At a glance.
- Ransomware attack exposes medical records of VA patients.
- Hacker steals tens of thousands of identity documents from Italian hotels.
- Two Estonians sentenced for $577 million crypto Ponzi scheme.
Ransomware attack exposes medical records of VA patients.
DaVita, a dialysis provider contracting with the US Department of Veterans Affairs (VA), has disclosed an April ransomware attack that led to a data breach affecting more than 900,000 patients, Stars and Stripes reports. The breach involved patients' medical records, including Social Security numbers, test results, and health insurance information. The attack may have also affected images of checks and tax identification numbers.
The VA said in a statement that its own systems were not affected, and the FBI is investigating the extent of the breach. The VA also noted that the incident did not disrupt patient care. DaVita has restored affected systems and will offer 12 months of free credit monitoring to victims.
Hacker steals tens of thousands of identity documents from Italian hotels.
Italy's digital agency, the Agenzia per l'Italia Digitale (AGID), has confirmed that nearly 100,000 identity documents were stolen from at least ten Italian hotels and are now being sold online. The data includes "high-resolution scans of passports, ID cards, and other identification documents used by customers during check-in." The threat actor who posted the data claims to have breached the hotels' systems between June and August of 2025.
The Italian Data Protection Authority is investigating the incident, and recommends that any "accommodation facilities that have not yet reported any irregularities promptly report any anomalies so that immediate steps can be taken to protect data privacy and, as required by law, notify affected guests of any breaches."
Two Estonians sentenced for $577 million crypto Ponzi scheme.
Two Estonian nationals were sentenced to 16 months in prison in the US for their role in a $577 million cryptocurrency Ponzi scheme. The Justice Department says the two men, Sergei Potapenko and Ivan Turõgin, "operated a purported cryptocurrency mining service called HashFlare, which sold contracts promising customers a share of the profits generated from cryptocurrency mining." The sentencing involves the forfeiture of all cryptocurrency and assets gained through the scheme, collectively valued at more than $450 million.
The two men have already spent 16 months in custody and will return to Estonia on supervised release.
