Breach Roundup: The Qilin Hack Hoax

Every week, Information Security Media Group compiles notable cybersecurity incidents from around the globe. Highlights include Qilin’s unfounded claims against a Spanish tax agency, supply chain concerns stemming from the Nexperia acquisition, Envoy Air’s confirmed Oracle data compromise, and a €2.7 million fine imposed on Experian Netherlands for data privacy violations.

The Agencia Tributaria, Spain’s tax authority, has refuted claims made by the ransomware group Qilin, asserting that it was not the victim of a cyberattack. Despite Qilin’s listing on a dark web site on October 15th, the agency confirmed that the data cited by the group originated from an entity unrelated to the Spanish government. This incident underscores the common misattributions often encountered in ransomware operations, similar to a past LockBit incident involving the U.S. Federal Reserve.

Automakers globally are on high alert regarding potential supply disruptions as a standoff between the Dutch government and Chinese owners of semiconductor manufacturer Nexperia escalates. The Japan Automobile Manufacturers Association received warnings from Nexperia about its inability to ensure product delivery. The situation raises significant concerns among manufacturers, as Nexperia plays a crucial role in producing the semiconductor chips necessary for vehicle production.

Envoy Air, a subsidiary of American Airlines, has acknowledged a security breach affecting its Oracle E-Business Suite application. This incident, linked to the Clop ransomware group, has brought to light accusations against the airline regarding potential neglect of customer security. While the airline claimed that no sensitive customer data was exposed, the breach potentially compromised limited business information and contact details.

Experian Netherlands has been fined €2.7 million (approximately $3.2 million) by the Dutch Data Protection Authority for breaching multiple GDPR regulations. The investigation revealed that the credit reporting agency collected personal data from various public and private sources without obtaining the necessary consent. Consequently, Experian has announced plans to cease operations in the Netherlands and delete its database containing personal data by the end of 2025.

Cyber actors linked to China have exploited the ToolShell vulnerability in Microsoft SharePoint, recently highlighted as CVE-2025-53770. This exploitation has had wide-reaching effects, impacting multiple high-profile entities, including government agencies and telecoms. Microsoft previously reported that this vulnerability was being actively targeted, indicating a sophisticated approach to gaining unauthorized access.

Forescout researchers have identified two vulnerabilities within TP-Link Omada and Festa VPN routers that may allow attackers to execute arbitrary commands. These flaws can enable unauthorized root access due to insufficient patching from prior vulnerabilities. It is critical for businesses using these remote access solutions to apply the latest firmware updates to protect against potential exploitation.

Following data breaches that compromised the personal information of over 4,700 individuals, New York accounting firm Wojeski & Company has agreed to a settlement. The firm will pay $60,000 and implement improved cybersecurity protocols after failing to adequately safeguard client data. Investigations revealed delayed notifications to victims after ransomware attacks occurred, heightening the urgency for stronger data protection measures.

Other Noteworthy Incidents

Reporting compiled by Information Security Media Group’s Gregory Sirico in New Jersey and David Perera in Northern Virginia.