SecureFact – Cyber Security News – Week of July 28, 2025

Data Breaches

The AMEOS Group, a major European healthcare network operating over 100 hospitals, clinics, and nursing homes across Switzerland, Germany, and Austria, disclosed a security breach around July 2025.
The breach involved unauthorized access to its IT systems potentially exposing sensitive data of patients, employees, partners, and contact information. Despite extensive security measures, external attackers succeeded in accessing this information.
In response, AMEOS shut down all IT systems and network connections, engaged external IT and forensic experts, notified data protection authorities, and filed a criminal complaint with the police.
So far, there is no evidence that the compromised data has been publicly leaked or misused, and the investigation is ongoing. AMEOS advises those affected to remain vigilant against phishing and scams, but they currently have no concrete proof of actual personal data leakage.

The Dior data breach occurred on January 26, 2025, when an unauthorized party accessed a customer database containing personal information. The compromised data included full names, contact details, physical addresses, dates of birth, and, in some cases, passport or government ID numbers and Social Security numbers.
No payment information, such as bank account or credit card details, was affected. Dior discovered the breach on May 7, 2025, and immediately launched an internal investigation, engaged third-party cybersecurity experts, and notified law enforcement.
To mitigate the impact, Dior is notifying affected U.S. customers and offering 24 months of free credit monitoring and identity theft protection, valid until October 31, 2025.
The breach is believed to be part of a broader cyberattack linked to the ShinyHunters extortion group targeting LVMH brands via a third-party vendor.

The U.S. National Nuclear Security Administration (NNSA), responsible for maintaining and designing the nation’s nuclear weapons stockpile, was breached in a cyberattack exploiting a Microsoft SharePoint zero-day vulnerability starting July 18, 2025.
This vulnerability allowed hackers, linked to Chinese state-sponsored groups, to access some of the agency’s systems. Although over 400 servers and 148 organizations worldwide were reportedly compromised in this campaign, there is no evidence that sensitive or classified information was exposed from the NNSA due to this breach.
The Department of Energy, under which NNSA operates, said the impact was minimal since they largely use Microsoft 365 cloud services and robust cybersecurity defenses.
Only a very small number of systems were affected, and all impacted systems are currently being restored. Microsoft has released patches to fix the vulnerabilities exploited in the attack and urged all customers to apply them urgently.

Allianz Life Insurance Company of North America confirmed a major data breach on July 16, 2025, where a malicious threat actor gained access to a third-party cloud-based CRM system via social engineering.
This breach exposed personally identifiable information of the majority of its 1.4 million customers, along with data of financial professionals and some employees.
Importantly, Allianz Life stated that its internal systems, including policy administration systems, were not accessed. The company acted swiftly to contain the breach, notified the FBI, and is currently investigating. As mitigation, Allianz Life has begun reaching out to affected individuals and is providing dedicated support resources.
The breach is linked to the ShinyHunters extortion group, known for targeting multiple high-profile companies.

The Centers for Medicare & Medicaid Services (CMS) suffered a data breach impacting about 103,000 Medicare beneficiaries. Hackers created unauthorized Medicare.gov accounts between 2023 and 2025 by using valid personal information obtained externally.
Compromised data includes names, dates of birth, Medicare Beneficiary Identifiers (MBIs), coverage start dates, ZIP codes, provider information, mailing addresses, dates of service, diagnosis codes, and plan premium details. CMS detected the fraudulent activity after beneficiary complaints and promptly deactivated the fake accounts to prevent further misuse.
Notifications are being sent to affected individuals, advising them to monitor their credit reports closely.
To mitigate the breach, CMS restricted account creation from foreign internet addresses and enhanced monitoring to detect suspicious activity. No confirmed identity theft cases have emerged yet, but investigations and protective efforts continue.

The Tea app, a U.S.-based women-only dating safety platform, suffered a data breach exposing approximately 72,000 images.
This includes about 13,000 user selfies and government-issued ID photos submitted during account verification prior to February 2024, as well as 59,000 images from users’ posts, comments, and direct messages within the app.
The breach occurred due to unauthorized access to a legacy data storage system that was not migrated to a newer, more secure system. No email addresses or phone numbers were compromised, and only users who registered before February 2024 were affected.
In response, Tea engaged third-party cybersecurity experts and is working to strengthen its security measures. Users were advised on risks related to photo misuse and encouraged to take protective steps such as credit freezes and enhanced privacy settings.
The app has stated it no longer requires ID photos since 2023 and deletes selfies after verification, but this legacy data was vulnerable.