Privacy Roundup #0229 • August 2025
August 2025 was dominated by a wave of Salesforce supply chain breaches, fresh fights over encryption and age checks, and court wins against intrusive data collection.
1. Google confirms data theft in Salesforce attacks
Google said one of its Salesforce systems was breached by the ShinyHunters group, which tricked staff into handing over access. The stolen records held contact details for small and medium business customers.
2. TransUnion breach hits 4.4 million people
The credit reporting firm said hackers took names, addresses, dates of birth and Social Security numbers from its Salesforce account. No credit reports or core credit data were touched.
3. Torture Victim's Landmark Hacking Lawsuit Against Spyware Maker Can Proceed, Judge Rules
A federal judge in Oregon ruled that a Saudi activist may sue the spyware firm DarkMatter and three former executives for hacking her iPhone. The court let her claims proceed under the Computer Fraud and Abuse Act, the first time such a human rights case has gone this far.
4. Workday discloses breach after Salesforce attacks
The HR software firm said attackers posing as IT staff tricked employees and reached a third party customer system. The thieves took business contact details such as names, email addresses and phone numbers.
5. Salesloft Drift breach hits more than 700 firms
Google warned that stolen tokens for the Salesloft Drift tool let attackers raid Salesforce data at hundreds of organisations. The thieves searched the haul for passwords and cloud keys to reach further systems.
6. Pandora confirms customer data breach
The jewellery firm said names, dates of birth and email addresses were taken from its Salesforce database. The breach formed part of the same campaign of social engineering against support staff.
7. Bouygues Telecom breach exposes 6.4 million
The French operator said attackers reached the data of 6.4 million accounts, including contact details and bank account numbers. Card numbers and account passwords were not part of the theft.
8. Orange Belgium breach affects 850,000
The carrier said attackers took names, phone numbers, SIM card numbers and PUK codes from 850,000 customers. The exposed SIM and PUK data raised fears of SIM swap fraud.
9. Air France and KLM disclose customer breach
The airlines said attackers reached a third party support platform and took names, contact details and loyalty numbers. Passwords, passports and card data were not affected.
10. Farmers Insurance breach impacts 1.1 million
The insurer began notifying 1.1 million customers after a third party database tied to Salesforce was breached. The stolen data held names, dates of birth, driving licence numbers and partial Social Security numbers.
11. Columbia University breach hits 870,000 people
The university said a politically driven attacker took Social Security numbers, financial aid records and some health data. The breach reached students, applicants, alumni and staff.
12. Connex Credit Union breach exposes 172,000
The Connecticut lender said attackers reached files holding names, account numbers, Social Security numbers and government identity details. Members were told two months after the intrusion.
→ www.infosecurity-magazine.com
13. Pennsylvania Attorney General confirms ransomware breach
The office said a ransomware attack exposed Social Security numbers and medical information. The attack knocked out email, phones and case systems for about three weeks.
14. Women sue Tea app after data leak
Users of the women only dating safety app filed class actions after a breach spilled photos, identity documents and private chats. The leaked records led to online harassment of the women involved.
15. Jury finds Meta broke California privacy law over Flo
A federal jury ruled that Meta unlawfully collected reproductive health data from users of the Flo period tracking app. The jury found Meta had no consent to gather the sensitive information for advertising.
16. UK drops its Apple encryption backdoor demand
US officials said Britain agreed to abandon its secret order for Apple to provide access to encrypted files. The deal protects American users, though questions remained about UK customers.
17. FTC warns firms not to weaken encryption for foreign powers
The FTC chairman wrote to more than a dozen technology firms warning against censoring speech or breaking encryption to satisfy foreign laws. The letters named the UK Online Safety Act and Investigatory Powers Act as risks.
18. Security researcher maps hundreds of TeslaMate servers spilling Tesla vehicle data
A researcher found more than 1,300 self hosted TeslaMate dashboards exposed online without any password. The open servers leaked owners' location histories, charging habits and recent trips for anyone to read.
19. Russian government hackers said to be behind US federal court filing system hack: Report
Reports said Russian state hackers breached the federal courts PACER and case filing systems and read sealed criminal records. The stolen files may have exposed the identities of confidential informants and other protected documents.
20. EU Chat Control plan heads for a decisive vote
A Polish compromise to ease the deadlock over the EU message scanning law failed, leaving the proposal heading towards a Council vote. Critics warned that the plan still threatened encryption and mass surveillance.
Enjoyed this post?
Well, you could share the post with others, follow me with RSS Feeds and/or send me a comment via email.
Tags
Category:
Year: