Weekly Summary of Data Violation Incidents

In a series of cybersecurity incidents, several companies and organizations have found themselves in the midst of data breaches. Here's a rundown of the latest developments:

Nissan Motor Corporation

The Japanese automobile manufacturer, Nissan, has reportedly fallen victim to a cyberattack carried out by the Qilin ransomware group. The stolen data cache contains internal reports, design documents, photographs, videos, and financial records tied to future vehicle projects. The attack specifically affects users of MTA's Mobility paratransit service, causing riders to be unable to schedule new trips or rebook existing ones. Authorities have confirmed that the threat has been contained and recovery is underway.

Farmers Insurance Exchange, Farmers Group Inc., and their subsidiaries

The data breach affecting over 1 million individuals, involving companies such as Farmers Insurance, Foremost, and Bristol West, has been confirmed. The compromised data may include names, addresses, contact information, dates of birth, Social Security numbers, driver's license numbers, insurance information, claim details, and financial information. In response, Farmers Insurance is offering affected customers 24 months of free credit monitoring through Cyberscout.

Scientific research firm Inotiv

The cybersecurity incident at Inotiv, a scientific research firm, has caused operational disruptions. The Qilin ransomware gang has allegedly stolen roughly 162,000 files totaling 176 GB of data. The incident began on May 29, 2025, and customer personal information was confirmed to have been exposed by July 24, 2025.

Data I/O

Data I/O, a leading maker of electronics used in vehicles and consumer devices, disclosed a ransomware attack that disrupted key business functions. Around two-thirds of Data I/O's business currently comes from automotive electronic production, including technology for electric car charging stations.

Maryland Transit Administration (MTA)

The Maryland Transit Administration is currently investigating a cybersecurity incident involving unauthorized access to MTA systems. At press time, MTA's other services, including local and commuter buses, the metro subway, light rail, MARC trains, and Call-a-Ride, continue to operate without disruption.

iiNet

Nearly 300,000 customers of Australia's second-largest internet provider, iiNet, a subsidiary of TPG Corporation, have had personal information compromised in a cyberattack. The breach exposed about 280,000 active email addresses, 20,000 active landline numbers, 10,000 iiNet usernames, street addresses, and phone numbers, as well as roughly 1,700 modem setup passwords. However, no credit card details, banking information, or identity documents were exposed.

The data breach is linked to the Salesforce hack. Attackers exploited compromised OAuth tokens from Salesloft Drift to systematically steal large amounts of data from various companies between August 8 and 18, 2025. The company affected by a data theft in August 2025 with data damage involving over 1 million people was related to Salesforce instances using the Salesloft Drift platform.