Latest security breaches
Computer hardware manufacturer Cooler Master suffered a data breach, resulting in the theft of customer data by a threat actor known as 'Ghostr'. The breach involved the company's Fanzone website, where customers register products and request support. The stolen data includes personal information of over 500,000 customers, as well as product and employee information.
American automotive parts giant Advance Auto Parts confirmed a breach after a threat actor attempted to sell stolen data containing personal information of employees and job applicants, as well as customer information.
The stolen data included social security numbers, government identification numbers, employees' full names, email addresses, and customer names and email addresses.
PCBA manufacturing giant Keytronic suffered a data breach after the Black Basta ransomware gang leaked 530GB of the company's stolen data. The breach also caused them to shut down domestic and Mexico operations for two weeks while they responded to the attack. Normal operations have now resumed.
Globe Life is investigating a data breach in one of its web portals, which may have exposed consumer and policyholder information. The company has removed external access to the affected portal and engaged external security experts to assess the breach's scope and impact. Globe Life has not yet determined if the incident is a material cybersecurity event but stated that it has not significantly affected operations.
In another significant data breach, Hackers from the cybercriminal group UNC5537 have stolen a significant volume of data from hundreds of Snowflake customers. Over 165 organizations have been affected, with many lacking multi-factor authentication (MFA) and network allow-lists, making them vulnerable. Mandiant and Snowflake are investigating the ongoing threat, advising customers to improve their security measures.
Truist Bank confirmed a data breach after threat actor Sp1d3r posted stolen data on a hacking forum. The breach, involved data from 65,000 employees and included names, account numbers, and bank transaction details. Truist contained the breach quickly, investigated with security consultants, and notified affected clients.
In another Pure Storage data breach, attackers gained unauthorized access to its Snowflake workspace. The compromised data included customer names, usernames, and email addresses, but no credentials for array access or other sensitive customer data. The breach was linked to the wider Snowflake attacks by the UNC5537 threat actor group, exploiting stolen credentials from infostealer malware. Pure Storage has contacted affected customers and is collaborating with security firms to mitigate further risks.
Cybersecurity company Cylance has confirmed that old data, including 34 million customer and employee emails and personal information, is being sold on a hacking forum by a threat actor known as Sp1d3r for $750,000.
In another massive breach, Ticketmaster’s data was stolen from a third-party cloud database provider, Snowflake, potentially exposing the personal information of over 560 million users. The threat actor, Shiny Hunters, claimed to have stolen the data from Snowflake by using stolen credentials obtained through information-stealing malware to breach an employee's ServiceNow account.
The BBC experienced a data security breach, affecting personal information of around 25,000 BBC Pension Scheme members.
The compromised data included full names, national insurance numbers, dates of birth, sex, and home addresses, but not telephone numbers, email addresses, bank details, or financial information.
Auction house Christie's confirmed a data breach after the RansomHub extortion group threatened to leak stolen client data. The incident involved unauthorized access to parts of Christie's network, compromising personal information of some clients. Financial and transactional records were not affected. RansomHub claims to hold sensitive data of 500,000 clients and is using this to pressure Christie's for ransom.
Bluetooth tracking device company Tile has fallen victim to a mammoth data breach, with cybercriminals stealing sensitive consumer data like names, physical addresses, and phone numbers, and even accessing tools that process location requests made by law enforcement.