Security Report – 7 Nov 2025

Exploit: Third-Party Data Breach

Risk to Business: Severe: Clop, the notorious cyber extortion group behind several high-profile breaches, has listed Australian personal protective equipment (PPE) manufacturer Ansell as a victim on its darknet leak site. The claim comes just weeks after Ansell disclosed “unauthorised data access” in an Australian Securities Exchange (ASX) announcement. On October 14, Ansell confirmed the breach stemmed from vulnerabilities in licensed third-party software. The hackers have now allegedly published a 552GB dataset that is said to have been exfiltrated from Ansell’s network, sharing it via the BitTorrent peer-to-peer protocol. The torrent file, made available on November 3, has already been downloaded multiple times. So far, the hackers have not disclosed what data is included in the breach, nor have they shared proof of compromise or any ransom demand.

United Kingdom – Ernst & Young – Finance

Exploit: Misconfiguration

Risk to Business: Moderate: A major cloud misconfiguration has exposed a massive amount of data belonging to British multinational professional services firm Ernst & Young (EY). The exposure has become one of the most talked-about topics in cybersecurity circles this week. Cybersecurity researchers discovered 4TB of publicly accessible EY data on Microsoft Azure during a routine network and cloud scan. The file carried a .BAK extension, indicating it was a full SQL Server database backup. The exposed backup likely contained sensitive information such as user data, API keys, credentials, authentication tokens and database schemas. Experts warn that such a large volume of exposed data could have serious consequences. With today’s automated scanning tools, countless threat actors could have easily found and accessed the files.

Talk to a TCT team member today about implementing IT strategy plan for your business.