Data Breach
-
Palo Alto Networks says Salesforce data exposed in breach tied to Salesloft Drift supply-chain attack
Palo Alto Networks disclosed a data breach linked to a broader Salesloft Drift supply-chain attack that exposed customer data in its Salesforce CRM. The incident involved OAuth token abuse, mass exfiltration of Salesforce records, and credential harvesting, prompting token revocation, Drift disablement, and guidance for customers to review logs and rotate secrets.
-
Zscaler confirms Salesforce data exposure tied to Salesloft Drift compromise amid wider Salesforce breach activity
Zscaler confirms a data breach tied to the Salesloft Drift supply-chain attack, exposing customer Salesforce data due to compromised Drift credentials. The company revoked Drift integrations, rotated tokens, and reinforced customer authentication while investigations continue; Google Threat Intelligence links UNC6395 to the broader campaign affecting Salesforce environments.
-
TransUnion breach affects 4.46 million; third-party app exposed personal data, not credit records
TransUnion disclosed a cyber incident affecting about 4.46 million individuals via a third-party application used by its US consumer-support operations. The breach did not touch core credit data, but exposed limited personal information, with victims offered two years of credit monitoring and fraud assistance.
-
Healthcare Services Group breach affects more than 624,000 individuals
Healthcare Services Group said a data breach exposed the personal information of more than 624,000 individuals, with unauthorized access occurring between Sept. 27 and Oct. 3, 2024 and notifications sent on Aug. 25, 2025. Data types varied but included identifiers and financial details; credit monitoring is being offered, and there is no current evidence of…
-
Farmers Insurance says 1.1 million customers affected by data breach tied to Salesforce attack wave
Farmers Insurance says 1.1 million customers were affected by a data breach at a third‑party vendor, tied to a broader Salesforce data‑theft campaign. The incident exposed names, addresses, birth dates, driver’s licenses, and last‑four digits of SSNs, with notices issued starting in August and Maine officials confirming more than 1.1 million total affected across notices.
-
Auchan data breach exposes loyalty data of hundreds of thousands of customers
French retailer Auchan disclosed a cyberattack that exposed the personal data of hundreds of thousands of loyalty-account holders, including names, addresses, emails, phone numbers, and loyalty card numbers, while bank data and PINs were not affected. The company has notified CNIL and urged vigilance against phishing.
-
DaVita ransomware breach exposes data of nearly 2.7 million people, OCR confirms
DaVita disclosed that a ransomware attack compromised the personal and health data of nearly 2.7 million people, with OCR confirming 2,689,826 affected and the company noting a possible 2.4 million. The breach exposed information from DaVita’s labs database, with the company offering credit monitoring to affected individuals as investigations continue.
-
Ransomware group Qilin claims 4TB data breach at Nissan CBI, leaking 3D designs and VR files
Ransomware group Qilin claims to have copied more than 4 terabytes of data from Nissan Creative Box Inc. (CBI), including 3D design data and VR files, threatening to release the material if demands are not met. Nissan has not yet commented on the claim, and experts caution that the breach, if verified, could threaten trade…
-
Nearly 1 Million Health Records Exposed in Ohio Medical Alliance Data Breach
Cybersecurity researchers say two unprotected databases linked to Ohio Medical Alliance exposed 957,434 patient records, including SSNs and driver’s-license images, in a breach that required immediate remediation and raises privacy and identity-theft concerns in the medical marijuana sector.
-
Orange Belgium reports data breach affecting about 850,000 customers
Orange Belgium says attackers accessed data from about 850,000 customer accounts in a July breach, exposing names, phone numbers, and related account details, while passwords and financial information were not accessed; customers are being notified by email or SMS and advised to watch for impersonation attempts.
