South Korea Fines Luxury Brands $24.9 Million Over Data Breaches South Korea’s privacy regulator has levied fines totaling 36 billion won ($24.9 million) against the Korean subsidiaries of Louis Vuitton, Dior, and Tiffany following separate data breaches that exposed millions of customers’ personal information. The penalties stem from investigations confirming unauthorized access to sensitive customer data, though specific details on the breaches’ scope and timing remain undisclosed. The fines highlight growing regulatory scrutiny over data protection in South Korea, where authorities are enforcing stricter compliance with privacy laws. The incident underscores the financial and reputational risks for global brands handling large-scale consumer data. In related cybersecurity developments, Japan Airlines reported that up to 28,000 customers were affected by unauthorized access to its baggage service system, while Volvo Group disclosed that 16,991 employees were impacted as part of a broader Conduent data breach, which has now exposed 25 million individuals. These incidents reflect the escalating threat landscape for both corporate and personal data security.

Conduent Data Breach Exposes Up to 25 Million in Massive U.S. Cyberattack A medical data breach initially affecting 10.5 million individuals has escalated into one of the largest cybersecurity incidents of 2025, potentially compromising the personal data of up to 25 million people across the U.S., including 15 million in Texas alone. The breach targeted Conduent, a business services provider, with unauthorized access occurring between October 21, 2024, and January 13, 2025, when the intrusion was discovered. The ransomware group SafePlay claimed responsibility, exposing highly sensitive information, including full legal names, addresses, Social Security numbers, health insurance details, and medical records data that could be exploited for identity theft. The incident underscores a broader trend: cybercriminals are increasingly leveraging stolen credentials to infiltrate accounts undetected, with credential theft surging 160% year-over-year in 2025, according to Check Point researchers. While Conduent has not confirmed the full scope of the breach, the fallout highlights the persistent risks of credential reuse and delayed attack detection. Even if stolen data isn’t immediately exploited, exposed email addresses or passwords can serve as entry points for future attacks, with threat actors often probing additional services weeks or months later. The breach serves as a stark reminder of the vulnerabilities in third-party service providers and the cascading impact of large-scale data exposures.

Volvo Cars has experienced a new data breach and that stolen data is being sold. The merchant indicated that he doesn't want a ransom since he doesn't think the victim will comply with his demands. Database access, CICD access, Atlassian access, domain access, WiFi hotspots and logins, auth bearers, API access, PAC security access, employee lists, licences, keys, and system files are all being offered by the seller. Whether the seller is trying to sell information from the 2021 data breach or if this is a brand-new data breach is unclear as of this writing.