Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Data Leak. Show all posts
User Privacy
Adidas Data Breach Data Leak Third-party breach User Privacy

Adidas Confirms Data Leak After User Service Provider Hack

 

Adidas confirmed that a third-party customer service provider's vulnerability allowed a threat actor to steal company data. 

Contact details of customers who have previously dealt with the Adidas customer service help desk are among the impacted data. However, passwords, credit cards, and other financial or payment information are not included.

"Adidas is in the process of informing potentially affected consumers as well as appropriate data protection and law enforcement authorities consistent with applicable law," the company explained in a notification on its website. 

It has subsequently initiated an investigation to gather facts about a breach and is working with information security professionals. Adidas did not reveal the name of its third-party customer support provider. It also remains unknown who carried out the strike. 

"This incident underscores a critical truth: third-party breaches swiftly become your organization's breaches, which highlights the necessity of robust oversight mechanisms," noted Fletcher Davis, senior security research manager at BeyondTrust. "Mandating security assessments, multifactor authentication, and zero-trust architecture for all vendor access, while deploying real-time identity infrastructure monitoring to cut response times to minutes, as opposed to days.” 

Adidas is not the first well-known brand to have experienced data leaks or cyberattacks in recent years. Recent ransomware attacks have targeted the Co-op Group, Marks & Spencer, and the luxury shop Harrods. Marks & Spencer reported that its customers' personal information was stolen during the incident, and that retail operations had been affected.

Scattered Spider was possibly responsible for the attack, unleashing DragonForce ransomware against the UK retailer, forcing Marks & Spencer to estimate a $400 million hit on earnings.

Establishing strong defense 

Forward-thinking merchants are implementing new techniques to mitigate third-party risk. Consider the following best practices: 

Zero trust approach: Treat every provider as a potential risk and restrict data access to what is absolutely essential. 

Incident simulation: Conduct regular exercises that simulate third-party breaches and test your response procedures. 

Continuous vendor assessment: Use automated systems to track vendor security status all year, not just during annual audits. 

The Adidas breach was not an isolated incident. It is a warning to the entire retail sector. As hackers become more adept, businesses must consider third-party risk as a key priority rather than just a compliance concern.
Read more »
Vietnam
Data Leak Illicit Activity Mobile Security Telegram User Privacy Vietnam

Vietnam Blocks Telegram Messaging App

 

Vietnam's technology ministry has ordered telecommunications service providers to ban the messaging app Telegram for failing to cooperate in the investigation of alleged crimes committed by its users, a move Telegram described as shocking.

In a document dated May 21 and signed by the deputy head of the telecom department at the technology ministry, telecommunications firms were asked to start steps to block Telegram and report back to the ministry by June 2. 

In the document seen by Reuters, the ministry was acting on behalf of the nation's cybersecurity department after police revealed that 68% of Vietnam's 9,600 Telegram channels and groups were breaking the law. They cited drug trafficking, fraud, and "cases suspected of being related to terrorism" as some of the illicit activities conducted through the app. 

According to the document, the ministry requested that telecom companies "deploy solutions and measures to prevent Telegram's activities in Vietnam.” Following the release of the Reuters piece, the government announced the measures against Telegram on its website. 

"Telegram is surprised by those statements. We have responded to legal requests from Vietnam on time. This morning, we received a formal notice from the Authority of Communications regarding a standard service notification procedure required under new telecom regulations. The deadline for the response is May 27, and we are processing the request," the Telegram representative noted. 

According to a technology ministry official, the move was prompted by Telegram's failure to share customer information with the government when requested as part of criminal investigations.

The Vietnamese police and official media have regularly cautioned citizens about potential crimes, frauds, and data breaches on Telegram channels and groups. Telegram, which competes globally with major social networking apps such as Facebook's (META.O), WhatsApp and WeChat, remain available in Vietnam on Friday. 

Vietnam's ruling Communist Party maintains strict media censorship and tolerates minimal opposition. The country has regularly asked firms such as Facebook, Google (GOOGL.O), YouTube, and TikTok to work with authorities to remove "toxic" data, which includes offensive, misleading, and anti-state content. 

According to the document, Telegram has been accused of failing to comply with regulations requiring social media platforms to monitor, remove, and restrict illegal content. "Many groups with tens of thousands of participants were created by opposition and reactionary subjects spreading anti-government documents" based on police information. 

The free-to-use site, which has about 1 billion users globally, has been embroiled in scandals over security and data breaches, particularly in France, where its founder, Pavel Durov, was temporarily detained last year.
Read more »
Ransomware Platform
Cyber Attacks Data Leak LockBit Ransomware Platform

LockBit Ransomware Platform Breached Again, Ops Data Leaked

 

A breach of an administration panel used by the LockBit ransomware outfit resulted in the exposure of information that can be extremely valuable to law enforcement and the cybersecurity community.

The breach was discovered on May 7, when a domain linked with a LockBit administrator panel was vandalised to display the message "Don't do crime, crime is bad xoxo from Prague". The defaced page is also linked to an archive file containing information acquired from the stolen server. 

The leaked data includes private messages exchanged between LockBit affiliates and victims, Bitcoin wallet addresses, affiliate accounts, attack specifics, and malware and infrastructure details. 

Numerous cybersecurity specialists have examined the leaked data. The Bitcoin addresses could assist law enforcement, according to Christiaan Beek, senior director of threat analytics at Rapid7. 

In addition, Luke Donovan, head of threat intelligence at Searchlight Cyber, stated how the leaked data could benefit the cybersecurity community. According to the expert, the leaked user data is most likely related to ransomware affiliates or administrators. In the publicly available data, Searchlight Cyber has found 76 entries, including usernames and passwords.

“This user data will prove to be valuable for cybersecurity researchers, as it allows us to learn more about the affiliates of LockBit and how they operate. For example, within those 76 users, 22 users have TOX IDs associated with them, which is a messaging service popular in the hacking community,” Donovan noted.

He added, “These TOX IDs have allowed us to associate three of the leaked users with aliases on hacking forums, who use the same TOX IDs. By analysing their conversations on hacking forums we’ll be able to learn more about the group, for example the types of access they buy to hack organizations.” 

Searchlight Cyber discovered 208 chats between LockBit affiliates and victims. The messages, which stretch from December 2024 to April 2025, could be "valuable for learning more about how LockBit's affiliates negotiate with their victims". Indeed, Rapid7's Beek noted that the leaked chats illustrate how active LockBit affiliates were during the ransom negotiations. 

“In some cases, victims were pressured to pay just a few thousand dollars. In others, the group demanded much more: $50,000, $60,000, or even $100,000,” Beek stated. 

As for who is responsible for the LockBit hack, Searchlight Cyber's Donovan pointed out that the defacement message is identical to the message displayed last month on the compromised website of a different ransomware outfit, Everest. 

“While we cannot be certain at this stage, this does suggest that the same actor or group was behind the hack on both of the sites and implies that this data leak is the result of infighting among the cybercriminal community,” Beek added. 

On May 8, a statement released on LockBit's breach website admitted the vulnerability of an administration panel but minimised the impact, claiming that victims' decryptors and sensitive data were unaffected. 

LockBitSupp, the mastermind behind the LockBit operation, identified by authorities as Russian national Dmitry Yuryevich Khoroshev, has stated that he is willing to pay for information on the identity of the attacker. 

Law enforcement authorities across the globe have been taking steps to disrupt LockBit, but after inflicting a severe blow last year, the cybercrime operation remains operational and poses a threat to organisations.
Read more »
User Privacy
beWanted Data Breach Data Leak Job Platform User Privacy

Details of 1.1 Million Job Applicants Leaked by a Major Recruitment Platform

 

While looking for a new job can be enjoyable, it is surely not fun to lose your personal information in the process. In the meantime, the Cybernews investigation team found an unprotected GCS bucket belonging to the talent pool platform beWanted that had more than 1.1 million files.

The company, which has its headquarters in Madrid, Spain, bills itself as "the largest Talent Pool ecosystem in the world." beWanted is a software-as-a-service (SaaS) company that links companies and job seekers. The business maintains offices in the UK, Germany, and Mexico. 

The exposed instance was found by the researchers in November of last year. Despite the fact that the relocation temporarily affected service availability, beWanted claims that the company secured the bucket on May 9. 

"We prioritized data security. The solution was fully implemented, and the properly secured service was restored last Friday, May 9, 2025. We have been conducting exhaustive internal testing since Friday and can confirm that the solution is definitive. Furthermore, to the best of our knowledge and following relevant investigations, no data leakage has occurred," the company stated.

The researchers claim that resumes and CVs from job seekers make up the vast majority of the files from the more than a million compromised files. The information that was leaked included details that a job seeker would normally include such as Full names and surnames, phone numbers, email addresses, home addresses, dates of birth national id numbers, nationalities, places of birth, social media links, employment history and educational background. 

The researchers believe that a data leak involving over a million files, each of which likely represents a single person, is a serious security issue for beWanted. The fact that the data has been exposed for at least six months exacerbates the situation: hostile actors continue to comb the web for unprotected instances, downloading whatever they can find.

“This exposure creates multiple attack vectors, enabling cybercriminals to engage in identity theft, where personal information can be used to create synthetic identities or fraudulent accounts,” researchers added. 

Malicious actors can also use leaked information to create highly personalised and credible-looking phishing attempts, which could result in unauthorised access to financial accounts, passwords, or other sensitive data. 

Furthermore, the leaked information highlighted that the problem has worldwide implications. The leaked national ID numbers, for example, are from Spanish, Argentine, Guatemalan, Honduran, and other residents.
Read more »
Sensitive Information
Customer Data Cyber Attacks Data Leak Data protection data security Data Theft Employee Data Identity Theft Prevention Radio Station Sensitive Information

iHeartMedia Cyberattack Exposes Sensitive Data Across Multiple Radio Stations

 

iHeartMedia, the largest audio media company in the United States, has confirmed a significant data breach following a cyberattack on several of its local radio stations. In official breach notifications sent to affected individuals and state attorney general offices in Maine, Massachusetts, and California, the company disclosed that cybercriminals accessed sensitive customer information between December 24 and December 27, 2024. Although iHeartMedia did not specify how many individuals were affected, the breach appears to have involved data stored on systems at a “small number” of stations. 

The exact number of compromised stations remains undisclosed. With a network of 870 radio stations and a reported monthly audience of 250 million listeners, the potential scope of this breach is concerning. According to the breach notification letters, the attackers “viewed and obtained” various types of personal information. The compromised data includes full names, passport numbers, other government-issued identification numbers, dates of birth, financial account information, payment card data, and even health and health insurance records. 

Such a comprehensive data set makes the victims vulnerable to a wide array of cybercrimes, from identity theft to financial fraud. The combination of personal identifiers and health or insurance details increases the likelihood of victims being targeted by tailored phishing campaigns. With access to passport numbers and financial records, cybercriminals can attempt identity theft or engage in unauthorized transactions and wire fraud. As of now, the stolen data has not surfaced on dark web marketplaces, but the risk remains high. 

No cybercrime group has claimed responsibility for the breach as of yet. However, the level of detail and sensitivity in the data accessed suggests the attackers had a specific objective and targeted the breach with precision. 

In response, iHeartMedia is offering one year of complimentary identity theft protection services to impacted individuals. The company has also established a dedicated hotline for those seeking assistance or more information. While these actions are intended to mitigate potential fallout, they may offer limited relief given the nature of the exposed information. 

This incident underscores the increasing frequency and severity of cyberattacks on media organizations and the urgent need for enhanced cybersecurity protocols. For iHeartMedia, transparency and timely support for affected customers will be key in managing the aftermath of this breach. 

As investigations continue, more details may emerge regarding the extent of the compromise and the identity of those behind the attack.
Read more »
User Privacy
Data Breach Data Leak IT Infrastructure Kelly Benefits User Privacy

Kelly Benefits Data Leak Affects 260,000 People

 

A Maryland-based outsourced benefits and payroll manager is notifying nine large customers and nearly 264,000 individuals that their private and sensitive data may have been compromised in a December hack. The number of impacted people has increased by eight-fold since Kelly & Associates Insurance Group, also known as Kelly Benefits, published an estimate of the hack's scope earlier this month. 

The company's current total of 263,893 affected persons is far higher than the 32,234 initially reported on April 9 to state regulators and the US Department of Health and Human Services as a HIPAA breach. 

The benefits company announced that it is sending breach notices to impacted individuals on behalf of nine clients: Amergis, Beam Benefits, Beltway Companies, CareFirst BlueCross BlueShield, Guardian Life Insurance Co., Intercon Truck of Baltimore, Publishers Circulation Fulfilment, Quantum Real Estate Management, and Transforming Lives. 

Kelly Benefits declined to comment, citing "the sensitive nature of the incident and subsequent investigation.” An investigation following the incident revealed that unauthorised access to the company's IT infrastructure occurred between December 12 and December 17, 2024. The company claimed that throughout that period, the attackers copied and stole specific files.

"Kelly Benefits then began a time-intensive and detailed review of all files affected by this event to determine what information was present in the impacted files and to whom it related," the company noted. It analysed internal records to match the individual with the relevant client or carrier. 

Individuals' information compromised in the event varies, but it could include their name, Social Security number, date of birth, medical information, health insurance information, or financial account information.

Kelly Benefits informed the FBI about the incident. This company stated that it is still reviewing its security policies, procedures, and technologies. At the time of writing, at least one proposed federal class action lawsuit against Kelly Benefits was filed in connection with the hacking incident. The lawsuit claims Kelly Benefits was negligent in failing to safeguard sensitive personally identifying information from unauthorised access.

"Even with several months of credit monitoring services, the risk of identity theft and unauthorized use of plaintiff's and class members' PII is still substantially high. Cybercriminals need not harvest a person's Social Security number or financial account information in order to commit identity fraud or misuse plaintiffs and the class's PII," the lawsuit notes. "Cybercriminals can cross-reference the data stolen from the data breach and combine with other sources to create 'Fullz' packages, which can then be used to commit fraudulent account activity on plaintiff and the class's financial accounts."
Read more »
Sensitive data
Co-op Customer Data Customer Data Exposed cyber attack Data Breach Data Leak data security IT Infrastructure Sensitive data

Co-op Cyberattack Exposes Member Data in Major Security Breach

 

Millions of Co-op members are being urged to remain vigilant following a significant cyberattack that led to a temporary shutdown of the retailer’s IT infrastructure. The company confirmed that the breach resulted in unauthorized access to sensitive customer data, although it emphasized that no financial or account login information was compromised. 

Shirine Khoury-Haq, Chief Executive Officer of Co-op, addressed members directly, expressing regret and concern over the breach. She assured customers that the company’s core operations were largely unaffected by the attack and that members could continue to use their accounts and services as normal. However, she acknowledged the seriousness of the data exposure, which has affected both current and past members of the Co-op Group. 

“We deeply regret that personal member information was accessed during this incident. While we’ve been able to prevent disruption to our services, we understand how unsettling this news can be,” Khoury-Haq stated. “I encourage all members to take standard security precautions, including updating their passwords and ensuring they are not reused across platforms.” 

According to an official statement from Co-op, the malicious activity targeted one of their internal systems and successfully extracted customer data such as names, contact information, and dates of birth. Importantly, the company clarified that no passwords, payment details, or transactional records were included in the breach. They also emphasized that their teams are actively investigating the incident in coordination with the National Cyber Security Centre (NCSC) and the National Crime Agency (NCA). 

The company said that it has implemented enhanced security measures to prevent further unauthorized access, while minimizing disruption to business operations and customer services. Forensic specialists are currently assessing the full scope of the breach, and affected individuals may be contacted as more information becomes available. In response to the incident, Stephen Bonner, Deputy Commissioner of the UK Information Commissioner’s Office (ICO), offered guidance to concerned members. “Cyberattacks like this can be very unsettling for the public. 

If you’re concerned about your data, we recommend using strong, unique passwords for each of your online accounts and enabling two-factor authentication wherever possible,” he advised. “Customers should also stay alert to updates from Co-op and follow any specific instructions they provide.” The Co-op has apologized to its customers and pledged to continue prioritizing data protection as it works to resolve the issue. While the investigation continues, members are encouraged to remain cautious and take proactive steps to safeguard their personal information online.
Read more »
Sensitive data
Cyber Attacks Data Leak data security Data Theft Hacker attack Indian Cyber Security Pakistan Hacker Personal Data Sensitive data

Pakistan-Based Hackers Launch Cyber Attack on Indian Defence Websites, Claim Access to Sensitive Data

 

In a concerning escalation of cyber hostilities, a Pakistan-based threat group known as the Pakistan Cyber Force launched a coordinated cyber offensive on multiple Indian defence-related websites on Monday. The group claimed responsibility for defacing the official site of a Ministry of Defence public sector undertaking (PSU) and asserted that it had gained unauthorized access to sensitive information belonging to Indian defence personnel. According to reports, the targeted websites included those of the Military Engineering Service (MES) and the Manohar Parrikar Institute of Defence Studies and Analyses (MP-IDSA), both critical components in India’s defence research and infrastructure network. 

The group’s social media posts alleged that it had exfiltrated login credentials and personal data associated with defence personnel. One particularly alarming development was the defacement of the official website of Armoured Vehicle Nigam Limited (AVNL), a key PSU under the Ministry of Defence. The hackers replaced the homepage with the Pakistani flag and an image of the Al Khalid tank, a symbol of Pakistan’s military capabilities. A message reportedly posted on social platform X read, “Hacked. Your security is illusion. MES data owned,” followed by a list of names allegedly linked to Indian defence staff. 

Sources quoted by ANI indicated that there is a credible concern that personal data of military personnel may have been compromised during the breach. In response, authorities promptly took the AVNL website offline to prevent further exploitation and launched a full-scale forensic audit to assess the scope of the intrusion and restore digital integrity. Cybersecurity experts are currently monitoring for further signs of intrusion, especially in light of repeated cyber threats and defacement attempts linked to Pakistani-sponsored groups. 

The ongoing tensions between the two countries have only heightened the frequency and severity of such state-aligned cyber operations. This latest attack follows a pattern of provocative cyber incidents, with Pakistani hacker groups increasingly targeting sensitive Indian assets in attempts to undermine national security and sow discord. Intelligence sources are treating the incident as part of a broader information warfare campaign and have emphasized the need for heightened vigilance and improved cyber defense strategies. 

Authorities continue to investigate the breach while urging government departments and defense agencies to reinforce their cybersecurity posture amid rising digital threats in the region.
Read more »
Subscribe to: Posts (Atom)