SecureFact – Cyber Security News – Week of August 25, 2025

The alleged PayPal data dump claims to contain 15.8 million credentials, including emails and plaintext passwords, posted on a popular underground forum.
The hackers say the data is recent, stolen in May 2025, and includes associated URLs that could facilitate automated credential stuffing attacks, posing serious risks such as phishing, fraud, and account takeovers.
However, PayPal denies any new breach, stating the claims may stem from a 2022 incident that compromised 35,000 accounts and led to a regulatory settlement.
Researchers remain skeptical about the authenticity and quality of the dump, noting the low selling price and the possibility that the data was harvested via infostealer malware (malicious software capturing credentials from infected user devices) rather than originating from a direct PayPal breach.
Users are urged to enable multi-factor authentication, avoid password reuse, and stay vigilant against phishing.

Hackers stole personal information of 1.1 million individuals in a Salesforce data theft attack that impacted U.S. insurance giant Allianz Life in July 2025.
The breach was part of attacks linked to the ShinyHunters extortion group targeting Salesforce CRM instances. Data stolen included email addresses, names, genders, dates of birth, phone numbers, physical addresses, and tax IDs of customers.
The attackers gained access to a third-party cloud CRM system on July 16th through social engineering attacks.
Allianz Life has nearly 2,000 employees and is a subsidiary of Allianz SE with over 128 million customers worldwide.
The company confirmed that some selected employees were also impacted by the breach.
ShinyHunters leaked databases containing roughly 2.8 million data records for individual customers and business partners.
The attack involved tricking employees into linking malicious OAuth apps to Salesforce instances, allowing attackers to download company databases for extortion purposes.

American pharmaceutical company Inotiv disclosed that some of its systems and data were encrypted in a ransomware attack on August 8, 2025, impacting business operations.
The Qilin ransomware gang claimed responsibility and alleged to have stolen around 162,000 files amounting to 176GB of data.
The attack caused disruptions to certain business operations including networks, systems, databases, and internal applications used in business processes.
Inotiv is an Indiana-based contract research organization specializing in drug development, drug discovery, safety assessment, and live animal research modeling.
The company employs around 2,000 specialists with annual revenue exceeding $500 million. Inotiv’s IT team worked to restore affected systems and migrated some operations to offline alternatives to mitigate outage impacts. The company started an investigation with external security experts and notified law enforcement authorities. The threat actors published data samples on their leak site as proof of the breach.

Orange Belgium disclosed that attackers who breached its systems in July 2025 stole data of approximately 850,000 customers.
The telecommunications company provides services to over 3 million customers in Belgium and Luxembourg with 1,500 staff and reported €1.34 billion in service revenues.
The breach occurred at the end of July when attackers exploited a Microsoft vulnerability to gain unauthorized access to customer account data. Stolen information included surnames, first names, telephone numbers, SIM card numbers, PUK codes, and tariff plans, but did not include passwords, email addresses, or financial information.
Orange Belgium is notifying all affected customers via email or SMS and advising vigilance against fraudulent messages or calls.
The company confirmed this was a separate incident from the Orange Group breach disclosed in July 2025.
Orange Belgium is working with authorities and has implemented additional security measures to prevent future breaches.
The company operates the largest 4G/5G network in Belgium.

UK-based telecommunications company Colt Technology Services confirmed that customer documentation was stolen after the Warlock ransomware gang began auctioning files on cybercrime forums.
The attack occurred on August 12, 2025, with the company initially disclosing the incident but only later confirming data theft.
The Warlock Group is selling what they claim is 1 million documents stolen from Colt for $200,000, allegedly containing financial information, network architecture data, and customer information.
Colt updated its security incident advisory stating that criminals accessed certain files containing customer-related information and posted document titles on the dark web.
The company is providing affected customers with a list of filenames posted on the dark web through a dedicated call center. Colt added a no-index HTML meta tag to prevent search engine indexing of the breach disclosure page.
The Warlock Group is attributed to Chinese threat actors who utilize leaked LockBit and Babuk ransomware encryptors, with ransom demands ranging from $450,000 to millions of dollars.

Kidney dialysis firm DaVita confirmed that a ransomware gang stole personal and health information of nearly 2.7 million individuals after breaching its network.
DaVita serves over 265,400 patients across 3,113 outpatient dialysis centers worldwide with revenues exceeding $12 billion in 2024.
The attackers gained access to DaVita’s network on March 24 and were evicted after detection on April 12, 2025. Stolen data from the dialysis labs database included names, addresses, dates of birth, social security numbers, health insurance information, medical conditions, treatment information, dialysis lab test results, tax identification numbers, and images of personal checks.
The Interlock ransomware gang claimed responsibility and leaked allegedly stolen data after failed negotiations, claiming 1.5 terabytes of data or nearly 700,000 files.
DaVita is providing affected individuals with complimentary credit monitoring and identity theft protection services.
The company confirmed the legitimacy of leaked files after discovering they were stolen from its dialysis labs.
The Department of Health’s Office for Civil Rights confirmed 2,689,826 people were affected, though DaVita’s internal count shows 2.4 million individuals.