NIKSUN, Inc.

06/19/2026

A Texas government data breach exposed sensitive identity data for more than 3 million people, including driver’s license information and passport numbers tied to the Texas Parks & Wildlife Department’s license system. The department said a security incident allowed hackers to access the department’s license system vendor, which processes hunting and fishing license sales. In addition to driver’s license and passport data, the breach also exposed email addresses, phone numbers, and residential addresses of affected license holders.

The incident is especially serious because it combines government identity data, physical addresses, and contact information — the exact mix attackers use for identity theft, phishing, fraud, account takeover, and targeted impersonation scams. It also shows how public agencies can be breached through their vendor ecosystem rather than their own front door. If a third-party licensing platform processes citizen data, the agency still owns the public trust, notification burden, regulatory exposure, and reputational damage when that vendor is compromised.

Preventing this kind of breach requires a unified government cybersecurity, vendor-risk, NPM, and infrastructure observability platform, like NIKSUN, that powers 100% visibility across agencies, third-party systems, applications, databases, identities, and network traffic. By consolidating L2–L7 monitoring, full packet capture, NetFlow/IPFIX, DNS, API telemetry, database activity monitoring, IAM logs, endpoint telemetry, SIEM, NDR, XDR, SOAR, and SNMP-based infrastructure management, agencies can detect abnormal vendor access, credential misuse, suspicious database queries, bulk data exports, and exfiltration in real time. With AI root-cause analysis, attack-path reconstruction, continuous compliance monitoring, automated containment, and immutable forensic timelines, teams can identify who was breached, how the attackers entered, what data was accessed, and how much left the environment.

Read more: https://www.linkedin.com/posts/dataleakage-dataleak-dataexfiltration-share-7473724010078375937-NtUS/

06/18/2026

Murray County has reportedly paid $200,000 to hackers after a ransomware attack disrupted county computer systems, forcing several offices into limited functionality after the incident was disclosed on Facebook on May 13. According to Commissioner Noah Bishop, most computers have now been restored and the county is tightening security measures. The ransom was paid with the goal of preventing county data from being published.

The payment highlights the painful reality facing local governments: ransomware is not just an IT outage — it is an operational, financial, legal, and public-trust crisis. County systems often support tax records, permits, court services, law enforcement workflows, payroll, citizen records, and other essential services. Even though Murray County said reserves allowed the payment, the larger issue is that many agencies still lack the visibility needed to detect ransomware early, stop lateral movement, confirm what data was accessed, and avoid being forced into ransom decisions under pressure with payments made in absence of a full guarantee data will still not be disclosed.

Preventing incidents like this requires a unified ransomware defense, network monitoring, and infrastructure observability platform, like NIKSUN, that delivers complete L2–L7 visibility across endpoints, servers, users, applications, and network traffic. By consolidating full packet capture, NetFlow/IPFIX, DNS, endpoint telemetry, identity logs, file access activity, backup system monitoring, SIEM, NDR, XDR, SOAR, and SNMP-based infrastructure management, county IT teams can trace ransomware from initial infection to lateral movement, privilege escalation, data staging, exfiltration, and encryption. With AI root-cause analysis, automated containment, immutable forensic timelines, SLA monitoring, and agentic remediation, local governments can reduce MTTR, protect public services, prove what happened, and avoid letting attackers dictate the cost of recovery.

Read more:

Murray County has reportedly paid $200,000 to hackers after a ransomware attack disrupted county computer systems, forcing several offices into limited functionality after the incident was disclosed on Facebook on May 13. According to Commissioner Noah Bishop, most computers have now been restored a...

06/17/2026

Kodak has confirmed a data breach after ShinyHunters claimed it stole more than 2.2 million records containing customer PII and internal corporate data. Kodak said an unauthorized third party gained temporary access to a “limited amount” of company data. But the gap between Kodak’s statement and ShinyHunters’ claim is the real story: the company says the exposure was limited, while the extortion group claims millions of records were compromised and is threatening to leak the data.

That discrepancy is exactly what happens when organizations lack 100% visibility across their network, applications, SaaS platforms, identities, and data flows. If a company cannot immediately confirm whether attackers breached the internal network, which systems were accessed, how they got in, how long they were inside, what data was copied, and whether exfiltration occurred, it is operating from partial evidence while attackers control the narrative. ShinyHunters has repeatedly targeted enterprise data sources including Salesforce, Snowflake, third-party integrations, and Oracle PeopleSoft environments, making it critical for organizations to monitor not just endpoints, but SaaS access, API activity, database queries, identity abuse, lateral movement, and outbound data transfer.

Incidents like this demand a unified cybersecurity and infrastructure observability platform with complete L2–L7 visibility, full packet capture, NetFlow/IPFIX, DNS, identity logs, SaaS audit trails, database activity monitoring, endpoint telemetry, and SNMP-based infrastructure management in one forensic data lake like NIKSUN. With AI root-cause analysis, data exfiltration detection, NDR, SIEM, XDR, SOAR, UEBA, attack-path reconstruction, and agentic remediation, teams can answer the questions Kodak-style investigations struggle with: who was breached, when, how, through which system, what data was touched, how much left the environment, and what must be contained now.

Read more: https://www.linkedin.com/posts/dataleakage-dataleak-dataexfiltration-share-7472997061265817600-SGcM/

06/16/2026

Nintendo may be facing a new alleged data breach involving TINYpulse systems, after a hacker using the handle SHADOWBYT3$ claimed this week to have obtained almost a gigabyte of data. The claim has not yet been independently verified, but the allegedly exposed information appears to focus on employee and workplace data, including employee names, email addresses, surveys, analytics reports, workplace feedback, employee progress records, bank statement PDFs, and W-9 forms. Because TINYpulse is tied to employee engagement and workplace feedback, the claimed dataset could expose sensitive HR, financial, and internal sentiment data.

Employee feedback platforms often contain candid workplace comments, organizational analytics, manager reviews, HR workflows, payroll-adjacent documents, and identity information that can be weaponized for phishing, social engineering, payroll fraud, insider targeting, and reputational damage. For Nintendo, the claim also lands against a history of high-profile gaming-sector leaks, including the 2020 “Gigaleak” and the 2024 Game Freak “Teraleak,” which exposed employee data and Pokémon-related development material. Even unverified breach claims can create trust, legal, and brand risk when they involve employees and third-party SaaS providers.

The only solution is for organizations to have 100% observability across third-party applications, systems, endpoints, users, and data movement. By correlating SSO/IAM logs, SaaS audit trails, API activity, endpoint telemetry, DNS, NetFlow/IPFIX, full packet capture, DLP signals, UEBA, and L2–L7 network analytics into a single platform like NIKSUN, security teams can detect abnormal access to HR platforms, bulk downloads, suspicious API calls, credential misuse, and outbound exfiltration. With this approach, organizations can protect employee data, enforce least privilege, reduce vendor risk, and prove exactly what was accessed before a leak claim becomes a crisis.

Read more: https://www.linkedin.com/posts/dataleakage-dataleak-dataexfiltration-share-7472623935969370112-iHTh/

06/15/2026

HSBC’s Hong Kong mobile banking apps went down this week, leaving customers unable to access digital banking services today. Users initially saw an error message saying access was restricted until HSBC had a valid email address and mobile number, before the message changed to say the issue was temporary and restoration work was underway. HSBC later apologized for the disruption. The outage also reportedly affected Hang Seng Bank apps, coming after HSBC completed its HK$14 billion acquisition of Hang Seng Bank earlier this year.

For Hong Kong’s largest lender, with roughly seven million customers in the city, mobile banking uptime is not optional — it is a foundational part of each customer's experience. This was HSBC’s second digital banking outage this year, after online services and banking apps were down for several hours in January. Repeated outages can quickly erode trust, especially when consumers and businesses depend on mobile apps for payments, transfers, account access, cash-flow management, and time-sensitive financial decisions. In banking, every minute of downtime can create customer frustration, operational pressure, regulatory attention, and reputational risk.

Preventing incidents like this requires a unified Network Performance Monitoring, infrastructure observability, and digital banking assurance platform, like NIKSUN, that delivers complete L2–L7 visibility across mobile apps, APIs, authentication systems, payment workflows, databases, servers, and the underlying network. By combining packet capture, NetFlow/IPFIX, DNS, API telemetry, transaction performance monitoring, synthetic monitoring, real-user monitoring, logs, traces, and SNMP-based infrastructure management, banks can immediately determine whether the failure is in the network layer, application layer, identity service, server infrastructure, database, or third-party dependency. With AI root-cause analysis, automated correlation, SLA monitoring, and proactive remediation, financial institutions can reduce MTTR, protect uptime, and deliver the always-on digital banking experience customers expect.

Read more:

06/11/2026

Lyft experienced a possible service outage this week, with thousands of users reporting issues to Downdetector. Most complaints centered on the mobile application, which is critical to the rideshare experience because riders and drivers depend on the app for ride requests, driver matching, location tracking, pricing, payments, and trip status updates.

For a rideshare platform, even a partial mobile app outage can quickly disrupt revenue, customer trust, driver earnings, and marketplace liquidity. If riders cannot request trips or drivers cannot accept them, the platform’s two-sided marketplace breaks down in real time. These incidents can stem from many layers: mobile app errors, API failures, authentication problems, cloud infrastructure issues, payment-service latency, geolocation services, or network congestion between users, edge services, and backend systems.

Preventing and resolving outages like this requires a unified NPM, APM, TPM, Digital Experience Monitoring, and full-stack observability platform, like NIKSUN, that brings L2–L7 packet analytics, NetFlow/IPFIX, API traces, mobile app telemetry, logs, events, synthetic transactions, real-user monitoring, and SNMP-based infrastructure management into one data lake. In Lyft’s case, that unified visibility would let NetOps and SRE teams trace a failed ride request from the mobile app to the API gateway, dispatch service, map/location system, payment workflow, network path, and backend infrastructure — pinpointing whether the root cause is in the network layer, application layer, transaction flow, or server infrastructure. With AI root-cause analysis and automated remediation, platforms can reduce MTTR, protect uptime, and maintain the always-on digital experience users expect.

Read more:

Lyft experienced a possible service outage this week, with thousands of users reporting issues to Downdetector. Most complaints centered on the mobile application, which is critical to the rideshare experience because riders and drivers depend on the app for ride requests, driver matching, location....

06/10/2026

ServiceNow is warning customers about a security incident involving an unauthenticated API flaw that let attackers query data from customer instances. ServiceNow has not disclosed details, but admins pointed to /api/now/related_list_edit/create, reportedly tied to requires_authentication=false. ServiceNow confirmed attackers queried customer tables.

The risk is serious because ServiceNow often stores high-value operational data: IT tickets, employee records, asset inventories, internal documentation, incident reports, workflow data, configuration details, credentials, API tokens, and troubleshooting secrets. The issue appears to affect customers on the specific releases with certain configuration changes. Admins shared indicators including 51.159.98.241; organizations must review logs for /api/now/related_list_edit, rotate exposed credentials or tokens, and validate API logging. This is a core SaaS blind spot: attackers may not need to breach the corporate network if a workflow platform exposes sensitive tables.

Stopping attacks like this requires a unified SaaS security and API observability data lake that consolidates ServiceNow audit logs, API telemetry, IAM/SSO events, ticket access records, database activity, endpoint telemetry, DNS, NetFlow/IPFIX, packet capture, and L2–L7 session analytics. With API security monitoring, SaaS posture management, data access governance, NDR, SIEM, XDR, SOAR, AI root-cause analysis, and agentic remediation, teams can detect unauthenticated API access, abnormal table queries, exposed secrets, and suspicious data movement. A platform like NIKSUN that powers 100% visibility across SaaS, identity, applications, and network traffic turns hidden API misconfigurations into actionable intelligence — blocking access and preserving a forensic audit trail.

Read more: https://www.linkedin.com/posts/dataleakage-dataleak-dataexfiltration-share-7470463835162890240-7SCj/

06/08/2026

DentaQuest, one of the largest dental benefits administrators in the U.S., has been hit by a major ShinyHunters “pay-or-leak” extortion incident. After failed negotiations, ShinyHunters published a 234 GB archive allegedly stolen from DentaQuest, potentially affecting 2.6 million individuals. DentaQuest confirmed unauthorized access to a portion of its network and is working with forensic investigators and law enforcement to determine the scope of the breach.

The leaked data reportedly includes 2.6 million unique email addresses, along with names, phone numbers, addresses, healthcare enrollment records, member files, and in some cases Medicaid IDs. This scope makes this far more serious than a basic contact-data breach: dental benefits data can be used for medical identity theft, Medicaid fraud, phishing, social engineering, and targeted impersonation scams. The incident also fits ShinyHunters’ broader pattern of attacking large organizations through SaaS platforms, stolen credentials, voice phishing, Salesforce, Okta, and Microsoft 365 environments, then using public leak sites to pressure victims.

Stopping breaches like this requires a unified healthcare cybersecurity data lake, like NIKSUN, that consolidates SIEM, NDR, XDR, SOAR, identity monitoring, SaaS security, database activity monitoring, API logs, endpoint telemetry, NetFlow/IPFIX, DNS, and full packet capture into one platform with 100% visibility across PHI, PII, users, applications, and network traffic. With this architecture, security teams can detect bulk data exports, credential abuse, abnormal SaaS access, and outbound exfiltration before stolen healthcare records reach the dark web. For benefits administrators handling Medicaid, CHIP, Medicare Advantage, and commercial-plan data, unified visibility is essential to protect members, prove compliance, and stop extortion-driven breaches before they become public leaks.

Read more:

DentaQuest, one of the largest dental benefits administrators in the U.S., has been hit by a major ShinyHunters “pay-or-leak” extortion incident. After failed negotiations, ShinyHunters published a 234 GB archive allegedly stolen from DentaQuest, potentially affecting 2.6 million individuals. De...

06/05/2026

Lloyds Banking Group suffered a major app and online banking outage that locked customers out of accounts across Lloyds, Halifax, and Bank of Scotland for several hours this week. Users were unable to access mobile banking, complete bill payments, transfer funds, or make urgent business payments, with thousands of complaints appearing on Downdetector. The disruption quickly became a real-world business issue, with customers on X warning of potential supplier payment failures, cash-flow disruption, and loss of business before Lloyds confirmed services had been restored and apologized.

The outage comes only months after a separate March 12 software defect caused transaction data from roughly 447,000 customers to be incorrectly shared with other users, resulting in more than £200,000 in compensation to 5,250 affected customers. Back-to-back failures create a serious reputational problem for a major banking group whose customers increasingly depend on always-on digital channels. For financial institutions, digital availability is now inseparable from trust: repeated outages can trigger customer churn, regulatory scrutiny, SLA pressure, and loss of confidence among businesses that rely on real-time payment access.

To prevent and resolve incidents like this faster, banks need a unified digital banking observability platform that consolidates NPM, APM, TPM, log analytics, infrastructure monitoring, synthetic monitoring, real-user monitoring, and SNMP-based device health into one high-fidelity data lake. With complete L2–L7 visibility, teams can trace a failed transaction from mobile app login to API call, authentication service, payment rail, database response, network path, and server infrastructure — immediately identifying whether the issue is in the application layer, network layer, middleware, cloud, or underlying hardware. By combining AI root-cause analysis, performance monitoring, packet-level forensics, and automated NetOps workflows, banks can reduce MTTR, protect uptime, meet digital banking SLAs, and turn infrastructure reliability into a competitive advantage.

Read more:

Lloyds Banking Group suffered a major app and online banking outage that locked customers out of accounts across Lloyds, Halifax, and Bank of Scotland for several hours this week. Users were unable to access mobile banking, complete bill payments, transfer funds, or make urgent business payments, wi...

06/03/2026

Family Medicine Centers in Texas has agreed to a $2,150,000 settlement to resolve claims from a July 2022 data breach affecting 233,948 patients. Unauthorized actors accessed systems containing PII and protected health information (PHI), including Social Security numbers and health records. The consolidated lawsuit alleged inadequate security measures, with claims spanning negligence, breach of fiduciary duty, and unjust enrichment. The settlement provides up to $5,000 per class member for documented losses or an estimated $75 alternative payment, plus two years of medical data monitoring.

Healthcare remains one of the most targeted and costly sectors for breach litigation. PHI commands a premium on dark web markets because it cannot be reissued like a credit card, and HIPAA treats its exposure with particular severity. For smaller providers, the financial exposure is disproportionate: a breach affecting a few hundred thousand patients can generate multi-million-dollar settlements, OCR enforcement, and lasting reputational damage. Compounding the problem, healthcare networks run a mix of EHRs, imaging platforms, patient portals, and connected devices — each with its own logging and network footprint — making intrusions hard to detect in time to limit scope.

Reducing exposure requires unified visibility across endpoints, identity systems, network flows, and packet-level data, paired with encryption and HIPAA-aligned access controls. Effective controls include behavioral analytics on clinical system access, baselining of data movement between EHRs and downstream applications, and full packet capture with long retention for forensic reconstruction. Unified platforms like NIKSUN — which consolidate packets, flows, logs, events, and threat intelligence into a single data lake with AI-driven analytics and forensics — give healthcare security teams the context needed to detect unauthorized PHI access in progress and produce the evidence regulators and plaintiffs demand.

Read more:

Family Medicine Centers in Texas has agreed to a $2,150,000 settlement to resolve claims from a July 2022 data breach affecting 233,948 patients. Unauthorized actors accessed systems containing PII and protected health information (PHI), including Social Security numbers and health records. The cons...