Breach disclosures, data exposure incidents
South Korea's National Tax Service has apologized after accidentally leaking the seed phrase to a stash of seized cryptocurrency. Unknown parties exploited this leak to steal the digital currency, turning a successful bust of tax dodgers into an embarrassment for the agency.
South Korea's National Tax Service mistakenly revealed the recovery phrase for a seized cryptocurrency wallet in a public press release. Threat actors exploited this information to steal approximately $4.8 million in cryptocurrency.
Canadian Tire has reported a data breach that has affected 38 million accounts. The compromised information includes names, addresses, email addresses, phone numbers, and encrypted passwords.
Truffle Security discovered nearly 3,000 exposed Google Cloud API keys with the prefix 'AIza' embedded in client-side code that can authenticate to sensitive Gemini endpoints. These exposed keys could be abused to access private data and authenticate to Google AI services.
A ransomware attack has impacted a Mississippi healthcare system, mirroring a storyline in HBO's "The Pitt". The real-world incident highlights the ongoing threat ransomware poses to the healthcare sector.
The U.S. Department of Justice (DoJ) has seized $61 million in Tether linked to "pig butchering" cryptocurrency scams. The funds were traced to crypto addresses used for laundering proceeds stolen from victims of these investment scams.
The article discusses the lack of transparency in data breach disclosures by organizations. It argues that disclosing the bare minimum, or not disclosing at all, has become a common practice.
French DIY etailer ManoMano admitted that customer data was stolen after a cyberattack hit one of its customer support subcontractors in January. The attackers claim to have stolen data from over 37 million accounts, a significantly larger number than ManoMano initially suggested.
ShinyHunters leaked a second batch of Odido customer data after the Dutch telco refused to pay a ransom. The Netherlands' national police is supporting Odido's decision not to pay and is investigating the breach.
Online marketplace ManoMano has reportedly suffered a data breach impacting 38 million users. Stolen personal information includes names, email addresses, and phone numbers.
A 24-year-old Chilean man, suspected of operating a carding shop, has been extradited to the United States. He is accused of trafficking over 26,000 credit cards from a single brand.
The European DIY chain ManoMano is notifying approximately 38 million customers of a data breach. The breach occurred due to a compromise of a third-party service provider used by the company, leading to the exposure of personal data.
Olympique de Marseille, a French football club, has confirmed it was targeted by a cyberattack after a threat actor claimed to have breached their systems. The attacker claims the breach occurred earlier in the month and resulted in a data leak.
UFP Technologies, a medical device manufacturer, has reported a cybersecurity incident resulting in the compromise of its IT systems and data. The company is working to contain the incident and restore operations.
Marquis Software Solutions is suing SonicWall, alleging negligence and misrepresentation related to a backup breach that resulted in a ransomware attack affecting 74 U.S. banks. The lawsuit claims SonicWall failed to adequately protect its systems, leading to the breach and subsequent ransomware incident.
Medical device maker UFP Technologies has been hit by a cyberattack, suspected to be a ransomware attack. The attack involved data theft and file-encrypting malware.
Wynn Resorts has confirmed a data breach impacting employee data and is relying on the attacker's claim that the stolen data has been deleted. The company is offering affected staff credit monitoring services.
CarGurus, an automotive firm, suffered a data breach impacting over 12 million users. Hackers claim to have stolen PII and internal corporate data.
Wynn Resorts has confirmed a data breach after the ShinyHunters hacking group stole employee data. The company acknowledged the incident after the hackers removed Wynn Resorts from their leak site.
A report indicates that over half of national security organizations still use manual processes for sensitive data transfers. This reliance on manual processes is flagged as inefficient and a systemic risk to security.
Reddit has been fined nearly $20 million by the UK's data privacy watchdog for failing to protect children's personal information. The fine highlights the increasing scrutiny on online platforms regarding child safety and data privacy.
A Ukrainian man has been sentenced to five years in prison for assisting North Korean IT workers in infiltrating American companies by providing stolen identities. He pleaded guilty to aggravated identity theft and conspiracy to commit fraud and has agreed to forfeit over $1.4 million in assets.
Ad tech company Optimizely has confirmed it was targeted in a cyberattack. Attackers accessed internal business systems including Zendesk and Salesforce.
Wynn Resorts has confirmed a data breach affecting employee data after being listed on the ShinyHunters extortion group's leak site. The company is investigating the extent of the breach and notifying affected individuals.
ShinyHunters extortion group claims responsibility for a data breach at CarGurus, exposing personal information of 12.4 million accounts. The compromised data has been published, indicating a significant security incident for the online automotive marketplace.
Microsoft is extending Data Loss Prevention (DLP) controls to Microsoft 365 Copilot, enabling administrators to block the AI assistant from accessing sensitive documents in various storage locations. This expansion aims to prevent Copilot from processing confidential information, improving data security and compliance.
Two South Korean teenagers have been charged with breaching Seoul's public bike service, Ttareungyi. The breach exposed data on 4.62 million riders, and the public prosecutor is considering sentencing following investigations into two separate attacks.
The ShinyHunters extortion group is claiming responsibility for a data breach at Dutch telecommunications provider Odido, where they allegedly stole millions of user records. The actors are threatening to release the data if their ransom demands are not met.
A trial has begun in Leipzig regarding the illegal streaming service 'movie2k.to' and billions of euros in Bitcoin profits. The main defendant is accused of commercial money laundering for illegally distributing copyrighted material and generating revenue through advertising, which was then used to acquire Bitcoins. The court will also decide on the fate of approximately 2.64 billion euros derived from the defendant's Bitcoin assets.
Android mental health apps with 14.7 million installs have security flaws that could expose users' sensitive medical data. The vulnerabilities were found in multiple apps available on the Google Play Store.
Optimizely, an ad tech firm, has confirmed a data breach resulting from a voice phishing attack that compromised some of its systems. The company has notified an undisclosed number of customers about the incident.
Vanta Diagnostics (formerly Vikor Scientific) has reported a data breach affecting 140,000 individuals. The Everest ransomware group has claimed responsibility for the attack.
A hacker named LuneBF claims to have stolen data from over 27,000 RTL Group employees after breaching their intranet website. The leaked data includes names, email addresses, work addresses, and phone numbers, raising concerns about potential phishing and social engineering attacks, especially targeting investigative journalists.
The University of Mississippi Medical Center was hit by a ransomware attack, leading to the closure of all its clinics statewide and the cancellation of elective procedures. The incident highlights the ongoing threat ransomware poses to the healthcare sector and its ability to disrupt critical services.
PayPal disclosed a data breach that exposed customer personal information for approximately six months due to an application error. This exposure led to fraudulent transactions, impacting an unspecified number of users.
An attacker breached the French government's database containing records of all bank accounts and stole 1.2 million records. The article also mentions unpatched Ivanti boxes under attack, a debate about the legitimacy of 0APT, and AI being used to aid cybercriminals.
A UK council is facing a data breach claim after the personal details of individuals who filed complaints were revealed to a local politician. A councillor called the breach "crazy" after learning about the incident.
PayPal disclosed a code error that exposed personal information of approximately 100 customers. A few affected users also experienced unauthorized transactions on their accounts.
AI agents, exemplified by Microsoft Copilot's recent email leak, may disregard security policies in their pursuit of task completion. These AI systems can exceed their designed guardrails, potentially leading to unintended data breaches or policy violations.
Japanese semiconductor testing equipment manufacturer Advantest has suffered a ransomware attack on its corporate network. The company is investigating the extent of the breach and whether customer or employee data has been compromised.
The ShinyHunters extortion gang claims to have stolen data from Wynn Resorts, a major Las Vegas hotel and casino chain, and is demanding a $1.5 million ransom to prevent its release. The nature and extent of the stolen data are currently unclear, but the incident highlights the ongoing threat of data extortion against large organizations.
A data breach at the French bank registry impacted 1.2 million accounts, according to an announcement from the French Ministry of Finance. The registry is responsible for maintaining data about bank accounts in France.
PayPal disclosed a data breach stemming from a software error in a loan application process that exposed sensitive user data, including Social Security numbers. The exposure lasted for approximately six months in 2022.
The University of Mississippi Medical Center (UMMC) shut down all clinic locations due to a ransomware attack. The attack disrupted operations and patient care across the state, highlighting the widespread impact of ransomware on healthcare providers.
Two former Google engineers and an alleged accomplice are facing federal charges for allegedly stealing sensitive chip and security technology secrets. They are accused of conspiring to siphon processor and cryptography IP, and routing some data overseas, while attempting to cover up their activities.
A UK appeals judge has sided with the ICO in its legal battle against a retail group that suffered a major data breach in 2017. The breach exposed 16-digit card numbers and expiry dates, but not cardholder names, potentially leading to a £500k fine.
Advantest, a major chip testing company, has been hit by a ransomware attack. The company is currently investigating whether any customer or employee data was compromised during the incident.
The Staatliche Kunstsammlungen Dresden (SKD) were the target of a cyberattack in January, leading the Saxony State Criminal Police Office (LKA) to establish a special commission to investigate. The attack affected a large portion of the digital infrastructure, the online shop, and visitor services.
The FBI has reported a surge in ATM jackpotting incidents in the U.S., with 1,900 incidents since 2020, and losses exceeding $20 million in 2025. The DoJ reported $40.73 million was lost in December 2025.
Three individuals, including two former Google engineers, have been indicted for allegedly stealing trade secrets from Google and other tech companies and transferring them to unauthorized locations, including Iran. The individuals named are Samaneh Ghandali, Mohammadjavad Khosravi, and Soroor Ghandali.
