Sarah Motter reports: Missouri regulators say a major national vendor is stonewalling their investigation into a cybersecurity breach that could affect millions of consumers. The Missouri Department of Commerce and Insurance now says it is escalating its response to the cybersecurity breach at Conduent Business Services. Conduent is a national vendor that handles sensitive insurance...

Source

Sergiu Gatlan reports: The ShinyHunters extortion gang stole personal information belonging to over 119,000 people after hacking the Vimeo online video platform in April, according to data breach notification service Have I Been Pwned. Vimeo is a video hosting and streaming platform publicly traded on the Nasdaq stock market, with over 300 million registered users...

Source

Caitlyn Rosen reports: A class of Michiganders asserted in a federal lawsuit filed Thursday that a Thomson Reuters search engine wrongfully published their Social Security numbers. In an 11-page lawsuit filed in the U.S. District Court for the Eastern District of Michigan, the class claims Reuters search engines publicly displayed plaintiffs’ social security numbers in...

Source

Data from Japanese firms indicates that paying ransom is unlikely to enable full recovery of encrypted data. Japan Today reports: At least 222 Japanese companies have paid ransomware attackers in the past, yet about 60 percent of them still failed to recover their data, according to a recent survey. Of 1,107 firms that responded to...

Source

Nogo Mania reports: The football world faces a serious security crisis. A large-scale cyberattack targeted the Asian Football Confederation, exposing sensitive data linked to more than 150,000 players and staff. The breach ranks among the most serious incidents in football history. Reports state that the leaked information includes passport copies, contracts, email addresses, and personal identification data. The...

Source

Oh Seok-min reports: Personal information of around 100,000 customers has been leaked from a golf course, prompting a police investigation, sources said Sunday. The Korean National Police Agency is probing the case after the website of Lee & Lee Country Club in the county of Gapyeong, about 55 kilometers northeast of Seoul, was hacked, with...

Source

Hyun Su-a reports: Duo Info, South Korea’s top matchmaking company, leaked the personal information of 430,000 members, authorities said. The leaked items went far beyond names and email addresses to include religion, hobbies, height, weight, education and remarriage history. Excluding income and asset information, virtually all of the members’ personal details were exposed externally. The...

Source

Alberto Payo reports: A cybersecurity company based in Mexico, BePrime, was reportedly the victim of a cyberattack that allegedly resulted in the leak of 12.6 GB of data and access to network infrastructure and video surveillance, according to information published by the supposed attacker on a cybercrime forum. The company, which provides connectivity and security services to large corporations...

Source

Not everyone complies with the conditions of pre-sentencing release. After pleading guilty to a credential stuffing attack, this defendant reopened his online criminal shop and advertised what he was doing. Unsurprisingly, he was re-arrested and remanded into federal custody. Although the DOJ announcement does not name the betting site, it was reported in news as...

Source

When the FBI issued a Private Industry Notice in May 2025 about the Silent Ransom Group (SRG) targeting law firms, they were not exaggerating. The image on the left side of this post is not a new geometric wallpaper. The green boxes represent law firm listings on SRG’s leak site. There are about 38 by...

Source

Here we go again?  Lara Pearce reports: Popular travel website Booking.com has warned customers that their personal information including booking details and names may have been accessed by an “unauthorised third party”. Booking.com is one of the largest digital travel companies globally, with more than 28 million accommodation listings worldwide. The company sent emails to some of its Australian...

Source

Joe Tidy reports: Grand Theft Auto developer Rockstar Games has been targeted for a second time in three years by hackers. The data breach affecting the gaming giant was reported by cybersecurity news outlets on Saturday, after a group of hackers claimed responsibility for the hack. In posts viewed by outlets, the criminals said they...

Source

Jones Day wasn’t the only big law firm to recently fall prey to threat actors variously known as Silent Ransom Group, Luna Moth, Chatty Spider, or UNC3753. DataBreaches will refer to them as the Silent Ransom Group (“SRG”).* In January, SRG gained access to the law firm of Orrick, Herrington & Sutcliffe LLP (“Orrick”). In...

Source

Laura Cress reports: A former Meta employee suspected of downloading around 30,000 private images of Facebook users is being investigated by the Metropolitan Police. The engineer, who lives in London, is believed to have designed a program to be able to access personal pictures on the site while avoiding security checks. A Meta spokesperson told...

Source

Rob White reports: A major pensions administrator is under investigation after admitting its second data breach in three years, the Government has confirmed. Capita, which runs the Civil Service Pension Scheme, confirmed that up to 138 retirees received the wrong annual statement or had theirs accessed by other scheme members during a data breach in...

Source

Upasana Sajeev reports an update to a case previously noted on this site: The Madras High Court has dismissed an appeal filed by cybersecurity specialist Himanshu Pathak against a single judge’s order dismissing his plea seeking directions to the Ministry of Electronics and Information Technology, the Ministry of Finance, the Ministry of Home Affairs, the...

Source

One of the top-ranked law firms in the country confirmed today that it has suffered a data breach. Jones Day disclosed the breach after hackers known as Silent Ransom Group (SRG) posted the data ​to their dark web leak site on March 30. A spokesperson for the firm said that limited files for 10 clients...

Source

DocketWise is an immigration and case management solution designed for immigration attorneys. The firm informed the Maine Attorney General’s Office on April 3 of a September 1, 2025, data breach that affected the personal information of its law firm clients’ clients.  The types of information involved varied by individual client. Their notification to Maine states...

Source

Paulo Vargas reports: Your Strava runs might feel private, but a new Strava military data leak shows how easily that information can reveal more than your workout. In the latest case, activity logs have been linked to more than 500 UK military personnel, connecting everyday exercise to sensitive locations. This goes beyond visible routes. Shared histories and account details...

Source

Unauthorized access to Auger & Auger‘s network lasted all of 25 minutes on February 17, 2026.  On March 30, the North Carolina personal injury law firm notified those affected and offered them 1 year of complimentary identity protection services from EPIC-Privacy D Solutions. In their notification letter, Auger & Auger informed those affected that the...

Source