SecureFact – Cyber Security News – Week of August 11, 2025

Google confirms data breach exposed potential Google Ads customers’ info

Google confirmed a data breach involving one of its Salesforce CRM instances.
The breach exposed business names, phone numbers, and related notes of potential Google Ads customers.
Payment information and core Ads data were not affected.
The threat actors, ShinyHunters and Scattered Spider, claim to have stolen approximately 2.55 million records.
Attackers used social engineering and malicious OAuth apps to gain access.
The attackers extorted Google, demanding 20 Bitcoins (~$2.3 million), but Google claims the ransom was not paid.
Google has acknowledged the use of new Python-based tools in these attacks.
The company is working to secure its Salesforce environment and has notified affected parties.

Nearly 870,000 current and former students, employees, applicants, and family members were affected.
The breach occurred in May 2025, with the attacker accessing and exfiltrating files from Columbia’s network.
Stolen data includes names, dates of birth, Social Security numbers, contact details, demographic info, academic history, financial aid, insurance, and health information.
Columbia University Irving Medical Center patient records were reportedly not affected.
The breach was discovered after a system outage on June 24, 2025.
The university has involved law enforcement and external cybersecurity experts.
Two years of free credit monitoring, fraud consultation, and identity theft restoration are being offered to those impacted.
The university is continuing to investigate and has notified authorities and affected individuals.

Attackers breached an external customer service platform used by Air France and KLM.
The breach resulted in unauthorized access to customer data, including names, emails, phone numbers, rewards program info, and recent transactions.
Financial and core personal information was reportedly not affected.
The airlines cut off attacker access and implemented new security measures.
Authorities in France and the Netherlands were notified.
Impacted customers are being informed and advised to be vigilant.
The incident is linked to a broader campaign targeting Salesforce instances.
The investigation is ongoing, and the number of affected individuals has not been disclosed.

The U.S. Federal Judiciary suffered a cyberattack on its electronic case management systems.
The breach potentially exposed sensitive information in sealed court filings.
The Judiciary is strengthening cybersecurity and access controls in response.
The attack was described as sophisticated and persistent.
The breach impacted multiple federal districts, including the CM/ECF and PACER systems.
The full severity was realized on July 4, 2025.
The Judiciary is working with courts to mitigate the impact on litigants.
The Department of Justice and Judiciary have not disclosed all details but confirmed ongoing mitigation efforts.

Bouygues Telecom suffered a data breach exposing personal information of 6.4 million customers.
The breach was the result of a cyberattack on the company’s systems.
Exposed data includes names, contact details, and customer account information.
The company has notified affected customers and relevant authorities.
Bouygues Telecom is working with cybersecurity experts to investigate the incident.
The company has implemented additional security measures to prevent recurrence.
No evidence of misuse of the data has been reported so far.
The incident is part of a broader trend of attacks on telecom providers.

Danish jewellery giant Pandora confirmed a data breach linked to ongoing Salesforce data theft attacks, exposing customer names, birthdates, and email addresses via a third-party platform connected to their Salesforce database.
Sensitive data such as passwords and financial information were not affected. The attacks began in early 2025, with criminals using phishing and social engineering to steal Salesforce credentials or trick employees into approving malicious OAuth apps, enabling data theft.
Stolen data is used to extort companies with ransom demands. Pandora stopped unauthorized access and strengthened security measures.
Salesforce stated its platform was not compromised but advised use of multi-factor authentication and careful app management.
Other affected companies include Adidas, Qantas, Allianz Life, and LVMH brands like Louis Vuitton and Dior.
The ShinyHunters extortion group is behind many breaches and continues threatening data leaks or sales if ransoms are unpaid.