SecureFact – Cyber Security News – Week of July 07, 2025

Data Breaches

Kelly Benefits disclosed a data breach impacting 553,660 individuals.
The breach occurred between December 12-17, 2024, with files stolen from IT systems.
Compromised data includes names, Social Security numbers, tax IDs, dates of birth, medical and health insurance info, and financial account details.
46 entities, including major healthcare and insurance providers, were affected.
The breach scope was revised multiple times as more impacted individuals were identified.
The company is offering 12 months of free credit monitoring and identity theft protection.
Impacted individuals are advised to monitor accounts and consider credit freezes.
The breach puts individuals at risk of phishing, social engineering, and scams.

Between 2023 and 2025, over 100,000 fraudulent Medicare.gov accounts were created using valid beneficiary information, including Medicare numbers, names, and birthdates.
The Centers for Medicare & Medicaid Services (CMS) detected the suspicious activity in May 2025 after beneficiaries reported unexpected account creation letters.
These fake accounts potentially exposed sensitive data such as provider details and plan information. CMS has deactivated the unauthorized accounts, restricted account creation from foreign IPs, and is notifying affected individuals.
About 103,000 beneficiaries will receive new Medicare cards with updated numbers as a precaution. CMS confirmed that current benefits remain unaffected and urged beneficiaries to monitor their accounts for suspicious activity.
The agency continues investigating and working with authorities to prevent further fraud.

In March 2025, a cybersecurity attack on a third-party vendor, Ontario Medical Supply, led to a data breach compromising the personal health information of about 200,000 patients using Ontario Health atHome services, which coordinate home and palliative care.
The breach potentially exposed names, contact details, and information about medical supplies or equipment ordered. Although the incident occurred around March 17, Ontario Health atHome only notified the Information and Privacy Commissioner (IPC) on May 30 and began informing affected patients months later, after public pressure.
Ontario’s Health Minister Sylvia Jones ordered the agency to contact patients, and the breach is under active investigation.
The delay in disclosure has drawn criticism from MPP Adil Shamji and others, questioning when officials were informed and why notification was so late.
Premier Doug Ford acknowledged the delay and promised to investigate the communication gaps. The incident highlights concerns about vendor oversight and the protection of sensitive health data in Ontario’s healthcare system.

IdeaLab, a California-based tech incubator, confirmed a ransomware attack from October 2024.
The Hunters International ransomware group claimed responsibility and leaked the stolen data.
137,000 files totaling 262.8GB were leaked, impacting employees, contractors, and dependents.
Exposed data includes names and various other types of sensitive information.
The breach was discovered after suspicious activity was detected on October 7, 2024.
Third-party investigators confirmed the data theft in June 2025.
Impacted individuals are being notified and offered 24 months of credit protection and identity monitoring.
The leak is no longer available, but files may have been widely downloaded.

A hacker claims to have stolen 106GB of data from Telefónica in a breach on May 30, 2025.
The threat actor leaked a 2.6GB sample, containing over 20,000 files, to prove the breach.
Allegedly exfiltrated data includes internal communications, purchase orders, logs, customer records, and employee data.
Invoices and email addresses for employees and business partners in multiple countries were found in the leak.
Some files in the leak date back to 2021, but the hacker insists the breach is recent.
Telefónica has not officially acknowledged the breach, but some leaked data appears current.
The breach was reportedly enabled by a Jira misconfiguration.
The hacker threatens to release the full archive if demands are not met.

Ingram Micro, a global IT distributor, suffered a major outage due to a SafePay ransomware attack.
The attack led to the shutdown of internal systems, including the Xvantage distribution and Impulse license platforms.
Ransom notes were found on employee devices, confirming ransomware involvement.
The company confirmed the ransomware attack on July 6, 2025.
It is unclear if data was exfiltrated, but SafePay typically claims data theft.
Ingram Micro took systems offline, restricted VPN access, and began a forensic investigation.
Law enforcement and cybersecurity experts have been engaged.
The company is working to restore affected systems and has apologized for disruptions.

Australian airline Qantas disclosed a cyberattack on June 30, 2025, after threat actors accessed a third-party customer service platform used by one of its contact centres.
The breach affected service records of approximately 6 million customers, exposing names, email addresses, phone numbers, birth dates, and frequent flyer numbers.
Qantas confirmed that no credit card, financial information, passport details, or frequent flyer account credentials were compromised.
The airline quickly contained the attack and stated that all core Qantas systems remain secure, with no impact on flight operations.
While Qantas has not officially attributed the breach, cybersecurity experts suspect involvement of the hacking group Scattered Spider, known for targeting aviation and other sectors using social engineering.
Qantas notified Australian authorities and is enhancing security measures while continuing its investigation.