For the second time within a year, Grubhub has suffered a data breach. Both the February 2025 attack and the latest attack appear to have been carried out by notorious hacking group ShinyHunters.
This attack is linked to a recent attack on Salesforce’s Drift, which allowed for the theft of Zendesk credentials, which Grubhub uses to run its online customer support chat. ShinyHunters is demanding ransom in the form of a Bitcoin payment to not post the stolen data on the dark web.
It’s currently unknown how many Grubhub users have been impacted or what exact types of information have been stolen in the attack, but the food delivery platform is working with cybersecurity experts to investigate and strengthen its systems against future threats.
(–Source: PC Mag on Yahoo! News
Read More: Grubhub Confirms New Data Breach, Hackers Reportedly Demand Ransom )
Researchers discovered a vulnerability in Google’s Fast Pair affecting Bluetooth headphones that support the technology. The flaw could allow unauthorized parties to complete the device and headphone pairing process without the user’s consent, giving the attacker the ability to fully control the audio device, and even track a victim’s location.
After the researchers shared their findings with Google, the software giant sent recommendations for fixing the issue to audio device manufacturers and is recommending that users of at-risk devices install the latest firmware update to prevent the attack.
(–Source: PC Mag on MSN
Read More: Update your headphones now: Google Fast Pair flaw may let hackers track you )
Over the course of 2 months, hackers targeting Central Maine Healthcare had access to the company’s systems, accessing sensitive data belonging to 145,000 patients.
The health organization didn’t notice suspicious activity within its systems until June, but after investigation, it was revealed that the hackers had been lurking in its systems since mid-March.
Central Maine is offering victims free identity theft and credit monitoring services following the incident which compromised highly sensitive information including names, Social Security numbers, and in some cases, home addresses and health/treatment information including health insurance details.
(–Source: Cybernews
Read More: 145K exposed after hacker hit of Maine’s largest health systems | Cybernews )
659 customers of JPMorgan Chase have had their personal and financial information exposed after a law firm partnered with the bank was breached.
The incident occurred in late October and was not discovered until 4 days after it began. Information compromised in this attack may include bank account numbers, SSNs, passport or other government ID numbers, and contact information.
Impacted customers are being offered two years of free credit monitoring and have been advised to keep an eye on suspicious online activity or account statements during that time.
(–Source: The Daily Hodl
Read More: JPMorgan Chase Issues Data Breach Warning, Says Customers’ Bank Account Numbers and Personal Information Exposed in Third-Party Hack – The Daily Hodl )
The Canadian Investment Regulatory Organization (CIRO) suffered a data breach in August 2025 and concluded its investigation last week, determining that around 750,000 Canadian investors have had their personal information compromised.
Login information remains secure, but other data including birthdates, contact information, income, social insurance numbers, government ID numbers, investment account numbers, and account statements have been affected, with the type of compromised data varying per individual.
All affected investors will be receiving free credit and identity theft monitoring services for 2 years, even though CIRO’s in-depth investigation found no evidence of the stolen data being misused or posted on the dark web.
(–Source: BleepingComputer
Read More: CIRO confirms data breach exposed info on 750,000 Canadian investors )
Nearly 304,000 Minnesotans have had their personal data compromised after a licensed health care provider’s affiliated accessed data in a Minnesota Department of Human Services system without authorization.
The affiliate did have access to limited information within the system but “accessed more data than was reasonably necessary to perform work assignments.” There are currently no signs that the data has been misused, and the Office of Inspector General is monitoring billing information looking for evidence of fraud committed with the stolen data.
The improperly accessed information includes names, sex, birthdates, contact information, home address, Medicaid ID numbers, last 4 digits of SSNs, and in some cases, demographic information.
(–Source: Minneapolis Star Tribune on MSN
Read More: Minnesota Department of Human Services data breach impacts 300K )
The Everest ransomware gang’s November 2025 data breach on Under Armour has become more widely known after Have I Been Pwned got a copy of the data and notified 72 million people that their information has been compromised.
The clothing company has responded and verified that they are aware of the claims and that investigation is ongoing with third-party cybersecurity experts. It’s currently unclear exactly how many people are impacted or if the company plans to notify affected customers.
(–Source: TechCrunch
Read More: Under Armour says it’s ‘aware’ of data breach claims after 72M customer records were posted online | TechCrunch )
