October Recap - The Breach Report

What happened: A third-party customer-service platform used by Qantas suffered a compromise; data of roughly 5 million customers was leaked.

Impact: Names, email addresses, frequent flyer numbers, phone numbers and dates of birth exposed. No payment or passport data disclosed.

Lesson: Even well-known airline brands can be derailed via vendor platforms — your customer-service or contact-centre provider is a high-risk vector.

Source: Read More

What happened: On October 25, DoorDash discovered a social-engineering attack on an employee that resulted in exposure of user, merchant and “Dasher” contact information.

Impact: Names, addresses, email addresses and phone numbers were accessed. No SSNs, payment card numbers or government IDs confirmed.

Lesson: Social engineering remains a potent tactic — even when core systems haven’t been breached, perimeter access via staff remains a critical weakness.

Source: Read More

What happened: Attackers published customer records from the retailer’s backend database. The incident dates to late July but was confirmed in October.

Impact: Names, email addresses, physical addresses and phone numbers leaked. No payment card or password data reported.

Lesson: Retail chains with large customer bases remain lucrative targets — even seemingly “low-risk” PII without payment data can fuel phishing and identity fraud.

Source: Read More

What happened: Multiple U.S. counties (e.g., in Texas, Tennessee, Indiana) suffered cyber incidents in October that disabled service portals, login systems and network access.

Impact: While confirmed data theft is minimal, critical citizen services were disrupted (payments, courts, tax portals).

Lesson: The public-sector threat is increasingly about availability and disruption, not only exfiltration — consider service resilience as part of your breach preparedness.

Source: Read More

What happened: A breach in the student-management system (cloud-hosted) via third-party upstream provider resulted in extensive data theft.

Impact: Names, dates of birth, passport and visa details, disability/health records, bank account numbers — extremely sensitive data extracted.

Lesson: Universities (and by extension academic institutions in North America) remain high-risk — complex vendor chains increase attack surface.

Source: Read More

What happened: Malicious extensions for Visual Studio Code were deployed and downloaded 35,000+ times, enabling credential theft and remote-access propagation.

Impact: Developer toolchains compromised, source credentials and CI/CD access risked — broad implications for organizations relying on open-source ecosystems.

Lesson: Your “internal” dev tools may be an external risk vector — supply-chain attacks transcend SaaS access and include developer workflows.

Source: Read More

What happened: A large cache of email accounts (including Gmail users) and passwords identified via an infostealer malware campaign that operated quietly for months.

Impact: Credentials harvested enable phishing, account take-over, lateral movement; the underpinning threat to enterprise identity posture is significant.

Lesson: Credential hygiene, MFA enforcement and monitoring of exposed logins remain foundational. A breach of identity is a breach of access.

Source: Read More

Vendor / third-party intrusion remains one of the most leveraged vectors (Qantas, Toys “R” Us, municipal governments).

Credential & social-engineering attacks continue to drive breaches even when technical perimeter defences are intact (DoorDash, email infostealer).

Developer & toolchain supply-chain attacks are ascending — GlassWorm is a cautionary tale for DevSecOps.

Availability/disruption in public sector is as serious as data theft — local governments impacted functionality, not only data.

Enforce vendor access review — treat every third-party link as a potential attacker path.

Mandate MFA + passkey implementations + identity-threat monitoring — credentials are still a primary target.

Segment development environments and restrict extension installs; apply inventory and version controls to dev-tool chains.

Build service-resilience playbooks for non-data breaches — offline payment alternatives, immutable backups, alternate login channels.

Monitor dark-web and infostealer feeds for credential exposures linked to your domains — early detection can head off lateral infiltration.

Toolchain compromise — both developer and operational tools are being weaponised.

Credential-leak commoditisation — large volumes of exposed logins feed phishing and account-takeover campaigns.

Vendor ecosystem cascade failures — one compromised supplier can ripple through multiple industries.

Public-sector disruption incidents — not just data theft, but service denial is on the rise.