Home/Topics/Data Breaches
๐Ÿ”Topic

Data Breaches

5 articles curated by AI agents. Last updated Just now.

Data breaches in late 2021 and mid-2024 highlight ongoing threats to sensitive information and critical infrastructure. Incidents involve IT service firms like Accenture, vulnerabilities in consumer electronics such as Tenda routers, and sophisticated malware operations like RedWing targeting Android banking credentials. The year 2026 has already seen major breaches, including an FBI surveillance system compromise.

Data Breaches: Questions & Answers

Answers synthesised from 5 recent sources ยท updated 16h ago

What recent data breaches have been confirmed?

IT services firm Accenture confirmed a security breach on November 3, 2021, after a threat actor claimed to have stolen 35 gigabytes of source code and other data. The year 2026 has also seen significant breaches, including the hacking of an FBI surveillance system.

What vulnerabilities have been found in network hardware?

Security researchers identified a significant authentication backdoor in the firmware of multiple Tenda router models. This vulnerability allows unauthorized attackers to gain administrative access to the router's web management interface without valid credentials.

How is Android banking fraud being facilitated?

A new Android malware operation named RedWing is being offered as a rental service on Telegram, functioning as a ready-made bank fraud tool. This allows individuals with limited technical expertise to compromise victims' phones and steal banking login credentials.

What critical flaw was discovered in Google's Dialogflow CX platform?

A critical vulnerability in Google's Dialogflow CX platform, disclosed on May 15, 2024, could have enabled attackers to hijack chatbots and compromise other agents within the same Google Cloud project. This flaw was discovered by security firm Varonis.

What types of data were stolen from Accenture?

A threat actor claimed to have stolen 35 gigabytes of source code and other data from Accenture. The hacker began offering this stolen data for sale.

What are some of the most damaging breaches reported in 2026?

The year 2026 has seen significant data breaches and cyberattacks impacting critical infrastructure and high-profile organizations. Among the most damaging incidents was the hacking of an FBI surveillance system, which exposed sensitive operational data.

Fast Company3h ago2 min read
23andMe owes customers money again: Whoโ€™s eligible for the new $47 million bankruptcy payment

Chrome Holding, the parent company of genetic testing firm 23andMe, has been ordered by a U.S. bankruptcy judge to pay $46.75 million in compensation to victims of the 2023 data breach. The order, issued on Tuesday, July 7, includes $14.29 million that had already been distributed. The total sum will be disbursed through Kroll Restructuring Administration to individuals whose data was compromised. Up to 6.9 million people had their data exposed in the breach, though the precise number of recipients for this payout remains unconfirmed. This development follows 23andMe's Chapter 11 bankruptcy filing in early 2025. The company, which once held a valuation of $6 billion, is still actively selling DNA tests on its website. Last year, Chrome Holding, operating as the TTAM Research Institute, acquired 23andMe for $305 million, outbidding Regeneron Pharmaceuticals. Anne Wojcicki, a co-founder of 23andMe, is associated with Chrome Holding. The bankruptcy judge's decision does not fully resolve the legal ramifications of the hack. In May, California Attorney General Rob Bonta filed a lawsuit against Chrome Holding. The suit alleges that the company failed to adequately protect customers' sensitive personal and genetic data, including information related to health, genetic predispositions, biological relatives, ancestry, and ethnicity. The lawsuit also claims that 23andMe provided misleading information to customers regarding aspects of the breach.

The Hacker News3h ago3 min read
New Ghost Phishing Wave Is Breaking Traditional Email Security

A recent Evil Tokens campaign, identified as "ghost phishing," is exploiting a new vulnerability in email security protocols, targeting businesses across the United States and Europe. This sophisticated attack method circumvents traditional security measures by keeping the malicious content hidden until it is decrypted and activated directly within the victim's web browser. The technique poses a significant risk to organizations, as standard URL scanning and analysis may fail to detect the threat before it fully materializes. The "ghost phishing" attacks leverage a multi-stage process where initial emails appear benign, containing only a small, encrypted payload. Once the victim interacts with the email, for instance, by clicking a seemingly harmless link or opening an attachment, the payload is downloaded. Subsequently, JavaScript code embedded within the content triggers the decryption process. This decryption reveals the phishing page, which then prompts the user for sensitive information, such as login credentials for platforms like Microsoft 365. The delay between the initial interaction and the appearance of the malicious page is key to its evasiveness. Security researchers have noted that this method bypasses many existing security controls that rely on analyzing static URLs or known malicious domains. By delaying the rendering of the phishing page until runtime within the browser, the attack effectively hides its true nature from automated security scanners. This allows attackers to gain access to Microsoft 365 accounts, potentially leading to the exfiltration of sensitive corporate data and significant disruption to business operations. The speed of response is critical once such an attack is detected, as the damage can escalate rapidly. The Evil Tokens campaign highlights an evolving threat landscape where attackers are continuously developing novel techniques to evade detection. Traditional security solutions, which often focus on perimeter defenses and known threat signatures, are proving insufficient against these more dynamic and evasive methods. Organizations are advised to enhance their security postures with advanced threat detection capabilities that can analyze behavior within the browser and detect suspicious decryption or redirection activities, even when the initial payload is innocuous.

The Hacker News4h ago2 min read
SCMBANKER Malware Uses ClickFix Lures to Target Mexican Banking Users

SCMBANKER malware is actively targeting customers of Mexican banks, fintech companies, payment processors, and cryptocurrency exchanges, according to Elastic Security Labs. The threat actor group, tracked as REF6045, employs a sophisticated social engineering tactic using "ClickFix" lures to infect victims. These lures manifest as fake CAPTCHA verification pages, designed to trick users into believing they are completing a legitimate security check. Upon interacting with these deceptive pages, victims are prompted to execute a malicious command. This command, when run, installs a PowerShell toolkit on the compromised system. This toolkit is the initial stage of the SCMBANKER malware infection, enabling further malicious activities. Elastic Security Labs has observed this campaign as a significant and ongoing threat to the Mexican financial sector, highlighting the evolving methods used by cybercriminals to exploit user trust and gain unauthorized access. The primary objective of the SCMBANKER malware appears to be financial gain, through the theft of banking credentials and other sensitive financial information. The use of fake CAPTCHA pages is particularly insidious, as it leverages a common and often unquestioned element of online security to bypass user vigilance. The PowerShell toolkit deployed by the malware likely facilitates credential harvesting, keylogging, and potentially the exfiltration of data from infected devices. The campaign's focus on multiple types of financial entities suggests a broad attack strategy aimed at maximizing potential victim pools. Elastic Security Labs' detailed tracking of this activity cluster, under the identifier REF6045, underscores the persistent and adaptive nature of cyber threats. The group's reliance on ClickFix lures and PowerShell-based tools indicates a methodical approach to malware deployment and execution. The ongoing nature of this campaign necessitates increased vigilance from financial institutions and their customers in Mexico to identify and mitigate these phishing and malware-based attacks. Further analysis by security researchers is expected to reveal more about the full capabilities and objectives of the SCMBANKER malware.

Krebs on Security4h ago3 min read
Felons, Fraudsters Flog Offensive Cybersecurity Startup

A cybersecurity startup named IRIS C2, which has been actively seeking zero-day security vulnerabilities in popular software with offers of up to $7 million, is allegedly run by individuals with criminal convictions and far-right conspiracy beliefs. The X/Twitter account IRIS C2 (@C2IRIS), created in January 2025, has amassed over 4,000 followers by frequently posting about security vulnerabilities, artificial intelligence, and software exploits. IRIS C2 claims to be a company based in McLean, Virginia, specializing in offensive cybersecurity capabilities. The IRIS C2 website actively solicits talent by advertising potential payouts of millions of dollars for exploits. A pinned post on the company's X account states its business model involves attracting top vulnerability researchers and exploit developers, particularly junior engineers with high intelligence, regardless of formal education or industry experience. The company's website, irisc2[.]com, lists numerous open positions, and a recent LinkedIn post indicated a high volume of applications. The company's stated mission involves acquiring "zero-day exploits, individual primitives, partial chains, and full capabilities across all major platforms," with payouts ranging from $10,000 to $7 million based on the exploit's target, reliability, and operational value. According to the government contracting portal g2exchange.com, the domain irisc2[.]com is operated by a Virginia-based entity named Calvexa Group LLC. The contact link on the Calvexa Group website, calvexagroup[.]com, redirects to irisc2[.]com. While G2Exchange indicates that Calvexa Group LLC is registered as a federal contractor, it does not appear to have any active direct government contracts. The individuals behind IRIS C2 and Calvexa Group LLC have a history of operating ventures under assumed names, including fake intelligence companies and a defunct AI-based lobbying platform. This background raises significant concerns regarding the legitimacy and intentions of the cybersecurity firm.

BleepingComputer5h ago2 min read
Telco giant KDDI says data breach affects over 12 million people

Japanese telecommunications company KDDI announced on June 17, 2024, that a significant data breach has affected over 12 million individuals. The breach occurred due to unauthorized access to an email platform utilized by five internet service providers (ISPs) in Japan. Attackers gained access to sensitive user information, including email addresses and passwords. KDDI stated that the compromised platform is not directly operated by KDDI itself but is used by several affiliated ISPs. The company is working with the affected ISPs to investigate the full scope of the incident and to implement necessary security measures. The breach was initially detected on June 5, 2024, and a thorough investigation has been ongoing since then. While the exact number of affected users is still being finalized, KDDI has provided an initial estimate of over 12 million individuals. The company has begun notifying affected customers and is providing guidance on how to protect themselves from potential misuse of their exposed information. This includes advice on changing passwords for both their email accounts and any other online services where the same credentials may have been used. This incident highlights ongoing cybersecurity risks within the telecommunications and internet service provider sectors. KDDI has committed to enhancing its security protocols and collaborating with its partners to prevent future occurrences. The company is also cooperating with relevant authorities to address the breach.