Weekly Cybersecurity Breach Roundup: DOGE Data Exposure, CIRO Phishing Attack, and Rising Threats
This week’s cybersecurity landscape saw multiple high-profile incidents, including unauthorized data sharing by the U.S. Department of Government Efficiency (DOGE), a massive phishing breach in Canada, and a surge in critical vulnerabilities.
U.S. DOGE Staff Exposed Social Security Data via Unauthorized Cloudflare Server
Federal prosecutors confirmed that staff from Elon Musk’s Department of Government Efficiency (DOGE) uploaded sensitive Social Security Administration (SSA) data to an unauthorized Cloudflare server in March 2025. The breach, first reported by a whistleblower in August, involved employees sharing data via third-party links between March 7 and 17. The SSA remains uncertain whether the data was removed from Cloudflare.
The incident is part of ongoing litigation over DOGE’s activities at the SSA, which critics claim wasted $21.7 billion. Prosecutors also revealed that a DOGE employee signed an agreement with a political advocacy group seeking voter fraud evidence, potentially linking SSA data to voter rolls. Two DOGE employees were referred to the U.S. Office of Special Counsel for possible Hatch Act violations, which prohibit federal employees from partisan activities.
Additionally, a DOGE team member sent an encrypted file believed to contain names and addresses of 1,000 individuals to the Department of Homeland Security and a DOGE advisor at the Department of Labor. The SSA has been unable to decrypt the file. Another DOGE employee continued accessing the "Numident" database containing Social Security card applications and death records despite a court order revoking access.
Canadian Investment Regulatory Organization (CIRO) Phishing Breach Affects 750,000 Investors
The Canadian Investment Regulatory Organization (CIRO) disclosed a phishing attack in August 2025 that exposed sensitive data of approximately 750,000 investors. Compromised information includes names, contact details, dates of birth, Social Insurance numbers, government-issued IDs, investment account numbers, and account statements. CIRO confirmed that login credentials, passwords, and security questions were not accessed.
UK NCSC Warns of Rising Russia-Aligned Hacktivist DDoS Attacks
The UK’s National Cyber Security Centre (NCSC) issued an alert about increased denial-of-service (DDoS) attacks by Russian-aligned hacktivist groups, including NoName057(16). Targets include government bodies, local authorities, and critical infrastructure operators. The NCSC advised organizations to strengthen defenses with traffic filtering, web application firewalls, and rate-limiting policies.
Ingram Micro Ransomware Attack Exposes 42,000 Employee Records
IT distributor Ingram Micro suffered a July 2025 ransomware attack by the SafePay gang, which stole 3.5 terabytes of data, including names, birthdates, Social Security numbers, passport details, and employment records. The breach affected 42,521 individuals. Ingram took systems offline to contain the attack, causing service disruptions before restoring operations by July 9. SafePay later published the stolen data after Ingram refused to pay the ransom.
CVE Disclosures Surge 21% in 2025
Vulnerability disclosures reached 48,185 in 2025 a 20.6% increase from the previous year with 3,984 critical and 15,003 high-severity flaws. December alone accounted for 5,500 CVEs, while February 26 saw a record 793 disclosures in a single day. Nearly 30% of exploited vulnerabilities were weaponized within one day of disclosure, and 25.8% lacked analysis in the National Vulnerability Database, complicating mitigation efforts.
SK Telecom Challenges $91 Million Data Leak Fine
South Korea’s SK Telecom is contesting a $91 million fine the largest ever imposed by the country’s privacy watchdog after a 2025 data breach exposed all 23 million of its mobile subscribers. The delayed disclosure led to a broader investigation, prompting SK Telecom to offer free USIM replacements. A ransomware group, CoinbaseCartel, later claimed responsibility, alleging it stole source code, project files, and AWS keys via a compromised Bitbucket account.
Critical Chainlit Vulnerabilities Expose AI Data and Cloud Infrastructure
Security researchers at Zafran Labs disclosed two critical flaws in the open-source AI framework Chainlit (CVE-2026-22218 and CVE-2026-22219). The vulnerabilities allow arbitrary file reads and server-side request forgery (SSRF), enabling attackers to access sensitive data, including AI prompts and credentials, and probe internal networks. Chainlit released patches to address the issues.
North Korean Hackers Abuse Microsoft VS Code for Malware Delivery
North Korean threat actors expanded their "Contagious Interview" campaign, using Microsoft Visual Studio Code to execute malware via malicious Git repositories. Victims are tricked into opening projects that automatically run attacker-controlled commands, deploying the EtherRAT macOS trojan. The group has also leveraged developer-friendly platforms like Vercel for command-and-control infrastructure.
Source: https://www.bankinfosecurity.com/breach-roundup-doge-uploaded-social-security-data-to-cloud-a-30586
The Hacker News cybersecurity rating report: https://www.rankiteo.com/company/thehackernews
Ingram Micro cybersecurity rating report: https://www.rankiteo.com/company/ingram-micro
Department of Government Efficiency cybersecurity rating report: https://www.rankiteo.com/company/department-of-government-efficiency
CIRO / OCRI cybersecurity rating report: https://www.rankiteo.com/company/ciro-canadian-investment-regulatory-organization
Timor Telecom cybersecurity rating report: https://www.rankiteo.com/company/timor-telecom
"id": "THEINGDEPCIRTIM1769124673",
"linkid": "thehackernews, ingram-micro, department-of-government-efficiency, ciro-canadian-investment-regulatory-organization, timor-telecom",
"type": "Vulnerability",
"date": "3/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Unknown (SSA data exposed)',
'industry': 'Government',
'location': 'United States',
'name': 'U.S. Department of Government Efficiency '
'(DOGE)',
'size': 'Large',
'type': 'Government Agency'},
{'customers_affected': '750,000 investors',
'industry': 'Finance',
'location': 'Canada',
'name': 'Canadian Investment Regulatory Organization '
'(CIRO)',
'size': 'Large',
'type': 'Regulatory Body'},
{'customers_affected': '42,521 employees',
'industry': 'Technology',
'location': 'Global',
'name': 'Ingram Micro',
'size': 'Large',
'type': 'IT Distributor'},
{'customers_affected': '23 million subscribers',
'industry': 'Telecom',
'location': 'South Korea',
'name': 'SK Telecom',
'size': 'Large',
'type': 'Telecommunications'},
{'customers_affected': 'Unknown',
'industry': 'Technology',
'location': 'Global',
'name': 'Chainlit',
'size': 'Small/Medium',
'type': 'Open-Source AI Framework'}],
'attack_vector': ['Unauthorized Cloud Storage',
'Phishing',
'Ransomware',
'DDoS',
'Malicious Git Repositories'],
'customer_advisories': 'CIRO notified affected investors; SK Telecom offered '
'USIM replacements',
'data_breach': {'data_encryption': ['File encrypted by DOGE employee '
'(undecryptable)'],
'data_exfiltration': ['3.5 TB (Ingram Micro)',
'Unknown (DOGE, SK Telecom)'],
'number_of_records_exposed': ['750,000 (CIRO)',
'42,521 (Ingram Micro)',
'23 million (SK Telecom)'],
'personally_identifiable_information': ['Names, birthdates, '
'SSN, passport '
'details, government '
'IDs'],
'sensitivity_of_data': 'High (SSN, passport details, '
'government IDs, financial records)',
'type_of_data_compromised': ['Social Security data',
'PII',
'Investment account details',
'Employee records',
'AI prompts and credentials']},
'date_detected': '2025-08-01',
'date_publicly_disclosed': '2025-08-01',
'description': 'This week’s cybersecurity landscape saw multiple high-profile '
'incidents, including unauthorized data sharing by the U.S. '
'Department of Government Efficiency (DOGE), a massive '
'phishing breach in Canada, and a surge in critical '
'vulnerabilities.',
'impact': {'brand_reputation_impact': ['SK Telecom', 'CIRO', 'Ingram Micro'],
'data_compromised': ['Social Security data',
'Personal Identifiable Information (PII)',
'Investment account details',
'Employee records',
'AI prompts and credentials'],
'downtime': 'Ingram Micro systems taken offline (restored by July '
'9, 2025)',
'financial_loss': '$91 million (proposed fine for SK Telecom)',
'identity_theft_risk': ['High (SSN, passport details, government '
'IDs)'],
'legal_liabilities': ['Hatch Act violations (DOGE)',
'Regulatory fines (SK Telecom)'],
'operational_impact': ['Service disruptions',
'Delayed regulatory disclosures'],
'systems_affected': ['Cloudflare server',
'CIRO systems',
'Ingram Micro systems',
'SK Telecom systems',
'Chainlit AI framework']},
'initial_access_broker': {'data_sold_on_dark_web': 'Alleged by CoinbaseCartel '
'(SK Telecom)',
'entry_point': 'Compromised Bitbucket account (SK '
'Telecom)'},
'investigation_status': 'Ongoing (DOGE, SK Telecom, CIRO)',
'motivation': ['Political', 'Financial Gain', 'Espionage', 'Hacktivism'],
'post_incident_analysis': {'corrective_actions': ['Patch management '
'(Chainlit)',
'Enhanced access controls '
'(DOGE, CIRO)',
'DDoS mitigation strategies '
'(UK organizations)'],
'root_causes': ['Unauthorized cloud storage (DOGE)',
'Phishing attack (CIRO)',
'Ransomware (Ingram Micro)',
'Unpatched vulnerabilities '
'(Chainlit)',
'Malicious Git repositories (North '
'Korean hackers)']},
'ransomware': {'data_encryption': 'Yes (Ingram Micro)',
'data_exfiltration': 'Yes (3.5 TB stolen by SafePay)',
'ransom_paid': 'No (Ingram Micro)',
'ransomware_strain': 'SafePay'},
'recommendations': ['Strengthen DDoS defenses (traffic filtering, WAFs, '
'rate-limiting)',
'Patch critical vulnerabilities promptly (e.g., Chainlit)',
'Avoid unauthorized cloud storage for sensitive data',
'Enhance monitoring of third-party access to sensitive '
'databases'],
'references': [{'source': 'Whistleblower Report'},
{'source': 'UK NCSC Alert'},
{'source': 'Zafran Labs Disclosure'}],
'regulatory_compliance': {'fines_imposed': ['$91 million proposed (SK '
'Telecom)'],
'legal_actions': ['Litigation over DOGE activities '
'at SSA'],
'regulations_violated': ['Hatch Act (DOGE)',
'South Korea Privacy Laws '
'(SK Telecom)'],
'regulatory_notifications': ['CIRO disclosed breach '
'in August 2025']},
'response': {'communication_strategy': ['CIRO disclosed breach in August 2025',
'SK Telecom contested fine'],
'containment_measures': ['Ingram Micro took systems offline',
'SK Telecom offered free USIM '
'replacements'],
'incident_response_plan_activated': ['Ingram Micro (systems '
'taken offline)',
'CIRO (disclosure)'],
'recovery_measures': ['Ingram Micro restored operations by July '
'9, 2025'],
'remediation_measures': ['Chainlit released patches for '
'CVE-2026-22218 and CVE-2026-22219']},
'stakeholder_advisories': 'UK NCSC advised organizations to strengthen DDoS '
'defenses',
'threat_actor': ['NoName057(16)',
'SafePay gang',
'North Korean Hackers',
'CoinbaseCartel'],
'title': 'Weekly Cybersecurity Breach Roundup: DOGE Data Exposure, CIRO '
'Phishing Attack, and Rising Threats',
'type': ['Data Breach',
'Phishing',
'Ransomware',
'DDoS',
'Vulnerability Exploitation'],
'vulnerability_exploited': ['CVE-2026-22218', 'CVE-2026-22219']}