Month: July 2025

Radiology Associates of Richmond has disclosed a data breach that impacted personal and health information of more than 1.4 million individuals.

Radiology Associates of Richmond (RAR) is a private radiology practice founded in 1905 and based in central Virginia. With 120 years in operation, RAR provides diagnostic, vascular and neurovascular interventional services to hospitals, freestanding emergency centers and outpatient imaging centers throughout central Virginia.

The organization discovered on May 2, 2025 that threat bad actors gained access to its systems between April 2 and 6, 2024. The security breach contained identifiable protected health and personal information. The practice quickly secured its network with the help of external cybersecurity experts and is assessing the impact. It also offered impacted individuals complimentary credit monitoring.

Read more about it here.

A recent Louis Vuitton data breach affected 419,000 customers in the UK, South Korea, Turkey, Italy, Sweden and possibly more countries. Customers of the French luxury retailer Louis Vuitton are being notified of a data breach.

Breached information included names, passport details, addresses, email addresses, phone numbers, shopping history and product preferences. Hong Kong’s Office of the Privacy Commissioner said it started investigating the data breach.

In statements emailed by LVMH to affected users, no payment information was affected.

LVMH said the French head office had found suspicious activities on its computer system on June 13, 2025, discovered Hong Kong customers were affected on July 2, and then reported the breach to the Hong Kong watchdog on July 17.

Read more about it here.

Security researchers Ian Carroll and Sam Curry revealed multiple vulnerabilities in the McDonald’s AI-powered hiring platform, McHire, that exposed the personal information of over 64 million job applicants.

The root of the problem was surprisingly simple: McHire’s administrative interface, designed for restaurant franchisees, accepted the incredibly insecure username and password combination of “123456”. That and an insecure direct object reference (IDOR) allowed to gain entry and immediately granted access to live administrative dashboards. This in turn allowed to access to any inbox to retrieve the personal data of more than 64 million applicants.

Personal information included names, emails, phone numbers, jobs details and chat logs between applicants and McDonald’s AI recruiter, which could have included additional personal information.

McDonald responded swiftly:

June 30, 2025 5:46PM ET: Disclosed to Paradox.ai and McDonald’s
June 30, 2025 6:24PM ET: McDonald’s confirms receipt and requests technical details
June 30, 2025 7:31PM ET: Credentials are no longer usable to access the app
July 1, 2025 9:44PM ET: Followed up on status
July 1, 2025 10:18PM ET: Paradox.ai confirms the issues have been resolved

Read more about it here.