SecureFact – Cyber Security News – Week of December 08, 2025

Financial software provider Marquis Software Solutions suffered a ransomware attack on August 14, 2025, impacting over 400,000 customers across 74 banks and credit unions.
The breach occurred through a compromised SonicWall firewall, allowing attackers to steal files containing personal information.
Exposed data includes names, addresses, phone numbers, Social Security numbers, Taxpayer Identification Numbers, financial account information without security codes, and dates of birth.
The company has enhanced security controls including ensuring all firewall devices are fully patched, rotating passwords for local accounts, deleting old accounts, enabling multi-factor authentication for all firewall and VPN accounts, increasing logging retention, applying account lock-out policies, implementing geo-IP filtering, and applying policies to block connections to known Botnet Command and Control servers.
Community 1st Credit Union’s filing indicated that Marquis paid a ransom to prevent data leaking and abuse.

Barts Health NHS Trust, operating five hospitals in London, disclosed that Clop ransomware actors exploited a critical Oracle E-Business Suite vulnerability (CVE-2025-61882) to steal files from their database.
The stolen data includes invoices spanning several years exposing full names and addresses of individuals who paid for treatment or services.
Information of former employees who owed money to the trust and suppliers was also exposed.
The compromised database included files concerning accounting services provided to Barking, Havering, and Redbridge University Hospitals NHS Trust since April 2024.
Clop ransomware leaked the stolen information on their dark web portal.
The organization assured that the attack did not impact electronic patient records and clinical systems.
Barts has informed the National Cyber Security Centre, Metropolitan Police, and Information Commissioner’s Office about the incident.
The trust is pursuing a High Court order to ban publication, use, or sharing of the exposed data.

American pharmaceutical firm Inotiv disclosed a ransomware attack that occurred between August 5-8, 2025, affecting 9,542 individuals.
The Qilin ransomware group claimed responsibility for the breach, stating they exfiltrated over 162,000 files totaling 176 GB of data.
The stolen information includes data related to current and former employees and their family members, as well as individuals who have interacted with Inotiv or companies it has acquired.
The company has restored availability and access to impacted networks and systems after the attack disrupted business operations.
Inotiv maintains data related to employees and their families, plus other individuals connected to the organization.
The attack forced the company to take down some networks, systems, databases, and internal applications.
Qilin ransomware has been active since August 2022 and has claimed responsibility for over 300 victims.
The company is now sending data breach notifications to affected individuals.

The University of Pennsylvania confirmed a data breach after attackers exploited a zero-day vulnerability in Oracle E-Business Suite (CVE-2025-61882) in August 2025, affecting 1,488 individuals.
The breach is part of Clop ransomware gang’s larger extortion campaign targeting Oracle EBS platforms since early August.
The attackers stole documents containing personal information including names and other personal identifiers from the university’s Oracle EBS servers.
Penn has implemented patches issued by Oracle to resolve the vulnerability, which did not compromise any university systems outside of Oracle’s E-Business Suite.
The university found no evidence that the information has been or is likely to be publicly disclosed or misused for fraudulent purposes.
Penn is directly notifying affected individuals in accordance with applicable laws and regulations.
The university has an academic operating budget of $4.7 billion and an endowment of $24.8 billion.
This represents Penn’s second data breach disclosure in recent months.

The University of Phoenix disclosed a data breach after attackers exploited a zero-day vulnerability in Oracle E-Business Suite in August 2025, part of the Clop ransomware campaign.
The university detected the incident on November 21, 2025, after the extortion group added it to their data leak site.
The stolen information includes names, contact information, dates of birth, Social Security numbers, and bank account and routing numbers of current and former students, employees, faculty, and suppliers.
The university has nearly 3,000 academic staff and over 100,000 enrolled students.
UoPX is reviewing the impacted data and will provide required notifications to affected individuals and regulatory entities.
Affected individuals will receive letters via US Mail outlining incident details and next steps.
The breach is part of Clop’s larger campaign that has also targeted Harvard University, University of Pennsylvania, GlobalLogic, Logitech, The Washington Post, and American Airlines subsidiary Envoy Air.
The university filed an 8-K form with the U.S. Securities and Exchange Commission regarding the incident.

Retail giant Coupang data breach impacts 33.7 million customers

South Korea’s largest retailer Coupang suffered a data breach affecting 33.7 million customers, discovered on November 18, 2025, though the incident occurred on June 24, 2025.
The breach initially appeared to affect approximately 4,500 customers but investigation revealed the much larger scope.
Exposed customer information includes full names, phone numbers, email addresses, physical addresses, and order information.
Payment information including credit card data and account passwords were not exposed.
The company has reported the incident to the National Police Agency, Personal Information Protection Commission, and Korea Internet & Security Agency.
Coupang employs 95,000 people and has annual revenue over $30 billion.
Korean Herald reports suggest the breach was carried out by a former employee using unrevoked access tokens to steal sensitive data.
The company is notifying impacted individuals via email or SMS and warning customers to remain vigilant for communications impersonating the retailer.
This represents the second massive cybersecurity incident in South Korea this year.