Lockheed Martin targeted in alleged major breach by pro-Iran hacktivist

Lockheed Martin targeted in alleged breach by pro-Iran hacktivist

Lockheed Martin was the target of an attack by an alleged pro-Iran hacktivist, which claims to have a large trove of data that it is threatening to sell on the dark web, Cybersecurity Dive has learned.

The threat actor, tracked as APT Iran, claims to have stolen 375 terabytes of data from the aerospace and defense industry company, according to information from multiple security researchers, including Flashpoint and Check Point Software.

The group claims to have copies of blueprints of F-35 aircraft, which is America’s most advanced jet fighter, and other corporate information, according to Flashpoint.

The group has since posted additional claims demanding more than $400 million in return for not selling the information to adversaries of the U.S., according to information from Halcyon.

The threats are posted on Telegram, a social media network often used by threat groups to communicate with each other and post evidence of malicious activity.

Nearly half a million Lloyds customers hit by data breach after IT glitch

Lloyds Banking Group has paid out compensation after nearly half a million people were impacted by an IT glitch exposing the personal data of customers earlier this month.

The company said up to 447,936 Lloyds, Halifax and Bank of Scotland customers saw other people’s transactions or had their data shared with others due to IT issues on March 12.

Jasjyot Singh, consumer relations boss at Lloyds, apologised for the incident on behalf of the bank in a letter disclosing the scope of the issue to Parliament’s Treasury Select Committee.

The banking firm confirmed 114,182 people clicked on other people’s transactions when they became visible.

It added they therefore may have been shown more detailed information such as account details, national insurance numbers and payment references.

The bank has so far paid out £139,000 in compensation to 3,625 customers for distress and inconvenience linked to the incident.

Iran-linked ransomware operation targeted US healthcare provider

An Iran-linked ransomware group targeted an unnamed U.S. healthcare provider in the lead-up to the Iran war, according to a report Tuesday from Halcyon.

Tracked under the name Pay2Key, the group gained access to a compromised administrative account for several days and then encrypted the account.

Forensics investigators, which included Halcyon and Beazley Security, found no evidence that data was stolen. This marks a departure from the group’s previous attacks. Researchers suggest the attacker may have changed tactics to focus more on destruction rather than pure extortion.

Also, the threat group appears to have shifted its attention toward the U.S. after historically targeting Israeli systems.

“The attack was notable for its use of stealthy encryption without data exfiltration,” Johnny Collins, director of intelligence operations at Halcyon, told Cybersecurity Dive. “Pay2Key has not been dormant but has actively shifted to targeting U.S. organizations.”

CCPA Cybersecurity Audits: Part 3 - Where CCPA Cybersecurity Audits Fit Within Existing Security Frameworks

In Part 1 of this series, we outlined the basics of the California Consumer Privacy Act’s (CCPA) new cybersecurity audit requirement: who is covered, when audits are required, and the key obligations to keep in mind.

In Part 2, we explored the mechanics and explained what the California Privacy Protection Agency (CalPrivacy) expects the cybersecurity audit to look like in practice, including what must be evaluated, who may conduct the audit, how thorough it must be, and what goes into the audit report.

Part 3 focuses on making this requirement practical. We draw on both the final regulatory text and CalPrivacy’s detailed responses to public comments, which reflect CalPrivacy’s intent to align the CCPA audit with risk-based “reasonable security” approaches, allow businesses to build on existing audits and frameworks, and establish a non-prescriptive but meaningful set of 18 components that auditors must consider “if applicable” to a covered business’s information systems.

4 new ways to survive the ransomware battle

Ransomware has become the background noise of modern business. It hums along in the distance until the moment it doesn’t. Then it’s loud, expensive, and personal.

Every year brings new attack variants, new headlines, and new promises from security vendors that this time the problem is finally solved. It never is.

In a previous article, I asked a simple and uncomfortable question. Why don’t security companies just block all ransomware? Many people do not want to hear the honest answer.

…

4 new approaches to ransomware

The goal can’t simply be to stop every attack. The goal must be to ensure that attacks do not permanently harm an organization. That shift requires new anti-ransomware resources and a new way of thinking about endpoint data security. A more resilient strategy puts data at the center.

SoFi class action alleges data breach exposed sensitive customer information

A new class action lawsuit alleges SoFi Technologies, a fintech company operating as a one-stop digital bank and lending platform, failed to properly secure and safeguard customers’ personal information during a data breach in late 2025.

Plaintiff Joshua Cook claims the data breach compromised the names, dates of birth, addresses, email addresses, phone numbers, employment information and education information of at least 38,049 individuals.

Cook wants to represent a nationwide class and an Illinois subclass of individuals who had their personal information compromised in the SoFi data breach.

According to the SoFi class action lawsuit, the company failed to timely notify affected consumers about the data breach or offer adequate assurances that their personal information has been recovered or destroyed.

Cook claims SoFi failed to properly monitor or implement reasonable data security measures to protect consumers’ personal information.