Cybersecurity News Report (April 2–9, 2025) 

Texas State Bar Data Breach: The State Bar of Texas (the US’s second-largest bar association) disclosed a major data breach after the INC ransomware gang infiltrated its network between late January and early February​. Hackers stole sensitive files – including confidential legal case documents and members’ personal information such as Social Security and driver’s license numbers – before leaking samples on a dark web extortion site​. The breach, discovered on Feb. 12, prompted the bar to notify over 2,700 affected individuals and offer credit monitoring, though officials say they’ve seen no evidence of fraud yet​. INC ransomware claimed responsibility on March 9, and cybercriminals have published some stolen data to pressure the bar​. 

Port of Seattle Ransomware Breach: Washington State’s Port of Seattle (which oversees Seattle-Tacoma International Airport and maritime operations) revealed that a fall 2024 ransomware attack by the Rhysida gang led to a significant data breach​. The incident – detected on August 24, 2024 – forced some port systems offline but did not disrupt airport or seaport operations​. An investigation found hackers accessed and downloaded personal information of roughly 90,000 individuals, including about 71,000 Washington residents, from old employee, contractor, and parking databases​. The compromised data includes names, dates of birth, Social Security numbers (or last 4 digits), driver’s license numbers, and limited medical information​. Port officials, with law enforcement and cybersecurity experts, contained the breach and began notifying victims this week, offering free credit monitoring to those affected​. Rhysida ransomware operators were identified as the culprits, according to security analysts​. 

Ransomware Disrupts Tribal Services in Minnesota: A cyberattack struck the Lower Sioux Indian Community in Minnesota, crippling the tribe’s government center, healthcare clinic, and Jackpot Junction casino for several days​. Starting around March 28, tribal officials reported phone systems, email, and even casino slot machines went down, forcing the community to activate incident response plans and take systems offline​. The RansomHub ransomware gang claimed responsibility on April 1, listing the tribe on its leak site and continuing a pattern of attacks on Native American organizations (the same group hit the Sault Ste. Marie Chippewa tribe in Michigan in February)​. The attack “wiped out” digital services – halting hotel reservations and electronic gaming – but the tribe is working with third-party experts to restore operations​. RansomHub has recently risen to prominence after crackdowns on larger ransomware groups, and is known for deploying an “EDRKillShifter” malware to disable victims’ security software​. Law enforcement is investigating as the community gradually brings critical systems back online. 

Royal Mail & Samsung Customer Data Breach via Vendor: Britain’s Royal Mail and Samsung’s German unit are embroiled in a supply-chain data breach after a vendor, Spectos, was compromised by hackers. A hacking group calling itself GHNA announced it stole 144GB of Royal Mail data by exploiting Spectos’ access, posting on BreachForums that it exfiltrated 293 folders with 16,549 files containing customer names, addresses, phone numbers, package details, and other delivery records​. The leaked trove even includes a Mailchimp mailing list, a WordPress database, and recorded Zoom meetings between Royal Mail and Spectos​. Royal Mail confirmed its third-party supplier was hit and that postal operations remain unaffected as an investigation is underway​. Using the same Spectos credentials, the attackers also grabbed data from Samsung Germany, claiming to have 270,000 customer service tickets with personal details (names, contact info, device models, etc.) spanning multiple years​. Cybersecurity researchers believe an old Spectos infostealer malware infection (Raccoon, dating to 2021) may have given the hackers employee passwords used in these breaches​. Both Royal Mail and Samsung are notifying affected customers while German and UK authorities probe the vendor-based intrusion. 

Dental Provider Breach Exposes Patient Data: Chord Specialty Dental Partners, a dental service organization supporting over 60 practices across the U.S., confirmed a data breach impacting approximately 173,000 individuals​. Attackers gained access to several employee email accounts between Aug. 19 and Sept. 25, 2024, and remained undetected, siphoning sensitive data stored in mailboxes​. An internal investigation revealed the compromised emails contained a wide array of personal and health information: full names, birth dates, addresses, bank account and routing numbers, driver’s license and Social Security numbers, health insurance details, and medical records of patients​. The Tennessee-based company said there’s no sign (so far) that the stolen data has been misused​, but it cannot rule out the risk. Chord has directly notified potentially affected patients and employees, is offering free identity protection and credit monitoring, and has bolstered email security measures​. Regulators have been informed as the firm works to determine the full scope of the incident. 

Europcar Confirms Source Code Theft and Customer Data Leak: Multinational car rental company Europcar Mobility Group fell victim to a cyberattack in late March, in which a hacker breached its GitLab repositories and stole extensive data​. The attacker, operating under Europcar’s name on a dark forum, exfiltrated 37GB of data – including the source code for the company’s Android/iOS mobile apps, over 9,000 SQL database files, and 269 configuration files containing API keys and secrets​. They threatened to publish the trove if not paid, effectively attempting to blackmail the firm​. Europcar has since confirmed the breach and is assessing damage, noting that while some source code was stolen, a portion of its repositories remained untouched​. Initial findings indicate the exposed customer data was limited to names and email addresses of users of its subsidiaries (Goldcar and Ubeeqo), affecting an estimated 50,000–200,000 clients (some records dated as far back as 2017)​. No sensitive financial information (like payment or license details) was compromised, and Europcar is notifying all impacted customers and regulators​. Cybersecurity experts suspect the breach may have been enabled by stolen credentials from an infostealer malware infection, a growing vector in recent attacks​. 

Bank Data Exposed via Ransomware at Printing Vendor: Singapore’s largest bank DBS and the local branch of Bank of China (BoC) warned that a ransomware attack on their third-party printing vendor Toppan Next Tech (TNT) may have compromised thousands of customers’ personal data​. On April 5, DBS was alerted that TNT – which prints account statements and letters – had been hit by ransomware, and investigators found that around 8,200 DBS customers and 3,000 BoC customers could be affected​. The exposed information comes from banking statements sent out in late 2024 and early 2025 and includes customers’ names, mailing addresses, and in some cases account or loan numbers and details of securities holdings​. DBS stressed that its own systems were not breached and that no passwords, ID numbers, or financial balances were in the files sent to TNT​. Both banks have halted work with the vendor and are contacting affected clients as a precaution​. Singapore’s Cyber Security Agency and central bank (MAS) are investigating the incident and advising on containment, as TNT works to determine if the encrypted data was accessed by the attackers​. 

Ransomware Hits Idaho County Government: Gooding County, Idaho announced that an unauthorized actor breached its county computer network in a March 25 ransomware attack, potentially stealing residents’ personal information​. County officials detected the cyberattack in late March and, by April 4, concluded that the intruders had likely acquired personal data from county systems​. In a notice to those affected, Gooding County did not specify how many individuals were impacted or exactly what data was taken, but it is offering free credit monitoring – a step typically indicating that sensitive identifiers (like Social Security numbers) were involved​. The county has engaged law enforcement and cybersecurity specialists and is cooperating with the Idaho Attorney General’s Office​. As of this week, no ransomware gang has publicly claimed responsibility for the attack. Gooding County joins a string of U.S. local governments hit by ransomware in 2025, underscoring the ongoing risk to public sector IT infrastructure​. 

Cyberattack Delays Death Penalty Case in Arizona: A ransomware attack on the Arizona Federal Public Defender’s Office disrupted a high-profile death penalty proceeding, after the hack wiped out critical legal files​. The office’s network was infected late last week, erasing access to case databases – including a nearly finished 25-page brief – for inmate Ralph Menzies’ mental competency hearing​. Public defenders were forced to shut down all systems and were barred from even using personal devices for work as IT staff assessed the damage​. With key records inaccessible, defense attorneys requested (and were granted) an extension until April 18 to rebuild the brief, while Arizona’s prosecutors offered to provide copies of evidence files from their own records to assist​. The ransomware incident has effectively postponed court arguments – originally set for April 18 – to early May​. Investigators have not disclosed which ransomware group was behind the attack. The breach highlights the real-world consequences of cyberattacks on justice system agencies, as the delay slows resolution for a case that has already been ongoing for decades​. 

Czech Prime Minister’s X Account Hacked for Disinformation: Czech Prime Minister Petr Fiala reported that his official account on X (Twitter) was hijacked on April 8 by an unknown actor “from abroad” who posted false messages about a fake Russian attack​. Despite Fiala’s use of two-factor authentication, the attacker managed to gain control of the account (which has 366,000+ followers) and published a hoax claim that Russian forces had attacked Czech troops near Kaliningrad, along with another bogus post about Czech retaliatory tariffs on the US​. The disinformation posts – which even included a live-stream link that turned out to be a static image – were quickly removed, and Fiala’s team restored access to the account the same day​. A spokesperson said the breach may have involved someone with administrative access to both the PM’s account and his party’s account (which was also affected), raising questions about the method used to bypass 2FA protections​. Czech police are investigating the incident as a possible criminal offense, and officials noted it comes amid heightened Russian cyber disinformation campaigns against pro-Ukraine governments in Europe​. The Czech government has been a strong supporter of Ukraine, and this hack-and-fake-post attack appears intended to sow panic or confusion domestically​. 

School District Network Breach in Massachusetts: Fall River Public Schools in Massachusetts announced a cybersecurity incident this week after IT staff discovered unauthorized access to parts of the district’s internal network​. The breach was detected on Monday (April 7) by the district’s Chief Information Officer, who noticed suspicious activity in the school system’s servers​. The district immediately enlisted third-party cybersecurity experts and notified law enforcement to help contain the intrusion and investigate its scope​. So far, officials say there is no evidence that any student or staff personal data (such as academic records or personal identifiers) was accessed or stolen​. As a precaution, the school’s network was partially shut down while defenses are being strengthened, and the superintendent emphasized the commitment to protecting student data privacy​. The incident remains under forensic investigation, and further updates will be provided if analysis finds any breach of sensitive information​. 

Ransomware Hits Taiwanese Tech Manufacturer: Optimax Technology Corp, a Taiwan-based manufacturer of LCD components, suffered a significant ransomware attack on April 5 that has put its proprietary data at risk​. The Qilin ransomware group (also known as “Agenda”) claimed responsibility, listing Optimax on its extortion site and alleging it stole over 300 GB of files from the company’s network​. Optimax, which produces polarizer films for screens, has not publicly detailed the impact, but security researchers note that Qilin’s modus operandi involves exfiltrating large quantities of sensitive corporate data before encryption​. The leaked information, if released, could include intellectual property or business confidential data given the company’s role in the electronics supply chain. This attack underscores how East Asian manufacturing firms are increasingly targeted by ransomware gangs seeking valuable industrial data. Taiwanese authorities have been alerted, and incident response efforts are underway as Optimax works to contain the damage and determine the extent of the compromise. 

Coordinated Hacks on Australian Pension Funds: A coordinated cyber-attack has struck several of Australia’s largest pension (superannuation) funds, compromising more than 20,000 retirement accounts and even leading to fraudulent withdrawals​. Australia’s National Cyber Security Coordinator confirmed that cybercriminals targeted user login credentials for multiple funds in late March, prompting a cross-agency incident response​. AustralianSuper – the nation’s biggest pension fund with 3.5 million members – revealed that hackers drained a total of about A$500,000 (USD $330,000) from four member accounts before the suspicious transactions were noticed​. Other major funds, including Australian Retirement Trust, Rest, Insignia, and Hostplus, also confirmed breaches or unusual login activity affecting their members​. The attack appears to exploit weaknesses in customer online portals: one fund (Rest) said it detected unauthorized access to around 1% of its members’ accounts (~20,000 people) over the weekend of March 29–30​. The Australian government has briefed Prime Minister Albanese and is coordinating with financial regulators to safeguard the A$4.2 trillion superannuation sector​. Impacted funds have frozen affected accounts, enhanced authentication measures, and urged all members to monitor for irregularities​, as investigations continue into the attackers’ identities (believed to be financially motivated cybercriminals rather than nation-state actors). 

US Banking Regulator Breach Exposes Sensitive Data: The U.S. Treasury’s Office of the Comptroller of the Currency (OCC) – which oversees national banks – alerted Congress to a “major security breach” in which hackers accessed OCC email accounts and stole confidential supervisory information​. In a statement on April 8, the OCC said that several executives and staff had their emails hacked due to longstanding unpatched vulnerabilities in the agency’s Microsoft Exchange email system​. The incident, first discovered on Feb. 11, involved unauthorized access to highly sensitive data on banks’ financial conditions, likely including examination reports and other regulatory communications​. The OCC disclosed the breach publicly in late February but initially claimed there was no sign of impact on the broader financial sector​. Now, further internal investigation has revealed the depth of the compromise, leading the regulator to brief U.S. lawmakers given the critical nature of the information exposed​. The agency has since remediated the known vulnerabilities, and while officials have not attributed the attack publicly, the breach of a federal bank regulator’s systems raises concerns of possible nation-state espionage. The Treasury Department, along with CISA, is working to ensure no banking operations were affected and to prevent such email system intrusions going forward​. 

Massive Data Leak Hits Moroccan Government Institutions: Moroccan authorities are investigating a massive cyberattack that hit the Ministry of Employment and the country’s social security administration (CNSS), resulting in a leak of personal data on possibly millions of citizens​. The breach came to light on April 8 when troves of data on employees from numerous Moroccan companies (including critical infrastructure firms) were posted online and began circulating on social media​. A hacker group calling itself “JabaROOT” – claiming Algerian affiliation – took credit via a Telegram channel, though officials have not confirmed the attackers’ identity​. According to local reports, the leaked files may include sensitive details of nearly 2 million employees across some 500,000 Moroccan businesses​. Exposed records contain names, salary information, bank account numbers, email addresses, national ID numbers, and other HR data – even for high-ranking officials​. In a public statement, the CNSS admitted it was “targeted by a series of cyberattacks” that led to a data spill, though it noted some leaked documents appeared falsified or doctored​. The agency says it has now contained the intrusion vector and reinforced its systems, while also referring the incident to prosecutors and warning that sharing the stolen data (which could be mixed with disinformation) is a criminal offense in Morocco​. The attack, unprecedented in scale for the country, comes amid tense relations between Morocco and Algeria, and is being closely monitored by cybersecurity authorities in the region. 

Student Data Leaked in Mexican Schools Cyberattack: An unprecedented cyber campaign has hit Mexico’s public education sector, exposing confidential data from at least four public schools and raising alarm about broader system vulnerabilities​. Personal information on more than 5,000 individuals – including students (mostly minors), teachers, and administrators – was leaked online after hackers breached databases of several technical high schools (CBTis 76, 153, 154 and CETis 44, all under the federal Education Ministry)​. The stolen records include names, Mexico’s CURP ID numbers, dates of birth, phone numbers, email addresses, academic details (school, class group, schedule) and even marital status of staff and students​. A threat actor using the alias “marssepe” claimed responsibility, bragging on cybercrime forums and referencing previous attacks (including a recent hack of Yucatán’s public transit system)​. The leaked dump was accompanied by messages name-dropping the “Cártel de Caborca” and other hacker handles like “APAJ,” potentially as misdirection or to imply involvement of organized crime​. Analysts who reviewed the data suggest the breach likely came from the central IT infrastructure of Mexico’s DGETI (General Directorate of Industrial Technological Education), indicating that the attackers penetrated the national education network’s core servers​. Mexico’s Secretariat of Public Education (SEP) is investigating and working with cybersecurity experts like Nicolás Azuara to assess the damage​. There is concern that more schools or departments could be targeted in coming days, as this attack seems to be part of a wider campaign putting the entire public school IT system “at risk”​. Authorities have not commented on any ransom demand; their focus is on containing the breach and protecting the affected students and staff going forward. 

BleepingComputer
⁠SecurityWeek
⁠The Record by Recorded Future
⁠Dark Reading
⁠CyberNews
⁠CyberScoop
⁠GovInfoSecurity
⁠DataBreaches.net
⁠The Hacker News
⁠SC Media
⁠Krebs on Security
⁠Wired
⁠Ars Technica
⁠Threatpost
⁠Help Net Security
⁠Naked Security by Sophos
⁠Security Affairs
⁠SiliconANGLE
⁠CybersecAsia
⁠ITNews Australia
⁠TechWire Asia

Mainstream and Business Media
⁠Reuters
Bloomberg
⁠CNBC
⁠The Wall Street Journal (WSJ)
⁠Financial Times (FT)
⁠CNN
⁠The Washington Post
⁠Los Angeles Times
⁠The Telegraph
⁠BBC
⁠The Guardian
⁠ABC Australia
⁠The Australian
⁠Al Jazeera
⁠France 24
⁠Le Monde
⁠Les Échos
⁠Spiegel
⁠Die Welt
⁠Tagesschau
⁠Handelsblatt
⁠Der Standard
⁠Corriere della Sera
⁠El País
⁠La Vanguardia
⁠El Universal (Mexico)
⁠Excélsior
Milenio
⁠Clarín
⁠Infobae
⁠NHK
⁠Asahi Shimbun
⁠The Japan Times
⁠Yomiuri Shimbun
⁠Chosun Ilbo
⁠The Korea Herald
⁠Yonhap News
⁠Straits Times
⁠Channel News Asia
⁠South China Morning Post
⁠China Daily
⁠Global Times

Regional & Local Publications
⁠OregonLive
⁠The Seattle Times
⁠Dallas Morning News
⁠Star Tribune
⁠Idaho Statesman
⁠AZ Central
⁠Boston Globe
⁠Novinky.cz
⁠Lidovky.cz
⁠Actu Orange
⁠Jornal de Notícias
⁠Publico.pt
⁠G1 Globo
⁠Morocco World News
⁠Arab News
⁠Middle East Eye
⁠Punch Nigeria
The Citizen (Kenya)
⁠Business Daily Africa
⁠News24 (South Africa)
⁠Stuff (New Zealand)
⁠New Zealand Herald
⁠Bangkok Post
⁠VietnamNet
⁠Tempo.co
⁠Rappler
⁠Malaysiakini
⁠The Star (Malaysia)
⁠⁠Financial Express (India)
⁠Dawn (Pakistan)
⁠GEO News
⁠BDNews24.com