DataBreachToday.com

Financial Loss Tied to the Hack Estimated at 1.9B Pounds
The hack of Jaguar Land Rover will likely cost the British economy 1.9 billion pounds, making it the single most expensive cyber incident to have occurred in the United Kingdom. That number could go up if hackers damaged the operational technology controlling assembly lines.

HITRUST's Tom Kellermann on Third-Party Risk, Defending Against Persistent Access
Island hopping, AI poisoning and access mining are reshaping cyber risk. Tom Kellermann of HITRUST says organizations must modernize third-party risk management practices and assess AI environments to stop attackers from using trusted infrastructure as a launch pad for broader campaigns.

2023 Data Theft Affected Nearly 887,000 Patients
A radiology practice that has been serving patients in North Carolina for about 70 years agreed to pay more than $3.4 million to settle proposed class action litigation filed in the wake of a 2023 hacking incident that compromised the sensitive information of nearly 887,000 individuals.

CISA Budget and Staffing Cuts Undermine National Cyber Readiness, Officials Warn
Federal cybersecurity reforms have regressed for the first time since 2020, as staffing cuts, diminished agency authority and lost momentum threaten U.S. cyber resilience, according to the Cyberspace Solarium Commission’s 2025 report, which urges immediate action from the White House and Congress.

Proposed Acquisition Would Create Unified View of AI-Ready Data Environments
Veeam's proposed acquisition of Securiti AI for $1.725 billion addresses a long-standing disconnect between where data runs and where it's protected. The move enhances AI governance and posture management while supporting Veeam's vision for end-to-end data control.

Pen Tests Find States Thwart Basic Attacks But Are Vulnerable to Sophisticated Ones
Pen testing of 10 Medicaid management and enrollment systems found that while the nine states and one territory implemented "generally effective" security controls to prevent limited cyberattacks, improvements are needed to protect against more sophisticated attacks, said a watchdog agency report.

Russian Intel Hackers Flexible in Face of Detection
Russia-linked threat group COLDRIVER rapidly replaced its exposed malware with a stealthier PowerShell variant, using fake CAPTCHA prompts and cryptographic key-splitting to evade detection and escalate surveillance on NGOs, dissidents and policy experts, according to new research.

NTLM Reflection Attack Strikes Again
A three-month old flaw in a network protocol for file sharing used by Microsoft is under active exploitation, warns the U.S. Cybersecurity and Infrastructure Security Agency. The flaw's exploitation bypasses mitigations Microsoft has built over the years to prevent NTLM reflection attacks.

Silicon Valley Startup Focuses on Discovery and Governance of Non-Human Identities
With $30.75 million in Series B funding, Defakto aims to strengthen non-human identity security across AI workloads and cloud platforms. The Silicon Valley-based startup plans to deepen discovery, governance and enterprise integrations, while expanding its go-to-market strategy.

Active Measures Teams Rapidly Springboarding From Current Events, Find Researchers
After Russian drones violated Polish airspace last month, multiple pro-Kremlin information operations teams sprang into action to advance pro-Moscow narratives that distorted the facts, as part of a hybrid operation designed to destabilize Poland, and NATO support for Ukraine, said experts.

Ransomware Group Lynx Reportedly Stole 4TB of Data
The U.K. Ministry of Defense is investigating an apparent data breach by Russian-speaking ransomware hackers of a building facilities contractor with ties to the military. The Lynx ransomware group posted on its darkweb site samples of what it says is 4 terabytes of data stolen from the Dodd Group.

IT Systems, Radiology Services Taken Offline; Ambulance Patients Diverted
A North Central Massachusetts nonprofit healthcare system with two community hospitals, a medical group and several other care facilities has taken its IT network offline and is diverting ambulance patients as it continues to respond to a cyberattack that hit last week.

Attack Began With Citrix NetScaler Gateway Compromise, Darktrace Said
The Chinese cyberespionage hackers commonly tracked as Salt Typhoon haven't stopped their campaign against global telecoms, says managed threat detection firm Darktrace. The group has made telecoms and other digital infrastructure a primary target.

NSO Group Blocked From WhatsApp and Must Destroy Code Used to Hack 1,400 Devices
A federal judge issued a permanent injunction barring NSO Group from using or retaining its WhatsApp spyware exploit, citing national security risks and business harm after the manufacturer's tools compromised 1,400 devices - some allegedly linked to journalists and officials.

Chaos Theory and Ransomware's Love Child Serves Up Nonstop Unpredictability
All is not quiet on the ransomware front. Long the province of Russian criminals, numerous ransomware campaigns now trace to reckless Western teenagers operating under the banner of Scattered Lapsus$ Hunters who wield not just technical and trickster chops, but also a chaos and unpredictability.

Among pressing issues facing healthcare providers and health IT vendors is how artificial intelligence enabled tools such as AI assistants might further facilitate patients' access to records as well as the transmission of records themselves, said attorney Alisa Chestler of law firm Baker Donelson.

Breach Notification Service Details Peer-to-Peer Lending Marketplace Victim Count
Hackers appear to have stolen personal information pertaining to more than 17 million individuals from peer-to-peer lending marketplace Prosper, including Social Security numbers, contact information and some income and financial details, says the Have I Been Pwned breach notification service.