Data breach investigations, incident response, and privacy impact.
One of the nation's largest healthcare systems confirms a massive data breach that exposed personal and medical information of millions of patients across 19 states.
AT&T confirmed attackers accessed call and text-message metadata for nearly all of its cellular customers between May and October 2022, downloaded from a third-party cloud workspace.
Genetic testing company 23andMe confirmed that attackers used credential stuffing to access roughly 14,000 accounts and scraped ancestry data on approximately 6.9 million additional users via the DNA Relatives feature.
The Lapsus$ extortion crew posted screenshots showing what it claims is access to identity provider Okta's internal systems, obtained through a compromised third-party support contractor.
Password manager LastPass disclosed that the attacker behind its August breach returned in November and exfiltrated encrypted customer vault backups along with billing data, URLs, and unencrypted metadata.
Trading app Robinhood disclosed that a social-engineering attack against a customer-support employee exposed email addresses for five million users and full names for two million more.
An anonymous 4chan user posted a 125GB torrent containing Twitch's source code, internal red-team tools, and three years of creator payout records following what Amazon-owned Twitch describes as a server configuration error.
T-Mobile USA confirmed a hacker accessed personal data — including Social Security numbers and driver's license information — for at least 54 million current, former, and prospective customers.
A trove containing phone numbers, email addresses, and biographical data for 533 million Facebook users from 106 countries has been posted for free on a low-tier hacking forum after circulating in private channels for years.
Identity provider Okta confirmed an attacker accessed support-case files belonging to all customers of its main support system, escalating disclosures originally limited to 1 percent of customers.
Uber confirmed an attacker linked to the Lapsus$ crew compromised an external contractor and used an MFA-fatigue 'push spam' attack to bypass multi-factor authentication, gaining access to internal Slack, GCP, AWS, and SentinelOne consoles.
A threat actor identified as UNC5537 is monetizing data stolen from at least 165 Snowflake customer tenants by abusing valid credentials harvested by infostealer malware against accounts lacking multi-factor authentication.