The week in breach news

United States

Dell Technologies

Dell Technologies confirmed a cyberattack late last month targeting its Customer Solution Centers, specialized environments used for product demonstrations and technology testing, by the new cyber extortion group World Leaks.

Dell emphasized that the affected systems are isolated from their core production networks and do not handle customer or partner data. Despite this, World Leaks publicly released roughly 1.3 TB of data on its leak site, comprising over 416,000 files. The leaked materials reportedly include infrastructure scripts, system backups, employee directories, configuration files and data related to Dell products such as PowerPath, PowerStore and VMware tools.

Dell downplayed the breach’s impact, noting that the Solution Center primarily uses synthetic data, publicly available datasets and non-sensitive internal information designed solely for demonstration purposes.

Interestingly, rather than deploying ransomware, World Leaks now focuses exclusively on data theft and extortion, using proprietary tools to exfiltrate data from compromised networks. This data extortion only approach is trending as bad actors try to stay under law enforcement’s radar.

United States

Philadelphia Indemnity Insurance

Philadelphia Indemnity Insurance Company confirmed that hackers accessed sensitive customer data during a security incident initially reported as a network outage.

The breach, which occurred between June 9 and 10, was later determined to involve unauthorized access to customer information. While the company emphasized that no ransomware was used and no data was encrypted, a subsequent investigation revealed that customers’ names, driver’s license numbers and dates of birth were among the compromised data.

Philadelphia Indemnity confirmed last month that customer data had been stolen but has not disclosed how many individuals were affected or who may have been behind the attack. The investigation remains ongoing.

European Union

Orange

Orange, a leading mobile service provider across Europe and Africa, confirmed it was the target of a cyberattack that impacted its internal systems.

The incident triggered an immediate response from Orange Cyberdefense, the company’s cybersecurity division. As a result of containment efforts, several corporate and consumer services were disrupted.  Outages primarily impacted the company’s home country of France.

Orange acknowledged that the response to the attack would affect users, although it has not disclosed the specific nature of the incident. The company claims there is currently no evidence that customer or company data was accessed or exfiltrated, but the situation remains under investigation.

Europe

Aeroflot

Russian airline Aeroflot was forced to cancel more than 50 round-trip flights following a major cyberattack that disrupted operations across the country. The incident caused widespread travel delays.

Two pro-Ukraine hacking groups, Silent Crow and the Belarusian Cyberpartisans, claimed responsibility for the attack. In public statements, the groups described the operation as the culmination of a year-long campaign that allowed them to deeply infiltrate Aeroflot’s network. They claimed to have destroyed 7,000 servers and gained access to employee computers, including those of senior management.

The hackers released screenshots of what they said were internal file directories from Aeroflot’s systems. They also threatened to release the personal data of all individuals who have flown with the airline, along with intercepted communications and emails from staff.

Aeroflot did not address those claims, simply announcing that affected passengers would be eligible for refunds or rebooking once its systems were restored. The airline also said it was working to place impacted travelers on alternative flights where possible.

United Kingdom

Sandersons

U.K. retailer Sandersons suspended all ordering through its ecommerce platform following a series of cyberattacks.

The family-run business announced the decision to end its eight-year-old ecommerce operation on its website, citing its inability to withstand its recent cyber trouble. The company stopped accepting new online orders as of July 7 but confirmed that all purchases made prior to that date will be fulfilled.

The retailer was quick to reassure shoppers that despite ending its digital operations, Sandersons will continue serving customers through its physical location in Stroud, Gloucestershire.

United States

The Brien Center for Mental Health and Substance Abuse Services

The Brien Center for Mental Health and Substance Abuse Services has reported a cybersecurity incident that exposed the personal and health information of more than 5,400 individuals. The healthcare provider said that it detected suspicious activity within its network, then discovered that an unauthorized party had accessed its internal systems between May 19 and May 21, 2025.

The Brien Center determined the intruder accessed and may have exfiltrated data belonging to 5,427 patients during the breach. Affected information includes patients’ names, birthdates, addresses, contact details, client identification numbers, visit dates and times, and clinical diagnostic data.

The Brien Center said it continues to work with cybersecurity professionals to assess the full scope of the breach.

United States

Albavisión

Newly emerged ransomware gang GLOBAL GROUP is claiming responsibility for a cyberattack on Albavisión, a major Spanish-language media conglomerate headquartered in Miami, Fla. The group alleges it has stolen 400 GB of sensitive data and is threatening to leak the information unless the company begins negotiations to pay an unspecified ransom.

Albavisión operates a vast network of television and radio stations across Latin America. GLOBAL GROUP, a ransomware-as-a-service (RaaS) operation, has been active since early June 2025 and  has also claimed attacks on other media outlets, including Italy’s Rete Toscana Classica (RTC), a 24-hour classical music radio station.

Albavisión has not yet publicly confirmed the breach or responded to the ransom threat.