Northern Technologies International Corporation NTIC Data Breach via Chaos Ransomware
Northern Technologies International Corporation (NTIC) has confirmed a data breach resulting in the exfiltration of sensitive Personally Identifiable Information (PII) by the Chaos Ransomware group. The attack involved unauthorized data egress from NTIC environments, compromising Social Security Numbers (SSNs), financial records, and contact information. Technical indicators point to the use of Chaos Ransomware encryption methodologies and communication with identified Command and Control (C2) infrastructure. The incident is being evaluated for potential links to wider coordinated attacks on technology-sector and cloud infrastructure vulnerabilities within the Indian regional landscape, carrying significant regulatory implications under GDPR, CCPA, and regional data laws.
IFood: Unauthorized Access to SIRA Portal Exposes 1.2 Million User Records
iFood confirmed a data breach originating in December 2025 that exposed the personally identifiable information (PII) of approximately 1.2 million users. The attack targeted the Sistema iFood de Resposta às Autoridades (SIRA), a restricted portal designed for judicial and administrative data requests. Threat actors gained access using compromised credentials belonging to an external agency, rather than an internal iFood system failure. The exfiltrated data includes full names, phone numbers, physical addresses, and Cadastro de Pessoas Físicas (CPF) numbers. While authentication credentials and financial instruments remained secure, the exposure of CPFs—the primary identity anchor in Brazil—creates significant risk for high-fidelity identity theft and social engineering.