Safeguard
Tag

data-breach

Safeguard articles tagged "data-breach" — guides, analysis, and best practices for software supply chain and application security.

39 articles

Cloud Security

The S3 bucket security checklist every AWS team needs

AWS made Block Public Access the default for new S3 buckets in April 2023 — but the Capital One breach exposed 106 million records through IAM, not a bucket setting.

Jul 8, 20267 min read
Vulnerability Analysis

MOVEit Transfer (CVE-2023-34362) Explained: The SQL Injection Behind the Cl0p Mass Breach

CVE-2023-34362 is a SQL injection in Progress MOVEit Transfer that let unauthenticated attackers reach the database and drop a web shell. Cl0p used it to breach thousands of organizations.

Jul 5, 20265 min read
Data Breach

Carnival Data Breach (May 2026): 5.99M Records Lost via Salesforce Social Engineering

Carnival confirmed a breach affecting nearly 6 million people on May 28, 2026, after an attacker socially engineered an employee into granting access to its IT environment. Here is the verified chain and what defenders should do.

May 28, 202611 min read
Healthcare Security

NYC Health + Hospitals Vendor Breach: 1.8 Million Records, Including Biometrics, Exposed (May 2026)

A months-long intrusion through a third-party vendor exposed medical records, government IDs, geolocation, and fingerprint and palm-print biometrics for at least 1.8 million people at the largest U.S. public health system. We unpack the dwell time and the third-party blast radius.

May 19, 202613 min read
Data Breach

Instructure Canvas Breach (May 2026): Up to 275M Records and a Quiet Settlement

ShinyHunters claimed 3.65 TB and 275 million records from Instructure's Canvas LMS across ~9,000 schools. Instructure confirmed names, emails, student IDs, and user messages were taken, then reportedly paid to make it stop.

May 12, 202610 min read
Data Breach

Odido Telecom Breach: 6.2M Dutch Customers, Salesforce, and No Compensation (May 2026)

Odido, the Netherlands' largest mobile operator, exposed 6.2 million customers' data, including IBANs and ID details, via a vishing-driven Salesforce intrusion. In May 2026 the company ruled out compensation as mass claims mounted.

May 12, 202610 min read
Data Breach

Škoda Auto Online Shop Breach (12 May 2026): An E-Commerce Software Flaw and the Credential-Reuse Tail

Škoda Auto disclosed on 12 May 2026 that attackers exploited a vulnerability in its German online shop to steal customer names, contact details, order data, and login credentials. The card data was safe; the credentials are the part that keeps paying out.

May 12, 202614 min read
Application Security

What is API Security

API security explained: what it is, why APIs are the top breach vector, the OWASP API Top 10, real breaches, and how to test and monitor endpoints.

Mar 11, 20267 min read
Best Practices

What is a Data Breach

A data breach is unauthorized access to sensitive data. See real causes like MOVEit and Log4Shell, average costs, and how to prevent one.

Feb 14, 20267 min read
Container Security

The 2019 Docker Hub Database Breach Exposing User Credent...

In April 2019, Docker Hub exposed 190,000 accounts' credentials and GitHub/Bitbucket tokens. Here's what happened, what leaked, and why it still matters for supply chain security.

Nov 19, 20257 min read
Breach Analysis

Coinbase Social Engineering and Insider Threat: How Bribed Support Agents Led to a $400M Breach

Attackers bribed overseas Coinbase support agents to steal customer data, then demanded a $20M ransom. Coinbase refused to pay and disclosed everything.

May 15, 20256 min read
Breach Analysis

Dior Customer Data Breach 2025: Luxury Fashion's Cybersecurity Problem

Christian Dior disclosed a breach exposing customer personal data in May 2025. The luxury sector's data protection challenges are now front and center.

May 12, 20256 min read
data-breach — Safeguard Blog