SecureFact – Cyber Security News – Week of January 12, 2026

The Illinois Department of Human Services accidentally exposed personal and health data of nearly 700,000 residents due to incorrect privacy settings on mapping systems.
The breach affected 672,616 Medicaid and Medicare Savings Program recipients whose addresses, case numbers, demographic details, and medical assistance plan names were exposed from January 2022 through September 2025.
An additional 32,401 Division of Rehabilitation Services customers had names, addresses, case numbers, case status, and referral sources exposed from April 2021 through September 2025. The agency discovered the breach on September 22, 2025, when maps created for resource allocation decisions were found publicly viewable due to misconfigured privacy controls.
IDHS restricted access to the maps by September 26 and conducted a review of all exposed maps.
The agency is offering affected individuals notification as required by federal health privacy law and has reported the incident to relevant regulatory authorities. No actual or attempted misuse of personal information has been identified to date.

The latest incarnation of the notorious BreachForums hacking forum suffered a data breach with its user database table leaked online.
The leaked archive contains 323,988 member records including display names, registration dates, IP addresses, and internal information.
While most IP addresses map to local loopback addresses, 70,296 records contain public IP addresses that could be valuable to law enforcement and cybersecurity researchers.
The breach exposed a MyBB users database table with the last registration date from August 11, 2025.
A backup of the database table was temporarily exposed in an unsecured folder during system restoration and was downloaded only once according to administrators.
The breach also included the forum’s PGP private key, though it was passphrase-protected.
The current administrator acknowledged the incident and confirmed it originated from an old users-table leak during the restoration process.
No payment information or account credentials were compromised in this incident.

California bans data broker reselling health data of millions

The California Privacy Protection Agency imposed a $45,000 fine on Datamasters for failing to register as a data broker and blocked the company from selling personal information belonging to Californians.
Datamasters bought and resold user information of millions of people suffering from various medical conditions including Alzheimer’s disease, drug addiction, and bladder incontinence for targeted advertising.
The company also traded lists based on age, perceived race, political views, grocery purchases, banking activity, and health-related purchases.
The collected data consisted of hundreds of millions of records including names, email addresses, physical addresses, and phone numbers. Despite multiple compliance attempts, Datamasters resisted regulation while continuing to operate as an unregistered data broker.
The company was ordered to delete all previously purchased Californians’ personal information by the end of December and must delete any future California resident data within 24 hours of receiving it. Datamasters must maintain compliance measures for five years and submit a privacy practices report within one year.

Ledger informed customers that their personal data was exposed after hackers breached third-party payment processor Global-e’s systems.
The breach affected customers who purchased on Ledger.com using Global-e as a Merchant of Record, exposing names and contact information.
Global-e handles checkout, order processing, localization, taxes, duties, and compliance for multiple online retailers including major brands like adidas, Disney, and Netflix.
The hackers gained access to order data stored on Global-e’s cloud-based information system containing shopper data from several brands.
No payment information, account credentials, 24-word seed phrases, blockchain balances, or digital asset secrets were compromised.
Global-e isolated and secured affected systems immediately after becoming aware of the threat activity.
The company is notifying all potentially affected individuals and relevant regulators directly.
Ledger warned customers to be alert for potential phishing campaigns and never disclose their recovery phrases.
Affected users will receive direct communication from Global-e about the incident and its impact.

US broadband provider Brightspeed investigates breach claims

Brightspeed, one of the largest fiber broadband companies in the United States serving rural and suburban communities across 20 states, is investigating security breach claims made by the Crimson Collective extortion gang.
The threat actors claim to have stolen sensitive information belonging to over 1 million Brightspeed customers including customer account details with personally identifiable information, address information, user account data linked to session/user IDs with names, emails, and phone numbers.
The stolen data allegedly contains payment history, some payment card information, and appointment/order records containing customer PII.
Crimson Collective threatened to release sample data and demanded response from the company.
The hacking group previously breached Red Hat’s GitLab instances stealing 570GB of data and has been targeting AWS cloud environments for data theft and extortion. Brightspeed confirmed they are investigating the reports and take network security seriously.
The company stated they will keep customers, employees, and authorities informed as they learn more about the cybersecurity event.