On October 16 and 17, the ScatteredLAPSUS$Hunters Telegram channel repeatedly violated Telegram’s TOS by leaking personal information on people — and in this case, information on employees of the Department of Justice (DOJ/FBI), U.S. Attorneys Office (DOJ/USAO), the Department of Homeland Security (DHS), and the Federal Aviation Authority (FAA). DataBreaches did not report on it...

Source

The following are just a few of the pictures I took today at a “No Kings” protest held in Nassau County, New York. It was a peaceful protest. There was a larger-than-expected turnout, with minimal and respectful police presence. As I anticipated in my post explaining why I was going, there were a lot of...

Source

The following is a personal statement. Today is a day of national protest against the authoritarian regime being imposed by a narcissist and those who are afraid to stand up to him. Today is the day when my husband — an arch-Conservative who has never participated in a political protest in his life — is...

Source

Joseph Topping reports: Heywood Hospital and Athol Hospital said a network outage this week was caused by a cybersecurity incident. The hospitals said they took affected systems offline and engaged a third-party cybersecurity firm. The facilities—Heywood Hospital in Gardner, Massachusetts, and Athol Hospital in Athol, Massachusetts—remain open and caring for patients; earlier in the week...

Source

Ionut Arghire reports: More than 17 million individuals were likely impacted by a data breach at peer-to-peer lending marketplace Prosper, data breach notification service Have I Been Pwned warns. Prosper disclosed the incident last month, noting that hackers accessed its network and stole confidential, proprietary, and personal information from its systems. According to the US-based...

Source

On October 14, the attorney for the man whom France claims to be the head of ShinyHunters held a press conference that included some statements on his client’s case. So far, neither France nor the attorney, Juan Branco, has disclosed the arrested man’s name, so we are not really sure who his client is. All...

Source

Here’s a must-read post, especially if you read and repeated claims that DragonForce, Qilin, and LockBit have formed some kind of cartel. Marco A. De Felice writes on SuspectFile: In the recently published “Threat Spotlight: Ransomware and Cyber Extortion in Q3 2025” by ReliaQuest, one particular section drew significant attention: the claim of an alleged “alliance” between three ransomware...

Source

Nicole Aljet reports an update on a data breach that had been disclosed by Regal Medical Group in February 2023. Current and former patients who received a notice in early 2023 stating a data breach involving Heritage Provider Network or its affiliates may have exposed their personal or medical information could qualify to claim a cash payment...

Source

Stewart Lewis reports: Operations at the Kelowna, B.C., airport (YLW) were disrupted Tuesday evening after its passenger information screens and public address systems were overtaken in a terrorist cyberattack. The incident began about 5:15 p.m., when pro-Hamas messaging could be seen and heard throughout the airport. A message took over flight information screens announcing the system was...

Source

Greg Otto reports: F5, a company that specializes in application security and delivery technology, disclosed Wednesday that it had been the target of what it’s calling a “highly sophisticated” cyberattack, which it attributes to a nation-state actor. The announcement follows authorization from the U.S. Department of Justice, which allowed F5 to delay public disclosure of...

Source

Resecurity has published a new report, “Qilin Ransomware and the Ghost Bulletproof Hosting Conglomerate.”  Here is the introduction: The following Resecurity report will explore the Qilin ransomware-as-a-service (RaaS) operation’s reliance on bullet-proof-hosting (BPH) infrastructures, with an emphasis on a network of rogue providers based in different parts of the world. Qilin is one of the most prolific and formidable...

Source

Lauren Giella reports: Oklahoma health system Integris Health reached a $30 million settlement in a data breach class action lawsuit that impacted over two million people over two years ago. This agreement settles a class action lawsuit filed in the U.S. District Court for the Western District of Oklahoma that accuses Integris of negligence after...

Source

Yonhap News reports: The Ministry of Science and ICT said Monday it has asked the police to investigate allegations that KT obstructed a government probe into the company’s unauthorized mobile payment breaches. In late August, unauthorized mobile payments worth a combined 240 million won ($168,000) were reported in Seoul and nearby areas after the personal...

Source

Lawrence Abrams reports: Oracle has silently fixed an Oracle E-Business Suite vulnerability (CVE-2025-61884) that was actively exploited to breach servers, with a proof-of-concept exploit publicly leaked by the ShinyHunters extortion group. The flaw was addressed with an out-of-band security update released over the weekend, which Oracle said could be used to access “sensitive resources.” “This...

Source

The Information Commissioner’s Office has fined Capita plc and Capita Pension Solutions Ltd a combined £14m following a cyber attack in April 2023 which saw hackers gain access to over 6m people’s data. Stroud News & Journal reports: Outsourcing giant Capita has been fined £14 million by the Information Commissioner’s Office (ICO) for failing to...

Source

Stephen Withers reports: Regulations such as the General Data Protection Regulation (GDPR) and the Australian Prudential Regulation Authority’s (Apra’s) CPS 230 standard have led organisations to become “really obsessed” with the 72-hour notification window following a data breach, according to Shannon Murphy, global security and risk strategist at Trend Micro. However, this focus means many are still...

Source

Jay Peters reports: 5CA is a customer service support company that works with Discord. Recently, the chat platform said the vendor had been breached as part of a “security incident” where 70,000 government ID photos may have leaked. Now, 5CA says in a post on its website that it was “not hacked.” According to Discord, “this incident impacted a...

Source

NEW YORK – New York Attorney General Letitia James today secured $14.2 million from eight car insurance companies for failing to protect the private information of more than 825,000 New Yorkers. The data breaches were part of a hacking campaign that targeted car insurance companies’ quoting tools and stole people’s personal information, including driver’s license...

Source

Steven L. Imber, Justin T. Liby, Jennifer L. Osborn, Zachary R. Dyer, and Pavel (Pasha) A. Sternberg of Polsinelli PC write: In two separate but related actions, third party administrators (TPAs) and their insurance business partners agreed to substantial settlements to resolve allegations that they failed to adequately safeguard sensitive data from cyberattacks.  In the...

Source

In a special edition of “No need to hack when it’s leaking,” DataBreaches reports on a software vendor that, despite multiple attempts by multiple parties, continues to expose confidential and sealed court records.  Overview As a matter of policy, DataBreaches does not publish unredacted stolen or leaked data if it would expose personally identifiable or...

Source