#data-breach

#data-breach

The rise of OpenClaw, a proactive agentic AI controlled through interfaces more familiar to the average user than tools like Anthropic's Claude Code, which enthralled early adopters over the holiday period, has been one of the most seismic shifts in the AI world since the release of ChatGPT. By piggybacking on user-friendly interfaces paired with powerful AI agent technology, OpenClaw has pushed AI further into the public eye.

Catch up quick: Researchers reported last month that bondu, an AI-powered conversational toy company, inadvertently exposed children's chat transcripts and personal data through a publicly accessible portal. Bondu, which allows parents to check their children's conversations, said it took down the exposed portal and relaunched it the next day with authentication measures, according to Wired. Driving the news: New Hampshire Senator Maggie Hassan, the ranking member of the Senate's Joint Economic Committee, is now asking bondu to explain how the exposure occurred.

The company became aware of the breach which included personal information of its website customers "including credit card information" on Friday, it told CBC News in a statement. Canada Computers & Electronics said the affected customers were informed on Monday, given recommendations about steps to take, and that the breach was reported to authorities. But neither the statement, nor the notices seen by CBC News that went out to customers, says when the breach happened, how long it lasted or how many customers were affected.

A data breach at SoundCloud that came to light in December 2025 is now becoming clearer. The data breach monitor Have I Been Pwned added the leaked dataset to its database this week, revealing the true extent of the impact. SoundCloud is a global audio platform where artists and listeners come together and where hundreds of millions of music and audio tracks are hosted.

The Department of Education in Victoria, Australia, notified parents that attackers accessed a database containing the personal information and email addresses of current and former students, prompting password resets. The department disclosed the breach in letters sent to parents, stating that an unauthorized third party accessed students' names, school names, year levels, and school-issued email addresses, as well as encrypted passwords for accounts that use them.

Eurail B.V. has unfortunately experienced a security breach within our systems that resulted in unauthorized access to customer data. Following the discovery, we immediately began work to secure our systems and initiated an investigation with the support of external cybersecurity specialists and legal advisors. We take this matter very seriously and are currently conducting a thorough investigation to determine the full scope of the incident and its potential impact on customers, which includes participants of the European Commission's DiscoverEU action.

The allegedly stolen user data was later posted to shinyhunte[.]rs, alongside a message from a self-described cyber outlaw calling himself "James," who appeared keen to make sure his handiwork didn't go unnoticed. Have I Been Pwned's listing of the incident shows that the breach occurred before law enforcement's October 2025 takedown of the BreachForums domain, and that the leak comprised roughly 324,000 unique email addresses, usernames, and Argon2-hashed passwords, pulled from public posts, private messages, and other forum records.

The Royal Borough of Kensington and Chelsea (RBKC) in Greater London is in the process of contacting households across the borough after establishing in December that personal data on thousands of residents was stolen in a cyber attack on shared systems operated by the council. Over a month after the incident, several services remain disrupted or are operating in a limited capacity.

For residents and patients, the account information included first and last name, Social Security number, date of birth, Medicare number, or medical treatment and condition information. For those individuals who were not residents, personal information involved first and last name, in combination with one or more of the following data element(s): Social Security number, passport number, driver's license or state identity card information, medical information, health insurance information, and online log-in information corresponding with the individual whose email account was compromised.

Kensington and Chelsea Council has written to 100,000 households warning their personal details may have been taken in a recent cyber attack. The town hall urged residents to follow National Cyber Security Centre advice and warned criminals could use the information to make scams seem more legitimate, according to an update on its website. The council said the attack was carried out "with criminal intent"

The crim says the haul spans more than 800 classified raw LiDAR point cloud files in .las format ranging from 100 MB to 2 GB each; full coverage of transmission line corridors and substations, which includes layers for bare earth, vegetation, conductors, and structures; high-resolution orthophotos in .ecw format; MicroStation design files and PTC settings; large vegetation feature files in .xyz format; and other files from active projects.