CyberHappenings logo
Home Browse Watchlists Experimental About

Track cybersecurity events as they unfold. Sourced timelines. Filter, sort, and browse. Fast, privacy‑respecting. No invasive ads, no tracking.

World Leaks Ransomware Group Exfiltrates 1.4TB of Nike Data

First reported
Last updated
3 unique sources, 3 articles

Summary

Hide ▲

The World Leaks ransomware group has claimed responsibility for a data breach affecting Nike, posting a 1.4TB cache of stolen internal data. The leaked files include R&D and product details, supply chain information, and internal documents dating back to 2020. Nike is investigating the incident, but no customer or employee PII has been identified in the dump. The breach could have significant commercial and operational impacts, including potential disruptions to product launches and supply chain operations. World Leaks removed the Nike entry from its leak site, suggesting potential negotiations or ransom payment. World Leaks is believed to be a rebrand of the Hunters International ransomware group, which emerged in late 2023 and was flagged as a possible Hive ransomware rebrand due to code similarities. Hunters International claimed responsibility for over 280 attacks, including victims such as the U.S. Marshals Service, Tata Technologies, Hoya, AutoCanada, and Austal USA.

Timeline

  1. 27.01.2026 18:45 1 articles · 23h ago

    World Leaks identified as Hunters International rebrand

    World Leaks is believed to be a rebrand of the Hunters International ransomware group, which emerged in late 2023 and was flagged as a possible Hive ransomware rebrand due to code similarities. Hunters International claimed responsibility for over 280 attacks, including victims such as the U.S. Marshals Service, Tata Technologies, Hoya, AutoCanada, and Austal USA.

    Show sources
    Open in new tab
  2. 27.01.2026 11:45 3 articles · 1d ago

    World Leaks Ransomware Group Exfiltrates 1.4TB of Nike Data

    The World Leaks ransomware group has claimed responsibility for a data breach affecting Nike, posting a 1.4TB cache of stolen internal data. The leaked files include R&D and product details, supply chain information, and internal documents dating back to 2020. Nike is investigating the incident, but no customer or employee PII has been identified in the dump. The breach could have significant commercial and operational impacts, including potential disruptions to product launches and supply chain operations. World Leaks removed the Nike entry from its leak site, suggesting potential negotiations or ransom payment.

    Show sources
    Open in new tab

Information Snippets

Similar Happenings

Marquis Software Solutions Ransomware Attack Exposes Data from 74 US Financial Institutions

Marquis Software Solutions, a financial software provider, suffered a ransomware attack on August 14, 2025, through a compromised SonicWall firewall. The breach impacted over 74 US banks and credit unions, exposing personal information of approximately 400,000 customers. The stolen data includes names, addresses, phone numbers, Social Security numbers, financial account information, and dates of birth. Marquis has since taken steps to enhance its security measures, but there is no evidence of data misuse or publication. The attack is suspected to be linked to the Akira ransomware gang, which has been targeting SonicWall VPN devices.

Open in new tab

ShinyHunters Breach Affects Checkout.com Legacy Cloud Storage

Checkout.com, a global payment processing firm, disclosed a data breach involving a legacy cloud storage system compromised by the ShinyHunters threat group. The breach affected less than 25% of its current merchant base and included data from 2020 and earlier. The company refused to pay the ransom and instead plans to donate the amount to cybersecurity research at Carnegie Mellon University and the University of Oxford Cyber Security Center. The compromised data includes internal operational documents and onboarding materials. ShinyHunters is known for exploiting vulnerabilities and using social engineering tactics to extort large organizations.

Open in new tab

Crimson Collective targets multiple organizations including Red Hat and Brightspeed for data theft and extortion

The Crimson Collective has been targeting various organizations, including Red Hat and Brightspeed, for data theft and extortion. The group claims to have breached Red Hat's private GitLab repositories, stealing nearly 570GB of data across 28,000 internal projects, including 800 Customer Engagement Reports (CERs) containing sensitive information about customer networks and platforms. The breach occurred approximately two weeks prior to the announcement. The hackers claim to have accessed downstream customer infrastructure using authentication tokens and other private information found in the stolen data. The affected organizations span various sectors, including finance, healthcare, government, and telecommunications. Red Hat has initiated remediation steps and stated that the security issue does not impact its other services or products. The hackers published a complete directory listing of the allegedly stolen GitLab repositories and a list of CERs from 2020 through 2025 on Telegram. The Centre for Cybersecurity Belgium (CCB) has issued an advisory stating there is a high risk to Belgian organizations that use Red Hat Consulting services. The CCB also warns of potential supply chain impact if service providers or IT partners worked with Red Hat Consulting. The CCB advises organizations to rotate all tokens, keys, and credentials shared with Red Hat or used in any Red Hat integrations, and to contact third-party IT providers to assess potential exposure. The ShinyHunters gang has now joined the extortion attempts against Red Hat, partnering with the Crimson Collective. ShinyHunters has released samples of stolen CERs on their data leak site and has set an October 10th deadline for Red Hat to negotiate a ransom demand to prevent the public leak of stolen data. The breach is part of a series of supply chain threats involving compromised code repositories. In May 2024, threat actors exploited a critical vulnerability (CVE-2023-7028) to take over GitLab accounts. GitLab disclosed and patched two similar vulnerabilities (CVE-2024-5655 and CVE-2024-6385) that jeopardized customers' CI/CD pipelines. Nissan Motor Co. Ltd. has confirmed that information of approximately 21,000 customers has been compromised due to the Red Hat breach. The leaked data includes full names, physical addresses, phone numbers, email addresses, and customer data used in sales operations. Financial information such as credit card details was not exposed in the breach. Nissan noted that the compromised Red Hat environment does not store any other data beyond what was confirmed as impacted. Nissan has no evidence that the leaked information has been misused. This is the second cybersecurity incident for Nissan Japan this year, following a Qilin ransomware attack in late August that hit its design subsidiary Creative Box Inc. (CBI). The Crimson Collective has also claimed responsibility for a breach at Brightspeed, an ISP operating across 20 US states. The group claims to have obtained PII on over one million customers and disrupted their connectivity. The PII includes account master records, address coordinates, payment history, payment methods, and appointment/order records. The group posted samples of the data on Telegram and claimed to have disconnected users' home internet. Jacob Krell from Suzu Labs commented on the broader implications of such breaches, noting their societal and national security impact.

Open in new tab

Insight Partners Ransomware Breach Affects 12,657 Individuals

Insight Partners, a New York-based venture capital and private equity firm, has notified 12,657 individuals that their personal information was compromised in a ransomware attack. The breach, which occurred in October 2024, involved a sophisticated social engineering attack that allowed threat actors to access and encrypt servers. The stolen data includes banking and tax information, personal details of current and former employees, and information related to limited partners, funds, and portfolio companies. The company has offered complimentary credit or identity monitoring services to those affected and has filed breach notifications with state attorneys general. The incident highlights the ongoing risk of social engineering attacks and the potential for significant data exfiltration in ransomware breaches.

Open in new tab

Vyro AI Leak Exposes Sensitive User Data from Three Applications

Vyro AI, a maker of AI-content creation applications, has inadvertently leaked 116GB of sensitive user data from three of its products: ImagineArt, Chatly, and Chatbotx. The data, which includes AI prompts, bearer authentication tokens, and user agents, was exposed for several months. The leak could have allowed attackers to monitor user behavior, extract sensitive information, and hijack user accounts. Separately, audio streaming platform SoundCloud has confirmed a security breach in which threat actors stole a database containing user information. The breach affected 29.8 million accounts, approximately 20% of SoundCloud's users, and exposed email addresses, geographic locations, names, usernames, profile statistics, and avatars. The breach was followed by denial-of-service attacks, VPN connectivity issues, and extortion attempts by the ShinyHunters extortion gang.

Open in new tab