SecureFact – Cyber Security News – Week of January 05, 2026

Coupang disclosed a data breach discovered in mid-November 2025, affecting 33.7 million customer accounts in South Korea with unauthorized access starting June 24, 2025.
The exposed data included names, email addresses, physical addresses, phone numbers, and order histories for approximately 3,000 accounts retained by the perpetrator, with no payment details, credit card numbers, or login credentials compromised.
In mitigation, Coupang blocked the unauthorized access route, strengthened internal monitoring, engaged Mandiant, Palo Alto Networks, and Ernst & Young for investigation, recovered suspect devices containing the data (confirming no external transfer), notified authorities including KISA and PIPC, and announced $1.17 billion (1.685 trillion Won) in compensation via four single-use vouchers totaling 50,000 Won (~$34) per affected customer, distributed starting January 15, 2026 to all including former members.

Aflac confirmed a June 2025 data breach affecting 22.65 million individuals, including customers, employees, agents, and beneficiaries.
Attackers, suspected to be from the Scattered Spider group, used social engineering to bypass MFA and steal sensitive files containing names, addresses, dates of birth, Social Security numbers, driver’s license and passport details, health claims data, medical information, and health insurance details.
Aflac contained the intrusion within hours, engaged third-party cybersecurity experts for forensic investigation, notified federal law enforcement, reset passwords for affected accounts, and is providing two years of free credit monitoring, identity theft protection, and medical fraud protection services while issuing notification letters to affect

The Covenant Health organization has revised to nearly 500,000 the number of individuals affected by a data breach discovered last May, initially reporting 7,864 people but now confirming 478,188 individuals were affected.
Covenant Health learned on May 26, 2025, that an attacker had breached its systems eight days earlier, on May 18, and gained access to patient data.
In late June, the Qilin ransomware group claimed the attack, stating that it had stolen 852 GB of data comprising nearly 1.35 million files.
The exposed information may include names, addresses, dates of birth, medical record numbers, Social Security numbers, health insurance information, and treatment details including diagnoses, dates of treatment, and type of treatment.
Covenant Health engaged third-party forensic specialists to determine what data was affected and how many individuals were impacted.
The healthcare entity has strengthened the security of its systems to prevent similar incidents in the future.
Covenant Health is offering affected individuals 12 months of free identity protection services to help detect potential misuse of their information.
Beginning December 31, the organization started mailing data breach notification letters to patients whose information may have been compromised in the May intrusion.

Sax LLP disclosed a 2024 data breach, detected on August 7, 2024, impacting 228,876 current and former clients. Attackers accessed sensitive files containing personally identifiable information including full names, addresses, dates of birth, government-issued ID details, and Social Security numbers, with no protected health information involved.
The firm secured its network, conducted a detailed investigation with enhanced cybersecurity measures, notified authorities including the FBI, and began sending notifications on December 1, 2025.
Sax arranged complimentary identity protection services through Epiq for affected individuals.

The European Space Agency (ESA) confirmed a breach affecting a small number of external servers used for unclassified collaborative engineering activities.
Threat actors claimed to have stolen over 200 GB of data, including source code from private Bitbucket repositories, CI/CD pipelines, API tokens, access tokens, confidential documents, configuration files, Terraform files, SQL files, and hardcoded credentials.
ESA initiated a forensic security analysis, which is ongoing, and implemented measures to secure potentially affected devices.
The agency notified all relevant stakeholders of the incident.

Korean Air disclosed a data breach impacting approximately 30,000 employee records following a hack at its former subsidiary and supplier KC&D, where attackers accessed the company’s ERP system.
The compromised data included names and bank account numbers of employees.
Korean Air implemented emergency security measures, reported the incidenty to relevant authorities, requested KC&D to investigate the cause and prevent recurrence, and advised employees to watch for suspicious phishing messages impersonating the company or financial institutions, with no evidence of data misuse found to date.