Canada Goose Dismisses Recent Data Leak as Old Breach, No Signs of New Compromise Canada Goose has confirmed that a recently advertised data leak involving over 600,000 customer records stems from a historical breach, with no evidence of a new system compromise. The luxury apparel company acknowledged the publication of an old dataset containing past customer transaction details but stated that its review found no unmasked financial data included. The leaked records, posted by the cybercriminal group ShinyHunters on February 14, reportedly contain personally identifiable information (PII), partial payment details, and order data such as prices and delivery addresses. A preliminary analysis suggests the affected individuals are primarily based in North America and Europe. ShinyHunters, which has launched its own data leak site in 2026, has been active in targeting high-profile organizations. Recent victims include Crunchbase, Betterment, SoundCloud, Match Group, Panera Bread, Harvard University, and Mercer Advisors. The group has previously exploited Okta accounts through voice phishing and was linked to attacks on Salesforce and its integrations, resulting in the theft of data from over 200 customers.

Betterment Data Breach Exposes Customer Information in 2026 Social Engineering Attack On January 9, 2026, Betterment, a leading automated investment and personal finance platform, disclosed a cybersecurity incident in which hackers exploited third-party marketing and operational tools to access customer data. The attackers employed social engineering tactics deception and impersonation to infiltrate systems, bypassing Betterment’s core security infrastructure. The breach exposed personal information, including names, email and postal addresses, phone numbers, and dates of birth for an undisclosed number of customers. While Betterment confirmed that no account credentials or financial data were compromised, the attackers used the stolen information to send fraudulent cryptocurrency scam messages to some users, promising to triple their holdings in exchange for a $10,000 payment to a hacker-controlled wallet. Betterment detected the breach the same day, revoking unauthorized access and launching an investigation with an unnamed cybersecurity firm. The company stated that no customer accounts were accessed, and login credentials remained secure. However, the incident has raised concerns about the risks posed by third-party integrations in financial services, as the attack did not target Betterment’s internal systems directly but rather exploited vulnerabilities in external platforms. Betterment’s response has drawn criticism for its lack of transparency, including the use of a "noindex" tag on its security incident webpage, preventing search engines from indexing the details. As of January 12, 2026, the company had not disclosed the number of affected customers or further specifics about the attack. The ongoing investigation, along with regulatory scrutiny, may provide additional clarity in the coming weeks. Cybersecurity experts note that social engineering attacks on financial platforms are increasing, emphasizing the need for stronger oversight of third-party vendors and employee training. The breach underscores the broader challenge of securing interconnected digital ecosystems, where even robust internal defenses can be undermined by external vulnerabilities.

ShinyHunters-Linked Cybercrime Campaign Targets Over 100 Major Organizations A recent cybercrime campaign attributed to the ShinyHunters group has targeted at least 100 organizations across multiple sectors, including software, finance, healthcare, and energy, according to cybersecurity firm Silent Push. Over the past 30 days, threat actors registered fake domains impersonating high-profile companies such as Atlassian, Adyen, Canva, Epic Games, HubSpot, Moderna, ZoomInfo, GameStop, WeWork, Halliburton, Sonos, and Telstra. The attackers employed voice phishing (vishing) tactics to compromise single sign-on (SSO) accounts, particularly those using Okta and other identity platforms. Using specialized phishing kits, they intercepted credentials and manipulated victims into bypassing multi-factor authentication (MFA) by convincing them to approve push notifications or submit one-time passcodes (OTPs). Okta described the attacks as involving real-time session orchestration, where threat actors guided victims through the authentication process via verbal instructions. While Silent Push identified the infrastructure used in the campaign, it remains unclear whether the attacks successfully breached any systems. However, ShinyHunters has claimed responsibility for data breaches at companies like Betterment, Crunchbase, and SoundCloud, all of which confirmed incidents. The group allegedly stole millions of records from these organizations as part of the Okta SSO vishing campaign. Silent Push attributes the campaign to Scattered LAPSUS$ Hunters, a collective formed last year by members of Lapsus$, Scattered Spider, and ShinyHunters, based on observed tactics, techniques, and procedures (TTPs). The incident follows recent warnings from Google and others about rising vishing and phishing attacks targeting identity platforms.

SoundCloud Confirms Security Breach Impacting 28 Million Users SoundCloud has confirmed that recent outages and VPN connectivity issues were caused by a security breach in which threat actors stole a database containing user information. The incident, detected over the past four days, led to widespread reports of users encountering 403 "forbidden" errors when accessing the platform via VPN. In a statement to BleepingComputer, SoundCloud revealed that unauthorized activity was detected in an ancillary service dashboard, prompting the activation of its incident response procedures. While the company acknowledged that a threat actor accessed limited data, it clarified that no sensitive information—such as financial details or passwords—was compromised. The exposed data included only email addresses and publicly visible profile information. The breach is estimated to affect approximately 20% of SoundCloud’s user base, translating to roughly 28 million accounts based on publicly reported figures. The company stated that all unauthorized access has been blocked and that no ongoing risk to the platform exists. In response, SoundCloud has implemented additional security measures, including enhanced monitoring, improved threat detection, and a review of identity and access controls. However, a configuration change made during the response disrupted VPN access to the site, with no confirmed timeline for full restoration. Following the breach, SoundCloud also faced denial-of-service (DoS) attacks that temporarily disabled its web availability. While the company has not identified the threat actor, BleepingComputer sources indicate that the ShinyHunters extortion gang is likely responsible. The group, which also claimed responsibility for a recent PornHub data breach, is reportedly attempting to extort SoundCloud after allegedly stealing user data. Further updates are expected as the investigation continues.