A notorious hacker has announced the theft of data from an improperly protected server allegedly belonging to Deloitte.

The hacker known as IntelBroker announced late last week on the BreachForums cybercrime forum the availability of “internal communications” obtained from Deloitte, specifically an internet-exposed Apache Solr server that was accessible with default credentials.

Back in May, I started tracking Handala, a hacktivist branded group expressing pro-Palestine views:

Affected users can try to claim up to $10,000 if the breach at 23andMe led to financial fraud or paying up for security or mental health services.

Kawasaki Motors Europe has announced that it's recovering from a cyberattack that caused service disruptions as the RansomHub ransomware gang threatens to leak stolen data.

Transport for London's ongoing cyber incident has taken a dark turn as the organization confirmed that some data, including bank details, might have been accessed, and 30,000 employees' passwords will need to be reset via in-person appointments.

International cyber security giant Fortinet has disclosed that it has suffered a data breach.

Attackers roamed the systems of Avis Car Rental, a major car rental service provider, for several days, accessing data of nearly 300,000 individuals.

Malicious actors breached Avis systems on August 3rd and roamed inside the system for three days until the company secured its networks.

The company’s data breach notification letter, submitted to the Maine Attorney General’s Office, states that Avis discovered the breach on August 5th, indicating it took at least one day to kick the malicious actors out.

Toyota confirmed that its network was breached after a threat actor leaked an archive of 240GB of data stolen from the company's systems on a hacking forum.

I decided to write this post because there's no concise way to explain the nuances of what's being described as one of the largest data breaches ever. Usually, it's easy to articulate a data breach; a service people provide their information to had someone snag it through an act of unauthorised access and publish a discrete corpus of information that can be attributed back to that source. But in the case of National Public Data, we're talking about a data aggregator most people had never heard of where a "threat actor" has published various partial sets of data with no clear way to attribute it back to the source. And they're already the subject of a class action, to add yet another variable into the mix. I've been collating information related to this incident over the last couple of months, so let me talk about what's known about the incident, what data is circulating and what remains a bit of a mystery.

Almost 2.7 billion records of personal information for people in the United States were leaked on a hacking forum, exposing names, social security numbers, all known physical addresses, and possible aliases.

Businesses that fall victim to a data breach can expect a financial hit of nearly $5 million on average — a 10% increase compared to last year — according to IBM’s annual report on cybersecurity incidents.

A Disney employee downloaded what they thought was a safe add-on for video game BeamNG.drive, but it was anything but.

The private member information of the BreachForums v1 hacking forum from 2022 has been leaked online, allowing threat actors and researchers to gain insight into its users.

The Minnesota-based spyware maker Spytech snooped on thousands of devices before it was hacked earlier this year.

Trello Data Breach: Trello, a project management tool developed by Atlassian, has experienced a data breach, exposing sensitive user information

Company says it is unable to identify specific individuals affected by one of the largest breaches in Australian history

FIA (Fédération Internationale de l'Automobile), the auto racing governing body since the 1950s, says attackers gained access to personal data after compromising several FIA email accounts in a phishing attack.

Fintech-friendly Evolve Bank disclosed a data breach, saying it may have impacted customers and partners.

Personal information, including partial payment details, may have been obtained by bad actors during an automated credential-stuffing attack on Levi’s online store.

The maker of the famous Levi’s denim jeans reported that over 72,000 accounts were affected during a “security incident” that was detected on July 13th.

Notorious threat actor IntelBroker is claiming to have © data from Apple and AMD