Canada Goose investigating as hackers leak 600K customer records

• ShinyHunters, a well-known data extortion group, claims to have stolen more than 600,000 Canada Goose customer records containing personal and payment-related data.
• The 1.67 GB dataset released in JSON format contains detailed e-commerce order records, including customer names, email addresses, phone numbers, billing and shipping addresses, IP addresses, and order histories.
• The data also includes partial payment card information such as card brand, the last four digits of card numbers, and in some cases the first six digits (BIN), along with payment authorization metadata.
• While the dataset does not appear to contain full payment card numbers, the exposed information could still be used for targeted phishing, social engineering, and fraud. The records also include purchase history, device and browser information, and order values, potentially allowing attackers to profile high-value customers.
• ShinyHunters claims the dataset originated from a third-party payment processor breach and dates back to August 2025.
• Canada Goose told BleepingComputer the dataset appears to relate to past customer transactions and that it has not found evidence of a breach of its own systems.
• The company is currently reviewing the newly released dataset to assess its accuracy and scope.

*Source

Louis Vuitton, Dior, and Tiffany fined $25 million over data breaches

• South Korea’s Personal Information Protection Commission (PIPC) fined three luxury fashion brands a combined $25 million for failing to implement adequate security measures that facilitated unauthorized access to customer data.
• Louis Vuitton suffered a breach affecting 3.6 million customers after an employee’s device was infected with malware, compromising their cloud-based customer management service.
• The attackers accessed sensitive customer data including names, phone numbers, email addresses, postal addresses, and purchase histories. Dior’s breach exposed data for 1.95 million customers through a phishing attack on a customer service employee, with the company failing to implement access controls and bulk data download restrictions.
• Tiffany experienced a similar phishing attack affecting 4,600 customers. All three companies failed to implement IP-based access controls, bulk data download restrictions, and did not notify impacted individuals within the legally required 72-hour timeframe.
• The companies have been ordered to announce the penalties on their business websites and implement enhanced security measures for their SaaS platforms.

*Source

Odido data breach exposes personal info of 6.2 million customers

• Dutch telecommunications provider Odido disclosed a cyberattack that exposed personal data of 6.2 million customers after attackers breached their customer contact system.
• The company detected the incident on the weekend of February 7 and immediately launched an investigation with internal and external cybersecurity experts.
• Threat actors accessed and downloaded personal information including full names, addresses, mobile numbers, customer numbers, email addresses, IBANs (account numbers), dates of birth, and identification data such as passport or driver’s license numbers and validity dates.
• The company confirmed that passwords, call records, location data, invoice details, and scans of identification documents were not affected. Odido immediately blocked unauthorized access, strengthened security controls, increased monitoring for suspicious activity, and engaged external cybersecurity experts for incident response.
• The company is notifying all impacted customers within 48 hours and reported the breach to the Dutch Data Protection Authority (Autoriteit Persoonsgegevens).
• At the time of reporting, no evidence of public data leaks or identification of the threat actors had been found.

*Source

Romania’s oil pipeline operator Conpet confirms data stolen in attack

• Romania’s national oil pipeline operator Conpet S.A. confirmed that the Qilin ransomware gang stole company data in a cyberattack targeting its corporate IT infrastructure.
• The Qilin ransomware gang claimed to have stolen nearly 1 terabyte of documents from Conpet’s systems and proved the breach by leaking a sample of 16 images of internal documents containing financial information and passport scans.
• The stolen data includes personal information such as names, postal addresses, personal identification numbers, and bank account numbers, with some documents marked as confidential and dated as recently as November 2025.
• Conpet is collaborating with the Romanian National Cyber Security Directorate (DNSC) in the investigation and has not yet determined the exact amount of data stolen due to the ongoing investigation.
• The company cautioned that the compromised data may be exploited for fraudulent activities and advised individuals to be wary of urgent requests over phone, email, or other communication channels.
• Conpet has implemented enhanced monitoring and is working with law enforcement to investigate the incident and prevent further data exploitation.

*Source

Volvo Group North America customer data exposed in Conduent hack

• Volvo Group North America disclosed an indirect data breach affecting nearly 17,000 customers and company staff, stemming from a compromise of IT systems at Conduent, a major business process outsourcing (BPO) company that provides digital platforms and services to governments and enterprises.
• The Conduent breach occurred between October 21, 2024, and January 13, 2025, where threat actors stole full names, Social Security Numbers (SSNs), dates of birth, health insurance policy details, ID numbers, and medical information.
• Conduent has not yet determined the exact total number of impacted individuals but previously disclosed that the breach affects 10.5 million people in Oregon and 15.5 million in Texas.
• Conduent disclosed the cybersecurity incident in April 2025 and has agreed to send notification letters on behalf of its clients to impacted individuals.
• The company is offering Volvo Group North America clients and staff free membership to identity monitoring services for at least one year, including credit and dark web monitoring and identity restoration services.
• Notification recipients are advised to consider placing fraud alerts or security freezes on their credit reports to prevent unauthorized access.

*Source

Chinese cyberspies breach Singapore’s four largest telcos

• The Chinese threat actor tracked as UNC3886 breached Singapore’s four largest telecommunication service providers—Singtel, StarHub, M1, and Simba—at least once during 2025.
• The attackers used a zero-day exploit to bypass a telecom’s perimeter firewalls and steal technical data to further their objectives.
• In another intrusion, UNC3886 relied on rootkits to remain stealthy while maintaining persistence for an undisclosed period.
• Although compromise was confirmed across all four major operators, Singapore’s Cyber Security Agency (CSA) states they found no evidence that sensitive customer data was accessed or stolen, and no services were disrupted at any point.
• The CSA and Infocomm Media Development Authority (IMDA) engaged over one hundred investigators from across six government agencies to respond to the incident.
• The authorities claim that an immediate response contained the compromise, closed access points, and expanded monitoring to other critical infrastructure, blocking potential pivoting to banking, transport, and healthcare sector organizations.
• Singapore deployed ‘Operation Cyber Guardian’ to limit the adversary’s activity on the telco networks and prevent further compromise of critical infrastructure.

*Source

European Commission discloses breach that exposed staff data

• The European Commission disclosed a breach of its mobile device management platform that exposed staff members’ personal information including names and mobile phone numbers.
• The Commission detected traces of the cyberattack on January 30, 2026, targeting infrastructure that manages its staff’s mobile devices.
• While attackers may have accessed some staff members’ personal information, the Commission has not found evidence that their mobile devices were compromised.
• The breach appears to be linked to similar attacks targeting European institutions that exploit vulnerabilities in Ivanti Endpoint Manager Mobile (EPMM) software, specifically CVE-2026-1281 and CVE-2026-1340, which are code-injection vulnerabilities allowing remote code execution without authentication.
• The Dutch Data Protection Authority (AP) and Council for the Judiciary (Rvdr) also confirmed similar breaches exploiting the same Ivanti EPMM vulnerabilities to access employee names, business email addresses, and telephone numbers.
• The Commission’s swift response ensured the incident was contained and the system cleaned within 9 hours. Finland’s Valtori government agency also disclosed a breach affecting up to 50,000 users of the government’s shared ICT services from the same vulnerability exploitation.

*Source

Senegalese Data Breaches Expose Lack of Security Maturity

• A ransomware group known as The Green Blood Group breached Senegal’s national ID system in mid-January 2026, compromising systems at the Directorate of File Automation (DAF), the agency responsible for national ID, passport, and biometric data.
• The attackers claimed to have exfiltrated approximately 139 GB of data from two compromised servers; some unverified reports suggested a much larger figure (139 TB), but official figures remain unclear.
• The stolen data reportedly includes citizen database records, biometric information, immigration documents, and national ID card personalization details. The breach affected Senegal’s population data covering nearly 19.5 million residents.
• In response, the government temporarily suspended national ID card production and operations at the affected office while assessing and restoring systems.
• IRIS Corporation Berhad, the Malaysian contractor managing the ID system, disconnected one server, changed passwords on another, and cut off some network connections as immediate mitigation steps.
• Authorities also initiated an investigation into the breach and worked to restore services securely, though public details on further mitigation measures remain limited.
• Officials have publicly reassured citizens that the “integrity” of personal data remains intact, though external verification of that claim has been questioned by security analysts.

*Source