As everyone expected, it was only a matter of time before the most recent version of BreachForums was seized, and last night, it happened. This time, though, there is no announcement from ShinyHunters about rebuilding the forum and making it stronger and better than ever. To the contrary, ShinyHunters says they are done with the…
BreachForums Seized — Again!
As predicted a few days ago, BreachForums was seized. The splash page is now up. It does not have any cute avatars with characters in handcuffs and no text about all the entities that cooperated. It simply says, “This Domain Has Been Seized,” and shows four shields: Department of Justice, FBI, BL2C, and JUNALCO. The latter…
SonicWall Says All Firewall Backups Were Accessed by Hackers
Waqas reports: In September 2025, SonicWall reported a data breach of its cloud backup service, stating that fewer than 5% of its customers were affected. At the time, the issue appeared contained and under investigation. That changed today after SonicWall and incident response firm Mandiant confirmed that the attackers had accessed backup configuration files for…
Missing Risk Analysis Cost NY CPA Firm $175K—But Not the Big Group Whose Data Was Breached in 2019
Theresa Defino reports: Covered entities (CEs) and business associates (BAs) might be forgiven if the most recent HHS Office for Civil Rights (OCR) HIPAA enforcement action evoked little more than a yawn. Yes, the $175,000 payment isn’t a particularly large amount, and the sole alleged violation is a retread. Actually, it’s the 10th in OCR’s…
Discord Confirms 70,000 Government IDs Exposed in Third-Party Breach
Divya reports: The popular communication platform Discord is confronting a major extortion attempt after cybercriminals breached one of its third-party customer service providers, compromising sensitive user data including government identification photos used for age verification. Threat actors claim to have exfiltrated 1.5 terabytes of sensitive information, including over 2.1 million government-issued identification photos. However, Discord disputes these figures, stating that…
California Sets 30 Day Deadline for Data Breach Notifications
Heads up to entities doing business in California: your breach notification obligations are changing. Joseph Lazzarotti of JacksonLewis explains: Governor Gavin Newsom recently signed SB 446 into law, introducing significant changes to California’s data breach notification requirements. The bill establishes deadlines for notifying consumers and the state’s Attorney General when personal information of California residents has been…