Welcome to DBD. Cybercrime made global headlines in 2025. Attacks on well-known brands and organizations have raised public awareness of the severity, frequency and impact of cyber attacks. Ransomware attacks are at their highest ever recorded, and 2026 has the potential to be even worse, as cyber criminals continue to extort their victims, with little chance of being brought to justice. On a lighter note, I'd like to take this opportunity to wish you all a very Merry Christmas and all the best for the New Year. Thanks again for all your support. Stay safe. :)
Dentons Senior Analyst, Washington D.C.
Welcome to this week's Data Breaches Digest, a catalogue of links concerning Data Breaches and Cyber Security that were published on the Internet during the period between 22nd December and 28th December 2025.24th December
Apple Fined €98.6 Million for Privacy Policy Violations Requiring Third-Party Developers to Ask Consent a Second Time
Apple will appeal Italy’s €98M anti-tracking feature fine
Autohaus Elstermann Hit by Space Bears Ransomware Attack
Counterfeit defenses built on paper have blind spots
Crypto security experts troll North Korean hackers with a Lazarus Group “consultancy”
Cyberattack Knocks La Poste Offline, Disrupting Postal and Banking Services Across France
Indian Vehicle Owners Warned as Browser-Based e-Challan Phishing Gains Momentum
Italy Fines Apple €98.6 Million Over App Tracking Transparency (ATT) Rules Limiting App Store Competition
La Poste Still Offline After Major DDoS Attack
Nissan leak affects 21,000 customers
OpenAI says prompt injection attacks “long-term security challenge”
Pell City Schools Targeted by SafePay Ransomware Group
Securities and Exchange Commission (SEC) Files Charges Over $14 Million Crypto Scam Using Fake AI-Themed Investment Tips
Spotify Disables Accounts After Open-Source Group Scrapes 86 Million Songs
The End of Excuses: 10 Cybersecurity Investments Every CISO Must Make by 2026
U.S. Authorities Seize Domain Linked to $28 Million Bank Account Takeover Fraud
Vincent AI phishing vulnerability found, 200K+ law firms at risk of credential and data theft
WebRAT Malware Campaign Targets Researchers via GitHub Repositories Containing Fake PoC Exploits for Legitimate Vulnerabilities
What happens to enterprise data when GenAI shows up everywhere
What if your face could say “don’t record me”? Researchers think it’s possible
Wisanka Indonesia Data Breach: 27GB of Internal Files, Designs, and Invoices Leaked
23rd December
3.5 Million Affected by University of Phoenix Data Breach
4 Ways Scammers Are Using AI To Trick You (And How To Stay Safe)
574 Arrested, $3 Million Seized in Crackdown on African Cybercrime Rings
Abuse of Indian Income Tax Themes to Execute Layered Attacks on Enterprises
AI & state-backed cyber spies to drive 2026 threats
Baker University Data Breach Exposes Personal Information of Over 50,000 Individuals
Baker University says 2024 data breach impacts 53,000 people
CISA Flags Actively Exploited Digiever Authorization Flaw in Known Exploited Vulnerabilities (KEV) Catalog
Clop Ransomware Group Linked to 3.5m University of Phoenix Breach
Cloud security is stuck in slow motion
Code that works can also be malware: this WhatsApp API is stealing messages
Cornwall: Kids' books removed from libraries over web links
Coupang Faces Investor Lawsuit Over Massive Data Breach
Critical n8n Flaw (CVSS 9.9) Enables Arbitrary Code Execution Across Thousands of Instances
Cyberattack knocks offline France's postal, banking services
Cybersecurity Stagnation in Healthcare: The Hidden Financial Costs
Data of 21,000 Nissan Customers Exposed via a Red Hat Server Breach, Carmaker Apologizes
Department of Justice (DOJ) Seizes Stolen Password Database and Domain to Halt Account Takeovers and Disrupt Fraud Network
Distribuidora Nissan Data Breach Exposes 680k Customer Records
Fake listings and phishing emails: How travellers have lost hundreds to Booking.com scams
Feds Seize Password Database Used in Massive Bank Account Takeover Scheme
France’s postal and banking services disrupted by suspected DDoS attack
France’s postal and banking systems attacked as Christmas rush peaks
French postal service brought down by cyber attack
GhostFrame - a super stealthy new phishing kit behind a million attacks
Grupo Panamá Data Breach: 35GB of Financial & Employee Data Leaked
Hackers exploited BitLocker in ransomware attack on Romania's water agency
Hackers stole 86 million songs from Spotify: a 300 TB data breach
Hackers stole over $2.7B in crypto in 2025, data shows
HardBit 4.0 Ransomware Actors Attack Open RDP and SMB Services to Persist Access
Holiday Travel Warning: Cyber Attacks on Business Travellers Surge 30% Over Christmas
Hospitals exposed as medical devices create massive cyber risks
Hundreds of Arrests as Operation Sentinel Recovers $3m
INTERPOL Arrests 574 in Africa; Ukrainian Ransomware Affiliate Pleads Guilty
Interpol Dismantles Six Ransomware Variants, Arrests Over 500 Suspects
Jaguar Land Rover (JLR) suppliers 'on the brink' after cyber attack fallout, warns manufacturing boss
Japan Adopts New Cybersecurity Strategy to Counter Rising Cyber Threats
Korea Construction Safety Association Data Breach Exposes Member PII
Korean Association for Public Administration (KAPA) Database Leaked Exposing Academic and Research Data
Kuaishou Cyberattack Disrupts Livestreaming, Triggers Sharp Stock Decline
Kuaishou’s Shares Slide After Hackers Flood Livestreams With Explicit Content
La Poste Cyberattack Disrupts Postal and Banking Services in France Ahead of Christmas
La Poste DDoS Attack Disrupts French Postal and Banking Services Before Holidays
Malicious extensions in Chrome Web store steal user credentials
Malicious Phantom Shuttle Chrome Extensions Masquerading as a Legitimate VPN Service Intercept Traffic and Steal User Data
Microsoft 365 Accounts Reportedly Breached After Hackers Exploit Legitimate Microsoft OAuth Feature
More than 22 million Aflac customers impacted by June data breach
New MacSync Stealer Disguised as Trusted Mac App Hunts Saved Passwords
Nissan: Thousands Impacted By Red Hat Breach
Nissan confirms customer data exposure tied to Red Hat breach affecting 21,000 customers in Japan
Nissan Confirms Impact From Red Hat Data Breach
Nissan data breach is real and you might be affected
Now you can lose your crypto by video gaming against criminals
Phishing Campaigns Exploit File Sharing Services
Phishing emails and fake adverts flood inboxes this Christmas - and they’re getting harder to detect than ever
Pirate Group Anna’s Archive Copies 256M Spotify Songs in Data Scrape
Pirate group Anna’s Archive says it has scraped 86 million songs from Spotify
Ransomware Attack Disrupts Romanian Waters Authority, Over 1,000 IT Systems Affected
Ransomware Attack Hits Romanian Waters Authority, Compromising 1,000+ IT Systems
Ransomware attack on Romanian water agency hits over a thousand systems
Ransomware Hits Romanian Water Authority, 1000 Systems Knocked Offline
Resilience Starts with Identity: Managing the Ransomware Threat This Holiday Season
Reworked MacSync Stealer Adopts Quieter Installation Process
Romania Water Agency Hit by Massive BitLocker Ransomware Attack Impacting 1,000 Computer Systems
Romanian water agency hit by BitLocker exploit, one thousand systems compromised
Romania’s national water authority hit by ransomware attack affecting about 1,000 systems
Scammers exploit official Google domain to send phishing emails undetected
Securities and Exchange Commission (SEC) sues crypto firms for defrauding investors out of $14 million
Securities and Exchange Commission (SEC) Targets Crypto Platforms in Social Media Scam Crackdown
Shinhan Card reports data breach involving 190,000 merchant records
South Korea: Government launches task force for Coupang data breach probe
South Korea online retailer Coupang faces US securities class action over massive data breach
South Korea’s Shinhan Card Data Breach Affects 192,000 Merchants
South Korean firm hit with US investor lawsuit over data breach disclosure failures
Spotify Hit by Massive Data Breach? Piracy Group Claims 86 Million Tracks Scraped
Top Ransomware Trends of 2025
Two Chrome Extensions Caught Secretly Stealing Credentials from Over 170 Sites
U.S. Department of Justice (DoJ) Seizes Fraud Domain Behind $14.6 Million Bank Account Takeover Scheme
University of Phoenix Data Breach - 3.5 Million+ Individuals Affected
University of Phoenix Data Breach Exposes Information of Over 3.5 Million Individuals
University of Phoenix Data Breach Exposes Personal Information of 3.4 Million Individuals
University of Phoenix Data Breach Impacts Over 3.5 Million Individuals
US charges 54 in nationwide ATM jackpotting ring
US disrupts multimillion-dollar bank account takeover operation targeting Americans
US insurance giant Aflac says hackers stole personal and health data of 22.6 million people
Voice Phishing Gang Arrested for Embezzling 1.5 Billion Won in Gold Bars
Weak enforcement keeps PCI DSS compliance low
WebRAT malware spread via fake vulnerability exploits on GitHub
Why are phishing resistant credentials becoming increasingly important?
22nd December
3.5 million hit in US college data breach with full names, dates of birth, SSNs, bank info and more exposed - how to see if you’re affected
86% Surge in Fake Delivery Websites Hits Shoppers During Holiday Rush
574 arrests, $3 million recovered in Africa-wide cybercrime crackdown
1,000 computers taken offline in Romanian water management authority hack - ransomware takes Bitlocker-encrypted systems down
Address poisoning scam costs crypto user $50 Million
Alleged RaccoonO365 phishing kit developer apprehended
America’s Cyber Retreat Is Undermining Indo-Pacific Security
Android Malware Operations Merge Droppers, SMS Theft, and RAT Capabilities at Scale
ARC Community Services Data Breach Exposes Sensitive Information
Arcane Werewolf Hacker Group Added Loki 2.1 Malware Toolkit to their Arsenal
Arcane Werewolf Hacker Group Expands Arsenal with Loki 2.1 Malware Toolkit
Around 1,000 systems compromised in ransomware attack on Romanian water agency
BlindEagle Hackers Attacking Government Agencies with Powershell Scripts
Brooklyn Man Booked in $16M Crypto Phishing Scam Targeting Coinbase Users
Browser agents don’t always respect your privacy choices
Chiesi USA Data Breach Exposes SSNs & Medical Info
CISA flags ASUS Live Update CVE, but the attack is years old
Coupang Faces Class Action Lawsuit Alleging Violations After Data Breach
Coupang Faces Scrutiny After Massive Data Breach
Coupang Inc. Faces U.S. Data Breach Lawsuit
Critical RCE flaw impacts over 115,000 WatchGuard firewalls
Cyber spies use fake New Year concert invites to target Russian military
Cyber-security: cost or strategic necessity?
Cybersecurity 2026: Why Protecting Data Matters More Than Stopping Attacks
Cytek Biosciences Data Breach Exposes Social Security Numbers
Dakota Eye Institute Settles Class Action Data Breach Lawsuit for $1 Million
Data Authorities Probe Trade Union Breach
DDoS incident disrupts France’s postal and banking services ahead of Christmas
DIG AI: Uncensored darknet AI assistant at the service of criminals and terrorists
Don't make these airport Wi-Fi and public charging mistakes this holiday
EU Chat Control 2.0 Evolves into Going Dark Initiative – Everything You Need to Know
Eurostar AI chatbot flaws exposed after “painful” disclosure process
Fake WhatsApp API Package on npm Steals Messages, Contacts, and Login Tokens
FBI: Deepfake campaign spoofing government officials ongoing for longer than thought
FedEx Data Breach Exposes Sensitive Protected Health Information (PHI)
Five ways AI is changing cyber-attacks: deepfakes, smishing and the new threat landscape
France’s national post office hit by suspected cyber-attack
France's postal service hit by suspected cyber-attack days before Christmas
French authorities arrest 22-year-old over cyber attack on the Interior Ministry
French watchdog fines ad firm with €1M over Deezer leak
Frogblight Malware Targets Android Users With Fake Court and Aid Apps
Fyzical Data Breach Impacts 1,801 in Texas
Google Sues Alleged China-Based Hackers Over Widespread Phishing Scheme
Guilt admitted by former cyber pros over ransomware spree
Guilty plea entered in multinational Nefilim ransomware scheme
Guilty Pleas Highlight Ransomware Risks Within and Beyond the Enterprise
Hackers Abuse Popular Monitoring Tool Nezha as a Stealth Trojan
Hackers attack WatchGuard Firebox firewalls: 120K IPs exposed and vulnerable
Hackers Using Phishing Tools to Access M365 Accounts via OAuth Device Code
Hernando County Responds to Data Breach Exposing Personal Information, Offers Free Credit Protection to Impacted Residents
INC ransomware Claims Evercover and Talarico
Insider Threat: Hackers Paying Company Insiders to Bypass Security
Interpol-led action decrypts 6 ransomware strains, arrests hundreds
Isle of Man: Island businesses targeted in phishing campaign
Judge rules that NSO cannot continue to install spyware via WhatsApp pending appeal
Learn more about Ghost Pairing Cyber Attack via WhatsApp
Legitimate Nezha Monitoring Tool Abused as a Powerful RAT, Providing Complete Control Over Compromised Hosts
Malicious NPM Package ‘lotusbail’ Steals WhatsApp Data
Malicious npm package steals WhatsApp accounts and messages
Microsoft 365 Accounts Hijacked Through OAuth Device Code Phishing Attacks
Monitoring Tool Nezha Abused For Stealthy Post-Exploitation Access
MS13-089 Ransomware: Double Extortion Without Encryption
NASA Data Breach: Spanish Teleradiology Data and Source Code Leaked
Nefilim Ransomware Affiliate Pleads Guilty
Nefilim ransomware hacker faces prison after pleading guilty
Nefilim ransomware hacker pleads guilty to computer fraud
Netflix suspension scam targets your inbox
New Flaw in Somalia’s E-Visa System Exposes Travelers’ Passport Data
New MacSync malware dropper evades macOS Gatekeeper checks
New York Home Healthcare Provider Identifies Email Account Breach
NHS England tech provider reveals data breach - DXS International hit by ransomware
Nissan Confirms Data Breach Following Unauthorized Access to Red Hat Servers
Nissan says thousands of customers exposed in Red Hat breach
NIST issues guidance on securing smart speakers
OAuth Device Code Phishing: New Attack Vector for Account Takeover
Ochsner LSU Health Data Breach Impacts 4,519 Individuals
One Community Health Data Breach Exposes Patient PII & PHI
OpenAI says AI browsers may always be vulnerable to prompt injection attacks
Outdoor Smart! (Campfire Collective) Data Breach Affects 19,864 People
Phishing Attacks Abuse OAuth Device Code to Gain Access to M365 Accounts
Phishing Attacks Exploit OAuth Device Codes to Breach Microsoft 365 Accounts
Potential data breach at Fairbanks health clinic, officials say
Prince of Persia ran a covert Iranian spy campaign for over a decade
ProBit Global Crypto Exchange Targeted in Alleged Data Breach
Qilin Ransomware Attack Hits Grupo Olé and Cedar Valley Services
Qilin takes responsibility for major Argentinian football club hack
RansomHouse Ransomware Upgraded: Enhanced Encryption Threat
Report finds most schools are underprepared for ransomware and AI-powered cyberattacks
Romanian national water agency hit by BitLocker ransomware attack
Romanian water authority hit by ransomware attack over weekend
Romanian Water Authority Hit by Ransomware; 1,000 Systems Across 10 Regions Compromised
Romanian Waters confirms cyberattack, critical water operations unaffected
Scripted Sparrow Sends Millions of Business Email Compromise (BEC) Emails Each Month
SIRH Mexico Data Breach: Sensitive Employee Records Leaked
South Korea to require facial recognition for new mobile numbers
South Korea's consumer agency to order SK Telecom to compensate 58 hacking victims
Spotify data breach: 86 million audio files leaked online
Spotify disables accounts after open-source group scrapes 86 million songs from platform
Spotify investigates data breach, after pirate group claims it ‘scraped’ its music library
Spotify’s Music Catalog Leaked in Massive Data Breach
Taminsho Hit by Benzona Ransomware Attack and 80GB Data Exfiltration
Technology and GPS firm Netstar Australia suffers alleged cyber attack
Terport Ransomware Attack: Paraguay Port Operator Breached by Lynx
Think you can beat ransomware? RansomHouse just made it a lot harder
Threat groups steal identities to access Microsoft 365 accounts
Topstep Data Breach Compromises SSNs & Names
U.S. Seizes Crypto Exchange Linked To $70M Ransomware
UK: NHS Supplier Confirms Cyber-Attack, Operations Unaffected
UK Children’s Wellbeing Bill Raises Privacy and Encryption Concerns
UK Foreign Office hit by cyber-attack
Ukrainian hacker admits affiliate role in Nefilim ransomware gang
Ukrainian National Pleads Guilty in Nefilim Ransomware Conspiracy
Ukrainian Nefilim Ransomware Affiliate Pleads Guilty in US
Ukrainian pleads guilty for role in ransomware attacks targeting U.S., Canadian companies
University of Phoenix Data Breach Affects 3.5 Million
University of Phoenix data breach impacts nearly 3.5 million individuals
University of Sydney data breach impacted over 27,000 staff and students
University of Sydney discloses a data breach impacting 27,000 people
Váhostav Targeted by DragonForce Ransomware Attack
Warning issued as surge in OAuth device code phishing leads to M365 account takeovers
WatchGuard Firebox firewalls under attack (CVE-2025-14733)
“We backed up Spotify:” pirates claim to have scraped 300TB of music
What are passkeys really? The simple explanation - for anyone tired of passwords
Yavne Educational Center Data Breach: Sensitive Student Records Leaked
