Penta Security Inc. > Blog > [Security News] Cloudflare Data Breach Reported

[Security News] Cloudflare Data Breach Reported

2025-09-03 Blog
cloudflare data breach 2025

20th August 2025

Cloudflare Data Breach Impacts 104 Cloudflare API tokens

A data breach has been reported at Cloudflare, which is part of a larger supply-chain attack involving the marketing software Salesloft Drift. Attackers accessed Cloudflare’s Salesforce instance, used for customer support, and stole 104 Cloudflare API tokens and text-based customer support data. The breach occurred between August 12 and August 17, and the stolen information included customer contact details and content from support tickets, some of which may have contained sensitive data like access tokens. In response, Cloudflare has rotated the exfiltrated tokens and advised customers to rotate any credentials shared through their support system.

Source: Cyber Press, Bleeping Computer, Cyber Security News

 

TransUnion Data Breach Impacts 4.4 Million People

A data breach has been reported at TransUnion, a major credit reporting agency, that has exposed the personal information of over 4.4 million people in the United States. The breach, which occurred on July 28, 2025, was caused by a cyber incident involving a third-party application used for the company’s U.S. consumer support operations. The stolen data, taken from TransUnion’s Salesforce account, includes names, billing addresses, phone numbers, email addresses, dates of birth, and Social Security numbers. This incident is part of a larger wave of Salesforce data theft attacks impacting numerous companies. In response, TransUnion is offering affected individuals 24 months of free credit monitoring and identity theft protection services.

Source: Security Week, The Record

AI-Powered Ransomware First Known

PrompLock, the first known AI-powered ransomware has been reported in an August 26 report published by ESET. According to the report, the ransomware uses a generative AI model and the Ollama API to create malicious Lua scripts for filesystem enumeration, data exfiltration, and encryption. While not yet seen in the wild, this discovery highlights the potential for AI to be used in more sophisticated cyberattacks. The article also notes other instances of malicious actors using AI, such as for automating data theft and creating ransomware variants.

Source: The Hacker News, Cyber Scoop

HSGI Data Breach Impacts 624,000 People

A data breach has been reported at Healthcare Services Group (HSGI), a company providing support services to healthcare facilities. The breach, which occurred between September 27 and October 3, 2024, exposed the personal information of 624,000 individuals. The compromised data includes names, Social Security numbers, driver’s license numbers, and financial account information. It took HSGI approximately ten months to notify those affected. In response, the company is offering 12 to 24 months of credit monitoring and identity theft protection to the impacted individuals.

Source: Bleeping Computer, Security Affairs

 

 

Click here to subscribe our Newsletter

 

Check out Penta Security’s product lines:

Web Application Firewall: WAPPLES

Database Encryption: D.AMO

Click here for inquiries regarding the partner system of Penta Security

 

Check out the product lines of  Cloudbric by Penta Security:

Cloud-based Fully Managed WAAP: Cloudbric WAF+

Agent based Zero Trust Network Access Solution: Cloudbric PAS

Agentless Zero Trust Network Access Solution: Cloudbric RAS

Click here for inquiries regarding the partner system of Cloudbric

 

Tags: