This week, two major organizations confirmed new breaches, fresh research pointed to rising attacks across Nigeria, and more developments.
Let’s look at them closely.
Temu Sued Over Data Theft Claims
Arizona’s attorney general has sued Temu, accusing the online retailer of collecting far more information from users than it admits.
Kris Mayes said the app gives the impression of offering cheap products, yet quietly gathers sensitive data from people’s phones without permission. Investigators say the app can track a user’s location and see what other apps are installed.
The lawsuit also raises a larger worry. Because Temu’s parent company is based in China, prosecutors fear the data could be accessed under Chinese laws that compel companies to hand information to the government.
After a technical review of the app, investigators warned that parts of its code behaved like malware. Mayes is urging residents to delete the app and run security checks on their phones.
Freedom Mobile Confirms Data Breach Exposing Customer Details
Freedom Mobile has revealed that some customers’ personal information was exposed after hackers broke into one of its systems. Caused by an unauthorized person getting hold of a subcontractor’s login details, the attacker was able to access the platform used to manage customer accounts.
The company noticed the suspicious activity on October 23 and moved fast to contain it. The affected accounts and IP addresses were blocked, and extra security steps were put in place.
The information that was taken includes names, addresses, phone numbers, dates of birth, and customer account numbers.
Freedom did not share details about who was behind the attack or how many people were affected. The company now has more than 3.5 million subscribers, so even a small percentage would still involve many individuals.
This is not the first time Freedom Mobile has dealt with a breach. In 2019, customer information was also exposed after a third-party provider failed to secure a database.
French Football Federation (FFF) Hit by Cyberattack
The French Football Federation has confirmed that the software used for administrative tasks, including member information, was breached.
Once the unusual activity was spotted, the account was shut down and all user passwords were reset. The federation said the issue has been contained and the platform secured.
The information that was taken includes basic personal details such as names, gender, nationality, and contact information. The federation did not say how many people were affected, only that it has filed a formal complaint and is cooperating with the authorities.
The incident serves as another reminder of how valuable personal information has become to attackers and how important it is for major bodies to keep tightening their defenses.
Marquis Software Breach Affects 74 US Banks and Credit Unions
Fintech firm Marquis confirmed that hackers stole personal and financial data from roughly 788,000 people.
Discovered in August, the breach exposed names, addresses, Social Security numbers, dates of birth, taxpayer IDs, and bank or card details. Investigators say the attack exploited a flaw in Marquis’s SonicWall firewall.
Filings with authorities in Iowa, Maine, Massachusetts, New Hampshire, South Carolina, Texas, and Washington confirm the number of affected individuals. Marquis has begun notifying them and is offering free credit monitoring and identity protection for up to two years. So far, there’s no evidence that any data has been misused.
Marquis provides services to over 700 banks and credit unions, though it’s unclear how many were affected. While the attackers haven’t been officially identified, researchers suspect the Akira ransomware group, which targeted SonicWall devices in August and September.
The company acted quickly, taking systems offline, involving cybersecurity experts, and notifying law enforcement. Marquis emphasized that protecting customer data remains its top priority.
Check Point Report Says Nigerian Organizations Now Face 4,200 Attacks Weekly
A new report from Check Point Software Technologies says Nigerian organizations now face about 4,200 cyber attacks every week. This is the highest in Africa with banks, energy companies, telecoms, and government agencies being hit the hardest.
The rise is linked to exposed identities, misconfigured systems, and attackers using artificial intelligence to scale their operations.
Lorna Hardie from Check Point says AI is no longer just a business tool. Attackers are using it to automate phishing and identity theft on a large scale. She advised organizations to focus on prevention to stay in control of their systems.
Across Africa, Kenya has faced ransomware attempts on its energy grid, while Morocco has dealt with denial-of-service attacks on government and education networks.
Coupang Confirms Breach Affecting 33.7 Million Customers
South Korea’s biggest retailer, Coupang, has confirmed a major data breach that exposed the personal details of 33.7 million customers. The company says the incident took place on June 24, 2025, but it only came to light months later when investigators spotted unusual activity on November 18.
Coupang first noticed that about 4,500 customer accounts had been accessed without permission. As the investigation widened, the numbers rose, revealing the much larger exposure. The information involved includes names, phone numbers, email addresses, home addresses, and order histories, although the company maintains that payment data and passwords were not affected.
Following the breach, the firm reported the incident to the National Police Agency, the Personal Information Protection Commission, and the Korea Internet & Security Agency. Customers whose information was compromised will receive notifications by email or SMS.
So far, no cybercriminals have claimed responsibility.
SitusAMC Cyberattack Exposes Banking and Legal Records
SitusAMC, a New York-based vendor that helps banks manage real-estate loans and mortgages, is dealing with a cyberattack that exposed some sensitive data. Hackers broke in on November 12, gaining access to banks’ records, legal documents, and some customer information.
The company says the situation is under control and its services are fully up and running. No ransomware was involved, but they’re still investigating. A spokesperson didn’t say how many of their 1,500+ clients were affected or who was behind the attack.
But the FBI is helping out. Director Kash Patel said there’s no impact on banking operations and stressed they’re focused on finding the attackers and keeping critical systems safe.
The incident shows that even industries with strong defenses, like banking, can get attacked through third-party vendors, leaving gaps hackers exploit when focusing on less scrutinized firms like SitusAMC.
SmartTube Compromised After Attacker Steals Signing Keys
SmartTube, the popular open-source YouTube client for Android TV, was hit by a major compromise after an attacker gained access to the developer’s signing keys. Because of that breach, a malicious update was pushed out, and users began seeing Play Protect flag the app as unsafe.
The developer, Yuriy Yuliskov, later confirmed that his keys had been stolen. A user who examined the compromised version (30.51) found a hidden library called libalphasdk.so, which does not appear anywhere in the public code. Yuliskov also said he had never used it and warned users to be careful.
He has since revoked the old signature and plans to publish a clean build under a new app ID. Until then, people have been advised to switch to the new version once it arrives.
The injected library runs quietly in the background, fingerprints devices, contacts a remote server, and sends periodic data.
While there is no sign it has been stealing accounts or launching botnet attacks, the possibility remains. The community is uneasy because detailed explanations are still missing. For now, users are urged to stick to older safe builds and disable auto-updates.
That's it from us on the latest on Cybersecurity. Ready for more insights? Download our report for December 2025 threat intelligence on Artificial Intelligence.
Also, join our newsletter for security tips straight to your inbox.