Supply chain

Exposed by the database were customers' full names, birthdates, ages, genders, marital status, account IDs, occupations, phone numbers, physical addresses, premium amounts and annuities, and policy types, as well as employees' names, email addresses, MLGA/RGA names and emails, and years in service, according to SafetyDetectives researchers.

Such data compromise may have been achieved through an intrusion against a third-party supplier, which did not have any access to billing or financial details, according to TalkTalk Head of External Communications Liz Holloway, who did not name the supplier and noted that the incident could not be confirmed until the external vendor's investigation is finalized.

The company, which operates equipment in each U.S. state and serves over 700 networks, has faced criticism for vulnerabilities in its firmware flagged by the Cybersecurity and Infrastructure Security Agency.

What’s in store for appsec in 2025? Sure, there'll be some XSS and SQL injection, but what about trends that might influence how appsec teams plan? Cody Scott shares five cybersecurity and privacy predictions and we take a deep dive into three of them. We talk about finding value to appsec from AI, why IoT and OT need both programmatic and technica...

All demographic information belonging to students and teachers dating back to a school district with almost 9,000 pupils' initial installation of PowerSchool have also been accessed as a result of the hack, according to a source close to the matter, who noted PowerSchool's lack of multi-factor authentication and other standard security defenses.

Aside from leaking stolen data by Saturday, Clop also warned of revealing additional companies affected by the attacks on Tuesday, indicating that the toll of the Cleo compromise — which Clop claims to include Blue Yonder, Hertz, Chicago Public Schools, Western Alliance Bank, and Nissin Foods — may have been higher than initially reported.

Aside from banning the inclusion of Vehicle Connectivity System software and hardware, as well as Automated Driving System software developed by Chinese and Russian vendors in vehicles sold in the U.S., both China- and Russia-linked automobile manufacturers have also been barred from selling cars with such tech within the country.