Utility silence, supply chain hacks, and fake alerts mark a busy week in data breaches

A Canadian power utility, a market research firm that serves cybersecurity vendors, and Brazil’s civil defense alert system all reported security incidents last week, illustrating the widening range of targets and tactics in cyberattacks. The events underscore how data breaches can affect critical infrastructure, supply chains, and public safety systems simultaneously.

London Hydro, which supplies electricity to more than 160,000 customers in Ontario, said on June 20 that names, addresses, email addresses, phone numbers, account and billing numbers, service addresses, pricing plans, contract start dates, and meter information may have been exposed. The utility stressed that banking information, payment card details, dates of birth, and government IDs were not involved.

Key gaps in utility breach disclosure

London Hydro has not said when the intrusion was discovered, whether data was exfiltrated, how many customers are affected, or whether ransomware or extortion was involved. The utility also did not confirm whether operational technology or grid systems were accessed. The lack of detail leaves customers and regulators uncertain about the full scope of the incident.

Several cybersecurity vendors learned on June 22 that they were caught in a supply chain breach at Klue, a market research firm. According to TechCrunch, affected companies include Huntress, HackerOne, Jamf, Recorded Future, and Tanium. The stolen data appears to have been used by attackers to craft more credible phishing campaigns targeting security professionals.

Separately, Brazilian authorities are investigating a suspected cyberattack that sent at least a dozen unauthorized emergency alerts through the country’s Civil Defense Alert system early on June 20. The alerts, designed to warn of floods and landslides, triggered confusion and raised questions about the security of public warning infrastructure.

Credential search services fuel targeted attacks

The Klue incident aligns with a broader trend in the underground economy: services that search massive stolen credential dumps for accounts belonging to specific companies or domains. Researchers at Flare recently documented how attackers can pay to query databases for credentials tied to a target, making it easier to launch precise phishing or account takeover attacks. This model reduces the effort required to sift through raw breach data and increases the speed at which stolen credentials can be weaponized.

Webshells also remain a persistent tool for attackers, as noted in a June 22 SANS Internet Storm Center diary. Attackers continue to deploy webshells on compromised web servers, often leaving a backdoor for persistent access. The diary highlighted a new variant pushed to GitHub two months ago, showing that even well-known techniques are constantly refreshed.

What comes next: Organizations must assume their data is already circulating in credential databases and treat every email or phone call as potentially fraudulent. Utilities and public alert systems need to segment operational technology from customer-facing IT and conduct regular incident response drills. For the cybersecurity industry, the Klue breach is a reminder that vendors are not immune from supply chain risk, and that their own security posture must account for third-party data handlers.