Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label customer data compromise. Show all posts
Ransomware attack
Banking data leaks customer data compromise Cyber Attacks Data Leak Data protection data security insight leaked sensitive data Ransomware attack

Insight Partners Ransomware Attack Exposes Data of Thousands of Individuals

 

Insight Partners, a New York-based venture capital and private equity firm, is notifying thousands of individuals that their personal information was compromised in a ransomware attack. The firm initially disclosed the incident in February, confirming that the intrusion stemmed from a sophisticated social engineering scheme that gave attackers access to its systems. Subsequent investigations revealed that sensitive data had also been stolen, including banking details, tax records, personal information of current and former employees, as well as information connected to limited partners, funds, management companies, and portfolio firms. 

The company stated that formal notification letters are being sent to all affected parties, with complimentary credit monitoring and identity protection services offered as part of its response. It clarified that individuals who do not receive a notification letter by the end of September 2025 can assume their data was not impacted. According to filings with California’s attorney general, which were first reported by TechCrunch, the intrusion occurred in October 2024. Attackers exfiltrated data before encrypting servers on January 16, 2025, in what appears to be the culmination of a carefully planned ransomware campaign. Insight Partners explained that the attacker gained access to its environment on or around October 25, 2024, using advanced social engineering tactics. 

Once inside, the threat actor began stealing data from affected servers. Months later, at around 10:00 a.m. EST on January 16, the same servers were encrypted, effectively disrupting operations. While the firm has confirmed the theft and encryption, no ransomware group has claimed responsibility for the incident so far. A separate filing with the Maine attorney general disclosed that the breach impacted 12,657 individuals. The compromised information poses risks ranging from financial fraud to identity theft, underscoring the seriousness of the incident. 

Despite the scale of the attack, Insight Partners has not yet responded to requests for further comment on how it intends to manage recovery efforts or bolster its cybersecurity posture going forward. Insight Partners is one of the largest venture capital firms in the United States, with over $90 billion in regulatory assets under management. Over the past three decades, it has invested in more than 800 software and technology startups globally, making it a key player in the tech investment ecosystem. 

The breach marks a significant cybersecurity challenge for the firm as it balances damage control, regulatory compliance, and the trust of its investors and partners.
Read more »
Ransomwares
customer data compromise Cyber Attacks Data Breaches Data Leak data security RansomHub RansomHub ransomware ransomware attacks Ransomware group Ransomwares

Manpower Data Breach Hits 145,000 After RansomHub Ransomware Attack

 

Manpower, one of the world’s largest staffing and recruitment companies, has confirmed that nearly 145,000 individuals had their personal data compromised following a ransomware attack in late December 2024. The company, which operates as part of ManpowerGroup alongside Experis and Talent Solutions, employs more than 600,000 workers across 2,700 offices worldwide and reported $17.9 billion in revenues last year. 

The breach came to light after the company investigated a systems outage at a Lansing, Michigan, franchise in January 2025. According to a filing with the Office of the Maine Attorney General, attackers gained unauthorized access to Manpower’s network between December 29, 2024, and January 12, 2025. In notification letters sent to affected individuals, Manpower revealed that certain files may have been accessed or stolen during this time. The company stated that the breach potentially exposed personal information, though the full scope of data compromised remains undisclosed. 

On July 28, 2025, the staffing firm formally notified 144,189 individuals that their data may have been involved in the incident. Following the discovery, Manpower announced that it had implemented stronger IT security measures and is cooperating with the FBI to pursue those responsible. To mitigate the impact on victims, the company is also offering complimentary credit monitoring and identity theft protection services through Equifax. 

The ransomware group RansomHub has claimed responsibility for the attack. In January, shortly after Manpower disclosed the incident, the group alleged that it had stolen 500GB of sensitive files from the company’s systems. According to RansomHub, the stolen trove included personal and corporate records such as passports, Social Security numbers, contact details, financial documents, HR analytics, and confidential contracts. The gang initially published details of the breach on its dark web site but later removed Manpower’s listing, raising speculation that a ransom may have been paid to prevent further data leaks. 

RansomHub is a ransomware-as-a-service (RaaS) operation that emerged in early 2024, evolving from earlier groups known as Cyclops and Knight. Since then, it has been linked to numerous high-profile attacks against global organizations, including Halliburton, Kawasaki’s European operations, Christie’s auction house, Frontier Communications, Planned Parenthood, and the Bologna Football Club. The group was also behind the leak of data stolen in the massive Change Healthcare cyberattack, one of the largest breaches in the U.S. healthcare sector, impacting more than 190 million individuals. 

Last year, the FBI reported that RansomHub affiliates had breached over 200 critical infrastructure organizations across the United States, further underlining the group’s reach and persistence. While ManpowerGroup has not confirmed the exact nature of the stolen data or whether negotiations occurred, a company spokesperson clarified that the incident was confined to an independently operated franchise in Lansing. The spokesperson emphasized that the franchise runs on a separate platform, meaning no ManpowerGroup corporate systems were compromised.

The breach highlights the growing risks ransomware attacks pose to global enterprises, particularly those handling large volumes of sensitive employee and client data. It also reflects how threat actors like RansomHub continue to exploit vulnerabilities in third-party and subsidiary operations, targeting organizations indirectly when direct access to corporate systems is more difficult.
Read more »
Personal Information
customer data compromise customer data leak customer data privacy Data Breach Data Leak Data Privacy data security Database Leaked Fashion Retailer Personal Information

SABO Fashion Brand Exposes 3.5 Million Customer Records in Major Data Leak

 

Australian fashion retailer SABO recently faced a significant data breach that exposed sensitive personal information of millions of customers. The incident came to light when cybersecurity researcher Jeremiah Fowler discovered an unsecured database containing over 3.5 million PDF documents, totaling 292 GB in size. The database, which had no password protection or encryption, was publicly accessible online to anyone who knew where to look. 

The leaked records included a vast amount of personally identifiable information (PII), such as names, physical addresses, phone numbers, email addresses, and other order-related data of both retail and business clients. According to Fowler, the actual number of affected individuals could be substantially higher than the number of files. He observed that a single PDF file sometimes contained details from up to 50 separate orders, suggesting that the total number of exposed customer profiles might exceed 3.5 million. 

The information was derived from SABO’s internal document management system used for handling sales, returns, and shipping data—both within Australia and internationally. The files dated back to 2015 and stretched through to 2025, indicating a mix of outdated and still-relevant information that could pose risks if misused. Upon discovering the open database, Fowler immediately notified the company. SABO responded by securing the exposed data within a few hours. 

However, the brand did not reply to the researcher’s inquiries, leaving critical questions unanswered—such as how long the data remained vulnerable, who was responsible for managing the server, and whether malicious actors accessed the database before it was locked. SABO, known for its stylish collections of clothing, swimwear, footwear, and formalwear, operates three physical stores in Australia and also ships products globally through its online platform. 

In 2024, the brand reported annual revenue of approximately $18 million, underscoring its scale and reach in the retail space. While SABO has taken action to secure the exposed data, the breach underscores ongoing challenges in cybersecurity, especially among mid-sized e-commerce businesses. Data left unprotected on the internet can be quickly exploited, and even short windows of exposure can have lasting consequences for customers. 

The lack of transparency following the discovery only adds to growing concerns about how companies handle consumer data and whether they are adequately prepared to respond to digital threats.
Read more »
ScatteredSpider
Co-op customer data compromise Cyber Attacks cyber intrusion data security DragonForce DragonForce Ransomware Group Malware. Scattered Spider Marks & Spencer ransomware attacks Ransomwares ScatteredSpider

Scattered Spider Cyberattack Cripples M&S, Co-op: DragonForce Ransomware Causes Weeks-Long Disruption

 

Weeks after a significant cyberattack disrupted operations at major British retailers, companies like Marks & Spencer (M&S) and Co-op are still struggling to restore full functionality. Despite public reassurances, the scope of the attack is proving more serious than initially acknowledged. M&S CEO Stuart Machin recently confirmed that personal customer data had been accessed, prompting the company to require password resets for online accounts. Online orders on the M&S website remain suspended weeks after the breach, and no clear timeline has been offered for full recovery. 

The attack first became public on April 25 when M&S halted its online operations due to a cyber intrusion. Within days, Co-op revealed it had also been targeted in an attempted hack, which disrupted several services. Harrods, another luxury retailer, was also reportedly affected during this wave of cyberattacks. While M&S is still unable to process online sales, Co-op has only just resumed stocking its shelves, and both companies remain silent about when operations might return to normal. Government officials have weighed in on the seriousness of the incident. 

Cabinet Office Minister Pat McFadden called the attack a “wake-up call” for British businesses, highlighting the urgent need for enhanced cybersecurity protocols. Financial losses have been steep. M&S is reportedly losing £3.5 million per day while its website remains offline, and its stock has dropped by an estimated half a billion pounds in market value. Co-op also disclosed that customer data had been compromised, and they experienced issues with card payments at the height of the disruption. 

Investigations suggest the cybercriminal group known as Scattered Spider is responsible. Known for targeting large enterprises, the group is believed to have used a ransomware strain called DragonForce to paralyze systems. According to cybersecurity experts, the attackers may have exploited unpatched vulnerabilities and misconfigured systems to gain entry. Reports indicate they employed SIM-swapping tactics to hijack phone numbers and impersonate employees, fooling IT help desks into granting system access. Once inside, the hackers are believed to have compromised Microsoft Active Directory—a central hub that connects internal networks—potentially gaining access to crucial files and passwords. 

Though it’s unlikely they decrypted these password files directly, the level of access would have allowed them to severely disrupt internal systems. Experts say this level of infiltration can cripple multiple areas of a business, making recovery extremely challenging without a full rebuild of core IT infrastructure. One reason for the prolonged disruption may be that both M&S and Co-op chose not to pay the ransom, in line with UK government advice. While this decision aligns with best practices to avoid funding cybercrime, it also means recovery will take significantly longer. 

Despite the chaos, M&S has emphasized that no payment information or account passwords were compromised. The company is urging customers to reset their passwords for peace of mind and has provided guidelines on staying safe online. Co-op has resumed deliveries to most of its stores but acknowledged that some shelves may still lack regular stock. Empty shelves and apology signs have appeared across affected stores, as customers share their frustrations online. 

This incident underscores the growing threat posed by sophisticated cybercriminals and the urgent need for companies to prioritize cybersecurity. From exploiting human error to using advanced ransomware tools, the tactics are evolving, and so must the defenses.
Read more »
SSNs
Banking Information customer data compromise Data Breach Data Leak IMS Information Security LockBit LockBit ransomware Ransomware attack SSNs

LockBit Ransomware Attack on Infosys McCamish Systems Exposes Sensitive Data of Over Six Million Individuals

 

Infosys McCamish Systems (IMS) recently disclosed that a LockBit ransomware attack earlier this year compromised sensitive information of more than six million individuals. IMS, a multinational corporation specializing in business consulting, IT, and outsourcing services, primarily serves the insurance and financial services industries. The company has a significant presence in the U.S., catering to large financial institutions such as the Bank of America and seven out of the top ten insurers in the country. 

In February 2024, IMS informed the public about the ransomware attack that occurred in November 2023. Initially, the company reported that the personal data of around 57,000 Bank of America customers had been compromised. LockBit, the group responsible for the attack, claimed to have encrypted 2,000 computers within the IMS network. A recent notification to U.S. authorities revealed that the total number of affected individuals now exceeds six million. The notification outlined the steps taken by IMS, including the involvement of third-party eDiscovery experts, to conduct a thorough review of the compromised data. 

This review aimed to identify the personal information accessed and determine the individuals impacted. The compromised data includes a wide range of sensitive information, such as Social Security Numbers (SSNs), dates of birth, medical records, biometric data, email addresses and passwords, usernames and passwords, driver’s license or state ID numbers, financial account information, payment card details, passport numbers, tribal ID numbers, and U.S. military ID numbers. To mitigate the risks associated with this data exposure, IMS is offering affected individuals a free two-year identity protection and credit monitoring service through Kroll. 

The notification letters provided instructions on how to access these services. IMS has not disclosed the full list of impacted clients, but the notification mentioned Oceanview Life and Annuity Company (OLAC), an Arizona-based provider of fixed and fixed-indexed annuities, as one of the affected organizations. The list of impacted data owners may be updated as more customers request to be named in the filing. 

This breach highlights the critical importance of robust cybersecurity measures and the significant impact such attacks can have on both individuals and large financial institutions. The LockBit ransomware attack on IMS serves as a stark reminder of the vulnerabilities within the digital infrastructure of major corporations and the far-reaching consequences of data breaches.
Read more »
Taj Hotels data breach
CERT-In customer data compromise Cybersecurity Incident Data Breach Dnacookies hack Taj Hotels data breach

Taj Hotels Faces Data Breach, Revealing Data of 1.5 Million Customers

 

The cybersecurity landscape witnessed a recent data breach that sent shockwaves through the esteemed Taj Hotels chain. Perpetrated by the group "Dnacookies," the hack has potentially impacted more than 1.5 million consumers, prompting heightened concerns about data security, customer privacy, and the overall state of digital defenses within the hotel industry.

According to reports from CNBC-TV18, the compromised data spans a six-year period, ranging from 2014 to 2020. The exposed information includes addresses, membership IDs, mobile numbers, and other personally identifiable details. Despite the hacker's claim that the dataset is "non-sensitive," the reality is that any compromise of personal information can expose individuals to various risks, from identity theft to financial fraud.

The Indian Hotels Company Ltd. (IHCL), the entity overseeing Taj Hotels, promptly responded to the breach. A spokesperson for IHCL acknowledged the situation, emphasizing that the compromised customer data is deemed non-sensitive. However, the company is taking the incident seriously, initiating an investigation and notifying relevant authorities. A commitment to continuous system monitoring is deemed crucial to prevent further unauthorized access.

The severity of the situation is highlighted by the participation of the Indian Computer Emergency Response Team (CERT-In), a government agency responsible for addressing and mitigating cybersecurity incidents in India. CERT-In's involvement suggests that the breach extends beyond a concern for Taj Hotels, carrying broader implications for national cybersecurity.

"Dnacookies" has articulated specific demands, introducing complexity to an already intricate situation. The insistence on a middleman for negotiations, an all-or-nothing approach to data release, and a refusal to provide additional samples hint at a calculated and methodical strategy, raising questions about the motives behind the breach—whether purely financial or with more insidious intentions.
 
Beyond immediate concerns about breached data, the incident poses potential ramifications for both individuals and Taj Hotels. Affected customers face an increased risk of identity theft and financial fraud. Moreover, the reputation of Taj Hotels, synonymous with luxury and trust, is at stake. Customer trust in the overall security measures of the hospitality industry may be compromised.

Taj Hotels and similar establishments find themselves at a critical juncture in reassessing and strengthening their cybersecurity procedures as the investigation unfolds. This involves implementing sophisticated encryption techniques, regularly updating security systems to address new threats, and providing comprehensive training to staff members to raise awareness and prevent security lapses. Staying ahead of cyber threats necessitates collaboration with cybersecurity specialists and government organizations, exemplified by CERT-In's active engagement.
:
The Taj Hotels data breach underscores the intrusive and dynamic nature of cyber threats. Data security should be a primary concern for all businesses, particularly those in the hospitality industry where digital interactions are integral to modern life. The industry at large is urged to learn from the Taj Group's experience, bolster cybersecurity protocols, and collaborate to ensure digital infrastructure resilience against evolving cyber threats.
Read more »
Subscribe to: Posts (Atom)