Threats Tagged 'breach'

Healthcare technology company Xsolis, Inc. disclosed a data breach affecting approximately 1.4 million individuals. The breach resulted from a targeted phishing attack detected on January 22, 2026, which allowed unauthorized access to files containing personal and protected health information. Compromised data includes names, dates of birth, addresses, Social Security numbers, health insurance details, and medical treatment information. The company is not aware of any misuse of the stolen information. The incident was publicly disclosed in early June 2026 and added to the US Department of Health and Human Services data breach tracker.

Maine's official data breach notification portal allowed anyone to submit breach disclosures without verification, leading to fake breach reports being publicly posted. Notably, fraudulent notices impersonating Discord and VRChat were submitted, causing these companies to publicly deny the incidents. The portal has been taken offline while the Maine Attorney General's office reviews the situation. This lack of authentication in the submission process risks misinformation, reputational damage, and public panic.

Kodak confirmed a data breach involving unauthorized access to a limited amount of company data. The ShinyHunters extortion gang claimed responsibility, stating they stole over 2.2 million records containing customer personally identifiable information (PII) and internal corporate data. Kodak is investigating the incident with external cybersecurity experts and cooperating with law enforcement. The company has not disclosed how the attackers gained access or whether the internal network was breached. ShinyHunters has a history of targeting multiple organizations and extorting data. Kodak has not yet provided details on remediation or mitigation.

An Iranian threat actor group known as Ababil of Minab left a staging server publicly accessible, exposing data related to multiple victims including LA Metro. The exposed data includes over 5 GB of files such as SQL backups and SCADA configurations. This server leak revealed victim names and internal tooling used by the attacker. The breach was confirmed by LA Metro in April, but additional victims were not publicly disclosed until this server exposure. The incident highlights operational security failures by the attacker, leading to unintended data disclosure.

The Lapsus$ ransomware group is claiming to have compromised GitHub, although the breach has not been independently confirmed. Lapsus$ is known for previous high-profile attacks on companies like Nvidia, Microsoft, Samsung, and Uber. The claim includes alleged infostealer activity and compromised employee and user credentials. No ransom demand has been made, and the group states they may leak data if no buyer is found. The situation remains unverified and under investigation.

This entry references a service called Breach Detective, which is a search engine for breached credentials aggregated from multiple data leaks. The information provided is promotional and describes the service's capabilities to help users discover if their data has been compromised. There is no specific vulnerability or exploit detailed in the provided data. The source is a Reddit post linking to the Breach Detective website, with no technical details or evidence of an active breach or exploit.

France's government messaging app Tchap was breached after a single user account was compromised via social engineering. The attacker accessed public channels, scraping approximately 650,000 messages, data on over 73,000 accounts including email addresses and device metadata, and 13.5GB of documents and media. Private conversations remained protected by end-to-end encryption and were not accessed. The compromised account was quickly identified and blocked by French authorities. The breach highlights risks from mandatory adoption of the platform without proportional security review. The investigation is ongoing.

ServiceNow confirmed a security incident involving unauthorized access to some customer instances through a vulnerable API endpoint. The flaw allowed unauthenticated users to query customer instance data, which may include sensitive enterprise information such as IT tickets, employee records, and internal documentation. ServiceNow applied a security update on June 5, 2026, to restrict the vulnerable API endpoint to authenticated users only. Impacted customers have been notified via support cases. The issue primarily affected customers on the Australia platform release or those with certain configuration changes on older releases. No detailed public disclosure of the exploited data or technical specifics has been made yet.

SoFi has confirmed a data breach involving unauthorized access to a database at a third-party vendor supporting its Hong Kong subsidiary, SoFi Securities (Hong Kong) Limited. The breach was discovered on April 30, 2026, and the investigation is ongoing, with the company not yet knowing the full scope or specific data exposed. SoFi has engaged a third-party cybersecurity firm to respond and has implemented additional safeguards and monitoring. Customers have been advised to remain vigilant for phishing and suspicious activity, update passwords, enable two-factor authentication, and monitor accounts closely. The company has not disclosed the number of affected customers or the identity of the vendor involved. Support contact information has been provided for affected customers.

A Reddit post in the r/cybersecurity subreddit warns that the password manager Dashlane may have been breached. The post indicates that Dashlane has been quiet for several hours while investigating a potential issue. No official confirmation, technical details, or vendor advisories are available at this time. The poster advises users to change credentials for their most valuable accounts and to export stored credentials as a precaution. There is no evidence of confirmed exploitation or breach details.