Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label data breach news. Show all posts
trending news
cybersecurity news Data Breach data breach news trending news

Zscaler Confirms Exposure in Salesloft-Linked Data Breach

 

Zscaler has confirmed that it is among the latest organizations to be impacted by a major supply chain attack exploiting the Salesloft Drift application, which integrates with Salesforce. 

According to the company, attackers managed to steal OAuth tokens tied to the third-party app, giving them access to Zscaler’s Salesforce environment. The security vendor explained that the compromised data mainly consisted of business-related information rather than sensitive personal or financial records. Specifically, the exposed details included names, work email addresses, job titles, phone numbers, location data, licensing and commercial details relating to Zscaler products, as well as plain-text content from certain customer support cases. However, Zscaler emphasized that no attachments, files, or images were accessed in the incident. 

Upon detecting the unauthorized activity, the company acted quickly by revoking the Drift app’s access and rotating other API tokens as a precaution. In addition, it claimed to have put in place new safeguards and strengthened protocols to reduce the likelihood of similar breaches in the future. 

While Zscaler noted that the incident appeared limited in scope and said there is no evidence so far of any misuse of the exposed data, it urged customers to exercise extra caution. The company warned that malicious actors could exploit the stolen information for phishing campaigns or social engineering attacks, and therefore advised clients to be vigilant about unsolicited emails, calls, or requests for confidential information. 

This breach is part of a wider campaign being tracked by security researchers as UNC6395, which is said to have compromised numerous Salesforce customer environments between August 8 and August 18. The attackers reportedly exfiltrated large volumes of customer data during that period, potentially affecting hundreds of organizations. 

More recently, it has also been revealed that the same campaign targeted a limited number of Google Workspace accounts through Salesloft Drift integrations, further underlining the scope of the threat. Given the scale and operational sophistication demonstrated, some experts have speculated that a nation-state threat actor could be behind the attacks. 

Zscaler’s disclosure follows similar admissions from other companies caught in the same campaign, highlighting the continuing risks posed by supply chain compromises in cloud-based business ecosystems.
Read more »
data breach news
Allianz Life Cybersecurity Data Breach data breach news

Allianz Life Confirms Data Breach Affecting 1.4 Million Customers in North America

 

Allianz Life Insurance Company of North America has confirmed a significant data breach that compromised the personal information of a majority of its 1.4 million U.S. customers. The breach, discovered in mid-July, involved sensitive data including names, addresses, dates of birth, and Social Security numbers. 

According to a statement issued by parent company Allianz SE to the BBC, the incident occurred on July 16, 2025, when hackers exploited a third-party, cloud-based customer relationship management (CRM) system used by Allianz Life. 

The attackers gained access through a social engineering attack, an increasingly common tactic in which cybercriminals manipulate employees into providing access credentials or system entry. The breach was limited to Allianz Life’s North American operations and did not impact the wider global operations of Allianz SE, which serves over 125 million customers worldwide. 

The company stressed that there is no evidence suggesting the intrusion affected its core network or internal policy systems. While the precise number of affected individuals was not confirmed in the company's legal filing with the Maine Attorney General’s office, estimates suggest that nearly all of Allianz Life’s American customer base may have been impacted. Following the discovery of the breach on July 17, Allianz Life said it took swift action to contain the incident, informed the FBI, and engaged cybersecurity experts to investigate and reinforce system security. 

The company began notifying affected individuals on August 1 and is offering free identity monitoring services. There is currently no indication that the stolen data has been publicly leaked or posted to the dark web. However, cybersecurity analysts warn that stolen information of this nature may be sold or used in identity theft schemes over time. 

Notably, the hackers did not demand a ransom, and Allianz has not attributed the attack to any particular group. The company has not ruled out the possibility that the attackers may have targeted specific individuals or demographics within its customer base. This incident is part of a wider trend, with other major insurers including Aflac and Erie Insurance, also facing cyberattacks in recent months. 

The growing prevalence of data breaches highlights the need for more robust digital defences, particularly in industries handling sensitive financial and personal data. Consumers are advised to remain vigilant, use strong passwords, enable two-factor authentication (2FA), and monitor their credit and financial accounts for any suspicious activity.
Read more »
Subscribe to: Posts (Atom)