What'd I Miss? May 9-11, 2025
Sherpa Intelligence: Your Guide Up a Mountain of Information!
This Information Security and Data Privacy news roundup includes items from Friday through Sunday, so that you can hit the ground running on Monday morning.
These news roundups are not comprehensive and focus on news that may have been overlooked or under reported, and from lesser-known sources like local press.
This Sherpa Intelligence newsletter is curated by Tracy Z. Maleeff (aka InfoSecSherpa) and is just the tip of the iceberg of the research, OSINT, and information security research services we provide.
Friday, May 9 - Sunday, May 11, 2025
Friday, May 9th
Education giant Pearson hit by cyberattack exposing customer data
(Bleeping Computer)
- Pearson is a UK-based education company and one of the world’s largest providers of academic publishing, digital learning tools, and standardized assessments; data was stolen, but stated it was mostly "legacy data."Rounds Introduces Bill to Extend Cybersecurity Information Sharing Act to Prevent Cyber Security Threats
(Mitchell Now)
- U.S. Senators Mike Rounds (R-S.D.), Chairman of the Senate Armed Services Committee’s Subcommittee on Cybersecurity, and Gary Peters (D-Mich.) introduced a bipartisan bill to extend the Cybersecurity Information Sharing Act (CISA) of 2015 for an additional ten years.Venture Capital behemoth Insight Partners fears top-secret financial info swiped by cyber-miscreants
(The Register)
- “the impacted data may include certain fund, management company, and portfolio company information, banking and tax information, and certain personal information of our current and former employees, as well as information related to our limited partners” - Statement from Insight Partners on Cyber Incident
Saturday, May 10th
Edinburgh, Scotland Council issues update after 'phishing attack' on schools during exams
(Edinburgh Live UK)
- Edinburgh Council noticed 'unusual e-mail activity' across their network on Friday; no data was compromised in the 'attack', around 2,500 young people reset their passwords on Saturday.Not Just Social Media: How Cartels Are Exploiting The Cyber Space To Expand Their Activities
(The Latin Times)
- Cartels are now recruiting experts in artificial intelligence and cyber security; these hires could be asked to build encrypted communication systems, mine cryptocurrencies, and operate in the dark web.
- International Criminal Police Organization (Interpol) last year linked the Jalisco New Generation Cartel (CJNG) to a global financial fraud scheme involving advanced technologies such as artificial intelligence (AI) and large language models (LLM) —tools that enable sophisticated scams at low cost and without the need for advanced technical skills.Turkish intel busts cyber espionage ring stealing personal data
(Daily Sabah)
- Türkiye’s National Intelligence Organization (MIT) caught seven foreign nationals in a joint operation with Istanbul police and prosecutors; Mobile phones were connected to fake cell towers and fake messages were sent to users pretending to be mobile network operators to request payments.
- Suspects operated several rental vehicles containing fake cell towers in Istanbul, as well as western Izmir, Bursa and Yalova provinces, aiming to reach a vast user base.
Sunday, May 11th
Google will pay Texas $1.4 billion over its location tracking practices
(Security Affairs)
- To settle two lawsuits over tracking users’ locations and storing geolocation, incognito searches, and biometric data - even with Location History turned off - without consent.Non-Governmental Organization, Accountability Lab Nigeria, Urges Strengthening Of Data Protection Law
(Leadership Nigeria)
- Specifically advocated for full implementation of the data protection law in order to be able to curtail breaches; act aims to safeguard the fundamental rights and freedoms of individuals, including their right to privacy, as guaranteed by the Nigerian constitution.Philippine Commission on Elections Chairman J. Andres D. Bautista faces criminal raps over massive data leak
(ABS-CBN)
- Data breach that saw personal data of 1.3 million overseas Filipino voters, including their passport information, as well as fingerprints of 15.8 million people leaked on the internet
- National Privacy Commission (NPC) found the Commission on Elections (COMELEC) guilty of several violations of the Data Privacy Act of 2012 for the data leak that occurred between 20 and 27 of March last year.
