L'actualité de la semaine en matière de violations de données

The manufacturing sector is in the cybersecurity spotlight this week as a string of high-profile breaches underscores the growing risks facing global supply chains. Apple and Tesla supplier Tata Electronics confirmed a cyberattack, while a ransomware gang is demanding $2 million from Japanese manufacturer Nidec Corporation. Meanwhile, the devastating August 2025 cyberattack on automobile manufacturer Jaguar Land Rover has now been linked to Russian hackers.

Asie et Pacifique

Tata Electronics

Industry: Manufacturing Exploit: Supply Chain Attack

Apple and Tesla supplier Tata Electronics confirmed a cybersecurity breach that reportedly exposed 630 GB of data, including alleged confidential documents related to Apple and Tesla.

Tata Electronics, a key manufacturing partner for Apple, said it detected the cybersecurity incident several weeks ago. The disclosure follows claims by the ransomware group World Leaks, which published more than 200,000 files on the dark web, including what it alleges are Apple and Tesla component design documents. The company said the breach affected parts of its IT infrastructure but did not disrupt manufacturing or business operations.

However, Tata Electronics has not disclosed what specific data was compromised or how many customers may have been affected by the incident.

Source

Comment cela pourrait-il affecter votre entreprise ?

Threat actors are increasingly targeting suppliers and manufacturers as a pathway to compromise larger organizations within their supply chains. To reduce this risk, businesses should strengthen third-party risk management, enforce least-privilege access, continuously monitor for suspicious activity and ensure critical systems and data are protected with layered security controls.

Amérique latine et Caraïbes

Anatel

Secteur : Télécommunications Exploit : piratage

Brazil’s mobile phone emergency alert system was taken offline after a fake emergency message was sent to millions of individuals across the country.

On June 20, Brazil’s National Civil Defense warning platform, managed by telecom regulator Anatel, was targeted in a cyberattack. As a result, people across several regions of the country received a fraudulent Extreme Alert message containing the word “misantropi4,” a variation of the Portuguese word “misantropia,” meaning hatred toward humanity. Brazil’s civil defense authority confirmed the incident was the result of a hacker attack and said millions of citizens received the false alert.

Following the incident, officials took the emergency alert system offline while the investigation continues. According to reports, the fake alert was sent by an individual using the name “mizanthropiaz,” who allegedly exploited weak security measures to compromise the system.

Source

Comment cela pourrait-il affecter votre entreprise ?

Incidents like this show how attackers can hijack trusted mass alert systems to distribute malicious messages, phishing links or other fraudulent communications at scale. Users should remain cautious of unexpected alerts, avoid clicking on unknown links or attachments and verify the authenticity of urgent messages through official channels before taking any action.

Royaume-Uni

Jaguar Land Rover (JLR)

Secteur : Industrie manufacturière Vulnérabilité : piratage

It is being reported that Russian hackers were behind the August 2025 cyberattack on Jaguar Land Rover (JLR), an incident estimated to have cost the British economy around $2.5 billion.

On August 31, 2025, JLR shut down systems across its global manufacturing operations in response to what became one of the costliest cyberattacks in U.K. history. Now, citing people familiar with the investigation, reports suggest that Russian threat actors were responsible for the breach. Microsoft reportedly tracked the group and alerted JLR to the attackers’ identities.

Surprisingly, the Russian hacking group was not the only threat actor to breach JLR’s network. Investigators reportedly discovered that a Jordanian hacker known as “Rey” had also gained unauthorized access to the company’s systems during the incident.

Source

Comment cela pourrait-il affecter votre entreprise ?

Nation-state cyberattacks continue to rise, with critical infrastructure and large enterprises remaining key targets. Organizations, particularly those operating in critical sectors, should strengthen their cyber defenses through continuous threat monitoring, robust access controls, timely patching and well-tested incident response and recovery plans to improve resilience against sophisticated attacks.

Asie et Pacifique

Nidec Corporation

Secteur : Industrie manufacturière Vulnérabilité : ransomware et logiciels malveillants

Nidec Corporation confirmed a ransomware attack on its Taiwanese subsidiary, Nidec Chaun Choung Technology, as a ransomware gang demands $2 million to not leak the stolen data.

Nidec Corporation, a leading Japanese manufacturer of electronic components for automotive and computing applications, said the attack occurred on its subsidiary’s servers on June 22. The company acknowledged that information may have been exposed, although it has not confirmed that any personal or confidential data has been leaked online. Nidec is continuing to assess the impact on production, shipping and other business operations, but said it does not expect the incident to affect other Nidec Corporation or Nidec Group companies.

Meanwhile, the Blackfield ransomware group has claimed responsibility for the attack and given Nidec more than 15 days to enter negotiations or risk the publication or sale of the allegedly stolen data. The group is demanding a $2 million ransom in exchange for deleting the data.

Source

Comment cela pourrait-il affecter votre entreprise ?

Paying a ransom is not a guaranteed solution, as there is no assurance that cybercriminals will keep their promises. Instead, organizations should focus on building strong ransomware resilience through continuous threat monitoring, ransomware-resilient, immutable backups and a well-tested business continuity and disaster recovery (BCDR) strategy to ensure rapid recovery with minimal disruption.

États-Unis

South Texas Spinal Clinic PA

Secteur : Santé Vulnérabilité : ransomware et logiciels malveillants

Two health care providers in San Antonio are facing multiple proposed class-action lawsuits following separate alleged ransomware attacks that occurred earlier June.

A ransomware group known as Gentlemen recently claimed responsibility for attacks on South Texas Spinal Clinic PA and Soniva Dental LLC, both based in San Antonio. The providers are now facing lawsuits from patients who allege the organizations failed to adequately protect sensitive personal and medical information and delayed notifying affected individuals after the breaches.

According to reports, the incidents may have affected tens of thousands of current and former patients and employees. The compromised information could include names, dates of birth, Social Security numbers, medical records and other sensitive personal information.

Source

Comment cela pourrait-il affecter votre entreprise ?

Health care organizations face increasing legal and regulatory risks following cyber incidents, especially when sensitive patient information is involved. Strengthening cybersecurity controls, responding quickly to incidents and maintaining clear breach notification processes can help reduce both the operational and legal impact of a data breach.

Ça vous plaît ce que vous lisez ?

Abonnez-vous dès maintenant pour recevoir chaque semaine des actualités et des informations sur la sécurité dans votre boîte mail

Prochains webinaires et événements

Participez à nos prochains événements et webinaires pour bénéficier des conseils d'experts, découvrir des stratégies concrètes et vous tenir au courant des dernières tendances en matière de cybersécurité.

Kaseya Connect Europe 2026 recap: Innovations, insights and what’s next for MSP and IT leaders

July 2, 2026 11:00 AM GMT

Missed Kaseya Connect Europe 2026? Join Dermot McCann for an exclusive recap of Europe’s premier MSP and IT event, along with its biggest announcements, product innovations and industry insights. Discover how advancements in AI, automation, compliance and security are helping MSPs and corporate IT teams drive growth, improve efficiency and prepare for what’s next.

Inscrivez-vous dès maintenant

SaaS Alerts Tech Jam: Strengthen SaaS security with Respond & Fortify

July 16, 2026 11:00 AM EST

Reactive security is no longer enough to protect today’s SaaS environments. Join this Tech Jam to learn how SaaS Alerts, powered by Respond and Fortify, empowers MSPs and corporate IT teams to detect threats faster, automate incident response and enforce security best practices across their SaaS ecosystem.

Inscrivez-vous dès maintenant