Data Breaches Hit Brazilian AI Firm and Japanese Retailer
What happened
A threat actor named Spirigatito has claimed responsibility for a data breach at LifesHub, a Brazilian AI and data intelligence firm, exposing 257 million records. Separately, Japanese sex toy manufacturer Tenga disclosed a breach that exposed customer names, emails, and order details, with the threat actor remaining unidentified.
Why it matters
- The Tenga breach stemmed from a Business Email Compromise (BEC) attack, a form of social engineering where an attacker gains access to a corporate email account. - After gaining access, the attacker used the compromised Tenga employee's inbox to send spam and phishing messages to the employee's contacts, including other customers. - In response to the incident, Tenga reset the employee's credentials and enabled multi-factor authentication (MFA) across its systems to prevent similar intrusions. - The initial breach notification was sent by Tenga Store USA, leaving it unclear if customers outside of the United States were affected by the email account compromise. - The average cost of a data breach in the retail sector rose to $3.54 million in 2025, with phishing and the use of compromised credentials being the most common attack vectors. - Due to the sensitive nature of the exposed customer data, at least one national class-action law firm has publicly announced it is investigating claims against Tenga for the breach.
Key numbers
- A threat actor named Spirigatito has claimed responsibility for a data breach at LifesHub, a Brazilian AI and data intelligence firm, exposing 257 million records.
- The average cost of a data breach in the retail sector rose to $3.54 million in 2025, with phishing and the use of compromised credentials being the most common attack vectors.
Quick answers
What happened in Data Breaches Hit Brazilian AI Firm and Japanese Retailer?
A threat actor named Spirigatito has claimed responsibility for a data breach at LifesHub, a Brazilian AI and data intelligence firm, exposing 257 million records. Separately, Japanese sex toy manufacturer Tenga disclosed a breach that exposed customer names, emails, and order details, with the threat actor remaining unidentified.
Why does Data Breaches Hit Brazilian AI Firm and Japanese Retailer matter?
The Tenga breach stemmed from a Business Email Compromise (BEC) attack, a form of social engineering where an attacker gains access to a corporate email account. After gaining access, the attacker used the compromised Tenga employee's inbox to send spam and phishing messages to the employee's contacts, including other customers. In response to the incident, Tenga reset the employee's credentials and enabled multi-factor authentication (MFA) across its systems to prevent similar intrusions. The initial breach notification was sent by Tenga Store USA, leaving it unclear if customers outside of the United States were affected by the email account compromise. The average cost of a data breach in the retail sector rose to $3.54 million in 2025, with phishing and the use of compromised credentials being the most common attack vectors. Due to the sensitive nature of the exposed customer data, at least one national class-action law firm has publicly announced it is investigating claims against Tenga for the breach.
