SecureFact – Cyber Security News – Week of September 01, 2025

Consumer credit reporting giant TransUnion suffered a major data breach exposing personal information of over 4.4 million people in the United States.
The breach occurred on July 28, 2025, and was discovered two days later.
The incident involved unauthorized access to TransUnion’s Salesforce account by the Shiny Hunters extortion group.
The stolen data includes over 13 million records, with 4.4 million related to US customers.
Compromised information contains names, billing addresses, phone numbers, email addresses, dates of birth, and unredacted Social Security Numbers.
The breach also exposed customer support tickets and messages stored in Salesforce.
TransUnion is offering 24 months of free credit monitoring and identity theft protection services to affected individuals.
The company has notified relevant authorities and is cooperating with law enforcement in the investigation.

Google reported that the Salesloft Drift breach was larger than initially thought, with attackers using stolen OAuth tokens to access Google Workspace email accounts.
The campaign, tracked as UNC6395, involved theft of OAuth tokens from Salesloft’s Drift AI chat integration with Salesforce.
Threat actors used these tokens to access customer Salesforce instances and execute queries against Cases, Accounts, Users, and Opportunities tables.
On August 9, attackers utilized compromised ‘Drift Email’ integration tokens to access email of a small number of Google Workspace accounts.
The stolen tokens have been revoked and affected customers notified. Google disabled the integration between Salesloft Drift Email and Google Workspace during investigation.
The company urges all Drift users to treat authentication tokens as compromised and rotate credentials.
Salesforce has disabled Drift integrations with Salesforce, Slack, and Pardot until investigation completion.

MathWorks, developer of MATLAB mathematical simulation software, revealed that a ransomware gang stole data of 10,476 individuals after breaching its network in April 2025.
The company discovered the incident on May 18, more than one month after attackers gained access.
The breach disrupted access to internal systems and online applications including multi-factor authentication, account SSO, MathWorks cloud center, file exchange, license center, and online store.
Stolen information includes names, addresses, dates of birth, Social Security Numbers, and other national identification numbers depending on the individual.
The company serves over 100,000 organizations and more than 5 million customers worldwide.
MathWorks has not revealed the ransomware operation behind the breach, and no gang has publicly claimed responsibility.
The company has engaged with law enforcement and is providing affected individuals with identity protection services. Investigation continues to determine full scope of compromised data.

Healthcare Services Group, a publicly traded company providing support services to healthcare facilities, alerted over 624,000 individuals of a security breach.
The company detected unauthorized access to its network on October 7, 2024, discovering the intrusion began on September 27, 2024.
Investigation revealed attackers accessed and copied files between September 27 and October 3, 2024.
Compromised data varies per individual and includes full names, Social Security numbers, driver’s license numbers, state identification numbers, financial account information, and account access credentials.
The organization has annual revenue of $1.7 billion and provides strategic services to thousands of healthcare facilities nationwide.
HSGI offers 12-24 month credit monitoring and identity theft protection services depending on data exposure severity.

French multinational retailer Auchan suffered a cyberattack exposing sensitive data of several hundred thousand customers’ loyalty accounts.
The breach compromised personal information including full names, titles, client status, postal addresses, email addresses, phone numbers, and loyalty card numbers.
Auchan operates over 2,100 branches across 13 countries in Europe and Africa, employs 154,000 people, and has annual revenue exceeding $35 billion.
The company confirmed that bank data, passwords, and PIN numbers were not impacted in the breach.
Auchan has notified the French Data Protection Authority (CNIL) about the incident and is sending breach notifications to affected customers.
The retailer advises customers to remain vigilant for phishing attacks leveraging stolen information.
The company emphasizes it will never request login details, passwords, or PIN codes via email, SMS, or phone.
This breach follows similar incidents at other major French entities including Air France, KLM, Orange, and Bouygues Telecom, though no coordinated campaign has been confirmed.