United States
Bitcoin Depot
Bitcoin Depot, a major U.S. bitcoin ATM operator, is notifying customers of a data breach that exposed personal information collected during cryptocurrency transactions. Exposed data may include names, phone numbers, driver’s license numbers, home addresses, birthdates and email addresses, depending on the individual.
The company revealed in a notification letter to customers that it first detected suspicious activity on June 23, 2023. Bitcoin Depot said that it completed its internal investigation on July 18, 2024. However, the company was prohibited from disclosing the incident to customers until July 2025 due to an ongoing police investigation.
SourceHow it could affect your business
Organizations must prioritize swift internal investigations and transparent communication, to avoid the erosion of customer trust.
United States
The Texas Department of Transportation
The Texas Department of Transportation (TxDOT) confirmed a data breach on May 12, 2025, affecting nearly 300,000 crash report records after a hacker accessed a single personal TxDOT account.
Exposed data includes names, addresses, driver’s license and license plate numbers. Drivers’ insurance policy information and other crash-related details were also exposed. The agency began notifying affected individuals via direct mail on July 9 and has set up a dedicated hotline for those impacted by the breach.
SourceHow it could affect your business
Even a single compromised account can lead to large-scale data exposure, highlighting the critical need for strong access controls and continuous monitoring.
United States
Flutter Entertainment
Flutter Entertainment, owner of major gambling sites like Betfair and Paddy Power, disclosed a data breach affecting up to 800,000 customers.
The company, which serves 4.2 million average monthly players across its U.K. and Ireland brands, pointed to a data breach at an unnamed service provider as the culprit. The exposed data may include a customer’s IP address, email address and limited betting account information.
Flutter Entertainment told impacted users in a letter that it has contained the incident and is working with cybersecurity experts to strengthen its defenses.
SourceHow it could affect your business
This incident underscores the growing cybersecurity challenges large corporations face, particularly those in the online gambling sector.
United States
Rockerbox
Earlier this month cybersecurity researchers discovered an unsecured archive traced to Rockerbox, a Texas-based consultancy firm that specializes in tax credits. The trove contains 287 GB of data and nearly 246,000 records.
The compromised records include names, addresses, email addresses, dates of birth, Social Security numbers and driver’s license and identification card numbers, as well as employment and salary information related to Work Opportunity Tax Credit documents and determination letters. The files also contain sensitive documents like DD214 military discharge forms and PDFs with personal details, such as names and employer information. The database has since been secured.
SourceHow it could affect your business
If technicians aren’t diligent when setting up a database, their carelessness can have disastrous results for companies.
Europe
LVMH
LVMH is in the spotlight for another cyberattack this week, this time on its Louis Vuitton UK operations. The retailer disclosed that this incident exposed customer names, contact details and purchase history. The brand was quick to reassure customers that no financial data was compromised.
The breach, which occurred on July 2, marks the third LVMH-related cyber incident in three months, following similar attacks on Louis Vuitton’s Korean arm last week and Christian Dior Couture.
SourceHow it could affect your business
Experiencing multiple data breaches in a short period of time can negatively impact consumers’ trust in a brand.
Japan
Nippon Steel Solutions
Nippon Steel Solutions, a subsidiary of Nippon Steel, announced it detected unauthorized activity on several servers earlier this month. An internal investigation revealed hackers exploited a zero-day flaw in the company’s network equipment to gain access to sensitive information belonging to customers, partners and employees.
Customer data potentially compromised includes names, company affiliations, job titles, business email addresses, phone numbers and addresses. Partner information, such as names and business emails, was also exposed. This incident follows a February 2025 attack on another of the company’s divisions, Nippon Steel USA, by the BianLian ransomware group.
SourceHow it could affect your business
Multiple cyberattacks on a company in a short period of time may cause potential partners to think twice before doing business with that company.
Australia & New Zealand
Foodstuffs Ltd.
New Zealand grocery retailer Foodstuffs Ltd. announced it detected recent attempts by scammers to access a limited number of its New World Clubcard accounts. The company said the bad actors were guessing passwords using automated tools. The company confirms its systems remain secure, and no personal credit card data has been compromised.
To protect customers, Foodstuffs has temporarily disabled a function of its New World Clubcard that allowed the redemption of New World dollars and removed stored payment tokens on affected accounts. Impacted users are being asked to reset their passwords with strong passphrases to restore access and enhance security.
SourceHow it could affect your business
Bad actors are increasingly turning to automated tools to make attacks faster and more effective.
