Articles tagged "Data Breach"

Found 550 articles

The Illinois Department of Human Services (IDHS) recently reported a data breach affecting nearly 700,000 individuals. The breach resulted from misconfigured privacy settings that exposed sensitive personal and health information. IDHS became aware of the issue on September 22, 2025, when internal maps meant for internal use were inadvertently made accessible. This incident raises concerns about how government agencies handle sensitive data and the potential risks to affected residents, who may now face increased vulnerability to identity theft or other forms of misuse of their information. The IDHS is likely to face scrutiny over its data protection practices and the measures it will take to prevent future breaches.

Read Original
Critical
Hacker Behind Wired.com Leak Now Selling Full 40M Condé Nast Records

Hackread – Cybersecurity News, Data Breaches, AI, and More

Actively Exploited

A hacker is claiming to sell nearly 40 million user records from Condé Nast, the parent company of several well-known brands, after previously leaking data from Wired.com. This incident raises significant concerns about the security of user information across multiple major brands that fall under Condé Nast’s umbrella, including Vogue, The New Yorker, and Vanity Fair. The hacker's actions suggest a serious breach of data protection protocols, putting many users at risk of identity theft and other cybercrimes. The sale of such a vast database highlights the ongoing challenges companies face in safeguarding customer data. As the situation develops, it’s crucial for affected users to monitor their accounts for any suspicious activity and for companies to enhance their security measures to prevent future breaches.

Read Original

The Illinois Department of Human Services (IDHS) has reported a significant data breach that exposed the personal and health information of nearly 700,000 residents. This incident occurred due to incorrect privacy settings, which inadvertently made sensitive data accessible. Affected individuals may have had their names, addresses, and health records compromised, raising concerns about identity theft and privacy violations. It is crucial for those impacted to monitor their accounts and consider taking steps to protect their information. This breach underscores the importance of proper data management and security protocols within government agencies.

Read Original
Actively Exploited

Gulshan Management Services, a Texas-based gas station firm, has reported a significant data breach affecting approximately 377,000 individuals. This incident was triggered by a ransomware attack, which typically involves hackers encrypting company files and demanding payment for their release. The breach raises serious concerns about the security of customer data and the potential for identity theft. As more details emerge, affected users need to monitor their financial statements and consider taking steps to protect their personal information. This incident serves as a reminder of the persistent risks businesses face from cybercriminals and the importance of robust cybersecurity measures.

Read Original

The jsPDF library, widely used for generating PDF documents in JavaScript applications, has a critical vulnerability that allows attackers to access sensitive data from a user's local filesystem. This flaw enables malicious actors to embed local files into generated PDFs, potentially leading to data breaches. Developers using jsPDF in their applications should be particularly vigilant, as this could affect any application relying on this library for PDF generation. The implications are serious, as sensitive information could be easily extracted without user consent. Users of applications built with jsPDF need to be aware of this risk and ensure that they update to the latest version as soon as a fix is available.

Read Original
Critical
Lone Hacker Used Infostealers to Access Data at 50 Global Companies

Hackread – Cybersecurity News, Data Breaches, AI, and More

Actively Exploited

A recent report from Hudson Rock has revealed that an Iranian hacker, known as Zestix, successfully breached 50 global companies, including Iberia Airlines and Pickett & Associates. The hacker gained access by exploiting stolen passwords and taking advantage of the companies' failure to implement multi-factor authentication (MFA). This incident raises concerns about the security practices of major organizations, especially as Zestix's activities highlight vulnerabilities that could be easily mitigated. The breaches not only compromise sensitive data but also pose a significant risk to the reputation and trustworthiness of the affected companies. Organizations should reassess their security measures to prevent similar attacks in the future.

Read Original
Critical
Ledger Confirms Global-e Breach, Warns Users of Phishing Attempts

Hackread – Cybersecurity News, Data Breaches, AI, and More

Actively Exploited

Ledger has confirmed a data breach linked to its partner Global-e, which has resulted in the exposure of customer information. While sensitive data such as passwords and crypto recovery phrases were not compromised, users are now facing active phishing attempts that may target them using the leaked information. This incident raises concerns about the security of personal data in the cryptocurrency space and serves as a reminder for users to remain vigilant against phishing scams. Ledger is advising its customers to be cautious and verify any communications they receive that claim to be from the company or its partners. Staying alert is crucial as scammers may use this data to trick users into revealing more sensitive information.

Read Original

A single threat actor, identified as an initial access broker (IAB), has been linked to numerous significant data breaches across various organizations. This actor uses stolen credentials obtained through information stealers to gain unauthorized access to systems. Many companies are at risk as these breaches can lead to extensive data exposure and financial loss. Security researchers are urging organizations to bolster their defenses against credential theft, as the actor's methods highlight vulnerabilities that can be exploited. The widespread nature of these breaches emphasizes the need for improved security protocols and user awareness to protect sensitive information.

Read Original

A serious security flaw known as 'MongoBleed' has been identified in MongoDB servers, allowing attackers who are not authenticated to access sensitive information like passwords and tokens. This vulnerability is currently being exploited in the wild, raising significant concerns for organizations using MongoDB. The issue stems from a memory leak that can be exploited by attackers to extract confidential data directly from the servers. Companies running affected versions of MongoDB should prioritize patching their systems to mitigate the risk of unauthorized data access. Given the potential for serious data breaches, immediate action is essential for any organization relying on MongoDB for data storage.

Read Original
Actively Exploited

Brightspeed is currently investigating a cyberattack attributed to the hacking group Crimson Collective, which has reportedly stolen personal information of more than 1 million customers. This breach raises serious concerns about the security of sensitive data, as the stolen information could potentially be used for identity theft or fraud. Brightspeed has not disclosed specific details about the data compromised or how the attackers gained access. The incident emphasizes the ongoing risks faced by telecom companies and their customers in the digital age. Users affected by the breach should be vigilant about potential phishing attempts and monitor their accounts for unusual activity.

Read Original

Sedgwick has confirmed that hackers have breached a file transfer system within its subsidiary that caters to government agencies. This compromise raises serious concerns about the security of sensitive data handled by the subsidiary, as it primarily deals with information from various government entities. The incident highlights ongoing vulnerabilities in systems that support critical infrastructure and public services. As investigations continue, the extent of data accessed or stolen remains unclear. This attack serves as a reminder for organizations, especially those dealing with government contracts, to bolster their cybersecurity measures to protect against similar threats.

Read Original

A significant data breach involving Manage My Health has potentially compromised the sensitive information of over 120,000 patients in New Zealand. The breach raises serious concerns about the security measures in place to protect personal health data. Authorities have ordered a review to understand the extent of the breach and to prevent future incidents. This situation highlights the vulnerability of health information systems and the need for stronger protections to safeguard patient data. Patients affected by this incident may face risks related to identity theft and privacy violations, making it crucial for healthcare providers to enhance their cybersecurity practices.

Read Original

Ledger has informed some of its customers that their personal information was compromised due to a breach at Global-e, a third-party payment processor. The breach has raised concerns as it potentially exposes sensitive data like names, email addresses, and other identifying details. While Ledger itself was not directly attacked, the incident underscores the risks associated with relying on third-party services for payment processing. Customers affected by this breach should remain vigilant about their accounts and consider monitoring their financial statements for any suspicious activity. The incident also serves as a reminder for companies to ensure their third-party vendors maintain strong security practices to protect consumer data.

Read Original
Actively Exploited

A report from TRM Labs has traced $35 million in stolen cryptocurrency back to a breach of LastPass that occurred in 2022. The breach reportedly led to attackers draining funds from users' wallets, raising significant concerns about the security of password management systems. LastPass has faced scrutiny due to this incident, as it underscores the potential risks for users relying on such services to safeguard sensitive information. This situation serves as a reminder for individuals to remain vigilant about their online security practices, especially when it comes to managing passwords and sensitive financial data. Users are encouraged to review their wallet security and consider additional protective measures.

Read Original
Actively Exploited

Resecurity recently caught a group known as ShinyHunters, also referred to as Scattered Lapsus$ Hunters, using decoy accounts to target various sectors including airlines, telecommunications, and law enforcement in September 2025. This detection took place through a honeypot operation, where fake accounts were set up to lure attackers. The activities of ShinyHunters are concerning as they indicate a growing trend of sophisticated cyber attacks aimed at critical industries. The group is known for stealing sensitive data and selling it on the dark web, which poses significant risks to both organizations and individuals. Resecurity's findings emphasize the need for enhanced cybersecurity measures across these sectors to prevent future breaches.

Read Original
PreviousPage 29 of 37Next