Cornwell Quality Tools has confirmed a major ransomware attack by the Cactus group, exposing the personal and medical information of over 100,000 individuals. The breach, which occurred in December 2024, highlights the persistent threat of ransomware to the manufacturing sector.
Streaming media giant Plex has confirmed a significant data breach, exposing user emails, usernames, and hashed passwords. The company is urging all users to reset their passwords immediately and enable two-factor authentication to secure their accounts.
Cybersecurity firm Tenable has confirmed it was a victim of a major supply chain attack that compromised customer data. The breach originated from a third-party vendor, Salesloft Drift, and has impacted more than 700 organisations.
Streaming media giant Plex has confirmed a significant data breach, exposing user emails, usernames, and hashed passwords. The company is urging all users to reset their passwords immediately and enable two-factor authentication to secure their accounts.
Cyber News Centre's cyber update for 11th September 2025: Plex, the media streaming service with over 25 million users, has confirmed a data breach exposing customer account information. An unauthorised party accessed email addresses, usernames, and securely hashed passwords, though payment data was not affected.
Plex is a global streaming media service and a client–server media player platform, which allows users to organise and stream their personal video, music, and photo collections to a wide range of devices.
The Update: Plex, the media streaming service with more than 25 million users, confirmed on 9 September 2025 that it had suffered a data breach. An unauthorised third party accessed a database containing a subset of customer information, including email addresses, usernames, and securely hashed passwords. In its security notice, Plex reassured customers that
“any account passwords that may have been accessed were securely hashed, in accordance with best practices, meaning they cannot be read by a third party.”
The company also stressed that no credit card data was stored on its servers and therefore was not compromised. Plex has urged all users to reset their passwords and enable two-factor authentication as an added safeguard. The company has since addressed the vulnerability that allowed the breach and is conducting further security reviews to strengthen its systems and prevent future incidents. This is the second time Plex has reported a major breach, following a similar incident in August 2022 that also led to mandatory password resets.
Why it Matters: The incident underscores the ongoing risk that cyberattacks pose to online platforms. For Plex users, the most immediate concern is account compromise, especially for those who recycle the same password across multiple services. Exposed login details could fuel credential stuffing attempts on other sites, reinforcing the need for strong, unique credentials.
It also highlights the value of two-factor authentication, which adds a critical safeguard against unauthorised logins. More broadly, the breach is a reminder for streaming providers that continuous investment in security and active monitoring are essential to protect customer data and maintain user confidence in a crowded market.
Get the stories that matter to you.
Subscribe to Cyber News Centre and update your preferences to follow our Daily 4min Cyber Update, Innovative AI Startups, The AI Diplomat series, or the main Cyber News Centre newsletter — featuring in-depth analysis on major cyber incidents, tech breakthroughs, global policy, and AI developments.
Cornwell Quality Tools has confirmed a major ransomware attack by the Cactus group, exposing the personal and medical information of over 100,000 individuals. The breach, which occurred in December 2024, highlights the persistent threat of ransomware to the manufacturing sector.
Cybersecurity firm Tenable has confirmed it was a victim of a major supply chain attack that compromised customer data. The breach originated from a third-party vendor, Salesloft Drift, and has impacted more than 700 organisations.
Western Sydney University reveals a staggering $53 million cost to manage a series of cyber attacks allegedly carried out by a former student. The breach exposed the data of 10,000 students, including passports, visas, and financial details, prompting a major response and police action.
Canadian fintech firm Wealthsimple has disclosed a data breach affecting 30,000 clients after a third-party vendor was compromised. The incident exposed sensitive personal information, including Social Insurance Numbers, prompting an immediate response and enhanced security measures.
Where cybersecurity meets innovation, the CNC team delivers AI and tech breakthroughs for our digital future. We analyze incidents, data, and insights to keep you informed, secure, and ahead. Sign up for free!
