DataBreachToday.com

Incident Is Largest Health Data Breach Reported So Far to Feds in 2025
Yale New Haven Health System is notifying more than 5.5 million patients that their information was potentially among data stolen in a March hack. The incident, which is among several other recent major hacks, ranks is the largest health data breach reported to federal regulator so far this year.

Void Dokkaebi Campaigns Using Russia for Cryptocurrency Theft
North Korean hackers look north toward Russia for the internet infrastructure behind the many online scams that Pyongyang has built to funnel stolen cash into the rouge nation. Void Dokkaebi hackers participate in the North Korean scam of social engineering IT job seekers.

Hackers Deploying Infostealers for Data and Credential Theft
Hacks targeting cloud infrastructure rose significantly last year, with attackers exploiting misconfiguration and single sign-on features to deploy infostealers for data and credential theft. Hackers target centralized cloud assets secured with single sign-ons.

Experts Say White House AI Plan May Spur Innovation But Leave School Data at Risk
The White House issued an executive order Wednesday to expand the use of new artificial intelligence tools in U.S. K–12 schools, drawing expert warnings over the lack of cybersecurity safeguards to prevent data leaks or misuse by AI firms for model training.

AI-Powered Tools Protect Containerized Environments Against Sophisticated Attacks
Container security experts skilled in AI-driven defense tools are becoming critical as organizations rely more on containerized applications. These experts must contend with ephemeral workloads, secure CI/CD pipelines and implement real-time anomaly detection to protect cloud-native environments.

2019 Phishing Incident at California-Based PIH Health Affected Nearly 190,000
A regional healthcare network with three California hospitals serving Los Angeles and Orange Counties has agreed to pay federal regulators $600,000 and implement a corrective action plan to resolve potential HIPAA violations identified during an investigation into a 2019 phishing breach.

Series D Round Comes at $3.5B Valuation, Fuels Product Expansion Beyond Containers
Chainguard’s $356 million Series D haul will help it push beyond securing containers to protecting virtual machines and language libraries. CEO Dan Lorenc says customers want security that scales with open-source adoption, especially amid rising software supply chain threats.

European Commission Also Fines Apple 500 Million Euros
European regulators said Facebook conducted an end run around privacy regulations by requiring users to pay a monthly subscription fee or else accept that their personal data would be fed to advertisers. The European Commission fined the social media giant 200 million euros.

Breach Victim Tally Soars Since Firm Filed an Initial Breach Report in Early April
Kelly Benefits is notifying nine large clients and nearly 264,000 individuals that their sensitive personal information was potentially compromised in a December data theft incident. The tally of affected people has climbed eight-fold since the company's first estimate earlier this month.

Expert Lauds 'Textbook Cyber Crisis Communications' as M&S Details Some Disruption
It's rare to see a corporation lauded for its hacking incident communications, but British retailer Marks & Spencer has executed an admirable version of what informing the world of bad news should look like. M&S notified customers directly about the cybersecurity incident.

Bureau Endorses Enhanced Information Sharing With Global Allies to Curb Cybercrime
The FBI strongly supported recent efforts to expand information sharing with international partners and launch new efforts to curb global cybercrime, including working with Indian authorities to combat cyber-enabled financial crimes and transnational call center fraud.

Acquisition Adds Expert Team, Reachability Analysis Tech to Socket's Security Stack
With Coana's team and tools, Socket aims to strengthen its platform's ability to identify actionable vulnerabilities. The integration will help security teams eliminate busywork, focusing on high-impact issues using precomputed reachability data from open source codebases.

Faces Two Counts of Oklahoma Computer Crime Act Violations
The CEO of a small cybersecurity firm is facing two counts of violating Oklahoma's Computer Crimes Act in a case alleging that he walked into an Oklahoma City hospital and installed malware on employee computers. The case echoes other alleged hospital security incidents.

Hackers Targeted Critical Infrastructure for Sabotage, Data Theft
Russian and Chinese hackers targeted critical infrastructure in the Netherlands for strategic gains amid escalating tensions with Western governments, the Dutch intelligence agency said. The Netherlands witnessed a number of "cyberespionage attempts against the Dutch government."

Senior Advisers Behind 'Secure by Design' Step Down From CISA Amid Workforce Cuts
A wave of senior cybersecurity advisors is leaving the U.S. cyber defense agency amid government downsizing, raising concerns about broader national cyber defense capacities as White House plans to cut the size of the federal workforce deepens instability across critical agencies.

Ransom Threats to Be Reported Under New Australian Legislation
Australian organizations have 40 days to prepare for a new law requiring mandatory reporting of ransomware payments to authorities. The law covers about 6.5% of registered businesses which, starting May 30, must report ransomware payments within 72 hours to the Australian Signals Directorate.

Series B Investment to Boost AI, Expand Coverage Across IaaS, PaaS, SaaS, On-Prem
Data security startup Sentra has raised $50 million to expand its AI-powered classification, labeling and enforcement capabilities. With enterprise interest in secure AI adoption and risk mitigation rising, the firm will grow its team and expand support for cloud, SaaS and on-prem data governance.