Oluwapelumi Adejumo@CryptoSlate - 6d
Cryptocurrency exchange Bybit has confirmed a record-breaking theft of approximately $1.46 billion in digital assets from one of its offline Ethereum wallets. The attack, which occurred on Friday, is believed to be the largest crypto heist on record. Bybit disclosed that a highly sophisticated attack resulted in the theft of more than Rs 11,972 crores in digital assets.
The theft targeted an Ethereum cold wallet, involving a manipulation of a transaction from the cold wallet to a warm wallet. This allowed the attacker to gain control and transfer the funds to an unidentified address. The incident highlights the rising trend of cryptocurrency heists, driven by the allure of profits and challenges in tracing such crimes.
Recommended read:
References :
- www.techmeme.com: ZachXBT: crypto exchange Bybit has experienced $1.46B worth of "suspicious outflows"; Bybit CEO confirms hacker took control of cold ETH wallet
- CryptoSlate: The crypto exchange ByBit has been hacked, and roughly $1.5 billion in Ethereum (ETH) has been stolen — making this one of the biggest hacks in history.
- infosec.exchange: NEW: Crypto exchange Bybit said it was hacked and suffered a loss of around $1.4 billion (~401,346 ETH) at the time of the hack.
- PCMag UK security: The Bybit exchange lost 400,000 in ETH, or about $1.4 billion, before the price began to slide, making it the biggest crypto-related hack in history.
- techcrunch.com: TechCrunch reports on the Bybit hack, disclosing a loss of approximately $1.4 billion in Ethereum.
- ciso2ciso.com: In a major cybersecurity incident, Bybit, the world’s 2nd-largest crypto exchange suffered a $1.4 billion ETH hack from a cold wallet breach.
- ciso2ciso.com: Bybit Hack: $1.4B Stolen from World’s 2nd Largest Crypto Exchange – Source:hackread.com
- cryptoslate.com: ByBit suffers $1.5 billion Ethereum heist in cold wallet breach
- www.coindesk.com: Bybit experiences USD1.46B in suspicious outflows
- BleepingComputer: Cryptocurrency exchange Bybit revealed today that an unknown attacker stole over $1.46 billion worth of cryptocurrency from one of its ETH cold wallets.
- The Cryptonomist: 3 Best Bybit Alternatives As Top CEX Is Hacked
- Gulf Business: ‘Worst hack in history’: Dubai crypto exchange Bybit suffers $1.5bn ether heist
- Anonymous ???????? :af:: Cryptocurrency exchange Bybit revealed today that an unknown attacker stole over $1.46 billion worth of cryptocurrency from one of its ETH cold wallets.
- www.bleepingcomputer.com: Hacker steals record $1.46 billion in ETH from Bybit cold wallet
- Techmeme: Bybit Loses $1.5B in Hack but Can Cover Loss, CEO Confirms (Oliver Knight/CoinDesk)
- Report Boom: Report on the Bybit crypto heist, detailing the incident and security recommendations.
- thehackernews.com: Report on the Bybit hack, highlighting the scale of the theft and its implications.
- reportboom.com: Reportboom article about Bybit's $1.46B Crypto Heist.
- www.it-daily.net: Bybit hacked: record theft of 1.5 billion US dollars
- Protos: News about the Bybit cryptocurrency exchange being hacked for over \$1.4 billion.
- The420.in: On Friday, cryptocurrency exchange Bybit disclosed that a highly sophisticated attack resulted in the theft of more than Rs 11,972 crores in digital assets from one of its offline Ethereum wallets—the largest crypto heist on record.
- TechSpot: The hackers stole the crypto from Bybit's cold wallet, an offline storage system.
- Talkback Resources: Crypto exchange Bybit was targeted in a $1.46 billion theft by the Lazarus Group, highlighting the rising trend of cryptocurrency heists driven by the allure of profits and challenges in tracing such crimes.
- www.bleepingcomputer.com: Cryptocurrency exchange Bybit revealed today that an unknown attacker stole over $1.46 billion worth of cryptocurrency from one of its ETH cold wallets.
- www.the420.in: The420.in: Biggest Crypto Heist Ever: Bybit Loses Rs 12,000+ Crore in Sophisticated Ethereum Wallet Attack!
- www.cnbc.com: This report discusses the Bybit hack, detailing the amount stolen and the potential impact on the crypto market.
- www.engadget.com: This news piece reports on the massive crypto heist from Bybit, highlighting the scale of the incident and the impact on the crypto market.
- Techmeme: Arkham says ZachXBT submitted proof that North Korea's Lazarus Group is behind Bybit's $1.5B hack, which is the largest single theft in crypto history
- BrianKrebs: Infosec exchange post describing Bybit breach.
- Talkback Resources: Bybit cryptocurrency exchange suffered a cyberattack resulting in the theft of $1.5 billion worth of digital currency, including over 400,000 ETH and stETH, with potential vulnerabilities in the Safe.global platform's user interface exploited.
- securityaffairs.com: SecurityAffairs reports Lazarus APT stole $1.5B from Bybit, it is the largest cryptocurrency heist ever.
- gulfbusiness.com: ‘Worst hack in history’: Dubai crypto exchange Bybit suffers $1.5bn ether heist
- techcrunch.com: Crypto exchange Bybit says it was hacked and lost around $1.4B
- Tekedia: The cryptocurrency industry has been rocked by what is now considered the largest digital asset theft in history, as Bybit, a leading crypto exchange, confirmed on Friday that hackers stole approximately $1.4 billion worth of Ethereum (ETH) from one of its offline wallets.
- blog.checkpoint.com: What the Bybit Hack Means for Crypto Security and the Future of Multisig Protection
- Dan Goodin: Crypto exchange Bybit said it was hacked and suffered a loss of around $1.4 billion (~401,346 ETH) at the time of the hack.
- BleepingComputer: Crypto exchange Bybit revealed today that an unknown attacker stole over $1.46 billion worth of cryptocurrency from one of its ETH cold wallets.
- Security Boulevard: North Korea’s Lazarus Group Hacks Bybit, Steals $1.5 Billion in Crypto
- bsky.app: Elliptic is following the money on this ByBit hack - the biggest theft ot all time. “Within 2 hours of the theft, the stolen funds were sent to 50 different wallets, each holding approximately 10,000 ETH. These are now being systematically emptied�.
- Talkback Resources: Talkback Post about the $1.5B Bybit Hack: The Era of Operational Security Failures Has Arrived
- infosec.exchange: Reports that North Korean hackers stole $1.4 billion in crypto from Bybit.
- securityboulevard.com: North Korea's notorious Lazarus Group reportedly stole $1.5 billion in cryptocurrency from the Bybit exchange in what is being called the largest hack in the controversial market's history.
- billatnapier.medium.com: One of the Largest Hacks Ever? But Will The Hackers Be Able To Launder The Gains?
- thecyberexpress.com: thecyberexpress.com - Details on Bybit Cyberattack.
- Matthew Rosenquist: This may turn out to be the biggest hack in history! $1.5 BILLION.
- PCMag UK security: The $1.4 billion at Bybit—the largest known cryptocurrency heist in history—has been traced to the notorious Lazarus North Korean hacking group.
- www.nbcnews.com: Hackers steal $1.5 billion from exchange Bybit in biggest-ever crypto heist: Blockchain analysis firm Elliptic later linked the attack to North Korea’s Lazarus Group, a state-sponsored hacking collective
- www.pcmag.com: Researchers spot the $1.4 billion stolen from Bybit moving through cryptocurrency wallets that were used in earlier heists attributed to North Korea's Lazarus hacking group.
- siliconangle.com: $1.5B in cryptocurrency stolen from Bybit in attack linked to North Korean hackers
- www.americanbanker.com: Nearly $1.5 billion in tokens lost in Bybit crypto exchange hack
- SiliconANGLE: SiliconAngle reports on the details of the Bybit hack and links it to North Korean hackers.
- techcrunch.com: TechCrunch reports on the massive crypto heist, citing research that points to North Korean hackers as perpetrators.
- OODAloop: Reports that North Korea’s Lazarus Group APT is Behind Largest Crypto Heist Ever
- Be3: Looming Shadows: $1.5 Billion Crypto Heist Shakes Confidence in Security Measures
- Schneier on Security: Schneier on Security covers the North Korean Hackers Stealing $1.5B in Cryptocurrency.
- Dataconomy: How the Bybit hack shook the crypto world: $1.5B gone overnight
- be3.sk: Looming Shadows: $1.5 Billion Crypto Heist Shakes Confidence in Security Measures
- Risky Business: Risky Business #781 -- How Bybit oopsied $1.4bn
- cyberriskleaders.com: Bybit, a leading exchange, was hacked for USD1.4 billion in Ethereum and staked Ethereum, sending shockwaves through the digital asset community.
- www.csoonline.com: Independent investigation finds connections to the Lazarus Group.
- Cybercrime Magazine: Bybit suffers the largest crypto hack in history
- www.theguardian.com: Cyberattackers believed to be affiliated with the state-sponsored threat group pulled off the largest crypto heist reported to date, stealing $1.5 billion from exchange Bybit.
- bsky.app: Forensic investigators have discovered that North Korean Lazarus hackers stole $1.5 billion from Bybit after first breaching a Safe{Wallet} developer machine. The multisig wallet platform has also confirmed these findings in a statement issued today.
- Sergiu Gatlan: Forensic investigators have discovered that North Korean Lazarus hackers stole $1.5 billion from Bybit after first breaching a Safe{Wallet} developer machine. The multisig wallet platform has also confirmed these findings in a statement issued today.
- SecureWorld News: SecureWorld reports on the Bybit hack, attributing it to the Lazarus Group.
- OODAloop: The Largest Theft in History – Following the Money Trail from the Bybit Hack
- gbhackers.com: Researchers Uncover $1.4B in Sensitive Data Tied to ByBit Hack by Lazarus Group
- Secure Bulletin: Lazarus group’s Billion-Dollar Bybit heist: a cyber forensics analysis
- Talkback Resources: "
THN Weekly Recap: From $1.5B Crypto Heist to AI Misuse & Apple’s Data Dilemma [mal]
- infosec.exchange: NEW: Hacked crypto exchange Bybit is offering $140 million in bounties to anyone who can help locate and freeze the stolen ethereum.
- CyberInsider: Record $1.5 billion Bybit hack undermines trust in crypto security
- The Register - Security: Bybit declares war on North Korea's Lazarus crime-ring to regain $1.5B stolen from wallet
- PCMag UK security: $1.4 Billion Crypto Heist Traced To Hackers Breaching Safe{Wallet}
- techcrunch.com: Last week, hackers stole around $1.4 billion in Ethereum cryptocurrency from crypto exchange Bybit, believed to be the largest crypto heist in history. Now the company is offering a total of $140 million in bounties for anyone who can help trace and freeze the stolen funds. Bybit’s CEO and
- securityaffairs.com: FBI: North Korea-linked TraderTraitor is responsible for $1.5 Billion Bybit hack
@pcmag.com - 2d
Employee screening firm DISA Global Solutions has confirmed a significant data breach affecting over 3.3 million individuals. The breach, which occurred between February 9, 2024, and April 22, 2024, involved unauthorized access to the company's systems. DISA provides employment screening solutions like drug and alcohol testing and background checks for over 55,000 organizations. The company discovered the breach on April 22, 2024, and initiated an investigation with the help of third-party forensic experts.
DISA's investigation revealed that hackers accessed sensitive personal and financial data. Potentially compromised information includes names, Social Security numbers, driver's license numbers, financial account information, and other government-issued ID numbers. DISA is notifying affected individuals directly and offering 12 months of credit monitoring and identity restoration services through Experian. The company urges individuals to remain vigilant against phishing attacks, monitor their accounts regularly, and report any suspicious activity to authorities.
Recommended read:
References :
- DataBreaches.Net: On February 3, DataBreaches quoted a press release by BakerHostetler about a breach update from DISA Global Solutions that DISA had issued on January 23, 2025.
- Carly Page: mastodon.social on Employee screening giant DISA Global Solutions has confirmed a data breach affecting 3.3 million people
- www.pcmag.com: Reporting on the data breach at DISA Global Solutions.
- PCMag UK security: Hack at Employee Screening Firm DISA Exposes Personal Data of 3.3M People
- CyberInsider: Data Breach at DISA Global Solutions Exposes 3.3M Americans
- Help Net Security: Background check, drug testing provider DISA suffers data breach
- Dataconomy: DISA Global Solutions, a leading provider of employment screening solutions, acknowledged a breach affecting more than 3.3 million people. The incident involved unauthorized access to sensitive personal and financial data, potentially affecting a large portion of the U.S. population.
- The Register - Security: Drug-screening biz DISA took a year to disclose security breach affecting millions
- gbhackers.com: US Employee Background Check Firm Hacked, 3 Million Records Exposed
- Talkback Resources: US Background Check Firm Data Breach Exposes 3.3M Records [app] [net]
- Talkback Resources: DISA Global Solutions experienced a data breach affecting over 3.3 million individuals, including 15,000 Maine residents, involving unauthorized access to personal data collected for employment screening purposes, prompting the company to offer credit monitoring and identity restoration services and enhance cybersecurity measures
- securityaffairs.com: DISA Global Solutions, a Texas-based company that provides employment screening services (including drug and alcohol testing and background checks) for over 55,000 organizations, has suffered a cyber incident that led to a data breach, which resulted in the potential compromise of personal and financial information of over 3.3 million individuals.
- Talkback Resources: Background check provider data breach affects 3 million people who may not have heard of the company [net]
- Talkback Resources: Background check provider data breach affects 3 million people who may not have heard of the company
Eduard Kovacs@SecurityWeek - 21d
Spanish authorities have arrested a hacker in Alicante for allegedly conducting over 40 cyberattacks targeting critical public and private organizations, including NATO, the US Army, and various Spanish entities such as the Guardia Civil and the Ministry of Defense. The investigation began in early 2024 after a data leak was reported from a Madrid business association, revealing that the hacker was boasting about stolen information on an underground criminal forum, even defacing the victim's website.
The suspect, known online as "Natohub" among other pseudonyms, is accused of illegally accessing computer systems, disclosing secrets, damaging computers, and money laundering. Police seized multiple computers, electronic devices, and over 50 cryptocurrency accounts containing various digital assets. Although the suspect's name hasn't been released by police, local news reports identify him as an 18-year-old man.
Recommended read:
References :
- BleepingComputer: The Spanish police have arrested a suspected hacker in Alicante for allegedly conducting 40 cyberattacks targeting critical public and private organizations, including the Guardia Civil, the Ministry of Defense, NATO, the US Army, and various universities.
- securityaffairs.com: Spanish Police arrested an unnamed hacker who allegedly breached tens of government institutions in Spain and the US.
- BleepingComputer: The Spanish police have arrested a suspected hacker in Alicante for allegedly conducting 40 cyberattacks targeting critical public and private organizations, including the Guardia Civil, the Ministry of Defense, NATO, the US Army, and various universities.
- Help Net Security: Suspected NATO, UN, US Army hacker arrested in Spain
- SecurityWeek: Spanish authorities have arrested an individual who allegedly hacked several high-profile organizations, including NATO and the US army.
- : The Spanish National Police and the Civil Guard announced the arrest (and release) of a hacker responsible for the cyberattacks against various Spanish government organizations, NATO and U.S. Army databases, and other international companies and entities.
- www.scworld.com: Suspected hacker arrested for attacks on NATO, US Army
- CyberInsider: Police Arrest Hacker Behind Attacks on U.S. and NATO Systems
- cyberinsider.com: Police Arrest Hacker Behind Attacks on U.S. and NATO Systems
- www.bleepingcomputer.com: Spanish National Police : (Spanish language) The Spanish National Police and the Civil Guard announced the arrest (and release) of a hacker responsible for the cyberattacks against various Spanish government organizations, NATO and U.S. Army databases, and other international companies and entities. Police seized multiple computers, electronic devices, and 50 cryptocurrency accounts containing various digital assets. Although no identity was released, linked the victim organizations to high profile attacks by the hacker using the alias "natohub".
- www.helpnetsecurity.com: Suspected NATO, UN, US Army hacker arrested in Spain
- www.securityweek.com: SecurityWeek provides details on the hacker's arrest and the organizations targeted.
- BleepingComputer: The Spanish police have arrested a suspected hacker in Alicante for allegedly conducting 40 cyberattacks targeting critical public and private organizations, including the Guardia Civil, the Ministry of Defense, NATO, the US Army, and various universities.
- bsky.app: The Spanish police have arrested a suspected hacker in Alicante
for allegedly conducting 40 cyberattacks targeting critical public and private organizations, including the Guardia Civil, the Ministry of Defense, NATO, the US Army, and various universities. https://www.bleepingcomputer.com/news/legal/spain-arrests-suspected-hacker-of-us-and-spanish-military-agencies/
- Cybernews: An undisclosed hacker has been accused of over 40 cyberattacks on strategic organizations, including government, universities, NATO, and the US Army.
- www.policia.es: Spanish National Police : (Spanish language) The Spanish National Police and the Civil Guard announced the arrest (and release) of a hacker responsible for the cyberattacks against various Spanish government organizations, NATO and U.S. Army databases, and other international companies and entities.
- Techmeme: Spanish police arrest a hacker for allegedly conducting 40 cyberattacks on critical public and private organizations, seizing 50 crypto accounts, PCs, and more
- BleepingComputer: The Spanish police have arrested a suspected hacker in Alicante for allegedly conducting 40 cyberattacks targeting critical public and private organizations, including the Guardia Civil, the Ministry of Defense, NATO, the US Army, and various universities.
- www.techmeme.com: Spanish police arrest a hacker for allegedly conducting 40 cyberattacks on critical public and private organizations, seizing 50 crypto accounts, PCs, and more
- ciso2ciso.com: Police arrest teenager suspected of hacking NATO and numerous Spanish institutions
- gbhackers.com: Authorities Arrested Hacker Who Compromised 40+ Organizations
- www.helpnetsecurity.com: The Spanish National Police has arrested a hacker suspected of having breached national and international agencies (including the United Nation’s International Civil Aviation Organization and NATO), Spanish universities and companies, and released stolen data on the dark web.
@cyberscoop.com - 21d
Concerns are mounting over potential cybersecurity failures within the Department of Government Efficiency (DOGE), as experts express alarm over Elon Musk's takeover of key Treasury systems. The situation involves a 25-year-old DOGE team member allegedly writing backdoors into the Treasury’s $6 trillion payment system, raising serious national security concerns. These backdoors could compromise sensitive financial data, including information related to government payroll, tax records, and financial transactions, potentially leading to espionage and financial manipulation.
The alleged security failures are compounded by reports that the DOGE team member had full administrator privileges to sensitive systems, going beyond the initially claimed "read-only" access. Sensitive veterans' data, including information about Department of Veterans Affairs benefits, are among the Treasury Department records Elon Musk's so-called Department of Government Efficiency now has access to. The lack of transparency and oversight surrounding DOGE's access to these systems has prompted Senator Elizabeth Warren to demand answers from the Treasury Secretary regarding the "security and management failure."
Recommended read:
References :
- ciso2ciso.com: Elon Musk ’s DOGE team granted ‘full access’ to sensitive Treasury systems. What are the risks?
- Pyrzout :vm:: Elon Musk ’s DOGE team granted ‘full access’ to sensitive Treasury systems. What are the risks?
- The Register - On-Prem: Musk’s DOGE ship gets ‘full’ access to Treasury payment system, sinks USAID
- The Verge: Elon Musk is staging a takeover of the federal budget
- www.techdirt.com: A 25-Year-Old Is Writing Backdoors Into The Treasury’s $6 Trillion Payment System. What Could Possibly Go Wrong?
- cyberscoop.com: Cybersecurity, government experts are aghast at security failures in DOGE takeover
- ciso2ciso.com: Elon Musk ’s DOGE team granted ‘full access’ to sensitive Treasury systems. What are the risks?
- PCMag UK security: Judge Blocks DOGE's Access to Treasury Systems
- The Verge: Federal judge blocks DOGE from accessing sensitive Treasury records
- techxplore.com: TechXplore article questioning if the DOGE initiative is a cybersecurity threat.
@www.bleepingcomputer.com - 19d
Hewlett Packard Enterprise (HPE) is notifying employees about a data breach that occurred in May 2023. The cyberattack, orchestrated by Russian state-sponsored hackers, targeted HPE's Office 365 email environment. The breach resulted in the theft of employee data, prompting HPE to alert affected individuals.
HPE began sending breach notification letters in January 2025, according to filings with Attorney General offices in New Hampshire and Massachusetts. The investigation determined that personal information, including driver's licenses, credit card numbers, and Social Security numbers, may have been subject to unauthorized access.
Recommended read:
References :
- BleepingComputer: Hewlett Packard Enterprise (HPE) is notifying employees whose data was stolen from the company's Office 365 email environment by Russian state-sponsored hackers in a May 2023 cyberattack.
- www.the420.in: Hewlett Packard Notifies Employees of Data Breach by Russian Hackers
- www.bleepingcomputer.com: HPE notifies employees of data breach after Russian Office 365 hack
- The420.in: Hewlett Packard Notifies Employees of Data Breach by Russian Hackers
- bsky.app: Hewlett Packard Enterprise (HPE) is notifying employees whose data was stolen from the company's Office 365 email environment by Russian state-sponsored hackers in a May 2023 cyberattack.
- Vulnerability-Lookup: Hewlett Packard Enterprise (HPE) is notifying employees whose data was stolen from the company's Office 365 email environment by Russian state-sponsored hackers
- techcrunch.com: TechCrunch reports on HPE beginning to notify data breach victims after a Russian government hack.
- Anonymous ???????? :af:: Hewlett Packard Enterprise (HPE) is notifying employees whose data was stolen from the company's Office 365 email environment by Russian state-sponsored hackers in a May 2023 cyberattack.
- www.scworld.com: HPE employees alerted of Midnight Blizzard hack
- securityaffairs.com: HPE is notifying individuals affected by a December 2023 attack
- securebulletin.com: Hewlett Packard Enterprise (HPE) is notifying employees whose data was stolen.
- ciso2ciso.com: HPE Says Personal Information Stolen in 2023 Russian Hack – Source: www.securityweek.com
Dissent@DataBreaches.Net - 6d
Major Australian IVF provider Genea has confirmed a cybersecurity incident where an unauthorized third party accessed its data. The company detected suspicious activity on its network and promptly shut down some systems and servers to investigate the extent of the breach. Genea is working to determine what specific data was compromised and is taking steps to secure its systems. The incident disrupted patient services, including phone lines, the Genea app, and email communications, causing frustration for patients who rely on the clinic's data processing systems for critical blood test data related to their IVF treatment cycles.
This cyber incident has raised concerns about the security of patient data at healthcare providers. Genea has stated that it is "urgently investigating" the incident and will contact any individuals whose personal data has been compromised. The clinic is also working to restore systems and minimize disruptions to services, assuring patients that their privacy and data security are taken very seriously. Genea has multiple clinics across Australia and is working to ensure minimal disruption to patient services.
Recommended read:
References :
- Carly Page: Australian IVF giant Genea has disclosed a cybersecurity incident that disrupted patient services and led to the access of potentially sensitive information
- ciso2ciso.com: Australian IVF Clinic Suffers Data Breach Following Cyber Incident – Source: www.infosecurity-magazine.com
- www.cybersecurity-insiders.com: Genea Australia data breach and Black Basta Ransomware gang data leak Genea IVF Australia, a leading fertility service provider and one of the three largest in the country, has confirmed that it has fallen victim to a significant cyberattack, resulting in a data breach.
- DataBreaches.Net: Major Australian IVF provider Genea suffers ‘cyber incident’
- techcrunch.com: Australian IVF giant Genea has disclosed a cybersecurity incident that disrupted patient services and led to the access of potentially sensitive information
- kirbyidau.com: Incident: Australian IVF provider Genea in cyber incident | iTnews
- www.scworld.com: Cyberattack compromises leading Australian IVF provider's data
- kirbyidau.com: Kirbyidau - Australian IVF provider Genea in cyber incident | iTnews
- Carly Page: Australian IVF provider Genea confirms hackers have leaked sensitive patient data after Termite listed the firm on its dark web site. A court order prohibiting publication of the stolen data reveals that hackers breached Genea's network on January 31 to steal more than 900GB of information
- The420.in: The Termite ransomware gang has taken responsibility for breaching Genea, one of Australia’s largest fertility service providers, and stealing sensitive patient data.
- bsky.app: The Termite ransomware gang has claimed responsibility for breaching and stealing sensitive healthcare data belonging to Genea patients, one of Australia's largest fertility services providers.
- thecyberexpress.com: Termite ransomware group has allegedly leaked sensitive patient data following the Genea cyberattack, targeting one of Australia’s leading fertility providers.
Eduard Kovacs@SecurityWeek - 22d
Grubhub, the popular food-ordering and delivery platform, has confirmed a data breach affecting the personal information of both customers and drivers. The company disclosed the breach on Monday, February 4, 2025, stating that hackers accessed personal details after breaching its internal systems. The breach was traced to a third-party service provider, prompting Grubhub to immediately terminate the account's access and remove the service provider from its systems.
Grubhub confirmed that the intrusion allowed unauthorized access to names, email addresses, phone numbers, and partial payment card information, specifically the last four digits of the card number, for some users. Hashed passwords for certain legacy systems were also accessed, but Grubhub assures that bank account details and Social Security numbers were not affected. While the number of affected individuals remains undisclosed, Grubhub is urging users to rotate their passwords as a precautionary measure.
Recommended read:
References :
- techcrunch.com: Grubhub confirms data breach affecting customers and drivers
- SecurityWeek: Food delivery firm GrubHub has disclosed a data breach impacting the personal information of drivers and customers.
- go.theregister.com: Grubhub serves up security incident with a side of needing to change your password
- securityaffairs.com: Online food ordering and delivery platform GrubHub discloses a data breach
- techcrunch.com: Grubhub confirms data breach affecting customers and drivers
- www.securityweek.com: Personal Information Compromised in GrubHub Data Breach
- Carly Page: US food delivery giant Grubhub has confirmed a data breach after hackers accessed the personal details of customers and drivers
MSSP Alert Staff@MSSP feed for Latest - 14d
The Sarcoma ransomware group has claimed responsibility for a cyberattack against Unimicron, a major Taiwanese printed circuit board (PCB) manufacturer. The attackers are threatening to release 377 GB of allegedly stolen data, including SQL files and documents, if the company refuses to pay a ransom. Sarcoma listed Unimicron on its leak site, publishing samples of the exfiltrated files.
Despite confirming that its China-based subsidiary, Unimicron Technology (Shenzhen) Corp., experienced a ransomware intrusion, Unimicron has not yet confirmed the data breach. The company noted that it is currently conducting an ongoing investigation into the incident that disrupted operations on January 30th. Sarcoma has emerged as a leading threat, having claimed attacks against dozens of organizations since October.
Recommended read:
References :
- cyberinsider.com: Taiwanese PCB Giant Unimicron Breached by Sarcoma Ransomware
- securityaffairs.com: Sarcoma ransomware gang claims the theft of sensitive data from PCB maker Unimicron
- www.bleepingcomputer.com: Sarcoma ransomware claims breach at giant PCB maker Unimicron
- MSSP feed for Latest: Unimicron Purportedly Subjected to Sarcoma Ransomware Attack
- BleepingComputer: A relatively new ransomware operation named 'Sarcoma' has claimed responsibility for an attack against the Unimicron printed circuit boards (PCB) maker in Taiwan.
- CyberInsider: CyberInsider reports the Taiwanese PCB giant Unimicron was breached by Sarcoma ransomware.
- www.scworld.com: Unimicron purportedly subjected to Sarcoma ransomware attack
@techcrunch.com - 6d
UK healthcare giant HCRG Care Group, previously known as Virgin Care, is currently investigating an IT security incident after the Medusa ransomware gang claimed responsibility for breaching the company's systems. The attackers allege to have stolen troves of sensitive data, totaling 2.275 TB, and are demanding $2 million (£1.6 million) in ransom. HCRG, which runs child and family health and social services across the UK for the NHS and local authorities, is working with external forensic specialists to investigate the incident.
HCRG has stated that its services are continuing to operate safely, and patients should keep their scheduled appointments. The Medusa crew is threatening to leak the stolen information online if the ransom isn't paid by February 27th. Samples of the allegedly stolen data, which include employees’ personal information, sensitive medical records, financial records, and government identification documents, have been shared by Medusa. HCRG has notified the U.K.’s Information Commissioner’s Office and other relevant regulators about the breach.
Recommended read:
References :
- DataBreaches.Net: HCRG Care Group, a private health and social services provider, has seemingly fallen victim to the Medusa ransomware gang, which is threatening to leak what’s claimed to be stolen internal records unless a substantial ransom is paid.
- The Register: Medusa ransomware gang demands $2M from UK private health services provider 2.3 TB held to ransom as biz formerly known as Virgin Care tells us it's probing IT 'security incident' Exclusive HCRG Care Group, a private health and social services provider, has seemingly fallen victim to the Medusa ransomware gang, which is threatening to leak what's claimed to be stolen internal records unless…
- The Register - Security: HCRG Care Group, a private health and social services provider, has seemingly fallen victim to the Medusa ransomware gang, which is threatening to leak what's claimed to be stolen internal records unless a substantial ransom is paid.
- Carly Page: UK healthcare giant HCRG Care Group has confirmed it’s investigating an IT security incident after the Medusa ransomware gang claimed to have breached the company's systems to steal troves of sensitive data
- techcrunch.com: HCRG Care Group, a private health and social services provider, has seemingly fallen victim to the Medusa ransomware gang, which is threatening to leak what’s claimed to be stolen internal records unless a substantial ransom is paid.
- go.theregister.com: 2.3 TB held to ransom as biz formerly known as Virgin Care tells us it's probing IT 'security incident' Exclusive  HCRG Care Group, a private health and social services provider, has seemingly fallen victim to the Medusa ransomware gang, which is threatening to leak what's claimed to be stolen internal records unless a substantial ransom is paid.…
- Legit Security Blog: Medusa ransomware gang demands $2M from UK private health services provider
drewt@secureworldexpo.com (Drew Todd)@SecureWorld News - 13d
OmniGPT Data Breach Exposes 30,000 Users, Millions Messages - A hacker claims to have breached OmniGPT, leaking 30,000 user email addresses, phone numbers, and 34 million lines of chat messages, including API keys and credentials, affecting users of ChatGPT-4, Claude 3.5, Gemini, and Midjourney.
OmniGPT, a popular AI aggregator providing access to models like ChatGPT-4 and Gemini, has allegedly suffered a significant data breach. A threat actor known as "Gloomer" claims responsibility, leaking 30,000 user email addresses and phone numbers, along with a staggering 34 million lines of chat messages. The breach raises serious cybersecurity and privacy concerns due to the sensitivity of user interactions with AI chatbots.
The leaked data reportedly includes API keys, credentials, and file links, potentially exposing OmniGPT's session management vulnerabilities. Samples of the stolen data were posted on BreachForums, a marketplace for illicit data sales. Cybersecurity experts emphasize the potential for identity theft, phishing scams, and financial fraud for affected users.
Recommended read:
References :
- cyberinsider.com: OmniGPT Allegedly Breached: 34 Million User Messages Leaked
- hackread.com: OmniGPT AI Chatbot Breach: Hacker Leaks User Data and 34 Million Lines of Chat Messages b/w Users and Chatbot
- MSSP feed for Latest: OmniGPT Claimed To Be Subjected to Extensive Breach
- SecureWorld News: A major security incident has allegedly struck OmniGPT, a popular AI aggregator that provides users access to multiple AI models, including ChatGPT-4, Claude 3.5, Gemini, and Midjourney.
- CyberInsider: OmniGPT Allegedly Breached: 34 Million User Messages Leaked
- securityaffairs.com: Hackers have allegedly breached OmniGPT, a ChatGPT-like AI chatbot platform, exposing sensitive data of over 30,000 users. The leaked data reportedly includes email addresses, phone numbers, API keys, and over 34 million user-chatbot interactions.
@www.bleepingcomputer.com - 18d
Hospital Sisters Health System (HSHS) has notified over 882,000 patients about a significant data breach stemming from a cyberattack in August 2023. The breach exposed the personal and health information of these individuals, raising concerns about data security within the healthcare sector. HSHS, established in 1875, operates a network of 15 local hospitals across Illinois and Wisconsin and works with over 2,200 physicians.
The health system discovered the security breach on August 27, 2023, after detecting unauthorized access to its network. Following the discovery, HSHS initiated an investigation to assess the scope and impact of the incident. The notification sent to patients confirmed that the cyberattack led to the compromise of their personal data, emphasizing the importance of vigilance regarding potential misuse of the exposed information.
Recommended read:
References :
- BleepingComputer: Hospital Sisters Health System notified over 882,000 patients that an August 2023 cyberattack led to a data breach that exposed their personal and health information.
- securityaffairs.com: The cyberattack on Hospital Sisters Health System in 2023 compromised the personal information of 883,000 individuals.
- www.bleepingcomputer.com: US health system notifies 882,000 patients of August 2023 breach
- BleepingComputer: Hospital Sisters Health System notified over 882,000 patients that an August 2023 cyberattack led to a data breach that exposed their personal and health information.
- Anonymous ???????? :af:: Hospital Sisters Health System notified over 882,000 patients that an August 2023 cyberattack led to a data breach that exposed their personal and health information.
- BleepingComputer: Hospital Sisters Health System notified over 882,000 patients that an August 2023 cyberattack led to a data breach.
@techcrunch.com - 4d
A data breach has impacted users of the spyware applications Cocospy and Spyic, potentially exposing sensitive personal data including messages, photos, and call logs. These consumer-grade spyware apps, sometimes called stalkerware or spouseware, covertly monitor private information on Android devices. The Cocospy breach alone exposed almost 1.8 million customer email addresses, which have been added to the Have I Been Pwned database.
TechCrunch reported on the breach and released a guide with steps for checking Android devices for stalkerware, as well as how to safely remove it. Stalkerware apps are often downloaded from outside official app stores, planted without permission, and hidden on the device to avoid detection. Signs of infection include unusual device behavior like overheating, slow performance, or excessive data usage.
Recommended read:
References :
- cyberinsider.com: A data breach in the spyware applications Cocospy and Spyic has exposed the personal data of millions of people, including sensitive information such as messages, photos, and call logs.
- haveibeenpwned.com: In February 2025, the spyware service . The Cocospy breach alone exposed almost 1.8M customer email addresses which were provided to HIBP, and reportedly also enabled unauthorised access to captured messages, photos, call logs, and more.
- Dataconomy: This stalkerware breaches your Android: Fix it now
- Zack Whittaker: We also have guidance on what you can do if you think you've been compromised by Cocospy and Spyic, which can affect both Android and iPhone/iPad users.
@www.cybersecurity-insiders.com - 2d
Orange Group has confirmed a data breach affecting its Romanian branch after a hacker, allegedly associated with the HellCat ransomware group and known as "Rey," breached their systems. The breach resulted in the exposure of over 380,000 email addresses and other sensitive data belonging to customers, partners, and employees. The attacker claims to have stolen thousands of internal documents after infiltrating the company’s infrastructure, and demanded a ransom which Orange refused to pay.
The leaked dataset includes over 600,000 customer records, employee details, financial documents, and source code. While the breach did not impact Orange’s core services, the company acknowledges major security gaps were highlighted as attackers had access to Orange’s systems for over a month before exfiltrating the data. This incident follows a similar cyber incident reported by Orange Spain just last week, increasing concerns about data security in the telecom sector.
Recommended read:
References :
- Dataconomy: dataconomy.com on Orange Group data breach: Every step explained
- The420.in: the420.in on Orange Group Suffers Data Breach: Hacker Claims Theft of Thousands of Internal Documents
- www.cybersecurity-insiders.com: Orange Group, a telecom services provider based in France, has confirmed that one of its internal systems at its Romanian branch was breached by a cyber attacker identified as “Rey,� an individual reportedly associated with the HellCat ransomware group.
- bsky.app: French telecommunications and digital services provider Orange confirmed that a hacker breached their systems and stole company data that includes customer, partners, and employee information.
- CyberInsider: Confirmation of a data breach impacting the French telecommunications and digital service provider Orange Group, following the leak of internal documents, particularly those affecting Orange Romania.
@go.theregister.com - 20d
Gravy Analytics is facing a new lawsuit following a data breach that allegedly compromised the location data of tens of millions of smartphones. This marks the fourth lawsuit against the company since January 2025, accusing them of failing to adequately protect personal data. The information, which includes precise coordinates harvested from installed apps, is feared to have been stolen from the analytics firm's AWS S3 storage buckets.
A complaint filed in federal court in northern California alleges that a massive archive containing the geo-locations of people's phones has been compromised. Gravy Analytics confirmed a data security breach occurred, which was discovered on January 4, 2025. The FTC previously banned Gravy Analytics and its subsidiary Venntel from selling sensitive location data in December 2024, and this latest breach only raises additional concern about data privacy.
Recommended read:
References :
- ciso2ciso.com: Coordinates of millions of smartphones feared stolen, sparking yet another lawsuit against data broker – Source: go.theregister.com
- The Register: Coordinates of millions of smartphones feared stolen, sparking yet another lawsuit against data broker Fourth time’s the harm? Gravy Analytics has been sued yet again for allegedly failing to safeguard its vast stores of personal data, which are now feared stolen. And by personal data we mean information including the locations of tens of millions of smartphones, coordinates of whi…
- go.theregister.com: Coordinates of millions of smartphones feared stolen, sparking yet another lawsuit against data broker
- ciso2ciso.com: Coordinates of millions of smartphones feared stolen, sparking yet another lawsuit against data broker – Source: go.theregister.com
- Pyrzout :vm:: Coordinates of millions of smartphones feared stolen, sparking yet another lawsuit against data broker
- The Register - Security: Coordinates of millions of smartphones feared stolen, sparking yet another lawsuit against data broker
@cyberinsider.com - 17d
Reports have surfaced regarding a potential data breach at OpenAI, with claims suggesting that 20 million user accounts may have been compromised. The cybercriminal known as "emirking" claimed to have stolen the login credentials and put them up for sale on a dark web forum, even sharing samples of the supposed stolen data. Early investigations indicate that the compromised credentials did not originate from a direct breach of OpenAI's systems.
Instead, cybersecurity researchers believe the credentials were harvested through infostealer malware, which collects login information from various sources on infected devices. Security experts suggest that the extensive credential theft may have been achieved by exploiting vulnerabilities or securing admin credentials. OpenAI is currently investigating the incident. Users are urged to change their passwords and enable multi-factor authentication.
Recommended read:
References :
- socradar.io: Massive OpenAI Leak, WordPress Admin Exploit, Inkafarma Data Breach
- www.heise.de: Cyberattack? OpenAI investigates potential leak of 20 million users' data
- www.the420.in: The 420 reports on cybercriminal emirking claiming to have stolen 20 million OpenAI user credentials.
- Cybernews: A Russian threat actor has posted for sale the alleged login account credentials for 20 million OpenAI ChatGPT accounts.
- www.scworld.com: Such an extensive OpenAI account credential theft may have been achieved by exploiting vulnerabilities or securing admin credentials to infiltrate the auth0.openai.com subdomain, according to Malwarebytes researchers, who noted that confirmation of the leak's legitimacy would suggest emirking's access to ChatGPT conversations and queries.
- BleepingComputer: BleepingComputer article on the potential OpenAI data breach.
- The420.in: The420.in article on the alleged theft of OpenAI user credentials.
- cyberinsider.com: CyberInsider details how an alleged OpenAI data breach is actually an infostealer logs collection.
@cyberinsider.com - 6d
B1ack's Stash, an illicit carding marketplace, released a dataset containing over 1 million stolen credit and debit cards on a dark web forum on February 19, 2025. Experts are warning that the release of over 1 million unique credit and debit cards by the carding website B1ack’s Stash appears to be a marketing strategy to attract new customers and gain notoriety within the cybercrime ecosystem. Other underground marketplaces like Joker Stash and BidenCash facilitate the sale of payment card data.
The cybersecurity community is on high alert. It has been reported that the leaked data includes PAN, expiration date, CVV2, cardholders' personal details, email address, IP address, and User-Agent, obtained through e-skimming. Banking institutions are being advised to monitor the dark web for the offering of credit and debit cards to prevent fraudulent activities.
Recommended read:
References :
- cyberinsider.com: On February 19, 2025, the illicit carding marketplace B1ack's Stash released a dataset containing over 1 million stolen credit and debit cards on a dark web forum.
- securityaffairs.com: Experts warn that the carding website B1ack’s Stash released a collection of over 1 million unique credit and debit cards.
- Talkback Resources: Carding website B1acks Stash released over 1 million credit and debit cards to attract customers, while underground marketplaces like Joker Stash and BidenCash facilitate the sale of payment card data, prompting banks to monitor the dark web for fraudulent activities.
- CyberInsider: On February 19, 2025, the illicit carding marketplace B1ack's Stash released a dataset containing over 1 million stolen credit and debit cards on a dark web forum.
- ciso2ciso.com: B1ack’s Stash released 1 Million credit cards
- Talkback Resources: Carding website B1acks Stash released over 1 million credit and debit cards to attract customers, while underground marketplaces like Joker Stash and BidenCash facilitate the sale of payment card data, prompting banks to monitor the dark web for fraudulent activities.
- Talkback Resources: Carding website B1acks Stash released over 1 million credit and debit cards to attract customers, while underground marketplaces like Joker Stash and BidenCash facilitate the sale of payment card data, prompting banks to monitor the dark web for fraudulent activities.
- Talkback Resources: Carding website B1acks Stash released over 1 million credit and debit cards to attract customers, while underground marketplaces like Joker Stash and BidenCash facilitate the sale of payment card data, prompting banks to monitor the dark web for fraudulent activities.
@techcrunch.com - 8d
New York-based venture capital and private equity firm Insight Partners has disclosed a security breach of its systems. The firm, which manages over $90 billion in regulatory assets and has invested in over 800 software and technology startups globally over the past 30 years, revealed that the incident occurred in January. The breach involved unauthorized access to its information systems following what they are calling "a sophisticated social engineering attack."
Insight Partners confirmed that the attack took place on January 16, 2025. The company has taken steps to address the situation, notifying law enforcement in relevant jurisdictions and engaging third-party cybersecurity experts to investigate the full scope and impact of the breach. The investigation is ongoing to determine the extent of data exposure and to implement measures to prevent future incidents.
Recommended read:
References :
- cyberinsider.com: Insight Partners Investigates Data Breach Following Cyberattack
- BleepingComputer: New York-based venture capital firm Insight Partners has disclosed that its systems were breached
- techcrunch.com: VC giant Insight Partners confirms a January cyberattack
- CyberInsider: Insight Partners Investigates Data Breach Following Cyberattack
- securityaffairs.com: Venture capital firm Insight Partners discloses security breach
- www.bleepingcomputer.com: Insight Partners hit by cyberattack
- Carly Page: US-based VC giant Insight Partners has confirmed that hackers breached its systems in January.
- aboutdfir.com: Insight Partners confirms cyberattack in January 2025, with unauthorized access to information systems.
|
|
FlagThis - #databreach