The Week in Breach News: 04/09/25 – 04/15/25  

Exploit: Ransomware

Industry: Manufacturing

Sensata Technologies, a global supplier of industrial and automotive technology, has confirmed a ransomware attack that disrupted several key operations earlier this week. According to a regulatory filing, the Sunday attack encrypted devices across the company’s network, temporarily impacting shipping, receiving, manufacturing and other support functions. Sensata has implemented interim measures to restore some operations, though a full recovery timeline remains unclear. The Massachusetts company also confirmed that certain files were removed from its network. While Sensata has admitted that the attack has had a serious impact on production, the company maintains that it does not anticipate a material impact on its Q2 financial results. The breach remains under investigation.

Exploit: Hacking

Industry: Government

The U.S. Treasury Department’s Office of the Comptroller of the Currency (OCC) has confirmed a major incident involving a breach of its email system. Discovered on February 12, 2025, the breach affected 103 accounts, including those of executives and staff. Hackers accessed sensitive financial data related to federally regulated financial institutions, with approximately 150,000 emails compromised between May 2023 and February 2025. The breach was initially flagged by Microsoft, and while the OCC found no direct impact on the broader financial sector, the compromised emails contained critical oversight information.

Exploit: Hacking

Industry: Government

Oregon’s Department of Environmental Quality (DEQ) shut down its networks and vehicle inspection stations on Wednesday, April 2, in response to a cyberattack, the agency announced. The closure is expected to last for several days as investigators work to contain and eliminate the threat. According to a statement released Wednesday morning, the state’s Enterprise Information Services is leading the investigation, while Oregon DEQ isolates its servers and network to prevent further damage. A DEQ spokesperson told KOIN 6 News that all vehicle inspection stations statewide are affected by the shutdown. However, the agency’s public portal, MyDEQOnline, remains operational, as it is hosted on a separate server.

Exploit: Third-Party Breach

Industry: Retail

A hacker known as “Satanic” claims responsibility for multiple data breaches this week, including a data breach involving WooCommerce, affecting over 4.4 million records from major organizations, including NVIDIA, Texas.gov and NIST. The breach, allegedly occurring on April 6, 2025, did not target WooCommerce’s core infrastructure directly but instead exploited third-party integrations like CRM and marketing tools tied to websites using the platform. The compromised data includes customer and company information, such as emails, phone numbers, physical addresses and business data like sales revenue, employee counts and platform usage. The breach also involves metadata on corporate websites, including details about technology stacks, payment solutions and hosting providers. The hacker shared a sample showing data from high-profile entities, with many entries referencing WordPress CMS, WooCommerce and integrations with platforms like Salesforce and PayPal. WooCommerce has clarified that the breach was not a result of a direct attack on its platform but likely stems from exposed APIs or vulnerable third-party systems.

Exploit: Third-Party Breach

Industry: Retail

A hacker known as “Satanic ” has also claimed responsibility for a data breach involving Magento, which occurred on April 9, 2025. The breach, reportedly triggered via a third-party integration, resulted in the theft of 745,000 records containing detailed business and personal information. The leaked dataset, which has surfaced on Breach Forums, includes 430,000 unique email addresses, 261,000 phone numbers and data from organizations like BBC and Chicago Tribune. The exposed data appears to come from a CRM system linked to Magento deployments, containing names, job titles, corporate emails, company domains and social media links. Additionally, the breach includes technical metadata revealing companies’ tech stacks, marketing platforms and payment processors, possibly extracted from integrated CRM enrichment tools. Adobe, Magento’s parent company, has not yet verified the incident.

Exploit: Ransomware

Industry: Finance

The Qilin ransomware group has claimed responsibility for a cyberattack on SK Group, one of South Korea’s largest multinational conglomerates. The group posted SK on its dark web leak site early Thursday morning, alleging that it had exfiltrated over 1TB of data from the company’s servers. The cybercriminals initially issued a 48-hour ultimatum, threatening to release the stolen files unless SK Group contacts them. As of now, no details about the contents of the stolen data have been confirmed or disclosed. SK Group is a global leader in energy, telecommunications, semiconductors and advanced materials, operating in more than 175 companies worldwide. It is South Korea’s second-largest chaebol (family-run conglomerate) after Samsung.

Exploit: Third-Party Breach

Industry: Finance

A ransomware attack on third-party vendor Toppan Next Tech (TNT) has potentially compromised customer data belonging to DBS Group and the Bank of China’s Singapore branch, the banks confirmed this week. According to DBS, around 8,200 customer statements may have been exposed, though the bank emphasized that its own systems were not breached and that customer deposits and funds remain secure. The data at risk includes names, addresses, and in some cases, loan account numbers, primarily tied to DBS Vickers trading accounts and Cashline loan accounts. Bank of China (Singapore) also reported that approximately 3,000 customers who received printed paper letters through TNT may have had their information compromised. The affected communications were largely sent between December 2024 and February 2025. Both banks were alerted to the breach on April 5, and investigations are ongoing. The Monetary Authority of Singapore (MAS) stated that it is in “close engagement” with the impacted institutions to assess the incident and ensure adequate mitigation efforts are in place.