Data Breaches

03 Oct

Red Hat Confirms GitLab Instance Hack, Data Theft

Data Breaches, Information, News

Red Hat on Thursday confirmed that one of its GitLab instances was hacked after a threat actor claimed to have stolen sensitive data belonging to the company and its customers.  It was initially reported that the hackers had targeted a GitHub instance, but the enterprise software giant clarified that it was actually a GitLab instance, specifically one used by the Red Hat Consulting team.  The hackers, calling themselves Crimson Collective, claimed to have stolen 570…

Read More
28 Sep

British Department Store Harrods Warns Customers That Some Personal Details Taken in Data Breach

Data Breaches, Information, News

Harrods, the luxury British department store, has warned some customers that their personal data may have been taken in a breach of its online systems. The company said late Friday that some names and contact details of its online customers were taken after one of its third-party provider systems was compromised. “We have informed affected customers that the impacted personal data is limited to basic personal identifiers including name and contact details, but does not…

Read More
24 Sep

Hackers Target Casino Operator Boyd Gaming

Data Breaches, Information, News

Casino entertainment company Boyd Gaming has disclosed a data breach after hackers gained access to its internal IT systems.  Boyd Gaming said in a filing with the SEC that the cybersecurity incident has not impacted its properties and business operations.  The Las Vegas-based company is conducting an investigation with assistance from outside cybersecurity experts and law enforcement.  The probe has shown that the hackers stole some data from its systems, including employee information and the…

Read More
24 Sep

Feds Tie ‘Scattered Spider’ Duo to $115M in Ransoms

Data Breaches, Information, Insights

U.S. prosecutors last week levied criminal hacking charges against 19-year-old U.K. national Thalha Jubair for allegedly being a core member of Scattered Spider, a prolific cybercrime group blamed for extorting at least $115 million in ransom payments from victims. The charges came as Jubair and an alleged co-conspirator appeared in a London court to face accusations of hacking into and extorting several large U.K. retailers, the London transit system, and healthcare providers in the United…

Read More
19 Sep

In Other News: 600k Hit by Healthcare Breaches, Major ShinyHunters Hacks, DeepSeek’s Coding Bias

Data Breaches, Information, News

SecurityWeek’s cybersecurity news roundup provides a concise compilation of noteworthy stories that might have slipped under the radar. We provide a valuable summary of stories that may not warrant an entire article, but are nonetheless important for a comprehensive understanding of the cybersecurity landscape. Each week, we curate and present a collection of noteworthy developments, ranging from the latest vulnerability discoveries and emerging attack techniques to significant policy changes and industry reports.  Here are this…

Read More
15 Sep

689,000 Affected by Insider Breach at FinWise Bank

Data Breaches, Information, News

Hundreds of thousands of individuals have been impacted by an insider breach experienced by FinWise Bank. FinWise Bank, a Utah-based provider of fintech solutions and banking services, has informed the Maine Attorney General’s Office on behalf of payment solutions provider American First Finance (AFF) that a data breach discovered last year has impacted 689,000 individuals. The incident involved a former FinWise employee accessing data after their employment ended. No additional details have been shared, but…

Read More
08 Sep

18 Popular Code Packages Hacked, Rigged to Steal Crypto

Data Breaches, Information, Insights

At least 18 popular JavaScript code packages that are collectively downloaded more than two billion times each week were briefly compromised with malicious software today, after a developer involved in maintaining the projects was phished. The attack appears to have been quickly contained and was narrowly focused on stealing cryptocurrency. But experts warn that a similar attack with a slightly more nefarious payload could lead to a disruptive malware outbreak that is far more difficult…

Read More
01 Sep

The Ongoing Fallout from a Breach at AI Chatbot Maker Salesloft

Data Breaches, Information, Insights

The recent mass-theft of authentication tokens from Salesloft, whose AI chatbot is used by a broad swath of corporate America to convert customer interaction into Salesforce leads, has left many companies racing to invalidate the stolen credentials before hackers can exploit them. Now Google warns the breach goes far beyond access to Salesforce data, noting the hackers responsible also stole valid authentication tokens for hundreds of online services that customers can integrate with Salesloft, including…

Read More
17 Jul

Poor Passwords Tattle on AI Hiring Bot Maker Paradox.ai

Data Breaches, Information, Insights

Security researchers recently revealed that the personal information of millions of people who applied for jobs at McDonald’s was exposed after they guessed the password (“123456”) for the fast food chain’s account at Paradox.ai, a company that makes artificial intelligence based hiring chatbots used by many Fortune 500 firms. Paradox.ai said the security oversight was an isolated incident that did not affect its other customers, but recent security breaches involving its employees in Vietnam tell…

Read More
14 Jul

DOGE Denizen Marko Elez Leaked API Key for xAI

Data Breaches, Information, Insights

Marko Elez, a 25-year-old employee at Elon Musk’s Department of Government Efficiency (DOGE), has been granted access to sensitive databases at the U.S. Social Security Administration, the Treasury and Justice departments, and the Department of Homeland Security. So it should fill all Americans with a deep sense of confidence to learn that Mr. Elez over the weekend inadvertently published a private key that allowed anyone to interact directly with more than four dozen large language…

Read More