The week in breach news

Europe

Piazza San Marco

Hackers have reportedly breached the hydraulic pump system at Piazza San Marco in Venice, an iconic location visited by millions each year.

Threat actors identifying as Infrastructure Destruction Squad or Dark Engine claimed they gained administrative access to the city’s flood defense system and threatened to disable protections, potentially flooding coastal areas. The alleged breach began in late March and involved control over the system’s interface. The attackers shared screenshots as proof and offered full root access for $600, aiming to expose vulnerabilities and apply political pressure.

This incident highlights the growing trend of attacks targeting operational technology (OT) systems that control critical infrastructure.

Europe

Basic-Fit

Basic-Fit, Europe’s largest gym and fitness chain, disclosed a data breach affecting the personal information of roughly 1 million members.

On April 13, the Netherlands-based company, which has more than 5 million members and 1,500 clubs across Europe, said that it detected unauthorized access to its systems. Although the intrusion was blocked within minutes, an investigation found that data belonging to active members in multiple countries had already been downloaded. The compromised information includes names, email addresses, physical addresses, phone numbers, dates of birth and bank account details.

According to reports, approximately 1 million members across Spain, Germany, France, Belgium and Luxembourg have been affected. The threat actor behind the breach remains unknown, as no ransomware group has claimed responsibility.

North America

Vercel

American cloud application company Vercel disclosed a security breach that allowed threat actors to gain unauthorized access to its internal systems.

The incident originated from the compromise of Context.ai, a third-party AI tool used by a Vercel employee. The employee logged in using a Google Workspace account and granted the tool extensive permissions, including access to Google Cloud Platform resources. However, the tool had already been compromised, allowing attackers to leverage those permissions to move laterally into Vercel’s environment and potentially access internal systems.

While Vercel stated that no sensitive data was exposed, concerns arose after an anonymous individual shared screenshots on Telegram allegedly showing access to confidential information. The company is now working with Mandiant and other cybersecurity firms, notifying law enforcement and coordinating with Context.ai to assess the full scope of the incident.

United States

McGraw Hill

American education and publishing company McGraw Hill said hackers exploited a Salesforce misconfiguration to access a portion of its internal data.

McGraw Hill recently identified unauthorized access to a limited set of data from a webpage hosted on Salesforce. The company stated that the activity appears to be part of a broader issue involving a misconfiguration within Salesforce’s environment affecting multiple organizations. It also clarified that the incident did not involve unauthorized access to its Salesforce accounts, customer databases, courseware or internal systems.

The breach came to light alongside claims by the ransomware group ShinyHunters, which said it had stolen 45 million Salesforce records.

Europe

Inditex

Inditex, the parent company of Zara, identified unauthorized access to third-party-hosted databases containing information on customer transactions.

On April 15, the company confirmed that the breach originated in a security incident involving a former technology provider and affected multiple organizations operating internationally. Inditex said it immediately implemented security protocols and began notifying relevant authorities. It also stated that the affected database did not contain customer names, addresses, passwords or bank card details.