Asia & Pacific
Asus
Asus, the global computer and electronics manufacturer, confirmed a third-party data breach linked to one of its suppliers.
On December 3, the company announced that a cybersecurity incident at one of its suppliers had impacted some of its data. The update came just one day after the Everest ransomware group listed Asus on its Tor leak site and claimed to have stolen more than 1 TB of the company’s files. Asus said the incident did not impact its products, internal systems or user privacy. However, some camera source code used in Asus phones was exposed.
The same ransomware group also claims to have leaked data from other major software vendors, including ArcSoft.
SourceHow it could affect your business
This incident shows how ransomware groups are increasingly targeting manufacturers through supply chain attacks. When a third-party supplier is compromised, your own data can be exposed even if your internal systems are secure. To ease this risk, businesses should thoroughly vet their vendors’ security, limit the data they share and continuously monitor supplier access.
United States
Marquis Software Solutions
Marquis Software Solutions reported a ransomware attack that affected more than 780,000 customers of banks and credit unions across the U.S., marking yet another serious third-party supply chain incident.
Marquis, a Texas-based fintech and software provider that works with over 700 financial institutions, said it detected the ransomware attack on August 14. The attackers targeted the company’s firewall and stole specific files from the systems. According to the firm, the stolen data includes names, addresses, phone numbers, Social Security numbers, taxpayer ID numbers, financial account information and dates of birth.
Marquis has begun notifying affected customers and is offering free credit monitoring and identity theft protection.
SourceHow it could affect your business
Supply chain attacks like this show how quickly one compromised vendor can expose the sensitive data of hundreds of thousands of people. Even when your own systems are secure, you can still be pulled into a breach through a partner’s weak point. Businesses should segment the data they share, require vendors to follow strict security controls and continuously review access logs so stolen credentials or firewall breaches don’t go unnoticed.
United States
Persante Health Care
Persante Health Care, a New Jersey–based provider of sleep and balance center management services, disclosed a cyber incident that exposed personal and protected health information (PHI).
The health care provider detected unusual activity on its network between January 23 and January 28. It then took more than eight months to review the affected files and determine whether patient data had been accessed. On October 3, the review confirmed that sensitive information was involved, and Persante notified impacted individuals by mail on November 26.
According to the provider, the exposed information includes dates of birth, Social Security numbers, driver’s license numbers, state ID numbers, passport numbers, government ID numbers, taxpayer IDs, dates of service, physician or facility names, patient account numbers, medical record numbers, financial account details, payment card numbers, medical device identifiers and biometric identifiers.
SourceHow it could affect your business
Cyberattacks on healthcare providers continue to rise, and the sensitive nature of medical data means these organizations often face intense regulatory scrutiny when a breach occurs. Strengthening access controls, improving endpoint monitoring and encrypting sensitive data can help effectively defend against cyberthreats.
United States
Davies, McFarland & Carroll LLC (DMC)
Davies, McFarland & Carroll LLC (DMC), a Pittsburgh-based law firm, reported a cybersecurity breach that exposed the personal and protected health information (PHI) of more than 54,000 individuals.
Around May 22, 2025, the law firm learned that an unauthorized party had gained access to its internal records. An investigation, completed in late September, confirmed that files containing sensitive personal information were involved. The exposed data includes names, addresses, dates of birth, Social Security numbers, medical treatment details, medical history and health insurance information.
On November 24, the firm began notifying affected individuals whose information had been exposed.
SourceHow it could affect your business
Law firms hold large volumes of personal and health information, making them attractive targets for attackers. A breach like this can lead to legal exposure, compliance risks and loss of client trust. Firms can reduce these risks by tightening access controls, improving the monitoring of email and file systems and ensuring sensitive data is encrypted and segmented across the network.
Asia & Pacific
Coupang
South Korean e-commerce giant Coupang disclosed a major data breach that exposed information belonging to nearly 34 million customers.
Coupang, often called South Korea’s version of Amazon, discovered unauthorized access on November 18 and immediately alerted authorities. Initially, Coupang believed that only about 4,500 customer accounts were affected. However, a deeper investigation revealed the real impact was far larger — almost 33.7 million accounts. The breach may have begun as early as June through a server located overseas.
While no financial details or login credentials were exposed, the leaked data includes names, email addresses, phone numbers, shipping addresses and order histories.
SourceHow it could affect your business
Since customer data is valuable and often stored at a massive scale, retail companies are becoming prime targets for cybercriminals. Retailers can reduce risks by limiting access to sensitive records, enforcing strong identity controls for staff and vendors, and using continuous security monitoring to spot early signs of a breach.
