LKQ, a major player in the auto parts industry, has confirmed a breach involving their Oracle EBS system, compromising the personal information of thousands of individuals. The attack raises serious concerns about data security, as sensitive information could be misused by cybercriminals. While LKQ has not disclosed the exact number of affected individuals, the incident underscores the vulnerabilities that can exist in enterprise resource planning systems. Companies using similar platforms should take this as a wake-up call to assess their security measures and ensure that personal data is adequately protected. The breach serves as a reminder of the increasing risks businesses face from cyberattacks in today's digital landscape.
Askul, a company specializing in e-commerce and logistics, suffered a significant data breach when the RansomHouse ransomware group targeted it in October. Around 700,000 records were compromised during this attack, raising concerns about the exposure of sensitive customer and business information. The incident highlights the ongoing risks faced by online retailers and logistics providers in today's digital landscape. Organizations like Askul must bolster their cybersecurity measures to protect against such threats and safeguard customer trust. The breach serves as a reminder for all businesses to remain vigilant and proactive in their security practices.
SoundCloud has confirmed that hackers accessed the personal information of approximately 20% of its user base. The breach raises concerns about the security of user data on the platform, as it affects a significant number of accounts. This incident could lead to potential misuse of the compromised information, such as phishing attacks or identity theft. Users are advised to change their passwords and monitor their accounts for any suspicious activity. SoundCloud's response to the breach will be crucial in restoring user trust and ensuring the security of their systems moving forward.
Credit700, a financial services firm in the U.S., has reported a significant data breach affecting approximately 5.8 million individuals. The breach involves sensitive personal information, which could put affected users at risk of identity theft and financial fraud. The company has not disclosed specific details on how the breach occurred or the exact types of data compromised. This incident raises concerns about the security measures in place to protect consumer data and serves as a reminder for users to monitor their financial accounts and consider additional security measures, such as credit monitoring services. As data breaches become more common, it's crucial for both companies and consumers to remain vigilant about data security.
Hackers linked to a group known as ShinyHunters have launched an extortion attempt against Pornhub following a data breach involving Mixpanel, an analytics platform. The breach exposed the search and viewing history of Premium users, raising serious privacy concerns. The attackers are reportedly demanding a ransom to prevent the release of this sensitive information. This incident not only affects Pornhub's reputation but also puts the personal data of its paying users at risk. As the situation unfolds, it serves as a stark reminder of the vulnerabilities that even major platforms face when it comes to user data protection.
Askul Corporation, a major Japanese e-commerce company, reported a ransomware attack by the hacker group RansomHouse, resulting in the theft of approximately 740,000 customer records. The breach, which occurred in October, raises significant concerns about the security of customer data and the potential for identity theft or fraud. Askul has not disclosed the specific types of information taken, but the volume of records suggests that sensitive personal information may be involved. This incident highlights the ongoing challenges faced by companies in protecting consumer data against increasingly sophisticated cyber threats. Customers of Askul should remain vigilant and monitor their accounts for any suspicious activity.
Hackread – Cybersecurity News, Data Breaches, AI, and More
Actively Exploited
In December 2025, researchers identified a serious vulnerability in React, designated as CVE-2025-55182, which has led to a surge in attacks on services that use React2Shell. This vulnerability affects numerous applications built with the React framework, making them targets for malicious actors. Attackers are exploiting this flaw to gain unauthorized access to systems, which could lead to data breaches or service disruptions. Organizations utilizing React-enabled services are urged to take immediate action to safeguard their systems. The situation is critical, as the exploitation of this vulnerability poses significant risks to businesses and users globally.
A significant security oversight was uncovered when researchers found an unsecured 16TB MongoDB database that exposed approximately 4.3 billion professional records. This database primarily contained LinkedIn-style data, which could be exploited for large-scale AI-driven social engineering attacks. The discovery was made by Bob Diachenko and nexos.ai on November 23, 2025, and the database was secured only after the researchers alerted its owner. This incident underscores the risks associated with unsecured databases, as the exposed data could facilitate identity theft and phishing schemes targeting professionals. Organizations need to ensure better security measures for their data to prevent such breaches in the future.
Hackread – Cybersecurity News, Data Breaches, AI, and More
The UK's Information Commissioner's Office (ICO) has imposed a £1.2 million fine on LastPass following a significant data breach in 2022 that compromised the personal information of 1.6 million users. The breach was traced back to a vulnerability in an employee's personal computer, which allowed attackers to access sensitive data. This incident raises serious concerns about the security practices of password management services, especially considering the potential for misuse of the exposed information. Users of LastPass are now at increased risk of phishing attacks and identity theft. The fine serves as a reminder for companies to enhance their cybersecurity measures and protect user data more effectively.
Coupang, a major South Korean e-commerce platform, recently suffered a significant data breach that compromised the personal information of approximately 33.7 million customers. Investigations revealed that the breach was the result of a former employee who had retained access to the company's internal systems after leaving. This situation raises serious concerns about how companies manage access permissions for departing employees. The exposed data could include sensitive customer information, potentially leading to identity theft or fraud. This incident serves as a reminder for businesses to regularly review and update their access control policies to safeguard against similar breaches in the future.
Fieldtex Products recently experienced a significant data breach attributed to the Akira ransomware group, which claims to have stolen approximately 14 gigabytes of data. This incident has affected around 238,000 individuals, raising concerns about the security of personal information. The breach underscores the ongoing threat posed by ransomware attacks, which can have far-reaching implications for both companies and their customers. Users may face risks related to identity theft and privacy violations as a result of this data leak. Companies in similar sectors should take this incident as a warning to bolster their cybersecurity measures to prevent similar breaches in the future.
LastPass, a well-known password manager, has been fined £1.2 million by the UK's Information Commissioner's Office (ICO) due to a data breach that occurred in 2022. The breach exposed sensitive user data, raising serious concerns about the security practices of the company. This incident not only affects LastPass users, who rely on the service to safeguard their passwords, but also highlights broader issues of data protection and accountability in the tech industry. The fine serves as a reminder for companies to prioritize user security and comply with data protection regulations. It remains crucial for users to stay informed about the security measures in place for the services they use.
In April 2025, a significant data breach at the Pierce County Library compromised the personal information of around 340,000 individuals, including library patrons, employees, and their family members. The stolen data may include sensitive details, raising concerns about identity theft and privacy violations. As libraries often hold extensive personal information, this incident highlights the vulnerability of public institutions to cyberattacks. The breach not only affects those directly involved but also puts the library's reputation and trustworthiness at risk. Community members are urged to monitor their accounts and take precautions to protect their personal information.
A recent study by the Identity Theft Resource Center (ITRC) indicates that a staggering 81% of small businesses in the U.S. experienced a data or security breach in the past year. As a result, many of these businesses are feeling the financial strain and are responding by increasing their prices. Specifically, two-fifths of small and medium-sized businesses (SMBs) have raised their prices to offset the costs associated with these breaches. This trend not only impacts the businesses themselves but also affects consumers, who may face higher prices for goods and services. The findings emphasize the ongoing vulnerability of small businesses to cyber threats and the wider economic implications of such breaches.
Researchers have discovered that over 10,000 Docker Hub container images are leaking sensitive data, including live credentials for production systems and access keys for CI/CD databases. This exposure poses a significant risk to organizations that rely on these images for their software development and deployment. The leaked information could allow attackers to gain unauthorized access to crucial systems, leading to potential data breaches or service disruptions. Users of Docker Hub should immediately review their images for any hardcoded secrets and take steps to secure their environments. This incident underscores the importance of secure coding practices and regular audits of container images to prevent similar leaks in the future.