CISA Data Leak Sparks Congressional Inquiry
Lawmakers are demanding answers from CISA after a contractor leaked agency secrets on a public GitHub account, raising concerns about the agency's internal policies and procedures.
35 articles
Lawmakers are demanding answers from CISA after a contractor leaked agency secrets on a public GitHub account, raising concerns about the agency's internal policies and procedures.
Convenience store giant 7-Eleven confirms a data breach after ShinyHunters claimed to have stolen information from the company's systems.
A CISA contractor leaked credentials to highly privileged AWS GovCloud accounts and internal CISA systems on a public GitHub repository.
More than $10 million was stolen from cryptocurrency platform THORChain during a security incident on Friday morning.
Colorado Governor Jared Polis has commuted the prison sentence of Tina Peters, the former Mesa County election clerk who was sentenced to nine years for a serious election-related data breach.
A data breach at American Lending Center has impacted over 123,000 individuals, with stolen information including names, dates of birth, and SSNs.
South Staffordshire Water was fined £963,900 for failing to discover hackers hidden inside its computer network for nearly two years, resulting in the personal data of 633,887 customers and employees being published.
Cybercriminals threaten to leak 3.65 terabytes of sensitive data from Canvas, a widely used education tech platform, after a prolonged cyberattack.
ShinyHunters claims nearly 9,000 schools are affected by a data breach of Canvas, a learning management system, with personal information of 275 million users compromised.
AI evaluation platform Braintrust urges customers to rotate API keys after a data breach, where hackers accessed an AWS account, potentially exposing keys used by companies like Box and Dropbox.
A data extortion attack on the education technology platform Canvas has disrupted classes and coursework at schools and universities across the US, with hackers threatening to leak data from 275 million students and faculty.
A data breach at Zara exposed personal information of 197,000 customers, including email addresses, geographic locations, and purchase history.
A 15-year-old has been detained in France for allegedly selling data stolen from the country's agency for issuing and managing administrative documents, exposing 11.7 million accounts.
Itron, Inc., a Washington-based utility technology firm serving 7,700 customers across 100 countries, has disclosed that an unauthorized third party breached certain internal systems on April 13, 2026.
Home security giant ADT confirmed cybercriminals breached its systems and stole a limited set of customer data, including names, addresses, and partial Social Security numbers. The ShinyHunters group claims to have taken 10 million records and is demanding a ransom.
Home security company ADT has confirmed a data breach detected on April 20, 2026, after the ShinyHunters extortion group claimed to have stolen over 10 million customer records and threatened to leak them.
Vercel confirms that the fallout from an attack on its internal systems has reached more customers than initially disclosed, with ongoing forensic analysis revealing additional compromise tied to malware, stolen tokens, and trusted third-party relationships.
A 20-year-old known online as HexDex was detained in western France on Monday, suspected of orchestrating roughly 100 data breaches targeting sports federations, government databases, and private firms.
France's national secure documents agency ANTS has confirmed a cyberattack detected on April 15, 2026, as a threat actor on hacker forums claims to be selling up to 19 million stolen citizen records.
A Roblox cheat-seeking employee at Context.ai inadvertently installed Lumma Stealer in February, setting off a chain reaction that ultimately exposed Vercel customer credentials through compromised OAuth tokens and Google Workspace access.
Seiko USA's website was defaced over the weekend by attackers claiming to have stolen its entire Shopify customer database and threatening to publish the data unless the company pays a ransom.
Kamerin Stokes, 23, of Memphis, Tennessee, received a 30-month federal prison sentence for purchasing and reselling access to compromised DraftKings accounts stolen in a 2022 credential-stuffing attack that hit nearly 68,000 users.
Cloud development platform Vercel has confirmed unauthorized access to internal systems after a threat actor claiming to be ShinyHunters posted on a hacking forum offering stolen data for sale, including API keys and source code.
Dutch gym chain Basic-Fit has disclosed a data breach affecting approximately 1 million members across six European countries, with exposed data including full names, bank account details, and dates of birth.
The ShinyHunters extortion gang has published over 78.6 million records allegedly stolen from Rockstar Games through compromised authentication tokens tied to a security incident at analytics firm Anodot.
Booking.com has confirmed that unauthorized third parties accessed booking information tied to user reservations, prompting forced PIN resets and direct email notifications to affected customers.
Booking.com has begun alerting customers that hackers may have accessed personal details tied to their travel reservations, though the company says no financial or payment information was compromised.
European gym chain Basic-Fit confirmed that unknown hackers breached its systems and downloaded personal data belonging to approximately 1 million members across Belgium, the Netherlands, Luxembourg, France, Spain, and Germany.
Toy giant Hasbro disclosed unauthorized network access in an SEC 8-K filing dated March 28, 2026, warning that business continuity measures may remain in place for several weeks and could cause some delays.
Telehealth company Hims & Hers Health suffered a data breach through its third-party customer support platform, exposing protected health information including details tied to erectile dysfunction, hair loss, and mental health conditions.
Bitcoin ATM operator Bitcoin Depot confirmed that attackers stole approximately 50.903 Bitcoin worth $3.665 million from its corporate wallets after breaching its IT systems on March 23, 2026.
European rail pass operator Eurail B.V. has confirmed that a cyberattack on December 26, 2025 exposed the personal data of 308,777 individuals, including names, passport numbers, and sensitive health and financial information.
A new attack, dubbed GPUBreach, can induce Rowhammer bit-flips on GPU GDDR6 memories to escalate privileges and lead to a full system compromise. [...]
A large US healthcare provider has disclosed a breach affecting 12 million patients. Stolen data includes medical records, Social Security numbers, and insurance details.
A major data breach at fintech startup PayNova has exposed payment card data and transaction histories for approximately 3 million users, raising serious questions about startup security practices and PCI DSS compliance.