Privacy
-
Princeton University discloses November 10 database breach affecting alumni and donors
Princeton University said a database was compromised on November 10 after a phishing attack on an employee, exposing names, contact details and biographical information of alumni, donors, students and staff; the university said the database did not generally contain Social Security numbers, passwords or financial information and has blocked the attackers’ access.
-
Eurofiber reports data stolen in cyberattack on its French business
Eurofiber said a November 13 cyberattack on its French business exploited a ticketing-platform vulnerability and resulted in stolen data; the company said banking information was not affected, the flaw is patched, and it has notified customers and French authorities.
-
AIPAC discloses data breach affecting 810 people, offers identity protection
AIPAC reported a criminal cyberattack in a November 2025 filing, saying files were accessed between October 2024 and February 2025 and that 810 people were affected; the organisation notified individuals, offered 12 months of identity protection, and said it implemented new security controls.
-
Washington Post breach exposes personal data of nearly 10,000 workers
The Washington Post notified 9,720 employees and contractors that their personal and financial information was exposed after attackers exploited a zero-day in Oracle E-Business Suite; the flaw (CVE-2025-61884) has been linked to the Clop group and other major organisations were also affected.
-
North Korean-linked group used Google device service to wipe South Korean Android phones
South Korean researchers say the North Korean-linked KONNI group abused Google’s device-management features to remotely factory-reset Android phones, using stolen credentials harvested via phishing and RATs spread over KakaoTalk.
-
Swedish privacy authority opens probe after Miljödata cyberattack that exposed up to 1.5 million people
Sweden’s privacy authority is investigating a cyberattack on Miljödata that exposed data tied to up to 1.5 million people. The breach disrupted municipal services, was posted on the dark web by the Datacarry group, and appears in Have I Been Pwned with roughly 870,000 affected records; IMY has prioritised probes of Miljödata and several municipalities.
-
Nikkei says Slack breach exposed personal information of more than 17,000 users
Nikkei said a Slack compromise exposed names, email addresses and chat histories for 17,368 people after attackers used credentials stolen from a malware-infected employee computer; the publisher voluntarily notified Japan’s data protection regulator and said no source-related material was affected.
-
Ribbon Communications says nation-state hackers breached its network; initial access traced to December 2024
Ribbon Communications disclosed a nation-state-associated breach of its IT network, detected in September 2025 with preliminary evidence of initial access in December 2024. The company is working with outside cybersecurity experts and federal law enforcement, has found customer files on two laptops outside its main network, and said it has not found evidence of theft…
-
Conduent says 2024 breach affected more than 10.5 million people
Conduent said a data breach first compromising its environment in October 2024 and discovered in January 2025 has impacted more than 10.5 million people, with state filings naming Oregon, Texas, Washington and Maine among those affected; exposed data reportedly included names, Social Security numbers and medical information.
-
UK data watchdog fines sole trader £200,000 over nearly 1m spam texts targeting people in debt
The Information Commissioner’s Office fined Bharat Singh Chand £200,000 after finding he sent 966,449 unsolicited texts about debt and energy grants from hundreds of numbers; the ICO said the messages lacked sender identification, prompted calls from a firm calling itself The Debt Relief Team, generated more than 19,000 complaints and that Chand has appealed the…
