CybserSecurity News

Tag: Financial Data

  • Play Ransomware Claims Breach of Defense Contractor ADC Aerospace, Stealing Client Data

    The American manufacturer of aerospace and defense components ADC Aerospace has come under scrutiny following a potential cyberattack: a post on the underground leak site operated by the ransomware group Play claims that corporate data and customer documents have been compromised.

    According to the attackers’ publication, they allegedly obtained access to client documentation, budgetary and financial records, payroll data, identification documents, and other confidential personal information. No proof-of-compromise samples were provided, making it impossible at present to verify the authenticity of these claims. Such announcements often serve as an initial warning to a victim—an attempt to pressure the organization before formal ransom demands begin.

    If the breach is confirmed, the consequences for ADC Aerospace could be severe. Stolen data may surface on shadow marketplaces, where information concerning contractors in the U.S. defense sector is traditionally in high demand. Particularly troubling is the potential exposure of employee payroll records, which contain a rich set of personal identifiers that can easily facilitate identity theft.

    The combination of financial and personal data dramatically expands the threat landscape for social-engineering attacks. With such information in hand, attackers can craft highly credible narratives—posing as industry representatives—to gain deeper access to internal systems.

    The risks are amplified by ADC Aerospace’s position within global supply chains. The company supplies components to major industry players, including Northrop Grumman, Collins Aerospace, Philips, Honeywell, and other leading defense and aerospace firms—potentially broadening the network of affected partners.

    The Play group is considered one of the most active ransomware operations in recent years. In August, it claimed responsibility for an attack on Jamco Aerospace, a supplier of components for both civilian and military aircraft, serving clients such as the U.S. Navy, Boeing, and Northrop Grumman. Play has also been linked to attacks on the Palo Alto County Sheriff’s Office in Iowa, the Donald W. Wyatt maximum-security prison in Rhode Island, cloud provider Rackspace, the German hotel chain H-Hotels, and the French division of BMW.

    According to Adlumin, Play was among the first groups to adopt intermittent encryption, a technique in which only select segments of the file system are encrypted. This accelerates operational disruption and data extraction, and the method has since been adopted by other prominent ransomware collectives, including ALPHV/BlackCat, DarkBit, and BianLian.

    ADC Aerospace has not yet issued an official statement regarding the extortionists’ claims. As of publication, Cybernews was unable to obtain a response from the company.

  • Vietnam’s National Credit Bureau Hacked: ShinyHunters Claims Massive Data Breach

    Some data breaches achieve global notoriety due to the sheer magnitude of those affected — such as the 2019 Facebook scraping incident, which exposed the records of 553 million users. Others unfold as national catastrophes: in 2019, a misconfigured database revealed the personal details of nearly the entire population of Ecuador; in 2006, an insider breach compromised almost all citizens of Israel; in 2016, an open voter database exposed data on more than 75% of Mexico’s population; and in 2024, the UnitedHealth Change Healthcare attack stripped 190 million Americans of their privacy.

    Now, Vietnam joins this grim list. The group ShinyHunters has claimed responsibility for an attack on the Vietnam Credit Information Institute (CIC), the state-run National Credit Information Center overseen by the country’s central bank. This institution manages the registration, collection, processing, and storage of credit data, conducts risk analyses, and issues credit reports for both individuals and businesses. It also assigns credit ratings and produces specialized financial intelligence products.

    In closed Telegram channels, ShinyHunters boasted that Vietnam was “taken in 24 hours.” Meanwhile, on a hacking forum, they listed the full dataset for sale, attaching a large sample as proof. The advertisement described the trove as containing “highly sensitive information,” including personal details, credit payment records, risk assessments, credit card data (requiring decryption of the FDE algorithm), tax and military identifiers, government-issued IDs, income statements, debt records, and more.

    The site DataBreaches.net reached out to ShinyHunters to clarify the scale, noting that Vietnam’s population is just under 102 million. The hackers explained that the dump contained historical records, making it impossible to calculate the exact number of unique individuals, but insisted it covered the entire population. According to them, the tables held a staggering three billion rows of data. They claimed access was gained through an n-day vulnerability in software no longer supported — meaning no patch was available.

    ShinyHunters stressed that no ransom demands were made, as they believed CIC would not respond. DataBreaches submitted an official inquiry to the center itself, but as of publication, no reply had been received. Thus, while the hackers’ evidence appears credible, their claims remain unverified.

    The group also addressed attribution, stating that the operation was not linked to Scattered Spider or Lapsus$, but was entirely their own. They admitted that confusion over their identity has long persisted, with many in the community believing them to be separate collectives, a misunderstanding they have yet to resolve.

    If confirmed, this would rank as Vietnam’s largest breach of personal and financial data and one of the most devastating in Asia. Beyond basic identifiers, it places at risk detailed credit histories, tax records, and even military documents. For a nation where the National Credit Information Center is central to the financial system, such a breach could erode public trust in institutions and provide fertile ground for widespread fraud and exploitation.

  • Apple Reseller Humac Hacked: Kraken Group Leaks Sensitive Company Data on Dark Web

    The largest reseller of Apple products in Northern Europe—Humac—has fallen victim to a cyberattack, a fact revealed following the publication of company data on the dark web portal operated by the Kraken group. The perpetrators claim to have obtained confidential information, including financial reports, customer records, and other sensitive materials.

    The name Humac appeared on Kraken’s leak site, which serves as both a showcase of their cyber exploits and a pressure tactic against victims. According to the hackers, they are in possession of internal company documents, employee data, database samples, and various other critical assets.

    Humac is owned by the Italian firm C&C, Apple’s largest official partner in Europe. With more than 120 retail stores across the continent, the data breach threatens not only the company’s reputation but also the financial stability of its operations.

    Cybernews experts analyzed the released samples of stolen data and concluded that they appear to be authentic. Among the leaked materials are indeed employee files, internal corporate documents, and fragments of operational database records.

    Experts warn that such breaches are particularly perilous for firms deeply integrated with global brands. These companies become prime targets for cybercriminals due to the valuable data they manage—information that can be weaponized for future attacks or sold on the black market.

    Of particular concern is the exposure of Humac’s employee information. Analysts caution that this data could be exploited to launch targeted phishing campaigns aimed at breaching Apple’s internal support systems. Additionally, the stolen trove may include clients’ personal details—contact information, addresses, and financial data—which are always of high interest to criminal syndicates.

    The Kraken group, responsible for the breach, is a relatively recent entrant to the cybercriminal underworld. First observed in February 2025, it is believed to consist of former members of the notorious HelloKitty group, which rebranded last year as HelloGookie. Such renaming and structural reshuffling are standard tactics among cybercrime syndicates to obscure their tracks and evade prosecution.

    Since the beginning of 2025, Kraken has reportedly targeted at least thirteen organizations—a figure that underscores the group’s aggressive expansion and ongoing search for high-value corporate victims.