In today’s cybersecurity news…
Coupang recovers laptop allegedly thrown into river
South Korean e-commerce giant Coupang says it recovered a MacBook Air allegedly used by a former employee who leaked customer data, after the device was weighted with bricks and thrown into a river in an apparent attempt to destroy evidence. Coupang says forensic analysis shows the employee accessed data from about 33.7 million accounts and retained information from roughly 3,000 users, with no evidence of data being sold. Coupang announced a 1.685 trillion won ($1.18 billion) voucher compensation plan during its investigation. (The Record)
Trust Wallet reports 2k+ wallets drained
Trust Wallet says attackers drained about $7 million from 2,596 cryptocurrency wallets after compromising its Chrome browser extension on December 24th. The malicious update exfiltrated wallet data, and while the attacker accessed that many wallets, Trust Wallet says it is reimbursing affected users and investigating how a leaked Chrome Web Store API key may have allowed the rogue release. (BleepingComputer)
Sax discloses 2024 data breach
Sax, a top US accounting firm, says a cyberattack detected in August 2024 exposed personal data tied to about 228,876 people, but the company apparently didn’t complete its investigation or begin notifications until more than a year later. Stolen data may include names, dates of birth, Social Security numbers, and government ID details. No ransomware group has claimed responsibility. Sax is offering a year of credit monitoring. (SecurityWeek)
Korean Air shares supplier attack
Korean Air disclosed a data breach after its in flight catering and duty free subsidiary Korean Air Catering and Duty Free, or KC&D, was hacked, exposing personal data tied to about 30,000 airline employees. The airline says customer data was not affected and that the leaked information appears limited to employee names and account numbers stored on KC&D’s ERP system. The Clop ransomware group has claimed responsibility for the KC&D attack and says it has already leaked the stolen data. (Security Affairs)
Huge thanks to our sponsor, ThreatLocker
Nexpublica France fined by CNIL
France’s data protection regulator CNIL fined software company Nexpublica France €1.7 million over cybersecurity failures that led to a data breach. Regulators said the company knew about security weaknesses before a November 2022 incident that let users access third party documents, but didn’t fix them until after the breach, violating GDPR rules. CNIL said the fine reflects the sensitivity of the data, the number of people affected, and Nexpublica’s lack of basic security safeguards. (The Record)
Criminals disconnect Wired subscribers from their privacy
An extortion group called Lovely has begun leaking subscriber data tied to Condé Nast after claiming the publisher ignored warnings about security flaws. The group published 2.3 million Wired subscriber email addresses, along with names, home addresses, phone numbers, and account metadata, and says it holds more than 40 million additional records across Condé Nast titles. Researchers from Hudson Rock say the data appears authentic and likely stems from infostealer malware, though no payment card data has surfaced. (The Register)
Aflac data breach affects millions
Aflac says personal data tied to about 22.65 million people was stolen in a June 2025 cyberattack on its U.S. systems, including names, addresses, Social Security numbers, government IDs, and medical and insurance information. The insurer said the intrusion was part of a broader campaign targeting the insurance industry, did not involve ransomware, and has not yet led to known fraud, though affected customers, employees, and agents are being offered two years of credit and identity protection. (SecurityWeek)
Romanian energy provider hit by ransomware
Romania’s largest coal-based energy producer, Oltenia Energy Complex, says a ransomware attack over Christmas disrupted its IT systems, encrypting files and knocking ERP, email, and document management services offline, though power generation was not affected. The company is rebuilding systems from backups, assessing whether data was stolen, and has reported the incident to national cyber and law enforcement authorities. The attack is attributed to the Gentlemen ransomware group. (BleepingComputer)