Data Breaches
cybersecurity breach: Stunning Costly Hit to Co-op
The Co-op says a cyberattack flipped forecast profits into an estimated £80m loss, leaving shelves bare and staff scrambling. It’s a sharp reminder that when retail systems fail, customers, workers and company coffers all pay the price.
Google Threat Intelligence: Exclusive Risky 393-Day Breach
Google says China-linked attackers have quietly lived inside many enterprise networks since March — an average of 393 days — installing persistent backdoors and exfiltrating sensitive IP. The takeaway: tighten access, boost detection, and treat long dwell times as an urgent business and security priority.
Boyd Gaming Risky Data Breach – Exclusive Fallout
Boyd Gaming says it takes privacy seriously — yet a recent cyberattack may have exposed employee and other personal data, highlighting how hospitality firms with large workforces remain irresistible targets. Quick, transparent responses and stronger cybersecurity measures are now more crucial than ever to protect people and trust.
Boyd Gaming Corporation Exclusive: Risky Breach
Boyd Gaming has confirmed an unauthorized actor removed data from its systems — a worrying development for employees and guests that raises urgent questions about what types of information were exposed and how many people were affected. The company says it’s working with forensic experts and law enforcement, but clearer, timely disclosures and concrete protections will be crucial to restore trust.
third-party breaches: Stunning, Risky Wake-Up Call
Stellantis warns a third‑party supplier may have exposed customer personal data, leaving millions wondering what may actually means. Customers deserve clear answers about who was affected, what was leaked, and what protections will be offered.
Stellantis customers Risky Vendor Leak Must-Have Fix
Stellantis says a third-party vendor hack exposed some customer names and email addresses—no financial or vehicle data—but the breach still leaves customers and regulators wondering whether outsourcing kept their information safe. Even seemingly low-risk leaks can fuel phishing and fraud, underscoring the need for stronger vendor security and clearer accountability.
TikTok’s US operations: Exclusive Risky Power Grab
President Trump says Michael Dell is part of a consortium — reportedly including Larry Ellison and the Murdochs — aiming to buy TikTok’s U.S. operations, reigniting a high-stakes debate over data security and who controls a platform used by tens of millions every day.
New York Blood Center Must-Read: Critical Data Risk
About 194,000 people were affected when the New York Blood Center disclosed a breach exposing Social Security numbers, IDs, bank details and in some cases health information — a stark reminder that even trusted health organizations can become targets. If you were notified, enroll in offered monitoring, watch your accounts closely, and tighten passwords and fraud protections now.
cloud backup service breach: Stunning Critical Threat
SonicWall revealed threat actors accessed cloud-stored firewall preference files for about 5% of its devices — a small slice but a big risk, since exposed configurations act like blueprints that can speed and stealth targeted attacks. Now’s the time to audit vendor backups, rotate credentials, and enforce customer-controlled encryption to limit fallout.
Coinbase data breach: Shocking Exclusive Risky Fallout
A newly unsealed court filing alleges a TaskUs employee sold Coinbase customer records for about $200 each, potentially linking a vendor insider to the 2023–24 breach and raising urgent questions about third‑party trust. If true, it’s a stark reminder that outsourcing can turn a single insider into a major security risk.
Conor Fitzpatrick: Stunning 3-Year Sentence Signals Risky
A court reversed an earlier plea deal and sentenced Conor Fitzpatrick, founder of BreachForums, to three years — a decision prosecutors say holds platform operators accountable after the site turned stolen data into a lucrative hub that harmed thousands.
BreachForums founder: Stunning 3-Year Sentence Shocks
Conor “Pompompurin” Fitzpatrick, the 22‑year‑old former admin of BreachForums, was resentenced to three years in prison after pleading guilty to access‑device conspiracy and possession of CSAM. The sentence signals that law enforcement can reach the digital underground — but it also highlights how much work remains to shut down the markets that fuel identity theft and abuse.
Gucci and Alexander McQueen: Exclusive Risky Data Breach
Luxury shoppers were jolted this week after a reported breach tied to ShinyHunters exposed millions of email addresses linked to Gucci and Alexander McQueen. Change your passwords, enable MFA, and watch for phishing while the brands investigate and disclose what was taken.
insider data breach: Risky Fallout, Must-Have Fixes
FinWise Bank says an insider breach may have exposed data for about 689,000 customers — names, contact details and in some cases account info — and is working with law enforcement and cybersecurity experts to investigate. If you’re notified, act quickly: enroll in any monitoring offered, watch your accounts closely, and consider fraud alerts or a credit freeze to reduce identity-theft risk.
data breaches in schools: Urgent Exclusive Warning
A new ICO warning shows student hacks are increasingly exposing sensitive school data and could be training tomorrow’s cybercriminals. Schools urgently need practical security upgrades, ethics lessons and better funding to protect pupils and restore parental trust.
Salesloft GitHub repository Massive Risky Breach
A March compromise of a Salesloft GitHub repo was used to pivot into Drift, touching hundreds of companies — including Google, Palo Alto Networks and Cloudflare — and exposing how fragile software supply chains and leaked tokens can be. Now’s the time to assume compromise: scan repos for secrets, rotate credentials, lock down permissions, and demand better transparency from your vendors.
Salesloft and Drift Risky Breach: Must-Have Defenses
When attackers siphoned customer data from Salesloft and Drift this week and impacted security names like Qualys and Tenable, it became painfully clear that your defenses are only as strong as the third‑party tools your team uses. Now’s the time to tighten API tokens, enforce MFA, and treat vendor risk as a core part of your security posture before contact lists become high‑value phishing and BEC fodder.
data breach: Stunning Critical Alert for 31,000
A South Carolina school district just confirmed a data breach exposing personal information for about 31,000 students, staff and families—now the community needs quick containment, clear communication and stronger safeguards. Parents should monitor accounts, use any offered identity protection, and press for transparent answers while the district upgrades its cybersecurity.
Matrixorg homeserver Risky RAID Meltdown — Shocking
When a RAID array failed on Matrix.org this September, engineers paused the flagship homeserver, launched a painstaking 55‑TB database restore and queued millions of messages — a stark reminder that even decentralized networks need rock‑solid backups and recovery drills.
data leaks: Must-Have Critical Detection Tips
A single exposed ClickHouse instance showed how quiet misconfigurations can hand attackers the breadcrumbs they need; detecting leaks early turns that slow-burning risk into a manageable incident. Start with inventory, automated scans, and clear playbooks to stop a minor misstep from becoming a full-blown disaster.
Zscaler customer information: Exclusive Risky Breach
Last week’s Salesloft–Salesforce supply‑chain breach that exposed Zscaler customer data is a wake‑up call: attackers are increasingly moving laterally through trusted cloud integrations to harvest high‑value corporate data. Now is the time to map dependencies, tighten access, and embrace zero‑trust before the next incident.
data breach: Stunning Risky Leak Hits 4.5M
TransUnion says a vendor’s hacked app exposed data for about 4.5 million U.S. consumers — a stark reminder that third-party flaws can put your most sensitive financial information at risk. If you’re affected, check your credit, consider freezes or alerts, and watch for notifications about monitoring and identity restoration.
application breach: Exclusive Risky Data Wake-Up Call
A TransUnion support-app breach exposed personal data for about 4.5 million people, a stark reminder that trusting a handful of giant firms with your identity can amplify risk. Take it as a wake-up call to balance digital convenience with protection—consider credit freezes, monitoring, and reviewing your accounts regularly.
Church of England Shocking Data Leak: Damaging Trust Breach
A London law firm’s mass-email blunder exposed nearly 200 Church of England abuse survivors, shredding fragile trust and reigniting fears about privacy and stigma. Survivors are asking for concrete, survivor-led fixes—independent audits, better tech and trauma‑informed protections—if an apology is to mean anything.