Topics: Fraud Management & Cybercrime, Fraud Risk Management, Ransomware
Additional Coverage: SudamericaData Leak, RaccoonO365 Arrest, and Nefilim Case Update
Every week, the Information Security Media Group provides a roundup of global cybersecurity incidents and data breaches. In this edition, a significant metadata scrape from Spotify, a data breach affecting Nissan’s customer data, and a large leak from Argentine data broker SudamericaData stand out. Furthermore, Nigerian authorities have apprehended a key figure behind the RaccoonO365 phishing operation, and the U.S. DOJ has charged members of an ATM jackpotting scheme associated with Tren de Aragua.
Also of Interest: Top 10 Technical Predictions for 2025
Metadata Harvested from Spotify by Activist Group
The hacktivist group “Anna’s Archive” has reportedly scraped Spotify’s music library, releasing vast amounts of its metadata online. This incident has raised concerns regarding data privacy and the potential misuse of these details.
According to a blog post from the group, the scrape includes over 256 million track records along with approximately 300 terabytes of metadata, though no audio files have been distributed to date. The group claims this initiative aims to create an extensive music archive for preservation.
In response to this breach, a Spotify spokesperson revealed that the unauthorized access involved scraping public metadata and using illicit methods to bypass digital rights management (DRM). Investigations into the incident remain ongoing. Experts suggest that the leaked files could potentially be exploited for AI training, an issue of rising concern in the current digital landscape.
Nissan Faces Customer Data Breach via Third-Party Incident
Nissan has confirmed that a breached third-party system, specifically Red Hat’s GitLab platform, has affected the personal data of tens of thousands of its customers. The breach, which involved unauthorized access to sensitive data, occurred during an incident reported in late September.
According to Red Hat, the attackers accessed extensive details, including customer names, addresses, and vital sales data, although no financial information was compromised. This incident represents Nissan’s second major breach of the year, following an attack attributed to the Qilin ransomware group.
Major Data Leak from SudamericaData Exposes Millions
An alarming release of personal data has been linked to SudamericaData, a data broker based in Buenos Aires, with claims that over one terabyte of sensitive information has resurfaced on a criminal forum. Allegedly, SudamericaData continued operating under a different name after a previous shutdown due to legal issues.
The released data reportedly includes records for millions of Argentine citizens, covering various personal and professional details. This leak is characterized as one of the largest in Argentina’s history and raises significant concerns about the security of personal information in the region.
Operation Sentinel: Pan-African Cybercrime Sweep
A joint effort by law enforcement agencies across 19 African countries has led to the arrest of 574 suspects involved in cybercrime, alongside the seizure of approximately $3 million. Widely recognized as Operation Sentinel, this initiative aimed to dismantle various digital fraud mechanisms such as ransomware and business email compromise.
This operation has underscored the escalating threat of cybercrime on the continent, which now accounts for more than 30% of total crime in some regions. Authorities have reported over $21 million in attempted or actual losses associated with the identified criminal activities.
Nigerian Authorities Arrest Key Figure Behind RaccoonO365
The Nigerian Police Force has apprehended Okitipi Samuel, known for his involvement in the RaccoonO365 phishing operation targeting Microsoft 365 accounts. Samuel’s platform generated deceptive login pages aimed at stealing credentials from various organizations.
Between January and September 2025, this phishing operation resulted in significant data breaches and financial losses on an international scale. The use of advanced evasion techniques, including CAPTCHA to bypass automated detection, highlights the growing sophistication of cybercriminal tactics.
U.S. Charges Against 54 Members of Tren de Aragua in ATM Scam
U.S. federal prosecutors have indicted 54 members of the Tren de Aragua gang as part of a multi-million-dollar ATM jackpotting scam that utilized the Ploutus malware. The group allegedly targeted ATMs across various states, resulting in substantial financial gains from these illicit activities.
Prosecutors detailed that the gang’s methods involved directly infecting ATMs to dispense cash without legitimate credentials, using advanced malware techniques to exploit vulnerabilities in the systems.
Ukrainian National Pleads Guilty in Nefilim Ransomware Case
In a federal court in Brooklyn, Artem Stryzhak pleaded guilty for his involvement in the Nefilim ransomware campaign that affected numerous corporations in the U.S. and internationally. Prosecutors asserted that he played a role in deploying ransomware to extort payments from affected organizations, utilizing a network previously established by the group’s high-profile administrators.
The continued legal developments surrounding Nefilim and its operators, including the ongoing pursuit of its alleged leader, Volodymyr Tymoshchuk, raise critical implications for organizations worldwide regarding ransomware defenses and response strategies.
Recent Developments
Reporting by Gregory Sirico, Information Security Media Group, New Jersey.
