SecureFact – Cyber Security News – Week of August 18, 2025

Workday, a major HR software provider, disclosed a data breach after attackers accessed a third-party CRM platform via social engineering.
The breach exposed business contact information, including names, email addresses, and phone numbers of customers.
No customer tenants or internal Workday systems were compromised, according to the company.
The incident is linked to a broader campaign targeting Salesforce CRM instances, attributed to the ShinyHunters extortion group.
Other high-profile companies, such as Adidas, Qantas, Allianz Life, and Google, were also targeted in this campaign.
Attackers used malicious OAuth apps to exfiltrate company databases, later using the data for extortion.
Workday notified affected customers and is working with law enforcement and cyber experts.
The breach was discovered on August 6, 2025, and mitigation steps include customer notifications and enhanced monitoring.

Colt Technology Services suffered a cyberattack starting August 12, 2025, causing multi-day outages of hosting and support services.
The WarLock ransomware gang claimed responsibility, offering to sell one million stolen documents for $200,000.
Stolen data samples include financial, employee, customer, executive data, internal emails, and software development information.
Hackers reportedly stole several hundred gigabytes of customer data and documentation.
The attack forced Colt to take specific systems offline, impacting customer communication and support.
The breach is suspected to have exploited a Microsoft SharePoint zero-day vulnerability (CVE-2025-53770).
Colt notified authorities and is working with third-party cyber experts to restore systems.
No timeline for full restoration has been provided; customers are advised to expect delays.

The House of Commons is investigating a data breach after a cyberattack exposed employee information.
Attackers exploited a Microsoft vulnerability to access a database managing computers and mobile devices.
Stolen data includes names, job titles, office locations, and email addresses of employees.
The breach was reported to staff on August 11, 2025, with warnings about potential fraud and impersonation.
The Canadian Centre for Cyber Security is supporting the investigation.
The exploited vulnerability (CVE-2025-53770) has been used in other high-profile attacks.
No attribution to a specific threat group has been made yet.
Mitigation includes staff alerts, monitoring, and collaboration with national cyber authorities.

Manpower’s Lansing, Michigan franchise experienced a data breach between December 29, 2024, and January 12, 2025, affecting 144,189 individuals.
The breach was discovered on January 20, 2025, during an investigation into an IT outage. Attackers potentially accessed personal data such as names, Social Security numbers, passports, and other sensitive information.
The ransomware group RansomHub claimed responsibility, stating they stole 500GB of data. Manpower confirmed that the breach was isolated to the Lansing franchise’s independent data platform and did not affect the broader ManpowerGroup corporate network.
The company notified affected individuals in August 2025 and is offering one year of free credit monitoring and identity theft protection.
Manpower is cooperating with the FBI to hold the attackers accountable.

Royal Enfield experienced a ransomware attack in August 2025, where hackers fully compromised its corporate network by encrypting all servers and erasing backups.
The attackers exploited a zero-day vulnerability to gain access and demanded a ransom with a 12-hour deadline.
They also stole data and invited bids for it on encrypted messaging platforms.
The attack disrupted online ordering and workshop services, risking sensitive company and customer information.
Royal Enfield has acknowledged the breach and is working with cybersecurity experts and authorities to investigate.
Experts recommend isolating affected systems, validating backups, and enhancing security measures like multi-factor authentication.
This incident reflects the rising threat of sophisticated ransomware attacks in the manufacturing industry.

Connex Credit Union reported a breach affecting 172,000 members.
Attackers accessed or downloaded files containing personal and financial data.
Exposed data includes names, account numbers, debit card info, SSNs, and government IDs.
The breach occurred between June 2 and June 3, 2025, but was disclosed in August
No evidence of unauthorized access to member funds or accounts was found.
Connex issued scam alerts and is warning members about phishing attempts.
Affected individuals were notified by mail and support resources were provided.
The breach is linked to a broader campaign targeting Salesforce CRM users.