DataBreachToday.com

Airport Baggage Carousels Are Weapons, in the Right Hands
Consider the airport baggage carousel. It's big, clunky and tedious to wait by. But look at it like a war planner does, and it's suddenly very different: An almost certainly poorly secured technology system that foreign adversaries could exploit to disrupt military mobilization across the United States.

March Breach Affected Nearly 5.6 Million; NextGen Proposed Settlement Also Reached
Connecticut's largest healthcare network - Yale New Haven Health System - has agreed to pay $18 million to settle class action litigation filed in the aftermath of a March hack affecting nearly 5.6 million people. The incident ranks as the biggest health data breach reported so far in 2025.

Pension Funds Say Fortinet Leaders Misled Market With Overly Rosy Refresh Outlook
Public pension funds filed securities fraud lawsuits claiming Fortinet misled investors by overstating the value and timing of a major firewall refresh cycle. The lawsuits allege the refresh involved outdated products and had limited business impact, contradicting Fortinet's upbeat public messaging.

Forrester's Brent Ellis and Dario Maisto on Lessons Learned for Large Enterprises
The cascading outage across the U.S. East Coast triggered this week by a domain name system failure in an AWS DynamoDB service demonstrates the risks of deep architectural dependencies and the challenges of building true multi-region cloud resilience, said Forrester's Brent Ellis and Dario Maisto.

Also: Astra Nova RVV Token Plummets, Canada Fines Cryptomus $126M
This week, U.S. President Donald Trump pardoned Changpeng Zhao, Astra Nova RVV token plummeted, an investor lost $3M in a wallet breach linked to Huione Group, Canada fined Cryptomus, a U.K. regulator sued HTX over illegal crypto promotions and hacked LuBian wallets moved $1.8B in bitcoin.

Proposed Acquisition Aims to Merge Internal Risk Data With External Threat Signals
Dataminr will acquire ThreatConnect, combining public data detection with internal intelligence to give CISOs an AI-powered, context-aware response platform. The deal is producing results for shared customers and is central to Dataminr's push toward predictive, client-specific cybersecurity tools.

Regulators Want to Know If Insurer Delayed Notifying 462,000 Affected Members
Montana regulators are investigating a breach affecting 462,000 Blue Cross Blue Shield of Montana members involving one of the insurer's service providers. The vendor, Conduent, in April notified the SEC that the data theft affected numerous clients and a "significant number" of people.

Also, Envoy Air Confirms Data Compromise Following Clop Extortion Campaign
This week, Qilin didn't hack a Spanish tax agency, Nexperia standoff, Envoy Air confirmed a data compromise, Experian Netherlands fined 2.7M euros, ToolShell used to breach global networks, flaws in TP-Link Omada and Festa VPN routers and a New York firm settled a cybersecurity investigation.

AI-Powered Threats Demand AI-Driven Defense
As AI reshapes the cyber battlefield, CISOs face unprecedented pressure to defend at machine speed. Discover how agentic AI and deep observability are transforming defense from detection to foresight.

Foundation for Defense of Democracies Warns Against Aligning With New Cyber Treaty
The United Nations' cybercrime treaty, shaped by Russian and Chinese influence, could legitimize global digital repression by enabling prosecutions of journalists, activists and researchers under vague terms - despite U.S. opposition and mounting civil society alarm, analysts warned Thursday.

AI agents are reshaping how we buy and pay online. Discover how agentic commerce is redefining trust, transparency, and control in the next era of digital payments.

Microsoft Says Hackers Pivoting to Identity Compromise
Hackers are as likely to log in as break in, warns Microsoft in an annual assessment of cyberthreats. During the first half of 2025, identity-based attacks rose by 32% due to credentials stolen by infostealers or password and email combinations plucked from bulk data breaches.

Cyber Professionals Can Follow 2 Different Careers Paths to Training and Education
When I first began working in cybersecurity education, my background was in teaching, not security operations. Over time, I came to appreciate that this field attracts professionals from both directions - those who begin in education and learn cybersecurity, and those who bring years of industry experience into the classroom.

Financial Loss Tied to the Hack Estimated at 1.9B Pounds
The hack of Jaguar Land Rover will likely cost the British economy 1.9 billion pounds, making it the single most expensive cyber incident to have occurred in the United Kingdom. That number could go up if hackers damaged the operational technology controlling assembly lines.

HITRUST's Tom Kellermann on Third-Party Risk, Defending Against Persistent Access
Island hopping, AI poisoning and access mining are reshaping cyber risk. Tom Kellermann of HITRUST says organizations must modernize third-party risk management practices and assess AI environments to stop attackers from using trusted infrastructure as a launch pad for broader campaigns.

2023 Data Theft Affected Nearly 887,000 Patients
A radiology practice that has been serving patients in North Carolina for about 70 years agreed to pay more than $3.4 million to settle proposed class action litigation filed in the wake of a 2023 hacking incident that compromised the sensitive information of nearly 887,000 individuals.