> A non-password-protected database containing more than 600K records was exposed. The leaked data includes PII, real estate data, court records, vehicle records (license plate and VIN), background check documents and more.

> A Dublin cybersecurity researcher, Aaron Costello, has found that 1.1 million NHS employee records were leaked online because of improper configuration settings in Microsoft Power Pages, a software platform used by over 250 million people a month to build websites.

> The security breach is potentially life-threatening for those affected.

> The hacked data includes roughly 325,000 users' email addresses

> Ford is investigating allegations that it suffered a data breach after a threat actor claimed to leak 44,000 customer records on a hacking forum.

> A data breach at an unnamed French hospital exposed the medical records of 750,000 patients after a threat actor gained access to its electronic patient record system.

> Central Group is a multinational conglomerate in Thailand that describes itself as one of the largest private commercial conglomerates in Thailand with more than 50 subsidiaries and six key business lines. In October 2021, DataBreaches reported an attack on the Central Restaurant Group by threat actors called DESORDEN. When negotiations failed, DESORDEN revealed details about the scope of the attack. Now, it seems another threat actor has obtained data from another Central Group subsidiary.

> Breach date: 18 November 2024

> Compromised accounts: 892,854

> Compromised data: Dates of birth, Email addresses, Geographic locations, Names

> The financial technology firm Finastra is investigating the alleged large-scale theft of information from its internal file transfer platform, KrebsOnSecurity has learned. Finastra, which provides software and services to 45 of the world’s top 50 banks, notified customers of the security incident after a cybercriminal began selling more than 400 gigabytes of data purportedly stolen from the company.

> Ford is investigating allegations that it suffered a data breach after a threat actor claimed to leak 44,000 customer records on a hacking forum.

> Maxar has 2,600 employees — with more than half having security clearances to work on classified U.S. government projects.

> T-Mobile confirms it was hacked in the wave of recently reported telecom breaches conducted by Chinese threat actors to gain access to private communications, call records, and law enforcement information requests.

> The amount of data involved in the investigation is considerable, according to the Safety Investigation Authority of Finland (Otkes).

> The U.S. government has confirmed that hackers with links to China breached multiple U.S. telecommunication service providers to access the wiretap systems used by law enforcement to surveil Americans.

> Less-experienced users of Microsoft's website building platform may not understand all the implications of the access controls in its low- or no-code environment.

> The business contact information for 122 million people circulating since February 2024 is now confirmed to have been stolen from a B2B demand generation platform.

> Have I Been Pwned warns that an alleged data breach exposed the personal information of 56,904,909 accounts for Hot Topic, Box Lunch, and Torrid customers.

> The following is a machine translation.

> The data of approximately 200,000 citizens of Sector 5 (such as CNP, first and last name, address, among others) were put up for sale by the hackers who launched a cyber attack on the City Hall at the end of October. The attackers also gained access to platforms managed by the City Hall and to information such as discussions between employees or fines issued by the Local Police and patrol planning. The information was first published on the LinkedIn account of a cyber security specialist, Bogdan Albei , who runs a profile company – Stop Ransomware.

> Amazon has confirmed that employee data was compromised after a “security event” at a third-party vendor.