pcmag.com
Michael Kan
Senior Reporter
UPDATE 1/24: The hacking group World Leaks claims to have stolen 1.4TB of data from Nike, according to a post on the gang's website.
The stolen data covers 188,000 files. But a cursory look suggests that World Leaks looted internal files about Nike's clothing manufacturing business, rather than any customer or employee information. For example, a few of the folders have been titled "Garment making process," "Nike Apparel tools" and "Women's Lifestyle." Another set of folders have been titled with the Chinese language.
The data
(World Leaks)
We've reached out to Nike for comment and we'll update the story if we hear back.
Original story:
Nike is investigating a possible data breach after a hacking group listed the fashion brand as one of its latest victims.
On Thursday, cybersecurity researchers spotted World Leaks posting on the dark web about breaching Nike. It's unclear what they stole; for now, the group’s post shows only a countdown clock, indicating that World Leaks plans to reveal more on Saturday morning.
In response, Nike told PCMag: “We always take consumer privacy and data security very seriously. We are investigating a potential cybersecurity incident and are actively assessing the situation.”
According to cybersecurity firms, World Leaks operates as an extortion group that loots data from companies to force them to pay up, or else it’ll leak the stolen information. The group previously operated as “Hunters International,” and focused on delivering ransomware to encrypt victim computers. But last year, following increased scrutiny from law enforcement, the gang rebranded as World Leaks and pivoted to extortion-only tactics.
“They typically gain initial access through phishing campaigns, compromised credentials, or exploitation of exposed services,” according to cybersecurity vendor Blackpoint Cyber. “Once inside, they perform data discovery and exfiltration, prioritizing confidential corporate or personal information.”
WorldLeaks sites
(Credit: World Leaks)
Still, it’s possible that World Leaks stole inconsequential data from Nike. The group has already listed 114 other victims; it claims to have stolen 1.3TB of data from Dell. But the PC maker says World Leaks merely infiltrated a platform the company uses to demo products to prospective clients. As a result, the hackers were only able to access and steal an outdated contact list.
databreaches.net/
Posted on January 24, 2026 by Dissent
Telehealth provider Call-On-Doc, Inc., dba Call-On-Doc.com, advertises that it has 2 million active patients and treats 150+ medical conditions. It claims to be the most highly rated telehealth service, and it assures patients of “state-of-the-art” data security for their information. But if a post on a hacking forum is accurate, Call-On-Doc recently had a breach that may have affected more than one million patients.
According to a sales listing on a hacking forum, Call-On-Doc was breached in early December, and 1,144,223 patient records were exfiltrated. The types of information reportedly included:
Patient Code, Transaction Number, Patient Name, Patient Address, Patient City, Patient State, Patient Zip, Patient Country, Patient Phone Number, Patient Email Address, Medical Category, Medical Condition, Service / Prescription, Paid Amount
Three screenshots with rows of dozens of patients’ information were included in the listing. An additional .txt file with information on 1,000 patients was also included.
Inspection of the screenshots immediately raised concerns about the sensitive information they revealed. Although some appointments were visits for conditions such as strep infections or other medical conditions, a number of patient records were for the “STD” category (sexually transmitted disease), with the specific type of STD listed in the “Condition” field.
Is Call-On-Doc HIPAA-Regulated?
Call-On-Doc does not accept insurance. It is a self-pay model, and no health insurance information or Social Security Numbers were included in the data. Because it is self-pay, DataBreaches is unsure whether Call-On-Doc is a HIPAA-regulated entity. If it uses electronic transmission for other covered transactions, it might be. But even if it is not a HIPAA-regulated entity, it would still be regulated by state laws and the Federal Trade Commission (FTC).
When HIPAA does not apply, the FTC can investigate and take enforcement action for violations of the FTC Act if there are deceptive or “unfair practices,” such as promising excellent data security for health data or patient information, but failing to deliver it.
A check of Call-On-Doc’s website reveals the following statement in its FAQ:
Q: Is my payment and medical information safe with Call-On-Doc?
A: Absolutely! Call-On-Doc employs state-of-the-art security measures, including our proprietary Electronic Health Record (EHR) system, and is fully HIPAA compliant.
According to the threat actor, they found no evidence of any encryption, and the entity did not detect the attack while it was in progress. HIPAA does not actually mandate encryption, but what “state-of-the-art” security measures did Call-On-Doc use to provide the kind of protection that protected health information (PHI) requires? And have they implemented any changes or additional protections since being alerted to the alleged breach?
Given that patients from many states may be involved, this might be a situation in which multiple state attorneys general collaborate to investigate a breach and an entity’s risk assessment, security, and incident response, including notification obligations.
Notification Obligations and Regulatory Questions
DataBreaches emailed Call-On-Doc’s privacy@ email address on Thursday to ask if it had confirmed any breach. There was no reply.
DataBreaches emailed its support@ email address on Friday. There was no reply.
If these are real data, there are several questions regulators may investigate.
According to the individual who posted the listing and shared additional details with DataBreaches in private communication, the breach occurred in early December. They contacted Call-On-Doc on December 25 to alert them to the breach and to try to negotiate a payment to avoid leaking or selling it. “They contacted me from an unofficial email address. I provided all the evidence and details, but then they stopped responding—basically ignoring me,” the person told DataBreaches.
Regardless of which federal or state agencies may have jurisdiction, if these are real patient data, Call-On-Doc also has a duty to notify patients and regulators promptly. While some regulations or statutes require “without unreasonable delay,” HIPAA has a “no later than 60 calendar days from discovery” deadline, and 19 states have notification deadlines of 30 days. As of publication, DataBreaches cannot find any substitute notice, media notice, website notice, or notification to any state attorneys general or federal regulators.
DataBreaches reminds readers that Call-On-Doc has not confirmed the claims. Even though the patient data appears likely to be real, AI has advanced to the point where threat actors can create datasets that appear legitimate. DataBreaches does not think that is the case here, but can’t rule out that possibility without contacting patients, which this site tries to avoid to spare patients any embarrassment or anxiety. For a small random sample from the 1,000 records file that DataBreaches checked via Google searches, most patients are still at the addresses listed in the 1,000-patient sample. Others could be verified as having lived at the listed addresses in the recent past.
One other detail suggests the data are real: the seller is accepting escrow for the sale, which is usually an indicator that the listing is not a scam.
This post may be updated when Call-On-Doc responds or more information becomes available.
If you were or are a Call-On-Doc patient and have heard from Call-On-Doc about a breach, we’d like to hear from you.
Clothing retailer Under Armour is investigating a recent data breach that purloined customers’ email addresses and other personal information, but so far there are no signs the hackers stole any passwords or financial information.
The breach is believed to have happened late last year, and affected 72 million email addresses, according to information cited by the cybersecurity website Have I Been Pwned. Some of the records taken also included personal information that included names, genders, birthdates and ZIP codes.
In an Under Armour statement acknowledging its investigation into the claims of a data breach, the Baltimore-based company said: “We have no evidence to suggest this issue has affected UA.com or systems used to process payments or store customer passwords. Any implication that sensitive personal information of tens of millions of customers has been compromised is unfounded.”
Have I Been Pwned CEO Troy Hunt said that he agrees with Under Armour’s assertion, based on the information that has emerged so far. But he also said he was surprised by the lack of an official disclosure statement from the company.
bleepingcomputer.com
By Lawrence Abrams
January 15, 2026
Exclusive: Food delivery platform Grubhub has confirmed a recent data breach after hackers accessed its systems, with sources telling BleepingComputer the company is now facing extortion demands.
"We're aware of unauthorized individuals who recently downloaded data from certain Grubhub systems," Grubhub told BleepingComputer.
"We quickly investigated, stopped the activity, and are taking steps to further increase our security posture. Sensitive information, such as financial information or order history, was not affected."
Grubhub would not respond to any further questions regarding the breach, including when it occurred, whether customer data was involved, or if they were being extorted.
However, the company confirmed that it is working with a third-party cybersecurity firm and has notified law enforcement.
Last month, Grubhub was also linked to a wave of scam emails sent from its b.grubhub.com subdomain that promoted a cryptocurrency scam promising a tenfold return on Bitcoin payments.
Grubhub said at the time that it contained the issue and took steps to prevent further unauthorized messages, but would not answer further questions related to the incident.
It is unclear if the two incidents are connected.
Extorted by hackers
While Grubhub would not share further details, multiple sources have told BleepingComputer that the ShinyHunters cybercrime group is extorting the company.
BleepingComputer attempted to verify these claims with the threat actors, but they refused to comment.
According to sources, the threat actors are demanding a Bitcoin payment to prevent the release of older Salesforce data from a February 2025 breach and newer Zendesk data that was stolen in the recent breach.
Grubhub uses Zendesk to power its online support chat system, which provides support for orders, account issues, and billing.
While it is unclear when the breach occurred, BleepingComputer was told that it was through secrets/credentials stolen in the recent Salesloft Drift data theft attacks.
In August, threat actors used stolen OAuth tokens for Salesloft's Salesforce integration to conduct a data theft campaign between August 8 and August 18, 2025.
According to a report by Google's Threat Intelligence team (Mandiant), the stolen data was then used to harvest credentials and secrets to conduct follow-up attacks on other platforms.
"GTIG observed UNC6395 targeting sensitive credentials such as Amazon Web Services (AWS) access keys (AKIA), passwords, and Snowflake-related access tokens," reports Google.
ShinyHunters claimed at the time to be behind the breach, stating they stole approximately 1.5 billion data records from the "Account", "Contact", "Case", "Opportunity", and "User" Salesforce object tables for 760 companies.
As threat actors continue to abuse previously stolen Salesforce data to carry out follow-on attacks, organizations impacted by the Salesloft Drift breaches must rotate all affected access tokens and secrets as soon as possible if they have not already done so.
bleepingcomputer.com
By Sergiu Gatlan
January 5, 2026
NordVPN denied allegations that its internal Salesforce development servers were breached, saying that cybercriminals obtained "dummy data" from a trial account on a third-party automated testing platform.
The company's statement comes after a threat actor (using the 1011 handle) claimed on a hacking forum over the weekend that they stole more than 10 databases containing sensitive information like Salesforce API keys and Jira tokens, following a brute-force attack against a NordVPN development server.
"Today i am leaking +10 DB's source codes from a nordvpn development server. This information was acquired by bruteforcing a misconfigured server of Nordypn, which has salesforce and jira information stored. Compromissed information: SalesForce api keys, jira tokens and more," the threat actor said.
However, as NordVPN revealed today, this is actually test data stolen from a temporary test environment deployed months earlier during trial testing a potential vendor for automated testing.
The Lithuanian VPN service added that the test environment had no connection with its own infrastructure and that the stolen data doesn't include sensitive customer or business information.
"The leaked elements, such as the specific API tables and database schemas can only be artifacts of an isolated third-party test environment, containing only dummy data used for functionality checks. While no data in the dump points to NordVPN, we have contacted the vendor for additional information," NordVPN explained.
"Because this was a preliminary test and no contract was ever signed, no real customer data, production source code, or active sensitive credentials were ever uploaded to this environment.
"We ultimately chose a different vendor and did not proceed with the one we tested. The environment in question was never connected to our production systems."
While this was only a false alarm, in 2019, hackers breached the servers of NordVPN and TorGuard, gaining full root access and stealing private keys used to secure their web servers and VPN configurations.
In response to the 2019 incident, NordVPN introduced a bug bounty program and hired outside cybersecurity experts for a "full-scale" third-party security audit.
The company also announced plans to switch to dedicated servers that they own exclusively and to upgrade their entire 5,100-server infrastructure to RAM servers.
cybernews.com
Ernestas Naprys
Senior Journalist
Published: 2 January 2026
An investigative journalist has infiltrated the white supremacist dating website WhiteDate and exfiltrated over 8,000 profiles and 100GB of data. Photos and other sensitive details have been made public, and the full “WhiteLeaks” data is available to journalists and researchers on DDoSecrets.
An “old-school anarchist researcher,” who goes by the online pseudonym Martha Root, claims to have breached a racist dating site and two similar platforms.
The leak affects WhiteDate, a white supremacist dating site for “Europids seeking tribal love,” WhiteChild, a white supremacist site focused on family and ancestry, and WhiteDeal, a networking and professional development site for people with a racist worldview.
All three platforms were operated by a right-wing extremist from Germany.
“I infiltrated a racist dating site and made nazis fall in love with robots,” Root claims.
The journalist found that websites’ cybersecurity hygiene was so poor that it “would make even your grandma’s AOL account blush.”
“Imagine calling yourselves the ‘master race’ but forgetting to secure your own website – maybe try mastering to host WordPress before world domination.”
What data was exposed?
The researcher created a website okstupid.lol, where 8,000 leaked profiles are placed on the map, exposing users from very different regions of the world.
he data includes highly sensitive and detailed self-reported information, such as usernames, gender, age, location, activity history, lifestyle, height, eye color, hair color, and other physical appearance traits, income range, education, marital status, religion, and even self-assessed IQ, among many other fields.
Notably, the dataset also contains numerous profile photos, along with embedded EXIF metadata that reveals precise GPS coordinates, device information, timestamps, and other identifying details.
The researcher claims that image metadata “practically hands out home addresses.”
“Would like to find a woman who understands the value of nation and race, seeks the truth,” one of the exposed profiles reads.
whitedate-exposed-acc2
Root claims that the platform’s gender ratio “makes the Smurf village look like a feminist utopia” – the site is overwhelmingly male.
“For now,” the emails and private messages haven’t been publicly exposed. However, the dataset, dubbed “WhiteLeaks,” has been made available to researchers and journalists on Distributed Denial of Secrets (DDoSecrets), a nonprofit whistleblower site.
The researcher also disclosed that the entire operation was run by a Paris-based company called Horn & Partners, and they identified the woman behind the company.
Investigative journalists and Root presented the data and findings at the 39th Chaos Communications Congress in Germany.
“Martha is whatever the antifascist movement needs at the moment: a ghost in their servers, a thorn in their mythologies, and an intelligence that refuses obedience,” the researcher’s bio on the site reads.
databreaches.net
Posted on December 25, 2025 by Dissent
Over the years, DataBreaches has been contacted by many people with requests for help notifying entities of data leaks or breaches. Some of the people who contact this site are cybercriminals, hoping to put pressure on their victims. Others are researchers who are frustrated by their attempts at responsible disclosure.
When it’s a “blackhat” contacting this site, DataBreaches often responds by seeking more information from them, and may even contact their target to ask for confirmation or a statement about claims that are being made. Usually, DataBreaches does not report on the attack or claims at that time, so as not to add to the pressure the entity might be under to pay some extortion. Occasionally, though, depending on the circumstances and the length of time since the alleged breach, this site may report on an attack that an entity has not yet disclosed, especially if personal information is already being leaked.
Some people have questioned whether I have been too friendly with cybercriminals or a mouthpiece for them. Occasionally, I have even been accused of aiding criminals. I’ve certainly knowingly aided some criminals who have contacted me over the years if they are trying to do the right thing or turn their lives around. And I’ve also helped some cybercriminals in ways I cannot reveal here because it involves off-the-record situations. One person recently referred to me as the “threat actor whisperer.”
The reality is that I talk to most cybercriminals as people and chatting with them gives me greater insights into their motivations and thinking. And, of course, it occasionally gives me tips and exclusives relevant to my reporting.
Do some threat actors lie to me? Undoubtedly. I resent being “played” and I get mad at myself if I have been duped.
The remainder of this post is about a data leak on a few forums involving data from WIRED and Condé Nast and how DataBreaches was “played.”
A Message on Signal
On November 22, a message request appeared on Signal from someone called “Lovely.” The avatar was a cute kitten, and the only message was “Hello.”
DataBreaches’ first thought was that this was a likely scammer, but curiosity prevailed, so I accepted the request. What they wrote next surprised me:
Can you try to get me a security contact at Condé Nast? I emailed them about a serious vulnerability on one of their websites a few days ago but I haven’t received a response ye
“Lovely,” who assured me they were not seeking a bug bounty or any payment, said they were simply trying to inform Condé Nast of a vulnerability that could expose account profiles and enable an attacker to change accounts’ passwords. On inquiry, they claimed they had only downloaded a few profiles as proof of the vulnerability.
“Lovely” showed me screenshots of attempts to inform WIRED and Condé Nast via direct contact with one of their security reporters and someone who claimed to be from their security team.
They also showed me my own registration data from WIRED.com, which was accurate, and the information from a WIRED reporter who also seemingly confirmed his data was also correct.
WIRED account information for DataBreaches that Lovely showed her on November 27. It shows email address and date registered and last updated among the fields.
WIRED account information for DataBreaches that Lovely showed her on November 27. It shows email address and date registered and last updated among the fields.
It all seemed consistent with what they had claimed.
Despite its vast wealth, Condé Nast lacks a security.txt file that explains how to report a vulnerability to them. Nowhere on its site did it plainly explain how to report a vulnerability to them.
Trying to help Condé Nast avoid compromise of what was described to me as a serious vulnerability risking more than 33 million users’ accounts, I reached out to people I know at WIRED. I also reached out to Condé Nast but received no replies from them.
When the “Researcher” Really Is Dishonorable
Weeks of failed attempts to get a response from Condé Nast followed and Lovely started stating that they were getting angry and thinking about leaking a database just to get the firm’s attention. Leaking a database? They had assured me they had only downloaded a few profiles as proof. But now they stated they had downloaded more than 33 million accounts. They wrote:
We downloaded all 33 million user’s information. The data includes email address, name, phone number, physical address, gender, usernames, and more.
The vulnerabilities allow us to
– view the account information of every Condé Nast account
– change any account’s email address and password
They also provided DataBreaches with a list of the json files showing the number of user accounts for each publication. Not all publications had all of the types of information.
DataBreaches reached out to Condé Nast again with that information, but again received no reply. A contact at WIRED was able to get the firm’s security team to engage and Lovely eventually told DataBreaches that they had made contact and given the security team information on six vulnerabilities they had found.
Six? How many lies had Lovely told me? Lovely asked me to hold off on reporting until the firm had time to remediate all the vulnerabilities. DataBreaches agreed, for the firm’s sake, but by now, had no doubts that Lovely had been dishonest and she had been “played.”
Eventually, Lovely sent a message that everything had now been remediated. DataBreaches asked, “Did they pay you anything?” And that’s when Lovely answered, “Not yet.” DataBreaches subsequently discovered that they have been leaking data from WIRED on at least two forums, with a list of all the json files they intend to leak. Or perhaps they intend to sell some of the data. Either way, they lied to this blogger to get her help in reaching Condé Nast.
“Regrets, I’ve Had a Few”
At one point when I reached out on LinkedIn seeking a contact at Condé Nast, someone suggested that Lovely wasn’t a researcher but was a cybercriminal and that I was aiding them.
With the clarity of hindsight, he was right in one respect, although I certainly had no indication of that at the outset or even weeks later. But as I replied to him at the time, “I hope I wasn’t helping a cybercriminal, but if Condé Nast found out about a vulnerability that allowed access to 33M accounts, did I harm Condé Nast by reaching out to them, or did I help them?”
I don’t know if Condé Nast verified Lovely’s claims or not about the alleged vulnerabilities. That said, based on what I had been told, I don’t regret my repeated attempts to get their security team to contact Lovely to get information about the alleged vulnerability.
As for “Lovely,” they played me. Condé Nast should never pay them a dime, and no one else should ever, as their word clearly cannot be trusted.
Update of December 27, 2025: By now, the data leak has started to be picked up on LinkedIn by Alon Gal and on Have I Been Pwned by Troy Hunt. Condé Nast has yet to issue any public statement or respond to this site’s inquiries. As HIBP reports:
In December 2025, 2.3M records of WIRED magazine users allegedly obtained from parent company Condé Nast were published online. The most recent data dated back to the previous September and exposed email addresses and display names, as well as, for a small number of users, their name, phone number, date of birth, gender, and geographic location or full physical address. The WIRED data allegedly represents a subset of Condé Nast brands the hacker also claims to have obtained.
Hackread – Cybersecurity News, Data Breaches, AI, and More
by
Waqas
December 26, 2025
2 minute read
On December 25, while much of the world was observing Christmas, the Everest ransomware group published a new post on its dark web leak site claiming it had breached Chrysler systems, an American automaker. The group says it exfiltrated 1088 GB (over 1 TB) of data, describing it as a full database linked to Chrysler operations.
According to the threat actors, the stolen data spans from 2021 through 2025 and includes more than 105 GB of Salesforce related information. Everest claims the data contains extensive personal and operational records tied to customers, dealers, and internal agents.
Everest Ransomware Group Claims Theft of Over 1TB of Chrysler Data
Screenshot from the Everest ransomware group’s dark web leak site (Credit: Hackread.com)
Leaked Screenshots and Sample Data Details
Screenshots shared by the group and reviewed for this report appear to show structured databases, internal spreadsheets, directory trees, and CRM exports. Several images display Salesforce records containing customer interaction logs with names, phone numbers, email addresses, physical addresses, vehicle details, recall case notes, and call outcomes such as voicemail, disconnected, wrong number, or callback scheduled.
Everest Ransomware Group Claims Theft of Over 1TB of Chrysler Data
Related screenshots (Credit: Hackread.com)
The same material also includes agent work logs documenting call attempts, recall coordination steps, appointment handling, and vehicle status updates, such as sold, repaired, or owner not found.
Additional screenshots appear to reference internal file servers and directories labelled with dealer networks, automotive brands, recall programs, FTP paths, and internal tooling. One set of images also suggests the presence of HR or identity-related records, listing employee names, employment status fields such as active or permanently separated, timestamps, and corporate email domains associated with Stellantis.
For your information, Stellantis is a global automaker behind brands such as Jeep, Chrysler, Dodge, and FIAT. The automaker was also a victim of a cyber attack in September 2025.
Samples published by the attackers also include recall case narratives documenting customer conversations, interpreter use, dealership coordination, appointment scheduling, and follow-up actions. These records align with standard automotive recall support and customer service processes and are consistent with the CRM data shown in other samples.
The group has threatened to publish the full dataset once its countdown timer expires, stating that the company still has time to make contact. Everest also announced plans to release audio recordings linked to customer service interactions, further escalating the pressure.
Unconfirmed Pending Chrysler Response
Ransomware groups increasingly time disclosures around holidays, when incident response capacity is often reduced. At the time of writing, Chrysler has not publicly confirmed the breach or commented on the claims, and independent verification remains limited.
If validated, the alleged exposure would raise significant concerns regarding customer privacy, internal operational security, and third-party platform governance, given the reported scale and sensitivity of the CRM and recall management data involved.
This story is developing.
bbc.com
Sam Francis
Political reporter
19.12.2025
The trade minister says information was accessed and an investigation has been launched.
Government data has been stolen in a hack though officials believe the risk to individuals is "low", a minister has said.
Trade Minister Chris Bryant told BBC Breakfast "an investigation is ongoing" into the hack, adding that the security gap was "closed pretty quickly".
A Chinese affiliated group is suspected of being behind the attack, but Bryant said investigators "simply don't know as yet" who is responsible.
That data is understood to have been on systems operated on the Home Office's behalf by the Foreign Office, whose staff detected the incident.
"We think that it's a fairly low-risk that individuals will have been compromised or affected," Bryant said.
It comes after the Sun newspaper reported that hackers affiliated to the Chinese state accessed the data in October with information possibly including visa details targeted.
The incident has been referred to the Information Commissioners Office.
UK intelligence agencies have warned about increasing, large-scale espionage from China, using cyber and other means, and targeting commercial and political information.
The cyber-agency GCHQ said last year that it was devoting more resources to counter threats from China than any other nation.
"Government facilities are always going to be potentially targeted," Bryant said on Friday.
"We are working through the consequences of what this is."
"This is a part of modern life that we have to tackle and deal with," Bryant added, pointing to major hacks in recent years at Jaguar Land Rover, Marks & Spencer and the British Library.
Confirmation of a hack by a Chinese state group would be awkward for the government ahead of a planned visit to Beijing next year by Sir Keir Starmer, the first by a UK prime minister since 2018.
The Labour government has said it is important to engage with China as it cannot be ignored on trade, climate change and other major issues, but face-to-face meetings also provide a forum for robust exchanges about issues affecting UK security.
The Chinese government has consistently denied it backs cyber-attacks targeting the UK.
Last year, responding to the UK government's National Security Strategy, a spokesperson for the Chinese embassy in London said "accusations such as Chinese espionage, cyber-attacks, and transnational repression against the UK are entirely fabricated, malicious slander".
Earlier this month, Sir Keir said UK government policy towards China could not continue to blow "hot and cold".
Failing to navigate a relationship with China, he said, would be a "dereliction of duty" when China is a "defining force in technology, trade and global governance".
Building a careful relationship would instead bolster the UK's place as a leader on the international stage and help secure UK national interests, Sir Keir said, while still recognising the "reality" that China "poses national security threats".
techcrunch.com
1:06 PM PST · December 10, 2025
Zack Whittaker
CEO of South Korean retail giant techcrunch.comresigns after massive data breach
Park Dae-jun has resigned as chief executive of South Korean retail giant Coupang after a data breach exposed the personal information of more than half of the country’s population.
In a statement, Park apologized for the breach, citing a “deep sense of responsibility for the outbreak and the subsequent recovery process.”
Coupang has replaced Park with Harold Rogers, the top lawyer at Coupang’s U.S.-based parent company, according to a machine translation of the company statement.
The retail giant, often compared to Amazon for its dominance in South Korean e-commerce and logistics, last month revealed details of a data breach affecting close to 34 million people. The breach allegedly began in June but wasn’t noticed until November, when Coupang initially said over 4,500 customers had their data stolen. The company later revised that figure dramatically upward.
The Coupang hack is the latest in a string of security incidents affecting corporate giants and the central government across the country this year, including a data center fire that led to a massive, irretrievable loss of South Korean government data.
| Freedom Mobile
December 3, 2025
At Freedom Mobile, we take the protection of personal information very seriously. We want to inform you about a recent privacy incident that requires your attention.
On October 23, we detected unauthorized activity on our customer account management platform. Our investigation revealed that a third party used the account of a subcontractor to gain access to the personal information of a limited number of our customers. We quickly identified the incident and implemented corrective measures and security enhancements, including blocking the suspicious accounts and corresponding IP addresses.
While our teams continue to closely monitor the situation to prevent any further unauthorized access, we wanted to inform you of the incident so that you can take precautionary measures.
What personal information was accessed?
First and last name
Home address
Date of birth
Phone number (home and/or cell)
Freedom Mobile account number
Rest assured that this incident did not affect your payment information or passwords.
Although we have no reason to believe that this information was misused, we encourage you to follow best practices to protect your data:
Protect your personal information: Be cautious of any unexpected messages asking for personal information or directing you to a website to enter it. Freedom Mobile will never ask you for personal information such as credit card numbers, banking information, passwords, or PIN codes by email or SMS.
Stay alert with messages: Avoid clicking on links or downloading attachments from emails or texts that seem suspicious.
Monitor your accounts: Regularly check your accounts for unusual or suspicious activity.
To learn more about different types of fraud and how to protect yourself, visit the Canadian Anti-Fraud Centre website at https://antifraudcentre-centreantifraude.ca.
We’re sorry this happened and understand it may cause concern. If you have any questions, please contact us at privacyofficer@freedommobile.ca
Thank you for your attention.
chosun.com
Coupang Executives Sell Shares After Data Breach Coupang executives sold shares post-breach; President Lee Jae-myung seeks responsibility Amid growing
Amid growing calls for accountability against Kim Bom-suk, 47, chairman of Coupang Inc., over the data breach affecting 33.7 million individuals, it has been confirmed that key Coupang executives sold billions of won worth of company stock. The timing of these sales—immediately after the incident—is expected to spark significant controversy.
According to a U.S. Securities and Exchange Commission (SEC) filing on the 2nd (local time), Gaurav Anand, Coupang’s chief financial officer (CFO), reported selling 75,350 Coupang Inc. shares at approximately $29 per share on the 10th of last month. The sale amounted to around $2.186 million (approximately 3.2 billion Korean won). Additionally, former Vice President Pranam Kolari sold 27,388 Coupang shares on the 17th of last month, with the transaction valued at $772,000 (approximately 1.13 billion Korean won). Kolari, who oversaw search and recommendation technologies, resigned on the 14th of last month. However, the SEC confirmed he had notified the company of his resignation on October 15th, prior to the incident.
According to a breach incident report submitted to the Korea Internet & Security Agency (KISA) and obtained by the office of Science, ICT, Broadcasting, and Communications Committee Chairman Representative Choi Min-hee, Coupang reported unauthorized access to its account information at 6:38 p.m. on the 6th of last month. This predates the executives’ stock sales. However, the company recorded the time of awareness as 10:52 p.m. on the 18th of last month. While the sales occurred before the company publicly acknowledged the breach, the transactions took place after the incident itself, making controversy inevitable.
Domestically, criticism has emerged holding Chairman Kim ultimately responsible for the incident. President Lee Jae-myung also stated during a Cabinet meeting on the 2nd, “Coupang has caused significant public concern. The cause of the accident must be identified swiftly, and responsibility must be held strictly,” while instructing measures such as strengthening penalties and implementing a punitive damages system.
| TechCrunch
Zack Whittaker
10:55 AM PST · December 3, 2025
Marquis said ransomware hackers stole reams of banking customer data, containing personal information and financial records, as well as Social Security numbers, belonging to hundreds of thousands of people. The number of affected people is expected to rise.
Fintech company Marquis is notifying dozens of U.S. banks and credit unions that they had customer data stolen in a cyberattack earlier this year.
Details of the cyberattack emerged this week after Marquis filed data breach notices with several U.S. states confirming its August 14 incident as a ransomware attack.
Texas-based Marquis is a marketing and compliance provider that allows banks and other financial institutions to collect and visualize all of their customer data in one place. The company counts more than 700 banking and credit union customers on its website. As such, Marquis has access to and stores large amounts of data belonging to consumer banking customers across the United States.
At least 400,000 people are so far confirmed affected by the data breach, according to legally required disclosures filed in the states of Iowa, Maine, Texas, Massachusetts, and New Hampshire that TechCrunch has reviewed.
Texas has the largest number of state residents so far who had data stolen in the breach, affecting at least 354,000 people.
Marquis said in its notice with Maine’s attorney general that banking customers with the Maine State Credit Union accounted for the majority of its data breach notifications, or around one-in-nine people who are known to be affected throughout the state.
The number of individuals affected by the breach is expected to rise as more data breach notifications roll in from other states.
Marquis said the hackers stole customer names, dates of birth, postal addresses, and financial information, such as bank account, debit, and credit card numbers. Marquis said the hackers also stole customers’ Social Security numbers.
According to its most recent notices, Marquis blamed the ransomware attack on hackers who exploited a vulnerability in its SonicWall firewall. The vulnerability was considered a zero-day, meaning the flaw was not known to SonicWall or its customers before it was maliciously exploited by hackers.
Marquis did not attribute the ransomware attack to a particular group, but the Akira ransomware gang was reportedly behind the mass-hacks targeting SonicWall customers at the time.
TechCrunch asked Marquis if it is aware of the total number of people affected by the breach, and if Marquis received any communication from the hackers or if the company paid a ransom, but we did not hear back by the time of publication.
securityweek.com
ByIonut Arghire| November 24, 2025 (7:14 AM ET)
Spanish flag carrier Iberia is notifying customers that their personal information was compromised after one of its suppliers was hacked.
In Spanish-written emails sent on Sunday, a copy of which threat intelligence provider Hackmanac shared on social media, the company said that names, email addresses, and frequent flyer numbers were stolen in the attack.
According to Iberia, no passwords or full credit card data was compromised in the attack, and the incident was addressed immediately after discovery.
The airline said it also improved customer account protections by requiring a verification code to be provided when attempting to change the email address associated with the account.
Iberia said it has notified law enforcement of the incident and that it has been investigating it together with its suppliers.
The company did not say when the data breach occurred and did not name the third-party supplier that was compromised. It is unclear if the incident is linked to recently disclosed hacking campaigns involving Salesforce and Oracle EBS customers.
It should also be noted that Iberia sent out notifications roughly one week after a threat actor boasted on a hacking forum about having stolen roughly 77 gigabytes of data from the airline’s systems.
The hacker claimed to have stolen ISO 27001 and ITAR-classified information, technical aircraft documentation, engine data, and various other internal documents.
Asking $150,000 for the data, the threat actor was marketing it as suitable for corporate espionage, extortion, or resale to governments.
Founded in 1927, Iberia merged with British Airways in 2011, forming International Airlines Group (IAG), which also owns Aer Lingus, BMI, and Vueling. Iberia currently has an all-Airbus fleet, operating on routes to 130 destinations worldwide.
bleepingcomputer.com
By Bill Toulas
November 20, 2025
Data from Italy's national railway operator, the FS Italiane Group, has been exposed after a threat actor breached the organization's IT services provider, Almaviva.
The hacker claims to have stolen 2.3 terabytes of data and leaked it on a dark web forum. According to the threat actor's description, the leak includes confidential documents and sensitive company information.
Almaviva is a large Italian company that operates globally, providing services such as software design and development, system integration, IT consulting, and customer relationship management (CRM) products.
Andrea Draghetti, Head of Cyber Threat Intelligence at D3Lab, says the leaked data is recent, and includes documents from the third quarter of 2025. The expert ruled out the possibility that the files were recycled from a Hive ransomware attack in 2022.
"The threat actor claims the material includes internal shares, multi-company repositories, technical documentation, contracts with public entities, HR archives, accounting data, and even complete datasets from several FS Group companies," Draghetti says.
"The structure of the dump, organized into compressed archives by department/company, is fully consistent with the modus operandi of ransomware groups and data brokers active in 2024–2025," the cybersecurity expert added.
Almaviva is a major IT services provider with over 41,000 employees across almost 80 branches in Italy and abroad, and an annual turnover of $1.4 billion last year.
FS Italiane Group (FS) is a 100% state-owned railway operator and one of the largest industrial companies in the country, with more than $18 billion in annual revenue. It manages railway infrastructure, passenger and freight rail transport, and also bus services and logistics chains.
While BleepingComputer’s press requests to both Almaviva and FS went unanswered, the IT firm eventually confirmed the breach via a statement to local media.
“In recent weeks, the services dedicated to security monitoring identified and subsequently isolated a cyberattack that affected our corporate systems, resulting in the theft of some data,” Almaviva said.
“Almaviva immediately activated security and counter-response procedures through its specialized team for this type of incident, ensuring the protection and full operability of critical services.”
The company also stated that it has informed authorities in the country, including the police, the national cybersecurity agency, and the country’s data protection authority. An investigation into the incident is ongoing with help and guidance from government agencies.
Almaviva promised to transparently provide updates as more information emerges from the investigation.
Currently, it is unclear if passenger information is present in the data leak or if the data breach is impacting other clients beyond FS.
BleepingComputer has contacted Almaviva with additional questions, but we have not received a response by publication time.
| TechCrunch
Zack Whittaker
5:09 AM PST · November 17, 2025
The defacement of Protei's website said "another DPI/SORM provider bites the dust," apparently referring to the company selling its web intercept and surveillance products to phone and internet providers.
A Russian telecom company that develops technology to allow phone and internet companies to conduct web surveillance and censorship was hacked, had its website defaced, and had data stolen from its servers, TechCrunch has learned.
Founded in Russia, Protei makes telecommunications systems for phone and internet providers across dozens of countries, including Bahrain, Italy, Kazakhstan, Mexico, Pakistan and much of central Africa. The company, now headquartered in Jordan, sells video conferencing technology and internet connectivity solutions, as well as surveillance equipment and web-filtering products, such as deep packet inspection systems.
It’s not clear exactly when or how Protei was hacked, but a copy of the company’s website saved on the Internet Archive’s Wayback Machine shows it was defaced on November 8. The website was restored soon after.
During the breach, the hacker obtained the contents of Protei’s web server — around 182 gigabytes of files — including emails dating back years.
A copy of Protei’s data was provided to DDoSecrets, a nonprofit transparency collective that indexes leaked datasets in the public interest, including data from law enforcement, government agencies, and companies involved in the surveillance industry.
Mohammad Jalal, the managing director of Protei’s branch in Jordan, did not respond to a request for comment about the breach.
The identity of the hacker is not known, nor their motivations, but the defaced website read: “another DPI/SORM provider bites the dust.” The message likely references the company’s sales of deep packet inspection systems and other internet filtering technology for the Russian-developed lawful intercept system known as SORM.
SORM is the main lawful intercept system used across Russia as well as several other countries that use Russian technology. Phone and internet providers install SORM equipment on their networks, which allows their country’s governments to obtain the contents of calls, text messages, and web browsing data of the networks’ customers.
Deep-packet inspection devices allow telecom companies to identify and filter web traffic depending on its source, such as a social media website or a specific messaging app, and selectively block access. These systems are used for surveillance and censorship in regions where freedom of speech and expression are limited.
The Citizen Lab reported in 2023 that Iranian telecoms giant Ariantel had consulted with Protei about technology for logging internet traffic and blocking access to certain websites. Documents seen and published by The Citizen Lab show that Protei touted its technology’s ability to restrict or block access to websites for specific people or entire swathes of the population.
www.politico.com
Katherine Tully-McManus
11/10/2025, 2:01pm ET
Library of Congress employees were informed to take caution when emailing the office of the congressional scorekeeper.
A cybersecurity breach discovered last week affecting the Congressional Budget Office is now considered “ongoing,” threatening both incoming and outgoing correspondence around Congress’ nonpartisan scorekeeper.
Employees at the Library of Congress were warned in a Monday email, obtained by POLITICO, that the CBO cybersecurity incident is “affecting its email communications” and that library staff should take a range of measures to protect themselves.
Library of Congress workers also were told to restrict their communication with the nonpartisan agency tasked with providing economic and budgetary information to lawmakers.
“Do NOT click on any links in emails from CBO. Do NOT share sensitive information with CBO colleagues over email, Microsoft Teams, or Zoom at this time,” the email reads.
“Maintain a high level of vigilance and verify the legitimacy of CBO communications by confirming with the sender via telephone that they sent the message,” the note continues.
Congressional staff are in regular communication with CBO regarding scores of legislation and cost estimates the agency prepares for bills in both the House and Senate.
There was no immediate information Monday about the broader implications that a legislative branch office was continuing to experience cybersecurity vulnerabilities.
A CBO spokesperson said last week that officials had taken “immediate action to contain” the breach as officials investigate the incident.
When asked for comment Monday about ongoing issues, the CBO spokesperson referred to the prior statement.
forbes.com
By Lars Daniel
Nov 10, 2025
Hyundai is alerting millions of customers about a data breach that exposed Social Security numbers and driver's licenses.
Hyundai is alerting millions of customers about a data breach that exposed Social Security numbers and driver's licenses. The breach, which occurred in February but is only now being disclosed, represents the automotive giant's third major security incident in as many years.
How the Breach Happened
Think of Hyundai AutoEver America, or HAEA, as the digital nervous system for Hyundai, Kia and Genesis operations in North America. This California-based company manages everything from the software that enables remote car features to the computer systems dealerships use to process your purchase.
Between February 22 and March 2 of this year, hackers broke into these systems and roamed freely for nine days before being detected. That’s like a burglar having unsupervised access to a bank vault for over a week. Plenty of time to identify and steal important data.
The company discovered the intrusion on March 1st and says it immediately kicked the attackers out and brought in cybersecurity forensics teams. But the investigation took months, and notification letters are now being sent out to those confirmed to be affected: more than seven months after the attack ended.
What Information Was Stolen
The exposed data includes:
Hyundai AutoEver hasn’t said exactly how many people were affected, but regulatory filings show the breach reached multiple states. The upper limit is potentially massive: HAEA’s systems connect to 2.7 million vehicles across North America.
To put that in perspective, that’s roughly the entire population of Chicago potentially at risk. However, only individuals confirmed to be affected will receive notification letters.
This Keeps Happening to Hyundai
This isn’t Hyundai's first rodeo with hackers.
In early 2024, the Black Basta ransomware gang hit Hyundai Motor Europe, claiming to steal 3 terabytes of data, equivalent to about 750,000 digital photos or five hundred hours of high-definition video. That attack exposed everything from HR records to legal documents across multiple departments.
Before that, in 2023, breaches at Hyundai's Italian and French operations leaked customer email addresses, home addresses, and vehicle identification numbers.
Security researchers have also found serious vulnerabilities in Hyundai and Kia’s smartphone apps that could let hackers remotely control vehicles.
The Modern Car Is a Computer on Wheels
Here's what makes automotive breaches particularly concerning: Your car isn't just transportation anymore. It's a rolling data center.
Modern vehicles collect and transmit information constantly:
Where you drive and when
Your home and work addresses
How fast you accelerate and brake
When you service your vehicle
Your purchase and financing details
When hackers breach the IT provider managing this digital ecosystem, they don’t just get your Social Security number. They potentially access a comprehensive profile of your life and habits. It’s like the difference between someone stealing your wallet versus breaking into your phone. The phone contains exponentially more information about you.
What You Should Do Right Now
If you own or lease a Hyundai, Kia, or Genesis vehicle:
Immediate Actions:
Check your credit reports for unauthorized accounts or inquiries. You can get free reports at AnnualCreditReport.com
Monitor bank and credit card statements weekly for suspicious charges
Enable transaction alerts on your financial accounts
If You Receive a Notification Letter:
Enroll in the free credit monitoring within 90 days using the unique code provided
The service runs for two years and monitors all three credit bureaus
Call the dedicated hotline at 855-720-3727 with questions
For Everyone, Breached or Not:
Consider a credit freeze with Equifax, Experian and TransUnion. This prevents identity thieves from opening new accounts in your name
Enable fraud alerts which require creditors to verify your identity before issuing credit
Watch for phishing scams exploiting breach news. Hyundai will never ask for your Social Security number or payment information via email
The Uncomfortable Truth About Data Breaches
Data breaches have become depressingly routine. In 2024 alone, major incidents hit healthcare providers, retailers, financial institutions, and now automotive companies joining the list with alarming frequency.
But there's something particularly unsettling about automotive breaches. You chose your bank and can switch it. You chose your doctor and can change providers. But if you bought a Hyundai three years ago, you're stuck with their security practices until you sell the vehicle. Your data sits in their systems whether you like it or not.
And unlike a credit card breach where the bank typically covers fraudulent charges, identity theft involving Social Security numbers can create problems that take years to resolve. Victims may discover the theft only when they're denied a loan, receive bills for services they never used, or have their tax returns rejected because someone else already filed using their information.
What Hyundai Is Saying
In its breach notification, Hyundai AutoEver stated: "We regret that this incident occurred and take the security of personal information seriously."
The company says it’s investing in "additional security enhancements designed to mitigate future risk." But given this is the third major breach in three years across Hyundai Motor Group entities, many cybersecurity experts argue the company needs more than enhancements: it needs a fundamental security overhaul.
The automotive industry finds itself caught between competing pressures. Customers want connected features: remote start from their phone, navigation that predicts traffic, software updates that add new capabilities. These features require extensive data collection and cloud connectivity.
But every connection creates a potential vulnerability. Every database becomes a target. And when IT providers centralize services for millions of vehicles, they become high-value targets offering hackers a massive potential payoff from a single breach.
The challenge for automakers isn’t just fixing the specific vulnerabilities that enabled this breach. It’s fundamentally rethinking how they secure the growing mountain of customer data their business models now require.
techdigest.tv
10 November 2025
Chris Price
A catastrophic data breach at Chinese cybersecurity firm Knownsec has exposed a state-backed cyber arsenal and global surveillance targets.
A prominent Chinese cybersecurity firm with ties to the government, Knownsec, has suffered a catastrophic data breach, exposing over 12,000 classified documents detailing the inner workings of China’s state-sponsored cyber espionage program.
The leak of over 12,000 classified documents provides an unprecedented window into the operational infrastructure supporting China’s intelligence-gathering efforts, triggering significant international concern.
The leaked materials initially appeared on GitHub before being removed for terms-of-service violations. They reveal a vast technical arsenal, including sophisticated Remote Access Trojans (RATs) engineered to compromise every major operating system, specifically Linux, Windows, macOS, iOS, and Android.
The documents detail the use of highly specialized surveillance tools. These include Android attack code capable of extracting extensive message histories from popular chat applications, enabling targeted spying on specific individuals.
Even more concerning is the detail on hardware-based attack vectors. The firm allegedly developed a maliciously engineered power bank that can covertly exfiltrate data when connected to a victim’s computer, representing a sophisticated, hands-on supply-chain attack. This highlights the willingness of state-sponsored programs to invest in complex infrastructure to circumvent traditional security controls.
The archives also contain detailed spreadsheets documenting alleged breaches against more than 80 overseas targets. The scale of the data theft is massive, listing 95GB of immigration records from India, 3TB of call records from South Korea’s LG U Plus, and 459GB of road planning data from Taiwan.
The target list explicitly names over twenty countries and regions, including the United Kingdom, Japan, and Nigeria.
Knownsec, founded in 2007 and backed by Tencent, holds a trusted position within China’s security apparatus, providing services to government departments and major financial institutions. This prominence amplifies the significance of the leak.
In response to the disclosure, a Chinese Foreign Ministry spokesperson was evasive, stating unfamiliarity with any Knownsec breach while asserting that China “firmly opposes and combats all forms of cyberattacks.”
Analysts note this measured response avoided denying government support for such operations, underscoring Beijing’s positioning of cyber activities as national security instruments. Cybersecurity specialists worldwide are now studying the exposed data to improve global defense strategies.
Sky News Australia
Max Melzer
An Iranian-backed hacking group has posted plans for Australia's new $7 billion infantry fighting vehicles online following a spate of attacks on Israeli arms companies.
Plans for Australia's new $7 billion Redback infantry fighting vehicles have been stolen and posted online by Iran-backed hackers following a spate of attacks on Israeli arms companies.
Cyber Toufan, a hacking group believed to have ties to the Iranian state, posted classified 3D renderings and technical details of the next generation fighting vehicles on Telegram.
The group claimed to have stolen confidential data from 17 Israeli defence companies in a major cyberattack carried out after it gained access to supply chain firm MAYA Technologies over a year ago.
Israel’s Elbit Systems, which was contracted to provide hi-tech weapons turrets for the Redbacks, was among the companies targetted.
Skynews.com.au has contacted Elbit Systems for comment.
In addition to the exposure of sensitive details about the fighting vehicles' technical specifications, the documents posted by Cyber Toufan also revealed the Australian Defence Force had apparently been weighing whether to purchase Spike NLOS anti-tank missiles from the Israeli company.
It is not fully clear how much data was stolen in the hack or whether the details published online could be used to develop countermeasures to the Redback's defensive and offensive capabilities.
The Australian Army is set to receive 127 of the fighting vehicles under a roughly $7 billion contract with South Korean firm Hanwha Defence.
Elbit Systems' turrets will be affixed to the Redback's under a separate contract worth around $920 million.
The Israeli firm's involvement with the project had drawn criticism due to Israel's war in Gaza, although Defence Industry Minister Pat Conroy has repeatedly defended the company's involvement.
"We make no apology for getting the best possible equipment for the Australian Defence Force," he told the Indo-Pacific Maritime Exposition last week.
Cyber Toufan's attacks underscore the growing threat of hacking groups targetting sensitive military data.
The Australian Signals Directorate warned in its 2025 Cyber Threat Report that government and defence-related information was "an attractive target for state-sponsored cyber actors".
AUKUS remains the principle target for hostile actors, although Australian Security Intelligence Organisation Director-General Mike Burgess revealed even "countries we consider friendly" were attempting to gather intelligence about the nuclear submarine program.
"ASIO has identified foreign services seeking to target AUKUS to position themselves to collect on the capabilities, how Australia intends to use them, and to undermine the confidence of our allies," he warned in his annual threat assessment earlier this year.
Several Australian defence projects have already faced hacks in recent years, including in 2017 when a defence contractor was breached and data on the nation's F-35 program and the Collins-class submarine program was exposed.
Shipbuilder Austal was also successfully targetted by hackers in 2018.
