The Week in Breach News: 1/29/25 – 02/04/25
This week: A malicious insider robs customer data from TD Bank; a major data security fail at DeepSeek; another data breach at Hewlett Packard Enterprise; and a look at how bad actors are using AI to power up phishing threats.
Read this week’s new featured blog: How AI Powers Next-Gen Phishing Attacks
Hewlett Packard Enterprise (HPE)
https://hackread.com/hackers-claim-2nd-breach-hp-enterprise-sell-access/
Exploit: Hacking
Industry: Technology
IntelBroker, a hacking entity linked to past high-profile breaches, claims to have compromised Hewlett Packard Enterprise (HPE) again, allegedly snatching 500MB of data from its repositories. Screenshots supposedly reveal exposed credentials, internal configurations and proprietary source code. This is IntelBroker’s second attack on HPE resulting in data theft, hitting HPE just a few weeks ago in January 2025. The latest leak reportedly includes private keys, internal Git repositories, Docker builds and infrastructure configurations for services like SignonService and Salesforce integrations. Unlike the previous breach, where stolen data was sold for Monero, IntelBroker now claims they will release the data for free while selling access to HPE’s systems.
How It Could Affect Your Customers’ Business: This situation shows how persistent threat actors can repeatedly exploit vulnerabilities if potential security gaps remain unaddressed.
Kaseya to the Rescue: Explore the biggest challenges professionals contended with in 2024 and the impact of AI on cybersecurity in the Kaseya Cybersecurity Survey 2024. GET THE REPORT>>
New York Blood Center
https://therecord.media/ransomware-attack-new-york-blood-center-forces-workarounds
Exploit: Ransomware
Industry: Healthcare
New York Blood Center, the top independent blood center in the Northeastern U.S., has been hit by a ransomware attack, disrupting operations and delaying blood processing. The organization detected suspicious IT activity on Sunday, later confirmed as ransomware by cybersecurity experts. While blood donations are still being accepted, some drives may be rescheduled, and processing times could be longer. Officials are working to contain the threat with law enforcement assistance. No ransomware group has claimed responsibility for this attack The center revealed that it may issue a future call for blood donations as it recovers.
How It Could Affect Your Customers’ Business: Cyberattacks on critical infrastructure, like healthcare supply facilities like this one, can have serious real-world consequences.
Kaseya to the Rescue: Learn to mitigate a company’s risk of damage from email-based threats in A Comprehensive Guide to Email-based Cyberattacks. GET THE GUIDE>>
TD Bank
Exploit: Malicious Insider
Industry: Banking & Finance
TD Bank, the 10th-largest U.S. bank by assets, has disclosed that a former employee had unauthorized access to and shared sensitive customer data between August and December 2022. The bank said that it has terminated the employee responsible and is conducting an investigation in cooperation with law enforcement and its corporate security team. The breached information may include names, contact details, birth dates, account numbers and transaction records. No total number of people impacted by this breach had been released at press time. TD Bank is providing the affected customers with complimentary fraud prevention and detection services.
How It Could Affect Your Customers’ Business: This incident is a reminder of the importance of robust internal controls and stringent employee access policies to mitigate insider threats.
Kaseya to the Rescue: No company is safe from malicious insider risk. Learn about how to identify malicious insiders and mitigate your risk of trouble in our eBook. GET YOUR FREE EBOOK>>
Feeling overwhelmed by your task list? Discover four strategies for reducing your workload! GET INFOGRAPHIC>>
UK – Smiths Group
https://therecord.media/smiths-group-uk-cybersecurity-incident
Exploit: Hacking
Industry: Manufacturing (Engineering)
Smiths Group, a UK-based engineering firm, reported to the London Stock Exchange on Tuesday that it had detected unauthorized access within its systems. In a statement, the company noted that it had quickly isolated the affected systems and activated its business continuity plan following the discovery. However, Smiths Group did not disclose the exact timing of the incident, the specific systems impacted, or whether ransomware was involved. The company stated it is collaborating with cybersecurity experts to restore affected systems and assess any broader impact on operations.
How It Could Affect Your Customers’ Business: Swift incident response and business continuity planning are critical in mitigating cyber threats.
Kaseya to the Rescue: Maximize your security on a lean budget with the insights you’ll find in our infographic 5 Ways to Squeeze More From a Tight Security Budget. DOWNLOAD IT>>
Uncover today’s worst phishing threats and see smart strategies to keep businesses out of trouble. GET EBOOK>>
India – Tata Technologies
https://therecord.media/tata-ransomware-attack-report-incident
Exploit: Ransomware
Industry: Manufacturing (Electronics)
Indian multinational engineering firm Tata Technologies has been targeted in a ransomware attack, prompting the shutdown of several IT systems. The company said it immediately launched an investigation upon detecting the breach. Despite the attack, Tata Technologies assured that operations remain unaffected, and services continue as normal. On Friday, the company filed documents with the National Stock Exchange of India, confirming that only a few IT assets were impacted. As of Friday afternoon, no ransomware group has claimed responsibility. A subsidiary of giant Tata Motors, Tata Technologies specializes in automotive, aerospace, and industrial engineering.
How it Could Affect Your Customers’ Business: Containing the impact of a cybersecurity problem is key to ensuring that business operations continue without disruption.
Kaseya to the Rescue: Watch this webinar to explore Kaseya 365 User, our latest innovation to empower small and midsize businesses to maximize security while boosting productivity. LEARN MORE>>
China – DeepSeek
Exploit: Human Error
Industry: Technology
Cybersecurity researchers at Wiz Research revealed on January 29 that DeepSeek, a Chinese AI-driven data analytics company, suffered a significant data leak, exposing over one million sensitive records. Researchers discovered that the company had a misconfigured cloud storage instance containing a large database that was left publicly accessible without proper authentication and access controls. The database contained a variety of sensitive information including chat logs, system details, operational metadata, API secrets and log streams.
How it Could Affect Your Customers’ Business: Human beings will never stop making mistakes, making it essential for companies to ensure that workers are adhering to best practices to minimize trouble.
Kaseya to the Rescue: Learn about five ways that businesses may be in danger of trouble from the dark web in an infographic that’s also perfect for sharing on social media! DOWNLOAD IT>>
Get to know the players, commodities and places that are shaping today’s dark web. DOWNLOAD EBOOK>>
Australia – ARDEX Australia
Exploit: Ransomware
Industry: Infrastructure (Construction)
On January 27, ARDEX Australia appeared on the dark web leak site of the Medusa threat group, which claims to have exfiltrated business documents containing both corporate and personal information. The group shared a detailed sample of the allegedly stolen data, including spreadsheets, product lists, pricing details, remuneration records, employment and position documents, policy files, emails and other files that were labeled as confidential. Among the exposed information are employee and client personal details such as names, email addresses and phone numbers.
How it Could Affect Your Customers’ Business: Ransomware groups are hungry for both corporate and personal data, making it mission-critical to implement robust data protection strategies.
Kaseya to the Rescue: Take a deep dive into the players that shape dark web commerce today in our eBook State of the Dark Web. DOWNLOAD IT>>
Take a deep dive into why an AI-powered anti-phishing solution is a smart financial choice. GET EBOOK>>
Read this week’s feature story: How AI Powers Next-Gen Phishing Attacks
Artificial intelligence (AI) enabled tools have given cybercriminals an edge that is helping them craft highly personalized and effective phishing attacks. In this blog, we explore how bad actors are making the most of sophisticated tools to craft and deploy hard-to-detect malicious messages. READ MORE>>
Learn how to identify and mitigate malicious and accidental insider threats before there’s trouble! GET EBOOK>>
Uncover the dark web with our guide
Take a deep dive into the hidden corners of the dark web to learn more about the activities and commodities that power the dark web economy. In State of the Dark Web 2025, you’ll learn about:
- The role of AI in evolving cybercrime.
- Key players in the cybercrime ecosystem.
- Price points for stolen data, hacking services and more.
- Tips to defend against dark web threats.
Download it now to gain the insights you need to stay ahead of dark web threats. GET IT>>
Did you miss…The Guide to Phishing Protection for Businesses? DOWNLOAD IT>>
Learn how to spot today’s most dangerous cyberattack & get defensive tips in Phishing 101 GET EBOOK>>
The Ultimate User Security Playbook: Prevent, Respond and Recover with Confidence Webinar
Join Chris McKie, Kaseya’s VP of Product Marketing for Security Solutions, on February 11 at 2 PM ET/11 AM PT for an illuminating webinar The Ultimate User Security Playbook: Prevent, Respond and Recover With Confidence. Gain valuable insights on user protection, including how to:
- Prevent attacks with AI-powered anti-phishing solutions and security awareness training.
- Respond swiftly to minimize cyber incident impact.
- Recover efficiently to ensure business continuity and data integrity.
Learn how to unify proactive defenses, automated threat response and resilient recovery tools into a comprehensive user security strategy. REGISTER NOW>>
April 28 – May 1 Kaseya Connect Global REGISTER NOW>>
June 17 – 19 Kaseya DattoCon Europe REGISTER NOW>>
October 6 – 8 Kaseya DattoCon REGISTER NOW>>
Do you have comments? Requests? News tips? Complaints (or compliments)? We love to hear from our readers! Send a message to the editor.
Partners: Feel free to reuse this content. When you get a chance, email [email protected] to let us know how our content works for you!
Read our case studies and see how MSPs and businesses have benefitted from using our solutions. READ NOW>