New breach reports surface

Japan’s Ielove Group said on April 8 that attackers accessed one of its cloud services and stole data, while separate posts on April 8 claimed customer leaks at Bancolombia and Banco de Bogotá. (ielove-group.jp) (cybernews.com) Ielove Group said it detected a possible intrusion on April 6, opened an initial investigation the same day, and began a full investigation on April 8 with outside cybersecurity specialists. The company said data tied to external business partners and the company itself was read without authorization. (ielove-group.jp) The Colombian case is less settled. Cybernews reported that a threat actor posted samples on an underground forum on April 8 and said the material was tied to Grupo Bancolombia and Banco de Bogotá, including names, timestamps, and small sets of customer and adviser records. (cybernews.com) A data breach is the theft or exposure of stored information, and a cloud service is a shared online system that many companies use to hold customer records. When one provider sits between many businesses and their users, a single compromise can spread across multiple brands at once. (ielove-group.jp) (recruit.co.jp) That shared-system risk is visible in Japan. Recruit said in September 2025 that its SUUMO B2B service had started linking data with Ielove CLOUD, and Ielove said its platform was used by more than 17,000 real-estate companies. (recruit.co.jp) (ielove-group.jp) At Home, another Japanese property platform, said on April 10 that it had started checking reports of a possible leak affecting its users but had not confirmed unauthorized access to its own site or an external outflow of personal data. That leaves open the possibility that the exposure, if confirmed, came through a connected service rather than a direct hack of each portal. (athome.co.jp) In Colombia, no public confirmation from the two banks appeared in the reporting reviewed here. Cybernews said it contacted both institutions and had not received responses when it published on April 8. (cybernews.com) Both banks publicly describe their obligations around personal-data handling under Colombia’s habeas data framework, which gives customers rights to know, update, and correct information held about them. Those notices do not confirm a breach, but they show the legal backdrop if the leaked samples are authenticated. (bancolombia.com) (bancodebogota.com 1) (bancodebogota.com 2) For now, the Japanese incident is an acknowledged data theft with an ongoing scope review, and the Colombian case remains a public claim backed by leaked samples but not bank confirmation. In both cases, the next step is the same: verify what data was taken, who was affected, and whether the breach sat inside the institution or in a connected service. (ielove-group.jp) (cybernews.com)