This Week in Cyber & Tech: Old Vulnerabilities Resurface, AI Accelerates, and New Tech Hits the Market
9th June 2025 Edition
It was a strong week for cybercrime and a rough one for anyone still using the same password since 2012. Lee Enterprises confirmed that nearly 40,000 people had their personal data stolen in a ransomware hit - names, Social Security numbers, the usual identity theft starter pack. The North Face got hit with a credential stuffing attack because, apparently, “password123” still holds up in the wild. Cartier leaked customer info with all the clarity of a luxury NDA. And just when AT&T thought it was safe, data from its 2021 breach came back Frankensteined into a complete identity kit, now with phone numbers, birth dates, and SSNs neatly connected, like a loyalty program for fraudsters. No zero-days, no nation-states, just recycled credentials and old leaks doing overtime.
Breaches & Cyber Incidents
Lee Enterprises Hit by Ransomware, Exposes 40,000 Individuals
Lee Enterprises has confirmed that a ransomware attack first reported in February 2025 resulted in the unauthorized access and exfiltration of personal data belonging to nearly 40,000 individuals. The breach, now detailed in a filing with the Maine Attorney General’s Office, involved the compromise of names and Social Security numbers. The attack targeted internal systems before deploying ransomware—suggesting a double-extortion tactic where data is stolen prior to encryption.
The company stated that its investigation is complete and that affected individuals are being notified directly. Identity protection services are being offered at no cost, although there have been no public reports of fraud tied to the breach so far. Lee has not disclosed how long attackers had access or whether a ransom demand was made or paid. The company also declined to provide technical details on the initial intrusion vector or lateral movement.
Cartier Discloses Customer Data Breach
Luxury goods retailer Cartier has confirmed a data breach following unauthorized access to its internal systems. In a notification sent to affected customers last week, the company disclosed that personal client information was accessed by an external actor. The specific data compromised has not been fully detailed, but Cartier stated that it included contact information and potentially account-related records.
The breach is currently under investigation, and Cartier has engaged third-party cybersecurity experts to support forensic analysis and remediation. The company has not disclosed when the intrusion occurred or how long systems were exposed before detection. No operational disruptions or financial data exposure have been reported to date. Affected customers are being notified individually and offered guidance on monitoring for suspicious activity.
The North Face Suffers Credential Stuffing Attack
The North Face has disclosed a credential stuffing attack that occurred in April 2025, resulting in unauthorized access to customer accounts and the exposure of personal information. In a notification issued to affected users, the company stated that threat actors used previously compromised login credentials from unrelated breaches to gain access to user profiles on thenorthface.com.
Once logged in, attackers were able to view customer names, billing and shipping addresses, phone numbers, email addresses, and order histories. No payment card details or passwords were exposed directly during this incident, but the attack successfully exploited reused credentials—highlighting ongoing challenges with password hygiene and user authentication.
Old AT&T Data Leak Repackaged, Links SSNs to Phone Numbers
A threat actor has reassembled and re-released data originally stolen in the 2021 AT&T breach, now combining previously separate datasets to increase the impact. The repackaged data connects names, phone numbers, Social Security numbers, and birth dates—creating a more complete identity profile for an estimated 70 million individuals.
While the original breach occurred several years ago, this updated release substantially raises the risk of identity theft and fraud. Security researchers note that the attacker likely cross-referenced multiple datasets from prior breaches, creating a single, enriched leak that is significantly more dangerous than the original exposure. The dataset is reportedly circulating on dark web forums and has been verified by multiple threat intelligence analysts.
AI & Tech Shifts
Reddit Sues Anthropic Over Alleged AI Data Scraping
Reddit has filed a lawsuit against AI company Anthropic, accusing it of unlawfully scraping user-generated content to train its Claude language model. The complaint, filed in a U.S. federal court, alleges that Anthropic accessed and used Reddit comments without authorization, bypassing API agreements and ignoring content licensing restrictions.
The lawsuit claims that Anthropic systematically ingested vast quantities of Reddit posts and comments, some of which were later surfaced in Claude’s responses. Reddit argues this use constitutes a violation of its terms of service and copyright protections, especially given the commercial nature of Claude’s deployment. The suit seeks damages and an injunction to prevent further use of the data.
Anthropic Launches Claude AI Models for US National Security
Anthropic has officially launched a suite of Claude AI models designed specifically for U.S. national security applications. The models are being developed under a partnership with the U.S. government, aimed at supporting intelligence analysis, cybersecurity operations, and other classified tasks requiring high-assurance AI capabilities.
According to the company, these national security-grade Claude models feature hardened inference pathways, enhanced red-teaming for prompt injection resistance, and strict auditability controls. They are also designed to run in air-gapped and classified environments—an operational requirement for federal use in intelligence and defense.
US Supreme Court Grants "Department of Government Efficiency" Access to SSA Data
The U.S. Supreme Court has ruled in favor of granting the Department of Government Efficiency (DOGE), a newly created agency under the Trump administration, access to Social Security Administration (SSA) data on U.S. citizens. The decision allows DOGE to retrieve personal information including names, Social Security numbers, and income records as part of what the administration calls a “federal streamlining initiative.”
The court’s majority opinion held that inter-agency data sharing in this context is lawful under the Administrative Procedures Act and necessary for improving government efficiency. Critics, including several privacy advocacy groups, have raised concerns about the lack of transparency regarding how the data will be used, citing risks of surveillance, overreach, and unclear oversight mechanisms.
AI and Security
FBI Warns of BADBOX 2.0 Botnet Surge in Chinese Devices
The FBI has released a public warning about BADBOX 2.0, a large-scale botnet originating from China that has compromised over one million off-brand Android smart devices worldwide. These devices—primarily tablets, TVs, and streaming boxes—were found to be preloaded with malware at the firmware level before reaching consumers.
The agency warns that infected devices can serve as nodes in large fraud operations, enabling credential theft, click fraud, and distributed denial-of-service (DDoS) attacks. Because the malware is embedded at the firmware layer, standard factory resets and antivirus tools are ineffective. BADBOX 2.0 appears to evolve from prior operations with more sophisticated command-and-control capabilities and greater geographic distribution.
Taken together, these incidents are less about breakthrough exploits and more about long-tail negligence, stale credentials, unpatched systems, and vague breach disclosures. Threat actors aren’t working harder; they’re just better at sorting through the wreckage of past mistakes. For security teams, the lesson isn’t new but it is urgent: tighten identity controls, audit old exposures, and assume that every “resolved” breach still has unfinished business. Because if attackers are recycling data, your defense strategy can’t afford to do the same.