Welcome to DBD. On March 8th, DBD celebrated it's 5th anniversary and 
Dentons Senior Analyst, Washington DC
Welcome to this week's Data Breaches Digest, a catalogue of links concerning Data Breaches and Cyber Security that were published on the Internet during the period between 23rd June and 29th June 2025.25th June
16 billion passwords from Apple, Facebook, Google and more leaked. Why has no one heard of it?
$90M Removed From Iran’s Largest Cryptocurrency Exchange in Cyberattack
$918,510 Settlement Agreed to Resolve Data Breach Litigation Against OB/GYN Clinics
Africa faces cybercrime crisis amid weak enforcement, INTERPOL warns
AI Agents Are Creating Insider Security Threat Blind Spots, Research Finds
Akira Ransomware Allegedly Hits Six Companies, Including Seppeler Gruppe and Access Financial
Alleged Data Leak at AKRAB Resource Malaysia Exposes Sensitive Student Information
Alliedbankers Insurance Corporation Allegedly Hit by Massive 80GB Data Breach
Arisa Health to pay $1.9 million in settlement over 2024 data breach affecting 375,000 patients
Authorization sprawl: Attacking modern access models
Beware the Hidden Risk in Your Entra Environment
BreachForums hacking forum operators reportedly arrested in France
Bridewell report indicates rise in lone wolf ransomware actors
Cambodian Education Giant MJQ Education Allegedly Breached, Applicant Data Leaked
Citrix Bleed 2 Flaw Enables Token Theft; SAP GUI Flaws Risk Sensitive Data Exposure
Close to half of firms impacted by ransomware chose to pay, survey finds
Common Good Cyber Fund Launched to Support Non-Profit Security Efforts
Companies negotiate their way to lower ransom payments
Cork hacker sends ETH to Tornado Cash, donates to Roman Storm’s fund
Customer Documents from Dubai Motorcycle Rental Firm Allegedly Leaked Online
Cyber attack on hospitals ‘contributed to patient death’
Cybercrime: 46% of firms paid ransom in 2025
Data possibly stolen and council services offline after Glasgow cyber attack
Data theft possible in Glasgow City Council cyber attack
Do-nut ignore: Krispy Kreme informs 160k affected in November cyber attack
Envato investigates cyber attack claims, no evidence of breach so far
Feds Warns of Possible Iranian Hacker Attacks Against U.S. Infrastructure
Glasgow City Council dealing with major cyber attack
Glasgow city council hit by cyber attack that may have stolen residents’ data
Glasgow City Council hit by cyber attack which 'may have involved theft of customer data'
Glasgow City Council hit by major cyber security incident
Glasgow City Council impacted by ‘cyber incident’
Glasgow City Council warns public after local authority hit by cyber attack
Hackers May Be Using LLMs to Target You
Half of businesses yield to ransomware demands
Half of Customer Signups Are Now Fraudulent
Half of Singapore companies pay ransom in cyberattacks
How to Tame Your Multi-Cloud Attack Surface with Pentesting
Kenya: Cyber phishing threatens privacy
LapDogs Campaign Shows Chinese Groups’ Growing Use of ORB Networks
Lessons from Black Basta - How to protect against evolving ransomware threats
Mainline Health Systems data breach impacted over 100,000 individuals
Mainline Health, Select Medical Each Disclose Data Breaches Impacting 100,000 People
Many End up Paying Ransomware Demands, Though Less Than They Did in Prior Years
Marquette County Medical Care Facility Data Breach Caused by HR Email Compromise
Microsoft nOAuth Flaw Still Exposes SaaS Apps Two Years After Discovery
New TeamViewer Vulnerability Puts Windows Systems at Risk of Privilege Escalation
New WordPress Malware Hides on Checkout Pages and Imitates Cloudflare
North Korea-linked Supply Chain Attack Targets Developers with 35 Malicious npm Packages
Nova Scotia Power (NSP) confirms wider data breach, offers all customers five years of credit monitoring
Nucor confirms data breach exposed sensitive personal information in recent cyber attack
Over 100K exposed in Arkansas health system hack
Patient's death linked to cyber attack on NHS, hospital trust says
Police alerts about new SMS "blaster" scams used for smishing
Pro-Iranian hackers leak personal data of Saudi Games 2024 participants
Pro-Iranian Hacktivist Group Leaks Personal Records from the 2024 Saudi Games
Qilin & Associates Law Firm: Ransomware Hires Lawyers, Launches “Intimidation Package”
Quantum Computing: A Call to Action for Security Professionals
Ransom Costs Drop, But Half of Firms Still Pay Hackers
Ransomware attack contributed to patient’s death, says Britain’s National Health Service (NHS)
Ransomware Attacks Dip in May Despite Persistent Retail Targeting
Ransomware Groups Increasingly Conducting Extortion-Only Attacks
Ransomware victims are getting better at haggling with hackers
SAP GUI Input History Found Vulnerable to Weak Encryption
Saudi Mining & Logistics Firm Kalad Allegedly Breached, Full Database Leaked
Some Erie Insurance operations back online after cyber attack, 2 other insurers attacked
SonicWall NetExtender Trojan and ConnectWise Exploits Used in Remote Access Attacks
SonicWall warns of trojanized NetExtender app stealing sensitive data
Sophos finds ransomware crooks still getting paid
Sophos Ransomware Report: More Paying Ransoms, Minimizing Impact
Spanish Insurer Pelayo Seguros Allegedly Breached – Database of 1.5 Million Users For Sale
Tonga's health system paralysed by major ransomware attack, staff forced to go manual
UK Ransom Payments Double as Victims Fall Behind Global Peers
Users lack control as major AI platforms share personal info with third parties
Warning as Glasgow City Council hit by cyber attack
Why should companies or organizations convert to FIDO security keys?
Why the Security Operations Center (SOC) needs its “Moneyball” moment
World’s largest data breach spurs rush to passkeys
YES24 faces ransomware attack as global incidents rise, costing Korea billions
Your Data Appeared in a Leak. Now What?
24th June
16 Billion Login Credentials Exposed in Massive Data Breach
16 billion passwords leak online in massive data dump with data from Google, Facebook, Apple, and more
18 Simple, Budget-Friendly Strategies To Boost Ransomware Resilience
Aflac faces proposed class action in data breach
Aflac reveals a data breach that occurred earlier this month
Africa Faces a Digital Sextortion Crisis as Numbers Surge Across the Continent
Agentic AI ransomware is on its way
AI Security Turning Point: Echo Chamber Jailbreak Exposes Dangerous Blind Spot
Androxgh0st Botnet Expands Reach, Exploiting US University Servers
Anubis ransomware gang claims massive Disneyland Paris data breach
APT28 Uses Signal Chat to Deploy BEARDSHELL Malware and COVENANT in Ukraine
Arisa Health to Pay $1.9 Million to Settle Data Breach Litigation
AT&T Settles $177M Over 2024 Data Breach Lawsuits
BT says nearly half small businesses have suffered a cyber attack in the last year
California real estate firm Income Property Investments exposes 170,000 records in major data breach
CERT-In issues advisory after data breach of 16 billion credentials, asks people to change passwords
China-linked APT Salt Typhoon targets Canadian Telecom companies
China-linked Salt Typhoon Exploits Critical Cisco Vulnerability to Target Canadian Telecom
China-linked Salt Typhoon hacked Canadian telecom
Cyber Intel Pros and Hobbyists Can Now Report Threats Anonymously
Data breach affecting over 75,000 people at University of Massachusetts (UMass) leads to lawsuit
Don’t be blindsided by a cyber attack
Ex-CISA head urges vigilance, warns retaliatory cyberattacks after Iran nuclear strikes likely
Fewer ransomware attacks encrypting data, new report finds
Four REvil ransomware crooks walk free, escape gulag fate, after admitting guilt
Gambling Addict Accused of Stealing $4m from Coinbase Users
Generative AI and privacy are best frenemies - a new study ranks the best and worst offenders
Hacker Group Claims it Destroyed Israeli Military-linked Company's Database
Hackers Are Poisoning Google Search Results for AI Tools to Deliver Infostealer Malware
Hackers Exploit Misconfigured Docker APIs to Mine Cryptocurrency via Tor Network
Hackers Target Over 70 Microsoft Exchange Servers to Steal Credentials via Keyloggers
Half of Security Pros Want GenAI Deployment Pause
High-risk WinRAR RCE vulnerability patched, update quickly! (CVE-2025-6218)
How to Recognize Social Engineering and Block the Modern Kill Chain
Indian Nuclear and Chemical Firm Allegedly Breached
Inside the Cyber Crisis Facing Healthcare
Insurer Aflac Experiences Cyber Incident
Iran’s Nuclear Program Data Allegedly Breached - 25 GB of Sensitive Information For Sale
Iranian-Linked Hackers Disrupt Services in Tirana Cyber Assault
Judge approves AT&T’s $177M data breach settlement
Krispy Kreme data breach exposes personal information of over 160,000 individuals
Leak of data belonging to 7.4 million Paraguayans traced back to infostealers
Lessons from Helsinki: NCSC-FI's Role in Mitigating a Major Data Breach
Major Data Breach Allegedly Hits Cetdigit, Exposing 19 Million B2B Records
Major data breach at McLaren Health Care sees 743,000 patients affected - here's what we know
Malware Campaign Uses Rogue WordPress Plugin to Skim Credit Cards
McLaren Health Care data breach affects over 740,000 individuals
McLaren Health Care Data Breach Impacts Over 743,000 Patients
McLaren notifies 743K patients about data breach
Mexican Hospital Civil de Guadalajara Allegedly Breached
Myrtue Medical Center Allegedly Hit by Ransomware Attack
Nearly Half of Companies Opt to Pay the Ransom, Sophos Report Finds
Negotiating with ransomware gangs works, survey finds
New FileFix attack weaponizes Windows File Explorer for stealthy commands
NHS demands doctors stop using unapproved AI software to record patient conversations
North Korean Hackers Try to Steal Crypto Via Deepfake Zoom Call
Outdated systems are a hacker’s dream
Patients Allege Home Delivery Pharmacy Failed Timely Notification of Data Breach
Peruvian Chocolate Giant Machu Picchu Foods Allegedly Hit by Sarcoma Ransomware Attack
Phishing against Trezor users, fake support emails attempt to steal the seed phrase: how to recognise them
Pro-Russian hackers claim DDoS attack on Dutch government websites
Ransom demands surge as UK organisations grapple with ransomware fallout
Ransomware attack hits Krispy Kreme systems
Record Data Breaches: Is Your Team Secure?
Reported Impersonation Scams Surge 148% as AI Takes Hold
Researchers Find Way to Shut Down Cryptominer Campaigns Using Bad Shares and XMRogue
REvil ransomware members freed by Russia after conviction
Russia releases REvil members after convictions for payment card fraud
Saving Your Wallet Details, Seed Phrase as a Photo on Your Phone? This Trojan May Be Targeting You
Second Time’s Not the Charm: McLaren Hit Again by Ransomware Breach
Security researchers warn that old or expired Discord invites are being used in phishing attacks
Singapore: Organisations cite Business Email Compromise (BEC), phishing as top threats for 2025
SK Telecom to resume new subscriptions after completion of USIM replacement
Social engineering and Signal chats led to new Russian malware attacks, Ukraine says
SonicWall warns of trojanized NetExtender stealing VPN logins
SparkKitty Spyware on App Store and Play Store, Steals Photos for Crypto Data
State of Ransomware 2025: Sophos Finds Median Ransom Payment Now $1 Million
Sweeping Department of Motor Vehicles (DMV) phishing campaign hits US
Taiwan Military Database Allegedly Compromised, Sensitive Data Offered for Sale
The ‘16 billion password breach’ story is a farce
The Security Fallout of Cyberattacks on Government Agencies
The State of Ransomware 2025
The story of the secret cyber attack on Iran's nuclear sites
Trezor under phishing attack, maximum alert
Trezor Warns of Phishing Emails Mimicking Support
Trezor Warns Users After Phishing Emails Exploit Support System
Trezor’s support platform abused in crypto theft phishing attacks
Trojanized SonicWall NetExtender app exfiltrates VPN credentials
U.S. Hit by Hacktivist DDoS Attacks Following Iran Bombings
U.S. House of Representatives Bans WhatsApp on Official Devices Over Security and Data Protection Issues
U.S. warns of incoming cyber threats following Iran airstrikes
UK ransomware costs significantly outpace other countries
University of Massachusetts Dartmouth (UMass Dartmouth) Sued Over Data Breach That Affected 75K
Unprecedented Data Breach: Largest Password Leak in History Exposes Millions
Urgent warning to Facebook, Apple and Google users after ‘largest data breach in history’
US House of Representatives bans WhatsApp from staff devices
US House of Representatives bans WhatsApp on staff devices over security concerns
US insurance company Aflac reports customer data breach
Using AI to Identify Patterns in Vishing Attempts
Weaponized DMV-Themed Phishing Attacking U.S. Citizens to Harvest Personal and Financial Data
White House bans Congress from using WhatsApp on their devices
Why One-Off Pen Tests Could Be Leaving You at Risk
23rd June
16 Billion Login Credentials Exposed in World’s Largest Data Breach
16 Billion Passwords Stolen in Largest Cyber Attack Ever
71% of new hires click on phishing emails within 3 months
184 million passwords leaked across Facebook, Google, more: What to know about this data breach
743,000 Impacted by McLaren Health Care Data Breach
743,131 Americans Affected by Massive Data Breach - Firm Says Unknown Attacker May Have Exposed Names, Social Security Numbers, Driver’s License Numbers and More
Aflac confirms data breach in widespread cyberattack targeting US insurance sector
Aflac Latest Major Insurer to Suffer Cyberattack and Data Breach
Aflac probes potential data breach after suspicious US network activity
AI was once a developer’s best friend, but now it's a threat to the software supply chain
Alleged Sale of Vivaia Customer Data from January 2025 Breach Impacts 12 Million
American steel giant Nucor confirms data breach in May attack
Angolan Government Documentation Panel Allegedly Breached
Anti-regime hackers infiltrate Iran's banking system
APT28 hackers use Signal chats to launch new malware attacks on Ukraine
APT36 Hackers Attacking Indian Defense Personnel in Sophisticated Phishing Attack
APT36 Hackers Target Indian Defense Personnel with Sophisticated Phishing Campaign
Are your passwords part of recent data breach? Here's how to check
Banks enhance customer screening amid rising voice phishing crimes in Korea
Canada says Salt Typhoon hacked telecom firm via Cisco flaw
Canada says telcos were breached in China-linked espionage hacks
China-linked LapDogs Campaign Drops ShortLeash Backdoor with Fake Certs
Chinese “LapDogs” Operational Relay Box (ORB) Network Targets US and Asia
CoinMarketCap, Cointelegraph compromised to serve pop-ups to drain crypto wallets
Cointelegraph Hit by Front-End Exploit, Fake Phishing Airdrop Pop Up on Website
Cointelegraph Website Hacked to Promote Fake Airdrop Scam
Critical Citrix NetScaler bug fixed, upgrade ASAP! (CVE-2025-5777)
Crypto phishing blitz hits CoinMarketCap, Cointelegraph, and Trezor
Cyber Essentials Breaks Quarterly Record for Certifications
Cyber Fattah Leaks Data from Saudi Games in Alleged Iranian Operation
Cyberattack disrupts Tonga Ministry of Health
Data of more than 740,000 stolen in ransomware attack on Michigan hospital network
Department of Homeland Security (DHS) Warns Pro-Iranian Hackers Likely to Target U.S. Networks After Iranian Nuclear Strikes
Disneyland Paris data allegedly stolen by Anubis ransomware
Echo Chamber Jailbreak Tricks LLMs Like OpenAI and Google into Generating Harmful Content
Erie Insurance works to determine what, if any, data was affected by security incident
Everything You Need To Know About The Record Data Breach Leaking 16 Billion Passwords
Fake Department of Motor Vehicles (DMV) Texts Scam Hit Thousands in Widespread Phishing Campaign
Fake Minecraft Mods on GitHub Found Stealing Player Data
Fake Web3 Wallet Prompt Steals $43,000 from CoinMarketCap Users
FC Barcelona documents leaked in ransomware breach
FC Barcelona’s data compromised in ransomware attack on insurer
Federal officials warn of potential Iran cyber attacks. How to protect yourself
French Insurance Broker AMI 3F Allegedly Breached 20K Customer Records Leaked
Genomics company fined over data breach
Gigabytes of Disneyland data “just end up” in ransomware gangs’ hands
Google Adds Multi-Layered Defenses to Secure GenAI from Prompt Injection Attacks
Hacken token plunges 99% after hacker mints and dumps $250K
Hacker Daytwo Stole $4M from Coinbase Users
Hacker offers files for sale after Scania data breach
Hackers Allegedly Selling Intelbras Router 0-Day Exploit on Hacker Forums
Hackers exploit Trezor's website to send phishing emails
Hackers take advantage of Google Apps Script for phishing
Heightened Cyber Threat from Iran Sparks Urgent Calls for Vigilance and Mitigation
Highly targeted spear phishing campaign targets corporate leaders, financial executives
How CISOs can justify security investments in financial terms
Inside the UK’s Fight Against Ransomware
Iran cyberattacks against US biz more likely following air strikes
Iran-linked cyberattack reportedly disrupts public services in Albania’s capital
Iranian hacker group reportedly behind Albania cyber attack
Israeli officials say Iran exploiting security cameras to guide missile strikes
Krispy Kreme confirms data leak after ransomware attack
Krispy Kreme Data Breach Update: 160,000 Individuals Affected
Lawsuit alleges Erie Insurance failed to safeguard customer data in network breach
Leading at the Speed of Algorithms: Immediate AI Priorities for Cybersecurity Leaders
Lost devices "systemic risk" to UK cybersecurity
Major insurance company discloses cyber attack: What you need to know if you’re impacted
Malware on Google Play, Apple App Store stole your photos - and crypto
McLaren Health Care Data Breach Exposes 743,000 People Personal Information
McLaren Health Care Data Breach Exposes Personal Information of 743,000 Individuals
McLaren Health Care data breach impacted over 743,000 people
McLaren Health Care hit by another data breach, exposing 743K people’s data
McLaren Health Care Notifies Almost 750,000 Individuals About August 2024 Ransomware Attack
McLaren Health Care says data breach impacts 743,000 patients
McLaren Health Says 743,000 Affected by 2024 Ransomware Hack
Medical device cyberattacks push hospitals into crisis mode
Mower County experienced ransomware attack last week; still working to fully restore services
New ransomware groups, rise in supply chain attacks in May 2025
"No evidence" - here's why the massive 16 billion record data breach may not be as bad as first thought
Over 700K people hit in major healthcare data breach - full names, SSNs, medical info and more exposed
Over Half of Online Shopping Traffic is Made Up of Bots
Oxford City Council confirms data breach affecting election workers and staff
Oxford City Council data breach affects legacy systems
Oxford City Council data breach leaks two decades of data
Oxford City Council reports election worker data breach (2001–2022)
Paraguay Hit By Yet Another Cyber Attack
Phishing Attacks Hit Top Crypto Sites: CoinMarketCap & CoinTelegraph Affected
Pro-Russian hacker group claims attack on Dutch government websites
Qilin ransomware strengthens data extortion tactics
Quantum risk is already changing cybersecurity
Ransomware group now lets you call a lawyer
Researchers say cybercriminals are using jailbroken AI tools from Mistral and xAI
REvil ransomware members released after time served on carding charges
Russian court releases several REvil ransomware gang members
Russian hackers target Gmail passwords to crack down on international critics
Salt Typhoon Targets Telecoms via Router Flaws, Warn FBI and Canada
Security experts confirm 16 billion ‘data breach’ contained old data
SK Telecom resumes new customer sign-ups after April's SIM data breach
So, you’ve been hit by ransomware and you want to pay - here’s what to expect in a negotiation
Spanish Retailer Electropolis Allegedly Breached Over 100k Customers Affected
Stealthy backdoor found hiding in Small Office and Home Office (SOHO) devices running Linux
Steel giant Nucor confirms hackers stole data in recent breach
Steelmaker Nucor Hacked - Attackers Gained Unauthorized Access to IT Systems
Steelmaker Nucor restores operations, confirms limited data breach
Steelmaker Nucor Says Hackers Stole Data in Recent Attack
Stop Blaming CVSS: The Real Problem in Vulnerability Management is Us
The financial impact of Marks & Spencer and Co-op cyberattacks could reach £440M
This Aflac Data Breach Compromised an Unknown Number of Accounts
Threat Actor ‘MazingerZ’ Claims Breach of Ocaso Seguros’ Customer Data
Trezor issues phishing alert after attackers abuse support contact form to send scam emails
Trezor issues security alert after contact form exploit used in phishing scam
Trezor Issues ‘Urgent Alert’ After Support-Form Exploit Sends Phishing Emails - What Users Must Know
Trezor users targeted in phishing scam as attackers exploit support system flaw
Trezor Wallet Issues Phishing Scam Warning to Its Users
Trezor warns users about phishing emails mimicking customer support
Trezor Warns Users of Phishing Scam After Security Breach
Ukrainian Government Systems Targeted With Backdoors Hidden in Cloud APIs and Docs
United Natural Foods restores ordering systems, resumes deliveries across North America
US Homeland Security warns of escalating Iranian cyberattack risks
US insurance giant Aflac says customers’ personal data stolen during cyberattack
US strike on Iran sends online ripples: major Saudi leak, DDoS on Truth Social
US Warns of Heightened Risk of Iranian Cyber-Attacks After Military Strikes
US-Based Telcom Insurance Group Allegedly Targeted in Lynx Ransomware Attack
Was there a recent dental data breach?
Welcome to the password apocalypse: 16 billion Apple, Google, Facebook passwords leaked
Why Banks Are Prime Cyber Attack Targets - and How They Can Fight Back
Why privacy is everyone’s business in 2025 - and what you can do about it
XDigo Malware Exploits Windows LNK Flaw in Eastern European Government Attacks
Zyxel Devices Hit by Active Exploits Targeting CVE-2023-28771 Vulnerability
