Chukwuemeka Victor Amachukwu, a Nigerian national, has been extradited to the U.S. to face charges of hacking, fraud, and identity theft after allegedly stealing over $3.3 million through spearphishing attacks on tax preparation businesses. He is also accused of running a separate scam involving fake investment opportunities, leading to significant financial losses for victims and the U.S. government.

A security lapse at HelloGym exposed 1.6 million audio recordings of gym customers and staff, including sensitive personal and financial information, due to an unencrypted and unprotected database. The vulnerability could allow criminals to exploit the recordings for identity theft and social engineering scams, highlighting the importance of data security measures such as encryption and proper data management.

Andy Frain Services, a security firm, revealed that a ransomware attack by the Black Basta group has affected over 100,000 individuals, with sensitive information likely compromised. The breach, discovered in October 2024, involved the theft of 750 GB of data, prompting the company to offer credit monitoring and identity restoration services to those impacted.

Scammers are increasingly posing as legitimate customer support representatives by using fake support numbers for popular services like Apple, Netflix, and PayPal. These fraudulent operations exploit unsuspecting users, often leading to financial loss and compromised personal information. Awareness and vigilance are crucial in protecting oneself from these scams.

A misconfigured Azure Blob storage container belonging to TalentHook has exposed nearly 26 million resumes, containing sensitive personal information of US job seekers. This breach poses significant risks for identity theft and targeted phishing attacks, leading to potential harassment and fraud against individuals whose data was leaked.

Connex Credit Union has reported a data breach impacting 172,000 individuals, with hackers likely stealing personal information such as names, account numbers, and Social Security numbers. The breach was detected on June 3, and while no unauthorized access to member accounts has been found, the organization is warning customers about potential scam calls and messages.

A significant data breach affecting hotels in Italy has raised concerns over the potential misuse of stolen personal identification information. The Italian data protection authority has initiated an investigation and advised individuals to monitor their documents and report any suspected theft. Malicious actors frequently target the hospitality sector, heightening the urgency for protective measures.

Manpower, a major staffing agency, has disclosed a data breach affecting nearly 145,000 individuals after attackers accessed its systems in late December 2024. The RansomHub ransomware group claimed responsibility for the attack, reportedly stealing around 500GB of sensitive data, including personal client information. In response, Manpower is enhancing its IT security and offering affected individuals free credit monitoring services.

Wealthsimple, a Canadian financial services firm, has reported a data breach affecting the personal data of less than 1% of its customers. The company confirmed that no funds or passwords were compromised, and it is offering affected users two years of complimentary credit monitoring and security advice. The breach was linked to a third-party software package and is not related to ongoing Salesforce data theft incidents.

Rainwalk, a pet insurance provider, has reportedly exposed sensitive customer data related to 158,000 pets, including personal and medical information. This data breach raises significant concerns about privacy and data security within the pet insurance industry as affected customers face potential identity theft and fraud risks.

Kelly Benefits experienced a significant data breach in December that affected over 400,000 individuals. The breach involved the exposure of sensitive personal information, prompting the company to inform affected clients and offer support for identity theft protection.

Bitcoin Depot has disclosed a data breach affecting nearly 27,000 customers, revealing sensitive information such as names, phone numbers, and driver's license numbers. The breach was detected in June 2023, but public notification was delayed due to an ongoing federal investigation. Affected individuals are urged to remain vigilant for fraud, as no identity protection services are being offered.

The US Department of Justice has disrupted multiple North Korean IT worker scams, leading to two indictments, one arrest, and the seizure of 137 laptops. North Korean operatives used fake identities to secure jobs at over 100 US companies, stealing sensitive data and virtual currency, with the operations reportedly generating millions for both the North Korean government and US-based accomplices.

IdeaLab has confirmed that sensitive data was stolen during a ransomware attack last October, attributed to the Hunters International group. The breach affected current and former employees and contractors, with 137,000 files leaked on the dark web, prompting the company to offer identity theft protection to impacted individuals.

Laboratory Services Cooperative has reported a significant data breach affecting 1.6 million individuals, with personal and medical information stolen during an October 2024 cyberattack. The organization is providing affected individuals with free credit monitoring and identity protection services while monitoring the dark web for any misuse of the stolen data.

A 19-year-old college student, Matthew D. Lane, pleaded guilty to charges related to a cyberattack on PowerSchool that extorted millions by threatening to leak sensitive personal data of millions of students and teachers. The attack involved breaching a telecommunications company to access and steal confidential information before demanding a ransom from PowerSchool and subsequently targeting individual school districts for further extortion.

Onsite Mammography, a Massachusetts medical provider, has reported a data breach that has compromised the personal and health information of over 350,000 patients. The breach, discovered in October 2024, involved unauthorized access to an employee's email account, leading to exposure of sensitive data including Social Security numbers and medical information. The company is offering affected individuals 12 months of free credit monitoring and identity protection services.

The article discusses the rising trend of synthetic business fraud, where cybercriminals create fake identities and businesses to exploit financial systems. This type of fraud is becoming increasingly sophisticated, leading to significant financial losses for companies and financial institutions. Experts emphasize the need for enhanced detection and prevention measures to combat this growing threat.

Sotheby's reported a data breach that occurred on July 24, affecting the financial account information and Social Security numbers of two Maine residents. The auction house has implemented safeguards to protect data but is now offering affected individuals 12 months of credit monitoring services following the incident. This breach follows a similar attack on Christie's in 2024, highlighting ongoing vulnerabilities in the auction industry.

Fairmont Federal Credit Union in West Virginia has notified approximately 187,000 individuals of a data breach that exposed sensitive personal information, including Social Security numbers and financial details. The breach, detected in January 2024, is linked to vulnerabilities in third-party software or employee phishing attacks, highlighting the ongoing cybersecurity challenges faced by smaller financial institutions. Affected individuals are being offered credit monitoring services while investigations into potential negligence and class-action claims are underway.

A data breach at Harbin Clinic has compromised the financial and personal information of over 210,000 patients, including names, addresses, Social Security numbers, and financial account details. The clinic advises affected individuals to monitor their financial accounts for suspicious activity as stolen data may end up on underground markets, posing risks of identity theft and fraud.

The Business Council of New York State has disclosed a data breach affecting over 47,000 individuals, with attackers accessing personal, financial, and health information between February 24 and 25. Although the breach was detected six months later, there is currently no evidence of fraud or identity theft related to the incident, and affected individuals will receive free credit monitoring services.

Over 250 million identity records have been leaked online, affecting citizens from seven countries including Turkey, Egypt, and Canada. The exposed data, which includes sensitive personal information such as ID numbers and addresses, was found on misconfigured servers, posing significant risks for identity theft and fraud. Researchers suspect a single entity may be behind the databases, though attribution remains unclear.

Hackers are employing a sophisticated phishing technique that leverages legitimate Microsoft links and Active Directory Federation Services (ADFS) to redirect users to a counterfeit site designed to steal Microsoft 365 logins. By utilizing a trusted domain for redirection, attackers can bypass standard security measures, including multi-factor authentication. Researchers recommend monitoring for ADFS redirects and scrutinizing Google ads for potential malicious links.

TransUnion reported a significant data breach in which hackers stole personal information from 4.4 million customers. The compromised data includes sensitive details that could potentially lead to identity theft and fraud. The company is working with law enforcement to investigate the breach and mitigate its impact on affected individuals.

Ascension, a major U.S. healthcare system, has disclosed a data breach affecting personal and health information of patients due to a vulnerability in third-party software used by a former partner. The breach impacted over 114,000 individuals in Texas and included sensitive data such as Social Security numbers and medical records. Ascension is offering two years of free identity monitoring services to those affected.

The State Bar of Texas has reported a data breach after the INC ransomware gang claimed responsibility and leaked samples of stolen data. The breach occurred between January 28 and February 9, 2025, but was only discovered on February 12, leading to notifications sent to affected members and the offer of credit monitoring services.

Former Disney employee Michael Scheuer was sentenced to three years in prison and fined nearly $688,000 for hacking into Disney's IT systems and altering restaurant menu information, including allergen details, in retaliation for his firing. Scheuer's actions caused significant disruptions, including a denial of service attack affecting multiple employees and unauthorized changes to menu designs and images. His criminal activities were uncovered following an FBI investigation that led to the seizure of his computer and evidence of his malicious actions.

A cyberattack on VeriSource Services has compromised the personal information of 4 million individuals, including names, addresses, and Social Security numbers. Discovered on February 28, 2024, the company is offering affected individuals 12 months of free credit monitoring and identity protection services.

Young Consulting, now operating as Connexure, has reported that over 1 million individuals were affected by a data breach attributed to a ransomware attack by the BlackSuit group. The breach, which occurred between April 10 and 13, 2024, compromised sensitive data including Social Security numbers and insurance information, with the victim count being updated multiple times since the incident. The company is offering credit monitoring and identity theft restoration services to those affected.

Liridon Masurica, a Kosovo national, has pleaded guilty to running the BlackDB.cc cybercrime marketplace, which sold stolen personal information and compromised accounts from 2018 to 2025. Arrested in December 2024 and extradited to the U.S., he faces multiple charges that could result in a maximum sentence of 55 years in prison. The investigation was coordinated by the FBI and Kosovo authorities, highlighting a broader crackdown on cybercrime marketplaces.

AT&T is investigating claims that approximately 86 million customer records are being sold on a cybercrime forum, believed to be a repackaging of data from a previous breach. The leaked information includes sensitive details such as dates of birth, phone numbers, and social security numbers, raising concerns about potential identity theft. AT&T is working to determine the origins of the data and has alerted law enforcement.

A user successfully utilized ChatGPT-4o to create a replica of his passport in just five minutes, raising significant concerns about the potential misuse of AI in generating fraudulent identification documents. This incident highlights the need for stronger security measures and monitoring of AI capabilities to prevent identity theft and other criminal activities.

Lee Enterprises reported that a recent ransomware attack impacted nearly 40,000 individuals, compromising personal information such as names and Social Security numbers. The company is offering affected individuals 12 months of free credit monitoring and identity protection services following the breach.

Kelly Benefits has reported a data breach affecting over 550,000 customers, where unauthorized access to its IT systems occurred between December 12-17, 2024. The compromised information includes personal details such as names, Social Security numbers, and health insurance data, prompting the company to offer credit monitoring services to affected individuals.

NASCAR confirmed that personal information, including names and Social Security numbers, was stolen during a ransomware attack that occurred between March 31 and April 3, 2025. The Medusa ransomware group has claimed responsibility, demanding a $4 million ransom for the return of the stolen data, while NASCAR offers impacted individuals credit monitoring services.

A significant rise in identity-based cyberattacks, driven by advanced phishing kits and infostealers, has led to a 156% increase in login-targeting attacks, making them 59% of all investigations by eSentire. Organizations are urged to adopt stronger security measures, such as passkeys, to combat the growing threat of business email compromise (BEC) and ransomware, which are often facilitated by phishing-as-a-service platforms.

Over 160,000 individuals were affected by a data breach at Wayne Memorial Hospital in Georgia, where hackers stole sensitive personal information, including Social Security numbers and financial data. The breach occurred between May 30 and June 3, 2024, during which ransomware was used to compromise the hospital's network. WMH is offering affected individuals 12 months of free credit monitoring and identity theft protection services.

Chess.com reported a data breach involving unauthorized access to a third-party file transfer application, affecting over 4,500 users' personally identifiable information. The platform has emphasized that its own infrastructure remains secure and no financial data was compromised, while offering impacted users identity theft protection services. Previous incidents include a massive scraping of user data due to an API flaw in November 2023.

SimonMed Imaging has notified over 1.27 million individuals about the compromise of their protected health information due to a cyberattack in January 2025. While the company confirmed data theft, there have been no reported cases of misuse, and affected individuals are being offered complimentary credit monitoring services.

Dior is notifying U.S. customers of a data breach that occurred on January 26, 2025, which compromised personal information such as names, contact details, and Social Security numbers. The breach is connected to a cyberattack attributed to the ShinyHunters group, affecting multiple brands under the LVMH umbrella. Affected individuals are being offered free credit monitoring and are advised to remain vigilant against potential scams.

Prospect, a UK trade union, has notified its members of a data breach that exposed sensitive personal information, including sexual orientation and disabilities, affecting up to 160,000 individuals. The breach occurred in June 2025, but members were only informed recently, and the union is offering credit and identity monitoring services to mitigate risks. Prospect is actively investigating the incident and has advised members to enhance their personal security measures.

A significant leak on a Russian forum has revealed sensitive information related to credit cards, with implications for users' financial security. The breach involves the exposure of personal data that could facilitate fraud and identity theft, raising concerns about cybersecurity measures in place.

New Yorkers are being targeted by a smishing campaign posing as the Department of Taxation and Finance, claiming to offer "Inflation Refunds" to steal personal and financial information. The state warns that eligible residents do not need to provide any information to receive their refunds, and any unsolicited requests for personal data via text or email are fraudulent. Governor Kathy Hochul emphasizes the importance of vigilance against such scams and encourages reporting to protect oneself.

A data breach involving Serviceaide has potentially exposed sensitive information of over 483,000 patients of Catholic Health between September 19 and November 5, 2024. Although there is no evidence of data being exfiltrated, affected individuals are being notified and offered 12 months of free credit monitoring and identity theft protection.

A data breach at Motility, a dealership software provider, has affected approximately 766,000 individuals, compromising sensitive information such as names, addresses, and social security numbers. The breach has raised concerns about the security measures in place and the potential for identity theft among those impacted.

Murphy Law Firm is investigating a data breach involving Century Support Services, which compromised the personal information of 160,759 individuals, including sensitive data such as Social Security numbers and financial information. The firm is evaluating legal claims and potential class action lawsuits for those affected by the breach.

Esse Health has notified over 263,000 patients that their personal and health information was compromised in a cyberattack that occurred on April 21, 2025. The breach resulted in the theft of sensitive data, although there was no evidence of stolen social security numbers, and the organization is offering free identity protection services to affected individuals. Restoration efforts suggest a ransomware attack, but no group has claimed responsibility for the incident.

Matthew D. Lane, a 19-year-old college student, was sentenced to four years in prison for his role in a cyberattack on PowerSchool that led to a significant data breach affecting millions of students and teachers. He pleaded guilty to multiple charges, including unauthorized access and cyber extortion, and was ordered to pay $14 million in restitution. The attack involved stealing sensitive data and demanding a ransom, with ongoing legal scrutiny surrounding PowerSchool's security practices.

A cybercriminal group, J Group, claims to have breached FAI Aviation Group, a German charter operator, leaking approximately 3TB of sensitive data including patient information, employee records, and internal documents. The breach raises concerns about identity theft and potential misuse of the leaked information, particularly in the context of the company's medical services.

A member of the Scattered Spider cybercrime group has pleaded guilty to charges related to identity theft and fraud. The individual was involved in a scheme that targeted various entities, leading to significant financial losses. This case highlights ongoing issues with cybercrime and the legal actions being taken against offenders.