Welcome to DBD. Cybercrime is making headlines globally. Attacks on well-known brands and organizations are raising public awareness of the severity, frequency and impact of cyber attacks. Proving cybercrime is growing at an alarming rate, DBD has recorded more ransomware attacks this year than any other, and we continue to provide visibility of these in our 
Dentons Senior Analyst, Washington DC
Welcome to this week's Data Breaches Digest, a catalogue of links concerning Data Breaches and Cyber Security that were published on the Internet during the period between 13th October and 19th October 2025.15th October
‘A Call to Arms’ as UK Faces 50% Surge in Major Cyberattacks
Adobe Issues Urgent Security Updates for Connect, Commerce, and Creative Cloud Apps
Asahi Group Cyberattack Forces Delay in Financial Reporting
Australia calls on businesses to replace legacy IT
Banking Scams Up 65% Globally in Past Year
Cambodia's Luxury Hotel Hides Voice Phishing Rings, U.S. Sanctions Show
Canadian Tire Data Breach Exposes Customer Info: What Shoppers Need to Know
Canadian Tire reports e-commerce data breach
Capita Fined £14m After 2023 Breach that Hit 6.6 Million People
Capita fined £14m after hackers stole pension savers’ personal data
Capita fined £14m for data breach affecting over 6 million people
Capita fined £14m for data breach impacting 6.6 million people
Capita fined £14m for data protection failings in 2023 cyber-attack
Capita fined £14m over 2023 cyber attack that exposed millions of people’s personal data
Capita fined after millions of people’s personal data stolen in cyber attack
Capita given record £14 million fine over ransomware attack security failings
Capita reaches settlement with Information Commissioner’s Office (ICO) regarding 2023 cyber attack
Capita secures 70% cut in data breach fine to pay £14m
Capita settles cyber-attack case with Information Commissioner’s Office (ICO) for £14m, revises cash flow
Capita to pay £14 million penalty as part of settlement with Information Commissioner’s Office (ICO) regarding 2023 cyber attack
Chinese Threat Group 'Jewelbug' Quietly Infiltrated Russian IT Network for Months
CISA warns of ‘significant’ threat to federal networks after nation-state hackers stole F5 source code, undisclosed bug info
Clothing giant MANGO discloses data breach exposing customer info
Cyber giant F5 Networks says government hackers had ‘long-term’ access to its systems, stole code and customer data
Data breach exposes personal details of over 2,000 linked to NSW Resilient Homes Program
Discord's data breach drama is now turning into a blame game
‘Earn $8,900 a month’: Overseas job scams lure young Koreans into phishing crimes
Elasticsearch Leak Exposes 6 Billion Records from Scraping, Old and New Breaches
Europe and UK Face Relentless Ransomware Onslaught in Q3 2025, Qilin Leads the Charge
F5 Breach Exposes BIG-IP Source Code - Nation-State Hackers Behind Massive Intrusion
F5 data breach: “Nation-state attackers” stole BIG-IP source code, vulnerability info
F5 says hackers stole undisclosed BIG-IP flaws, source code
Fake Google Job Offer Email Scam Targets Workspace and Microsoft 365 Users
Flaw in Slider Revolution Plugin Exposed 4 Million WordPress Sites
Google Chrome Users In India At A High Risk Of Cyber Attack, Here's How To Stay Safe
Hackers are using a new phishing kit to steal Microsoft 365 credentials and MFA tokens - Whisper 2FA is evolving rapidly and has been used in nearly one million attacks since July
Hackers Target ICTBroadcast Servers via Cookie Exploit to Gain Remote Shell Access
Harvard Investigates Data Breach After Clop Ransomware Exploits Oracle Vulnerability
Hong Kong: Ransomware hits Cheung Sha Wan Vegetable Market, 7,000 users’ data at risk
Human Risk Report Reveals Overconfidence in Phishing Defenses
Indonesian Broadcaster Trans7 Hit by Data Breach
Information Commissioner’s Office (ICO) fines Capita £14m after millions affected by data breach
Information Commissioner’s Office (ICO) fines Capita £14 million for data breach
Information Commissioner’s Office (ICO) fines Capita £14m for data breach and shares key findings around security failings
Is Your Data Safe? Vietnam Airlines Data Breach Revealed With The Airline’s Plan to Regain Trust: How Can You Protect Yourself
Largest bitcoin seizure leaves Asian scam network victims in limbo
Last Windows 10 Patch Tuesday Features Six Zero Days
LNER confirms passenger details accessed in data breach
LNER customers warned of major data breach as key details 'exposed'
Mango Discloses Data Breach Affecting Customer Information
Mango says some customer information exposed in cyber incident
Mango warns of data breach after cyberattack
Medusa Ransomware Attack Exposes Data of Over 1.2 Million SimonMed Imaging Patients
Microsoft patches three zero-days actively exploited by attackers
Millions of Qantas customers hit by cyberattack as hackers leak data online
Morocco: Casablanca Court Sentences Africa Cup of Nations (AFCON) Billboards Hacker to One Year in Prison
New SAP NetWeaver Bug Lets Attackers Take Over Servers Without Login
New York secures $14 million in fines from 8 car insurance companies after data breaches
North Wales Police paid £46,000 for GDPR and data breaches over past six years
Not so Secure Boot: 200K Framework computers found to include a bypass
Outsourcing firm Capita fined £14m after millions had data stolen
Over 100 VS Code Extensions Exposed Developers to Hidden Supply Chain Risks
Peruvian Motorcycle Financier Global Go Hit by Killsec Ransomware
Police investigating after hacker plays 'political' message on Harrisburg International Airport (HIA) Public Address (PA) system
PowerSchool hacker sentenced to 4 years in prison
PowerSchool hacker sentenced to four years for data theft, extortion
Qantas data breach: How to safeguard yourself against scams
Qilin Ransomware Group Lists 54 New Victims in Global Attack Spree
Researchers report rare intrusion by suspected Chinese hackers into Russian tech firm
Roku Accused of Exploiting Children’s Data in Florida Privacy Lawsuit
Teknobuilt Source Code Leaked in Data Breach
Telecom operator KT accused of concealing evidence in South Korea’s data breach investigation
The diagnosis is in: Mobile health apps are bad for your privacy
The power grid is getting old, and so is the cybersecurity protecting it
Two CVSS 10.0 Bugs in Red Lion RTUs Could Hand Hackers Full Industrial Control
Two New Windows Zero-Days Exploited in the Wild - One Affects Every Version Ever Shipped
U.S. seizes $15 billion in Bitcoin linked to massive forced-labor crypto scam
UK regulator throws the book at Capita for huge 2023 data breach
UK, US Sanction Southeast Asia-Based Online Scam Network
UK's Capita fined $19 million for 2023 cyber breach
University of St. Thomas releases little information after massive data breach
Video meetings app Huddle01 leaking user data: emails, wallet addresses exposed
Vietnam Airlines confirms data breach
Vietnam Airlines hit by customer data breach
Vietnam Airlines investigates major data breach: What customers need to know
Whisper 2FA Behind One Million Phishing Attempts Since July
Windows 10's final update is a big one - with a record 173 bug fixes
14th October
5CA denies third-party Zendesk platform was cause of Discord breach
23 million records leaked in Vietnam Airlines–linked data breach
$30 Million Settlement Agreed to Resolve Integris Health Class Action Data Breach Lawsuit
180,000 Records of PII and Payment Information Exposed
Anatomy of a Service Desk Social Engineering Attack
Anatomy of an Active Directory Attack: Targeting the NTDS.dit File
Ansell reports data breach
Asahi Cyberattack is the Problem of Every Business
Asahi fears ‘possibility’ of personal data leaked during cyber-attack
Astaroth Trojan Uses GitHub Images to Stay Active After Takedowns
Australia: Businesses bear the cost of soaring cyber threats
Australia: Information from 2,031 people compromised by flood authority data breach
Australia: Prime Minister Anthony Albanese’s private phone number leaked online amid huge data breach
Australian Healthcare Giant Ansell Reports Major Security Breach Through Third-Party Software
BK Technologies Reports Major Cyber Security Breach Exposing Employee Data
Building a Cyber-Savvy Team: Training Your Workforce To Guard Against Online Scammers
Campbell Lutyens Data Breach Affects Personal Info
Canadian Tire Reports Customer Data Breach Affecting SportChek, Mark’s and Other Brands
Canadian Tire says customer info caught in data breach on e-commerce platform
Canadian Tire says passwords, credit card info impacted in recent data breach
Canadian Tire says recent breach of e-commerce database involved customer info
Canadian Tire says recent data breach may have hit online shoppers’ info
China’s Flax Typhoon Exploits ArcGIS App for Year-Long Persistence
Chinese hackers abuse geo-mapping tool for year-long persistence
Chinese Hackers Exploit ArcGIS Server as Backdoor for Over a Year
Chinese Hackers Use Trusted ArcGIS App For Year-Long Persistence
Cl0p releases data nabbed from Harvard thanks to Oracle exploit
Compound Solutions Data Breach Exposes PII Details
Credential Attacks Detected on SonicWall SSLVPN Devices
Crimson Collective breaches Colombia lottery, leaks winner data
Cyber attack contingency plans should be put on paper, firms told
Cyber attack forces The Daily Sentinel to adapt
Cyber Resilience Now: Why 2025 Demands a Shift from Defense to Readiness
Data breach at senior living provider potentially affects 26,000
Decisely Insurance Reports Data Breach Affecting Over 110,000 Nationwide
Deschutes County issues warning about email scam
Discord blamed a vendor for its data breach - now the vendor says it was ‘not hacked’
Discord Third-Party Data Breach Leaks Personal Information, Including Government IDs
DSV targeted by new logistics-focused hacking group
“Empty shelves and stalled production lines:” UK suffering four major cyberattacks a week
Feds sanction Cambodian conglomerate over cyber scams, seize $15 billion from chairman
Florida sues Roku for illegally selling children’s data, including precise geolocation
Global cyber attacks decline, but ransomware jumps 46% as GenAI threats hit education, telecom, government
Guernsey: Government 'holds hands up' after warning its own emails were phishing scams
Guernsey: States apology over 'phishing attack' email error
Hacker Group TA585 Emerges With Advanced Attack Infrastructure
Hackers can snoop on Android screens and steal sensitive data with zero permissions
Happy DOM Security Flaw (CVE-2025-61927) Enables VM Context Escape and Remote Code Execution
Harvard Confirms Cl0p Data Breach Tied to Oracle EBS Vulnerability
Harvard University hit in Oracle EBS cyberattack, 1.3 TB of data leaked by Cl0p group
Hong Kong privacy watchdog opens probe into Qantas Airways' data breach
India: Kolkata real estate firm reports cyberattack, data breach
Indiana city confirms ransomware hackers behind September incident
Insurers set tougher terms as ransomware containment improves 33%
Jaguar Land Rover Cyber Attack: Russia Suspected in Major Factory Shutdown
Kearney Public Schools operations fully restored after cyber attack
Kearney Public Schools restores technology systems following cyber attack
Legacy Windows Protocols Still Expose Networks to Credential Theft
Major retailers hit by data breach in Canada, customer information impacted
Malicious crypto-stealing VSCode extensions resurface on OpenVSX
Mango Targeted in Recent Cyber Attack: Unauthorised Access to Client Information
Massive NPM Supply-Chain Attack Infects Developers During Package Installs
MI5, sleuths chase clues from China to Iran after shutdown devastates Tata’s Jaguar Land Rover
Michigan City announces that September’s network disruption was due to ransomware
Microsoft Limits IE Mode in Edge After Chakra Zero-Day Activity Detected
Microsoft October 2025 Patch Tuesday fixes 6 zero-days, 172 flaws
MyCardiologist Data Breach Affects Patient PII and PHI
Nebraska: York business targeted in email phishing scam for prescription drugs
New Android Pixnapping attack steals MFA codes pixel-by-pixel
New Pixnapping Android Flaw Lets Rogue Apps Steal 2FA Codes Without Permissions
npm, PyPI, and RubyGems Packages Found Sending Developer Data to Discord Channels
NSW Reconstruction Authority: Data breach analyses reveals no shared files
Ofcom issues £20K fine to 4chan for ignoring information requests
Oracle silently fixes zero-day exploit leaked by ShinyHunters
Patch Tuesday October 2025: Three Zero-days Under Attack
Phishing Scam on Booking.com Costs UK Traveler Over One Thousand Eight Hundred Euros - How to Protect Yourself
Police Bust GXC Team, One of the Most Active Cybercrime Networks
Qantas confirms cybercriminals released stolen customer data
Qantas customers enraged after their personal data hits dark web
‘Quishing’ Fuels a New Wave of Stealthy Phishing Attacks
Ransomware losses rise despite fewer insurance claims
Région Hauts-de-France Suffers Massive 1.1TB Data Breach
Researchers Expose TA585's MonsterV2 Malware Capabilities and Attack Chain
RMPocalypse: Single 8-Byte Write Shatters AMD's SEV-SNP Confidential Computing
Russia suspected in Jaguar Land Rover (JLR) cyber attack
Russia-linked hackers attack Texas electric cooperatives
Satellites found exposing unencrypted data, including phone calls and some military communications
Secure Boot bypass risk threatens nearly 200,000 Linux Framework laptops
Security validation: The key to maximizing ROI from security investments
Senior Executives Falling Short on Cyber-Attack Preparedness, National Cyber Security Centre (NCSC) Warns
SimonMed Data Breach Exposes Sensitive Information of 1.2 Million Patients
SimonMed discloses 1.27 million-record healthcare data breach
Taiwan People’s Party (TPP) chair accused of leading hacker network, denies allegations
Taiwan reports surge in Chinese cyber activity and disinformation efforts
The Endpoint Has Moved to the Browser - Your Security Tools Haven’t
The solar power boom opened a backdoor for cybercriminals
This new Android exploit can steal everything on your screen - even 2FA codes
UK: National Cyber Security Centre (NCSC) Reports 130% Spike in "Nationally Significant" Cyber Incidents
UK Cyberattacks Increase Nearly 50% as National Cyber Security Centre (NCSC) Reports Third Consecutive Year of Growth
UK Firms Lose Average of £2.9 million to AI Risk
UK hit by record number of ‘nationally significant’ cyberattacks
UK sees 50% surge in “Highly Significant” cyber incidents
US Authorities Move to Seize $14B in Bitcoin Linked to Chinese Hacker
US seizes $15 billion in crypto from 'pig butchering' kingpin
Valparaiso University Alum Files Lawsuit Over Data Breach
Vietnam Airlines: Information Regarding Customer Data Breach
Vietnam Airlines reassures customers after data breach incident
Vietnam Airlines reports data breach
Vietnam Airlines responds to customer data breach
Voice Phishing: You Are Also Prey
'We need to hold our hands up': Guernsey States mistakenly flags its own email as a scammer
“We were shocked:” Gear ordered online can intercept secret satellite data
Wellborn & Company reports data breach following ransomware attack on third-party IT provider
What if your privacy tools could learn as they go?
Windows 10 Hits End of Life: 200 Million PCs Face Mounting Security Risks
York Police Department investigating email phishing scam toward local business
13th October
175 npm packages, unpkg CDN abused for phishing infrastructure
AI deepfake chaos disrupts South Korea’s National Assembly audit
AI-generated images have a problem of credibility, not creativity
Almost 100 brands spoofed by Chinese phishing kit
Ansell says personal information accessed in data breach
Astaroth Banking Trojan Abuses GitHub to Remain Operational After Takedowns
Attackers don’t linger, they strike and move on
Australia: Government refuses to negotiate with hackers after Qantas data leak
Australia: Ransomware hackers stealing medical records as online attacks surge, spy agency’s annual report reveals
Australia Steps Up Cybersecurity for Critical Infrastructure with ‘CI Fortify’
Australian government to use all available laws to deal with Qantas data breach
Brotherhood ransomware group claims cyber attack on Western Australia trade supplier
California strengthens its data breach notification requirements
“ChaosBot” malware turns Discord into a hacker command center
Credential Stuffing Attack Exposes DraftKings Customer Data
Crenshaw Community Hospital Data Breach Exposes Protected Health Information
Crimson Collective Breaches Loteria de Medellin, Leaks Winner Data
Critical Oracle EBS Flaw Could Expose Sensitive Data
Crypto-targeting criminals reach “new level” with another GitHub campaign
Customer payment data stolen in Unity Technologies’s SpeedTree website compromise
Cyberattack hits Houston suburb
Data breach impacts UK trade union
Extortion Group Leaks Millions of Records From Salesforce Hacks
Fast Track issues response following cyber attack
FBI and French Police Shutter BreachForums Domain Again
FBI Cracks Down on Key Dark Web Portals Used By Hacker Groups Who Sold 1 BIllion Salesforce Customer Database
Frustration mounts among Qantas customers as personal data released on dark web
Generali Central Life Insurance Targeted By Medusa Ransomware
Gladinet, TrioFox flaw under active exploitation
Goosehead Insurance Confirms Data Breach Exposes SSNs Following Ransomware Attack
Hacker group claims to have hacked Nintendo and stolen data
Hackers leak data of 23 million Vietnam Airlines passengers
Hackers Target ScreenConnect Features For Network Intrusions
Harvard investigating breach linked to Oracle zero-day exploit
Harvard says ‘limited number of parties’ impacted by breach linked to Oracle zero-day
Harvard University investigates data breach allegations
Healthcare ransomware attacks are on the increase
Healthcare ransomware attacks surge 30% in 2025, as cybercriminals shift focus to vendors and service partners
How to spot and stop AI phishing scams
“Inflation Refund” scam texts spread among thousands of New Yorkers
Invoicely Database Leak Exposes 180,000 Sensitive Records
Kearney Public Schools Hit by Cyberattack, Network and Phones Down Ahead of Monday Classes
Kearney Public Schools, Nebraska, Stay Open After Cyber Attack
Lawrence Berkeley National Laboratory Data Breach Exposes Source Code
Major airline says customer data leaked after cyberattack
Malicious Code on Unity Website Skims Information From Hundreds of Customers
Massive Data Breach: 6 Million Qantas Passengers Affected
Massive multi-country botnet targets RDP services in the US
Massive SonicWall SSL VPN compromise underway
Medusa Ransomware Adds Cemtrex, EcoPetróleo, Design To Print, & LA VOIE EXPRESS to Victim List
Michigan City, Indiana Confirms Ransomware Attack by Obscura
Microsoft Locks Down IE Mode After Hackers Turned Legacy Feature Into Backdoor
Microsoft may not track school children, Austrian Data Protection Authority (DPA) says
Mission City Community Network Data Breach Exposes Protected Health Information
Multitaskers, beware: You’re significantly more likely to fall for phishing, researchers say
Multitasking Workers More Likely To Fall For Phishing Emails, Study Suggests
New Rust-Based ChaosBot Backdoor and Aggressive Chaos-C++ Ransomware Threaten Enterprises
New Rust-Based Malware "ChaosBot" Uses Discord Channels to Control Victims' PCs
New Stealit Malware Campaign Spreads via VPN and Game Installer Apps
New Yorkers targeted by new ‘Inflation Refund’ smishing campaign
Nintendo Reportedly Hacked by Crimson Collective - Same Group Behind Red Hat Data Breach
Novel Stealit malware ensures stealth with Node.js feature abuse
NPM Infrastructure Abused in Phishing Campaign Aimed at Industrial and Electronics Firms
OpenAI: Foreign Adversaries Using Multiple AI Tools to Optimize Existing Hacking Approaches
OpenAI’s Guardrails Can Be Bypassed by Simple Prompt Injection Attack
Open Source DFIR Tool Velociraptor Exploited In Multi-Ransomware Attack
Operation Heracles is a success: German police take down 1,400 scam websites used for cybertrading fraud
Oracle E-Business Suite Bug Enables Hacker Data Access Without Login
Oracle releases emergency patch for new E-Business Suite flaw
Oracle Warns of New EBS Vulnerability That Allows Remote Access
Over 1 Million KFC Venezuela customer records purportedly stolen
Phishing scams exploit New York’s inflation refund program
Phishing scams use fake urgent documents to fool victims. Here's what to know
Pro-Russian hacktivists successfully lured to attack fake target
Prosecutors: Sterling teen who held PowerSchool ransom was 'sophisticated' cybercriminal
Qantas admits 5 million customers have data leaked following ransomware attack - here's what you need to know
Qantas Airways Cyberattack Update: Customer Data Released, Security Measures Enhanced
Qantas customer data leaked on dark web after cyber attack. What to do if you’ve been affected
Qantas Customer Data Was Published After the July Cyber Breach, Impacting 5 Million People
Qantas Data Breach: Court Injunction Issued Against Hackers, But Enforcement Remains Elusive
Qantas Data Breach: How To Know If Your Data Was Exposed - Steps To Protect Yourself
Qantas Data Breach Escalates - Stolen Customer Data Released Online
Qantas Data Breach Exposes Millions as Experts Warn of Rising Scam Threats
Qantas data stolen in Salesforce hack exposed
Qantas Shares Dip After Data Breach
Qilin Ransomware Group Claims Breach of Asahi Group, Steals Over 25GB of Data
Ransomware attackers claim hit on Methodist Church of Southern Africa
Ransomware Attackers Hit Methodist Church Of Southern Africa
Ransomware In SaaS: Addressing The Core Vulnerabilities To Build Resilient Enterprises
Redis Critical Vulnerability Exposes over 60,000 Instances to RCE and Host Take Over
Researchers Warn RondoDox Botnet is Weaponizing Over 50 Flaws Across 30+ Vendors
Roobet Says Users Not Impacted After External Partner Suffers Cyber Attack
Russia considered a suspect in Jaguar Land Rover (JLR) cyber attack investigation
Scam Alert: Phishing scams target Mississippi taxpayers via text message
Security Misconfigurations: The Future Disaster That’s Staring You in the Face
ShinyHunters Leak Alleged Data from Qantas, Vietnam Airlines and Other Major Firms
SimonMed Imaging Data Breach Impacts 1.2 Million
SimonMed Imaging discloses a data breach impacting over 1.2 million people
SimonMed says 1.2 million patients impacted in January data breach
SimonMed Says Medusa Ransomware Breach Exposed Data of 1.2 Million Patients
SonicWall VPN accounts breached using stolen credentials in widespread attacks
Sophisticated phishing scams targeting overseas Koreans rising as criminals impersonate embassy, consular staff
South Korea: Government seeks police probe of Korea Telecom (KT) for allegedly obstructing data breach investigation
Spain Arrests Alleged Leader of GXC Team Cybercrime Network
Spain dismantles criminal group GXC Team
Spanish Authorities Dismantle Advanced AI Phishing Operation GoogleXcoder
Spanish Authorities Dismantle ‘GXC Team’ Crime-as-a-Service Operation
Teen faces 7-year sentence over PowerSchool hack
Thousands of Users’ Identities Unveiled after Discord Data Breach
UK fines 4chan over noncompliance with Online Safety Act
Ukraine takes steps to launch dedicated cyber force for offensive strikes
Ukrainian lawyer loses appeal against extradition to US over ransomware conspiracy charges
Under Pressure, Even Trained Users Miss the Signs of Phishing
Wait, what? WiFi signals can be used to ID you even if you carry no device
Waveny LifeCare Data Breach Exposes Sensitive Patient Info & SSNs
Wellborn & Company Data Breach Affecting Clients' Personal Information
What to do if you’re a Phishing victim?
When hackers hit, patient safety takes the fall
