Week 01-2023

Here’s your weekly #databreach news roundup:​​​​​

Twitter, Air France and KLM, Chick-fil-A, Five Guys, Wabtec, Toyota Kirloskar Motor, and IRCTC.



Hackers stole the email addresses of more than 200 million Twitter users and posted them on an online hacking forum, a security researcher said Wednesday.

The breach “will unfortunately lead to a lot of hacking, targeted phishing and doxxing,” Alon Gal, co-founder of Israeli cybersecurity-monitoring firm Hudson Rock, wrote on LinkedIn. He called it “one of the most significant leaks I’ve seen.”

Twitter has not commented on the report, which Gal first posted about on social media on Dec. 24, nor responded to inquiries about the breach since that date. It was not clear what action, if any, Twitter has taken to investigate or remediate the issue.

Air France and KLM

Air France and KLM have informed Flying Blue customers that some of their personal information was exposed after their accounts were breached.

Flying Blue is a loyalty program allowing clients of multiple airlines, including Air France, KLM, Transavia, Aircalin, Kenya Airways, and TAROM, to exchange loyalty points for various rewards.

“Our security operations teams have detected suspicious behavior by an unauthorized entity in relation to your account. We have immediately implemented corrective action to prevent further exposure of your data,” notifications sent to affected customers said.

“Our Information Security department is taking actions to prevent any suspicious activity with regard to your account.”

KLM’s official Twitter account confirmed the attack and told one of the impacted customers that “the attack was blocked in time and no miles were charged.”



American fast-food restaurant chain Chick-fil-A is investigating what it described as “suspicious activity” linked to some of its customers’ accounts.

“We are investigating suspicious activity on some customer accounts. We are committed to protecting customers’ data and are working quickly to resolve the issue,” the company said in an alert displayed on its official website on Friday and first spotted by security researcher Dominic Alvieri.

“While we are still investigating what happened and how certain customers became subject to this fraudulent activity, this is not due to a compromise of Chick-fill-A Inc.’s internal systems,” the company added in a Twitter statement.

A support page on Chick-fil-A’s One Membership Program customer support website provides potentially affected clients with details on what to do if they notice unusual activity on their accounts, if they see any mobile orders placed without their approval, or if they’re loyalty points were used to redeem or gift rewards fraudulently.

Five Guys

Five Guys

he Five Guys burger empire has been hit with what appears to be a “smash-and-grab” operation: Cyberattackers busted into a file server and made off with the personally identifiable information (PII) of people who applied to work at the chain.

Details are scant, but in a form letter to the impacted sent out on Dec. 29, Five Guys chief operating officer Sam Chamberlain noted that an “unauthorized access to files” was discovered on Sept. 17 and was blocked the same day.

He added, “We conducted a careful review of those files and, on December 8, 2022, determined that the files contained information submitted to us in connection with the employment process, including your name and [variable data].”

What was that “variable data,” one might ask? Turke & Strauss LLP, a law firm that’s investigating the matter on behalf of the victims, identifies the information as including Social Security numbers and drivers’ license data.


U.S. rail and locomotive company Wabtec Corporation has disclosed a data breach that exposed personal and sensitive information.

In an announcement published at the end of the year, Wabtec says hackers breached their network and installed malware on specific systems as early as March 15th, 2022.

On June 26th, Wabtec said they detected unusual activity on their network leading to an investigation of the attack and whether the hackers had stolen data.

On the next day, news outlets reported that sources at one of Wabtec’s plants indicated that it was a ransomware attack impacting the rail giant. However, the company did not officially respond to the rumors.

A couple of weeks later, LockBit published samples of data stolen from Wabtec and eventually leaked all stolen data on August 20th, 2022, presumably after a ransom was not paid.

Toyota Kirloskar Motor

Toyota Kirloskar Motor

Toyota Kirloskar Motor on Sunday reported a data breach in its system but said the extent of intrusion is being confirmed.

In a statement, the company said it has been “notified by one of its service providers of an incident that might have exposed personal information” of some of its customers on the internet.

“The extent of intrusion is being confirmed,” Toyota Kirloskar Motor (TKM) said in a statement.

The competent authority CERT-In (Indian Computer Emergency Response Team) under the Ministry of Electronics and Information Technology has been notified, it added.

Indian Railway Catering and Tourism Corporation (IRCTC)

Indian Railway Catering and Tourism Corporation (IRCTC)

“An incident regarding Indian Railways data breach has been reported in the media. In this connection, Railway Board had shared a possible data breach incident alert of CERT-In to IRCTC reporting a data breach pertaining to Indian Railways passengers,” it further said.

The Indian Railways added that further investigation on the possible data breach is being done by IRCTC.