Security news aggregator

Latest coverage for Leak

Data leaks can expose passwords, personal records, and business secrets, enabling identity theft, fraud, extortion, and follow-on cyberattacks.

11 headlines in this view

Refine the feed

Search across headline titles and summaries.

Tag briefing

Background for this topic.

Leak is the unauthorized disclosure or exposure of information to people or systems not meant to receive it. It may be deliberate or accidental and can involve personal data, credentials, API keys, source code, trade secrets, or internal documents. A leak can result from theft and publication, an employee sending data to the wrong recipient, or an exposed cloud storage bucket, database, log, repository, or backup. The term describes the exposure, not necessarily how attackers obtained it; reporting may refer to both confirmed disclosure and suspected exposure.

Security teams should establish what data was accessible, to whom, and for how long, while distinguishing evidence of access from mere exposure. Exposed passwords, tokens, and keys should be revoked or rotated quickly, and affected systems checked for reuse or further access. Personal or regulated data may trigger privacy and reporting obligations, while leaked proprietary material can require legal and threat-intelligence monitoring. Prevention includes least-privilege access, secret scanning, safe sharing controls, encryption where appropriate, and monitoring for misconfigured public resources.

Showing 11 most recent headlines Filtered view

Hackers Exploited Coding Error, Says Australian Communications and Media AuthorityHackers behind the leak of 10 million records from Australia's second-largest telecommunications carrier Optus exploited a vulnerability the company unwittingly inserted four years earlier into a web portal access control, said the Australian Communications and Media Authority.

Battle the Business Model With Business Resilience Planning, Failover CapabilitiesNever let ransomware become normalized. Businesses today are more likely that not to be hit by ransomware, but this doesn't mean we should ever let ransomware seem like a new normal, akin to death or taxes. We need expert business resilience and failover capabilities.

Bank Info Security 2 years ago

Qilin Ransomware Group Leaks NHS Data

The Group Published 104 Files It Says Come From NHS Hospitals in LondonA ransomware group late Thursday published information stolen during an attack that's led to postponed cancer treatment and organ transplant surgeries at two London National Health Service hospitals. The Qilin ransomware group hit Synnovis, a U.K. provider of medical lab services.

Attackers Demanding Up to $5 Million to Delete Stolen Data, Investigators ReportAttackers who stole terabytes of data from customers of Snowflake have been not only offering the data for sale on data leak marketplaces but also extorting some of the victims, demanding a ransom of $300,000 to $5 million each, security researchers report.

Russian-Speaking Gang Follows Typical Playbook; Critical Services Still DisruptedThe ransomware attack that disrupted U.K. pathology services provider Synnovis, continuing to cause thousands of canceled and delayed operations and appointments across London, reportedly featured a $50 million ransom demand from attackers, backed by the typical threat to leak stolen data.

Bank Info Security 2 years, 1 month ago

Australian Regulators Detail Medibank Hack: VPN Lacked MFA

Court Filing: Threat Actor Stole Admin Credentials From IT Service Desk ContractorMedibank's lack of MFA on its global VPN allowed a hacker to use credentials stolen from an IT services desk contractor to access the private health insurer's IT systems in 2022, leading to a dark web data leak affecting 9.7 million individuals, Australian regulators said in court documents.