#data-breach

#data-breach

The stolen information includes names, addresses, dates of birth, government-issued ID details, and other information that customers shared in relation to their travel needs, including accommodation requests and complaints. For WestJet Rewards members, membership details, such as WestJet Rewards ID number and points balance, and other account information may have been compromised as well. The airline is providing the impacted individuals with 24 months of free monitoring, identity theft protection, and proactive fraud assistance services, which include up to $1 million of expense reimbursement insurance.

According to Google Threat Intelligence Group (GTIG) and Mandiant, the malicious activity allegedly targeting Oracle EBS appears to have started on or around September 29. The attackers have sent extortion emails to executives at "numerous" companies, claiming to be affiliated with the notorious Cl0p cybercrime group. GTIG and Mandiant researchers have described the attacks as a high-volume email campaign leveraging hundreds of compromised accounts, including ones previously linked to a profit-driven threat group named FIN11.

I provided passport details in good faith to HSBC as it was necessary for identification before opening up a business account. Now I'm worried that money will be taken out of the company account by crooks, with the third-party platform having been hacked. Worse, that my passport details could be sold on the dark web. I had reservations about providing ID proof in the first place because cyber attacks are now so prevalent but you put your trust in the banks to get online security right, first

A "widespread cybersecurity incident" at the Federal Emergency Management Agency allowed hackers to make off with employee data from both the disaster management office and U.S. Customs and Border Protection, according to a screenshot of an incident overview presentation obtained by Nextgov/FCW. The hack is also suspected to have later triggered the dismissal of two dozen Federal Emergency Management Agency technology employees announced late last month, according to internal meeting notes and a person familiar with the matter.

Unfortunately, WestJet confirmed that certain data was obtained from its systems. Since making that determination, WestJet conducted an analysis of that data to identify specific data elements and locate current contact information for certain United States residents who were impacted. As of September 15, 2025, WestJet completed that analysis and as a result is providing this notice. No credit card or debit card numbers, expiry dates and CVV numbers, and no guest user passwords were obtained.

copied Americans' sensitive Social Security and employment data into a cloud database without any verified security controls,

On Aug. 19, 2025, Motility Software Solutions, a provider of dealer management software for specialty vehicle dealerships, identified suspicious activity on its network. The company quickly took the impacted server offline to contain the incident and began an investigation with the help of cybersecurity experts. According to Motility, the breach resulted in unauthorized access to the personally identifiable information (PII) of approximately 760,000 consumers in the United States.

Over the weekend it was widely reported in French media that a group of hackers had breached the government's ANTS website, stealing personal data from between 12 and 13 million people. The unidentified group posted messages online claiming that the personal data was now for sale on the dark web, offering sample data to apparently prove that their hack had been successful.

According to the notification sent out to impacted individuals, a threat actor gained unauthorized access to Tiffany systems on or around May 12, 2025. An investigation revealed that the attacker obtained information associated with Tiffany gift cards, including name, email address, postal address, phone number, sales data, gift card number, and PIN. The luxury goods company informed the Maine Attorney General's Office that more than 2,500 individuals are impacted by the data breach. It's unclear if that number includes the affected Canadian customers.

Tiffany writes that they experienced a cybersecurity incident on or around May 12, 2025. "Based on our investigation, we determined on September 9, 2025, that, in connection with this issue, an unauthorized party obtained certain information related to your Tiffany gift card(s)," the letter states, adding, "The affected information included client name, postal address, email address, phone number, sales data, internal client reference number, and Tiffany gift card number and PIN."

A US-based fintech firm has warned customers their data may have been exposed following an insider attack.

The Scattered Lapsus$ Hunters hacking group, recently linked to the attack on Jaguar Land Rover that has devastated the company, has announced that it plans to shut down.

"FinWise contracts with AFF to offer installment loans to consumers. In this arrangement, FinWise is the lender and AFF is the technology provider. FinWise originates the loan and provides funds to the consumer. AFF is contracted to provide the application platform, facilitate the loan origination for FinWise, as well as service the loan on behalf of FinWise," FinWise explained in its notification. "Please note that you may have had, or applied for, a FinWise installment loan, a lease-to-own account, or a retail installment sales agreement account with AFF which was impacted by this security incident," impacted people have been told.

Cyber criminals have stolen the private details of potentially millions of Balenciaga, Gucci and Alexander McQueen customers in an attack. The stolen data includes names, email addresses, phone numbers, addresses and the total amount spent in the luxury stores around the world. Kering, the parent company of the luxury brands, has confirmed the breach and says it disclosed the incident to the relevant data protection authorities.