SK Telecom Files Lawsuit to Revoke Record 135 Bln-Won Fine over Data Breach
South Korea’s largest mobile carrier, SK Telecom, has filed a lawsuit with the Seoul Administrative Court to overturn a record 135 billion‑won (US$91 million) fine imposed by the Personal Information Protection Commission for a massive data breach. The breach, disclosed belatedly, exposed universal subscriber identity module (USIM) data belonging to its 23 million customers, prompting the company to provide free USIM replacements. The fine was levied four months after the leak became public, and the company filed the suit a day before the regulator’s revocation deadline. The case underscores heightened regulatory scrutiny of data‑privacy enforcement in the telecom sector.
How Crypto Criminals Stole $700 Million From People – Often Using Age-Old Tricks
Crypto criminals are increasingly buying stolen consumer databases to pinpoint high‑net‑worth individuals and siphon cryptocurrency. A breach at luxury conglomerate Kering exposed millions of shopper records, which a hacker purchased for $300,000 and cross‑referenced with other leaks. Using the combined...
UK: Secret Gagging Order Should Not Have Been Used to Cover up Afghan Data Breach, Sir Ben Wallace Says
Former defence secretary Sir Ben Wallace criticised the use of a secret gagging order to conceal a massive data breach at the Ministry of Defence that exposed the personal details of thousands of Afghan collaborators. The breach occurred after an...
2025: Double the Breaches, but Less Patient Data Compromised
In 2025 the healthcare sector saw breach incidents more than double, yet the total number of patient records exposed dropped sharply. The Fortified Health Security report, based on HHS OCR data, its own NIST Cybersecurity Framework assessments, and incident‑response experience,...
UK: North West Ambulance Service’s Increased Breach Reports May Reflect Better Reporting
North West Ambulance Service NHS Trust disclosed nearly 400 data‑breach incidents over the past three years, with reports climbing from 75 breaches in 2022/23 to 143 the following year and 172 in the most recent period. Confidentiality failures dominated, accounting...
4 in 5 Small Businesses Had Cyberscams Last Year, Almost Half Were AI Powered
A recent Identity Theft Resource Center survey shows that four out of five small businesses experienced a cyber‑scam or breach in the past year, with almost half of those attacks powered by artificial intelligence. The study found that 38% of...
Japanese Nuclear Regulator Employee Loses Phone Containing Sensitive Info in China
Japan’s Nuclear Regulation Authority disclosed that an employee lost a government‑issued smartphone while on a personal trip to China in November. The device contained a database of contact information for senior nuclear officials, plant operators, and emergency responders, classified as...
A Faceless Hacker Stole My Therapy Notes – Now My Deepest Secrets Are Online Forever
Finnish psychotherapy provider Vastaamo suffered a massive data breach, exposing personal and therapy records of about 33,000 patients. Hackers contacted victims, demanding Bitcoin payments under threat of publishing the sensitive information. In September 2025, a Helsinki court released the alleged...
Jordanian Man Admits Selling Unauthorized Access to Computer Networks of 50 Companies
Jordanian national Feras Albashiti, operating under several aliases, pleaded guilty in U.S. federal court to acting as an access broker. He sold unauthorized network credentials for at least 50 companies to an undercover officer in May 2023, receiving payment in...
Act Now: Survey on Threats Researchers and Journalists Experience Ends January 18
A new survey by DataBreaches.net and Zack Whittaker seeks to document threats faced by cybersecurity researchers and journalists, closing on January 18. The call follows recent high‑profile incidents, including an FBI raid on Washington Post reporter Hannah Natanson and court‑ordered injunctions that...
Website that Leaked Thousands of ICE Agents’ Personal Information Is Down After DDoS Attack
A Netherlands‑based activist’s site, ICE List, which published personal details of thousands of Immigration and Customs Enforcement and Border Patrol officers, was knocked offline by a large‑scale distributed denial‑of‑service attack on Tuesday. The site’s founder, Dominick Skinner, believes the assault...
HHS OCR Comments on Its 2026 Priorities
The HHS Office for Civil Rights (OCR) released its 2026 enforcement roadmap, highlighting four priority areas: continuing the HIPAA Privacy Rule Right of Access initiative, expanding the Security Rule Risk Analysis to broader risk management, intensifying hacking and ransomware actions,...
JPMorgan Claims Ex-Advisor In Fla. Stole Trade Secrets To Poach Clients For LPL
JPMorgan has filed a federal lawsuit seeking a temporary restraining order against former private‑client advisor Kevin J. Sercia. The bank alleges Sercia accessed roughly 175 client profiles on its Advisor Central system after hours and stole confidential information to solicit...
Data Protection Agency Tells Coupang to Stop Publishing Unconfirmed Information About Data Breach
South Korea’s Personal Information Protection Commission (PIPC) has ordered e‑commerce giant Coupang to stop publishing its own findings about a recent data breach that exposed personal information of millions of users. The regulator warned that unverified disclosures could mislead consumers...
Eurail Passengers Taken for a Ride as Data Breach Spills Passports, Bank Details
Eurail confirmed a data breach that exposed personal information of customers, particularly those who received passes through the EU‑funded DiscoverEU programme. The breach potentially includes passport numbers, issuance details, and bank information, though direct‑purchase customers’ passports were not stored visually....
Personal Details of Thousands of Border Patrol and ICE Agents Allegedly Leaked in Huge Data Breach
A whistleblower allegedly released personal data on roughly 4,500 ICE and Border Patrol employees, including about 2,000 frontline agents, after the Jan. 7 shooting of Renee Nicole Good. The leak, posted on the volunteer‑run ICE List site, contains names, work emails,...
NY: Southold Laserfiche Access Remains Suspended After Cyberattack
Southold, New York, has kept its Laserfiche online record‑keeping system offline for more than six weeks after a cyberattack on Nov. 24 compromised its servers. The town announced that public access will remain suspended with no clear restoration timeline. To remediate,...
Antwerp’s AZ Monica Hospital Hit by Cyber Attack
AZ Monica hospital in Antwerp suffered a cyber attack on Tuesday, forcing a shutdown of computer systems at its Deurne and Harmonie campuses. The breach was detected at 6:30 am, prompting staff to power down servers and initiate an investigation by...
Armenia Probes Alleged Sale of 8 Million Government Records on Hacker Forum
Armenian authorities have launched a probe after a hacker identified as dk0m claimed to be selling eight million government records on a dark‑web forum. The data allegedly originates from a state notification system that distributes legal and administrative notices. Officials...
Massive Cyberattack on Polish Power System in December Failed, Minister Says
Poland’s power grid endured its biggest cyberattack in years during the last week of December, according to Energy Minister Milosz Motyka. The operation attempted to sever communication links between renewable energy installations and distribution operators, but was ultimately thwarted with...
Dutch Court Sentences Hacker Who Used Port Systems to Smuggle Cocaine to 7 Years
An Amsterdam appeals court sentenced a 44‑year‑old hacker to seven years in prison for facilitating cocaine smuggling through European ports. The defendant installed malware via a USB stick on a terminal employee’s computer, creating a backdoor that allowed the criminal...
Another Plastic Surgery Practice Fell Prey to a Cyberattack with Extortion Attempt
Patients of Manhattan plastic surgeon Dr. Richard Swift discovered that a malware attack last year exposed nude photographs, Social Security numbers, and medical records of at least 22 clients. The data appeared on a Russian‑hosted leak site, and the attackers...
Second NZ Health Provider, Canopy Health, Reveals Cyberattack
Canopy Health, New Zealand's largest private oncology provider, disclosed a cyberattack that occurred on 18 July 2025 but only notified patients and the public six months later. The breach involved unauthorized access to an administrative server, with forensic experts indicating that data...
CrazyHunter Ransomware Escalates with Advanced Intrusion Tactics, Six Taiwan Healthcare Victims Confirmed
CrazyHunter ransomware has rapidly evolved, employing multi‑vector intrusion tactics that bypass traditional defenses. Trellix’s research confirms six Taiwanese healthcare organizations have been breached, exposing patient data and operational systems. The group now combines encryption with data exfiltration, demanding double‑extortion payments....
Illinois Man Charged in Snapchat Hacking Investigation
Illinois resident Kyle Svara was indicted in Boston federal court for phishing Snapchat access codes from roughly 570 women, accessing at least 59 accounts, and stealing nude images. He allegedly sold or traded the illicit content on internet forums. The...
Methodist Homes of Alabama and Northwest Florida Is Notifying Residents and Employees of Its Second Data Breach in Seven Months.
Methodist Homes of Alabama and Northwest Florida disclosed a second data breach, stemming from a compromised employee email account accessed between May 8 and May 21, 2025. The breach exposed personal identifiers such as Social Security numbers, dates of birth, Medicare numbers, and...
HIPAA Compliance and Breach Communications: Helpful Tips for SMBs
North Country Communications launched a consultancy on Dec. 15 to help small and mid‑size HIPAA‑regulated entities meet privacy, security, and breach‑notification requirements. The firm offers granular, on‑site or virtual assessments that cover risk analyses, vendor contracts, website security, and state law...
Desjardins Data Breach: Quebec Suspect Arrested in Spain
Quebec police announced the arrest of Juan Pablo Serrano, a Canadian fugitive linked to the multimillion‑dollar Desjardins data breach, in Spain on November 6, 2025. Serrano faces charges of fraud, identity theft and trafficking in personal information, and will be extradited to Canada...
A Hacker, Known as Martha Root, Takes Down a White Supremacist Dating Site Live
At the Chaos Communication Congress, German hacker known as “Martha Root” publicly dismantled a white‑supremacist dating website. Dressed as a pink Power Ranger, she demonstrated live how she had breached the platform, downloaded every user profile, and ran an AI...
Ca: Leduc County Target of Christmas Day Cybersecurity Attack
Leduc County in Alberta disclosed that a deliberate ransomware attack struck on December 25, disabling several of its information technology systems. The county became aware of the intrusion on Christmas Day and immediately initiated incident response protocols. While officials have...
Reminder: Survey on Threats Experienced by Journalists and Security Researchers
DataBreaches.net and security journalist Zack Whittaker have issued a reminder for cybersecurity journalists and researchers to complete a threat‑experience survey. The questionnaire captures legal actions, court orders, and violent intimidation faced while covering cybercrime. Participation is free via a Google...