Cyber Victor – a leading blog on cyber security

Luxury giants Gucci, Balenciaga, and Alexander McQueen have suffered a data breach that leaked the personal information of millions of customers.

Paris, France-based company Kering, which owns the luxury brands, disclosed that an attacker breached its systems and accessed limited customer data in June 2025.

Notorious hacking group ShinyHunters has taken responsibility for the data breach, claiming they obtained 7.4 million unique email addresses.

According to databreaches.net, the cybercrime group stole 43 million Gucci data records, and 13 million records from Balenciaga, Brioni, and Alexander McQueen.

The data breach exposed customer names, phone numbers, email addresses, physical addresses, dates of birth, and the total amount each customer spent at Kering-owned stores worldwide. Customer financial information, such as bank account numbers and credit card details, were not leaked.

Still, exposing customers’ total purchases exposes them to targeted phishing attacks.

Read more about it here.

UK train operator LNER (London North Eastern Railway) reported a data breach through a third-party supplier, compromising customer contact details and other personal information.

LNER is a British train operator running passenger services on the East Coast Main Line, connecting London with major cities such as Leeds, York and Edinburgh. It operates high-speed and long-distance routes, providing intercity rail transport across northern and eastern England and Scotland.

In a September 10, 2025 statement, LNER said: “We have been made aware of unauthorised access to files managed by a third-party supplier, which involves customer contact details and some information about previous journeys.”

“No bank, payment card or password information has been affected”, said LNER.

Ticket sales and train operations were not impacted.

LNER didn’t provide further technical details about the attack.

Read more about it here.

More than 2.5 billion Gmail users are at risk following a massive cyberattack that compromised a Google database managed through Salesforce’s cloud platform. Google disclosed that a cybercriminal group known as the ShinyHunters hacked a database of their accounts through the cloud-based software provider Salesforce

The attack, which began in June 2025, used social engineering tactics. According to Google’s Threat Intelligence Group (GTIG), scammers impersonated IT staff using phone calls and persuaded a Google employee to approve a malicious application connected to Salesforce. This gave attackers the ability to exfiltrate contact details, business names, and related notes.

Google has confirmed that no user passwords were stolen, but the stolen data is already being abused.

What can you do ?

• Update your password to a long, complex password
• Use two factor authentication on applications that offer it
• Remain vigilant and wary of phishing emails

Read more about it here.

A new type of threat is alarming the world of cybersecurity. It is called Man-in-the-Prompt, and it is capable of compromising interactions with leading generative Artificial Intelligence tools such as ChatGPT, Gemini, Copilot, Claude, and DeepSeek. The challenge? It doesn’t even require a sophisticated attack: all it takes is a browser extension that doesn’t even need any special privileges.

LayerX’s research shows that any browser extension, even without any special permissions, can access the prompts of both commercial and internal LLMs and inject them with prompts to steal data, exfiltrate it, and cover their tracks.

The exploit has been tested on all top commercial LLMs, with proof-of-concept demos provided for ChatGPT and Google Gemini.

This exploit stems from the way most GenAI tools are implemented – in the browser. When users interact with an LLM-based assistant, the prompt input field is typically part of the page’s Document Object Model (DOM). This means that any browser extension with scripting access to the DOM can read from, or write to, the AI prompt directly.

Bad actors can leverage malicious or compromised extensions to perform prompt injection attacks, extract data directly from the prompt, response, or session, or compromise model integrity.

How can you protect yourself ?

• Don’t install extensions from unknown or unreliable sources.
• Regularly check installed extensions and uninstall those that aren’t needed.
• Limit extension permissions whenever possible.

Read more about it here.

During the first six months of 2025, WhatsApp has taken down 6.8 million accounts that were “linked to criminal scam centers” targeting people online around that world, said its parent company Meta in an August 5, 2025 statement.

“Some of the most prolific sources of scams are criminal scam centers, often fueled by forced labor and operated by organized crime primarily in Southeast Asia.” “Based on our investigative insights into the latest enforcement efforts, we proactively detected and took down accounts before scam centers were able to operationalize them.”, the statement continues.

Recently WhatsApp, Meta and OpenAI disrupted scams efforts which we were able to link to a criminal scam center in Cambodia. These attempts ranged from offering payments for fake likes to enlisting others into a rent-a-scooter pyramid scheme, or luring people to invest in cryptocurrency.

WhatsApp is rolling out two new anti-scam tools to protect its users. A new safety overview will appear when someone who is not one of your contacts adds you to unknown groups, allowing users to review the details before deciding to stay or leave. Notifications remain silenced until users mark to stay. For one-on-one chats, WhatsApp is testing warnings when people not in your contacts initiate a message, offering more context to help users pause and think before engaging. These features help counter common scam tactics at scale and keep users safer on the platform.

Read more about it here.

An unknown threat actor has stolen the sensitive information, including personal, financial, and health information, of 868,969 Columbia University current and former students, applicants and employees, after breaching the university’s network in May 2025.

The breach was discovered and reported to law enforcement authorities following an outage that affected some of its systems on June 24.

“Last week, we reported a technical outage that disrupted certain parts of our IT systems.” says a July 1 statement made by the university. “We immediately began an investigation with the assistance of leading cybersecurity experts and after substantial analysis determined that the outage was caused by an unauthorized party”.

The affected information includes Social Security numbers, contact details, demographic information, academic history, financial aid-related information, insurance-related information, and certain health information.

In an August 5 statement, Columbia University is offering two years of free credit monitoring and identity protection services to the impacted individuals.

Read more about it here.

Radiology Associates of Richmond has disclosed a data breach that impacted personal and health information of more than 1.4 million individuals.

Radiology Associates of Richmond (RAR) is a private radiology practice founded in 1905 and based in central Virginia. With 120 years in operation, RAR provides diagnostic, vascular and neurovascular interventional services to hospitals, freestanding emergency centers and outpatient imaging centers throughout central Virginia.

The organization discovered on May 2, 2025 that threat bad actors gained access to its systems between April 2 and 6, 2024. The security breach contained identifiable protected health and personal information. The practice quickly secured its network with the help of external cybersecurity experts and is assessing the impact. It also offered impacted individuals complimentary credit monitoring.

Read more about it here.

A recent Louis Vuitton data breach affected 419,000 customers in the UK, South Korea, Turkey, Italy, Sweden and possibly more countries. Customers of the French luxury retailer Louis Vuitton are being notified of a data breach.

Breached information included names, passport details, addresses, email addresses, phone numbers, shopping history and product preferences. Hong Kong’s Office of the Privacy Commissioner said it started investigating the data breach.

In statements emailed by LVMH to affected users, no payment information was affected.

LVMH said the French head office had found suspicious activities on its computer system on June 13, 2025, discovered Hong Kong customers were affected on July 2, and then reported the breach to the Hong Kong watchdog on July 17.

Read more about it here.

Security researchers Ian Carroll and Sam Curry revealed multiple vulnerabilities in the McDonald’s AI-powered hiring platform, McHire, that exposed the personal information of over 64 million job applicants.

The root of the problem was surprisingly simple: McHire’s administrative interface, designed for restaurant franchisees, accepted the incredibly insecure username and password combination of “123456”. That and an insecure direct object reference (IDOR) allowed to gain entry and immediately granted access to live administrative dashboards. This in turn allowed to access to any inbox to retrieve the personal data of more than 64 million applicants.

Personal information included names, emails, phone numbers, jobs details and chat logs between applicants and McDonald’s AI recruiter, which could have included additional personal information.

McDonald responded swiftly:

June 30, 2025 5:46PM ET: Disclosed to Paradox.ai and McDonald’s
June 30, 2025 6:24PM ET: McDonald’s confirms receipt and requests technical details
June 30, 2025 7:31PM ET: Credentials are no longer usable to access the app
July 1, 2025 9:44PM ET: Followed up on status
July 1, 2025 10:18PM ET: Paradox.ai confirms the issues have been resolved

Read more about it here.

Researchers announced the discovery of what seems to be the largest data breach ever recorded, with an astonishing 16 billion login credentials exposed online. The ongoing investigation, which began earlier in 2025, suggests that the credentials were collected through multiple infostealer malware strains.

The report published by CyberNews, says:

• The records are scattered across 30 different datasets, and some records are or might be overlapping
• The data most likely comes from various infostealers
• The data is recent, not merely recycled from old breaches

The data, structured by URL, login, and password, targets services like Apple, Google, Facebook, Telegram, GitHub, and some government portals.

The only silver lining here is that all of the datasets were exposed only briefly: long enough for researchers to uncover them, but not long enough to find who was controlling vast amounts of data. Most of the datasets were temporarily accessible through unsecured Elasticsearch or object storage instances.

How should we all boost our online protection?

• Use long and complex passwords
• Enable multi-factor authentication (MFA) whenever it is offered
• Use biometric authentication if available, such as fingerprint recognition and facial scan
• Use password managers
• Change old passwords to stronger passwords
• When you receive a text message or an email, don’t trust anyone

Read more about it here.