SecureFact – Cyber Security News – Week of November 24, 2025

Spanish flag carrier Iberia disclosed a data security incident stemming from a compromise at one of its suppliers.
The breach exposed customer information including names, surnames, email addresses, and Iberia Club loyalty card identification numbers.
A threat actor claimed on hacker forums to have access to 77 GB of data allegedly stolen from the airline, including A320/A321 technical data and maintenance files.
Iberia confirmed that customer login credentials, passwords, and banking/payment card information were not compromised.
The airline implemented additional security protections around email addresses linked to customer accounts, now requiring verification codes before changes can be made.
Iberia is monitoring systems for suspicious activity and has notified relevant authorities while coordinating the ongoing investigation with the involved supplier.

Cox Enterprises notified 9,479 impacted individuals of a data breach that exposed personal data to hackers who exploited a zero-day flaw in Oracle E-Business Suite.
The Clop ransomware group took credit for exploiting CVE-2025-61882 between August 9-14, 2025, before Oracle released a patch on October 5.
Cox Enterprises is a major American conglomerate with 55,000 employees and $23 billion annual revenue, engaged in telecommunications and automotive services.
The company did not detect the intrusion until late September when it launched its internal investigation.
Cox provides instructions for affected individuals to enroll in identity theft protection and credit monitoring services through IDX at no cost for 12 months.
The threat actor added Cox Enterprises to their data leak website on October 27 and published the stolen information.

Pajemploi, the French social security service for parents and home-based childcare providers, suffered a data breach affecting 1.2 million individuals.
The cyberattack was detected on November 14, 2025, and potentially exposed full names, place of birth, postal addresses, social security numbers, banking institution names, Pajemploi numbers, and accreditation numbers.
The hackers did not access bank account numbers (IBANs), email addresses, phone numbers, or account passwords. Each affected person will be notified individually by Pajemploi.
The agency took immediate action to stop the attack and protect information systems after detection.
French Data Protection Authority (CNIL) and National Agency for Security of Information Systems (ANSSI) were notified.
ANSSI discovered the incident after parts of stolen data were leaked on the dark web and informed URSSAF about it.

Princeton University’s database was compromised in a cyberattack on November 10, 2025, exposing personal information of alumni, donors, faculty members, and students.
Threat actors breached Princeton’s systems by targeting a University employee in a phishing attack, gaining access to biographical information for fundraising and alumni engagement activities.
The exposed data includes names, email addresses, telephone numbers, and home and business addresses.
The database did not contain Social Security numbers, passwords, financial information such as credit card or bank account numbers, detailed student records covered by federal privacy laws, or staff employee data unless they were donors.
Princeton blocked the attackers’ access to the database and believes they were unable to access other network systems.
The university advises potentially affected individuals to be cautious of messages claiming to be from Princeton requesting sensitive data and to verify legitimacy before clicking links or downloading attachments.

A hacker claims to have breached Almaviva, an Italian IT services provider for FS Italiane Group (Italy’s national railway operator), stealing and leaking 2.3 terabytes of confidential data on a dark web forum.
The leaked data reportedly includes internal documents, HR archives, technical specifications, contracts, accounting information, and full datasets from various FS Group companies, suggesting exposure of highly sensitive material.
Almaviva, which employs over 41,000 people globally, confirmed the breach and stated that security teams detected, isolated, and responded to the cyberattack swiftly, ensuring the continuity of critical services.
The company has notified national authorities and is conducting an ongoing investigation, but has not confirmed whether passenger data or information from other clients was compromised in the incident.