Decathlon is a global sporting goods retailer with over 100,000 employees and 1,700+ storefronts worldwide. In 2022, Decathlon reported 15.4 billion euros of net sales revenue, shared with 55,000 shareholding teammates. However, Decathlon suffered a significant data leak a year before its substantial revenue report. Credentials from that attack have resurfaced recently, putting the private information of nearly 8,000 individuals at risk.

Shadow PC is a Paris-based gaming host with thousands of clients in Europe and the US. Shadow’s service allows video games with high resource consumption to run on old software; this is made possible by Shadow’s ability to open a virtual computer. The virtual computer takes the onus of running games, allowing even incompatible computers to run game software. Shadow PC’s services are cloud-based, which should allow up to 100,000 users to play on their servers simultaneously.

Air Europa is a Spanish airline that serves travelers from all over Europe, North America, the Caribbean, and Tunisia. The airline welcomes over 430 million fliers each year, with 10,000+ daily flights across the globe. Following a recent hack, some consumers may have had their credit card information stolen. Very little is public about the cyber incident, meaning any traveler could be at risk.

This week, threat actors targeted the vital aspects of many companies characterized by their robust cybersecurity. 23andMe got hit early on, suffering demographic and relationship exposures that may target Ashkenazi Jews and Chinese descendants. The D.C. Board of Elections was also targeted, potentially exposing the voter information of 600,000+ individuals. Flagstar Bank and Air Europa also suffered, leaking the payment information of their trusting consumers.

Florida’s First Judicial Circuit hosts 33 courts in the Northwest of the state. The region serves over 1.4 million residents, most of whom live within areas heavily impacted by the military. Last week, the Florida Courts suffered a data breach, which halted operations across the district starting on October 2nd. In the last 72 hours, ransomware gang BlackCat has claimed responsibility for the assault—and may be holding the credentials for ransom.

Flagstar Bank is one of the largest national banks in the country. They operate over 430 branches and 120 banking teams from coast to coast. Flagstar is also the nation’s second-largest mortgage warehouse lender, servicing over 1.6 million accounts. Flagstar Bank’s conglomerate is based in New York, while their servicing is in Michigan. Flagstar oversees billions of dollars in loans, deposits, assets, and equity.

The nation’s capital—Washington, D.C., hosts over 700k+ individuals along the shared border of Maryland and Virginia; within Columbia, an estimated 86.9% of inhabitants can actively vote. The D.C. Board of Elections (DCBOE) is an autonomous group overseeing elections in the area. They manage the voter registration process and manage ballot access for the public. However, D.C. residents are under threat following a recent data breach.

23andMe is a personal genome and biotechnology company that provides genetic reports to interested clients. 23andMe employs over 800 employees and operates in California. The company reported $299 million in revenues this year, but the figure will likely drop in the upcoming quarter; opportunists have accessed 23andMe’s systems, resulting in thousands of user records leaking online.

As organizations increasingly deploy business-critical workloads to managed cloud services, enforcing strong security practices needs to be a top priority. While many managed cloud service providers do a good job of protecting the cloud and infrastructure itself, it’s the responsibility of the customer to protect what’s running inside the cloud.

Cybersecurity experts work daily to protect the public from threat actors. This week, we learned about new threats to medical records and gas stations and received updated statuses. Nuance Communications was the most recent development in the ongoing MOVEit file breaches; this is a significant blow to the medical community in conjunction with the other medical targets this week, HCA Healthcare and Community First Medical Center.