Europe
European Space Agency (ESA)
The new year began with a major cybersecurity incident that could ripple across the aerospace and defense sectors. On January 7, the European Space Agency (ESA) confirmed a significant data breach, with more than 700 GB of data exposed across two separate cyber incidents.
Earlier this week, the hacking group Scattered Lapsus$ Hunters claimed it gained access to ESA servers as far back as September 2024 by exploiting a publicly known vulnerability. The group claims to have exfiltrated approximately 500 GB of data, including operational procedures, spacecraft and mission details, subsystem documentation and sensitive contractor information linked to ESA partners such as SpaceX, Airbus Group and Thales Alenia Space. This followed a separate incident in December, when another cybercriminal offered more than 200 GB of ESA data for sale on a dark web forum.
According to the attackers, the stolen files contain highly sensitive information tied to multiple space programs and ESA missions. More concerning, the group claimed the security flaw has not yet been remediated, potentially giving them continued access to ESA’s live systems.
SourceHow it could affect your business
This incident shows how unidentified or unpatched vulnerabilities can give attackers a clear path into even well-defended environments. Once inside, threat actors can move quietly across systems and access sensitive data before they’re detected. Automated penetration testing can help organizations identify these hidden weaknesses and potential attack paths early, reducing the risk of a successful breach.
Australia & New Zealand
Manage My Health
A cyber incident hit New Zealand’s health care sector, affecting a widely used patient portal. Manage My Health, an online platform used by general practices nationwide, confirmed a breach that affected approximately 125,000 users.
On December 30, Manage My Health was alerted to unauthorized access involving its “My Health Documents” module. The incident affected roughly 6% to 7% of its 1.8 million registered users, with about 70% of impacted individuals located in Northland. Exposed data includes clinical discharge summaries, historical referral records and health information uploaded by patients.
A ransomware group known as Kazu has claimed responsibility for the attack and demanded a ransom of $60,000 after releasing a sample of the stolen data.
SourceHow it could affect your business
Ransomware attacks targeting health care systems continue to increase in frequency due to the sensitive data they contain. Once attackers gain access, patient information can be exposed or used for extortion, causing serious trust and compliance issues. Health care providers need strong monitoring to detect threats early and encrypted backups to ensure data can be recovered without paying ransoms.
Europe
Ledger
Hardware cryptocurrency wallet maker Ledger confirmed another cyber incident, this time involving a third-party data breach. The company said some customer information was exposed following a cyberattack on its payment processor, Global-e.
According to Ledger, attackers gained unauthorized access to Global-e’s systems and obtained data linked to Ledger.com purchases where Global-e acted as the merchant of record. While the total number of affected customers was not disclosed, the compromised information included names, contact details and order data such as products purchased and prices paid. Ledger emphasized that no financial data, passwords or cryptocurrency assets were impacted.
This latest incident adds to Ledger’s troubled history of breaches. In 2023, the company suffered a nearly $500,000 loss due to a crypto-related theft, and in 2020, personal data belonging to over 270,000 customers was exposed in a breach linked to its Shopify integration.
SourceHow it could affect your business
This incident shows how third-party vendors can become indirect entry points to customer data. Without visibility into how vendors access, store and protect shared data, organizations may not detect exposure until after information has been stolen. Regularly reviewing third-party access, limiting shared data to what’s necessary and continuously monitoring integrations can help reduce this risk.
North America
Trust Wallet
Binance-owned cryptocurrency wallet Trust Wallet confirmed a supply chain attack that resulted in the loss of approximately $8.5 million from users. The attack was linked to the Shai-Hulud 2.0 self-replicating worm, which previously targeted the NPM registry in late November.
According to Trust Wallet, attackers targeted users with version 2.68 of its Chrome browser extension. Malicious versions of the extension were published on December 24, and users who logged into their wallets between December 24 and December 26 using that version were impacted. Attackers leveraged the source code and Chrome Web Store API key that they got from the NPM incident.
The company identified 2,520 wallet addresses linked to the incident, with roughly $8.5 million in assets stolen. Trust Wallet said the stolen funds were traced to 17 attacker-controlled wallet addresses. The company has since stated it will reimburse all affected users, noting that some wallet addresses not directly associated with Trust Wallet were also impacted during the attack.
SourceHow it could affect your business
This attack highlights the growing threat of self-propagating supply chain malware, where trusted software updates become the delivery mechanism for theft. When malicious code enters through widely used extensions or open-source components, it can spread quickly before users or organizations are aware of it. Strong dependency monitoring, code integrity checks and tighter controls around software updates could help detect tampering early and prevent large-scale losses.
Asia & Pacific
Shinhan Card
Shinhan Card, one of South Korea’s largest credit card companies, confirmed an insider-related security incident that exposed personal information tied to nearly 192,000 merchant representatives.
According to the Seoul-based firm, an internal review is still underway to determine whether the case should be classified as unauthorized use of personal information or a formal data breach. The exposed data includes names, mobile phone numbers, birth dates and gender. Shinhan Card stated that sensitive financial details, such as card numbers, resident registration numbers and bank account information, were not affected.
The disclosure comes amid a broader wave of data breaches affecting major South Korean companies. In recent months, firms such as Coupang, Lotte Card and SK Telecom have also reported cyber incidents.
SourceHow it could affect your business
This incident is a reminder that cyberthreats don’t always come from the outside and that insiders can pose serious risks if access isn’t tightly controlled. Employees and contractors with legitimate access can misuse data, whether intentionally or accidentally, without triggering traditional perimeter defenses. To reduce insider risk, organizations should enforce strict access controls, monitor user activity for unusual behavior and regularly review permissions based on roles and necessity.
