The week in breach news

North America

Conduent

The U.S. Department of Agriculture has confirmed that a cyberattack has shut down Supplemental Nutrition Assistance Program (SNAP) call centers operated by Conduent in six states: Georgia, Delaware, Indiana, Iowa, Oklahoma and Virginia. The interactive voice response call centers enabled electronic benefit transfer (EBT) cardholders in those states to check their card status, review their account balance and perform similar functions.

According to the Georgia Department of Human Services, the trouble began on July 25, but the disruption to EBT services continues. Conduent has fallen victim to at least two other cyberattacks that caused call center outages in 2025.

North America

The Office of the Pennsylvania Attorney General

The Pennsylvania Office of the Attorney General (AG) has confirmed that a recent cyberattack knocked out its phones and email accounts. Attorney General Dave Sunday said in a press conference that IT experts are working to restore affected services and investigate the incident with the help of law enforcement authorities.

While the attorney general has not yet attributed the attack to any specific group, However, a cybersecurity expert reported last month that several public-facing Citrix NetScaler appliances on the AG’s network were vulnerable to active exploitation of a critical flaw CVE-2025-5777, also known as Citrix Bleed 2.

North America

The House of Commons of Canada

Canada’s House of Commons has fallen victim to a cyberattack that compromised sensitive employee data. The breach allegedly involved an unidentified threat actor exploiting a “recent Microsoft vulnerability”, suspected to be the recently uncovered Microsoft’s On-Premises Exchange vulnerability (CVE-2025-53786), to gain access to a database containing employee information.

The stolen data includes names, email addresses, job titles, office locations and details about the computers and mobile devices used by House of Commons staff. Both the House of Commons and Canada’s Communications Security Establishment are investigating the incident. No group has claimed responsibility.

Europe

Colt Technology Services Group Limited

UK-based Colt Technology Services has confirmed it suffered a cyberattack, reportedly carried out by the WarLock ransomware group, that has caused prolonged service disruptions since August 12. The incident has affected hosting, porting, Colt Online and Voice API services, though Colt emphasized that its core network infrastructure remains intact.

Initially described as a “technical issue,” Colt later acknowledged it was a cyberattack and shut down systems to contain the threat. Threat actors are believed to have exploited a Microsoft SharePoint vulnerability (CVE-2025-53770) to breach the firm’s sharehelp.colt.net platform, maintaining access to its network for over a week.

A WarLock affiliate known as “cnkjasdfgd” has claimed responsibility, offering 1 million allegedly stolen documents including financial, employee, customer and internal data for $200,000. Colt has notified authorities but has not released technical details or a timeline for full restoration as its IT teams continue recovery efforts.

Europe

Inflite The Jet Centre

Thousands of Afghans brought to safety in the UK under a resettlement scheme have had their personal data potentially exposed following a cyber-security incident at a Inflite The Jet Centre

Inflite The Jet Centre, a Ministry of Defence sub-contractor that provides ground-handling services at London Stansted Airport, experienced the breach affecting up to 3,700 Afghans who traveled to the UK between January and March 2024 under the Afghan Relocations and Assistance Policy (Arap).

An email from the Afghan resettlement team warned families that exposed information may include names, passport details and Arap reference numbers. Reports indicate that some British military personnel and former Conservative government ministers may also be affected. Inflite said the breach appears to have been limited to email accounts.

North America

Workday

Cloud-based human resources software provider Workday announced on Friday that some customer information was accessed in a social engineering attack targeting its third-party Customer Relationship Management (CRM) platform. The company did not disclose which CRM platform was involved but confirmed that the breach affected business contact information, including names, email addresses and phone numbers.

Workday emphasized that there is “no indication of access to customer tenants or the data within them,” and the attack appears limited to the CRM system.

The company described itself as one of several organizations affected by a recent wave of CRM-targeted social engineering attacks, positioning this breach as another attack perpetrated through Salesforce CRM tools.

Europe

Stock in the Channel (STIC)

UK-based Stock in the Channel (STIC), a digital platform displaying stock and pricing for IT products, suffered a ransomware attack on August 12.

The company revealed that attackers exploited an unnamed zero-day vulnerability in a third-party application to gain access to its systems, causing extensive damage to its infrastructure. STIC said its teams have been working around the clock to repair the affected systems.