Yazılar

Hacker Group Claims Theft of Nearly 1 Billion Salesforce Records; Company Denies Breach

/in /tarafından

A hacker collective calling itself “Scattered LAPSUS$ Hunters” claims to have stolen nearly 1 billion records linked to Salesforce, the global cloud software giant, by targeting companies that use its platform. The group—believed to be behind recent ransomware attacks on major U.K. retailers including Marks & Spencer, Co-op, and Jaguar Land Rover—told Reuters the stolen data contains personally identifiable information (PII).

Salesforce, however, firmly denied that its systems were compromised. “At this time, there is no indication that the Salesforce platform has been compromised, nor is this activity related to any known vulnerability in our technology,” a company spokesperson said.

One hacker, identifying themselves as “Shiny,” told Reuters that the group did not directly hack Salesforce infrastructure but instead exploited its customers through “vishing”—a voice-phishing technique where attackers impersonate employees in calls to IT help desks to gain system access.

The group published a leak site on the dark web on Friday listing around 40 allegedly hacked companies, though it remains unclear how many are Salesforce clients. Both Salesforce and the hackers declined to confirm whether any ransom demands had been made.

In a June report, Google’s Threat Intelligence Group (TAG)—which tracks the hackers as “UNC6040”—said the group had been highly effective at deceiving employees into installing modified versions of Salesforce’s Data Loader, a proprietary tool used to import large volumes of customer data.

Google researchers also noted that the attackers’ infrastructure overlaps with an amorphous cybercriminal network known as “The Com”, a loosely connected ecosystem infamous for social engineering, ransomware, and even violent activity.

The claims come amid an ongoing U.K. police investigation into the earlier wave of cyberattacks that disrupted retail operations nationwide. In July, authorities arrested four individuals under 21 suspected of involvement in the breaches.

While Salesforce’s denial suggests its core systems remain intact, the episode underscores a growing cybersecurity challenge: attackers are increasingly bypassing well-secured platforms by manipulating the humans who use them.

As digital ecosystems become ever more interconnected, the breach—real or exaggerated—illustrates how even the most secure cloud providers can be dragged into the fallout of their customers’ weakest link: trust.

UK Police Arrest Man Over Cyberattack That Disrupted European Airports

/in /tarafından

British police have arrested a man in connection with a ransomware attack on Collins Aerospace, a unit of RTX, that disrupted check-in systems at several European airports and caused widespread travel chaos.

The National Crime Agency (NCA) said the suspect, a man in his 40s, was detained on Tuesday on suspicion of violating the Computer Misuse Act. He has since been released on conditional bail.

“Although this arrest is a positive step, the investigation into this incident is in its early stages and remains ongoing,” said NCA Deputy Director Paul Foster.

Authorities have not yet identified which criminal group was behind the hack. Unlike many ransomware gangs that typically publicize their attacks and leak stolen data on dark web sites, monitoring groups said no organization has yet claimed responsibility for the Collins Aerospace breach.

Ransomware attacks involve malicious software that encrypts a company’s data, with criminals demanding payment to unlock it. Such groups usually try to avoid targets likely to draw heavy law enforcement attention.

The Collins Aerospace hack is the latest in a series of cyberattacks in Europe that have triggered serious offline disruptions. Jaguar Land Rover, Britain’s largest carmaker and owned by Tata Motors, announced this week it would extend factory shutdowns until October 1 after a separate hack left operations paralyzed.

Berlin airport, one of several affected by the Collins Aerospace incident, warned it could take several more days before secure and fully functional systems are restored.

British police have arrested a man in connection with a ransomware attack on Collins Aerospace, a unit of RTX, that disrupted check-in systems at several European airports and caused widespread travel chaos.

The National Crime Agency (NCA) said the suspect, a man in his 40s, was detained on Tuesday on suspicion of violating the Computer Misuse Act. He has since been released on conditional bail.

“Although this arrest is a positive step, the investigation into this incident is in its early stages and remains ongoing,” said NCA Deputy Director Paul Foster.

Authorities have not yet identified which criminal group was behind the hack. Unlike many ransomware gangs that typically publicize their attacks and leak stolen data on dark web sites, monitoring groups said no organization has yet claimed responsibility for the Collins Aerospace breach.

Ransomware attacks involve malicious software that encrypts a company’s data, with criminals demanding payment to unlock it. Such groups usually try to avoid targets likely to draw heavy law enforcement attention.

The Collins Aerospace hack is the latest in a series of cyberattacks in Europe that have triggered serious offline disruptions. Jaguar Land Rover, Britain’s largest carmaker and owned by Tata Motors, announced this week it would extend factory shutdowns until October 1 after a separate hack left operations paralyzed.

Berlin airport, one of several affected by the Collins Aerospace incident, warned it could take several more days before secure and fully functional systems are restored.

Jaguar Land Rover extends cyberattack shutdown to four weeks, costing £50m per week

/in /tarafından

Jaguar Land Rover (JLR), Britain’s largest carmaker, said it will keep its factories closed until October 1 following a cyberattack earlier this month that has paralyzed operations and rippled across the automotive supply chain. The shutdown, now stretching to four weeks, is costing the Tata Motors-owned luxury carmaker about £50 million ($68 million) per week, according to the BBC.

JLR runs three UK factories producing around 1,000 vehicles a day, including the popular Range Rover and Defender models. The outage has forced many of its 33,000 employees to stay home, while smaller suppliers are also struggling to cope with the disruption.

Adding to the fallout, industry sources told The Insurer that JLR was left without direct cyber insurance coverage, having failed to finalize a deal brokered by Lockton before the attack. The company has declined to comment on its insurance position or on who may be behind the breach.

Government ministers, including Peter Kyle and Chris McDonald, visited JLR on Tuesday to discuss recovery plans. McDonald said the government’s top priorities are “helping Jaguar Land Rover get back up and running as soon as possible and the long-term health of the supply chain.”

The shutdown underscores the UK’s broader vulnerability to ransomware and cyberattacks, which have recently hit major retailers like Marks & Spencer and Co-op, and even disrupted airport check-in systems across Europe. Official figures show more than 40% of UK businesses reported some form of cyber breach in the past year.

S&P Global’s latest survey shows JLR’s stoppage is already weighing on UK manufacturing output. With JLR’s supply chain supporting over 104,000 jobs, the Unite union has warned of potential layoffs and urged government support to protect workers and suppliers.

JLR said it is working on a phased restart plan, though the investigation into the attack continues. “We have made this decision to give clarity for the coming week,” the company said, stressing its focus on minimizing disruption to staff and partners.