Insight Partners Ransomware Attack Exposes Data of Thousands of Individuals  Insight Partners, a New York-based venture capital and private equity firm, is notifying thousands of individuals that their personal information was compromised in a ransomware attack. The firm initially disclosed the incident in February, confirming that the intrusion stemmed from a sophisticated social engineering scheme that gave attackers access to its systems. Subsequent investigations revealed that sensitive data had also been stolen, including banking details, tax records, personal information of current and former employees, as well as information connected to limited partners, funds, management companies, and portfolio firms.  The company stated that formal notification letters are being sent to all affected parties, with complimentary credit monitoring and identity protection services offered as part of its response. It clarified that individuals who do not receive a notification letter by the end of September 2025 can assume their data was not impacted. According to filings with California’s attorney general, which were first reported by TechCrunch, the intrusion occurred in October 2024. Attackers exfiltrated data before encrypting servers on January 16, 2025, in what appears to be the culmination of a carefully planned ransomware campaign. Insight Partners explained that the attacker gained access to its environment on or around October 25, 2024, using advanced social engineering tactics.  Once inside, the threat actor began stealing data from affected servers. Months later, at around 10:00 a.m. EST on January 16, the same servers were encrypted, effectively disrupting operations. While the firm has confirmed the theft and encryption, no ransomware group has claimed responsibility for the incident so far. A separate filing with the Maine attorney general disclosed that the breach impacted 12,657 individuals. The compromised information poses risks ranging from financial fraud to identity theft, underscoring the seriousness of the incident.  Despite the scale of the attack, Insight Partners has not yet responded to requests for further comment on how it intends to manage recovery efforts or bolster its cybersecurity posture going forward. Insight Partners is one of the largest venture capital firms in the United States, with over $90 billion in regulatory assets under management. Over the past three decades, it has invested in more than 800 software and technology startups globally, making it a key player in the tech investment ecosystem.  The breach marks a significant cybersecurity challenge for the firm as it balances damage control, regulatory compliance, and the trust of its investors and partners.

Insight Partners Ransomware Attack Exposes Data of Thousands of Individuals #Bankingdataleaks #customerdatacompromise #CyberAttacks

Manpower Data Breach Hits 145,000 After RansomHub Ransomware Attack  Manpower, one of the world’s largest staffing and recruitment companies, has confirmed that nearly 145,000 individuals had their personal data compromised following a ransomware attack in late December 2024. The company, which operates as part of ManpowerGroup alongside Experis and Talent Solutions, employs more than 600,000 workers across 2,700 offices worldwide and reported $17.9 billion in revenues last year.  The breach came to light after the company investigated a systems outage at a Lansing, Michigan, franchise in January 2025. According to a filing with the Office of the Maine Attorney General, attackers gained unauthorized access to Manpower’s network between December 29, 2024, and January 12, 2025. In notification letters sent to affected individuals, Manpower revealed that certain files may have been accessed or stolen during this time. The company stated that the breach potentially exposed personal information, though the full scope of data compromised remains undisclosed.  On July 28, 2025, the staffing firm formally notified 144,189 individuals that their data may have been involved in the incident. Following the discovery, Manpower announced that it had implemented stronger IT security measures and is cooperating with the FBI to pursue those responsible. To mitigate the impact on victims, the company is also offering complimentary credit monitoring and identity theft protection services through Equifax.  The ransomware group RansomHub has claimed responsibility for the attack. In January, shortly after Manpower disclosed the incident, the group alleged that it had stolen 500GB of sensitive files from the company’s systems. According to RansomHub, the stolen trove included personal and corporate records such as passports, Social Security numbers, contact details, financial documents, HR analytics, and confidential contracts. The gang initially published details of the breach on its dark web site but later removed Manpower’s listing, raising speculation that a ransom may have been paid to prevent further data leaks.  RansomHub is a ransomware-as-a-service (RaaS) operation that emerged in early 2024, evolving from earlier groups known as Cyclops and Knight. Since then, it has been linked to numerous high-profile attacks against global organizations, including Halliburton, Kawasaki’s European operations, Christie’s auction house, Frontier Communications, Planned Parenthood, and the Bologna Football Club. The group was also behind the leak of data stolen in the massive Change Healthcare cyberattack, one of the largest breaches in the U.S. healthcare sector, impacting more than 190 million individuals.  Last year, the FBI reported that RansomHub affiliates had breached over 200 critical infrastructure organizations across the United States, further underlining the group’s reach and persistence. While ManpowerGroup has not confirmed the exact nature of the stolen data or whether negotiations occurred, a company spokesperson clarified that the incident was confined to an independently operated franchise in Lansing. The spokesperson emphasized that the franchise runs on a separate platform, meaning no ManpowerGroup corporate systems were compromised. The breach highlights the growing risks ransomware attacks pose to global enterprises, particularly those handling large volumes of sensitive employee and client data. It also reflects how threat actors like RansomHub continue to exploit vulnerabilities in third-party and subsidiary operations, targeting organizations indirectly when direct access to corporate systems is more difficult.

Manpower Data Breach Hits 145,000 After RansomHub Ransomware Attack #customerdatacompromise #CyberAttacks #DataBreaches

SABO Fashion Brand Exposes 3.5 Million Customer Records in Major Data Leak  Australian fashion retailer SABO recently faced a significant data breach that exposed sensitive personal information of millions of customers. The incident came to light when cybersecurity researcher Jeremiah Fowler discovered an unsecured database containing over 3.5 million PDF documents, totaling 292 GB in size. The database, which had no password protection or encryption, was publicly accessible online to anyone who knew where to look.  The leaked records included a vast amount of personally identifiable information (PII), such as names, physical addresses, phone numbers, email addresses, and other order-related data of both retail and business clients. According to Fowler, the actual number of affected individuals could be substantially higher than the number of files. He observed that a single PDF file sometimes contained details from up to 50 separate orders, suggesting that the total number of exposed customer profiles might exceed 3.5 million.  The information was derived from SABO’s internal document management system used for handling sales, returns, and shipping data—both within Australia and internationally. The files dated back to 2015 and stretched through to 2025, indicating a mix of outdated and still-relevant information that could pose risks if misused. Upon discovering the open database, Fowler immediately notified the company. SABO responded by securing the exposed data within a few hours.  However, the brand did not reply to the researcher’s inquiries, leaving critical questions unanswered—such as how long the data remained vulnerable, who was responsible for managing the server, and whether malicious actors accessed the database before it was locked. SABO, known for its stylish collections of clothing, swimwear, footwear, and formalwear, operates three physical stores in Australia and also ships products globally through its online platform.  In 2024, the brand reported annual revenue of approximately $18 million, underscoring its scale and reach in the retail space. While SABO has taken action to secure the exposed data, the breach underscores ongoing challenges in cybersecurity, especially among mid-sized e-commerce businesses. Data left unprotected on the internet can be quickly exploited, and even short windows of exposure can have lasting consequences for customers.  The lack of transparency following the discovery only adds to growing concerns about how companies handle consumer data and whether they are adequately prepared to respond to digital threats.

SABO Fashion Brand Exposes 3.5 Million Customer Records in Major Data Leak #customerdatacompromise #customerdataleak #customerdataprivacy

Scattered Spider Cyberattack Cripples M&S, Co-op: DragonForce Ransomware Causes Weeks-Long Disruption  Weeks after a significant cyberattack disrupted operations at major British retailers, companies like Marks & Spencer (M&S) and Co-op are still struggling to restore full functionality. Despite public reassurances, the scope of the attack is proving more serious than initially acknowledged. M&S CEO Stuart Machin recently confirmed that personal customer data had been accessed, prompting the company to require password resets for online accounts. Online orders on the M&S website remain suspended weeks after the breach, and no clear timeline has been offered for full recovery.  The attack first became public on April 25 when M&S halted its online operations due to a cyber intrusion. Within days, Co-op revealed it had also been targeted in an attempted hack, which disrupted several services. Harrods, another luxury retailer, was also reportedly affected during this wave of cyberattacks. While M&S is still unable to process online sales, Co-op has only just resumed stocking its shelves, and both companies remain silent about when operations might return to normal. Government officials have weighed in on the seriousness of the incident.  Cabinet Office Minister Pat McFadden called the attack a “wake-up call” for British businesses, highlighting the urgent need for enhanced cybersecurity protocols. Financial losses have been steep. M&S is reportedly losing £3.5 million per day while its website remains offline, and its stock has dropped by an estimated half a billion pounds in market value. Co-op also disclosed that customer data had been compromised, and they experienced issues with card payments at the height of the disruption.  Investigations suggest the cybercriminal group known as Scattered Spider is responsible. Known for targeting large enterprises, the group is believed to have used a ransomware strain called DragonForce to paralyze systems. According to cybersecurity experts, the attackers may have exploited unpatched vulnerabilities and misconfigured systems to gain entry. Reports indicate they employed SIM-swapping tactics to hijack phone numbers and impersonate employees, fooling IT help desks into granting system access. Once inside, the hackers are believed to have compromised Microsoft Active Directory—a central hub that connects internal networks—potentially gaining access to crucial files and passwords.  Though it’s unlikely they decrypted these password files directly, the level of access would have allowed them to severely disrupt internal systems. Experts say this level of infiltration can cripple multiple areas of a business, making recovery extremely challenging without a full rebuild of core IT infrastructure. One reason for the prolonged disruption may be that both M&S and Co-op chose not to pay the ransom, in line with UK government advice. While this decision aligns with best practices to avoid funding cybercrime, it also means recovery will take significantly longer.  Despite the chaos, M&S has emphasized that no payment information or account passwords were compromised. The company is urging customers to reset their passwords for peace of mind and has provided guidelines on staying safe online. Co-op has resumed deliveries to most of its stores but acknowledged that some shelves may still lack regular stock. Empty shelves and apology signs have appeared across affected stores, as customers share their frustrations online.  This incident underscores the growing threat posed by sophisticated cybercriminals and the urgent need for companies to prioritize cybersecurity. From exploiting human error to using advanced ransomware tools, the tactics are evolving, and so must the defenses.

Scattered Spider Cyberattack Cripples M&S, Co-op: DragonForce Ransomware Causes Weeks-Long Disruption #Coop #customerdatacompromise #CyberAttacks