The week in breach news

North America

The Maryland Transit Administration (MTA)

The Maryland Transit Administration (MTA) is investigating a cybersecurity incident involving unauthorized access to MTA systems.

Officials said the attack specifically affects users of MTA’s Mobility paratransit service. While the service remains operational, riders are currently unable to schedule new trips or rebook existing ones.

Authorities confirmed the threat has been contained and recovery is underway. At press time, MTA’s other services, including local and commuter buses, the metro subway, light rail, MARC trains and Call-a-Ride, continue to operate without disruption.

Asia & Pacific

Nissan Motor Corporation

Nissan Motor Corporation has reportedly fallen victim to a cyberattack carried out by the Qilin ransomware group. The hackers claim to have stolen 4 TB of sensitive data from Nissan’s Creative Box design studio, including 3D models and design files for upcoming vehicles.

According to details posted on Qilin’s dark web leak site, the cache contains internal reports, design documents, photographs, videos and financial records tied to future vehicle projects. The group has already published sample files to back its claims and is threatening a full release unless a ransom is paid, a move that could hand rival automakers access to Nissan’s unreleased designs.

As of press time, Nissan had not issued a public statement regarding the incident.

North America

Data I/O

Redmond-based Data I/O, a leading maker of electronics used in vehicles and consumer devices, disclosed a ransomware attack that disrupted key business functions, including shipping, manufacturing, production and other support systems.  The incident, which began on August 16, was just reported to federal regulators.

The company said it has implemented containment measures, including taking systems offline, to protect its global IT network. A third-party investigation is underway, and Data I/O said it will notify potential breach victims once the probe is complete.

Around two-thirds of its business currently comes from automotive electronic production, including technology for electric car charging stations. It claims it serves 18 of the world’s top 20 automotive electronics suppliers. The company also serves Panasonic, Amazon, Google and Microsoft.

No timeline has been provided for the full restoration of services. The company acknowledged that costs tied to the incident, including cybersecurity experts, advisors and system recovery, are “reasonably likely” to materially affect its financial results.

North America

Farmers Insurance Group

Farmers Insurance Exchange, Farmers Group Inc., and their subsidiaries, including brands such as Foremost and Bristol West, have begun informing customers about a major data breach impacting over 1 million individuals. According to Bleeping Computer, this breach is another entry in the list of breaches caused by the Salesforce hack.

Investigators determined that a cybercriminal accessed and acquired certain data from the vendor’s database on May 29, 2025. By July 24, 2025, Farmers confirmed that customer personal information had been exposed. The cybersecurity incident was reported to the California, Maine and Massachusetts Attorney Generals’ offices on Aug. 22, 2025

Compromised data may include names, addresses, contact information, dates of birth, Social Security numbers, driver’s license numbers, insurance information, claim details and financial information, including payment card or bank account numbers.

Farmers Insurance is offering affected customers 24 months of free credit monitoring through Cyberscout to help mitigate potential risks.

North America

Inotiv

Scientific research firm Inotiv disclosed a cybersecurity incident that disrupted portions of its business operations earlier this month. The Lafayette, Indiana-based drug development company said Monday that a threat actor gained unauthorized access to certain systems and encrypted them, limiting access to internal data storage and business applications.

The Qilin ransomware gang has claimed responsibility, alleging it stole roughly 162,000 files totaling 176 GB of data. The group has also published sample files on its leak site as proof of the breach.

The attack has caused operational disruptions, with no timeline yet for full restoration. Inotiv said investigations into the incident are ongoing.

Australia & New Zealand

TPG Corporation

Nearly 300,000 customers of Australia’s second-largest internet provider, iiNet, a subsidiary of TPG Corporation, have had personal information compromised in a cyberattack.

A list containing about 280,000 active email addresses and 20,000 active landline numbers was extracted from iiNet’s order management system. The breach also exposed around 10,000 iiNet usernames, street addresses and phone numbers, as well as roughly 1,700 modem setup passwords.

According to TPG, the breach occurred after an attacker stole employee account credentials and used them to access the order-tracking system, which manages broadband connection requests. The company emphasized that no credit card details, banking information or identity documents were exposed, as that data was not stored in the compromised system.

TPG said it is cooperating with the relevant government agencies as part of its response.