SecureFact – Cyber Security News – Week of November 10, 2025

The U.S. Congressional Budget Office confirmed a cybersecurity incident involving a suspected foreign hacker who breached its network.
The attack was discovered in recent days and officials believe it was detected early, though some data exposure is suspected.
The CBO provides lawmakers with economic analysis and cost estimates for proposed legislation, making this breach particularly concerning.
Emails and exchanges between congressional offices and CBO analysts may have been compromised. The agency acted quickly to contain the incident and implemented additional monitoring and security controls.
Some congressional offices have reportedly halted email communications with the CBO as a precautionary measure.
The FBI has been notified and is investigating the breach. This incident follows a series of cyber attacks on government agencies over the past year.

The State of Nevada published a detailed after-action report on a ransomware attack that occurred on August 24, 2025, impacting over 60 state agencies.
The attack disrupted essential services including websites, phone systems, and online platforms for 28 days.
The initial compromise occurred on May 14 when a state employee downloaded a trojanized system administration tool from a malicious advertisement.
The attacker accessed 26,408 files across multiple systems and prepared sensitive data for potential exfiltration, though no evidence of data publication was found.
On August 24, the attacker deleted all backup volumes and deployed ransomware on all servers hosting the state’s virtual machines.
Nevada refused to pay ransom and relied on 50 state employees working 4,212 overtime hours at a cost of $259,000.
External vendor support costs totaled over $1.3 million, but the state recovered 90% of impacted data within 28 days without paying criminals.

The University of Pennsylvania confirmed that hackers breached numerous internal systems related to development and alumni activities, stealing significant amounts of data.
The breach occurred on October 30 using compromised credentials obtained through social engineering attacks. Attackers accessed Penn’s Salesforce instance, Qlik analytics platform, SAP business intelligence system, and SharePoint files.
The hackers stole 1.71 GB of internal documents and Penn’s Salesforce donor marketing database containing 1.2 million records.
The stolen data includes personally identifiable information (full names, birthdates, addresses, phone numbers, email addresses), financial and donor data (gift histories, wealth ratings, lifetime commitment amounts), and employment details.
After access was revoked, the attackers used Penn’s Salesforce Marketing Cloud to send offensive mass emails to 700,000 recipients.
The university has notified the FBI and is working with CrowdStrike to investigate.
Penn is implementing enhanced security measures including employee training on social engineering attacks.

Hyundai AutoEver America, an IT consulting affiliate of Hyundai Motor Group, notified individuals that hackers breached the company’s IT environment and accessed personal information.
The company discovered the intrusion on March 1, but investigation revealed attackers had access since February 22.
HAEA provides IT solutions for the automotive industry, particularly for Hyundai and Kia affiliates, with 5,000 employees and systems used in 2.7 million cars.
The exposed data includes names, Social Security Numbers (SSNs), and driver’s licenses, though the full scope of affected individuals remains unclear.
The company immediately launched an investigation with external cybersecurity experts and worked with law enforcement.
The unauthorized activity was contained by March 2, 2025. No ransomware groups have claimed responsibility for the attack.
This incident adds to Hyundai’s recent cybersecurity challenges, including previous Black Basta ransomware attacks and data breaches in Europe.

The Swedish Authority for Privacy Protection is investigating a cyberattack on IT systems supplier Miljödata that exposed data belonging to 1.5 million people.
Miljödata supplies IT systems to roughly 80% of Sweden’s municipalities, making this breach particularly significant.
The attack was disclosed on August 25, with attackers stealing data and demanding 1.5 Bitcoin to prevent its release.
The breach caused operational disruptions affecting citizens in multiple Swedish regions including Halland, Gotland, Skellefteå, Kalmar, Karlstad, and Mönsterås.
The Datacarry threat group posted stolen data on the dark web in September, providing a 224MB archive with allegedly stolen information.
The exposed data includes names, email addresses, physical addresses, phone numbers, government IDs, and dates of birth.
Have I Been Pwned added the breach to its database, reporting 870,000 affected individuals. The Swedish privacy authority is prioritizing investigations of Miljödata and select municipalities, focusing on security measures and data handling practices, particularly concerning children’s data and protected identities.

Japanese publishing giant Nikkei announced that its Slack messaging platform was compromised, exposing personal information of over 17,000 employees and business partners.
Nikkei is one of the world’s largest media corporations, owning the Financial Times and The Nikkei financial newspaper, with approximately 3.7 million digital paid subscriptions.
Attackers gained access to employee Slack accounts using authentication credentials stolen after an employee’s computer was infected with malware.
The security breach was discovered in September, prompting immediate security measures including mandatory password changes.
The potentially leaked information includes names, email addresses, and chat histories for 17,368 individuals registered on Slack.
Despite the incident’s scale, Nikkei stated the stolen information doesn’t fall under Japan’s Personal Information Protection Law but voluntarily notified authorities.
The company confirmed no information related to confidential sources or reporting activities was compromised, and personal data collected for journalistic purposes remains secure.
This incident follows previous cybersecurity challenges including a 2022 ransomware attack on Nikkei’s Singapore subsidiary.