This week’s news has a bit of everything. We’re looking at 64 million personal records breached, the damage left behind by insider threats at Coupang and Accenture, how Microsoft is trying to get ahead of supply chain risks, updates from Nigeria, and more.
Let’s break it all down.
64 Million Personal Records Stolen in Spain
Spanish police have arrested a 19-year-old hacker accused of stealing 64 million personal data records from nine companies. The arrest happened in Igualada, near Barcelona.
The young suspect is facing charges for cybercrime, unauthorized data access, and privacy violations.
The stolen data included full names, home addresses, emails, phone numbers, national ID numbers, and even bank IBANs.
The investigation began in June, tracking the suspect across hacker forums where he tried to sell the data under six accounts and five fake names. Authorities seized computers, devices, and crypto wallets linked to the sales. Some funds in a crypto wallet were already frozen.
Coupang Data Breach and the Ex-Employee
When Coupang first revealed its massive data breach, some speculated a former employee might be involved. South Korean police now confirm the suspicion. The suspect is a 43-year-old Chinese man who previously worked on the company’s authentication management system. He joined Coupang in 2022, left in 2024, and is believed to have already left South Korea.
While Coupang is considered the victim, police have warned that any negligence could still result in legal consequences for the company. The breach has also triggered a wave of phishing attacks, with hundreds of reports of Coupang impersonation already filed nationwide.
Accenture Employee Charged Over Government Cloud Fraud
A former Accenture employee is facing criminal charges for misleading US authorities about the security level of a government cloud system.
According to the indictment, this happened between March 2020 and November 2021. During that time, Hillmer allegedly interfered with security reviews by covering up known problems and asking others to do the same. She is also accused of falsely claiming that required protections like access controls, system logging, and monitoring were in place.
In addition, investigators say she submitted documents with incorrect information so the company could win and keep government contracts. The actions reportedly took place while she was overseeing cloud service products at Accenture.
These charges appear to connect with a disclosure Accenture Federal Services made in 2023. In an SEC filing, the company said it had alerted the US government about possible inaccurate information given during a federal security assessment, which later led to an investigation.
Hillmer has been charged with wire fraud, major government fraud, and obstruction of a federal audit. If convicted, she could face a long prison sentence.
AMOS Malware Uses Fake AI Chats to Steal Data
A new malware campaign is targeting macOS users by taking advantage of trust in AI platforms like ChatGPT and Grok. Called "ClickFix," the attack starts when users search for common maintenance or troubleshooting tips.
Cybercriminals buy Google ads that look helpful but lead users to fake AI chats. The chats give instructions to copy and paste a script into the Mac Terminal. When executed, it triggers a fake password prompt.
Once the victim enters credentials, the AMOS malware steals passwords, crypto wallet info, and other sensitive data. It even ensures it stays on the system with a hidden file and watchdog loop.
Inotiv Cyberattack Exposes Data of 9,542 People
After Inotiv confirmed a ransomware attack in August, new details showed that about 9,542 people had their personal data exposed. The Qilin ransomware group said they were behind it and claimed they stole almost 200 GB of data.
The affected data included information on current and former employees, their family members, and others connected to the company. In response, Inotiv took its systems offline to contain the breach.
As of early December, systems are restored, and affected individuals are being notified but the full financial and operational impact is still being assessed.
Nigeria’s Ports Make Cybersecurity a Top Priority
The Nigerian Ports Consultative Council (NPCC) has declared cybersecurity a must for the maritime sector. Chairman Bolaji Sunmola warned that as ports rely more on digital tools for vessel control, cargo handling, and regulatory processes, new AI systems also bring new risks that could disrupt international trade.
To address this, NPCC set up a Cybersecurity and Digitalization Taskforce to recommend practical ways to protect ports. They also plan new training programs on cybersecurity, AI, and data governance for workers, regulators, and private operators.
The Council is also working on securing the National Single Window project to strengthen nationwide risk management and protect critical infrastructure.
Microsoft’s Expanded Bug Bounty Program
Microsoft has expanded its bug bounty program, and the idea is simple. If a serious security flaw affects Microsoft’s online services, researchers can now earn a reward for reporting it, even if the problem comes from third-party or open source code.
Before now, bug bounties mostly focused on software owned by Microsoft. But the company says attackers do not think that way. They do not care who wrote the code. If a weakness gives them access, they will use it. Microsoft wants its security efforts to match that reality.
With this update, every Microsoft online service is covered by default. New services are also included as soon as they go live. Researchers no longer have to guess whether something is eligible before reporting a critical issue.
Microsoft also says it will reward work that previously went unpaid. If a serious flaw in third-party or open source code affects its services and there was no reward before, the company is now willing to pay for that research.
The change is already in effect and is part of Microsoft’s wider push to improve security across its platforms. The goal is to catch problems earlier, fix them faster, and better protect the people and businesses that rely on Microsoft.
That's it from us on the latest in Cybersecurity.
Ready for more insights? Download our report for December 2025 threat intelligence on Artificial Intelligence.
Also, join our newsletter for security tips straight to your inbox.