data-breach
Safeguard articles tagged "data-breach" — guides, analysis, and best practices for software supply chain and application security.
39 articles
Nova Scotia Power Cyber Incident: When Critical Infrastructure Gets Hit
Nova Scotia Power disclosed a cyber incident in April 2025 that compromised customer data. The attack highlights the persistent vulnerability of utility companies.
PowerSchool Breach: 62M Students, $2.85M Ransom, Cascading Extortion
PowerSchool's December 2024 breach exposed data on roughly 62M students and 9.5M teachers through a compromised support-portal credential and triggered downstream extortion of school districts months later.
Snowflake Customer Data Breaches: 165 Organizations Hit by Credential Theft Campaign
Attackers used stolen credentials from infostealer malware to access Snowflake customer accounts without MFA, compromising data at Ticketmaster, Santander, AT&T, and over 160 other organizations.
OpenAI Internal Breach: What the 2023 Forum Hack Reveals About AI Company Security
Reports emerged that a hacker accessed OpenAI's internal messaging systems in early 2023, raising questions about AI company security practices and the risks of concentrated AI development.
Dell Data Breach Exposes 49 Million Customer Records via API Abuse
In May 2024, Dell Technologies disclosed a breach exposing 49 million customer records after a threat actor exploited a partner portal API to scrape names, addresses, and purchase details, then attempted to sell the data online.
Sisense Data Breach: When Your Analytics Platform Becomes the Threat
CISA issued a rare advisory urging Sisense customers to reset credentials after attackers compromised the business intelligence platform, potentially accessing customer data across thousands of organizations.
AT&T Data Breach: 73 Million Customer Records Surface on the Dark Web
In March 2024, AT&T confirmed that a dataset containing personal information of approximately 73 million current and former customers, including encrypted passcodes, had been published on the dark web, three years after its initial appearance.
Change Healthcare Breach: The Worst Healthcare Data Breach in U.S. History
In February 2024, a ransomware attack on Change Healthcare paralyzed the U.S. healthcare payment system for weeks and ultimately exposed the personal health data of over 100 million Americans, making it the largest healthcare data breach ever recorded.
Bank of America Breach via Infosys McCamish Exposes 57,000 Customers
In February 2024, Bank of America disclosed that a ransomware attack on its service provider Infosys McCamish Systems had compromised the personal and financial data of over 57,000 customers, highlighting the cascading risk of vendor supply chain attacks.
Trello API Scraping Exposes 15 Million User Accounts
In January 2024, a threat actor used an insecure Trello API endpoint to scrape and correlate email addresses with Trello account data for over 15 million users, then posted the dataset on a hacking forum.
VF Corporation Ransomware Attack Disrupts Vans, North Face, and Timberland
In December 2023, VF Corporation, parent company of Vans, The North Face, and Timberland, suffered a ransomware attack that disrupted order fulfillment and exposed personal data of 35.5 million customers during the critical holiday shopping season.
Xfinity Breach via Citrix Bleed Exposes 35.9 Million Customers
In December 2023, Comcast's Xfinity division disclosed that attackers exploiting the Citrix Bleed vulnerability had accessed personal data of 35.9 million customers, including usernames, hashed passwords, and partial Social Security numbers.