Divya reports: The popular communication platform Discord is confronting a major extortion attempt after cybercriminals breached one of its third-party customer service providers, compromising sensitive user data including government identification photos used for age verification. Threat actors claim to have exfiltrated 1.5 terabytes of sensitive information, including over 2.1 million government-issued identification photos. However, Discord disputes these figures, stating that…
Category: Breach Incidents
Policyholder Plot Twist: Cyber Insurer Sues Policyholder’s Cyber Pros
Veronica P. Adams and Andrea DeField of Hunton Andrews Kurth write: Last month, Ace American Insurance Company filed a subrogation action against its insured’s cybersecurity and technology vendors, alleging missteps by the technology companies. See Ace American Insurance Company v. Congruity 360, Trustwave Holdings, Case No. 2:25-cv-15657 (D.N.J. Sep. 15, 2025). Ace seeks to recover the $500,000…
Just days before its data might be leaked, Qantas Airways obtained a permanent injunction
In July, DataBreaches reported that Qantas had obtained a preliminary injunction prohibiting the publication of any customer data stolen from it in a cyberattack by “persons unknown.” Those defendants were served with the injunction via email and online means. Although Qantas did not reveal who signed the ransom note, ShinyHunters and Scattered Spider didn’t hesitate…
PowerSchool hit by Salesloft Drift campaign, but hackers claim that there is no risk of harm or ransom
As noted on Reddit, PowerSchool appears to have been one of many victims of the Salesloft Drift/Salesforce campaign by Scattered LAPSUS$ Hunters. Like many other victims, PowerSchool did not disclose the incident publicly, but they did, however, post a notice in their closed users group. The notice was removed shortly thereafter, and several people have…
More Salesforce customer attacks revealed in new leak site by Scattered LAPSUS$ Hunters (1)
In their newest escalation of activities since saying “goodbye” and then determinedly trying to create more chaos on Telegram. the Scattered LAPSUS$ Hunters collective (for lack of a better word right now), has opened up a leak site in both clear net and onion versions. In its debut, the group has targeted Salesforce, and is…
Judge throws out lawsuit against Columbus over data breach
Fox28 reports: A Franklin County judge dismissed a lawsuit against the city of Columbus, which claimed it failed to follow industry standards and federal guidelines for data security. The lawsuit was filed last year after the ransomware group Rhysida claimed it stole over 6 terabytes of city data and posted it for sale. The incident caused the city to shut down multiple systems…