The week in breach news

North America

Bridgestone

Japanese Tire manufacturer Bridgestone confirmed it is investigating a cyberattack that disrupted operations at some of its North American manufacturing facilities.

On Tuesday, September 2, 2025, reports surfaced about a cybersecurity incident impacting two of BSA’s production facilities in Aiken County, South Carolina. By Wednesday, the trouble had spread to Bridgestone’s Canadian manufacturing operation in Joliette, Quebec.

The company said its rapid response team contained the intrusion in its early stages, preventing the theft of customer data or a deeper network compromise. Bridgestone added that although the company did experience some operational disruption, including manufacturing delays, operations have returned to normal.

While Bridgestone was asked whether ransomware was involved, the company did not respond, and no group had claimed the attack at press time.

North America

Navy Federal Credit Union

Security researchers uncovered an unsecured and misconfigured server belonging to Navy Federal Credit Union (NFCU) that exposed 378 GB of internal files. The trove included operational data from Tableau, internal usernames, email addresses, user role details and possibly hashed passwords and keys.

No customer data in plain text was found, and NFCU member information does not appear to have been compromised. The exposed files largely consisted of Tableau workbooks and other internal documents.

Researchers reported the discovery to NFCU, and the database was secured within hours.

United Kingdom

Jaguar Land Rover

Jaguar Land Rover (JLR) has suspended production at multiple sites following a cyberattack that infiltrated its internal IT systems, with disruptions expected to last into October. Thousands of workers at JLR’s Halewood, Solihull and Wolverhampton. U.K. plants have been told to stay home until the issue is resolved, though they will continue to be paid. Similar pauses affect JLR operations in Slovakia, Brazil and India.

While dealerships and garages remain open, suppliers including WHS Plastics, Evtec, OPmobility and SurTec have also been impacted.

A Telegram channel linked to hacking groups Scattered Spider, Lapsus$ and ShinyHunters has posted screenshots of what appear to be JLR’s internal systems. Scattered Spider, previously tied to attacks on M&S, Co-op and Harrods, is suspected of involvement.

North America

Salesloft Drift

Cloudflare, Zscaler and Palo Alto Networks confirmed this week that they were affected by a hacking campaign exploiting integrations with Salesloft Drift, an AI platform connected to Salesforce systems. The campaign, attributed to threat actor UNC6395, ran between August 8 -18 and may have impacted more than 700 companies.

Salesloft said attackers used stolen credentials to exfiltrate customer data via its Drift chatbot tool, acquired last year. While Salesforce disconnected Salesloft as a precaution, the company said it has seen no evidence of malicious activity within the platform itself.

Cloudflare described the incident as a sophisticated supply chain attack on business-to-business integrations. The company found 104 API tokens among the stolen data, all since rotated, and warned that customer information shared in support tickets, including logs, tokens or passwords, should be considered compromised.

Google cautioned that the scope of the campaign extends beyond the Salesforce-Salesloft integration and advised all Salesloft Drift customers to treat authentication tokens as potentially compromised.

This event is believed to be unrelated to the ongoing Salesforce exploit hack that has impacted many major companies.

North America

Lovesac

Furniture retailer Lovesac has confirmed a data breach after detecting suspicious activity in its internal email system on May 30, 2025. An investigation revealed that an unauthorized actor accessed an employee’s email account between May 27 – 30, 2025, exposing sensitive data in emails and attachments, including names and Social Security numbers.

The ransomware group RansomHub claimed responsibility, alleging it had stolen 40 GB of company data and threatened to publish it on the dark web. Lovesac began notifying affected individuals by mail on September 4, 2025, and also reported the incident to multiple state Attorneys General. The company has not disclosed how many people were affected, though the number may reach into the thousands.

North America

Wealthsimple

Toronto-based online bank and investment firm Wealthsimple disclosed a cybersecurity breach linked to a compromised software package from a third-party vendor. Wealthsimple disclosed that the breach was detected on August 30, 2025. The incident exposed sensitive client information, including Social Insurance Numbers, account numbers, contact details, IP addresses and dates of birth.

Fewer than 1% of Wealthsimple clients were affected, all of whom were notified directly. The company said the breach was contained within hours, no funds were accessed, passwords were not compromised and accounts remain secure.

Wealthsimple has not named the vendor involved or shared further technical details about the intrusion.