24,041 Americans Affected As Billion-Dollar Bank Suffers Data Breach
- Reading Cooperative Bank (RCB), a billion-dollar bank based in Massachusetts, recently reported a data breach affecting 24,041 customers.
- The breach, which occurred between August 8th, 2024, and January 31st, 2025, was the result of an employee clicking on a phishing email.
- The incident may have exposed customers’ personally identifiable information.
- RCB is taking steps to enhance its cybersecurity and suggests concerned customers place security freezes and fraud alerts on their credit files.
Toronto Zoo says patrons’ transaction data leaked on dark web in 2024 cyberattack
- The Toronto Zoo announced that transaction data of guests and members was stolen in a January 2024 cyberattack and subsequently leaked on the dark web.
- The compromised data includes information of those who paid for general admission and membership purchases between 2000 and April 2023, including names, addresses, phone numbers, email addresses, and the last four digits of credit card numbers with expiration dates.
- While the leaked data is currently difficult to access, the zoo advises vigilance and monitoring of financial accounts.
- The zoo reported the breach on January 17, 2024, and initially believed only staff and a small number of volunteers were affected. The zoo has since taken steps to improve its IT security.
US drug testing firm DISA says data breach impacts 3.3 million people
- DISA Global Solutions, a US-based drug testing firm, has reported a data breach affecting 3.3 million individuals.
- The breach, which occurred between February 9, 2024, and April 22, 2024, potentially exposed sensitive data including names, Social Security numbers, driver’s license numbers, financial account information, and more.
- While the specific type of cyberattack remains undisclosed, DISA reportedly paid a ransom to prevent the public release of the stolen data.
- The company is offering affected individuals 12 months of free credit monitoring and identity theft protection services through Experian.
Orange Group confirms breach after hacker leaks company documents
- Orange Group, a French telecommunications company, has confirmed a data breach after a hacker using the alias Rey from the HellCat ransomware group leaked company documents on a hacker forum.
- The hacker claims to have stolen thousands of internal documents, including user records and employee data, primarily from Orange Romania.
- Orange confirmed the breach occurred on a non-critical application and that they are investigating the incident.
- The stolen data includes 380,000 unique email addresses, source code, invoices, contracts, and customer and employee information.
Australian IVF giant Genea breached by Termite ransomware gang
- Australian fertility services provider Genea, which accounts for over 80% of the industry’s total revenue in the country, has confirmed a data breach after a “cyber incident” where attackers stole data from its systems.
- The Termite ransomware gang has claimed responsibility, stating they stole roughly 700GB of data. The breach occurred via a Citrix server on January 31, 2025, with data exfiltration happening on February 14.
- Exposed data include names, contact information, Medicare numbers, health insurance details, medical history, diagnoses, treatments, and more.
- Genea has obtained a court order to prevent further sharing of the leaked data and is working with the Australian Cyber Security Centre.
- Termite is a ransomware operation that emerged in mid-October and is known to use a version of the Babuk encryptor.
Nearly 12,000 API keys and passwords found in AI training dataset
- Security researchers from Truffle Security have made a significant discovery in the Common Crawl dataset, which is used for training large language models (LLMs) like DeepSeek.
- The dataset, comprising 400 terabytes of web data from millions of pages, was found to contain nearly 12,000 live API keys and passwords.
- These sensitive credentials include AWS root keys, MailChimp API keys, and Slack webhooks, which were inadvertently embedded in the dataset due to developers hardcoding them into front-end code such as HTML and JavaScript.
- The exposed secrets pose substantial risks, including potential phishing campaigns, brand impersonation, and insecure coding practices in AI-generated code.
- To mitigate these risks, it is recommended that exposed keys be rotated, secret scanning be enhanced for public datasets, developers be educated on secure coding practices, and stricter safeguards be implemented in AI training processes.