| Freedom Mobile
December 3, 2025
At Freedom Mobile, we take the protection of personal information very seriously. We want to inform you about a recent privacy incident that requires your attention.
On October 23, we detected unauthorized activity on our customer account management platform. Our investigation revealed that a third party used the account of a subcontractor to gain access to the personal information of a limited number of our customers. We quickly identified the incident and implemented corrective measures and security enhancements, including blocking the suspicious accounts and corresponding IP addresses.
While our teams continue to closely monitor the situation to prevent any further unauthorized access, we wanted to inform you of the incident so that you can take precautionary measures.
What personal information was accessed?
First and last name
Home address
Date of birth
Phone number (home and/or cell)
Freedom Mobile account number
Rest assured that this incident did not affect your payment information or passwords.
Although we have no reason to believe that this information was misused, we encourage you to follow best practices to protect your data:
Protect your personal information: Be cautious of any unexpected messages asking for personal information or directing you to a website to enter it. Freedom Mobile will never ask you for personal information such as credit card numbers, banking information, passwords, or PIN codes by email or SMS.
Stay alert with messages: Avoid clicking on links or downloading attachments from emails or texts that seem suspicious.
Monitor your accounts: Regularly check your accounts for unusual or suspicious activity.
To learn more about different types of fraud and how to protect yourself, visit the Canadian Anti-Fraud Centre website at https://antifraudcentre-centreantifraude.ca.
We’re sorry this happened and understand it may cause concern. If you have any questions, please contact us at privacyofficer@freedommobile.ca
Thank you for your attention.
chosun.com
Coupang Executives Sell Shares After Data Breach Coupang executives sold shares post-breach; President Lee Jae-myung seeks responsibility Amid growing
Amid growing calls for accountability against Kim Bom-suk, 47, chairman of Coupang Inc., over the data breach affecting 33.7 million individuals, it has been confirmed that key Coupang executives sold billions of won worth of company stock. The timing of these sales—immediately after the incident—is expected to spark significant controversy.
According to a U.S. Securities and Exchange Commission (SEC) filing on the 2nd (local time), Gaurav Anand, Coupang’s chief financial officer (CFO), reported selling 75,350 Coupang Inc. shares at approximately $29 per share on the 10th of last month. The sale amounted to around $2.186 million (approximately 3.2 billion Korean won). Additionally, former Vice President Pranam Kolari sold 27,388 Coupang shares on the 17th of last month, with the transaction valued at $772,000 (approximately 1.13 billion Korean won). Kolari, who oversaw search and recommendation technologies, resigned on the 14th of last month. However, the SEC confirmed he had notified the company of his resignation on October 15th, prior to the incident.
According to a breach incident report submitted to the Korea Internet & Security Agency (KISA) and obtained by the office of Science, ICT, Broadcasting, and Communications Committee Chairman Representative Choi Min-hee, Coupang reported unauthorized access to its account information at 6:38 p.m. on the 6th of last month. This predates the executives’ stock sales. However, the company recorded the time of awareness as 10:52 p.m. on the 18th of last month. While the sales occurred before the company publicly acknowledged the breach, the transactions took place after the incident itself, making controversy inevitable.
Domestically, criticism has emerged holding Chairman Kim ultimately responsible for the incident. President Lee Jae-myung also stated during a Cabinet meeting on the 2nd, “Coupang has caused significant public concern. The cause of the accident must be identified swiftly, and responsibility must be held strictly,” while instructing measures such as strengthening penalties and implementing a punitive damages system.
| TechCrunch
Zack Whittaker
10:55 AM PST · December 3, 2025
Marquis said ransomware hackers stole reams of banking customer data, containing personal information and financial records, as well as Social Security numbers, belonging to hundreds of thousands of people. The number of affected people is expected to rise.
Fintech company Marquis is notifying dozens of U.S. banks and credit unions that they had customer data stolen in a cyberattack earlier this year.
Details of the cyberattack emerged this week after Marquis filed data breach notices with several U.S. states confirming its August 14 incident as a ransomware attack.
Texas-based Marquis is a marketing and compliance provider that allows banks and other financial institutions to collect and visualize all of their customer data in one place. The company counts more than 700 banking and credit union customers on its website. As such, Marquis has access to and stores large amounts of data belonging to consumer banking customers across the United States.
At least 400,000 people are so far confirmed affected by the data breach, according to legally required disclosures filed in the states of Iowa, Maine, Texas, Massachusetts, and New Hampshire that TechCrunch has reviewed.
Texas has the largest number of state residents so far who had data stolen in the breach, affecting at least 354,000 people.
Marquis said in its notice with Maine’s attorney general that banking customers with the Maine State Credit Union accounted for the majority of its data breach notifications, or around one-in-nine people who are known to be affected throughout the state.
The number of individuals affected by the breach is expected to rise as more data breach notifications roll in from other states.
Marquis said the hackers stole customer names, dates of birth, postal addresses, and financial information, such as bank account, debit, and credit card numbers. Marquis said the hackers also stole customers’ Social Security numbers.
According to its most recent notices, Marquis blamed the ransomware attack on hackers who exploited a vulnerability in its SonicWall firewall. The vulnerability was considered a zero-day, meaning the flaw was not known to SonicWall or its customers before it was maliciously exploited by hackers.
Marquis did not attribute the ransomware attack to a particular group, but the Akira ransomware gang was reportedly behind the mass-hacks targeting SonicWall customers at the time.
TechCrunch asked Marquis if it is aware of the total number of people affected by the breach, and if Marquis received any communication from the hackers or if the company paid a ransom, but we did not hear back by the time of publication.
securityweek.com
ByIonut Arghire| November 24, 2025 (7:14 AM ET)
Spanish flag carrier Iberia is notifying customers that their personal information was compromised after one of its suppliers was hacked.
In Spanish-written emails sent on Sunday, a copy of which threat intelligence provider Hackmanac shared on social media, the company said that names, email addresses, and frequent flyer numbers were stolen in the attack.
According to Iberia, no passwords or full credit card data was compromised in the attack, and the incident was addressed immediately after discovery.
The airline said it also improved customer account protections by requiring a verification code to be provided when attempting to change the email address associated with the account.
Iberia said it has notified law enforcement of the incident and that it has been investigating it together with its suppliers.
The company did not say when the data breach occurred and did not name the third-party supplier that was compromised. It is unclear if the incident is linked to recently disclosed hacking campaigns involving Salesforce and Oracle EBS customers.
It should also be noted that Iberia sent out notifications roughly one week after a threat actor boasted on a hacking forum about having stolen roughly 77 gigabytes of data from the airline’s systems.
The hacker claimed to have stolen ISO 27001 and ITAR-classified information, technical aircraft documentation, engine data, and various other internal documents.
Asking $150,000 for the data, the threat actor was marketing it as suitable for corporate espionage, extortion, or resale to governments.
Founded in 1927, Iberia merged with British Airways in 2011, forming International Airlines Group (IAG), which also owns Aer Lingus, BMI, and Vueling. Iberia currently has an all-Airbus fleet, operating on routes to 130 destinations worldwide.
bleepingcomputer.com
By Bill Toulas
November 20, 2025
Data from Italy's national railway operator, the FS Italiane Group, has been exposed after a threat actor breached the organization's IT services provider, Almaviva.
The hacker claims to have stolen 2.3 terabytes of data and leaked it on a dark web forum. According to the threat actor's description, the leak includes confidential documents and sensitive company information.
Almaviva is a large Italian company that operates globally, providing services such as software design and development, system integration, IT consulting, and customer relationship management (CRM) products.
Andrea Draghetti, Head of Cyber Threat Intelligence at D3Lab, says the leaked data is recent, and includes documents from the third quarter of 2025. The expert ruled out the possibility that the files were recycled from a Hive ransomware attack in 2022.
"The threat actor claims the material includes internal shares, multi-company repositories, technical documentation, contracts with public entities, HR archives, accounting data, and even complete datasets from several FS Group companies," Draghetti says.
"The structure of the dump, organized into compressed archives by department/company, is fully consistent with the modus operandi of ransomware groups and data brokers active in 2024–2025," the cybersecurity expert added.
Almaviva is a major IT services provider with over 41,000 employees across almost 80 branches in Italy and abroad, and an annual turnover of $1.4 billion last year.
FS Italiane Group (FS) is a 100% state-owned railway operator and one of the largest industrial companies in the country, with more than $18 billion in annual revenue. It manages railway infrastructure, passenger and freight rail transport, and also bus services and logistics chains.
While BleepingComputer’s press requests to both Almaviva and FS went unanswered, the IT firm eventually confirmed the breach via a statement to local media.
“In recent weeks, the services dedicated to security monitoring identified and subsequently isolated a cyberattack that affected our corporate systems, resulting in the theft of some data,” Almaviva said.
“Almaviva immediately activated security and counter-response procedures through its specialized team for this type of incident, ensuring the protection and full operability of critical services.”
The company also stated that it has informed authorities in the country, including the police, the national cybersecurity agency, and the country’s data protection authority. An investigation into the incident is ongoing with help and guidance from government agencies.
Almaviva promised to transparently provide updates as more information emerges from the investigation.
Currently, it is unclear if passenger information is present in the data leak or if the data breach is impacting other clients beyond FS.
BleepingComputer has contacted Almaviva with additional questions, but we have not received a response by publication time.
| TechCrunch
Zack Whittaker
5:09 AM PST · November 17, 2025
The defacement of Protei's website said "another DPI/SORM provider bites the dust," apparently referring to the company selling its web intercept and surveillance products to phone and internet providers.
A Russian telecom company that develops technology to allow phone and internet companies to conduct web surveillance and censorship was hacked, had its website defaced, and had data stolen from its servers, TechCrunch has learned.
Founded in Russia, Protei makes telecommunications systems for phone and internet providers across dozens of countries, including Bahrain, Italy, Kazakhstan, Mexico, Pakistan and much of central Africa. The company, now headquartered in Jordan, sells video conferencing technology and internet connectivity solutions, as well as surveillance equipment and web-filtering products, such as deep packet inspection systems.
It’s not clear exactly when or how Protei was hacked, but a copy of the company’s website saved on the Internet Archive’s Wayback Machine shows it was defaced on November 8. The website was restored soon after.
During the breach, the hacker obtained the contents of Protei’s web server — around 182 gigabytes of files — including emails dating back years.
A copy of Protei’s data was provided to DDoSecrets, a nonprofit transparency collective that indexes leaked datasets in the public interest, including data from law enforcement, government agencies, and companies involved in the surveillance industry.
Mohammad Jalal, the managing director of Protei’s branch in Jordan, did not respond to a request for comment about the breach.
The identity of the hacker is not known, nor their motivations, but the defaced website read: “another DPI/SORM provider bites the dust.” The message likely references the company’s sales of deep packet inspection systems and other internet filtering technology for the Russian-developed lawful intercept system known as SORM.
SORM is the main lawful intercept system used across Russia as well as several other countries that use Russian technology. Phone and internet providers install SORM equipment on their networks, which allows their country’s governments to obtain the contents of calls, text messages, and web browsing data of the networks’ customers.
Deep-packet inspection devices allow telecom companies to identify and filter web traffic depending on its source, such as a social media website or a specific messaging app, and selectively block access. These systems are used for surveillance and censorship in regions where freedom of speech and expression are limited.
The Citizen Lab reported in 2023 that Iranian telecoms giant Ariantel had consulted with Protei about technology for logging internet traffic and blocking access to certain websites. Documents seen and published by The Citizen Lab show that Protei touted its technology’s ability to restrict or block access to websites for specific people or entire swathes of the population.
www.politico.com
Katherine Tully-McManus
11/10/2025, 2:01pm ET
Library of Congress employees were informed to take caution when emailing the office of the congressional scorekeeper.
A cybersecurity breach discovered last week affecting the Congressional Budget Office is now considered “ongoing,” threatening both incoming and outgoing correspondence around Congress’ nonpartisan scorekeeper.
Employees at the Library of Congress were warned in a Monday email, obtained by POLITICO, that the CBO cybersecurity incident is “affecting its email communications” and that library staff should take a range of measures to protect themselves.
Library of Congress workers also were told to restrict their communication with the nonpartisan agency tasked with providing economic and budgetary information to lawmakers.
“Do NOT click on any links in emails from CBO. Do NOT share sensitive information with CBO colleagues over email, Microsoft Teams, or Zoom at this time,” the email reads.
“Maintain a high level of vigilance and verify the legitimacy of CBO communications by confirming with the sender via telephone that they sent the message,” the note continues.
Congressional staff are in regular communication with CBO regarding scores of legislation and cost estimates the agency prepares for bills in both the House and Senate.
There was no immediate information Monday about the broader implications that a legislative branch office was continuing to experience cybersecurity vulnerabilities.
A CBO spokesperson said last week that officials had taken “immediate action to contain” the breach as officials investigate the incident.
When asked for comment Monday about ongoing issues, the CBO spokesperson referred to the prior statement.
forbes.com
By Lars Daniel
Nov 10, 2025
Hyundai is alerting millions of customers about a data breach that exposed Social Security numbers and driver's licenses.
Hyundai is alerting millions of customers about a data breach that exposed Social Security numbers and driver's licenses. The breach, which occurred in February but is only now being disclosed, represents the automotive giant's third major security incident in as many years.
How the Breach Happened
Think of Hyundai AutoEver America, or HAEA, as the digital nervous system for Hyundai, Kia and Genesis operations in North America. This California-based company manages everything from the software that enables remote car features to the computer systems dealerships use to process your purchase.
Between February 22 and March 2 of this year, hackers broke into these systems and roamed freely for nine days before being detected. That’s like a burglar having unsupervised access to a bank vault for over a week. Plenty of time to identify and steal important data.
The company discovered the intrusion on March 1st and says it immediately kicked the attackers out and brought in cybersecurity forensics teams. But the investigation took months, and notification letters are now being sent out to those confirmed to be affected: more than seven months after the attack ended.
What Information Was Stolen
The exposed data includes:
Hyundai AutoEver hasn’t said exactly how many people were affected, but regulatory filings show the breach reached multiple states. The upper limit is potentially massive: HAEA’s systems connect to 2.7 million vehicles across North America.
To put that in perspective, that’s roughly the entire population of Chicago potentially at risk. However, only individuals confirmed to be affected will receive notification letters.
This Keeps Happening to Hyundai
This isn’t Hyundai's first rodeo with hackers.
In early 2024, the Black Basta ransomware gang hit Hyundai Motor Europe, claiming to steal 3 terabytes of data, equivalent to about 750,000 digital photos or five hundred hours of high-definition video. That attack exposed everything from HR records to legal documents across multiple departments.
Before that, in 2023, breaches at Hyundai's Italian and French operations leaked customer email addresses, home addresses, and vehicle identification numbers.
Security researchers have also found serious vulnerabilities in Hyundai and Kia’s smartphone apps that could let hackers remotely control vehicles.
The Modern Car Is a Computer on Wheels
Here's what makes automotive breaches particularly concerning: Your car isn't just transportation anymore. It's a rolling data center.
Modern vehicles collect and transmit information constantly:
Where you drive and when
Your home and work addresses
How fast you accelerate and brake
When you service your vehicle
Your purchase and financing details
When hackers breach the IT provider managing this digital ecosystem, they don’t just get your Social Security number. They potentially access a comprehensive profile of your life and habits. It’s like the difference between someone stealing your wallet versus breaking into your phone. The phone contains exponentially more information about you.
What You Should Do Right Now
If you own or lease a Hyundai, Kia, or Genesis vehicle:
Immediate Actions:
Check your credit reports for unauthorized accounts or inquiries. You can get free reports at AnnualCreditReport.com
Monitor bank and credit card statements weekly for suspicious charges
Enable transaction alerts on your financial accounts
If You Receive a Notification Letter:
Enroll in the free credit monitoring within 90 days using the unique code provided
The service runs for two years and monitors all three credit bureaus
Call the dedicated hotline at 855-720-3727 with questions
For Everyone, Breached or Not:
Consider a credit freeze with Equifax, Experian and TransUnion. This prevents identity thieves from opening new accounts in your name
Enable fraud alerts which require creditors to verify your identity before issuing credit
Watch for phishing scams exploiting breach news. Hyundai will never ask for your Social Security number or payment information via email
The Uncomfortable Truth About Data Breaches
Data breaches have become depressingly routine. In 2024 alone, major incidents hit healthcare providers, retailers, financial institutions, and now automotive companies joining the list with alarming frequency.
But there's something particularly unsettling about automotive breaches. You chose your bank and can switch it. You chose your doctor and can change providers. But if you bought a Hyundai three years ago, you're stuck with their security practices until you sell the vehicle. Your data sits in their systems whether you like it or not.
And unlike a credit card breach where the bank typically covers fraudulent charges, identity theft involving Social Security numbers can create problems that take years to resolve. Victims may discover the theft only when they're denied a loan, receive bills for services they never used, or have their tax returns rejected because someone else already filed using their information.
What Hyundai Is Saying
In its breach notification, Hyundai AutoEver stated: "We regret that this incident occurred and take the security of personal information seriously."
The company says it’s investing in "additional security enhancements designed to mitigate future risk." But given this is the third major breach in three years across Hyundai Motor Group entities, many cybersecurity experts argue the company needs more than enhancements: it needs a fundamental security overhaul.
The automotive industry finds itself caught between competing pressures. Customers want connected features: remote start from their phone, navigation that predicts traffic, software updates that add new capabilities. These features require extensive data collection and cloud connectivity.
But every connection creates a potential vulnerability. Every database becomes a target. And when IT providers centralize services for millions of vehicles, they become high-value targets offering hackers a massive potential payoff from a single breach.
The challenge for automakers isn’t just fixing the specific vulnerabilities that enabled this breach. It’s fundamentally rethinking how they secure the growing mountain of customer data their business models now require.
techdigest.tv
10 November 2025
Chris Price
A catastrophic data breach at Chinese cybersecurity firm Knownsec has exposed a state-backed cyber arsenal and global surveillance targets.
A prominent Chinese cybersecurity firm with ties to the government, Knownsec, has suffered a catastrophic data breach, exposing over 12,000 classified documents detailing the inner workings of China’s state-sponsored cyber espionage program.
The leak of over 12,000 classified documents provides an unprecedented window into the operational infrastructure supporting China’s intelligence-gathering efforts, triggering significant international concern.
The leaked materials initially appeared on GitHub before being removed for terms-of-service violations. They reveal a vast technical arsenal, including sophisticated Remote Access Trojans (RATs) engineered to compromise every major operating system, specifically Linux, Windows, macOS, iOS, and Android.
The documents detail the use of highly specialized surveillance tools. These include Android attack code capable of extracting extensive message histories from popular chat applications, enabling targeted spying on specific individuals.
Even more concerning is the detail on hardware-based attack vectors. The firm allegedly developed a maliciously engineered power bank that can covertly exfiltrate data when connected to a victim’s computer, representing a sophisticated, hands-on supply-chain attack. This highlights the willingness of state-sponsored programs to invest in complex infrastructure to circumvent traditional security controls.
The archives also contain detailed spreadsheets documenting alleged breaches against more than 80 overseas targets. The scale of the data theft is massive, listing 95GB of immigration records from India, 3TB of call records from South Korea’s LG U Plus, and 459GB of road planning data from Taiwan.
The target list explicitly names over twenty countries and regions, including the United Kingdom, Japan, and Nigeria.
Knownsec, founded in 2007 and backed by Tencent, holds a trusted position within China’s security apparatus, providing services to government departments and major financial institutions. This prominence amplifies the significance of the leak.
In response to the disclosure, a Chinese Foreign Ministry spokesperson was evasive, stating unfamiliarity with any Knownsec breach while asserting that China “firmly opposes and combats all forms of cyberattacks.”
Analysts note this measured response avoided denying government support for such operations, underscoring Beijing’s positioning of cyber activities as national security instruments. Cybersecurity specialists worldwide are now studying the exposed data to improve global defense strategies.
Sky News Australia
Max Melzer
An Iranian-backed hacking group has posted plans for Australia's new $7 billion infantry fighting vehicles online following a spate of attacks on Israeli arms companies.
Plans for Australia's new $7 billion Redback infantry fighting vehicles have been stolen and posted online by Iran-backed hackers following a spate of attacks on Israeli arms companies.
Cyber Toufan, a hacking group believed to have ties to the Iranian state, posted classified 3D renderings and technical details of the next generation fighting vehicles on Telegram.
The group claimed to have stolen confidential data from 17 Israeli defence companies in a major cyberattack carried out after it gained access to supply chain firm MAYA Technologies over a year ago.
Israel’s Elbit Systems, which was contracted to provide hi-tech weapons turrets for the Redbacks, was among the companies targetted.
Skynews.com.au has contacted Elbit Systems for comment.
In addition to the exposure of sensitive details about the fighting vehicles' technical specifications, the documents posted by Cyber Toufan also revealed the Australian Defence Force had apparently been weighing whether to purchase Spike NLOS anti-tank missiles from the Israeli company.
It is not fully clear how much data was stolen in the hack or whether the details published online could be used to develop countermeasures to the Redback's defensive and offensive capabilities.
The Australian Army is set to receive 127 of the fighting vehicles under a roughly $7 billion contract with South Korean firm Hanwha Defence.
Elbit Systems' turrets will be affixed to the Redback's under a separate contract worth around $920 million.
The Israeli firm's involvement with the project had drawn criticism due to Israel's war in Gaza, although Defence Industry Minister Pat Conroy has repeatedly defended the company's involvement.
"We make no apology for getting the best possible equipment for the Australian Defence Force," he told the Indo-Pacific Maritime Exposition last week.
Cyber Toufan's attacks underscore the growing threat of hacking groups targetting sensitive military data.
The Australian Signals Directorate warned in its 2025 Cyber Threat Report that government and defence-related information was "an attractive target for state-sponsored cyber actors".
AUKUS remains the principle target for hostile actors, although Australian Security Intelligence Organisation Director-General Mike Burgess revealed even "countries we consider friendly" were attempting to gather intelligence about the nuclear submarine program.
"ASIO has identified foreign services seeking to target AUKUS to position themselves to collect on the capabilities, how Australia intends to use them, and to undermine the confidence of our allies," he warned in his annual threat assessment earlier this year.
Several Australian defence projects have already faced hacks in recent years, including in 2017 when a defence contractor was breached and data on the nation's F-35 program and the Collins-class submarine program was exposed.
Shipbuilder Austal was also successfully targetted by hackers in 2018.
| OAIC oaic.gov.au
Published: 09 October 2025
The Federal Court ordered that Australian Clinical Labs (ACL) pay $5.8 million in civil penalties in relation to a data breach by its Medlab Pathology business in February 2022.
The Federal Court yesterday ordered that Australian Clinical Labs (ACL) pay $5.8 million in civil penalties in relation to a data breach by its Medlab Pathology business in February 2022. The breach resulted in the unauthorised access and exfiltration of the personal information of over 223,000 individuals.
These are the first civil penalties ordered under the Privacy Act 1988 (Cth).
Australian Information Commissioner Elizabeth Tydd welcomed the Court's orders, stating that they “provide an important reminder to all APP entities that they must remain vigilant in securing and responsibly managing the personal information they hold.
“These orders also represent a notable deterrent and signal to organisations to ensure they undertake reasonable and expeditious investigations of potential data breaches and report them to the Office of the Australian Information Commissioner appropriately.
“Entities holding sensitive data need to be responsive to the heightened requirements for securing this information as future action will be subject to higher penalty provisions now available under the Privacy Act".
The Federal Court has made orders imposing the following penalties:
a penalty of $4.2 million for ACL's failure to take reasonable steps to protect the personal information held by ACL on Medlab Pathology’s IT systems under Australian Privacy Principle 11.1, which amounted to more than to 223,000 contraventions of s 13G(a) of the Privacy Act;
a penalty of $800,000 for ACL’s failure to carry out a reasonable and expeditious assessment of whether an eligible data breach had occurred following the cyberattack on the Medlab Pathology IT systems in February 2022, in contravention of s 26WH(2) of the Privacy Act; and
a penalty of $800,000 for ACL’s failures to prepare and give to the Australian Information Commissioner, as soon as practicable, a statement concerning the eligible data breach, in contravention of s 26WK(2) of the Privacy Act.
Justice Halley said in his judgment that the contraventions were “extensive and significant.” His Honour also found that:
‘ACL’s most senior management were involved in the decision making around the integration of Medlab’s IT Systems into ACL’s core environment and ACL’s response to the Medlab Cyberattack, including whether it amounted to an eligible data breach.’
‘ACL’s contraventions … resulted from its failure to act with sufficient care and diligence in managing the risk of a cyberattack on the Medlab IT Systems’
‘ACL’s contravening conduct … had at least the potential to cause significant harm to individuals whose information had been exfiltrated, including financial harm, distress or psychological harms, and material inconvenience.’
‘the contraventions had the potential to have a broader impact on public trust in entities holding private and sensitive information of individuals.’
His Honour identified several factors that reduced the penalty that was imposed. These included that that ‘ACL ... cooperated with the investigation undertaken by the office of the Commissioner', and that it had commenced ‘a program of works to uplift the company’s cybersecurity capabilities’ which ‘satisfied [his Honour] that these actions demonstrate that ACL has sought, and continues to seek, to take meaningful steps to develop a satisfactory culture of compliance.’ His Honour also took into account the apologies made by ACL and the fact that it had admitted liability.
ACL admitted the contraventions, consented to orders being made and the parties made joint submissions on liability and penalty.
The penalties were imposed under the penalty regime which was in force at the time of the contraventions, with a maximum penalty of $2.22 million per contravention. The new penalty regime that came into force on 13 December 2022 allows the Court to impose much higher penalties for serious interferences with privacy. Under the new regime, maximum penalties per contravention can be as much as $50 million, three times the benefit derived from the conduct or up to the 30% of a business’s annual turnover per contravention.
Privacy Commissioner Carly Kind said, “This outcome represents an important turning point in the enforcement of privacy law in Australia. For the first time, a regulated entity has been subject to civil penalties under the Privacy Act, in line with the expectations of the public and the powers given to the OAIC by parliament. This should serve as a vivid reminder to entities, particularly providers operating within Australia’s healthcare system, that there will be consequences of serious failures to protect the privacy of those individuals whose healthcare and information they hold.”
techcrunch.com
Jagmeet Singh
6:30 PM PDT · October 28, 2025
A security researcher found the Indian automotive giant exposing personal information of its customers, internal company reports, and dealers’ data. Tata confirmed it fixed the issues.
Indian automotive giant Tata Motors has fixed a series of security flaws that exposed sensitive internal data, including personal information of customers, company reports, and data related to its dealers.
Security researcher Eaton Zveare told TechCrunch that he discovered the flaws in Tata Motors’ E-Dukaan unit, an e-commerce portal for buying spare parts for Tata-made commercial vehicles. Headquartered in Mumbai, Tata Motors produces passenger cars, as well as commercial and defense vehicles. The company has a presence in 125 countries worldwide and seven assembly facilities, per its website.
Zveare said he found that the portal’s web source code included the private keys to access and modify data within Tata Motors’ account on Amazon Web Services, the researcher said in a blog post.
The exposed data, Zveare told TechCrunch, included hundreds of thousands of invoices containing customer information, such as their names, mailing addresses, and permanent account number (PAN), a 10-character unique identifier issued by the Indian government.
“Out of respect for not causing some type of alarm bell or massive egress bill at Tata Motors, there were no attempts to exfiltrate large amounts of data or download excessively large files,” the researcher told TechCrunch.
There were also MySQL database backups and Apache Parquet files that included various bits of private customer information and communication, the researcher noted.
The AWS keys also enabled access to over 70 terabytes of data related to Tata Motors’ FleetEdge fleet-tracking software. Zveare also found backdoor admin access to a Tableau account, which included data of over 8,000 users.
“As server admin, you had access to all of it. This primarily includes things like internal financial reports, performance reports, dealer scorecards, and various dashboards,” the researcher said.
The exposed data also included API access to Tata Motors’ fleet management platform, Azuga, which powers the company’s test drive website.
Shortly after discovering the issues, Zveare reported them to Tata Motors through the Indian computer emergency response team, known as CERT-In, in August 2023. Later in October 2023, Tata Motors told Zveare that it was working on fixing the AWS issues after securing the initial loopholes. However, the company did not say when the issues were fixed.
Tata Motors confirmed to TechCrunch that all the reported flaws were fixed in 2023 but would not say if it notified affected customers that their information was exposed.
“We can confirm that the reported flaws and vulnerabilities were thoroughly reviewed following their identification in 2023 and were promptly and fully addressed,” said Tata Motors communications head Sudeep Bhalla, when contacted by TechCrunch.
“Our infrastructure is regularly audited by leading cybersecurity firms, and we maintain comprehensive access logs to monitor for unauthorized activity. We also actively collaborate with industry experts and security researchers to strengthen our security posture and ensure timely mitigation of potential risks,” said Bhalla.
securityweek.com
ByIonut Arghire| October 30, 2025 (9:01 AM ET)
Updated: October 31, 2025 (2:36 AM ET)
The hackers stole names, addresses, dates of birth, Social Security numbers, and health and insurance information.
Business services provider Conduent is notifying more than 10 million people that their personal information was stolen in a January 2025 data breach.
The incident was disclosed publicly in late January, when Conduent confirmed system disruptions that affected government agencies in multiple US states.
In April, the company notified the Securities and Exchange Commission (SEC) that the attackers had stolen personal information from its systems.
Last week, Conduent started notifying users that their personal information was stolen in the incident, and submitted notices to Attorney General’s Offices in multiple states.
The hackers accessed Conduent’s network on October 21, 2024 and were evicted on January 13, 2025, after the attack was identified, the company says in the notification letter to the affected individuals.
During the time frame, the attackers exfiltrated various files from the network, including files containing personal information such as names, addresses, dates of birth, Social Security numbers, health insurance details, and medical information.
Conduent is not providing the affected people with free identity theft protection services, but encourages them to obtain free credit reports, place fraud alerts on their credit files, and place security freezes on their credit reports.
“Upon discovery of the incident, we safely restored our systems and operations and notified law enforcement. We are also notifying you in case you decide to take further steps to protect your information should you feel it appropriate to do so,” the notification letter reads.
Based on the data breach notice submitted with the authorities in Oregon, it appears that 10,515,849 individuals were impacted, with the largest number in Texas (4 million).
Conduent serves over 600 government and transportation organizations, and roughly half of Fortune 100 companies, across financial, pharmaceutical, and automobile sectors. The company supports roughly 100 million US residents across 46 states.
While the company has not shared details on the threat actor behind the attack, the Safepay ransomware group claimed the incident in February.
SecurityWeek has emailed Conduent for additional information and will update this article if the company responds.
*Updated with the number of impacted individuals from the Oregon Department of Justice.
reuters.com By A.J. Vicens
October 29, 202511:10 PM GMT+1Updated October 29, 2025
Hackers accessed Ribbon's network in December 2024
Three customers impacted, according to ongoing investigation
Ribbon's breach part of broader trend targeting telecom firms
Oct 29 (Reuters) - Hackers working for an unnamed nation-state breached networks at Ribbon Communications (RBBN.O), opens new tab, a key U.S. telecommunications services company, and remained within the firm’s systems for nearly a year without being detected, a company spokesperson confirmed in a statement on Wednesday.
Ribbon Communications, a Texas-based company that provides technology to facilitate voice and data communications between separate tech platforms and environments, said in its October 23 10-Q filing, opens new tab with the Securities and Exchange Commission that the company learned early last month that people “reportedly associated with a nation-state actor” gained access to the company’s IT network, with initial access dating to early December 2024.
The hack has not been previously reported. It is perhaps the latest example of technology companies that play a critical role in the global telecommunications ecosystem being targeted as part of nation-state hacking campaigns.
Ribbon did not identify the nation-state actor, or disclose which of its customers were affected by the breach, but told Reuters in the statement that its investigation has so far revealed three “smaller customers” impacted.
“While we do not have evidence at this time that would indicate the threat actor gained access to any material information, we continue to work with our third-party experts to confirm this,” a Ribbon spokesperson said in an email. “We have also taken steps to further harden our network to prevent any future incidents.”
| The Record from Recorded Future News
Daryna Antoniuk
October 27th, 2025
The utility responsible for operating Sweden's power grid is investigating a data breach after a ransomware group threatened to leak hundreds of gigabytes of purportedly stolen internal data.
Sweden’s power grid operator is investigating a data breach after a ransomware group threatened to leak hundreds of gigabytes of purportedly stolen internal data.
State-owned Svenska kraftnät, which operates the country’s electricity transmission system, said the incident affected a “limited external file transfer solution” and did not disrupt Sweden’s power supply.
“We take this breach very seriously and have taken immediate action,” said Chief Information Security Officer Cem Göcgören in a statement. “We understand that this may cause concern, but the electricity supply has not been affected.”
The ransomware gang Everest claimed responsibility for the attack on its leak site over the weekend, alleging it had exfiltrated about 280 gigabytes of data and saying it would publish it unless the agency complied with its demands.
The same group has previously claimed attacks on Dublin Airport, Air Arabia, and U.S. aerospace supplier Collins Aerospace — incidents that disrupted flight operations across several European cities in September. The group’s claims could not be independently verified.
Svenska kraftnät said it is working closely with the police and national cybersecurity authorities to determine the extent of the breach and what data may have been exposed. The utility has not attributed the attack to any specific threat actor.
“Our current assessment is that mission-critical systems have not been affected,” Göcgören said. “At this time, we are not commenting on perpetrators or motives until we have confirmed information.”
Korea JoongAng daily
Friday
October 17, 2025
The Korean government officially acknowledged Friday that hackers had accessed the Onnara system — a government work management platform — and administrative digital signature certificates called the government public key infrastructure (GPKI), which are essential for civil servant authentication.
Authorities said they are investigating how the breach occurred and assessing the extent of the damage, while also implementing new security measures.
During a press briefing at the government complex in Sejong, the Ministry of the Interior and Safety confirmed that “in mid-July, the National Intelligence Service (NIS) discovered signs that an external party accessed the Onnara system via the Government Virtual Private Network (G-VPN).”
Two months to acknowledge hacking
The statement came two months after a report by Phrack Magazine, a U.S.-based cybersecurity publication, claimed that the Ministry of the Interior and Safety, Ministry of Foreign Affairs, Ministry of Unification, Ministry of Oceans and Fisheries, telecom companies KT and LG U+ and private tech firms including Daum, Kakao and Naver, had all been targeted by hackers.
Until now, the Korean government had remained silent, but on Friday, it acknowledged the report’s claims were accurate.
The NIS is currently working with relevant agencies to determine how the breach occurred and to evaluate the scope of any data leaks. While the Ministry of the Interior and Safety said there has been no confirmed leak of government documents so far, it did not rule out the possibility of such leaks being uncovered during the investigation.
In response to the breach, the government has taken steps to strengthen its cybersecurity protocols.
“Since Aug. 4, remote access to the G-VPN has required not only digital signature authentication but also phone-based verification,” said Lee Yong-seok, head of the digital government innovation office at the Interior Ministry. “Additionally, we completed measures to prevent the reuse of login credentials for the Onnara system, which were applied to all central and local government agencies on July 28.”
Regarding GPKI, the government reviewed the validity of all certificates with information provided by the NIS. Most of the compromised certificates had already expired, and those that were still valid were revoked as of Aug. 13, according to the ministry.
NIS still investigating breach origin
The government also shared the preliminary results of its investigation into the cause of the breach, attributing it to user negligence that led to certificate information being leaked externally.
“All central and local government agencies have been instructed to stop sharing certificates and to strengthen management protocols,” the Interior Ministry said.
Although the North Korean hacking group Kimsuky was initially suspected to be behind the attack, the NIS said there was insufficient evidence to definitively identify the perpetrator. Kimsuky is known for targeting diplomatic, security and defense sectors to gather intelligence for the North Korean regime.
To counter security threats related to certificate theft or duplication, the government announced plans to replace GPKI-based authentication with biometric multi-factor methods, such as mobile government IDs for public officials.
The government also intends to expand the use of secure authentication technologies — including biometric-based digital IDs — across public services for the general population.
“If the NIS identifies any additional issues, we will immediately address and respond to them,” Lee said. “We will do everything we can to prevent a similar incident from happening again.”
Discord says that approximately 70,000 users may have had their government ID photos exposed as part of a data breach of a third-party service.
Discord has identified approximately 70,000 users that may have had their government ID photos exposed as part of a customer service data breach announced last week, spokesperson Nu Wexler tells The Verge. A tweet by vx-underground said that the company was being extorted over a breach of its Zendesk instance by a group claiming to have “1.5TB of age verification related photos. 2,185,151 photos.”
When we asked about the tweet, Wexler shared this statement:
Following last week’s announcement about a security incident involving a third-party customer service provider, we want to address inaccurate claims by those responsible that are circulating online. First, as stated in our blog post, this was not a breach of Discord, but rather a third-party service we use to support our customer service efforts. Second, the numbers being shared are incorrect and part of an attempt to extort a payment from Discord. Of the accounts impacted globally, we have identified approximately 70,000 users that may have had government-ID photos exposed, which our vendor used to review age-related appeals. Third, we will not reward those responsible for their illegal actions.
All affected users globally have been contacted and we continue to work closely with law enforcement, data protection authorities, and external security experts. We’ve secured the affected systems and ended work with the compromised vendor. We take our responsibility to protect your personal data seriously and understand the concern this may cause.
In its announcement last week, Discord said that information like names, usernames, emails, the last four digits of credit cards, and IP addresses also may have been impacted by the breach.
status.salesforce.com ID# 20000224
Publié 5:58 pm CEST, Oct 02 2025 · Last updated 5:58 pm CEST, Oct 02 2025
Security Advisory: Ongoing Response to Social Engineering Threats
We are aware of recent extortion attempts by threat actors, which we have investigated in partnership with external experts and authorities. Our findings indicate these attempts relate to past or unsubstantiated incidents, and we remain engaged with affected customers to provide support. At this time, there is no indication that the Salesforce platform has been compromised, nor is this activity related to any known vulnerability in our technology.
We understand how concerning these situations can be. Protecting customer environments and data remains our top priority, and our security teams are fully engaged to provide guidance and support. As we continue to monitor the situation, we encourage customers to remain vigilant against phishing and social engineering attempts, which remain common tactics for threat actors.
For detailed guidance, please review our blog post on protecting against social engineering (https://www.salesforce.com/blog/protect-against-social-engineering) and reach out through the Salesforce Help portal if you need support.
Publié 5:58 pm CEST, Oct 02 2025 · Last updated 5:58 pm CEST, Oct 02 2025
theins.ru
The Insider
2 October 2025 23:03
The hacker collective Black Mirror has released the first portion of an archive of documents from the Russian state defense corporation Rostec. The tranche contains more than 300 items. The materials detail Russia’s military and technical cooperation with foreign clients, pricing for military items, and logistics schemes aimed at evading sanctions. The published documents also include internal correspondence, presentations on overseas helicopter service centers, and agreements with international partners.
The files show that Russian companies have faced difficulties receiving payments for contracts with Algeria, Egypt, China, and India. Russian banks have been unable to issue guarantees or conduct transactions through the SWIFT system, forcing them to search for alternative settlement schemes in yuan, rubles, and euros.
The archive also contains information about an international network of service centers for Russian helicopter equipment. The documents describe existing and planned maintenance facilities in the UAE, Afghanistan, Vietnam, Bulgaria, Kazakhstan, and other countries. Particular attention is paid to the creation of an international regional logistics hub in Dubai, near Al Maktoum Airport, designed as a central node for supplying spare parts and components.
Among the materials is a letter from the Rostec holding company Concern Radio-Electronic Technologies (CRET) on pricing for military products in export contracts. The document proposes a simplified formula for setting wholesale prices, profit margins, transport expenses, and currency risks. It also discusses possible legal changes to allow more flexible use of revenues from military-technical cooperation.
The hackers said this is only the first portion of the Rostec archive, which they are releasing in what they called “fuck off exposure” mode. Black Mirror claims the documents include a list of “reliable trading partners” in several countries. These are said to have been approved by Russia’s Defense Ministry, the FSB, and the Foreign Intelligence Service (SVR) with the aim of reducing the risk of aviation and technical equipment being redirected to Ukraine through third countries.
In August, Telegram blocked Black Mirror’s channel. Attempts to access it displayed a notice that cited doxxing, defamation, and extortion as the reasons behind the ban. The Insider is not aware of the channel extorting money from anyone.
The newly formed cybercrime alliance, “Scattered LAPSUS$ Hunters,” has launched a new website detailing its claims of a massive data breach affecting Salesforce and its extensive customer base. This development is the latest move by the group, a notorious collaboration between members of the established threat actor crews ShinyHunters, Scattered Spider, and LAPSUS$. On their new site, the group is extorting Salesforce directly, threatening to leak nearly one billion records with a ransom deadline of October 10, 2025.
This situation stems from a widespread and coordinated campaign that targeted Salesforce customers throughout mid-2025. According to security researchers, the attacks did not exploit a vulnerability in Salesforce’s core platform. Instead, the threat actors, particularly those from the Scattered Spider group, employed sophisticated social engineering tactics.
The primary method involved voice phishing (vishing), where attackers impersonated corporate IT or help desk staff in phone calls to employees of target companies. These employees were then manipulated into authorizing malicious third-party applications within their company’s Salesforce environment. This action granted the attackers persistent access tokens (OAuth), allowing them to bypass multi-factor authentication and exfiltrate vast amounts of data. The alliance has now consolidated the data from these numerous breaches for this large-scale extortion attempt against Salesforce itself.
The website lists dozens of high-profile Salesforce customers allegedly compromised in the campaign. The list of alleged victims posted by the group includes:
Toyota Motor Corporations (🇯🇵): A multinational automotive manufacturer.
FedEx (🇺🇸): A global courier delivery services company.
Disney/Hulu (🇺🇸): A multinational mass media and entertainment conglomerate.
Republic Services (🇺🇸): An American waste disposal company.
UPS (🇺🇸): A multinational shipping, receiving, and supply chain management company.
Aeroméxico (🇲🇽): The flag carrier airline of Mexico.
Home Depot (🇺🇸): The largest home improvement retailer in the United States.
Marriott (🇺🇸): A multinational company that operates, franchises, and licenses lodging.
Vietnam Airlines (🇻🇳): The flag carrier of Vietnam.
Walgreens (🇺🇸): An American company that operates the second-largest pharmacy store chain in the United States.
Stellantis (🇳🇱): A multinational automotive manufacturing corporation.
McDonald’s (🇺🇸): A multinational fast food chain.
KFC (🇺🇸): A fast food restaurant chain that specializes in fried chicken.
ASICS (🇯🇵): A Japanese multinational corporation which produces sportswear.
GAP, INC. (🇺🇸): A worldwide clothing and accessories retailer.
HMH (hmhco.com) (🇺🇸): A publisher of textbooks, instructional technology materials, and assessments.
Fujifilm (🇯🇵): A multinational photography and imaging company.
Instructure.com – Canvas (🇺🇸): An educational technology company.
Albertsons (Jewel Osco, etc) (🇺🇸): An American grocery company.
Engie Resources (Plymouth) (🇺🇸): A retail electricity provider.
Kering (🇫🇷): A global luxury group that manages brands like Gucci, Balenciaga, and Brioni.
HBO Max (🇺🇸): A subscription video on-demand service.
Instacart (🇺🇸): A grocery delivery and pick-up service.
Petco (🇺🇸): An American pet retailer.
Puma (🇩🇪): A German multinational corporation that designs and manufactures athletic footwear and apparel.
Cartier (🇫🇷): A French luxury goods conglomerate.
Adidas (🇩🇪): A multinational corporation that designs and manufactures shoes, clothing, and accessories.
TripleA (aaa.com) (🇺🇸): A federation of motor clubs throughout North America.
Qantas Airways (🇦🇺): The flag carrier of Australia.
CarMax (🇺🇸): A used vehicle retailer.
Saks Fifth (🇺🇸): An American luxury department store chain.
1-800Accountant (🇺🇸): A nationwide accounting firm.
Air France & KLM (🇫🇷/🇳🇱): A major European airline partnership.
Google Adsense (🇺🇸): A program run by Google through which website publishers serve advertisements.
Cisco (🇺🇸): A multinational digital communications technology conglomerate.
Pandora.net (🇩🇰): A Danish jewelry manufacturer and retailer.
TransUnion (🇺🇸): An American consumer credit reporting agency.
Chanel (🇫🇷): A French luxury fashion house.
IKEA (🇸🇪): A Swedish-founded multinational group that designs and sells ready-to-assemble furniture.
According to the actor, the breach involves nearly 1 billion records from Salesforce and its clients. The allegedly compromised data includes:
Sensitive Personally Identifiable Information (PII)
Strategic business records that could impact market position
Data from over 100 other demand instances hosted on Salesforce infrastructure
