Editor's Message

Welcome to DBD. On March 8th, DBD celebrated it's 5th anniversary and PRiSM celebrated it's 2nd anniversary. Little did I know when I started both of these ventures just how much an impact they would have on my life and I'd like to thank each and everyone of you who have supported me over the years, with a special thanks to those individuals who have kindly shared their knowledge with me, and continue to do so. Thanks again for your support. Stay safe. :)

“Data Breaches Digest and its PRiSM portal provide Dentons Global Security Team with valuable insights into the ransomware landscape, from the latest incidents to trends over time, as well as the ability to customize visual analytics. Timely reports and tracking by Data Breaches Digest help inform cyber intelligence for the world’s largest law firm and thus our cybersecurity posture across more than 80 countries worldwide.”
Dentons Senior Analyst, Washington DC

Monday, 19 May 2025

Data Breaches Digest - Week 21 2025

Welcome to this week's Data Breaches Digest, a catalogue of links concerning Data Breaches and Cyber Security that were published on the Internet during the period between 19th May and 25th May 2025.


20th May

100+ Fake Chrome Extensions Found Hijacking Sessions, Stealing Credentials, Injecting Ads

Adidas Data Breach - Customers’ Personal Information Exposed

Adidas Türkiye unveils data breach affecting customer information

After Bankruptcy, 23andMe Finds a Buyer in Regeneron - But What Happens to Your Data?

AI voice hijacking: How well can you trust your ears?

Broadcom confirms employee data exposed in supply chain ransomware breach

Chinese Hackers Deploy MarsSnake Backdoor in Multi-Year Attack on Saudi Organization

Coinbase changed lawsuit rules a day before disclosing data breach

Coinbase Data Breach Will ‘Lead to People Dying,’ TechCrunch Founder Says

Coinbase Under Federal Investigation After Massive Data Breach

Companies are increasingly limiting access to AI tools: millions of DNS queries blocked

Compromised RVTools Installer Spreading Bumblebee Malware

Containers are just processes: The illusion of namespace security

Critical Software Vulnerabilities Rose 37% in 2024

Cyber Attack Hits Supplier to Major UK Supermarkets

Cyber attack on Indian media Zee News, experts foil nefarious attempt

Cyber attack threat keeps me awake at night, HSBC bank boss says

Cybersecurity firm says more people in Japan being targeted by phishing emails

Data breach on Coinbase: risk to user security

DDoSecrets publishes 410 GB of messages from hacked Signal clone used by Mike Waltz

Department of Justice (DOJ) Launches Criminal Probe into Coinbase Insider Data Breach

Dutch government passes law to criminalize cyber-espionage

Food distributor for supermarkets hit by ransomware attack

Food distributor the latest to fall foul of cyber attack

Go-Based Malware Deploys XMRig Miner on Linux Hosts via Redis Configuration Abuse

Google Warns Hackers That Victimized UK Retailers Now Targeting US Firms With Cyber Attacks

Government Organizations Lose Nearly a Month in Downtime for Every Ransomware Attack

Hack.gov: TeleMessage data breach published by DDoSecrets

Hackers are distributing a cracked password manager that steals data, deploys ransomware

Hackers are spreading fake password manager ransomware via Bing ads

Hacking, ransomware driving more healthcare data breaches

Half of Consumers Targeted by Social Media Fraud Ads

Half of Firms Hit by Months-Long Cyber-attack Disruption

How Schools Can Use Strategic Communication to Tackle Rising Cyber Threats

HSBC boss says cyber attack threat keeps him ‘awake at night’

India: Gujarat Anti-Terrorism Squad (ATS) Nabs Teen Hacker Behind Attacks On Indian Government Websites During Operation Sindoor

India: Gujarat Teen Arrested, Minor Booked for Launching Cyber Attack on Government Websites

Legal Aid Agency (LAA) offline to deal with cyber attack after unconfirmed reports of 2.1 million records affected

Legal Aid Agency suffers data breach

LockBit Leak Shows Affiliates Use Pressure Tactics, Rarely Get Paid

Low Effort, High Reward: How Nailing Basic Cyber Hygiene Makes an Organization Stronger in the Age of the ‘Novel’ Attack Vector

Malicious PyPI Packages Exploit Instagram and TikTok APIs to Validate User Accounts

Marks & Spencer (M&S) faces lawsuit following cyber attack data leak

Marks & Spencer (M&S) hackers used employee logins from third-party consulting firm Tata Consultancy Services (TCS), sources say

Marks and Spencer (M&S) hit with class action lawsuit over cyber attack

Million-dollar lawsuit threatens Marks & Spencer after cyber attack

Ministry of Justice (MoJ) Confirms Massive Data Breach in Legal Aid System Affecting Applicants Since 2010

Morgan County 911 Cyber attack leaves systems down for days

Mounting GenAI Cyber Risks Spur Investment in AI Security

MPs grill Barclays on outages as HSBC raises cyber attack concerns

New DBatLoader campaign sets sights on Turkey

New Nitrogen Ransomware Targets Financial Firms in the US, UK and Canada

Nobody safe from cyber attacks, says Gloucester City Council boss

Novel Phishing Attack Combines AES With Poisoned npm Packages

Ohio: Ransomware attack triggers ‘system-wide’ tech outage at large network of medical centers

Over 50% of the top oil and gas companies suffered data breaches in the past 30 days

Pakistan: Higher Education Commission (HEC) alerts public of increasing cyber attacks

Peter Green Chilled cyber attack: Major supermarket distributor to Tesco and Sainsbury's 'held to ransom'

Peter Green Chilled Cyberattack Disrupts Supermarket Supply Chain Across the UK

Phishing Attack Prevention - Best Practices for 2025

Phishing, online scams dominate global cybercrime landscape, says Interpol

Post Office agrees to compensate hundreds of sub-postmasters following data breach

Post Office agrees to pay compensation over subpostmaster data breach

Post Office data breach victims to get compensation

Post Office to compensate hundreds of data breach victims

Ransomware attack hits supplier of refrigerated groceries to British supermarkets

Ransomware attack on food distributor spells more pain for UK supermarkets

Ransomware deployed via Atlassian Confluence exploit

Retailer Tesco, Aldi’s supplier, hit with ransomware

Russian group 'Qilin' claims City of Abilene data breach, demands ransom by May 27th

Sarcoma Ransomware Unveiled: Anatomy of a Double Extortion Gang

Second Adidas location confirms data breach

Serviceaide Cyber Attack Exposes 480,000 Catholic Health Patients’ Data

Skitnet malware: The new ransomware favorite

Somerset distributor to supermarkets hit by cyber attack

Somerset-based Peter Green Chilled hit by cyber attack

South Asian Ministries Hit by SideWinder APT Using Old Office Flaws and Custom Malware

Supplier for Tesco, Aldi and Sainsbury's hit by cyber attack

Supplier to major UK supermarkets Aldi, Tesco & Sainsbury’s hit by cyber attack with hackers ‘demanding payment’

Supplier to Sainsbury’s, Tesco, and Aldi hit by new cyber attack

Supplier to Tesco, Aldi and Lidl hit with ransomware

Surveillance apps Cocospy, Spyic, and Spyzie shut down following massive data breach

Tesco and Sainsbury's supplier hit in cyber attack with 'products wasting away'

Tesco and Sainsbury’s supplier hit in latest cyber attack

Tesco, Aldi, Lidl, Sainsbury's supplier hit by cyber attack after M&S and Co-op

Tesco, Sainsbury's and Aldi supplier 'held to ransom' in latest cyber attack

The Changing Landscape of Ransomware: Why Healthcare Organizations Are Paying Less

The Philippines: ‘Scam hub’ shut down after hacker’s exposure

Trojanized KeePass app versions facilitate ransomware compromise

Trojanized KeePass opens doors for ransomware attackers

Tycoon2FA Linked Phishing Attack Targeting Microsoft 365 Users to Steal Logins

UK: Supplier to major supermarkets hit by cyber attack

Unrestricted chatbot Venice.ai empowers hackers to wreak havoc online

US Department of Justice (DoJ) Said to Open Probe Into Coinbase Data Breach, Firm Claims Involvement of Indian Employees

US mental health clinic hack exposes tens of thousands

W3LL Phishing Kit Actively Attacking Users to Steal Outlook Login Credentials

W3LL Phishing Kit Launches Active Campaign to Steal Outlook Login Credentials

Your AI isn’t safe: How LLM hijacking and prompt leaks are fueling a new wave of data breaches

19th May

23andMe sold for $256 million as buyer pledges to comply with existing privacy policies

67% of Organizations Faced Cyber Attacks in The Past 12 Months

200,000 Harbin Clinic Patients Impacted by Nationwide Recovery Services (NRS) Data Breach

210,000 American clinics‘ patients had their financial data leaked

AI hallucinations and their risk to cybersecurity operations

Arla Foods confirms cyberattack disrupts production, causes delays

Australian Police Seize Hacker’s Bitcoin, Mansion and Luxury Car

Binance and Kraken Thwart Coinbase-Style Phishing Attacks

Bitcoin trail leads police to $2.6m asset seizure in Australia

Breaches at Serviceaide, Nationwide Recovery Services expose medical info of more than 500,000 people

BreachForums Admin to Pay $700,000 in Health Care Data Breach

Brussels Court Slams Tracking-Based Ads, Upholds GDPR Privacy Standards

Cocospy stalkerware apps go offline after data breach

Coinbase Crypto Exchange Reports Losses of Up to $400 Million After Data Breach

Coinbase Faces Legal Storm Amid S&P 500 Inclusion and Data Breach

Coinbase Faces Multiple Lawsuits After User Data Breach

Coinbase Faces Wave of Lawsuits Over Customer Data Breach

Coinbase hit by multiple data breach lawsuits

Coinbase Slammed With Face Scan, Data Breach Lawsuits as User Fury Grows

Communications Data Group reports data breach affecting over 40,000 individuals

Criminal history stolen in Legal Aid Agency hack

Criminal records stolen in 'significant' cyber attack on Legal Aid Agency

Criminal records, financial data exposed in cyber attack on Legal Aid Agency

Crypto Heist Aftermath: Australian Hacker Loses Mansion and Bitcoin Fortune

CTM360 maps out real-time phishing infrastructure targeting corporate banking worldwide

Cyber attack on legal aid agency

Cyber attack on Legal Aid Agency exposed 'significant' personal data

Cyber attack on UK legal aid agency exposes private data, including criminal records

Cyberattacks a severe hit on brand reputation, industry report founds

Data breach at Effortel exposes personal information of 70,000 Belgian mobile users

Data breach at Nationwide Recovery Services (NRS) affects over 210,000 Harbin Clinic patients

DDoSecrets Adds 410GB of TeleMessage Breach Data to Index

Department of Justice (DOJ) is investigating Coinbase data breach

Domestic abuse victim data stolen in Legal Aid hack

Eindhoven University of Technology: ‘TU/e acted well in cyber attack, but there are also learning points’

ELPACO-Team Ransomware Targets Confluence Servers Through Flaw CVE-2023-22527

EU Stakes Out Digital Sovereignty With Vulnerability Database

Excelsior Springs School District Details Cybersecurity Response After $253K Phishing Theft

Fake clinics used in healthcare phishing scam

Fake KeePass password manager leads to ESXi ransomware attack

Firefox Patches 2 Zero-Days Exploited at Pwn2Own Berlin with $100K in Rewards

GDPR Changes Risk Undermining its Principles, Civil Society Groups Warn

Hacker Arrested for Taking Over SEC Social Media to Spread False Bitcoin News

Hacker Charged for Hijacking SEC Account to Promote Fake Bitcoin News

Hacker had broad access to Eindhoven University's network for days in January

Health Care Data Breach Costs BreachForums Admin $700,000 Fine

Hacker of Securities and Exchange Commission's X account gets 14 month jail time

How CISOs Can Stay Ahead of Evolving Cloud Threats

How to protect your data after a cyber-attack

Huge cyber attack targets Legal Aid as names and personal details at risk

Inside the LockBit Leak: Rare Insights Into Their Operations

Legal Aid Agency Admits Major Breach of Applicant Data

Legal Aid Agency Cyber Attack Exposes ‘Significant’ Personal Data in Major Breach

Legal Aid Agency data breach

Legal Aid Agency hit by cyber attack

Legal Aid Agency Loses ‘Significant’ Amount of Data to Cyber-Attack

Legal Aid Agency suffers serious data breach

Legal Aid cyber attack: Huge amount of personal data stolen

Legal aid cyber attack: 'Significant amount of personal data' stolen in latest major hack to hit UK

Legal aid hack: data from hundreds of thousands of people accessed, says Ministry of Justice (MoJ)

Legal aid hack: Names, financial details and criminal histories compromised in cyberattack, Ministry of Justice says

Malicious RVTools installer found on official site, researcher warns

Man Behind SEC Bitcoin Hoax Tweet Sentenced in SIM Swap Hack

Marks & Spencer (M&S) CEO faces multimillion-pound pay hit after cyber attack

Marks & Spencer (M&S) confirms staff data stolen in cyber attack

Marks & Spencer (M&S) hack: attackers gained access via compromised third-party

Marks & Spencer (M&S) Hong Kong not responding to Privacy Commissioner’s Office after online customer data breach

Marks & Spencer (M&S) staff data stolen in cyber attack

Ministry of Justice hit by brazen cyberattack as hackers steal ‘significant amount’ of personal data

More Than 100 Groups and Individuals Oppose GDPR Changes

Mozilla fixes Firefox zero-days exploited at hacking contest

Nearly 27 million mobile fingerprints leaked in SK Telecom data breach

New Malware on PyPI Poses Threat to Open-Source Developers

NHS Charter Urges Vendors to Improve Cybersecurity to Prevent Ransomware

NHS England launches cyber charter to shore up vendor security practices

Northumbria Police report rise of extortion and phishing

O2 UK patches bug leaking mobile user location from call metadata

O2 was leaking user geolocation to anyone who was initiating a call

Official UK records confirm cyberattacks put NHS patients at risk of clinical harm

Over 40,000 iOS Apps Found Exploiting Private Entitlements

Personal data accessed in legal aid cyber attack

Personal data taken in UK legal aid cyber attack

Personal data taken in UK legal aid cyber attack, government says

Queensland hacker Shane Duffy loses $4.5M in cybercrime asset seizure, including Bitcoins

Ransomware attacks on agriculture industry now twice as high compared to year prior

Ransomware Gangs Use Skitnet Malware for Stealthy Data Theft and Remote Access

RCE Vulnerability Found in RomethemeKit For Elementor Plugin

Redcar and Cleveland: The inside story of a council held to ransom in cyber-attack

Research Tracked 1 Malicious Email Every 42 Seconds in 2024

RVTools Official Site Hacked to Deliver Bumblebee Malware via Trojanized Installer

Securities and Exchange Commission (SEC) hacker gets jail time

Securities and Exchange Commission (SEC) SIM Swapper Gets 14 Months for X Account Hijack

Security Leaders Discuss the New EU Vulnerability Database

Serviceaide Leak Exposes Records of 500,000 Catholic Health Patients

Serviceaide leak impacts over 480K Catholic Health patients

'Significant amount' of data taken in cyber attack on Legal Aid Agency

'Significant' amount of personal data accessed in Legal Aid Agency (LAA) cyber attack

'Significant' personal data exposed in cyber attack on Legal Aid Agency

SIM Swap Hacker Jailed for Hijacking SEC’s X Account and Faking Bitcoin ETF News

SK Telecom data breach exposes 27 million user records

SK Telecom data breach larger than initially reported

SK Telecom USIM Data Compromise: Millions of Customers at Risk

Solicitors criticise ‘antiquated’ Legal Aid Agency IT system after cyber attack

Suspect sentenced to 14 months in prison for SIM swapping the SEC’s X account

The Ransomware Threat: How to respond and protect your organisation

Thousands of WordPress Sites at Risk Due to Critical Crawlomatic Plugin Vulnerability

Tracking Accusations May Have Roblox Back in Court

UK government confirms massive data breach following hack of Legal Aid Agency

UK Legal Aid Agency confirms applicant data stolen in data breach

UK Legal Aid Agency Finds Data Breach Following Cyberattack

UK Legal Aid Agency Hit by Cyberattack, Sensitive Data Stolen

US President Donald Trump to sign bill criminalizing revenge porn and explicit deepfakes

What it’s like to negotiate with ransomware gangs

When it Comes to AI Cybersecurity Tools, We’re Always Buying Vibes

Posted by at
Labels: