Cyberattack Disrupts Operations of Japanese Frozen Food Giant Nichirei ↗
Japanese frozen food giant Nichirei experienced a cyberattack on July 13 that disrupted its operations. The company has begun the process of gradually restoring its systems.
Breach disclosures, data exposure incidents
RSS feed for this categoryJapanese frozen food giant Nichirei experienced a cyberattack on July 13 that disrupted its operations. The company has begun the process of gradually restoring its systems.
U.S. prosecutors have charged a man and a woman in New York for their involvement in a significant crime ring that laundered $43 million obtained through investment fraud scams. The charges stem from their alleged roles in facilitating the movement of illicit funds, which were derived from cyber-enabled investment schemes.
Coca-Cola's dairy subsidiary, Fairlife, has experienced a ransomware attack that has temporarily halted its production across the United States. The attack has impacted operations, leading to a suspension of Fairlife product manufacturing.
Two hackers associated with the Scattered Spider group, Owen Flowers and Thalha Jubair, have been sentenced to five and a half years in prison each for their 2024 hack of Transport for London (TfL). The attack rendered 148 TfL systems inoperable and required all 27,000 employees to reset their passwords in person, resulting in significant losses and recovery costs for the transport authority.
Genetic testing company 23andMe will pay $18 million to settle claims from 43 attorneys general. The settlement addresses allegations that the company failed to adequately protect customers' genetic data. This case highlights the importance of robust data security measures for companies handling sensitive personal information.
Two individuals associated with the cybercrime group Scattered Spider have been sentenced to prison for their roles in the 2023 cyberattack on Transport for London (TfL). This conviction marks the largest cybercrime prosecution in UK history.
Two key members of the Scattered Spider cybercrime group have been sentenced to five years and six months in prison each. This sentencing stems from their involvement in the 2024 hack of Transport for London (TfL). The conviction highlights the legal consequences for individuals engaged in sophisticated cyberattacks.
A law firm reportedly used a single, shared administrative password for multiple systems, including its case management system. This practice allowed unauthorized access to sensitive client data, as any individual with the password could potentially view or alter confidential information.
A tech support scam led to a massive data breach at Australian airline Qantas, potentially exposing the personal information of 5.7 million people. The breach occurred due to the scam, although the airline claims the exposed data does not violate privacy rules.
Spanish police have dismantled a sophisticated cybercrime ring that defrauded victims out of €140 million through investment scams and business email compromise (BEC) attacks. Four individuals have been arrested as part of the operation, which also targeted money laundering activities associated with the illicit gains.
The cybercrime group D1R claimed to have stolen data from Synopsys and Bosch and threatened to release it unless a ransom was paid. Synopsys has investigated the claims and found no evidence to support a data breach at their company.
Elon Musk has pledged a significant cleanup following the discovery that xAI's Grok AI was inadvertently sending entire code repositories to its cloud servers. The issue, which exposed sensitive intellectual property, has reportedly been resolved, with uploads ceasing.
Japan's largest taxi operator, Nihon Kotsu, has shut down parts of its systems following a cyberattack. The attack has disrupted the company's operations, though further details about the nature of the attack or the extent of the compromise have not yet been released.
CISA has released a postmortem on a data leak where a contractor inadvertently exposed internal credentials, including AWS Govcloud keys, on a public GitHub repository for nearly six months. KrebsOnSecurity was instrumental in bringing the issue to CISA's attention. The agency's identified response gaps offer valuable insights for all security teams.
Lidl has informed customers in Germany, Belgium, and the Netherlands about a data breach that occurred at one of its service providers. Attackers gained access to the service provider's systems and consequently stole personal information belonging to Lidl customers.
Progress has ordered an emergency shutdown of its ShareFile servers due to a mysterious security threat. While the vendor claims there's no evidence of unauthorized access, they are advising customers to take drastic precautions, including disabling the service.
Centers Laboratory, a healthcare testing and laboratory services provider, has experienced a data breach. The WorldLeaks extortion group claims to have stolen 720 GB of data, potentially impacting 540,000 individuals.
Cybersecurity researchers have uncovered persistent cyber espionage campaigns targeting Pakistani law enforcement, with suspected China- and India-aligned threat actors exploiting the Balochistan Police portal. The attackers gained access to servers managing police and citizen data, including criminal records, between February 2024 and April 2026.
Cyberattacks targeting healthcare service providers and related businesses have more than doubled in the first half of 2026, significantly outpacing the modest growth in attacks against hospitals and clinics. This surge indicates a shift in criminal focus within the healthcare sector.
The Dutch National Police has uncovered strong evidence suggesting that Dutch hackers were behind a data breach at telecommunications provider Odido that occurred in February. The investigation is ongoing as authorities seek to identify and apprehend the individuals responsible.
Several cybersecurity incidents and developments were highlighted, including a hack of a DHS database, Adobe's increased patch frequency, and Canadian efforts to disrupt ransomware operations. Additional news includes a lawsuit against Abnormal AI by Anthropic, a data breach affecting 7 million people at AssuranceAmerica, and the NSA reinstating its TAO.
Fashion e-commerce platform Miinto has disclosed a data breach that occurred after a perpetrator accessed its order management system. The company is notifying affected customers and advising them to be vigilant against potential phishing attempts.
SentinelOne reports that both Chinese and Indian-linked hacking groups have been targeting the Balochistan Police force in Pakistan for at least the past two years. This indicates a sustained and multifaceted threat against the organization.
NHS Forth Valley is investigating an email data protection incident involving maternity patients' data. The incident occurred due to a "stuff-up" in email handling, highlighting ongoing data protection challenges within the health service.
An unnamed U.S. county, potentially in Ohio, paid a $1 million extortion demand to cybercriminals. Leaked negotiation transcripts reveal details of the incident, indicating a successful ransomware attack.
A data breach at Japanese telecommunications company KDDI has impacted approximately 12 million individuals. Hackers reportedly exploited a zero-day vulnerability in a third-party system to gain access to KDDI's email system for ISPs.
Mount Royal University has confirmed a ransomware attack where hackers gained access to its internal network and deleted two drives containing sensitive data. The compromised information includes details about employees, students, and the university itself.
AssuranceAmerica, an American insurance company, has reported a data breach that exposed the records of approximately 6.9 million drivers. Attackers gained unauthorized access to the company's systems earlier this year, leading to the exposure of sensitive driver information.
Mount Royal University has confirmed a data breach after hackers claimed responsibility for the attack. The attackers reportedly stole and subsequently deleted data from the university's file storage systems after gaining access to its network.
Accenture has confirmed a data breach after a hacker claimed to have stolen source code from the company. The company stated that the incident has been contained, the source code has been remediated, and there has been no impact on operations or service delivery.
Japanese telecommunications company KDDI has announced a data breach affecting over 12 million individuals. The breach occurred on an email platform used by five internet service providers, exposing email addresses and passwords.
Accenture has confirmed a security breach after a threat actor claimed to have stolen 35 GB of source code and other data. The hacker is reportedly offering this stolen data for sale on the dark web.
A county government in Ohio reportedly paid $1 million to a cyber extortion group. The payment was allegedly made to prevent the public release of sensitive stolen data. This incident highlights the significant financial impact of ransomware and extortion attacks on local government entities.
U.S. prosecutors have linked an alleged Scattered Spider hacker to a luxury jewelry retailer's breach using a persistent Windows device ID. Microsoft records connected this ID to the attackers' access account during the May 2025 intrusion and subsequently to online accounts believed to belong to 19-year-old Peter Stokes.
Moody Bible Institute has disclosed a cyberattack that exposed the personal data of approximately 2.3 million individuals. The leaked information includes names, addresses, and dates of birth, with the threat actor group ShinyHunters claiming responsibility for the breach.
Higher education institutions increasingly rely on a few large SaaS platforms for critical operations, creating single points of failure. A recent major learning management system breach during finals week highlighted the severe academic and operational disruption that can occur when these platforms go down. This emphasizes the need for robust contingency planning beyond vendor SLAs and compliance certifications.
A U.S. government entity paid approximately $1 million to an entity named Kairos to prevent the leak of stolen data. Analysis suggests Kairos may not operate as a traditional ransomware group, as no evidence of data locking was found.
AdaptHealth, a healthcare solutions provider, has reported a data breach where attackers gained access to its cloud systems by "sweet-talking" a third-party contractor. This intrusion led to the theft of patient health information and insurance billing passwords.
Medtronic has disclosed a data breach resulting from a ransomware attack by ShinyHunters, which compromised the company's corporate IT systems. The attackers accessed and stole patients' personal and medical information, affecting approximately 3.8 million individuals.
MeetingTV, a startup, is suing Palo Alto Networks' Koi Security for defamation. They claim an AI-generated report from Koi Security falsely linked MeetingTV to Chinese espionage. MeetingTV is seeking damages and an injunction to prevent further dissemination of the allegedly false information.
Medtronic, a medical device manufacturer, has alerted patients that their health data may have been accessed by cybercriminals. The breach occurred months after an attack by the ShinyHunters group, which also targeted the company's insulin pump and other device users.
Medtronic has informed its customers about a data breach that resulted in the exposure of personal data. The breach allowed an unauthorized third party to access sensitive information.
Kubota North America Corporation has revealed that malicious actors gained access to parts of its network systems for over a month earlier this year. The extent of the breach and the specific data impacted are still under investigation.
The Department of Homeland Security (DHS) is investigating a cyberattack that compromised the Homeland Security Information Network (HSIN), a critical platform for sharing information among various government and private sector entities. The breach raised concerns about the security of sensitive data shared through the network.
Amazon has been fined $2.25 million by the U.S. Federal Trade Commission (FTC) for withholding transaction records from victims of fraud. This action by the FTC aims to ensure that individuals affected by fraud can access necessary evidence to reclaim their stolen funds.
A researcher has released a large collection of zero-day exploits. The article also briefly mentions a data breach at a sensitive DHS network, a Supreme Court ruling restricting geofence warrants, and Huntress denying accusations of a malicious insider threat.
Aflac Japan experienced a data breach where hackers accessed its policyholder portal multiple times between June 15 and June 25. The incident has impacted approximately 4.38 million individuals.
Aflac has reported a data breach impacting its Japan subsidiary, where attackers gained access to personal and bank account information. The breach occurred after attackers compromised the subsidiary's systems.
Nissan has confirmed a data breach affecting its employees following a hack targeting Oracle's PeopleSoft software. The breach is part of a larger campaign that has impacted a small number of organizations, with the full extent of the ongoing investigation still being determined.
India's central bank mandated the use of .bank domains for financial institutions to improve trust, but the registry for these domains has suffered a data leak. The leak exposed sensitive information, including API keys, that could be exploited for impersonation attacks.