Data Breach

Chinese state-backed hacking group Salt Typhoon has breached telecommunications companies in dozens of countries, including eight firms in the U.S., exploiting vulnerabilities in private communication networks. This long-running campaign raises alarms about critical infrastructure security and highlights the urgent need for encrypted communications and robust system defenses.

Bologna Football Club 1909 has confirmed a ransomware attack by the RansomHub gang, resulting in the theft and public release of sensitive data. The leaked information includes sponsorship contracts, financial records, and personal data of players, employees, and fans, emphasizing the rising cyber threat to sports organizations.

Amazon has confirmed an employee data breach following the massive MOVEit cyberattacks, after threat actor "Nam3L3ss" leaked over 2.8 million lines of employee data, including contact details and office locations, stolen through a third-party vendor. This attack is part of a larger breach that has impacted dozens of global companies through a vendor exploit.

Fidelity Investments has disclosed a data breach that exposed the personal information of more than 77,000 customers. The breach, which occurred in August, involved unauthorized access to two customer accounts and has raised concerns about the security of personal data. Fidelity is offering affected customers free credit monitoring and identity restoration services.

The Internet Archive, known for its "Wayback Machine," has been hacked, leading to the exposure of a user authentication database with 31 million records. Stolen data includes email addresses, Bcrypt-hashed passwords, and internal user information, putting millions at risk of further cyber threats.

MoneyGram has revealed that hackers accessed their network in a September 2024 cyberattack, stealing sensitive customer information, including personal and transaction data. The breach led to a five-day service outage and exposed crucial details such as social security numbers, government IDs, and bank account information. The attack was reportedly initiated through a social engineering attempt on MoneyGram's IT help desk.

Comcast and Truist Bank customers are the latest to be affected by a massive data breach at Financial Business and Consumer Solutions (FBCS). The breach, initially reported in early 2024, compromised the personal details of millions of individuals, including Social Security numbers and account information, raising concerns about identity theft and data misuse.

A sophisticated cyberattack has crippled Uttarakhand's IT infrastructure, rendering over 90 government websites, including the CM helpline, non-functional. This unprecedented breach has halted essential online services and internal operations across the state, with cybersecurity experts working tirelessly to restore the systems.

Robert Westbrook, a 39-year-old U.K. national, has been charged by the U.S. Department of Justice for allegedly orchestrating a hack-to-trade fraud scheme that netted him approximately $3.75 million in illegal profits by exploiting hacked Microsoft 365 executive emails.

A dangerous new variant of the RomCom malware, dubbed 'SnipBot', has been spotted in sophisticated data theft attacks. Researchers from Palo Alto Networks' Unit 42 discovered this enhanced version, marking it as RomCom 5.0, and highlighting its ability to steal sensitive data from compromised systems while pivoting on networks to extend the attack.