Data Breach

Endesa Confirms Security Incident Following Threat Actor Statement Spanish energy company Endesa has confirmed a security incident that resulted in unauthorized access to its trading platform, compromising customer data. Endesa is the largest electricity supplier in Spain, serving more than 10 million customers. Confirmation of the incident comes after a threat actor posted on a cybercrime forum claiming to have stolen 1.05 terabytes of company data. According to the Endesa Energía statement, the incident allowed “unauthorized and illegitimate” access to customers’ personal data. ...

Coupang, South Korea’s leading e-commerce platform, has revealed a massive data breach affecting 33.7 million customer accounts, equivalent to nearly two-thirds of the Korean population. This incident has become the largest e-commerce security event in the country’s history and could result in fines of up to $900 million (approximately 1.2 trillion KRW). The incident exposes vulnerabilities in data protection systems, especially in e-commerce platforms that handle sensitive information such as transaction histories, delivery addresses and payment methods. ...

DXS International, a technology supplier to England’s National Health Service (NHS), has officially confirmed a cyber-attack on its systems. The incident, which was discovered on December 14, affected the company’s office servers. In a filing to the London Stock Exchange on December 18, DXS International stated that the attack had a “minimal impact on the company’s services” and emphasized that “front-line clinical services remain unaffected and operational.” The company does not currently anticipate an adverse financial impact as a result of the incident. ...

Security Alert: Iberia Airlines Reports Customer Data Breach Iberia Airlines, part of the International Airlines Group (IAG) along with British Airways and Aer Lingus, has notified its customers about a security incident that compromised personal information. The data breach originated through an Iberia supplier, underscoring the inherent risks to supply chain security. The airline began sending notifications to customers over the weekend, revealing that the incident involved unauthorized access to a supplier’s systems. ...

Food delivery service DoorDash has confirmed that it suffered a data breach in October 2025, where some customers’ personal information was accessed. The company detailed that the incident was the result of a social engineering scam targeting one of its employees. Details of the Data Breach DoorDash informed customers via email about the incident, providing details about the compromised information: Data affected: Names, phone numbers, physical addresses and email details. Data NOT affected: The company highlighted that confidential information, such as social security numbers, driver’s licenses or bank card and payment information, was not accessed. So far, DoorDash has stated that there is no indication that the data has been misused for fraud or identity theft. ...