Two big data breaches surface

Two separate breach listings popped up at almost the same time: one tied to personal data from roughly 100,000 people in Germany, and another tied to 6.1 terabytes of files from Zyght, a Chile-based workplace safety software vendor used in mining, oil and gas, and manufacturing. In both cases, the data was reportedly being offered for sale, which turns a leak into a shopping catalog for scammers. (zyght.com) (dailydarkweb.net) A data breach is not just “someone got hacked.” It is more like someone copied the filing cabinets, took them home, and then started selling folders one by one to anyone willing to pay. (cisa.gov) The German case looks especially dangerous because personal data is what criminals need for impersonation. A name, date of birth, address, phone number, and email can be enough to build fake account-recovery requests, fake delivery texts, or fake loan applications that look real on first glance. (brinztech.com) (bfdi.bund.de) Germany has some of Europe’s strictest privacy rules under the General Data Protection Regulation, but strict rules do not stop stolen files from circulating once they leave the system. Germany’s federal and state data protection authorities can investigate, yet victims still have to deal with the practical mess of fraud, spam, and account takeover attempts. (bfdi.bund.de) The Zyght case is a different kind of problem because the company sells health, safety, and environmental management software to heavy industry. Zyght says its platform is used to digitize workplace safety, occupational health, and environmental processes, and it names mining and oil and gas among the industries it serves. (zyght.com) That means the stolen material may not just be customer contact details. A workplace safety platform can hold incident reports, audit trails, contractor records, site documents, internal workflows, and compliance files, which is the corporate equivalent of handing over the plant’s logbook, org chart, and inspection binder at once. (zyght.com) Zyght’s own privacy policy says the brand is operated by Datamine Chile S.A. and says data can be shared within the Datamine and Vela Software group under confidentiality controls. That matters because once a vendor sits in the middle of many clients, one breach can become a supply-chain problem that spreads across multiple companies without each company being directly hacked first. (zyght.com) The size of the Zyght listing matters too. Six-point-one terabytes is not a screenshot dump or a single customer table; it suggests a very large collection of files, and large collections are harder to contain because they can include both sensitive documents and the context that makes those documents useful. (dailydarkweb.net) For criminals, the German records and the Zyght files serve different markets. Consumer data feeds identity theft and phishing, while industrial data can feed extortion, competitive intelligence, and highly tailored scams aimed at employees, contractors, or suppliers. (cisa.gov) (zyght.com) The immediate risk after a sale listing is not always a dramatic public dump. Often the first wave is quieter: password-reset emails, fake invoice messages, vendor-payment fraud, and calls from people who know just enough real details to sound legitimate. (cisa.gov) (brinztech.com) That is why two breach listings surfacing together matters even though they hit different countries and different sectors. One shows how personal data can be repackaged and resold at population scale, and the other shows how a single software provider can become a doorway into some of the world’s most physical industries. (bfdi.bund.de) (zyght.com)