Data Breaches Digest - Week 29 2025

Welcome to this week's Data Breaches Digest, a catalogue of links concerning Data Breaches and Cyber Security that were published on the Internet during the period between 14th July and 20th July 2025.

15th July

Banks must beef up cyber resilience as financial phishing attacks increase

14th July

$1.8 million stolen from Broken Bow Public Schools in phishing scam

4 Critical, Known Exploited Vulnerabilities Added to KEV Catalog

5.4 million hit in major healthcare data breach - names, emails, SSNs and more exposed

A simple radio hack can emergency stop any train in North America, researchers warn

Africa’s Growing Vulnerability: How Complacency Exposes the Continent to Rising Cyber Threats

Alabama city purportedly compromised by INC Ransom group

Alleged Data Breach of Colmedsa Exposes Records of Argentine Medical Professionals

Artivion data breach exposes sensitive customer information

Asia Pacific and Japan (APJ) Ransomware Demands Drop 50%, Yet 54% Firms Pay Hackers

Auditor questions city of Cleveland cyber security in wake of attack

Australia: Data Breach Notification - Office of the Migration Agents Registration Authority (OMARA) agents portal

Australian Office of the Migration Agents Registration Authority discloses accidental data breach

Azerbaijan: Over 6,000 users become victims of hacker attacks this year

Banks told: Be more vigilant against financial phishing

Banks urged to beef up cybersecurity amid more incidents of financial phishing

Broken Bow Public Schools impacted by phishing email scam, $1.8 million shared with fraud account

Broken Bow Public Schools target of phishing email scam, $1.8 million in funds stolen

Broken Bow Public Schools working to recover funds after $1.8 million phishing scam

CARSTAR Business Group Allegedly Hit by Sarcoma Ransomware

Chicago’s WFMT radio station reportedly breached by ransomware group Play

Chinese Hacker Arrested in Association With Silk Typhoon State-Sponsored Espionage Campaign

Click Happens: The Case for Realistic Government Phishing Drills

Cloned Phones, Stolen Identities: The eSIM Hack No One Saw Coming

Cost of West Lothian schools cyber attack will be revealed - but investigation could take a year

Cyber Storm Hits Travel Industry: Phishing, Fake Bookings, and AI Scams Threaten Summer Travelers

Denmark Moves Toward AI Copyright Rules for Voice and Appearance

Edison-Based Lab Suffers Data Breach, Lawyers Say Patient's Personal Info Leaked to the Dark Web

Elmo Account Hacker Posts Antisemitic Rant, Claims Trump's In Epstein Files

Elmo becomes unlikely pawn in hacker’s antisemitic rant targeting Donald Trump and the Epstein scandal

Elmo Is in Hot Water After Antisemitic Tweet Appears on X Account

Elmo said what? Sesame Workshop pins ‘disgusting’ racist, obscene tweets on hacker

Elmo’s social media ‘compromised’ by unknown hacker

Elmo’s X account hacked to publish racist and antisemitic posts

Elmo’s X account posts racist and antisemitic messages after being hacked

Elmo’s X Account ‘Secure’ After Hacker Posts Antisemitic Slurs, Demands ‘Epstein Files’ Release

Elmo’s X Account ‘Secured’ After Hacking; ‘Sesame Street’ Says ‘Unknown Hacker Posted Disgusting Messages, Including Antisemitic and Racist Posts’

eSIM Vulnerability in Kigen's eUICC Cards Exposes Billions of IoT Devices to Malicious Attacks

Exploited Wing file transfer bug risks ‘total server compromise,’ CISA warns

Exploits for unauthenticated FortiWeb RCE are public, so patch quickly! (CVE-2025-25257)

Fake News Sites Mimicking CNN, BBC and CNBC Pave Way for Investment Scams

Financial giant Prudential will pay up to $5,000 per person following massive Social Security data breach

Finastra Data Breach Affects Over 800K Americans: SSNs Exposed

Flutter Entertainment confirms data breach impacting 800,000 customers

France Nabs Russian Basketball Player in Ransomware Probe

Gambling websites Paddy Power and Betfair confirm data breach

Gigabyte motherboards vulnerable to UEFI malware bypassing Secure Boot

GLOBAL GROUP: Emerging Ransomware-as-a-Service, Supporting AI Driven Negotiation and Mobile Control Panel for Their Affiliates

Global Louis Vuitton data breach impacts UK, South Korea, and Turkey

Gmail AI summaries can be hijacked for phishing scams

GMX Exploit Nets Hacker $5 Million “Bounty” After $40 Million Heist

Google Gemini Bug Turns Gmail Summaries into Phishing Attack

Google Gemini can be hijacked to display fake email summaries in phishing scams

Google Gemini Tricked Into Showing Phishing Message Hidden in Email

Google Gemini Vulnerability Allows AI-Powered Phishing Attacks via Hidden Email Commands

Google’s Gemini AI Model for Workspace Exposes Users to Advanced Phishing Attacks

Hacker Gets Access to Elmo’s X Account, Posts Vulgar Messages

Hacker Impersonating Elmo Makes Antisemitic X Posts

Hacker uses Elmo’s X account to post antisemitic messages

Hate-Filled Hacker Hijacks Loveable Muppet Elmo's Social Media to Share Shocking Antisemitic & Expletive-Filled Posts

India's Central Bureau of Investigation (CBI) Shuts Down £390K U.K. Tech Support Scam, Arrests Key Operatives in Noida Call Center

Indian Police Raid Tech Support Scam Call Center

Interlock ransomware adopts FileFix method to deliver malware

Interlock ransomware group deploys new PHP-based RAT via FileFix

Interlock Ransomware Unleashes New RAT in Widespread Campaign

IoT Devices at Risk Due to eSIM Flaw in Kigen eUICC Cards

Ireland: State's debt management agency loses €5m in phishing attack

Kaspersky urges vigilance in The Phillippines as financial phishing rises

Law enforcement authorities bust international Microsoft scam call center

Legal gaps in AI are a business risk, not just a compliance issue

Linux Is No Longer Immune: Why Ransomware Gangs Are Going All-In on Linux Targets

Louis Vuitton confirms customer data stolen in cyber attack

Louis Vuitton confirms UK customer data stolen in cyber attack

Louis Vuitton Data Breach - Customer Information Compromised

Louis Vuitton Suffers Data Breach - Customer Information Stolen

Louis Vuitton Data Breach Hits Customers in Several Countries

Louis Vuitton Investigates Cyber-Attack

Louis Vuitton UK Hit by Cyberattack, Third LVMH Breach in 3 Months

Louis Vuitton UK Latest Retailer Hit by Data Breach

Luxury retailer LVMH says UK customer data was stolen in cyber attack

Malicious VSCode extension in Cursor IDE led to $500K crypto theft

Man Gets Suspended Sentence for Hate-Fueled UK Train Stations WiFi Hack

Marks & Spencer (M&S) resumes online recruitment following cyber attack

'Massive and sophisticated' cyber attack targets Florida Trident and its parent organization

McDonald’s Hiring Bot: Would You Like A Side of PII With That?

Mobile phishing threat preparedness lagging among organizations, report finds

National Cyber Security Centre (NCSC) Urges Enterprises to Upgrade to Microsoft Windows 11 to Avoid Cyber Threats

Naver.com Allegedly Suffers Significant Data Leak

Nebraska school district loses $1.8 million in ‘sophisticated’ phishing scam

New American Funding Data Breach Affects Many

New Attack Uses Gemini Summaries to Deliver Phishing Lures

New Mexico State Treasurer’s Office Issues Urgent Warning On Scam Calls, Docusign Phishing Attacks

New PHP-Based Interlock RAT Variant Uses FileFix Delivery Mechanism to Target Multiple Industries

New Zealand: Supermarket loyalty card cyberattack prompts password warning

Operation "ELICIUS": International Hacker Gang "Diskstation" Dismantled by Italian Postal Police

Paddy Power and Betfair users warned as parent company suffers data breach

Phishing attempts target staff and students at Waterloo Region District School Board

Phishing no longer ‘just a consumer issue’

Phishing potentially facilitated by Google Gemini exploitation

Police Service of Northern Ireland (PSNI) officer accused of fraud over data breach payment scheme

Racist, antisemitic content floods Elmo's X account after unexpected hack

Ransomware attacks nearly double in 2025, with US and SMBs most heavily targeted

Ransomware disrupts Virginia county

Ransomware drops, but don’t relax yet

Ransomware gang takes credit for hacking Belk in May 2025, report says

Romanian police arrest 13 scammers targeting UK’s tax authority

Russian Basketball Star Daniil Kasatkin Arrested in Ransomware Probe

Saudi industrial services group breached, hackers claim

Securing Against Phishing Beyond Email

Sesame Workshop Says Unknown Hacker Responsible For Posting Antisemitic And Racist Posts To Elmo’s X Account

“Shadowy developer” targets crypto users by compromising legitimate software

The 10 most common IT security mistakes

The ransomware boom shows no signs of letting up – and these groups are causing the most chaos

UK authorities arrest four in major retail cyber attack probe

UK Crowdfunding Platform Rebuilding Society Allegedly Hacked

UK launches vulnerability research program for external experts

UK replaces US as “No. 1 target” for Russian cyberattacks

Waterloo Region District School Board monitoring phishing scam that targeted staff, students

Waterloo Region District School Board (WRDSB) staff, students targeted in phishing scam

Why your Microsoft 365 setup might be more vulnerable than you think

WinRAR Zero-Day Exploit Allegedly on Sale for $80,000

Your AI, a Weapon Against You: How a Gemini Vulnerability Turns AI into a Phishing Tool

Your eSIM might not be as safe as you think: researchers hack and clone numbers