The New York Times reports: Some of the nation’s biggest banks were scrambling on Saturday night to assess the fallout from a large-scale hack of a vendor whose compromise could expose sensitive customer data. The vendor, SitusAMC, has been deployed by hundreds of banks and other lenders to help originate and collect money from real […]
Bleeping Computer reports: American cybersecurity firm CrowdStrike has confirmed that an insider shared screenshots taken on internal systems with hackers after they were leaked on Telegram by the Scattered Lapsus$ Hunters threat actors. However, the company noted that its systems were not breached as a result of this incident and that customers’ data was not […]
The Record reports: Cloud giant Salesforce warned customers of a potential data breach on Wednesday evening after discovering “unusual activity” related to a third-party application called Gainsight. Salesforce posted a message on its website saying an investigation revealed that the activity “may have enabled unauthorized access to certain customers’ Salesforce data through the app’s connection.” Gainsight is […]
TORONTO, ON (November 18, 2025) — Ontario and Alberta information and privacy commissioners have released the findings of their investigations into a massive privacy breach involving PowerSchool education technology (edtech) used by schools in their respective provinces. The incident, which affected millions of Canadians across the country, highlights the importance for educational bodies, including school boards, […]
DataBreaches.net reports that Doctor Alliance, a business associate to covered entities in the healthcare sector, recently fell prey to a cyberattack that allegedly comprised 353 GB of patient files. Making matters even worse, after assuring clients that the vulnerability had been addressed and everything was secure, it was attacked again by the same threat actor […]
PC Mag reports: The Washington Post has confirmed it fell victim to a large-scale cybercrime campaign that targeted Oracle’s business applications, joining Harvard University and American Airlines-owned carrier Envoy, which announced similar breaches last month. The news, first reported by Reuters, comes after Google said in October that it believes around 100 companies were affected by the hacking campaign, and that “large amounts […]
The Cyber Security Hub Newsletter reports: British retail giant Marks & Spencer (M&S) has officially ended its long-standing partnership with Indian IT services leader Tata Consultancy Services (TCS) after suffering one of the most damaging cyberattacks in its history. The high-profile breach, which occurred earlier this year, is estimated to have cost the company around […]
Bank Info Security reports: Montana state regulators are investigating a data breach affecting 462,000 Blue Cross Blue Shield of Montana members involving one of the health insurer’s third-party services providers – and they want to know why nearly 10 months have gone by without notifying the breach victims. It took nearly four months for the […]
Given how many breaches are at third-party service providers this year, guidance on dealing with vendors with an eye towards cybersecurity seems timely. October 21, 2025 New York State Department of Financial Services (DFS) Acting Superintendent Kaitlin Asrow today issued new cybersecurity guidance addressing the risks associated with entities becoming increasingly reliant on third-party service […]
The Sun reports: RUSSIAN cybercriminals have stolen hundreds of military documents and posted them on the dark web in a ‘catastrophic’ hack. The security breach compromised eight RAF and Royal Navy bases as well as emails and names of Ministry of Defence staff, as reported in The Mail on Sunday. The breach has been labelled ‘catastrophic’ and the MoD are investigating the […]
