, private keys, or crypto wallets, they were able to obtain a wide array of personal data.

The compromised information includes:
  • Full names
  • Residential addresses
  • Phone numbers
  • Email addresses
  • Partial Social Security numbers
  • Masked bank account details
  • Government-issued ID images (e.g., driver’s licenses, passports)
  • Account-related data such as transaction history and snapshots
In an SEC filing, Coinbase revealed that the attackers paid offshore contractors to gain access to internal systems. This information was weaponized to launch a social engineering scam. The perpetrators demanded $20 million in exchange for not leaking the stolen data—an offer Coinbase declined.

"Instead of funding criminal activity, we have investigated the incident, reinforced our controls, and will reimburse customers impacted by this incident," the company said in its statement.

Coinbase is currently collaborating with law enforcement and has established a $20 million reward fund to incentivize tips that could lead to the identification and capture of the individuals responsible.

Meanwhile, reports on Reddit suggest that some users received unsolicited password reset notifications as early as last week. It is still unclear whether these incidents are directly connected to the breach. CNET contacted Coinbase for a response, but no comment was issued at the time.

Steps to Protect Your Crypto and Data
Although Coinbase has confirmed that seed phrases and investor accounts remain secure, the exposure of personal data is significant. Here’s what you should do now to safeguard your information:

1. Use a Cold Wallet
security, coldwallet, hardwarewallet, cryptoassets
For regular crypto investors, shifting funds to a cold wallet—a device not connected to the internet—can provide an extra layer of security in case of future breaches

2. Freeze Your Credit Reports
creditfreeze, SSN, financialsecurity
Freeze your credit reports with all three major bureaus and consider placing a lock on your Social Security number to prevent identity misuse. Be cautious of phishing attempts that may exploit this situation.

"It's worth the hassle of setting up accounts with all three major credit bureaus. I get peace of mind at zero cost to me," said Danni Santana, CNET’s identity theft editor.

3. Notify Your Bank
banking, accountsecurity, financialfraud
Even if only partial account information was exposed, contact your bank to report the incident. You may want to open new checking or savings accounts as a precaution.

4. Enroll in Identity Monitoring Services
identitytheft, monitoring, datasecurity, insurance
Opt into a free credit and identity monitoring service. While these platforms don’t take direct action, they provide alerts if your data appears on the dark web. Paid services like Aura go further, offering identity restoration support and up to $1 million in identity theft insurance.
Read more »
validation
Automation Compliance Cybersecurity Data Breach Downtime Encryption Infrastructure PenTesting Risk validation

Pentera Report: 67% of Companies Hit by Data Breaches in Past Two Years

 

A new study by Pentera reveals that 67% of organizations have experienced a data breach in the last 24 months — with 24% affected in the past year, and 43% reporting incidents within the previous 12 months.

The most common consequence of these breaches was unplanned downtime, affecting 36% of companies. In addition, 30% faced data compromise, while 28% incurred financial losses, emphasizing the growing risk and impact of security failures.

Among the organizations that shared the breach aftermath, a startling 76% said the incidents affected the confidentiality, integrity, or availability of their data. Only 24% reported no significant consequences.

Confidence in government-led cybersecurity efforts is also alarmingly low. Just 14% of cybersecurity leaders said they trust the support provided. Although 64% of CISOs acknowledged receiving some level of help, many feel it’s not enough to safeguard the private sector.

To strengthen cyber defenses, U.S. enterprises are spending an average of $187,000 a year on penetration testing, which simulates cyberattacks to uncover system vulnerabilities. This figure makes up just over 10% of the overall IT security budget, yet over 50% of CISOs plan to increase this allocation in 2025.

Still, companies are making system changes — such as new users, configuration updates, and permission modifications — much more frequently than they validate security. The report highlights that 96% of U.S. organizations update infrastructure quarterly, but only 30% test their defenses at the same pace.

“The pace of change in enterprise environments has made traditional testing methods unsustainable,” said Jason Mar-Tang, Field CISO at Pentera.
“96% of organizations are making changes to their IT environment at least quarterly. Without automation and technology-driven validation, it's nearly impossible to keep up. The report’s findings reinforce the need for scalable security validation strategies that meet the speed and complexity of today’s environments.”
Read more »
Password
AI Privacy Credentials Stolen CyberCrime CyberThreat Data Breach Data Stolen Datasafety Password

Global Data Breach Uncovers 23 Million Stolen Credentials

 


As a consequence of the fact that a single set of login credentials can essentially unlock an individual's financial, professional, and personal life, the exposure of billions of passwords represents more than just a routine cybersecurity concern today- it signals a global crisis in the trust of digital systems and data security. 

Cybernews has recently reported a staggering number of 19 billion passwords that circulate on underground criminal forums right now, according to their findings. According to experts, this massive database of compromised credentials, which is one of the most extensive collections of credentials ever recorded, is intensifying cyberattacks around the globe in an attempt to increase their scale and sophistication. 

As opposed to isolated breaches of the past, this latest leak seems to have come from years of data breaches, reassembled and repurposed in a way that enables threat actors to launch highly automated and targeted attacks that can be used by threat actors. Not only is the leaked data being used to breach individual accounts, but it is also allowing credential stuffing campaigns to run on a large scale against banks, corporations, and government systems, involving automated login attempts using the leaked credentials. 

Due to this rapid development of the threat landscape, cybersecurity professionals are warning that attacks will become more personal, more frequent, and harder to detect in the future. Considering the sheer number of compromised passwords, it is evident that it is essential to implement more comprehensive digital hygiene practices, such as multi-factor authentication, regular password updates, and educating the public about the dangers associated with reused or weak credentials. Today's hyperconnected world is a powerful reminder that cybersecurity isn't an optional issue. This development serves as a strong reminder of the importance of maintaining strong digital hygiene.

As the threat posed by infostealer malware continues to grow, a thriving underground economy of stolen digital identities will continue to thrive as a result. Infections are silently carried out by these malicious programs that harvest sensitive information from devices. These details include login credentials, browser-stored data, and session cookies. These data are then sold or traded between cybercriminals. With billions of compromised records currently circulating within these illicit networks, it is alarming to see the scale of this ongoing data theft. 

One example of this was when a massive dataset, referred to as "ALIEN TXTBASE", was ingested into the widely trusted breach monitoring service, Have I Been Pwned, by cybersecurity expert Troy Hunt, known for being a very prominent case study. In the dataset, 1.5 terabytes of stealer logs are included, which contain approximately 23 billion individual data rows. These logs comprise 1.5 terabytes in total. According to the researchers, over 284 million distinct email accounts around the world were impacted by these breaches, which accounted for 493 million unique combinations of websites and email addresses. This trove of disclosed information underscores the magnitude of these breaches as they are becoming increasingly widespread and indiscriminate.

A malware program known as Infostealer does not target specific individuals but rather casts a wide net, infecting systems en large and stealing personal information without the knowledge of the user. As a result, there is an ever-increasing number of compromised digital identities that are constantly growing, which is a significant contributor to the global increase in the risks of account takeovers, fraud, and phishing attacks, as well as long-term privacy violations. 

It is common for individuals to believe they are unlikely targets for cybercriminals simply because they do not feel that they are "important enough." This belief is very, very false, and it is not possible to find a way to change it. In reality, modern cyberattacks are not manually orchestrated by hackers selecting a specific victim; instead, they are driven by automated tools capable of scanning and exploiting vulnerabilities at a large scale using automated tools. Regardless of whether a person has a professional or personal online presence, anyone can potentially be at risk, no matter what their profession, profile, or perceived importance is. 

The worst part is that, based on recent data, about 94% of the 19 billion leaked passwords were reused on multiple accounts in a way that makes the situation even more concerning. Cybercriminals can successfully infiltrate others using the same credentials once one account has been compromised, increasing the chances of successful attacks. It can be extremely difficult for an individual to cope with the consequences of a successful password breach. 

They may have to give up their email accounts, social media accounts, cloud storage accounts, financial applications, and more if they are hacked. When hackers have access to their accounts, they may use them to commit identity theft, open fraudulent credit lines, or conduct unauthorised financial transactions. As a result of the exposure of sensitive personal and professional information, it is also possible to face public humiliation, blackmail, or reputational damage, especially if malicious actors misuse compromised accounts for the dissemination of misinformation or for conducting illicit activities. 

As a result, cybercrime is becoming more sophisticated and sophisticated, thereby making everyone, regardless of their digital literacy, vulnerable without proper cybersecurity measures in place. Cybercrime risks are no longer theoretical—they are becoming a reality daily. Several leaked records reveal the inner workings of infostealer malware, offering a sobering insight into how these threats function in such a precise and stealthy manner. 

While traditional data breaches are focused on large corporate databases, infostealers typically infect individual devices without the user's knowledge and take a more insidious approach, often without the user being aware of it. In addition to extracting data such as saved passwords, session cookies, autofill entries, and browser history, these malicious tools can also extract a wide range of sensitive data as soon as they are embedded. 

Once the data is stolen, it is then trafficked into cybercriminal circles, leading to a vicious cycle of account takeovers, financial fraud, and identity theft. It has recently been reported that the ALIEN TXTBase dataset, which has received much attention because of its huge scope and structure, is a notable example of this trend. There is a misconception that this dataset stems from a single incident, but in fact, it is actually a compilation of stealer logs from 744 different files that were derived from a single incident. 

It was originally shared through a Telegram channel, where threat actors often spread such information in a very unregulated and open environment. Each entry in the dataset follows the same format as a password—URL, login, and password, which provides an in-depth look at the credentials compromised. Troy Hunt, a cybersecurity researcher, gathered these fragments and compiled them into one unified and analysed dataset, which was then incorporated into Have I Been Pwned, a platform that can be used to identify a user's vulnerability. 

It is important to note that only two sample files were initially reviewed; however, as it became clear that the extent of the leak was immense, the whole collection was merged and analysed to gain a clearer picture of the damage. By aggregating this data methodically, cybercriminals are demonstrating that they aren't merely exploiting isolated incidents; they're assembling vast, cumulative archives of stolen credentials that they're cultivating over time. By sharing and organising this data in such a widespread manner, the reach and effectiveness of infostealer campaigns can be accelerated, presenting a threat to both personal privacy as well as organisational security for many years to come.

Act Without Delay 


As a result of the recent security breaches of passwords, individuals can still protect themselves by taking action as soon as possible to protect themselves and their devices. Procrastination increases vulnerability as threats are rapidly evolving. 

Strengthen Passwords


Creating a strong, unique password is essential. Users should avoid using common patterns when writing their passwords and create passphrases that include uppercase, lowercase, numbers, and symbols, in addition to letters and numbers. Password managers can assist in creating and storing complex passwords securely. 

Replace Compromised Credentials


Changing passwords should be done immediately if they are reused across different websites or remain unchanged for an extended period, especially for sensitive accounts like email, banking, and social media. Tools like Have I Been Pwned can help identify breaches faster. 

Enable Multi-Factor Authentication 


A multi-factor authentication system (MFA) reduces the risk of a security breach by reducing the need to upload multiple authentication credentials. App-based authenticators such as Google Authenticator provide better security than SMS-based authenticators, which are still preferable. 

Use Privacy Tools

Several platforms like Cloaked provide disposable email addresses and masked phone numbers, which minimise the possibility of sensitive information being breached and the exposure of personal information. 

Stay Vigilant and Informed

It is critical to monitor account activity regularly, revoke untrusted entry to accounts, and enable alerts on untrusted devices. Staying informed through a trusted cybersecurity source and educating others on how to protect themselves will further enhance collective security. The growing threat of credential theft can be combated by raising awareness, taking timely action, and establishing strong security habits. 

Protecting a person's digital identity is an ongoing responsibility which requires vigilance, proactive measures, and continuous awareness. As a result of recent credential leaks of unprecedented scale and sophistication, it has become increasingly imperative for individuals as well as organisations to take additional measures to ensure their cybersecurity posture is as secure as possible. Proactive and continuous vigilance must become an integral part of all organisations' cybersecurity practices, incorporating not just robust password management and multi-factor authentication, but also regular security audits and real-time monitoring of digital assets. 

As a precautionary measure against exploitation, companies should implement comprehensive cybersecurity frameworks, which include employee training, threat intelligence sharing, and incident response planning. It is equally important that users adopt privacy-enhancing tools and remain informed about emerging threats to stay ahead of adversaries who continually change their tactics, thereby protecting themselves against the relentless attacks of cyber adversaries. 

In the end, protecting digital identities is a continuous commitment that requires both awareness and action; if you fail to perform these responsibilities, you expose your business and personal data to relentless cybercriminals. Stakeholders need to cultivate a culture of security, mindfulness,sadandeverage advanced protective measures. This will reduce their vulnerability in the increasingly interconnected digital ecosystems of today, preserving trust and resilience to overcome the challenges presented by cybersecurity threats.
Read more »
SK Telecom
Data Breach Hacking sim cards SK Telecom

Personal Data Leak Hits SK Telecom Users, SIM Swap Threat Grows

 


A recent cyberattack has put the personal information of millions of South Korean mobile users at risk. SK Telecom, the country’s largest mobile service provider, has confirmed that a major data breach has affected up to 25 million customers. The attack was carried out using malware that could allow criminals to perform SIM swapping — a method where someone takes control of a person's phone number to access their accounts and data.

The company said it is still investigating the situation but assured the public that no misuse of the stolen data has been confirmed so far. Despite this, many customers are worried that the real damage could still happen in the future.

In response to the breach, a group of victims has come together to demand answers and action. This group, calling itself the “SKT USIM Hacking Joint Response,” says SK Telecom has not been clear about how serious the breach is. They fear that leaked phone numbers and related information could be used to break into other services, such as bank accounts, messaging apps, and social media platforms — all of which often use phone numbers for verification.

To ease concerns, SK Telecom has promised to provide free replacement SIM cards to all affected users. However, the company has run into challenges with supply. So far, it has only secured one million SIM cards and plans to get five million more by the end of May. This is far from enough to cover the 25 million people impacted, so it may take a while before everyone receives their replacement card.

SK Telecom has set up an online system where customers can book appointments to get their new SIM cards. But the company has warned that long wait times should be expected because of the high demand.

This incident has raised serious questions about mobile security and how quickly companies respond to digital threats. As people rely more on their smartphones for banking, shopping, and communication, protecting mobile data has never been more important.

Read more »
Ransomware
Data Breach Personal Information PowerSchool breach Ransomware

Hackers Resurface with PowerSchool Data, Target Schools Again with New Threats

 


Hackers behind the 2024 cyberattack on PowerSchool have returned, this time going after individual schools. They're now threatening to leak private data unless schools pay them ransom.

PowerSchool is a major digital platform used in the education sector. It provides services to over 17,000 schools in more than 90 countries, helping around 50 million students. In December 2024, the platform suffered a major data breach where hackers managed to steal large amounts of sensitive information. Reports confirmed that the attackers accessed personal data of about 62 million students and 9 million staff members across more than 6,500 school districts in the US and Canada.

At that time, PowerSchool made the controversial decision to pay the attackers in hopes that the stolen data would be deleted. According to the company, it was not a decision taken lightly. They believed that paying the ransom was the best way to keep the private information from being made public. They were told by the hackers—and shown evidence — that the stolen data would be destroyed. However, it now appears that those promises were not kept.

Recently, schools have reported receiving direct messages from cybercriminals, warning them that the stolen data could be released if more ransom is not paid. These threats are based on the same data from the December breach, suggesting that the attackers never deleted it in the first place.

The stolen information includes highly personal details such as names, Social Security Numbers, home addresses, and even health-related information. This kind of data can be used to commit fraud or identity theft, which puts both students and staff at serious risk.

To reduce the chances of identity misuse, PowerSchool is offering two years of free credit and identity monitoring services to those affected. They also expressed regret for the situation and said they are working closely with law enforcement to handle the latest round of threats and prevent further damage.

This situation stresses upon the danger of trusting cybercriminals, even after a ransom is paid. It also shows how long the effects of a data breach can last, especially when sensitive personal information is involved.

Read more »
Subscribe to: Posts (Atom)