Waqas reports: In September 2025, SonicWall reported a data breach of its cloud backup service, stating that fewer than 5% of its customers were affected. At the time, the issue appeared contained and under investigation. That changed today after SonicWall and incident response firm Mandiant confirmed that the attackers had accessed backup configuration files for…
Category: Business Sector
Discord Confirms 70,000 Government IDs Exposed in Third-Party Breach
Divya reports: The popular communication platform Discord is confronting a major extortion attempt after cybercriminals breached one of its third-party customer service providers, compromising sensitive user data including government identification photos used for age verification. Threat actors claim to have exfiltrated 1.5 terabytes of sensitive information, including over 2.1 million government-issued identification photos. However, Discord disputes these figures, stating that…
Qantas says ‘legal protections in place’ as ScatteredLAPSUS$Hunters group threatens to release personal data
NOTE from DataBreaches.net: The injunction Qantas obtained is limited in terms of who it covers. It does NOT cover all journalists and media. It only covers those who are under the jurisdiction of the NSW Supreme Court. Most journalists and media are not covered by the injunction, such as DataBreaches, and many may decide to…
US law firm with major political clients hacked in spying spree linked to China
Sean Lyngaas of CNN reports: Suspected Chinese government-backed hackers have breached computer systems of U.S. law firm Williams & Connolly, which has represented some of America’s most powerful politicians, as part of a larger spying campaign against multiple law firms, according to a letter the firm sent clients and a source familiar with the hack….
Salesforce Tells Clients It Won’t Pay Hackers for Extortion
Margi Murphy, Jake Bleiberg, and Brody Ford report: Salesforce Inc. told customers Tuesday that it won’t pay a ransom demand from a hacker who claimed to have stolen a large amount of client data and threatened to publish it, according to an email seen by Bloomberg News. The company said in a security notification that…
Clop extortion emails claim theft of Oracle E-Business Suite data
Lawrence Abrams reports: Mandiant and Google are tracking a new extortion campaign where executives at multiple companies received emails claiming that sensitive data was stolen from their Oracle E-Business Suite systems. According to Genevieve Stark, Head of Cybercrime and Information Operations Intelligence Analysis at GTIG, the campaign began in late September. “This activity began on…