DoorDash hit by new data breach in October exposing user information

• DoorDash disclosed a data breach that occurred on October 25, 2025, affecting millions of customers across the U.S., Canada, Australia, and New Zealand.
• The incident was caused by a DoorDash employee falling victim to a social engineering scam, allowing unauthorized third parties to access user contact information.
• The compromised data includes first and last names, physical addresses, phone numbers, and email addresses of consumers, Dashers, and merchants. DoorDash’s incident response team immediately shut down unauthorized access upon detection and launched an investigation with law enforcement involvement.
• The company has deployed enhanced security systems, implemented additional employee training, and engaged leading cybersecurity forensic firms.
• This marks DoorDash’s third notable security incident, following breaches in 2019 affecting 5 million users and 2022 linked to Twilio attackers.
• The company took 19 days to notify affected users, drawing criticism for the delayed response.

*Source

Logitech confirms data breach after Clop extortion attack

• Hardware giant Logitech confirmed a data breach claimed by the Clop extortion gang, with almost 1.8 TB of data allegedly stolen from the company.
• The breach occurred through a third-party zero-day vulnerability that was patched as soon as a fix became available.
• The stolen data likely includes limited information about employees and consumers, as well as data relating to customers and suppliers, though Logitech states that sensitive information such as national ID numbers or credit card information was not accessed as it wasn’t stored in the breached systems.
• The incident was part of Clop’s Oracle E-Business Suite data theft campaign from July 2025, exploiting CVE-2025-61882. Logitech promptly took steps to investigate and respond with assistance from leading external cybersecurity firms.
• The company filed a Form 8-K with the U.S. Securities and Exchange Commission confirming the data exfiltration.
• Despite the breach, Logitech’s products, business operations, and manufacturing were not impacted.

*Source

Checkout.com snubs hackers after data breach, to donate ransom instead

• UK financial technology company Checkout.com was breached by the ShinyHunters threat group, who gained unauthorized access to a legacy third-party cloud file storage system used in 2020 and earlier years.
• The stolen data affects less than 25% of Checkout.com’s current merchant base but extends to past customers as well.
• The compromised information includes merchant data from 2020 and earlier, internal operational documents, and onboarding materials.
• Checkout.com serves major businesses including eBay, Uber Eats, adidas, IKEA, Samsung, and others, handling billions in merchandise revenue.
• The company refused to pay the ransom demand and instead committed to donating the equivalent amount to Carnegie Mellon University and the University of Oxford Cyber Security Center for cybercrime research.
• Checkout.com has strengthened security measures and implemented better customer protection protocols.
• The breach method and specific third-party cloud storage system were not disclosed by the company.

*Source

Jaguar Land Rover cyberattack cost the company over $220 million

• Jaguar Land Rover reported that a cyberattack announced on September 2, 2025, cost the company £196 million ($220 million) in Q2 2025.
• The attack, claimed by the Scattered Lapsus$ Hunters cybercrime group, forced the British carmaker to shut down production at major plants and send staff home for weeks.
• Data was confirmed stolen during the cyberattack, causing severe disruption to the company’s financial and market position.
• The UK Government intervened on September 29, 2025, approving a £1.5 billion loan guarantee to help restore JLR’s supply chain and restart production.
• Production resumed by October 8, 2025, following a phased approach.
• The cyberattack significantly impacted JLR’s profits, with loss before tax reaching £485 million for Q2, down from a £398 million profit the previous year.
• The Bank of England cited the JLR cyberattack as a key reason for the UK’s weaker-than-expected GDP in Q3 2025.
• Despite disruptions, JLR maintained its £18 billion investment spending over five years from FY24.

*Source

Synnovis notifies of data breach after 2024 ransomware attack

• UK pathology services provider Synnovis is notifying healthcare providers of a data breach following a ransomware attack in June 2024, linked to the Qilin ransomware operation.
• The stolen data includes personal information such as NHS numbers, names, dates of birth, and test results that could be matched to individuals, though most information requires clinical knowledge to interpret.
• The attack had major impact on NHS hospitals in London, including King’s College Hospital, Guy’s Hospital, St Thomas’ Hospital, Royal Brompton Hospital, and Evelina London Children’s Hospital.
• Over 800 planned operations and 700 outpatient appointments were canceled, and blood shortages occurred in London.
• Synnovis completed its forensic investigation after over a year, using specialized platforms and bespoke processes to piece together the fragmented stolen data.
• The company refused to pay ransom, following a joint decision with NHS Trust partners reflecting ethical principles and rejection of funding cybercriminal activities.
• Synnovis secured a legal injunction against further data use and is providing support to affected organizations for patient impact analysis.

*Source

Washington Post data breach impacts nearly 10K employees, contractors

• The Washington Post notified nearly 10,000 employees and contractors that their personal and financial data was exposed in an Oracle E-Business Suite data theft attack between July 10 and August 22, 2025.
• Threat actors exploited a zero-day vulnerability (CVE-2025-61884) in Oracle’s software, later linked to the Clop ransomware group’s extortion campaign.
• The compromised data includes full names, bank account numbers and routing numbers, Social Security numbers, and tax and ID numbers of 9,720 employees and contractors.
• The investigation concluded on October 27, 2025, after Oracle disclosed the security vulnerability during the news organization’s breach investigation.
• Affected individuals received 12-month free identity protection service coverage through IDX and recommendations to place security freezes on credit files and set up fraud alerts.
• The Washington Post launched a thorough investigation with expert assistance immediately after being contacted by attackers on September 29, 2025.
• This incident occurred shortly after another cyberattack in June where journalists’ email accounts were compromised by foreign state actors.

*Source

GlobalLogic warns 10,000 employees of data theft after Oracle breach

• GlobalLogic, a digital engineering services provider and part of the Hitachi group, notified over 10,000 current and former employees of data theft in an Oracle E-Business Suite breach.
• Attackers exploited an Oracle EBS zero-day vulnerability between July 10 and August 20, 2025, with data exfiltration identified on October 9, 2025.
• The stolen data includes names, addresses, phone numbers, emergency contact information, email addresses, dates of birth, nationalities, countries of birth, passport information, national identifiers, Social Security numbers, salary information, and bank account details.
• The incident was linked to the Clop ransomware gang’s Oracle E-Business Suite data theft campaign exploiting CVE-2025-61882.
• GlobalLogic confirmed that Clop is taking credit for the incident, though the company has not been added to Clop’s leak site, suggesting ongoing negotiations.
• The breach affected only GlobalLogic’s Oracle platform containing HR information, with other systems remaining unimpacted.
• This incident is part of a broader campaign affecting dozens of organizations, with the U.S. State Department offering a $10 million bounty for information linking Clop’s attacks to foreign governments.

*Source