The week in breach news

A growing wave of state-sponsored cyber activity and large-scale exploitation campaigns dominate the headlines this week, with the European Union exposing a Russia-linked cyber ecosystem that has targeted member states for years and the Australian Cyber Security Centre warning businesses about a global campaign exploiting vulnerable CMS platforms and plugins. Meanwhile, another U.S. insurance provider, AssuranceAmerica, disclosed a data breach affecting nearly seven million individuals, while hackers have claimed to have breached German banking giant Deutsche Bank.

Europe

European Union

Industry: Government & Public Sector Exploit: Nation-State

The European Union (EU) and its member states have publicly denounced a Russia-linked malicious cyber ecosystem that has been targeting organizations across the EU for years.

The EU has accused Russia’s Federal Security Service (FSB) of directing several cyberthreat groups, including TURLA, to conduct cyber operations against EU member states and international partners. The alleged activities include infiltrating government networks and sabotaging critical infrastructure. Countries reportedly targeted include France, Germany, Poland, Cyprus, the Netherlands, Austria, Slovakia, Romania and Finland.

According to the EU, the group has conducted cyber espionage against strategic French government entities since 2010 and targeted the country’s defense industry in 2025. In Germany, it has focused on government organizations, while in Poland, it has recently carried out disruptive sabotage operations against critical infrastructure, including combined heating and power plants.

Source

How it could affect your business

Nation-state cyberattacks have been increasing in recent years, particularly targeting organizations that work with government agencies and critical infrastructure. These organizations should strengthen their cyber defenses through continuous monitoring, robust access controls, timely patching and well-tested incident response and recovery plans to improve resilience against sophisticated threats.

Australia & New Zealand

Australian businesses

Industry: Technology Exploit: Misconfiguration

Meanwhile, the Australian Cyber Security Centre (ACSC) has warned Australian businesses that malicious actors are actively scanning websites for vulnerabilities in a range of content management systems (CMS) and plugins.

According to the ACSC, a widespread exploitation campaign is targeting CMS platforms and their plugins globally, with numerous Australian businesses already affected. Threat actors are deploying webshells on compromised websites, potentially leading to service disruptions, data theft and further network compromise. The campaign targets platforms including WordPress, Craft CMS, MaxSite CMS, MetInfo CMS and Joomla JCE, as well as plugins such as Simple File List, WavePlayer, Ninja Forms and Craft CMS.

Reports suggest the campaign may be accelerated by AI, enabling threat actors to identify vulnerable systems and scale their attacks more effectively.

Source

How it could affect your business

Website administrators should promptly apply the latest security updates for all CMS platforms and plugins to reduce the risk of exploitation. Organizations should also remove unused plugins, enable automatic updates where possible and implement stronger security measures, such as read-only directories and continuous monitoring for unauthorized file creation, to better defend against such web-based attacks.

United States

AssuranceAmerica

Industry: Insurance Exploit: Hacking

American insurance company AssuranceAmerica disclosed a data breach affecting nearly 7 million individuals after attackers gained unauthorized access to its systems earlier this year.

AssuranceAmerica, which provides auto, renters and commercial auto insurance across 14 U.S. states, revealed in a filing with the Maine Office of the Attorney General that the breach affected 6,998,886 people. The company detected the incident on March 17 and determined that the attackers had stolen a broad range of customer information from its systems. The compromised data includes combinations of names, contact information, automobile insurance policy and account details, driver and vehicle information, claims-related information and driver’s license numbers.

The incident marks the second major breach involving a U.S. insurance provider in recent weeks, following American insurance giant Aflac’s disclosure that a breach at its Japan subsidiary affected more than 4 million customers.

Source

How it could affect your business

A data exposure of this scale could fuel widespread phishing campaigns using stolen insurance and personal details. Individuals should review credit reports, bank accounts and other financial statements for unusual activity and immediately notify their financial institution if anything suspicious appears.

United States

Cambridge Mobile Telematics

Industry: Technology Exploit: Ransomware & Malware

A ransomware group claimed responsibility for a cyberattack targeting Cambridge Mobile Telematics (CMT), a Cambridge, Massachusetts-based telematics and AI company.

On June 2, the ransomware group CoinbaseCartel claimed responsibility for the attack and threatened to leak sensitive data unless the company entered into negotiations. According to reports, the compromised information may include driving behavior data such as trip logs, acceleration and braking patterns and mobile phone distraction events. The attackers also claim to have obtained location information, including GPS coordinates, travel routes and location history, along with personally identifiable information, user profiles, insurance-related information and account details.

CMT has not yet confirmed the alleged breach or verified that any customer data was compromised.

Source

How it could affect your business

The combination of driving history, location data and personal information could enable cybercriminals to launch highly targeted spear-phishing campaigns that appear credible and personalized. Individuals should remain cautious of unsolicited emails or messages requesting personal information or urgent action, even if they appear to reference legitimate account or insurance details.

Europe

Deutsche Bank

Industry: Finance Exploit: Third-Party Data Breach

Hackers claimed to have breached Frankfurt-headquartered banking giant Deutsche Bank, while the bank confirmed a cybersecurity incident involving a third-party service provider.

A ransomware group known as Unsafe claimed responsibility for the breach, publishing, it says, employee database records on its dark web leak site. As proof, the group posted database extracts, terminal output and commands that appear to show exports from multiple databases, suggesting the data may have originated from internal Deutsche Bank systems. According to reports, the exposed information includes employee email addresses, password hashes, physical addresses and internal database records.

Meanwhile, Deutsche Bank said it was notified of a cybersecurity incident involving an external service provider in Germany that operates a marketing and incentive platform for sales partners. The bank stated that there is no indication its internal systems or networks were affected and that it has found no evidence of unauthorized access to its own network.

Source

How it could affect your business

Third-party vendors are increasingly being targeted as a pathway to compromise larger organizations, even when the organizations’ own networks remain secure. Businesses should regularly assess vendor security, limit third-party access to critical systems, continuously monitor external integrations and ensure suppliers adhere to strong cybersecurity practices.

Like what you're reading?

Subscribe now to get security news and information in your inbox every week

Upcoming webinars & events

Join our upcoming events and webinars for expert insights, practical strategies and the latest cybersecurity trends.

Beyond Backup: Building AI-Powered Cyber Resilience

July 21, 2026 2:00 PM EST

Discover how AI is transforming backup, service delivery and security operations in this three-part AI Innovation Series. See how Kaseya Intelligence turns data into action with AI-powered workflows that help MSPs and corporate IT teams scale more efficiently, resolve issues faster and strengthen security using insights from more than 3 exabytes of data across 17 million endpoints.

Register Now

SaaS Alerts Tech Jam: Strengthen SaaS security with Respond & Fortify

July 16, 2026 11:00 AM EST

Reactive security is no longer enough to protect today’s SaaS environments. Join this Tech Jam to learn how SaaS Alerts, powered by Respond and Fortify, empowers MSPs and corporate IT teams to detect threats faster, automate incident response and enforce security best practices across their SaaS ecosystem.

Register Now