Here’s your weekly #databreach news roundup:
NTT, Toronto Zoo, Rubrik, and Lee Enterprises.
Toronto Zoo
The Toronto Zoo, the largest zoo in Canada, has provided more information about the data stolen during a ransomware attack in January 2024.
— DevaOnBreaches (@DevaOnBreaches) March 9, 2025
In a final notification regarding the cyberattack, the Toronto Zoo said the resulting #databreach impacts varying combinations of…
The Toronto Zoo suffered a ransomware attack in January 2024, leading to a data breach exposing personal and financial information of employees, volunteers, donors, and guests. The compromised data includes names, contact details, and partial credit card information from transactions dating back to 2000. While the zoo assured that animal care and operations were unaffected, the breach was reported to Ontario’s privacy authorities, and affected individuals were advised to monitor their accounts. The Akira ransomware group claimed responsibility, alleging they stole 133GB of sensitive data, including database backups, ticket records, and confidential agreements, and later leaked portions online.
NTT
Japanese telecommunication services provider NTT Communications Corporation (NTT) is warning almost 18,000 corporate customers that their information was compromised during a cybersecurity incident. #databreachhttps://t.co/tKy4YUN7W5
— DevaOnBreaches (@DevaOnBreaches) March 8, 2025
Japanese telecom giant NTT Communications has warned nearly 18,000 corporate customers of a data breach discovered in February 2025. Hackers infiltrated NTT’s ‘Order Information Distribution System,’ potentially exposing company names, representative details, contract numbers, and contact information. Although the breach was detected and access was blocked quickly, investigators later found attackers had moved to another system, which was also shut down. NTT confirmed the breach is now contained and will not send individual notifications, relying on a public announcement instead. This incident follows previous cybersecurity issues, including a major DDoS attack in January 2025 and a data breach in 2020.
Rubrik
Rubrik disclosed last month that one of its servers hosting log files was breached, causing the company to rotate potentially leaked authentication keys.https://t.co/RAKHyuAVfq
— DevaOnBreaches (@DevaOnBreaches) March 6, 2025
Rubrik, a cybersecurity firm specializing in data protection, disclosed a security breach involving a server hosting log files, prompting the company to rotate potentially leaked authentication keys. The incident, detected in February 2025, was not a ransomware attack, and no unauthorized access to customer data or internal code was found. The company quickly took the affected server offline and conducted an investigation with a forensic partner, confirming that the breach was isolated. While some log files contained access information, Rubrik found no evidence of misuse. This follows a previous 2023 data breach linked to the Clop ransomware gang.
Lee Enterprises
The Qilin ransomware gang has claimed responsibility for the attack at Lee Enterprises that disrupted operations on February 3, leaking samples of data they claim was stolen from the company. #databreachhttps://t.co/QNGEBHX2p9
— DevaOnBreaches (@DevaOnBreaches) March 3, 2025
The Qilin ransomware gang has claimed responsibility for the February 3, 2025, cyberattack on Lee Enterprises, a major U.S. media company, disrupting operations and encrypting critical systems. The hackers claim to have stolen 350GB of data, including government ID scans, financial records, and confidential documents. They have threatened to release the data on March 5 unless a ransom is paid. Lee Enterprises acknowledged the breach in SEC filings and is investigating the claims. The attack caused significant disruptions, including loss of access to internal systems, cloud storage, and