Data Breach
-
Major US banks review exposure after SitusAMC data breach
SitusAMC, a mortgage services vendor, said attackers accessed its systems in a breach discovered Nov. 12 and confirmed Nov. 22; major banks including JPMorgan, Citi and Morgan Stanley are reviewing potential customer data exposure while the FBI and the company continue an investigation.
-
Harvard discloses Alumni Affairs data breach after voice phishing attack
Harvard said systems used by its Alumni Affairs and Development office were accessed in a phone-based phishing attack discovered on Nov. 18, 2025, exposing contact and fundraising-related information for alumni, donors, students and staff; the university said no Social Security numbers, passwords, payment card or other financial data were in the compromised systems.
-
Salesforce revokes Gainsight app tokens after suspected unauthorized access
Salesforce revoked access tokens and removed Gainsight-published applications from the AppExchange after detecting activity that may have allowed unauthorised access to some customers’ data; investigations attribute the campaign to actors linked to the ShinyHunters group.
-
Almaviva confirms data theft after hacker posts 2.3TB claimed to include FS Italiane files
A hacker has posted 2.3TB of data it says was taken from Almaviva, an IT services provider that works with FS Italiane Group; Almaviva confirmed a breach and an investigation is ongoing, while it is unclear whether passenger data or other clients are affected.
-
French childcare payroll service reports data breach affecting up to 1.2 million people
Pajemploi said a cyberattack detected on November 14 may have exposed personal data for up to 1.2 million employees using its service, including names, birthplaces, addresses and social security numbers; the agency said IBANs, emails and phone numbers were not accessed and affected individuals will be notified.
-
Princeton University discloses November 10 database breach affecting alumni and donors
Princeton University said a database was compromised on November 10 after a phishing attack on an employee, exposing names, contact details and biographical information of alumni, donors, students and staff; the university said the database did not generally contain Social Security numbers, passwords or financial information and has blocked the attackers’ access.
-
Logitech discloses data breach tied to zero-day; Cl0p claims responsibility
Logitech disclosed a data breach in which a zero-day in a third-party platform was exploited and certain internal IT data was copied; Cl0p has claimed responsibility and Logitech said it does not expect the incident to materially affect its business.
-
Eurofiber reports data stolen in cyberattack on its French business
Eurofiber said a November 13 cyberattack on its French business exploited a ticketing-platform vulnerability and resulted in stolen data; the company said banking information was not affected, the flaw is patched, and it has notified customers and French authorities.
-
AIPAC discloses data breach affecting 810 people, offers identity protection
AIPAC reported a criminal cyberattack in a November 2025 filing, saying files were accessed between October 2024 and February 2025 and that 810 people were affected; the organisation notified individuals, offered 12 months of identity protection, and said it implemented new security controls.
-
Washington Post breach exposes personal data of nearly 10,000 workers
The Washington Post notified 9,720 employees and contractors that their personal and financial information was exposed after attackers exploited a zero-day in Oracle E-Business Suite; the flaw (CVE-2025-61884) has been linked to the Clop group and other major organisations were also affected.
