When companies have big breaches, they have to notify the big credit reporting agencies. However, it is now one of the major credit reporting agencies that must send notifications. TransUnion has notified the Maine Attorney General’s Office that 4,461,511 U.S. persons were affected by an incident on July 28, 2025 that involved an unnamed third-party…
South Korea fines SK Telecom US$97M over data breach
A big monetary penalty was anticipated for SK Telecom after a massive data breach. Now we know how big. Muhammad Zulhusni reports: South Korea’s biggest mobile carrier has been hit with a record fine after a massive data breach exposed the personal details of nearly half the country’s people. The Personal Information Protection Commission (PIPC)…
Taiwanese associated with Chinese group behind cyberattacks arrested
Keoni Everington reports: Two alleged Taiwanese clients of a Chinese ransomware group behind attacks on the Mackay Memorial Hospital and other targets in Taiwan have been arrested and released on bail. According to a Ministry of Justice Investigation Bureau, between February and March, the group CrazyHunter used ransomware to attack hospitals, publicly listed companies, and…
Hundreds of Swedish municipalities impacted by suspected ransomware attack on IT supplier
Alexander Martin reports: A suspected ransomware attack on Miljödata, a Swedish software provider used for managing sick leave and similar HR reports, is believed to have impacted around 200 of the country’s municipal governments. The attack was detected on Saturday, according to the company’s chief executive Erik Hallén. The attackers are attempting to extort Miljödata,…
Salesloft breached to steal OAuth tokens for Salesforce data-theft attacks
It looks like ShinyHunters and Scattered Spider have found yet another way to compromise Salesforce customers. Lawrence Abrams reports: Hackers breached sales automation platform Salesloft to steal OAuth and refresh tokens from its Drift chat agent integration with Salesforce to pivot to customer environments and exfiltrate data. Salesloft’s SalesDrift is a third-party platform that connects…
DOGE accused of copying entire Social Security database to insecure cloud system
Jon Brodkin reports: A Social Security Administration (SSA) official alleged in a whistleblower disclosure that DOGE officials created “a live copy of the country’s Social Security information in a cloud environment that circumvents oversight.” Chuck Borges, the SSA’s Chief Data Officer (CDO), “has become aware through reports to him of serious data security lapses, evidently…