SecureFact – Cyber Security News – Week of December 22, 2025

Hackers gained access to an online coding repository belonging to the University of Sydney and stole files containing personal information of over 27,000 individuals.
The breach impacted 10,000 current staff and affiliates, 12,500 former staff and affiliates, and 5,000 students and alumni from datasets dated roughly 2010-2019.
The stolen data includes names, dates of birth, phone numbers, home addresses, and job details.
The university detected the breach last week and immediately blocked unauthorized access and secured the environment.
They have notified the New South Wales Privacy Commissioner, Australian Cyber Security Centre, and education regulators.
A dedicated cyber-incident support service has been established to provide counselling and support for affected individuals.
The university confirmed no evidence that the data has been published online or misused.
Affected individuals are being notified via personalized communications with completion expected by next month.

Japanese e-commerce giant Askul Corporation confirmed that RansomHouse hackers stole around 740,000 customer records in a ransomware attack suffered in October.
The stolen data includes approximately 590,000 business customer service records, 132,000 individual customer service records, 15,000 business partner records, and 2,700 executive and employee records.
The attack was claimed by RansomHouse extortion group, which disclosed the breach on October 30 and followed up with data leaks on November 10 and December 2.
Attackers leveraged compromised authentication credentials for an outsourced partner’s administrator account that lacked multi-factor authentication protection.
The company physically disconnected infected networks, cut communications between data centers, isolated affected devices, and updated EDR signatures.
Multi-factor authentication was applied to all key systems and all administrator accounts had their passwords reset.
The ransomware attack resulted in data encryption and system failure, with backup files wiped to prevent easy recovery.
Order shipping continues to be impacted as of December 15, with the company still working to fully restore systems.

Barts Health NHS Trust announced that Clop ransomware actors stole files from one of its databases after exploiting a vulnerability in its Oracle E-business Suite software.
The stolen data consists of invoices spanning several years that expose full names and addresses of individuals who paid for treatment or other services at Barts Health hospitals.
Information of former employees who owed money to the trust and suppliers whose data is already public has also been exposed.
The compromised database includes files concerning accounting services provided since April 2024 to Barking, Havering, and Redbridge University Hospitals NHS Trust.
The theft occurred in August, but there was no indication that trust data was at risk until November when files were posted on the dark web.
Clop ransomware has leaked the stolen information on their leak portal on the dark web.
The hospitals operator is pursuing a High Court order to ban publication, use, or sharing of the exposed data.
Barts has informed the National Cyber Security Centre, Metropolitan Police, and Information Commissioner’s Office about the data theft incident.

The UK’s ICO fined LastPass approximately $1.6 million for security shortcomings in its 2022 data breach impacting 1.6 million UK users.
Attackers exploited weak controls, including access to a poorly protected backup database via compromised developer laptops and a vulnerable Plex server on a DevOps engineer’s machine, stealing unencrypted metadata like names, emails, billing info, and encrypted password vaults.
No passwords were decrypted, but the incident exposed users to risks from reused credentials elsewhere. LastPass cooperated with regulators and enhanced security, yet critics highlight failures in device policies and multi-account linking under single master passwords.
Experts urge users to rotate credentials, enable MFA, use breach scanners, and layer defences despite password managers’ overall value.

The UK government confirmed a cyberattack on Foreign Office systems in October 2025, operated on behalf of the Home Office, where hackers accessed and possibly stole data such as visa information.
Trade Minister Chris Bryant acknowledged the breach on BBC Breakfast, stating it was addressed quickly, with an ongoing investigation but attribution unclear – though Chinese state actors like Storm-1849 are suspected.
Officials assess the risk to individuals as low, viewing such incidents as part of modern life amid rising threats from groups like Volt Typhoon.
The event follows a year of major UK breaches at firms like Co-op and Harrods, escalating concerns over national cybersecurity.