The breach occurred on December 7, 2024, and was discovered on February 27, 2025. The datasets ranged from 16 million to more than 3.5 billion records each, averaging around 550 million. Researchers noted this is not old data being reused, but fresh credentials that could lead to account takeovers, phishing, or business email compromise.
How Shadow AI Costs Companies $670K Extra: IBM’s 2025 Breach Report
This breach underscored the importance of organizations conducting regular data inventories and purging or securely archiving legacy data that is no longer needed. Sensitive data from previous years must be treated with the same level of security as live data. The accessed data also contained comprehensive voter analysis based on Reddit post activity which could be used to predict how somebody would vote on a particular issue.
- Salesforce said it is working with authorities and reiterated that its core systems remain uncompromised, linking the incidents to unauthorized third party apps.
- Officials say on May 1, 2026, Instructure, the parent company of Canvas, notified Wayzata Public Schools that hackers had accessed certain systems within their environment.
- The sensitivity of the information processed by Equifax makes this breach unprecedented, and one of the largest data breaches to date.
- Migliaccio & Rathod LLP is investigating the Interstate Management Data Breach, impacting 22,743 individuals and their personal information.
- This isn’t the first time ShinyHunters has victimized education-technology vendors.
Where financial firms are investing in security — and how it can help
However, while the AWS bucket remained misconfigured, cybercriminals may have clandestinely exfiltrated the exposed data. While it isn’t clear how hackers gained access to accounts, it’s speculated that weak passwords are to blame. To prevent further breaches, Nintendo posted a tweet asking members to enable 2-step authentication.
Managing vulnerabilities
Join Tenable’s Research Special Operations (RSO) Team on Tenable Connect for further discussions on the latest cyber threats. As of the most recent update posted Monday, Proud wrote that Canvas Data 2 and Beta “should now be available for all customers,” while another version of the LMS, Canvas Test, remains under maintenance. While Instructure says it has contained the attack, experts say it points to the added value cyberattackers see in going after third-party vendors instead of individual institutions. After the merger, Interstate Management Company, LLC continued to function as a legal operating entity within the Aimbridge Hospitality structure.
Adelphi UK Breach Claim: 16 Feb Leak Threat
Private entities and individuals who are experiencing a cybersecurity-related incident should contact your local law enforcement agency for assistance. If the organization that was breached offers this service for free, it’s highly recommended you https://sellrentcars.com/news/climbing-search-rankings-seo-technical-maintenance-done-right.html enroll. In the Ameriprise breach, a cybercriminal network called ShinyHunters carried out the heist. ShinyHunters is a digital extortion group that often steals sensitive information from companies or individuals and threatens to leak it in exchange for a ransom. The cybercriminal network was also allegedly at the center of a Mercer Advisors data breach last month.
