Tag: data leak
26 articles

CISA Leak Exposes Gaps in Incident Response, Key Management
A staggering 844 MB of sensitive CISA data was left exposed in a public GitHub repository for almost six months, revealing critical gaps in incident response and key management. The leak included admin credentials and plaintext passwords for internal CISA systems, raising serious concerns about security protocols.

US County Pays $1M to Cyber Extortionists Amid Data Leak Threat
A US county recently made a shocking decision to pay $1 million to cyber extortionists, despite lacking concrete proof that the hackers had deleted the stolen data, after a month-long negotiation that began with a hefty demand of $3 million. The extortion group, Kairos, had threatened to leak sensitive information, prompting the county to make a counteroffer that was ultimately outweighed by the threat.

GitHub Agentic Workflows Exposed to Data Leak Threat via Public Issues
GitHub's Agentic Workflows are vulnerable to a data leak threat, as researchers have demonstrated a clever technique called GitLost that tricks AI agents into spilling private content from secure repositories into public comments. All it takes is a simple public issue to launch the attack, with no stolen credentials or special access required.

US Government Entity Pays $1 Million to Thwart Data Leak
A US government entity was forced to pay a hefty $1 million ransom to prevent a massive data leak, after a group called Kairos threatened to release 1.6 million files unless their demand was met. The payment was the culmination of a month-long negotiation that began with a $3 million opening demand.

Massive Passport Leak Exposes Sensitive Traveler Data
A staggering leak of almost a million passport records from around the world has put sensitive traveler data at risk. The breach, linked to a low-security ID verification system for cannabis dispensaries, exposed passports as a vulnerable weak point in authentication processes.

Huntress Insider Leak Exposes Potential Security Breach
A shocking security breach at Huntress has come to light, with a former analyst claiming that a colleague may have compromised the company's integrity by passing sensitive law enforcement communications to a notorious cybercriminal. The explosive allegations have left many questions unanswered about the breach and its potential impact.

Shadow AI Exposes 2,000 Vibe-Coded Apps with Sensitive Data
A shocking discovery by Red Access revealed over 2,000 apps with sensitive corporate, operational, or personal data exposed online, leaving countless organizations vulnerable to risk. These apps, found on popular vibe-coding platforms, were often deployed without basic security controls, granting open access to sensitive information.

US Bank Self-Reports Data Leak to Unauthorized AI App
A US bank has taken swift action, self-reporting a data leak that exposed sensitive customer information to an unauthorized AI app, sparking concerns over the volume and sensitivity of the compromised data. The bank's proactive disclosure to regulators and customers highlights its commitment to transparency in the face of a data-handling lapse.

Instructure Pays Ransom to ShinyHunters to Prevent 3.65TB Canvas Data Leak
In a stunning move, Instructure paid a ransom to the notorious ShinyHunters group to prevent a massive 3.65TB data leak from its Canvas learning-management system. The Utah-based company reached a deal with the hackers, securing the safe return of stolen data and a guarantee that its customers wouldn't be extorted individually.

Instructure Discloses Double Breach Amid ShinyHunters' Data Leak Threat
In a shocking security breach, Instructure, the creator of Canvas, revealed not one, but two separate intrusions into its system, leaving thousands of schools and students scrambling for access to crucial course materials during final exams. The breaches come as an extortion group, ShinyHunters, threatens to leak a massive 3.65 TB of stolen data.

RansomHouse Hackers Claim Breach of Trellix Source Code
Trellix has confirmed a breach of its source code repository, with hackers from the notorious RansomHouse group claiming to have accessed and encrypted sensitive data on April 17. The group has even posted leaked screenshots to back up its claims.

ShinyHunters Leak Exposes 119K Vimeo Emails
A massive data leak, allegedly perpetrated by the threat actor group ShinyHunters, has put 119,000 Vimeo email addresses at risk, according to a recent report. This alarming breach raises serious concerns about online data security and user privacy.

Fintech Firm Exposes Database Credentials in Shared Spreadsheet
A fintech firm's most sensitive secrets were left exposed in a shared spreadsheet, with a password that was embarrassingly simple - literally a combination of the company's name and the year. The shocking discovery was made by Stanislav Kazanov during a routine compliance audit, when he stumbled upon a widely accessible SharePoint folder containing a file ominously titled Prod_DB_Root_Creds_DO_NOT_SHARE.xlsx.

Checkmarx GitHub Data Leaked by LAPSUS$ Hackers
Checkmarx confirmed that hackers from the LAPSUS$ group breached its GitHub repository on March 23, 2026, and published stolen data on April 22, after a series of supply-chain and credential-theft events. The attackers used the access to publish malicious code to certain artifacts, compromising the integrity of Checkmarx's software development process.

Lovable Disputes Data Leak, Shifts Blame to HackerOne
Lovable, a coding platform, is facing scrutiny after a security researcher uncovered a major data leak, exposing users' sensitive information, including credentials, chat history, and source code, to anyone with a free account. The company's shifting explanations have only added fuel to the fire, sparking concerns about its data handling practices.

Vercel Discloses Credential Breach Tied to OAuth Mishandling
Vercel recently disclosed a credential breach affecting some customer credentials, which they attribute to an outside developer platform, Context.ai, citing an OAuth mishandling issue. The incident highlights the risks of complex authentication processes and the importance of secure credential management.

McGraw Hill Data Leak Exposes 13.5M Records After Salesforce Misconfiguration
McGraw Hill, a leading publisher of educational materials, recently suffered a significant data leak, exposing a staggering 13.5 million records due to a misconfigured Salesforce-hosted page. This alarming breach highlights the importance of robust data security measures, even for companies with a traditional focus like textbook publishing.

Ransomware Attacks Evolve to Exploit Stolen Data for Double Extortion
Ransomware attacks have taken a sinister turn, now using stolen data to blackmail victims into paying up - not just by encrypting their files, but by threatening to expose sensitive information to the world. This double extortion tactic adds a whole new level of pressure, forcing victims to weigh the cost of a data breach against the cost of a ransom.

FBI System Breach Exposes Sensitive Data
A major breach of an FBI system has sent shockwaves through the cybersecurity landscape, leaving organizations and individuals wondering if they're prepared for the worst. This alarming incident is just the latest in a string of high-profile hacks, including a data leak affecting 450,000 Lloyds records and a breach at the Dutch treasury.

Proton Mail Faces Alarming Data Leak to Authorities
Proton Mail, a popular encrypted email service, has faced a concerning data leak to authorities, raising questions about the balance between user privacy and cooperation with law enforcement. This recent revelation has sparked debate about the feasibility of upholding the fundamental human right to privacy in the digital age.

Critical ChatGPT Flaw Exposed Alarming Data Leak Vulnerability
A recent flaw in ChatGPT has exposed a startling vulnerability, allowing data to be secretly leaked through a clever technique - leaving users wondering if their conversations with AI are truly secure. This alarming discovery serves as a wake-up call for the industry, highlighting the urgent need for robust security measures in AI systems.

Legacy systems failing: Exclusive ministers vow no repeat
Ministers promise no repeat, but ageing, brittle IT and procurement shortcuts are slowing the fixes that would stop another life‑threatening leak — read on to see why promises need firm deadlines and measurable progress.

5M Records Exposed Exclusive: Severe Auto Insurance Leak
Heads up: an unsecured database exposed more than 5 million auto-insurance records—names, policy numbers, VINs and claims—available to anyone with a link. That makes drivers prime targets for phishing, fake claims and identity theft, and could spell major legal and reputational headaches for insurers.

5M Records Exposed: Exclusive Alarming Auto Insurance Leak
Over 5 million auto insurance records — including names, policy numbers, VINs and claims histories — were left publicly accessible by a simple cloud misconfiguration, turning routine paperwork into a roadmap for fraud. Find out how it happened and what you can do now to protect your privacy.