Cyber Security Headlines – December 30, 2025

Host: Sarah Lane | Podcast: CISO Series
Main Theme:
A roundup of significant cybersecurity incidents affecting major organizations worldwide, including notable data breaches, ransomware attacks, and regulatory actions. The episode zeroes in on the human factor in breaches, delays in disclosure, technical mishaps, and highlights the ongoing threats to both consumer and employee data security.

Key Discussion Points & Insights

1. Coupang Recovers Laptop Dumped in a River (`00:13`)

Incident: South Korean e-commerce giant Coupang recovered a MacBook Air that had been weighted down and dumped in a river, allegedly by a former employee attempting to destroy evidence related to a data leak.
Scope: The device's forensic analysis revealed the employee accessed data from about 33.7 million accounts, retaining information from approximately 3,000 users.
Breach Impact:
- No signs of data being sold were uncovered.
- Coupang is rolling out a 1.685 trillion won voucher compensation plan as part of the investigation.
Notable Quote:
- (Sarah Lane, 00:31) “Coupang says forensic analysis shows the employee accessed Data from about 33.7 million accounts and retained information from roughly 3,000 users— with no evidence of data being sold.”

2. Trust Wallet Chrome Extension Breach (`01:03`)

Attack Details:
- Attacker compromised Trust Wallet's Chrome browser extension on December 24.
- Over 2,596 cryptocurrency wallets were drained, losing approximately $7 million total.
- A malicious update, potentially enabled by a leaked Chrome Web Store API key, exfiltrated wallet data.
Response:
- Trust Wallet is reimbursing all affected users and investigating the cause.
Notable Quote:
- (Sarah Lane, 01:13) “Trust Wallet says it's reimbursing affected users and investigating how a leaked Chrome Web Store API key may have allowed the rogue release.”

3. Sachs 2024 Data Breach Disclosure (`01:35`)

Details:
- U.S. accounting firm Sachs experienced a cyberattack in August 2024 but only disclosed the breach and began notifying affected parties more than a year later.
- Exposed data includes names, birth dates, Social Security numbers, and government IDs.
- No ransomware group has claimed responsibility.
- Sachs offers a year of credit monitoring for those affected.
Notable Quote:
- (Sarah Lane, 01:43) “The company apparently didn't complete its investigation or begin notifications until more than a year later.”

4. Korean Air Supplier Attack (`02:08`)

Incident:
- Korean Air's catering and duty-free subsidiary (KCND) was hacked, leaking personal data of about 30,000 employees (names, account numbers from the ERP system).
- No customer data was affected.
- CLOP ransomware group claimed responsibility and has already leaked the stolen data.
Notable Quote:
- (Sarah Lane, 02:22) “The CLOP Ransomware Group has claimed responsibility for the KCND attack and says it has already leaked the stolen data.”

5. Next Publica Fined for Data Breach in France (`03:00`)

Regulatory Action:
- CNIL, France’s data protection authority, fined Next Publica €1.7 million for failing to act on known vulnerabilities that led to a November 2022 data breach.
- Users could access third-party documents; vulnerabilities were only patched after the breach.
- Fine reflects sensitivity of compromised data, number of people affected, and lack of security safeguards—constituting a GDPR violation.
Notable Quote:
- (Sarah Lane, 03:19) “The fine reflects the sensitivity of the data, the number of people affected and Next Publica's lack of basic security safeguards.”

6. ‘Lovely’ Extortion Group Attacks Conde Nast (`03:37`)

Attack Overview:
- The group leaked data on 2.3 million Wired subscribers (email addresses, names, home addresses, phone numbers, and account metadata) after Conde Nast allegedly ignored security warnings.
- Group claims to hold 40 million more records across other Conde Nast titles.
- Data likely originated from infostealer malware; no payment card data leaked yet.
Notable Quote:
- (Sarah Lane, 03:54) “Researchers from Hudson Rock say the data appears authentic and likely stems from infostealer malware, though no payment card data has surfaced.”

7. Aflac Breach Affects 22 Million+ Customers (`04:13`)

Details:
- June cyber attack stole data on ~22.65 million individuals (names, addresses, Social Security numbers, gov’t IDs, medical/insurance information).
- No ransomware was involved, and no known fraud reported yet.
- Affected individuals are offered two years of credit and identity protection.
Notable Quote:
- (Sarah Lane, 04:23) “The intrusion was part of a broader campaign targeting the insurance industry, did not involve ransomware and has not yet led to known fraud.”

8. Romania’s Oltenia Energy Complex Hit by Ransomware (`05:01`)

Attack Summary:
- The country’s largest coal-based energy producer was attacked over Christmas: files were encrypted and ERP, email, and document management were knocked offline.
- Power generation was not impacted; the company is restoring systems and investigating data theft.
- “Gentleman Ransomware Group” claimed responsibility.
Notable Quote:
- (Sarah Lane, 05:17) “The company is rebuilding systems from backups, assessing whether data was stolen and has reported the incident to national cyber and law enforcement authorities.”

Memorable Quotes & Moments

On Delayed Reporting:
- (Sarah Lane, 01:43) “The company apparently didn't complete its investigation or begin notifications until more than a year later.”
On Extortion and Data Authenticity:
- (Sarah Lane, 03:54) “Researchers from Hudson Rock say the data appears authentic and likely stems from infostealer malware, though no payment card data has surfaced.”

Important Segment Timestamps

00:13 – Coupang recovers laptop
01:03 – Trust Wallet wallet drains
01:35 – Sachs data breach
02:08 – Korean Air supplier hack
03:00 – Next Publica CNIL fine
03:37 – Lovely leaks Conde Nast data
04:13 – Aflac breach
05:01 – Oltenia Energy ransomware attack

Takeaways

Physical security lapses (Coupang) can have digital consequences; even extreme actions like destroying devices may not erase digital footprints.
Browser extension risks are prominent, as shown by the Trust Wallet incident: software supply chains and API key security remain persistent weaknesses.
Delayed breach notifications (ex: Sachs) risk regulatory action and erode consumer trust.
Ransomware and data extortion continue to plague both critical infrastructure (Oltenia Energy, Korean Air) and publishers (Conde Nast), with attackers leveraging both data theft and operational disruption.
Regulatory enforcement (Next Publica) is ramping up amidst rising privacy concerns and ongoing GDPR violations.

For daily, concise updates on major information security stories, see CISOseries.com.

Cyber Security Headlines – December 30, 2025

Key Discussion Points & Insights

1. Coupang Recovers Laptop Dumped in a River (`00:13`)

Incident: South Korean e-commerce giant Coupang recovered a MacBook Air that had been weighted down and dumped in a river, allegedly by a former employee attempting to destroy evidence related to a data leak.
Scope: The device's forensic analysis revealed the employee accessed data from about 33.7 million accounts, retaining information from approximately 3,000 users.
Breach Impact:
- No signs of data being sold were uncovered.
- Coupang is rolling out a 1.685 trillion won voucher compensation plan as part of the investigation.
Notable Quote:
- (Sarah Lane, 00:31) “Coupang says forensic analysis shows the employee accessed Data from about 33.7 million accounts and retained information from roughly 3,000 users— with no evidence of data being sold.”

2. Trust Wallet Chrome Extension Breach (`01:03`)

Attack Details:
- Attacker compromised Trust Wallet's Chrome browser extension on December 24.
- Over 2,596 cryptocurrency wallets were drained, losing approximately $7 million total.
- A malicious update, potentially enabled by a leaked Chrome Web Store API key, exfiltrated wallet data.
Response:
- Trust Wallet is reimbursing all affected users and investigating the cause.
Notable Quote:
- (Sarah Lane, 01:13) “Trust Wallet says it's reimbursing affected users and investigating how a leaked Chrome Web Store API key may have allowed the rogue release.”

3. Sachs 2024 Data Breach Disclosure (`01:35`)

Details:
- U.S. accounting firm Sachs experienced a cyberattack in August 2024 but only disclosed the breach and began notifying affected parties more than a year later.
- Exposed data includes names, birth dates, Social Security numbers, and government IDs.
- No ransomware group has claimed responsibility.
- Sachs offers a year of credit monitoring for those affected.
Notable Quote:
- (Sarah Lane, 01:43) “The company apparently didn't complete its investigation or begin notifications until more than a year later.”

4. Korean Air Supplier Attack (`02:08`)

Incident:
- Korean Air's catering and duty-free subsidiary (KCND) was hacked, leaking personal data of about 30,000 employees (names, account numbers from the ERP system).
- No customer data was affected.
- CLOP ransomware group claimed responsibility and has already leaked the stolen data.
Notable Quote:
- (Sarah Lane, 02:22) “The CLOP Ransomware Group has claimed responsibility for the KCND attack and says it has already leaked the stolen data.”

5. Next Publica Fined for Data Breach in France (`03:00`)

Regulatory Action:
- CNIL, France’s data protection authority, fined Next Publica €1.7 million for failing to act on known vulnerabilities that led to a November 2022 data breach.
- Users could access third-party documents; vulnerabilities were only patched after the breach.
- Fine reflects sensitivity of compromised data, number of people affected, and lack of security safeguards—constituting a GDPR violation.
Notable Quote:
- (Sarah Lane, 03:19) “The fine reflects the sensitivity of the data, the number of people affected and Next Publica's lack of basic security safeguards.”

6. ‘Lovely’ Extortion Group Attacks Conde Nast (`03:37`)

Attack Overview:
- The group leaked data on 2.3 million Wired subscribers (email addresses, names, home addresses, phone numbers, and account metadata) after Conde Nast allegedly ignored security warnings.
- Group claims to hold 40 million more records across other Conde Nast titles.
- Data likely originated from infostealer malware; no payment card data leaked yet.
Notable Quote:
- (Sarah Lane, 03:54) “Researchers from Hudson Rock say the data appears authentic and likely stems from infostealer malware, though no payment card data has surfaced.”

7. Aflac Breach Affects 22 Million+ Customers (`04:13`)

Details:
- June cyber attack stole data on ~22.65 million individuals (names, addresses, Social Security numbers, gov’t IDs, medical/insurance information).
- No ransomware was involved, and no known fraud reported yet.
- Affected individuals are offered two years of credit and identity protection.
Notable Quote:
- (Sarah Lane, 04:23) “The intrusion was part of a broader campaign targeting the insurance industry, did not involve ransomware and has not yet led to known fraud.”

8. Romania’s Oltenia Energy Complex Hit by Ransomware (`05:01`)

Attack Summary:
- The country’s largest coal-based energy producer was attacked over Christmas: files were encrypted and ERP, email, and document management were knocked offline.
- Power generation was not impacted; the company is restoring systems and investigating data theft.
- “Gentleman Ransomware Group” claimed responsibility.
Notable Quote:
- (Sarah Lane, 05:17) “The company is rebuilding systems from backups, assessing whether data was stolen and has reported the incident to national cyber and law enforcement authorities.”

Memorable Quotes & Moments

On Delayed Reporting:
- (Sarah Lane, 01:43) “The company apparently didn't complete its investigation or begin notifications until more than a year later.”
On Extortion and Data Authenticity:
- (Sarah Lane, 03:54) “Researchers from Hudson Rock say the data appears authentic and likely stems from infostealer malware, though no payment card data has surfaced.”

Important Segment Timestamps

00:13 – Coupang recovers laptop
01:03 – Trust Wallet wallet drains
01:35 – Sachs data breach
02:08 – Korean Air supplier hack
03:00 – Next Publica CNIL fine
03:37 – Lovely leaks Conde Nast data
04:13 – Aflac breach
05:01 – Oltenia Energy ransomware attack

Takeaways

Physical security lapses (Coupang) can have digital consequences; even extreme actions like destroying devices may not erase digital footprints.
Browser extension risks are prominent, as shown by the Trust Wallet incident: software supply chains and API key security remain persistent weaknesses.
Delayed breach notifications (ex: Sachs) risk regulatory action and erode consumer trust.
Ransomware and data extortion continue to plague both critical infrastructure (Oltenia Energy, Korean Air) and publishers (Conde Nast), with attackers leveraging both data theft and operational disruption.
Regulatory enforcement (Next Publica) is ramping up amidst rising privacy concerns and ongoing GDPR violations.

For daily, concise updates on major information security stories, see CISOseries.com.

wavePod

Coupang recovers laptop in river, Trust Wallet reports 2k+ wallets drained, Sax discloses 2024 data breach

Powered by Wave AI

Summary

Cyber Security Headlines – December 30, 2025

Key Discussion Points & Insights

1. Coupang Recovers Laptop Dumped in a River (`00:13`)

2. Trust Wallet Chrome Extension Breach (`01:03`)

3. Sachs 2024 Data Breach Disclosure (`01:35`)

4. Korean Air Supplier Attack (`02:08`)

5. Next Publica Fined for Data Breach in France (`03:00`)

6. ‘Lovely’ Extortion Group Attacks Conde Nast (`03:37`)

7. Aflac Breach Affects 22 Million+ Customers (`04:13`)

8. Romania’s Oltenia Energy Complex Hit by Ransomware (`05:01`)

Memorable Quotes & Moments

Important Segment Timestamps

Takeaways

Summary

Cyber Security Headlines – December 30, 2025

Key Discussion Points & Insights

1. Coupang Recovers Laptop Dumped in a River (`00:13`)

2. Trust Wallet Chrome Extension Breach (`01:03`)

3. Sachs 2024 Data Breach Disclosure (`01:35`)

4. Korean Air Supplier Attack (`02:08`)

5. Next Publica Fined for Data Breach in France (`03:00`)

6. ‘Lovely’ Extortion Group Attacks Conde Nast (`03:37`)

7. Aflac Breach Affects 22 Million+ Customers (`04:13`)

8. Romania’s Oltenia Energy Complex Hit by Ransomware (`05:01`)

Memorable Quotes & Moments

Important Segment Timestamps

Takeaways

Coupang recovers laptop in river, Trust Wallet reports 2k+ wallets drained, Sax discloses 2024 data breach

Powered by Wave AI

Summary

Cyber Security Headlines – December 30, 2025

Key Discussion Points & Insights

1. Coupang Recovers Laptop Dumped in a River (00:13)

2. Trust Wallet Chrome Extension Breach (01:03)

3. Sachs 2024 Data Breach Disclosure (01:35)

4. Korean Air Supplier Attack (02:08)

5. Next Publica Fined for Data Breach in France (03:00)

6. ‘Lovely’ Extortion Group Attacks Conde Nast (03:37)

7. Aflac Breach Affects 22 Million+ Customers (04:13)

8. Romania’s Oltenia Energy Complex Hit by Ransomware (05:01)

Memorable Quotes & Moments

Important Segment Timestamps

Takeaways

Summary

Cyber Security Headlines – December 30, 2025

Key Discussion Points & Insights

1. Coupang Recovers Laptop Dumped in a River (00:13)

2. Trust Wallet Chrome Extension Breach (01:03)

3. Sachs 2024 Data Breach Disclosure (01:35)

4. Korean Air Supplier Attack (02:08)

5. Next Publica Fined for Data Breach in France (03:00)

6. ‘Lovely’ Extortion Group Attacks Conde Nast (03:37)

7. Aflac Breach Affects 22 Million+ Customers (04:13)

8. Romania’s Oltenia Energy Complex Hit by Ransomware (05:01)

Memorable Quotes & Moments

Important Segment Timestamps

Takeaways

1. Coupang Recovers Laptop Dumped in a River (`00:13`)

2. Trust Wallet Chrome Extension Breach (`01:03`)

3. Sachs 2024 Data Breach Disclosure (`01:35`)

4. Korean Air Supplier Attack (`02:08`)

5. Next Publica Fined for Data Breach in France (`03:00`)

6. ‘Lovely’ Extortion Group Attacks Conde Nast (`03:37`)

7. Aflac Breach Affects 22 Million+ Customers (`04:13`)

8. Romania’s Oltenia Energy Complex Hit by Ransomware (`05:01`)

1. Coupang Recovers Laptop Dumped in a River (`00:13`)

2. Trust Wallet Chrome Extension Breach (`01:03`)

3. Sachs 2024 Data Breach Disclosure (`01:35`)

4. Korean Air Supplier Attack (`02:08`)

5. Next Publica Fined for Data Breach in France (`03:00`)

6. ‘Lovely’ Extortion Group Attacks Conde Nast (`03:37`)

7. Aflac Breach Affects 22 Million+ Customers (`04:13`)

8. Romania’s Oltenia Energy Complex Hit by Ransomware (`05:01`)