Accelerated by:
Certifications:
Light Eyes is part of Apolo Cybersecurity
ENG
ENG
%402x.svg){kind=icon}
.webp)
This week has been marked by data breaches in large corporations and educational entities, cyberattacks aimed at critical suppliers and internal threats that highlight the fragility of connected systems. From the exposure of Asahi Group and OpenAI customer information to the demand for a million-dollar ransom from Iberia, the incidents show how both human errors and vulnerabilities in third parties can jeopardize sensitive information and the trust of users.
The current landscape requires organizations to strengthen their internal controls, audit suppliers and prepare contingency plans to protect critical data and operations.
Iberia had detected unauthorized access to customer information through an external provider. The airline reinforced its internal and external security measures, and notified the Spanish Data Protection Agency and INCIBE, warning about the risk of phishing campaigns, impersonation and possible fraud aimed at affected users.
The cybercriminal group Everest demanded 5.18 million euros from Iberia not to disclose personal data of customers and external contacts obtained after unauthorized access to an external provider. The airline activated additional security protocols, including two-step authentication, and contacted potentially affected customers.
A cyberattack on an external vendor led to possible exposure of customer data from JPMorgan Chase, Citigroup and Morgan Stanley. The intrusion highlights the increasing reliance on external systems in the financial industry and the importance of auditing, continuously monitoring and establishing strong security protocols for vendors that handle sensitive customer information and critical corporate data.
A phishing attack aimed at the Harvard Alumni office compromised student, donor and staff information. The incident highlights the need to reinforce training in security, access supervision and authentication controls in educational institutions that handle sensitive data.
The Qilin ransomware group impacted Asahi's internal services, including logistics and customer support. Personal data of up to 1,525,000 customers and 114,000 external contacts, as well as employee and family records, were exposed. The compromised information includes names, addresses, phone numbers and emails, without affecting financial data.
Mixpanel, an OpenAI analytics provider, suffered unauthorized access that compromised limited API user information, including profile data and analytical metadata. No chats, passwords or payments were affected. OpenAI removed Mixpanel from its production services, initiated internal audits and alerted users to potential phishing or impersonation attacks.
An employee with internal access shared screenshots of systems and control panels with a group of cybercriminals, who used them to falsely allege an attack on CrowdStrike. The company ruled out breaches in its systems and assured that customer data remains secure, highlighting the threat posed by insiders and the need to audit and monitor privileged access.
The combination of breaches, service interruptions and AI-enabled attacks paints a picture where defending yourself is no longer optional. Evaluating suppliers, applying segmentation, monitoring access and planning contingencies are essential actions.
Act today so you don't pay the cost tomorrow.
At Apolo Cybersecurity, we help to anticipate internal and external threats. Security starts inside and with the systems that connect your organization to the world.