As noted on Reddit, PowerSchool appears to have been one of many victims of the Salesloft Drift/Salesforce campaign by Scattered LAPSUS$ Hunters. Like many other victims, PowerSchool did not disclose the incident publicly, but they did, however, post a notice in their closed users group. The notice was removed shortly thereafter, and several people have…
More Salesforce customer attacks revealed in new leak site by Scattered LAPSUS$ Hunters (1)
In their newest escalation of activities since saying “goodbye” and then determinedly trying to create more chaos on Telegram. the Scattered LAPSUS$ Hunters collective (for lack of a better word right now), has opened up a leak site in both clear net and onion versions. In its debut, the group has targeted Salesforce, and is…
Flagstar Agrees to $31.5 Million Deal in Accellion-Breach Suit
Christopher Brown reports: Flagstar Bank NA agreed to pay $31.5 million to settle allegations it failed to protect the personal information of nearly 2.2 million people in data breaches linked to Accellion Inc.’s file-transfer software. Class members would be eligible for up to $25,000 in documented monetary losses, three years of credit monitoring services, and…
The Identity Theft Resource Center Remains Open to Victims Amid Government Shutdown
The ITRC provides free assistance for victims of identity theft, fraud or scams Oct. 1, 2025 — The Identity Theft Resource Center® (ITRC), a nationally recognized nonprofit organization established to support victims of identity crime, is available to assist victims during the Federal Government shutdown. The ITRC, a trusted nonprofit partner of the Federal Trade Commission and the Internal…
Clop extortion emails claim theft of Oracle E-Business Suite data
Lawrence Abrams reports: Mandiant and Google are tracking a new extortion campaign where executives at multiple companies received emails claiming that sensitive data was stolen from their Oracle E-Business Suite systems. According to Genevieve Stark, Head of Cybercrime and Information Operations Intelligence Analysis at GTIG, the campaign began in late September. “This activity began on…
Legal Practice Board of Western Australia begins notifying data breach victims
David Hollingworth reports: The Legal Practice Board of Western Australia (LPBWA) has said it has begun notifying individuals whose data was compromised following a cyber attack performed by the Dire Wolf ransomware gang in May. “Following a comprehensive investigation, the Legal Practice Board of Western Australia (the board) has commenced notifying individuals whose data was…